Bug #1939915 “memory leaking when removing a profile” : Bugs : AppArmor

Georgia Garcia (georgiag) on 2021-08-18

description:

updated

Stefan Bader (smb) on 2021-08-19

Changed in linux (Ubuntu Xenial):
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux (Ubuntu):
status:	New → Fix Released

Kleber Sacilotto de Souza (kleber-souza) on 2021-09-01

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Georgia Garcia (georgiag) on 2021-09-02

description:

updated

Kleber Sacilotto de Souza (kleber-souza) on 2021-09-07

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-09-07:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-09-07:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Georgia Garcia (georgiag) wrote on 2021-09-09 (last edit on 2021-09-09):

#3

Tested on -proposed by causing the leak and checking the memory used with "free", since CONFIG_DEBUG_KMEMLEAK is not set. It worked as expected - the memory used shown in "free" after removing the profile was in an expected range.

tags:

added: verification-done-bionic verification-done-focal
removed: verification-needed-bionic verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-09-27:

#4

Download full text (34.1 KiB)

This bug was fixed in the package linux - 5.4.0-88.99

---------------
linux (5.4.0-88.99) focal; urgency=medium

* focal/linux: 5.4.0-88.99 -proposed tracker (LP: #1944747)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

* please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
- Revert "UBUNTU: [Config] Disable virtualbox dkms build"

linux (5.4.0-87.98) focal; urgency=medium

* please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
- [Config] Disable virtualbox dkms build

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

  * disable “CONFIG_HISI_DMA” config for ubuntu version (LP: #1936771)
    - Disable CONFIG_HISI_DMA
    - [Config] Record hisi_dma no longer built for arm64

* memory leaking when removing a profile (LP: #1939915)
- apparmor: Fix memory leak of profile proxy

  * CryptoExpress EP11 cards are going offline (LP: #1939618)
    - s390/zcrypt: Support for CCA protected key block version 2
    - s390: Replace zero-length array with flexible-array member
    - s390/zcrypt: Use scnprintf() for avoiding potential buffer overflow
    - s390/zcrypt: replace snprintf/sprintf with scnprintf
    - s390/ap: Remove ap device suspend and resume callbacks
    - s390/zcrypt: use fallthrough;
    - s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc
    - s390/ap: remove power management code from ap bus and drivers
    - s390/ap: introduce new ap function ap_get_qdev()
    - s390/zcrypt: use kzalloc
    - s390/zcrypt: fix smatch warnings
    - s390/zcrypt: code beautification and struct field renames
    - s390/zcrypt: split ioctl function into smaller code units
    - s390/ap: rename and clarify ap state machine related stuff
    - s390/zcrypt: provide cex4 cca sysfs attributes for cex3
    - s390/ap: rework crypto config info and default domain code
    - s390/zcrypt: simplify cca_findcard2 loop code
    - s390/zcrypt: remove set_fs() invocation in zcrypt device driver
    - s390/ap: remove unnecessary spin_lock_init()
    - s390/zcrypt: Support for CCA APKA master keys
    - s390/zcrypt: introduce msg tracking in zcrypt functions
    - s390/ap: split ap queue state machine state from device state
    - s390/ap: add error response code field for ap queue devices
    - s390/ap: add card/queue deconfig state
    - s390/sclp: Add support for SCLP AP adapter config/deconfig
    - s390/ap: Support AP card SCLP config and deconfig operations
    - s390/ap/zcrypt: revisit ap and zcrypt error handling
    - s390/zcrypt: move ap_msg param one level up the call chain
    - s390/zcrypt: Introduce Failure Injection feature
    - s390/zcrypt: fix wrong format specifications
    - s390/ap: fix ap devices reference counting
    - s390/zcrypt: return EIO when msg retry limit reached
    - s390/zcrypt: fix zcard and zqueue hot-unplug memleak
    - s390/ap: Fix hanging ioctl caused by wrong msg counter

* memfd from ubuntu_kernel_s...

This bug was fixed in the package linux - 5.4.0-88.99

---------------
linux (5.4.0-88.99) focal; urgency=medium

* focal/linux: 5.4.0-88.99 -proposed tracker (LP: #1944747)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

* please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
    - Revert "UBUNTU: [Config] Disable virtualbox dkms build"

linux (5.4.0-87.98) focal; urgency=medium

* please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
    - [Config] Disable virtualbox dkms build

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

*  LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

* disable “CONFIG_HISI_DMA” config for ubuntu version (LP: #1936771)
    - Disable CONFIG_HISI_DMA
    - [Config] Record hisi_dma no longer built for arm64

* memory leaking when removing a profile (LP: #1939915)
    - apparmor: Fix memory leak of profile proxy

* CryptoExpress EP11 cards are going offline (LP: #1939618)
    - s390/zcrypt: Support for CCA protected key block version 2
    - s390: Replace zero-length array with flexible-array member
    - s390/zcrypt: Use scnprintf() for avoiding potential buffer overflow
    - s390/zcrypt: replace snprintf/sprintf with scnprintf
    - s390/ap: Remove ap device suspend and resume callbacks
    - s390/zcrypt: use fallthrough;
    - s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc
    - s390/ap: remove power management code from ap bus and drivers
    - s390/ap: introduce new ap function ap_get_qdev()
    - s390/zcrypt: use kzalloc
    - s390/zcrypt: fix smatch warnings
    - s390/zcrypt: code beautification and struct field renames
    - s390/zcrypt: split ioctl function into smaller code units
    - s390/ap: rename and clarify ap state machine related stuff
    - s390/zcrypt: provide cex4 cca sysfs attributes for cex3
    - s390/ap: rework crypto config info and default domain code
    - s390/zcrypt: simplify cca_findcard2 loop code
    - s390/zcrypt: remove set_fs() invocation in zcrypt device driver
    - s390/ap: remove unnecessary spin_lock_init()
    - s390/zcrypt: Support for CCA APKA master keys
    - s390/zcrypt: introduce msg tracking in zcrypt functions
    - s390/ap: split ap queue state machine state from device state
    - s390/ap: add error response code field for ap queue devices
    - s390/ap: add card/queue deconfig state
    - s390/sclp: Add support for SCLP AP adapter config/deconfig
    - s390/ap: Support AP card SCLP config and deconfig operations
    - s390/ap/zcrypt: revisit ap and zcrypt error handling
    - s390/zcrypt: move ap_msg param one level up the call chain
    - s390/zcrypt: Introduce Failure Injection feature
    - s390/zcrypt: fix wrong format specifications
    - s390/ap: fix ap devices reference counting
    - s390/zcrypt: return EIO when msg retry limit reached
    - s390/zcrypt: fix zcard and zqueue hot-unplug memleak
    - s390/ap: Fix hanging ioctl caused by wrong msg counter

* memfd from ubuntu_kernel_selftests failed to build on B-5.4 (LP: #1926142)
    - SAUCE: selftests/memfd: fix build when F_SEAL_FUTURE_WRITE is not defined

* [SRU] Ice driver causes the kernel to crash with Ubuntu 20.04.2 with ethtool
    specific register commands (LP: #1939855)
    - ice: Fix bad register reads

* ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
    dump_page() (LP: #1941829)
    - selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
      hot-remove error test

* e1000e blocks the boot process when it tried to write checksum to its NVM
    (LP: #1936998)
    - e1000e: Do not take care about recovery NVM checksum

* Focal update: v5.4.140 upstream stable release (LP: #1941798)
    - Revert "ACPICA: Fix memory leak caused by _CID repair function"
    - ALSA: seq: Fix racy deletion of subscriber
    - arm64: dts: ls1028a: fix node name for the sysclk
    - ARM: imx: add missing iounmap()
    - ARM: imx: add missing clk_disable_unprepare()
    - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms
    - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
    - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
    - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out pins
    - arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
    - ALSA: usb-audio: fix incorrect clock source setting
    - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
    - ARM: dts: am437x-l4: fix typo in can@0 node
    - omap5-board-common: remove not physically existing vdds_1v8_main fixed-
      regulator
    - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
    - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
    - scsi: sr: Return correct event when media event code is 3
    - media: videobuf2-core: dequeue if start_streaming fails
    - dmaengine: imx-dma: configure the generic DMA type to make it work
    - net, gro: Set inner transport header offset in tcp/udp GRO hook
    - net: dsa: sja1105: overwrite dynamic FDB entries with static ones in
      .port_fdb_add
    - net: dsa: sja1105: invalidate dynamic FDB entries learned concurrently with
      statically added ones
    - net: phy: micrel: Fix detection of ksz87xx switch
    - net: natsemi: Fix missing pci_disable_device() in probe and remove
    - gpio: tqmx86: really make IRQ optional
    - sctp: move the active_key update after sh_keys is added
    - nfp: update ethtool reporting of pauseframe control
    - net: ipv6: fix returned variable type in ip6_skb_dst_mtu
    - mips: Fix non-POSIX regexp
    - bnx2x: fix an error code in bnx2x_nic_load()
    - net: pegasus: fix uninit-value in get_interrupt_interval
    - net: fec: fix use-after-free in fec_drv_remove
    - net: vxge: fix use-after-free in vxge_device_unregister
    - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
    - Bluetooth: defer cleanup of resources in hci_unregister_dev()
    - USB: usbtmc: Fix RCU stall warning
    - USB: serial: option: add Telit FD980 composition 0x1056
    - USB: serial: ch341: fix character loss at high transfer rates
    - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
    - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
    - firmware_loader: fix use-after-free in firmware_fallback_sysfs
    - ALSA: hda/realtek: add mic quirk for Acer SF314-42
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 600
    - usb: cdns3: Fixed incorrect gadget state
    - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
    - usb: gadget: f_hid: fixed NULL pointer dereference
    - usb: gadget: f_hid: idle uses the highest byte for duration
    - usb: otg-fsm: Fix hrtimer list corruption
    - clk: fix leak on devm_clk_bulk_get_all() unwind
    - scripts/tracing: fix the bug that can't parse raw_trace_func
    - tracing / histogram: Give calculation hist_fields a size
    - optee: Clear stale cache entries during initialization
    - tee: add tee_shm_alloc_kernel_buf()
    - optee: Fix memory leak when failing to register shm pages
    - tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
    - staging: rtl8723bs: Fix a resource leak in sd_int_dpc
    - staging: rtl8712: get rid of flush_scheduled_work
    - media: rtl28xxu: fix zero-length control request
    - pipe: increase minimum default pipe size to 2 pages
    - ext4: fix potential htree corruption when growing large_dir directories
    - serial: tegra: Only print FIFO error message when an error occurs
    - serial: 8250_mtk: fix uart corruption issue when rx power off
    - serial: 8250: Mask out floating 16/32-bit bus bits
    - MIPS: Malta: Do not byte-swap accesses to the CBUS UART
    - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
    - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
    - timers: Move clearing of base::timer_running under base:: Lock
    - pcmcia: i82092: fix a null pointer dereference bug
    - md/raid10: properly indicate failure when ending a failed write request
    - KVM: x86: accept userspace interrupt only if no event is injected
    - KVM: Do not leak memory for duplicate debugfs directories
    - KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
    - arm64: vdso: Avoid ISB after reading from cntvct_el0
    - soc: ixp4xx: fix printing resources
    - spi: meson-spicc: fix memory leak in meson_spicc_remove
    - soc: ixp4xx/qmgr: fix invalid __iomem access
    - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
    - bpf, selftests: Adjust few selftest result_unpriv outcomes
    - libata: fix ata_pio_sector for CONFIG_HIGHMEM
    - reiserfs: add check for root_inode in reiserfs_fill_super
    - reiserfs: check directory items on read from disk
    - virt_wifi: fix error on connect
    - alpha: Send stop IPI to send to online CPUs
    - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
      ql_adapter_reset
    - arm64: fix compat syscall return truncation
    - Linux 5.4.140

* Focal update: v5.4.139 upstream stable release (LP: #1941796)
    - btrfs: delete duplicated words + other fixes in comments
    - btrfs: do not commit logs and transactions during link and rename operations
    - btrfs: fix race causing unnecessary inode logging during link and rename
    - btrfs: fix lost inode on log replay after mix of fsync, rename and inode
      eviction
    - regulator: rt5033: Fix n_voltages settings for BUCK and LDO
    - spi: stm32h7: fix full duplex irq handler handling
    - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
    - r8152: Fix potential PM refcount imbalance
    - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
    - net: Fix zero-copy head len calculation.
    - nvme: fix nvme_setup_command metadata trace event
    - ACPI: fix NULL pointer dereference
    - Revert "Bluetooth: Shutdown controller after workqueues are flushed or
      cancelled"
    - firmware: arm_scmi: Ensure drivers provide a probe function
    - firmware: arm_scmi: Add delayed response status check
    - bpf: Inherit expanded/patched seen count from old aux data
    - bpf: Do not mark insn as seen under speculative path verification
    - bpf: Fix leakage under speculation on mispredicted branches
    - bpf: Test_verifier, add alu32 bounds tracking tests
    - bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit
      ones
    - bpf, selftests: Adjust few selftest outcomes wrt unreachable code
    - spi: mediatek: Fix fifo transfer
    - Linux 5.4.139

* Focal update: v5.4.138 upstream stable release (LP: #1940559)
    - net_sched: check error pointer in tcf_dump_walker()
    - x86/asm: Ensure asm/proto.h can be included stand-alone
    - btrfs: fix rw device counting in __btrfs_free_extra_devids
    - btrfs: mark compressed range uptodate only if all bio succeed
    - x86/kvm: fix vcpu-id indexed array sizes
    - KVM: add missing compat KVM_CLEAR_DIRTY_LOG
    - ocfs2: fix zero out valid data
    - ocfs2: issue zeroout to EOF blocks
    - can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive
      TP.DT to 750ms
    - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
    - can: mcba_usb_start(): add missing urb->transfer_dma initialization
    - can: usb_8dev: fix memory leak
    - can: ems_usb: fix memory leak
    - can: esd_usb2: fix memory leak
    - HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
    - NIU: fix incorrect error return, missed in previous revert
    - nfc: nfcsim: fix use after free during module unload
    - cfg80211: Fix possible memory leak in function cfg80211_bss_update
    - netfilter: conntrack: adjust stop timestamp to real expiry value
    - netfilter: nft_nat: allow to specify layer 4 protocol NAT only
    - i40e: Fix logic of disabling queues
    - i40e: Fix firmware LLDP agent related warning
    - i40e: Fix queue-to-TC mapping on Tx
    - i40e: Fix log TC creation failure when max num of queues is exceeded
    - tipc: fix sleeping in tipc accept routine
    - net: Set true network header for ECN decapsulation
    - mlx4: Fix missing error code in mlx4_load_one()
    - net: llc: fix skb_over_panic
    - net/mlx5: Fix flow table chaining
    - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
    - sctp: fix return value check in __sctp_rcv_asconf_lookup
    - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
    - sis900: Fix missing pci_disable_device() in probe and remove
    - can: hi311x: fix a signedness bug in hi3110_cmd()
    - PCI: mvebu: Setup BAR0 in order to fix MSI
    - powerpc/pseries: Fix regression while building external modules
    - i40e: Add additional info to PHY type error
    - can: j1939: j1939_session_deactivate(): clarify lifetime of session object
    - Linux 5.4.138

* Focal update: v5.4.137 upstream stable release (LP: #1940557)
    - selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
    - tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
    - KVM: x86: determine if an exception has an error code only when injecting
      it.
    - af_unix: fix garbage collect vs MSG_PEEK
    - workqueue: fix UAF in pwq_unbound_release_workfn()
    - cgroup1: fix leaked context root causing sporadic NULL deref in LTP
    - net/802/mrp: fix memleak in mrp_request_join()
    - net/802/garp: fix memleak in garp_request_join()
    - net: annotate data race around sk_ll_usec
    - sctp: move 198 addresses from unusable to private scope
    - ipv6: allocate enough headroom in ip6_finish_output2()
    - hfs: add missing clean-up in hfs_fill_super
    - hfs: fix high memory mapping in hfs_bnode_read
    - hfs: add lock nesting notation to hfs_find_init
    - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
    - firmware: arm_scmi: Fix range check for the maximum number of pending
      messages
    - cifs: fix the out of range assignment to bit fields in
      parse_server_interfaces
    - iomap: remove the length variable in iomap_seek_data
    - iomap: remove the length variable in iomap_seek_hole
    - ARM: dts: versatile: Fix up interrupt controller node names
    - ipv6: ip6_finish_output2: set sk into newly allocated nskb
    - Linux 5.4.137

* Focal update: v5.4.136 upstream stable release (LP: #1939899)
    - igc: Fix use-after-free error during reset
    - igb: Fix use-after-free error during reset
    - igc: change default return of igc_read_phy_reg()
    - ixgbe: Fix an error handling path in 'ixgbe_probe()'
    - igc: Prefer to use the pci_release_mem_regions method
    - igc: Fix an error handling path in 'igc_probe()'
    - igb: Fix an error handling path in 'igb_probe()'
    - fm10k: Fix an error handling path in 'fm10k_probe()'
    - e1000e: Fix an error handling path in 'e1000_probe()'
    - iavf: Fix an error handling path in 'iavf_probe()'
    - igb: Check if num of q_vectors is smaller than max before array access
    - igb: Fix position of assignment to *ring
    - gve: Fix an error handling path in 'gve_probe()'
    - ipv6: fix 'disable_policy' for fwd packets
    - selftests: icmp_redirect: remove from checking for IPv6 route get
    - selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
    - pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
    - cxgb4: fix IRQ free race during driver unload
    - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
    - perf probe: Fix dso->nsinfo refcounting
    - perf env: Fix sibling_dies memory leak
    - perf test session_topology: Delete session->evlist
    - perf test event_update: Fix memory leak of evlist
    - perf dso: Fix memory leak in dso__new_map()
    - perf script: Fix memory 'threads' and 'cpus' leaks on exit
    - perf lzma: Close lzma stream on exit
    - perf probe-file: Delete namelist in del_events() on the error path
    - perf data: Close all files in close_dir()
    - spi: imx: add a check for speed_hz before calculating the clock
    - spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
    - spi: stm32: fixes pm_runtime calls in probe/remove
    - regulator: hi6421: Use correct variable type for regmap api val argument
    - regulator: hi6421: Fix getting wrong drvdata
    - spi: mediatek: fix fifo rx mode
    - ASoC: rt5631: Fix regcache sync errors on resume
    - liquidio: Fix unintentional sign extension issue on left shift of u16
    - s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
    - bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
    - bpftool: Check malloc return value in mount_bpffs_for_pin
    - net: fix uninit-value in caif_seqpkt_sendmsg
    - efi/tpm: Differentiate missing and invalid final event log table.
    - net: decnet: Fix sleeping inside in af_decnet
    - KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
    - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
    - net: sched: fix memory leak in tcindex_partial_destroy_work
    - netrom: Decrease sock refcount when sock timers expire
    - scsi: iscsi: Fix iface sysfs attr detection
    - scsi: target: Fix protect handling in WRITE SAME(32)
    - spi: cadence: Correct initialisation of runtime PM again
    - bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence.
    - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
    - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
    - bnxt_en: Check abort error state in bnxt_half_open_nic()
    - net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
    - net/tcp_fastopen: fix data races around tfo_active_disable_stamp
    - net: hns3: fix rx VLAN offload state inconsistent issue
    - net/sched: act_skbmod: Skip non-Ethernet packets
    - ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
    - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
    - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
    - afs: Fix tracepoint string placement with built-in AFS
    - r8169: Avoid duplicate sysfs entry creation error
    - nvme: set the PRACT bit when using Write Zeroes with T10 PI
    - sctp: update active_key for asoc when old key is being replaced
    - net: sched: cls_api: Fix the the wrong parameter
    - drm/panel: raspberrypi-touchscreen: Prevent double-free
    - proc: Avoid mixing integer types in mem_rw()
    - s390/ftrace: fix ftrace_update_ftrace_func implementation
    - s390/boot: fix use of expolines in the DMA code
    - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
    - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
    - ALSA: sb: Fix potential ABBA deadlock in CSP driver
    - ALSA: hdmi: Expose all pins on MSI MS-7C94 board
    - xhci: Fix lost USB 2 remote wake
    - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
    - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
    - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
    - usb: hub: Fix link power management max exit latency (MEL) calculations
    - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
    - usb: max-3421: Prevent corruption of freed memory
    - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
    - USB: serial: option: add support for u-blox LARA-R6 family
    - USB: serial: cp210x: fix comments for GE CS1000
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
    - firmware/efi: Tell memblock about EFI iomem reservations
    - tracing/histogram: Rename "cpu" to "common_cpu"
    - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
    - btrfs: check for missing device in btrfs_trim_fs
    - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
    - ixgbe: Fix packet corruption due to missing DMA sync
    - selftest: use mmap instead of posix_memalign to allocate memory
    - userfaultfd: do not untag user pointers
    - hugetlbfs: fix mount mode command line processing
    - rbd: don't hold lock_rwsem while running_list is being drained
    - rbd: always kick acquire on "acquired" and "released" notifications
    - nds32: fix up stack guard gap
    - drm: Return -ENOTTY for non-drm ioctls
    - net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
    - net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
    - iio: accel: bma180: Use explicit member assignment
    - iio: accel: bma180: Fix BMA25x bandwidth register values
    - btrfs: compression: don't try to compress if we don't have enough pages
    - PCI: Mark AMD Navi14 GPU ATS as broken
    - perf inject: Close inject.output on exit
    - xhci: add xhci_get_virt_ep() helper
    - Linux 5.4.136

* Focal update: v5.4.135 upstream stable release (LP: #1939442)
    - ARM: dts: gemini: rename mdio to the right name
    - ARM: dts: gemini: add device_type on pci
    - ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
    - arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
    - ARM: dts: rockchip: Fix the timer clocks order
    - ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
    - ARM: dts: rockchip: Fix power-controller node names for rk3066a
    - ARM: dts: rockchip: Fix power-controller node names for rk3188
    - ARM: dts: rockchip: Fix power-controller node names for rk3288
    - arm64: dts: rockchip: Fix power-controller node names for px30
    - arm64: dts: rockchip: Fix power-controller node names for rk3328
    - reset: ti-syscon: fix to_ti_syscon_reset_data macro
    - ARM: brcmstb: dts: fix NAND nodes names
    - ARM: Cygnus: dts: fix NAND nodes names
    - ARM: NSP: dts: fix NAND nodes names
    - ARM: dts: BCM63xx: Fix NAND nodes names
    - ARM: dts: Hurricane 2: Fix NAND nodes names
    - ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
    - ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
    - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
    - kbuild: sink stdout from cmd for silent build
    - ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios
    - ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
    - ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
    - ARM: dts: stm32: fix RCC node name on stm32f429 MCU
    - ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
    - arm64: dts: juno: Update SCPI nodes as per the YAML schema
    - ARM: dts: rockchip: fix supply properties in io-domains nodes
    - ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
    - ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
    - soc/tegra: fuse: Fix Tegra234-only builds
    - firmware: tegra: bpmp: Fix Tegra234-only builds
    - arm64: dts: ls208xa: remove bus-num from dspi node
    - arm64: dts: imx8mq: assign PCIe clocks
    - thermal/core: Correct function name thermal_zone_device_unregister()
    - kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
    - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
    - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
    - scsi: libsas: Add LUN number check in .slave_alloc callback
    - scsi: libfc: Fix array index out of bound exception
    - scsi: qedf: Add check to synchronize abort and flush
    - sched/fair: Fix CFS bandwidth hrtimer expiry type
    - s390: introduce proper type handling call_on_stack() macro
    - cifs: prevent NULL deref in cifs_compose_mount_options()
    - arm64: dts: armada-3720-turris-mox: add firmware node
    - firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible
      string
    - arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file
    - f2fs: Show casefolding support only when supported
    - usb: cdns3: Enable TDL_CHK only for OUT ep
    - Revert "UBUNTU: SAUCE: Revert "mm: memcg/slab: fix memory leak at non-root
      kmem_cache destroy""
    - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
    - dm writecache: return the exact table values that were set
    - net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
    - net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
    - net: ipv6: fix return value of ip6_skb_dst_mtu
    - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
    - net/sched: act_ct: fix err check for nf_conntrack_confirm
    - net: bridge: sync fdb to new unicast-filtering ports
    - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
    - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
    - net: moxa: fix UAF in moxart_mac_probe
    - net: qcom/emac: fix UAF in emac_remove
    - net: ti: fix UAF in tlan_remove_one
    - net: send SYNACK packet with accepted fwmark
    - net: validate lwtstate->data before returning from skb_tunnel_info()
    - net: fddi: fix UAF in fza_probe
    - dma-buf/sync_file: Don't leak fences on merge failure
    - tcp: annotate data races around tp->mtu_info
    - ipv6: tcp: drop silly ICMPv6 packet too big messages
    - bpftool: Properly close va_list 'ap' by va_end() on error
    - perf test bpf: Free obj_buf
    - udp: annotate data races around unix_sk(sk)->gso_size
    - Linux 5.4.135

* Focal update: v5.4.134 upstream stable release (LP: #1939440)
    - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
    - KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
    - KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
    - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
    - tracing: Do not reference char * as a string in histograms
    - cgroup: verify that source is a string
    - fbmem: Do not delete the mode that is still in use
    - net: moxa: Use devm_platform_get_and_ioremap_resource()
    - dmaengine: fsl-qdma: check dma_set_mask return value
    - srcu: Fix broken node geometry after early ssp init
    - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by
      zero
    - misc/libmasm/module: Fix two use after free in ibmasm_init_one
    - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
    - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get().
    - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
    - ALSA: usx2y: Don't call free_pages_exact() with NULL address
    - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
    - w1: ds2438: fixing bug that would always get page0
    - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
    - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
    - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
      SGLs
    - scsi: core: Cap scsi_host cmd_per_lun at can_queue
    - ALSA: ac97: fix PM reference leak in ac97_bus_remove()
    - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
    - scsi: scsi_dh_alua: Check for negative result value
    - fs/jfs: Fix missing error code in lmLogInit()
    - scsi: megaraid_sas: Fix resource leak in case of probe failure
    - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update
    - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
    - scsi: iscsi: Add iscsi_cls_conn refcount helpers
    - scsi: iscsi: Fix conn use after free during resets
    - scsi: iscsi: Fix shost->max_id use
    - scsi: qedi: Fix null ref during abort handling
    - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
    - mfd: cpcap: Fix cpcap dmamask not set warnings
    - ASoC: img: Fix PM reference leak in img_i2s_in_probe()
    - serial: tty: uartlite: fix console setup
    - s390/sclp_vt220: fix console name to match device
    - ALSA: sb: Fix potential double-free of CSP mixer elements
    - powerpc/ps3: Add dma_mask to ps3_dma_region
    - iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get
      fails
    - iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
    - gpio: zynq: Check return value of pm_runtime_get_sync
    - ALSA: ppc: fix error return code in snd_pmac_probe()
    - selftests/powerpc: Fix "no_handler" EBB selftest
    - gpio: pca953x: Add support for the On Semi pca9655
    - ASoC: soc-core: Fix the error return code in
      snd_soc_of_parse_audio_routing()
    - s390/processor: always inline stap() and __load_psw_mask()
    - s390/ipl_parm: fix program check new psw handling
    - s390/mem_detect: fix diag260() program check new psw handling
    - s390/mem_detect: fix tprot() program check new psw handling
    - Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
    - ALSA: bebob: add support for ToneWeal FW66
    - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
    - ALSA: usb-audio: scarlett2: Fix data_mutex lock
    - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
    - usb: gadget: f_hid: fix endianness issue with descriptors
    - usb: gadget: hid: fix error return code in hid_bind()
    - powerpc/boot: Fixup device-tree on little endian
    - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters
    - backlight: lm3630a: Fix return code of .update_status() callback
    - ALSA: hda: Add IRQ check for platform_get_irq()
    - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
    - staging: rtl8723bs: fix macro value for 2.4Ghz only device
    - intel_th: Wait until port is in reset before programming it
    - i2c: core: Disable client irq on reboot/shutdown
    - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
    - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
    - pwm: spear: Don't modify HW state in .remove callback
    - power: supply: ab8500: Avoid NULL pointers
    - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
    - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
    - ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
    - PCI/P2PDMA: Avoid pci_get_slot(), which may sleep
    - watchdog: Fix possible use-after-free in wdt_startup()
    - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
    - watchdog: Fix possible use-after-free by calling del_timer_sync()
    - watchdog: imx_sc_wdt: fix pretimeout
    - x86/fpu: Return proper error codes from user access functions
    - PCI: tegra: Add missing MODULE_DEVICE_TABLE
    - orangefs: fix orangefs df output.
    - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
    - NFS: nfs_find_open_context() may only select open files
    - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
    - power: supply: ab8500: add missing MODULE_DEVICE_TABLE
    - pwm: img: Fix PM reference leak in img_pwm_enable()
    - pwm: tegra: Don't modify HW state in .remove callback
    - ACPI: AMBA: Fix resource name in /proc/iomem
    - ACPI: video: Add quirk for the Dell Vostro 3350
    - virtio-blk: Fix memory leak among suspend/resume procedure
    - virtio_net: Fix error handling in virtnet_restore()
    - virtio_console: Assure used length from device is limited
    - x86/signal: Detect and prevent an alternate signal stack overflow
    - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
    - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
    - power: supply: rt5033_battery: Fix device tree enumeration
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()
    - um: fix error return code in slip_open()
    - um: fix error return code in winch_tramp()
    - watchdog: aspeed: fix hardware timeout calculation
    - nfs: fix acl memory leak of posix_acl_create()
    - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
    - PCI: iproc: Fix multi-MSI base vector number allocation
    - PCI: iproc: Support multi-MSI only on uniprocessor kernel
    - x86/fpu: Limit xstate copy size in xstateregs_set()
    - pwm: imx1: Don't disable clocks at device remove time
    - virtio_net: move tx vq operation under tx queue lock
    - nvme-tcp: can't set sk_user_data without write_lock
    - ALSA: isa: Fix error return code in snd_cmi8330_probe()
    - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
    - hexagon: use common DISCARDS macro
    - ARM: dts: gemini-rut1xx: remove duplicate ethernet node
    - reset: a10sr: add missing of_match_table reference
    - ARM: exynos: add missing of_node_put for loop iteration
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
    - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
    - memory: atmel-ebi: add missing of_node_put for loop iteration
    - reset: brcmstb: Add missing MODULE_DEVICE_TABLE
    - memory: pl353: Fix error return code in pl353_smc_probe()
    - rtc: fix snprintf() checking in is_rtc_hctosys()
    - arm64: dts: renesas: v3msk: Fix memory size
    - ARM: dts: r8a7779, marzen: Fix DU clock names
    - firmware: tegra: Fix error return code in tegra210_bpmp_init()
    - firmware: arm_scmi: Reset Rx buffer to max size during async commands
    - ARM: dts: BCM5301X: Fixup SPI binding
    - reset: bail if try_module_get() fails
    - memory: fsl_ifc: fix leak of IO mapping on probe failure
    - memory: fsl_ifc: fix leak of private memory on probe failure
    - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
    - ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
    - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
    - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
    - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
    - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
    - firmware: turris-mox-rwtm: fix reply status decoding function
    - firmware: turris-mox-rwtm: report failures better
    - firmware: turris-mox-rwtm: fail probing when firmware does not support hwrng
    - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
    - mips: always link byteswap helpers into decompressor
    - mips: disable branch profiling in boot/decompress.o
    - MIPS: vdso: Invalid GIC access through VDSO
    - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
    - misc: alcor_pci: fix inverted branch condition
    - Linux 5.4.134

-- Kelsey Skunberg <kelsey.skunberg@canonical.com>  Thu, 23 Sep 2021 10:40:49 -0600

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-09-28:

#5

Download full text (12.2 KiB)

This bug was fixed in the package linux - 4.15.0-159.167

---------------
linux (4.15.0-159.167) bionic; urgency=medium

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

  * dell300x: rsi wifi and bluetooth crash after suspend and resume
    (LP: #1940488)
    - Revert "rsi: Use resume_noirq for SDIO"

  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

  * kvm_unit_tests: emulator test fails on 4.4 / 4.15 kernel, timeout
    (LP: #1932966)
    - kvm: Add emulation for movups/movupd

  * memory leaking when removing a profile (LP: #1939915)
    - security/apparmor/label.c: Clean code by removing redundant instructions
    - apparmor: Fix memory leak of profile proxy

  * ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
    dump_page() (LP: #1941829)
    - selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
      hot-remove error test

  * Bionic update: upstream stable patchset 2021-08-27 (LP: #1941916)
    - btrfs: mark compressed range uptodate only if all bio succeed
    - regulator: rt5033: Fix n_voltages settings for BUCK and LDO
    - r8152: Fix potential PM refcount imbalance
    - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
    - net: Fix zero-copy head len calculation.
    - Revert "Bluetooth: Shutdown controller after workqueues are flushed or
      cancelled"
    - KVM: do not allow mapping valid but non-reference-counted pages
    - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
    - spi: mediatek: Fix fifo transfer
    - padata: validate cpumask without removed CPU during offline
    - Revert "ACPICA: Fix memory leak caused by _CID repair function"
    - ALSA: seq: Fix racy deletion of subscriber
    - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
    - omap5-board-common: remove not physically existing vdds_1v8_main fixed-
      regulator
    - scsi: sr: Return correct event when media event code is 3
    - media: videobuf2-core: dequeue if start_streaming fails
    - net: natsemi: Fix missing pci_disable_device() in probe and remove
    - nfp: update ethtool reporting of pauseframe control
    - mips: Fix non-POSIX regexp
    - bnx2x: fix an error code in bnx2x_nic_load()
    - net: pegasus: fix uninit-value in get_interrupt_interval
    - net: fec: fix use-after-free in fec_drv_remove
    - net: vxge: fix use-after-free in vxge_device_unregister
    - Bluetooth: defer cleanup of resources in hci_unregister_dev()
    - USB: usbtmc: Fix RCU stall warning
    - USB: serial: option: add Telit FD980 composition 0x1056
    - USB: serial: ch341: fix character loss at high transfer rates
    - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
    - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
    - usb: gadget: f_hid: fixed NULL pointer dereference
    - usb: gadget: f_hid: idle uses the highest byte for duration
    - usb: otg-fsm: Fix hrtimer list corruption
    - scripts/tracing: fix the bug that can't parse raw_trace_func
    - staging: rtl8723bs: Fix a resource lea...

This bug was fixed in the package linux - 4.15.0-159.167

---------------
linux (4.15.0-159.167) bionic; urgency=medium

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)

* dell300x: rsi wifi and bluetooth crash after suspend and resume
    (LP: #1940488)
    - Revert "rsi: Use resume_noirq for SDIO"

*  LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

* kvm_unit_tests: emulator test fails on 4.4 / 4.15 kernel, timeout
    (LP: #1932966)
    - kvm: Add emulation for movups/movupd

* memory leaking when removing a profile (LP: #1939915)
    - security/apparmor/label.c: Clean code by removing redundant instructions
    - apparmor: Fix memory leak of profile proxy

* ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
    dump_page() (LP: #1941829)
    - selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
      hot-remove error test

* Bionic update: upstream stable patchset 2021-08-27 (LP: #1941916)
    - btrfs: mark compressed range uptodate only if all bio succeed
    - regulator: rt5033: Fix n_voltages settings for BUCK and LDO
    - r8152: Fix potential PM refcount imbalance
    - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
    - net: Fix zero-copy head len calculation.
    - Revert "Bluetooth: Shutdown controller after workqueues are flushed or
      cancelled"
    - KVM: do not allow mapping valid but non-reference-counted pages
    - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
    - spi: mediatek: Fix fifo transfer
    - padata: validate cpumask without removed CPU during offline
    - Revert "ACPICA: Fix memory leak caused by _CID repair function"
    - ALSA: seq: Fix racy deletion of subscriber
    - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
    - omap5-board-common: remove not physically existing vdds_1v8_main fixed-
      regulator
    - scsi: sr: Return correct event when media event code is 3
    - media: videobuf2-core: dequeue if start_streaming fails
    - net: natsemi: Fix missing pci_disable_device() in probe and remove
    - nfp: update ethtool reporting of pauseframe control
    - mips: Fix non-POSIX regexp
    - bnx2x: fix an error code in bnx2x_nic_load()
    - net: pegasus: fix uninit-value in get_interrupt_interval
    - net: fec: fix use-after-free in fec_drv_remove
    - net: vxge: fix use-after-free in vxge_device_unregister
    - Bluetooth: defer cleanup of resources in hci_unregister_dev()
    - USB: usbtmc: Fix RCU stall warning
    - USB: serial: option: add Telit FD980 composition 0x1056
    - USB: serial: ch341: fix character loss at high transfer rates
    - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
    - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
    - usb: gadget: f_hid: fixed NULL pointer dereference
    - usb: gadget: f_hid: idle uses the highest byte for duration
    - usb: otg-fsm: Fix hrtimer list corruption
    - scripts/tracing: fix the bug that can't parse raw_trace_func
    - staging: rtl8723bs: Fix a resource leak in sd_int_dpc
    - media: rtl28xxu: fix zero-length control request
    - pipe: increase minimum default pipe size to 2 pages
    - ext4: fix potential htree corruption when growing large_dir directories
    - serial: 8250: Mask out floating 16/32-bit bus bits
    - MIPS: Malta: Do not byte-swap accesses to the CBUS UART
    - pcmcia: i82092: fix a null pointer dereference bug
    - spi: meson-spicc: fix memory leak in meson_spicc_remove
    - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
    - qmi_wwan: add network device usage statistics for qmimux devices
    - libata: fix ata_pio_sector for CONFIG_HIGHMEM
    - reiserfs: add check for root_inode in reiserfs_fill_super
    - reiserfs: check directory items on read from disk
    - alpha: Send stop IPI to send to online CPUs
    - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
      ql_adapter_reset
    - USB:ehci:fix Kunpeng920 ehci hardware problem
    - ppp: Fix generating ppp unit id when ifname is not specified
    - ovl: prevent private clone if bind mount is not allowed
    - net: xilinx_emaclite: Do not print real IOMEM pointer
    - KVM: x86: accept userspace interrupt only if no event is injected
    - KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds

* Bionic update: upstream stable patchset 2021-08-17 (LP: #1940315)
    - selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
    - KVM: x86: determine if an exception has an error code only when injecting
      it.
    - net: split out functions related to registering inflight socket files
    - [Config] updateconfigs for UNIX_SCM
    - af_unix: fix garbage collect vs MSG_PEEK
    - net/802/mrp: fix memleak in mrp_request_join()
    - net/802/garp: fix memleak in garp_request_join()
    - net: annotate data race around sk_ll_usec
    - sctp: move 198 addresses from unusable to private scope
    - hfs: add missing clean-up in hfs_fill_super
    - hfs: fix high memory mapping in hfs_bnode_read
    - hfs: add lock nesting notation to hfs_find_init
    - ARM: dts: versatile: Fix up interrupt controller node names
    - virtio_net: Do not pull payload in skb->head
    - gro: ensure frag0 meets IP header alignment
    - x86/kvm: fix vcpu-id indexed array sizes
    - ocfs2: fix zero out valid data
    - ocfs2: issue zeroout to EOF blocks
    - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
    - can: mcba_usb_start(): add missing urb->transfer_dma initialization
    - can: usb_8dev: fix memory leak
    - can: ems_usb: fix memory leak
    - can: esd_usb2: fix memory leak
    - NIU: fix incorrect error return, missed in previous revert
    - nfc: nfcsim: fix use after free during module unload
    - x86/asm: Ensure asm/proto.h can be included stand-alone
    - cfg80211: Fix possible memory leak in function cfg80211_bss_update
    - netfilter: conntrack: adjust stop timestamp to real expiry value
    - netfilter: nft_nat: allow to specify layer 4 protocol NAT only
    - tipc: fix sleeping in tipc accept routine
    - mlx4: Fix missing error code in mlx4_load_one()
    - net: llc: fix skb_over_panic
    - net/mlx5: Fix flow table chaining
    - sctp: fix return value check in __sctp_rcv_asconf_lookup
    - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
    - sis900: Fix missing pci_disable_device() in probe and remove
    - can: hi311x: fix a signedness bug in hi3110_cmd()
    - i40e: Fix log TC creation failure when max num of queues is exceeded
    - i40e: Add additional info to PHY type error

* Bionic update: upstream stable patchset 2021-08-13 (LP: #1939913)
    - ARM: dts: gemini: add device_type on pci
    - ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
    - arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
    - ARM: dts: rockchip: Fix the timer clocks order
    - ARM: dts: rockchip: Fix power-controller node names for rk3288
    - arm64: dts: rockchip: Fix power-controller node names for rk3328
    - reset: ti-syscon: fix to_ti_syscon_reset_data macro
    - ARM: brcmstb: dts: fix NAND nodes names
    - ARM: Cygnus: dts: fix NAND nodes names
    - ARM: NSP: dts: fix NAND nodes names
    - ARM: dts: BCM63xx: Fix NAND nodes names
    - ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
    - ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
    - ARM: dts: stm32: fix RCC node name on stm32f429 MCU
    - arm64: dts: juno: Update SCPI nodes as per the YAML schema
    - arm64: dts: ls208xa: remove bus-num from dspi node
    - thermal/core: Correct function name thermal_zone_device_unregister()
    - kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
    - rtc: max77686: Do not enforce (incorrect) interrupt trigger type
    - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
    - scsi: libfc: Fix array index out of bound exception
    - sched/fair: Fix CFS bandwidth hrtimer expiry type
    - net: ipv6: fix return value of ip6_skb_dst_mtu
    - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
    - net: bridge: sync fdb to new unicast-filtering ports
    - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
    - net: moxa: fix UAF in moxart_mac_probe
    - net: qcom/emac: fix UAF in emac_remove
    - net: ti: fix UAF in tlan_remove_one
    - net: send SYNACK packet with accepted fwmark
    - net: validate lwtstate->data before returning from skb_tunnel_info()
    - dma-buf/sync_file: Don't leak fences on merge failure
    - tcp: annotate data races around tp->mtu_info
    - ipv6: tcp: drop silly ICMPv6 packet too big messages
    - igb: Fix use-after-free error during reset
    - ixgbe: Fix an error handling path in 'ixgbe_probe()'
    - igb: Fix an error handling path in 'igb_probe()'
    - fm10k: Fix an error handling path in 'fm10k_probe()'
    - e1000e: Fix an error handling path in 'e1000_probe()'
    - iavf: Fix an error handling path in 'iavf_probe()'
    - igb: Check if num of q_vectors is smaller than max before array access
    - perf probe: Fix dso->nsinfo refcounting
    - perf lzma: Close lzma stream on exit
    - perf test bpf: Free obj_buf
    - perf probe-file: Delete namelist in del_events() on the error path
    - spi: mediatek: fix fifo rx mode
    - liquidio: Fix unintentional sign extension issue on left shift of u16
    - s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
    - net: fix uninit-value in caif_seqpkt_sendmsg
    - net: decnet: Fix sleeping inside in af_decnet
    - netrom: Decrease sock refcount when sock timers expire
    - scsi: iscsi: Fix iface sysfs attr detection
    - scsi: target: Fix protect handling in WRITE SAME(32)
    - spi: cadence: Correct initialisation of runtime PM again
    - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
    - proc: Avoid mixing integer types in mem_rw()
    - s390/ftrace: fix ftrace_update_ftrace_func implementation
    - ALSA: sb: Fix potential ABBA deadlock in CSP driver
    - xhci: Fix lost USB 2 remote wake
    - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
    - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
    - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
    - usb: max-3421: Prevent corruption of freed memory
    - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
    - USB: serial: option: add support for u-blox LARA-R6 family
    - USB: serial: cp210x: fix comments for GE CS1000
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
    - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
    - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
    - ixgbe: Fix packet corruption due to missing DMA sync
    - selftest: use mmap instead of posix_memalign to allocate memory
    - drm: Return -ENOTTY for non-drm ioctls
    - net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
    - iio: accel: bma180: Use explicit member assignment
    - iio: accel: bma180: Fix BMA25x bandwidth register values
    - btrfs: compression: don't try to compress if we don't have enough pages
    - spi: spi-fsl-dspi: Fix a resource leak in an error handling path
    - xhci: add xhci_get_virt_ep() helper
    - bpftool: Properly close va_list 'ap' by va_end() on error
    - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
    - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
    - perf dso: Fix memory leak in dso__new_map()
    - net/tcp_fastopen: fix data races around tfo_active_disable_stamp
    - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
    - drm/panel: raspberrypi-touchscreen: Prevent double-free
    - KVM: do not assume PTE is writable after follow_pfn
    - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
    - net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
    - workqueue: fix UAF in pwq_unbound_release_workfn()
    - upstream stable to v4.14.241, v4.19.200

-- Kelsey Skunberg <kelsey.skunberg@canonical.com>  Mon, 20 Sep 2021 16:11:14 -0600

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

AppArmor

memory leaking when removing a profile

Bug Description

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
AppArmor	New	Undecided	Unassigned
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Xenial	Fix Committed	Medium	Unassigned
Bionic	Fix Released	Medium	Unassigned
Focal	Fix Released	Medium	Unassigned