Ubuntu
linux package

Focal update: v5.4.224 upstream stable release

Bug #1999273 reported by Kamal Mostafa on 2022-12-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.224 upstream stable release
from git://git.kernel.org/

RDMA/cma: Use output interface for net_dev check
IB/hfi1: Correctly move list in sc_disable()
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
nfs4: Fix kmemleak when allocate slot failed
net: dsa: Fix possible memory leaks in dsa_loop_init()
RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
net: fec: fix improper use of NETDEV_TX_BUSY
ata: pata_legacy: fix pdc20230_set_piomode()
net: sched: Fix use after free in red_enqueue()
net: tun: fix bugs for oversize packet when napi frags enabled
netfilter: nf_tables: release flow rule object from commit path
ipvs: use explicitly signed chars
ipvs: fix WARNING in __ip_vs_cleanup_batch()
ipvs: fix WARNING in ip_vs_app_net_cleanup()
rose: Fix NULL pointer dereference in rose_send_frame()
mISDN: fix possible memory leak in mISDN_register_device()
isdn: mISDN: netjet: fix wrong check of device registration
btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
btrfs: fix inode list leak during backref walking at find_parent_nodes()
btrfs: fix ulist leaks in error paths of qgroup self tests
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
net: mdio: fix undefined behavior in bit shift for __mdiobus_register
net, neigh: Fix null-ptr-deref in neigh_table_clear()
ipv6: fix WARNING in ip6_route_net_exit_late()
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
media: dvb-frontends/drxk: initialize err to 0
media: meson: vdec: fix possible refcount leak in vdec_probe()
scsi: core: Restrict legal sdev_state transitions via sysfs
HID: saitek: add madcatz variant of MMO7 mouse device ID
i2c: xiic: Add platform module alias
xfs: don't fail verifier on empty attr3 leaf block
xfs: use ordered buffers to initialize dquot buffers during quotacheck
xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
xfs: group quota should return EDQUOT when prj quota enabled
xfs: don't fail unwritten extent conversion on writeback due to edquot
xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
Bluetooth: L2CAP: Fix attempting to access uninitialized memory
block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
binder: fix UAF of alloc->vma in race with munmap()
btrfs: fix type of parameter generation in btrfs_get_dentry
tcp/udp: Make early_demux back namespacified.
kprobe: reverse kp->flags when arm_kprobe failed
tools/nolibc/string: Fix memcmp() implementation
tracing/histogram: Update document for KEYS_MAX size
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
fuse: add file_modified() to fallocate
efi: random: reduce seed size to 32 bytes
perf/x86/intel: Fix pebs event constraints for ICL
perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
parisc: Export iosapic_serial_irq() symbol for serial port driver
parisc: Avoid printing the hardware path twice
ext4: fix warning in 'ext4_da_release_space'
ext4: fix BUG_ON() when directory entry has invalid rec_len
KVM: x86: Mask off reserved bits in CPUID.8000001AH
KVM: x86: Mask off reserved bits in CPUID.80000008H
KVM: x86: emulator: em_sysexit should update ctxt->mode
KVM: x86: emulator: introduce emulator_recalc_and_set_mode
KVM: x86: emulator: update the emulation mode after CR0 write
mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
drm/rockchip: dsi: Force synchronous probe
drm/i915/sdvo: Filter out invalid outputs more sensibly
drm/i915/sdvo: Setup DDC fully before output init
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
ipc: remove memcg accounting for sops objects in do_semtimedop()
Linux 5.4.224
UBUNTU: Upstream stable to v5.4.224

See original description

Tags:

Kamal Mostafa (kamalmostafa) on 2022-12-09

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
description:	updated
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Stefan Bader (smb) on 2022-12-14

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-02-08:

Download full text (27.8 KiB)

This bug was fixed in the package linux - 5.4.0-139.156

---------------
linux (5.4.0-139.156) focal; urgency=medium

* focal/linux: 5.4.0-139.156 -proposed tracker (LP: #2003486)

* Revoke & rotate to new signing key (LP: #2002812)
- [Packaging] Revoke and rotate to new signing key

linux (5.4.0-138.155) focal; urgency=medium

* focal/linux: 5.4.0-138.155 -proposed tracker (LP: #2001845)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

This bug was fixed in the package linux - 5.4.0-139.156

---------------
linux (5.4.0-139.156) focal; urgency=medium

* focal/linux: 5.4.0-139.156 -proposed tracker (LP: #2003486)

* Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux (5.4.0-138.155) focal; urgency=medium

* focal/linux: 5.4.0-138.155 -proposed tracker (LP: #2001845)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* Focal update: v5.4.224 upstream stable release (LP: #1999273)
    - RDMA/cma: Use output interface for net_dev check
    - IB/hfi1: Correctly move list in sc_disable()
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - netfilter: nf_tables: release flow rule object from commit path
    - ipvs: use explicitly signed chars
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix inode list leak during backref walking at find_parent_nodes()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - media: meson: vdec: fix possible refcount leak in vdec_probe()
    - scsi: core: Restrict legal sdev_state transitions via sysfs
    - HID: saitek: add madcatz variant of MMO7 mouse device ID
    - i2c: xiic: Add platform module alias
    - xfs: don't fail verifier on empty attr3 leaf block
    - xfs: use ordered buffers to initialize dquot buffers during quotacheck
    - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
    - xfs: group quota should return EDQUOT when prj quota enabled
    - xfs: don't fail unwritten extent conversion on writeback due to edquot
    - xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - binder: fix UAF of alloc->vma in race with munmap()
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - tcp/udp: Make early_demux back namespacified.
    - kprobe: reverse kp->flags when arm_kprobe failed
    - tools/nolibc/string: Fix memcmp() implementation
    - tracing/histogram: Update document for KEYS_MAX size
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - fuse: add file_modified() to fallocate
    - efi: random: reduce seed size to 32 bytes
    - perf/x86/intel: Fix pebs event constraints for ICL
    - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - parisc: Avoid printing the hardware path twice
    - ext4: fix warning in 'ext4_da_release_space'
    - ext4: fix BUG_ON() when directory entry has invalid rec_len
    - KVM: x86: Mask off reserved bits in CPUID.8000001AH
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    - drm/rockchip: dsi: Force synchronous probe
    - drm/i915/sdvo: Filter out invalid outputs more sensibly
    - drm/i915/sdvo: Setup DDC fully before output init
    - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    - ipc: remove memcg accounting for sops objects in do_semtimedop()
    - Linux 5.4.224

* Focal update: v5.4.223 upstream stable release (LP: #1999179)
    - can: j1939: transport: j1939_session_skb_drop_old():
      spin_unlock_irqrestore() before kfree_skb()
    - can: kvaser_usb: Fix possible completions during init_completion
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: au88x0: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: dwc3: gadget: Stop processing more requests on IMI
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - mtd: rawnand: marvell: Use correct logic for nand-keep-config
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - fbdev: smscufx: Fix several use-after-free bugs
    - mac802154: Fix LQI recording
    - drm/msm/dsi: fix memory corruption with too many bridges
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - kernfs: fix use-after-free in __kernfs_remove
    - perf auxtrace: Fix address filter symbol name match for modules
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - s390/pci: add missing EX_TABLE entries to
      __pcistg_mio_inuser()/__pcilg_mio_inuser()
    - xfs: finish dfops on every insert range shift iteration
    - xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush
    - xfs: force the log after remapping a synchronous-writes file
    - Xen/gntdev: don't ignore kernel unmapping error
    - xen/gntdev: Prevent leaking grants
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - net: ieee802154: fix error return code in dgram_bind()
    - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - arc: iounmap() arg is volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - tipc: fix a null-ptr-deref in tipc_topsrv_accept
    - net: netsec: fix error handling in netsec_register_mdio()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix VF hang when reset is triggered on another VF
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_register_port()
    - nh: fix scope used to find saddr when adding non gw nh
    - net/mlx5e: Do not increment ESN when updating IPsec ESN state
    - net/mlx5: Fix possible use-after-free in async command interface
    - net: enetc: survive memory pressure without crashing
    - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global
      FIFO receive
    - Linux 5.4.223

* Focal update: v5.4.222 upstream stable release (LP: #1997994)
    - once: fix section mismatch on clang builds
    - Linux 5.4.222

* Focal update: v5.4.221 upstream stable release (LP: #1997993)
    - xfs: open code insert range extent split helper
    - xfs: rework insert range into an atomic operation
    - xfs: rework collapse range into an atomic operation
    - xfs: add a function to deal with corrupt buffers post-verifiers
    - xfs: xfs_buf_corruption_error should take __this_address
    - xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails
    - xfs: check owner of dir3 data blocks
    - xfs: check owner of dir3 blocks
    - xfs: Use scnprintf() for avoiding potential buffer overflow
    - xfs: remove the xfs_disk_dquot_t and xfs_dquot_t
    - xfs: remove the xfs_dq_logitem_t typedef
    - xfs: remove the xfs_qoff_logitem_t typedef
    - xfs: Replace function declaration by actual definition
    - xfs: factor out quotaoff intent AIL removal and memory free
    - xfs: fix unmount hang and memory leak on shutdown during quotaoff
    - xfs: preserve default grace interval during quotacheck
    - xfs: Lower CIL flush limit for large logs
    - xfs: Throttle commits on delayed background CIL push
    - xfs: factor common AIL item deletion code
    - xfs: tail updates only need to occur when LSN changes
    - xfs: don't write a corrupt unmount record to force summary counter recalc
    - xfs: trylock underlying buffer on dquot flush
    - xfs: factor out a new xfs_log_force_inode helper
    - xfs: reflink should force the log out if mounted with wsync
    - xfs: move inode flush to the sync workqueue
    - xfs: fix use-after-free on CIL context on shutdown
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - hwmon/coretemp: Handle large core ID value
    - ata: ahci-imx: Fix MODULE_ALIAS
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - media: venus: dec: Handle the case where find_format fails
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - r8152: add PID for the Lenovo OneLink+ Dock
    - btrfs: fix processing of delayed data refs during backref walking
    - btrfs: fix processing of delayed tree block refs during backref walking
    - ACPI: extlog: Handle multiple records
    - tipc: Fix recognition of trial period
    - tipc: fix an information leak in tipc_topsrv_kern_subscr
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - net/atm: fix proc_mpc_write incorrect return value
    - net: phy: dp83867: Extend RX strap quirk for SGMII mode
    - net: sched: cake: fix null pointer access issue when cake_init() fails
    - net: hns: fix possible memory leak in hnae_ae_register()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - arm64: topology: move store_cpu_topology() to shared code
    - riscv: topology: fix default topology reporting
    - ACPI: video: Force backlight native for more TongFang devices
    - Makefile.debug: re-enable debug info for .S files
    - hv_netvsc: Fix race between VF offering and VF association message from host
    - mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    - Linux 5.4.221

* Focal update: v5.4.220 upstream stable release (LP: #1996812)
    - ALSA: oss: Fix potential deadlock at unregistration
    - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    - ALSA: usb-audio: Fix potential memory leaks
    - ALSA: usb-audio: Fix NULL dererence at error path
    - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    - ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    - mtd: rawnand: atmel: Unmap streaming DMA mappings
    - cifs: destage dirty pages before re-reading them for cache=none
    - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    - iio: dac: ad5593r: Fix i2c read protocol requirements
    - iio: pressure: dps310: Refactor startup procedure
    - iio: pressure: dps310: Reset chip after timeout
    - usb: add quirks for Lenovo OneLink+ Dock
    - can: kvaser_usb: Fix use of uninitialized completion
    - can: kvaser_usb_leaf: Fix overread with an invalid command
    - can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    - can: kvaser_usb_leaf: Fix CAN state after restart
    - mmc: sdhci-sprd: Fix minimum clock limit
    - fs: dlm: fix race between test_bit() and queue_work()
    - fs: dlm: handle -EBUSY first in lock arg validation
    - HID: multitouch: Add memory barriers
    - quota: Check next/prev free block number after reading from quota file
    - ASoC: wcd9335: fix order of Slimbus unprepare/disable
    - regulator: qcom_rpm: Fix circular deferral regression
    - RISC-V: Make port I/O string accessors actually work
    - parisc: fbdev/stifb: Align graphics memory size to 4MB
    - riscv: Allow PROT_WRITE-only mmap()
    - riscv: Pass -mno-relax only on lld < 15.0.0
    - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    - powerpc/boot: Explicitly disable usage of SPE instructions
    - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    - btrfs: fix race between quota enable and quota rescan ioctl
    - f2fs: increase the limit for reserve_root
    - f2fs: fix to do sanity check on destination blkaddr during recovery
    - f2fs: fix to do sanity check on summary info
    - nilfs2: fix use-after-free bug of struct nilfs_root
    - jbd2: wake up journal waiters in FIFO order, not LIFO
    - ext4: avoid crash when inline data creation follows DIO write
    - ext4: fix null-ptr-deref in ext4_write_info
    - ext4: make ext4_lazyinit_thread freezable
    - ext4: place buffer head allocation before handle start
    - livepatch: fix race between fork and KLP transition
    - ftrace: Properly unset FTRACE_HASH_FL_MOD
    - ring-buffer: Allow splice to read previous partially read pages
    - ring-buffer: Have the shortest_full queue be the shortest not longest
    - ring-buffer: Check pending waiters when doing wake ups as well
    - ring-buffer: Fix race between reset page and reading page
    - media: cedrus: Set the platform driver data earlier
    - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    - gcov: support GCC 12.1 and newer compilers
    - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    - selinux: use "grep -E" instead of "egrep"
    - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    - userfaultfd: open userfaultfds with O_RDONLY
    - sh: machvec: Use char[] for section boundaries
    - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    - nfsd: Fix a memory leak in an error handling path
    - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    - wifi: mac80211: allow bw change during channel switch in mesh
    - bpftool: Fix a wrong type cast in btf_dumper_int
    - x86/resctrl: Fix to restore to original value when re-enabling hardware
      prefetch register
    - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    - spi: qup: add missing clk_disable_unprepare on error in
      spi_qup_pm_resume_runtime()
    - wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    - net: fs_enet: Fix wrong check in do_pd_setup
    - bpf: Ensure correct locking around vulnerable function find_vpid()
    - x86/microcode/AMD: Track patch allocation size explicitly
    - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    - netfilter: nft_fib: Fix for rpath check with VRF devices
    - spi: s3c64xx: Fix large transfers with DMA
    - vhost/vsock: Use kvmalloc/kvfree for larger packets.
    - sctp: handle the error returned from sctp_auth_asoc_init_active_key
    - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    - net: rds: don't hold sock lock when cancelling work from
      rds_tcp_reset_callbacks()
    - bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    - net/ieee802154: reject zero-sized raw_sendmsg()
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - net: mvpp2: fix mvpp2 debugfs leak
    - drm: bridge: adv7511: fix CEC power down control register offset
    - drm/mipi-dsi: Detach devices when removing the host
    - platform/chrome: fix double-free in chromeos_laptop_prepare()
    - platform/chrome: fix memory corruption in ioctl
    - platform/x86: msi-laptop: Fix old-ec check for backlight registering
    - platform/x86: msi-laptop: Fix resource cleanup
    - drm: fix drm_mipi_dbi build errors
    - drm/bridge: megachips: Fix a null pointer dereference bug
    - ASoC: rsnd: Add check for rsnd_mod_power_on
    - ALSA: hda: beep: Simplify keep-power-at-enable behavior
    - drm/omap: dss: Fix refcount leak bugs
    - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    - ALSA: dmaengine: increment buffer pointer atomically
    - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    - ALSA: hda/hdmi: Don't skip notification handling during PM operation
    - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    - memory: of: Fix refcount leak bug in of_get_ddr_timings()
    - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    - soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    - ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    - ARM: dts: kirkwood: lsxl: fix serial line
    - ARM: dts: kirkwood: lsxl: remove first ethernet port
    - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    - ARM: Drop CMDLINE_* dependency on ATAGS
    - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    - iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    - iio: inkern: only release the device node when done with it
    - iio: ABI: Fix wrong format of differential capacitance channel ABI.
    - clk: meson: Hold reference returned by of_get_parent()
    - clk: oxnas: Hold reference returned by of_get_parent()
    - clk: berlin: Add of_node_put() for of_get_parent()
    - clk: tegra: Fix refcount leak in tegra210_clock_init
    - clk: tegra: Fix refcount leak in tegra114_clock_init
    - clk: tegra20: Fix refcount leak in tegra20_clock_init
    - HSI: omap_ssi: Fix refcount leak in ssi_probe
    - HSI: omap_ssi_port: Fix dma_map_sg error check
    - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    - tty: xilinx_uartps: Fix the ignore_status
    - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    - RDMA/rxe: Fix "kernel NULL pointer dereference" error
    - RDMA/rxe: Fix the error caused by qp->sk
    - misc: ocxl: fix possible refcount leak in afu_ioctl()
    - dyndbg: fix module.dyndbg handling
    - dyndbg: let query-modname override actual module name
    - mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    - ata: fix ata_id_has_devslp()
    - ata: fix ata_id_has_ncq_autosense()
    - ata: fix ata_id_has_dipm()
    - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    - md/raid5: Ensure stripe_fill happens on non-read IO with journal
    - xhci: Don't show warning for reinit on known broken suspend
    - usb: gadget: function: fix dangling pnp_string in f_printer.c
    - drivers: serial: jsm: fix some leaks in probe
    - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    - phy: qualcomm: call clk_disable_unprepare in the error handling
    - staging: vt6655: fix some erroneous memory clean-up loops
    - firmware: google: Test spinlock on panic path to avoid lockups
    - serial: 8250: Fix restoring termios speed after suspend
    - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    - fsi: core: Check error number after calling ida_simple_get
    - mfd: intel_soc_pmic: Fix an error handling path in
      intel_soc_pmic_i2c_probe()
    - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    - mfd: lp8788: Fix an error handling path in lp8788_probe()
    - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
      lp8788_irq_init()
    - mfd: fsl-imx25: Fix check for platform_get_irq() errors
    - mfd: sm501: Add check for platform_driver_register()
    - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
      __cleanup()
    - spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    - clk: ast2600: BCLK comes from EPLL
    - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    - powerpc/math_emu/efp: Include module.h
    - powerpc/sysdev/fsl_msi: Add missing of_node_put()
    - powerpc/pci_dn: Add missing of_node_put()
    - powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    - powerpc: Fix SPE Power ISA properties for e500v1 platforms
    - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    - iommu/omap: Fix buffer overflow in debugfs
    - crypto: akcipher - default implementation for setting a private key
    - crypto: ccp - Release dma channels before dmaengine unrgister
    - iommu/iova: Fix module config properly
    - kbuild: remove the target in signal traps when interrupted
    - crypto: cavium - prevent integer overflow loading firmware
    - f2fs: fix race condition on setting FI_NO_EXTENT flag
    - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    - MIPS: BCM47XX: Cast memcmp() of function to (void *)
    - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to
      avoid crash
    - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    - wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    - bpftool: Clear errno after libcap's checks
    - openvswitch: Fix double reporting of drops in dropwatch
    - openvswitch: Fix overreporting of drops in dropwatch
    - tcp: annotate data-race around tcp_md5sig_pool_populated
    - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    - xfrm: Update ipcomp_scratches with NULL when freed
    - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    - can: bcm: check the result of can_send() in bcm_can_tx()
    - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    - wifi: rt2x00: set VGC gain for both chains of MT7620
    - wifi: rt2x00: set SoC wmac clock register
    - wifi: rt2x00: correctly set BBP register 86 for MT7620
    - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    - Bluetooth: L2CAP: Fix user-after-free
    - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    - drm: Use size_t type for len variable in drm_copy_field()
    - drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    - drm/amd/display: fix overflow on MIN_I64 definition
    - drm/vc4: vec: Fix timings for VEC modes
    - drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    - platform/x86: msi-laptop: Change DMI match / alias strings to fix module
      autoloading
    - drm/amdgpu: fix initial connector audio value
    - mmc: sdhci-msm: add compatible string check for sdm670
    - ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    - ARM: dts: imx6q: add missing properties for sram
    - ARM: dts: imx6dl: add missing properties for sram
    - ARM: dts: imx6qp: add missing properties for sram
    - ARM: dts: imx6sl: add missing properties for sram
    - ARM: dts: imx6sll: add missing properties for sram
    - ARM: dts: imx6sx: add missing properties for sram
    - btrfs: scrub: try to fix super block errors
    - clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    - media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    - staging: vt6655: fix potential memory leak
    - ata: libahci_platform: Sanity check the DT child nodes number
    - bcache: fix set_at_max_writeback_rate() for multiple attached devices
    - HID: roccat: Fix use-after-free in roccat_read()
    - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    - usb: musb: Fix musb_gadget.c rxstate overflow bug
    - Revert "usb: storage: Add quirk for Samsung Fit flash"
    - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    - nvme: copy firmware_rev on each init
    - nvmet-tcp: add bounds check on Transfer Tag
    - usb: idmouse: fix an uninit-value in idmouse_open
    - clk: bcm2835: Make peripheral PLLC critical
    - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    - net: ieee802154: return -EINVAL for unknown addr type
    - Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    - net/ieee802154: don't warn zero-sized raw_sendmsg()
    - ext4: continue to expand file system when the target size doesn't reach
    - efi: libstub: drop pointless get_memory_map() call
    - inet: fully convert sk->sk_rx_dst to RCU rules
    - thermal: intel_powerclamp: Use first online CPU as control_cpu
    - Linux 5.4.220

* Focal update: v5.4.219 upstream stable release (LP: #1996804)
    - Linux 5.4.219

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 20 Jan 2023 15:39:15 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Focal update: v5.4.224 upstream stable release

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package