Ubuntu
linux package

Bionic update: upstream stable patchset 2020-09-02

Bug #1893986 reported by Kamal Mostafa on 2020-09-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2020-09-02

                Ported from the following upstream stable releases:
                        v4.14.194, v4.19.140,
                                   v4.19.141

from git://git.kernel.org/

net/mlx5e: Don't support phys switch id if not in switchdev mode
tracepoint: Mark __tracepoint_string's __used
HID: input: Fix devices that return multiple bytes in battery report
x86/mce/inject: Fix a wrong assignment of i_mce.status
sched: correct SD_flags returned by tl->sd_flags()
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
arm64: dts: exynos: Fix silent hang after boot on Espresso
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: set state of hanger slot to FREE when flushing PSQ
iwlegacy: Check the return value of pcie_capability_read_*()
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
usb: bdc: Halt controller on suspend
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
iio: improve IIO_CONCENTRATION channel type description
drm/arm: fix unintentional integer overflow on left shift
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
ASoC: Intel: bxt_rt298: add missing .owner field
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
ipvs: allow connection reuse for unconfirmed conntrack
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: fix reflink quota reservation accounting error
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
drm/bridge: sil_sii8620: initialize return of sii8620_readb
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
Bluetooth: hci_serdev: Only unregister device if it was registered
selftests/powerpc: Fix CPU affinity for child process
PCI: Release IVRS table in AMD ACS quirk
selftests/powerpc: Fix online CPU selection
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
tools, build: Propagate build failures from tools/build/Makefile.build
net: ethernet: aquantia: Fix wrong return value
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
crypto: aesni - add compatibility with IAS
af_packet: TPACKET_V3: fix fill status rwlock imbalance
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: refactor bind_bucket fastreuse into helper
net: Set fput_needed iff FDPUT_FPUT is set
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
bitfield.h: don't compile-time validate _val in FIELD_FIT
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
spi: spidev: Align buffers for DMA
mtd: rawnand: qcom: avoid write to unavailable register
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
irqdomain/treewide: Free firmware node after domain removal
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
net: initialize fastreuse on inet_inherit_port
smb3: warn on confusing error scenario with sec=krb5
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
tracing/hwlat: Honor the tracing_cpumask
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
perf intel-pt: Fix FUP packet state
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
tools build feature: Use CC and CXX from parent
i2c: rcar: avoid race when unregistering slave
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
test_kmod: avoid potential double free in trigger_config_run_type()
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
perf bench mem: Always memset source before memcpy
tools build feature: Quote CC and CXX for their arguments
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
genirq/affinity: Make affinity setting if activated opt-in
ARM: dts: gose: Fix ports node name for adv7180
ARM: dts: gose: Fix ports node name for adv7612
drm/amdgpu: avoid dereferencing a NULL pointer
usb: mtu3: clear dual mode of u3port when disable device
drm/radeon: disable AGP by default
brcmfmac: keep SDIO watchdog running when console_interval is non-zero
ath10k: Acquire tx_lock in tx error paths
xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
RDMA/rxe: Skip dgid check in loopback mode
RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
usb: core: fix quirks_param_set() writing to a const pointer
powerpc/boot: Fix CONFIG_PPC_MPC52XX references
include/asm-generic/vmlinux.lds.h: align ro_after_init
PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
PCI: Add device even if driver attach failed
PCI: qcom: Define some PARF params needed for ipq8064 SoC
PCI: qcom: Add support for tx term offset for rev 2.1.0
PCI: Probe bridge window attributes once at enumeration-time
btrfs: ref-verify: fix memory leak in add_block_entry
btrfs: don't traverse into the seed devices in show_devname
btrfs: fix messages after changing compression level by remount
btrfs: fix return value mixup in btrfs_get_extent
powerpc: Allow 4224 bytes of stack expansion for the signal frame
driver core: Avoid binding drivers to dead devices
RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
media: rockchip: rga: Only set output CSC mode for RGB input
mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
openrisc: Fix oops caused when dumping stack
scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport
watchdog: initialize device before misc_register
fs/minix: set s_maxbytes correctly
fs/minix: fix block limit check for V1 filesystems
fs/minix: remove expected error message in block_to_path()
arm64: dts: marvell: espressobin: add ethernet alias
drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
UBUNTU: upstream stable to v4.14.194, v4.19.141

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2020-09-02

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Kamal Mostafa (kamalmostafa) on 2020-09-02

description:

updated

Kelsey Steele (kelsey-steele) on 2020-09-17

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-10-13:

Download full text (25.4 KiB)

This bug was fixed in the package linux - 4.15.0-121.123

---------------
linux (4.15.0-121.123) bionic; urgency=medium

* Packaging resync (LP: #1786013)
- update dkms package versions

linux (4.15.0-120.122) bionic; urgency=medium

* CVE-2020-16119
- SAUCE: dccp: avoid double free of ccid on child socket

  * CVE-2020-16120
    - Revert "UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading
      directories"
    - ovl: pass correct flags for opening real directory
    - ovl: switch to mounter creds in readdir
    - ovl: verify permissions in ovl_path_open()

linux (4.15.0-119.120) bionic; urgency=medium

* bionic/linux: 4.15.0-119.120 -proposed tracker (LP: #1896040)

* gtp: unable to associate contextes to interfaces (LP: #1894605)
- gtp: add GTPA_LINK info to msg sent to userspace

  * uvcvideo: add mapping for HEVC payloads (LP: #1895803)
    - media: videodev2.h: Add v4l2 definition for HEVC
    - SAUCE: media: uvcvideo: Add mapping for HEVC payloads

* Novalink (mkvterm command failure) (LP: #1892546)
- tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()

  * rtnetlink.sh in net from ubuntu_kernel_selftests is returning 1 for a
    skipped test (LP: #1895258)
    - selftests: net: return Kselftest Skip code for skipped tests

This bug was fixed in the package linux - 4.15.0-121.123

---------------
linux (4.15.0-121.123) bionic; urgency=medium

* Packaging resync (LP: #1786013)
    - update dkms package versions

linux (4.15.0-120.122) bionic; urgency=medium

* CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux (4.15.0-119.120) bionic; urgency=medium

* bionic/linux: 4.15.0-119.120 -proposed tracker (LP: #1896040)

* gtp: unable to associate contextes to interfaces (LP: #1894605)
    - gtp: add GTPA_LINK info to msg sent to userspace

* uvcvideo: add mapping for HEVC payloads (LP: #1895803)
    - media: videodev2.h: Add v4l2 definition for HEVC
    - SAUCE: media: uvcvideo: Add mapping for HEVC payloads

* Novalink (mkvterm command failure) (LP: #1892546)
    - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()

* rtnetlink.sh in net from ubuntu_kernel_selftests is returning 1 for a
    skipped test (LP: #1895258)
    - selftests: net: return Kselftest Skip code for skipped tests

* Bionic update: upstream stable patchset 2020-09-16 (LP: #1895873)
    - net: Fix potential wrong skb->protocol in skb_vlan_untag()
    - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
    - ipvlan: fix device features
    - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
    - ALSA: pci: delete repeated words in comments
    - ASoC: tegra: Fix reference count leaks.
    - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs
    - arm64: dts: qcom: msm8916: Pull down PDM GPIOs during sleep
    - powerpc/xive: Ignore kmemleak false positives
    - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
      value in debiirq()
    - blktrace: ensure our debugfs dir exists
    - scsi: target: tcmu: Fix crash on ARM during cmd completion
    - iommu/iova: Don't BUG on invalid PFNs
    - drm/amdkfd: Fix reference count leaks.
    - drm/radeon: fix multiple reference count leak
    - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
    - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
    - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
    - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
    - scsi: lpfc: Fix shost refcount mismatch when deleting vport
    - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
    - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
    - PCI: Fix pci_create_slot() reference count leak
    - rtlwifi: rtl8192cu: Prevent leaking urb
    - mips/vdso: Fix resource leaks in genvdso.c
    - cec-api: prevent leaking memory through hole in structure
    - f2fs: fix use-after-free issue
    - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
    - drm/nouveau: Fix reference count leak in nouveau_connector_detect
    - locking/lockdep: Fix overflow in presentation of average lock-time
    - scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
    - ceph: fix potential mdsc use-after-free crash
    - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
    - EDAC/ie31200: Fallback if host bridge device is already initialized
    - media: davinci: vpif_capture: fix potential double free
    - KVM: arm64: Fix symbol dependency in __hyp_call_panic_nvhe
    - powerpc/spufs: add CONFIG_COREDUMP dependency
    - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
    - efi: provide empty efi_enter_virtual_mode implementation
    - Revert "ath10k: fix DMA related firmware crashes on multiple devices"
    - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling
    - nvme-fc: Fix wrong return value in __nvme_fc_init_request()
    - null_blk: fix passing of REQ_FUA flag in null_handle_rq
    - i2c: rcar: in slave mode, clear NACK earlier
    - usb: gadget: f_tcm: Fix some resource leaks in some error paths
    - jbd2: make sure jh have b_transaction set in refile/unfile_buffer
    - ext4: don't BUG on inconsistent journal feature
    - jbd2: abort journal if free a async write error metadata buffer
    - fs: prevent BUG_ON in submit_bh_wbc()
    - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate
    - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
    - scsi: ufs: Fix possible infinite loop in ufshcd_hold
    - scsi: ufs: Improve interrupt handling for shared interrupts
    - scsi: ufs: Clean up completed request without interrupt notification
    - net: gianfar: Add of_node_put() before goto statement
    - powerpc/perf: Fix soft lockups due to missed interrupt accounting
    - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
    - btrfs: fix space cache memory leak after transaction abort
    - fbcon: prevent user font height or width change from causing potential out-
      of-bounds access
    - USB: lvtest: return proper error code in probe
    - vt: defer kfree() of vc_screenbuf in vc_do_resize()
    - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
    - serial: samsung: Removes the IRQ not found warning
    - serial: pl011: Fix oops on -EPROBE_DEFER
    - serial: pl011: Don't leak amba_ports entry on driver register error
    - serial: 8250_exar: Fix number of ports for Commtech PCIe cards
    - serial: 8250: change lock order in serial8250_do_startup()
    - writeback: Protect inode->i_io_list with inode->i_lock
    - writeback: Avoid skipping inode writeback
    - writeback: Fix sync livelock due to b_dirty_time processing
    - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN
      data pointer which contains XEN specific information.
    - xhci: Do warm-reset when both CAS and XDEV_RESUME are set
    - PM: sleep: core: Fix the handling of pending runtime resume requests
    - device property: Fix the secondary firmware node handling in
      set_primary_fwnode()
    - drm/amdgpu: Fix buffer overflow in INFO ioctl
    - USB: yurex: Fix bad gfp argument
    - usb: uas: Add quirk for PNY Pro Elite
    - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
    - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
    - overflow.h: Add allocation size calculation helpers
    - USB: gadget: u_f: add overflow checks to VLA macros
    - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()
    - USB: gadget: u_f: Unbreak offset calculation in VLAs
    - USB: cdc-acm: rework notification_buffer resizing
    - usb: storage: Add unusual_uas entry for Sony PSZ drives
    - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
    - tpm: Unify the mismatching TPM space buffer sizes
    - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
    - ALSA: usb-audio: Update documentation comment for MS2109 quirk
    - net: ena: Make missed_tx stat incremental
    - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt
    - ASoC: img-parallel-out: Fix a reference count leak
    - xfs: Don't allow logging of XFS_ISTALE inodes
    - HID: quirks: add NOGET quirk for Logitech GROUP
    - drm/msm/adreno: fix updating ring fence
    - ext4: handle read only external journal device
    - ext4: handle option set by mount flags correctly
    - ext4: handle error of ext4_setup_system_zone() on remount
    - scsi: qla2xxx: Check if FW supports MQ before enabling
    - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem
    - macvlan: validate setting of multiple remote source MAC addresses
    - block: loop: set discard granularity and alignment for block device backed
      loop
    - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART
    - btrfs: reset compression level for lzo on remount
    - usb: host: xhci: fix ep context print mismatch in debugfs
    - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP
    - drm/amd/pm: correct Vega10 swctf limit setting
    - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D

* DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Bionic update:
    upstream stable patchset 2020-09-16 (LP: #1895873)
    - USB: quirks: Add no-lpm quirk for another Raydium touchscreen

* Bionic update: upstream stable patchset 2020-09-11 (LP: #1895328)
    - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
    - perf probe: Fix memory leakage when the probe point is not found
    - khugepaged: khugepaged_test_exit() check mmget_still_valid()
    - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
    - powerpc/mm: Only read faulting instruction when necessary in do_page_fault()
    - btrfs: export helpers for subvolume name/id resolution
    - btrfs: don't show full path of bind mounts in subvol=
    - btrfs: Move free_pages_out label in inline extent handling branch in
      compress_file_range
    - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
    - btrfs: sysfs: use NOFS for device creation
    - romfs: fix uninitialized memory leak in romfs_dev_read()
    - kernel/relay.c: fix memleak on destroy relay channel
    - mm: include CMA pages in lowmem_reserve at boot
    - mm, page_alloc: fix core hung in free_pcppages_bulk()
    - ext4: fix checking of directory entry validity for inline directories
    - jbd2: add the missing unlock_buffer() in the error path of
      jbd2_write_superblock()
    - [Config] updateconfigs for CONFIG_SPI_DYNAMIC
    - spi: Prevent adding devices below an unregistering controller
    - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
    - media: budget-core: Improve exception handling in budget_register()
    - rtc: goldfish: Enable interrupt in set_alarm() when necessary
    - media: vpss: clean up resources in init
    - Input: psmouse - add a newline when printing 'proto' by sysfs
    - m68knommu: fix overwriting of bits in ColdFire V3 cache control
    - xfs: fix inode quota reservation checks
    - jffs2: fix UAF problem
    - cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
    - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
    - virtio_ring: Avoid loop when vq is broken in virtqueue_poll
    - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
    - alpha: fix annotation of io{read,write}{16,32}be()
    - ext4: fix potential negative array index in do_split()
    - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
    - i40e: Fix crash during removing i40e driver
    - net: fec: correct the error path for regulator disable in probe
    - bonding: show saner speed for broadcast mode
    - bonding: fix a potential double-unregister
    - ASoC: msm8916-wcd-analog: fix register Interrupt offset
    - ASoC: intel: Fix memleak in sst_media_open
    - vfio/type1: Add proper error unwind for vfio_iommu_replay()
    - bonding: fix active-backup failover for current ARP slave
    - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
    - net: dsa: b53: check for timeout
    - powerpc/pseries: Do not initiate shutdown when system is running on UPS
    - epoll: Keep a reference on files added to the check list
    - do_epoll_ctl(): clean the failure exits up a bit
    - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
    - xen: don't reschedule in preemption off sections
    - clk: Evict unregistered clks from parent caches
    - KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
    - scsi: zfcp: Fix use-after-free in request timeout handlers
    - ext4: don't allow overlapping system zones
    - s390/runtime_instrumentation: fix storage key handling
    - s390/ptrace: fix storage key handling
    - kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
    - kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
    - Fix build error when CONFIG_ACPI is not set/enabled:
    - net: ena: Prevent reset after device destruction

* Bionic update: upstream stable patchset 2020-09-02 (LP: #1893986)
    - net/mlx5e: Don't support phys switch id if not in switchdev mode
    - tracepoint: Mark __tracepoint_string's __used
    - HID: input: Fix devices that return multiple bytes in battery report
    - x86/mce/inject: Fix a wrong assignment of i_mce.status
    - sched: correct SD_flags returned by tl->sd_flags()
    - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
    - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
    - EDAC: Fix reference count leaks
    - arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
    - arm64: dts: exynos: Fix silent hang after boot on Espresso
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - platform/x86: intel-hid: Fix return value check in check_acpi_dev()
    - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - spi: lantiq: fix: Rx overflow error in full duplex mode
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - md-cluster: fix wild pointer of unlock_all_bitmaps()
    - arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
    - drm/nouveau: fix multiple instances of reference count leaks
    - drm/debugfs: fix plain echo to connector "force" attribute
    - irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - brcmfmac: To fix Bss Info flag definition Bug
    - brcmfmac: set state of hanger slot to FREE when flushing PSQ
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - usb: bdc: Halt controller on suspend
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - agp/intel: Fix a memory leak on module initialisation failure
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
    - iio: improve IIO_CONCENTRATION channel type description
    - drm/arm: fix unintentional integer overflow on left shift
    - leds: lm355x: avoid enum conversion warning
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - ASoC: Intel: bxt_rt298: add missing .owner field
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
    - cxl: Fix kobject memleak
    - drm/radeon: fix array out-of-bounds read and write issues
    - scsi: powertec: Fix different dev_id between request_irq() and free_irq()
    - scsi: eesox: Fix different dev_id between request_irq() and free_irq()
    - ipvs: allow connection reuse for unconfirmed conntrack
    - media: firewire: Using uninitialized values in node_probe()
    - media: exynos4-is: Add missed check for pinctrl_lookup_state()
    - xfs: fix reflink quota reservation accounting error
    - PCI: Fix pci_cfg_wait queue locking problem
    - leds: core: Flush scheduled work for system suspend
    - drm: panel: simple: Fix bpc for LG LB070WV8 panel
    - drm/bridge: sil_sii8620: initialize return of sii8620_readb
    - scsi: scsi_debug: Add check for sdebug_max_queue during module init
    - mwifiex: Prevent memory corruption handling keys
    - powerpc/vdso: Fix vdso cpu truncation
    - staging: rtl8192u: fix a dubious looking mask before a shift
    - PCI/ASPM: Add missing newline in sysfs 'policy'
    - drm/imx: tve: fix regulator_disable error path
    - USB: serial: iuu_phoenix: fix led-activity helpers
    - thermal: ti-soc-thermal: Fix reversed condition in
      ti_thermal_expose_sensor()
    - coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
    - MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
    - usb: dwc2: Fix error path in gadget registration
    - scsi: mesh: Fix panic after host or bus reset
    - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
    - Smack: fix another vsscanf out of bounds
    - Smack: prevent underflow in smk_set_cipso()
    - power: supply: check if calc_soc succeeded in pm860x_init_battery
    - Bluetooth: hci_serdev: Only unregister device if it was registered
    - selftests/powerpc: Fix CPU affinity for child process
    - PCI: Release IVRS table in AMD ACS quirk
    - selftests/powerpc: Fix online CPU selection
    - s390/qeth: don't process empty bridge port events
    - wl1251: fix always return 0 error
    - tools, build: Propagate build failures from tools/build/Makefile.build
    - net: ethernet: aquantia: Fix wrong return value
    - liquidio: Fix wrong return value in cn23xx_get_pf_num()
    - net: spider_net: Fix the size used in a 'dma_free_coherent()' call
    - fsl/fman: use 32-bit unsigned integer
    - fsl/fman: fix dereference null return value
    - fsl/fman: fix unreachable code
    - fsl/fman: check dereferencing null pointer
    - fsl/fman: fix eth hash table allocation
    - dlm: Fix kobject memleak
    - pinctrl-single: fix pcs_parse_pinconf() return value
    - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
    - crypto: aesni - add compatibility with IAS
    - af_packet: TPACKET_V3: fix fill status rwlock imbalance
    - drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
    - net/nfc/rawsock.c: add CAP_NET_RAW check.
    - net: refactor bind_bucket fastreuse into helper
    - net: Set fput_needed iff FDPUT_FPUT is set
    - USB: serial: cp210x: re-enable auto-RTS on open
    - USB: serial: cp210x: enable usb generic throttle/unthrottle
    - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
    - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
    - ALSA: usb-audio: add quirk for Pioneer DDJ-RB
    - crypto: qat - fix double free in qat_uclo_create_batch_init_list
    - crypto: ccp - Fix use of merged scatterlists
    - crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
    - bitfield.h: don't compile-time validate _val in FIELD_FIT
    - fs/minix: check return value of sb_getblk()
    - fs/minix: don't allow getting deleted inodes
    - fs/minix: reject too-large maximum file size
    - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
    - 9p: Fix memory leak in v9fs_mount
    - spi: spidev: Align buffers for DMA
    - mtd: rawnand: qcom: avoid write to unavailable register
    - parisc: Implement __smp_store_release and __smp_load_acquire barriers
    - parisc: mask out enable and reserved bits from sba imask
    - ARM: 8992/1: Fix unwind_frame for clang-built kernels
    - irqdomain/treewide: Free firmware node after domain removal
    - xen/balloon: fix accounting in alloc_xenballooned_pages error path
    - xen/balloon: make the balloon wait interruptible
    - net: initialize fastreuse on inet_inherit_port
    - smb3: warn on confusing error scenario with sec=krb5
    - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
    - btrfs: don't allocate anonymous block device for user invisible roots
    - btrfs: only search for left_info if there is no right_info in
      try_merge_free_space
    - btrfs: fix memory leaks after failure to lookup checksums during inode
      logging
    - dt-bindings: iio: io-channel-mux: Fix compatible string in example code
    - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
    - xtensa: fix xtensa_pmu_setup prototype
    - powerpc: Fix circular dependency between percpu.h and mmu.h
    - net: ethernet: stmmac: Disable hardware multicast filter
    - net: stmmac: dwmac1000: provide multicast filter fallback
    - net/compat: Add missing sock updates for SCM_RIGHTS
    - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
    - bcache: allocate meta data pages as compound pages
    - mac80211: fix misplaced while instead of if
    - MIPS: CPU#0 is not hotpluggable
    - ext2: fix missing percpu_counter_inc
    - ocfs2: change slot number type s16 to u16
    - ftrace: Setup correct FTRACE_FL_REGS flags for module
    - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
    - tracing/hwlat: Honor the tracing_cpumask
    - tracing: Use trace_sched_process_free() instead of exit() for pid tracing
    - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
      watchdog_info.options
    - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
    - watchdog: f71808e_wdt: clear watchdog timeout occurred flag
    - pseries: Fix 64 bit logical memory block panic
    - perf intel-pt: Fix FUP packet state
    - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
    - mfd: arizona: Ensure 32k clock is put on driver unbind and error
    - RDMA/ipoib: Return void from ipoib_ib_dev_stop()
    - USB: serial: ftdi_sio: make process-packet buffer unsigned
    - USB: serial: ftdi_sio: clean up receive processing
    - gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
    - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
    - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
    - iommu/vt-d: Enforce PASID devTLB field mask
    - i2c: rcar: slave: only send STOP event when we have been addressed
    - clk: clk-atlas6: fix return value check in atlas6_clk_init()
    - pwm: bcm-iproc: handle clk_get_rate() return
    - tools build feature: Use CC and CXX from parent
    - i2c: rcar: avoid race when unregistering slave
    - Input: sentelic - fix error return when fsp_reg_write fails
    - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
    - drm/vmwgfx: Fix two list_for_each loop exit tests
    - net: qcom/emac: add missed clk_disable_unprepare in error path of
      emac_clks_phase1_init
    - nfs: Fix getxattr kernel panic and memory overflow
    - fs/ufs: avoid potential u32 multiplication overflow
    - test_kmod: avoid potential double free in trigger_config_run_type()
    - mfd: dln2: Run event handler loop under spinlock
    - ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
    - perf bench mem: Always memset source before memcpy
    - tools build feature: Quote CC and CXX for their arguments
    - sh: landisk: Add missing initialization of sh_io_port_base
    - khugepaged: retract_page_tables() remember to test exit
    - genirq/affinity: Make affinity setting if activated opt-in
    - ARM: dts: gose: Fix ports node name for adv7180
    - ARM: dts: gose: Fix ports node name for adv7612
    - drm/amdgpu: avoid dereferencing a NULL pointer
    - usb: mtu3: clear dual mode of u3port when disable device
    - drm/radeon: disable AGP by default
    - brcmfmac: keep SDIO watchdog running when console_interval is non-zero
    - ath10k: Acquire tx_lock in tx error paths
    - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
    - RDMA/rxe: Skip dgid check in loopback mode
    - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
    - usb: core: fix quirks_param_set() writing to a const pointer
    - powerpc/boot: Fix CONFIG_PPC_MPC52XX references
    - include/asm-generic/vmlinux.lds.h: align ro_after_init
    - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
    - PCI: Add device even if driver attach failed
    - PCI: qcom: Define some PARF params needed for ipq8064 SoC
    - PCI: qcom: Add support for tx term offset for rev 2.1.0
    - PCI: Probe bridge window attributes once at enumeration-time
    - btrfs: ref-verify: fix memory leak in add_block_entry
    - btrfs: don't traverse into the seed devices in show_devname
    - btrfs: fix messages after changing compression level by remount
    - btrfs: fix return value mixup in btrfs_get_extent
    - powerpc: Allow 4224 bytes of stack expansion for the signal frame
    - driver core: Avoid binding drivers to dead devices
    - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
    - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
    - media: rockchip: rga: Only set output CSC mode for RGB input
    - mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
    - openrisc: Fix oops caused when dumping stack
    - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
      targetport
    - watchdog: initialize device before misc_register
    - fs/minix: set s_maxbytes correctly
    - fs/minix: fix block limit check for V1 filesystems
    - fs/minix: remove expected error message in block_to_path()
    - arm64: dts: marvell: espressobin: add ethernet alias
    - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume

* [UBUNTU 20.04] kernel: s390/cpum_cf,perf: changeDFLT_CCERROR counter name
    (LP: #1891454)
    - s390/cpum_cf: Add new extended counters for IBM z15

* CVE-2018-10322
    - xfs: move inode fork verifiers to xfs_dinode_verify
    - xfs: enhance dinode verifier

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Mon, 05 Oct 2020 16:32:15 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2022-01-19

Changed in linux (Ubuntu):
status:	Confirmed → Won't Fix
status:	Won't Fix → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package