Ubuntu
linux package

Focal update: v5.4.151 upstream stable release

Bug #1947888 reported by Kamal Mostafa on 2021-10-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.151 upstream stable release
from git://git.kernel.org/

tty: Fix out-of-bound vmalloc access in imageblit
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
usb: cdns3: fix race condition before setting doorbell
fs-verity: fix signed integer overflow with i_size near S64_MAX
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
scsi: ufs: Fix illegal offset in UPIU event trace
mac80211: fix use-after-free in CCMP/GCMP RX
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
drm/amd/display: Pass PCI deviceid into DC
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: mesh: fix potentially unaligned access
mac80211-hwsim: fix late beacon hrtimer handling
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
hwmon: (tmp421) report /PVLD condition as fault
hwmon: (tmp421) fix rounding for negative values
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
e100: fix length calculation in e100_get_regs_len
e100: fix buffer overrun in e100_get_regs
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
scsi: csiostor: Add module softdep on cxgb4
net: hns3: do not allow call hns3_nic_net_open repeatedly
net: sched: flower: protect fl_walk() with rcu
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
perf/x86/intel: Update event constraints for ICX
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
ipack: ipoctal: fix stack information leak
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix module reference leak
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ext4: fix reserved space counter leakage
ext4: fix potential infinite loop in ext4_dx_readdir()
HID: u2fzero: ignore incomplete packets without data
net: udp: annotate data race around udp_sk(sk)->corkflag
net: stmmac: don't attach interface until resume finishes
PCI: Fix pci_host_bridge struct device release/free handling
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
hso: fix bailout in error case of probe
usb: hso: fix error handling code of hso_create_net_device
usb: hso: remove the bailout parameter
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
HID: betop: fix slab-out-of-bounds Write in betop_probe
netfilter: ipset: Fix oversized kvmalloc() calls
HID: usbhid: free raw_report buffers in usbhid_stop
Linux 5.4.151
UBUNTU: upstream stable to v5.4.151

See original description

Tags:

Kamal Mostafa (kamalmostafa) on 2021-10-20

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
description:	updated
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Kelsey Steele (kelsey-steele) on 2021-10-27

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-11-29:

Download full text (12.1 KiB)

This bug was fixed in the package linux - 5.4.0-91.102

---------------
linux (5.4.0-91.102) focal; urgency=medium

* focal/linux: 5.4.0-91.102 -proposed tracker (LP: #1949840)

  * Packaging resync (LP: #1786013)
    - [Packaging] update Ubuntu.md
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.08)

  * KVM emulation failure when booting into VM crash kernel with multiple CPUs
    (LP: #1948862)
    - KVM: x86: Properly reset MMU context at vCPU RESET/INIT

* aufs: kernel bug with apparmor and fuseblk (LP: #1948470)
- SAUCE: aufs: bugfix, stop omitting path->mnt

* ebpf: bpf_redirect fails with ip6 gre interfaces (LP: #1947164)
- net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit()

* require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
- Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

* ACL updates on OCFS2 are not revalidated (LP: #1947161)
- ocfs2: fix remounting needed after setfacl command

* ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351)
- powerpc/bpf: Fix BPF_MOD when imm == 1

  * Drop "UBUNTU: SAUCE: cachefiles: Page leaking in
    cachefiles_read_backing_file while vmscan is active" (LP: #1947709)
    - Revert "UBUNTU: SAUCE: cachefiles: Page leaking in
      cachefiles_read_backing_file while vmscan is active"

  * Reassign I/O Path of ConnectX-5 Port 1 before Port 2 causes NULL dereference
    (LP: #1943464)
    - s390/pci: fix leak of PCI device structure
    - s390/pci: fix use after free of zpci_dev
    - s390/pci: fix zpci_zdev_put() on reserve

  * [SRU][F] USB: serial: pl2303: add support for PL2303HXN (LP: #1948377)
    - USB: serial: pl2303: add support for PL2303HXN
    - USB: serial: pl2303: fix line-speed handling on newer chips

This bug was fixed in the package linux - 5.4.0-91.102

---------------
linux (5.4.0-91.102) focal; urgency=medium

* focal/linux: 5.4.0-91.102 -proposed tracker (LP: #1949840)

* Packaging resync (LP: #1786013)
    - [Packaging] update Ubuntu.md
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.08)

* KVM emulation failure when booting into  VM crash kernel with multiple CPUs
    (LP: #1948862)
    - KVM: x86: Properly reset MMU context at vCPU RESET/INIT

* aufs: kernel bug with apparmor and fuseblk (LP: #1948470)
    - SAUCE: aufs: bugfix, stop omitting path->mnt

* ebpf:  bpf_redirect fails with ip6 gre interfaces (LP: #1947164)
    - net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit()

* require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc

* ACL updates on OCFS2 are not revalidated (LP: #1947161)
    - ocfs2: fix remounting needed after setfacl command

* ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351)
    - powerpc/bpf: Fix BPF_MOD when imm == 1

* [SRU][F] USB: serial: pl2303: add support for PL2303HXN (LP: #1948377)
    - USB: serial: pl2303: add support for PL2303HXN
    - USB: serial: pl2303: fix line-speed handling on newer chips

* Focal update: v5.4.151 upstream stable release (LP: #1947888)
    - tty: Fix out-of-bound vmalloc access in imageblit
    - cpufreq: schedutil: Use kobject release() method to free sugov_tunables
    - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
    - usb: cdns3: fix race condition before setting doorbell
    - fs-verity: fix signed integer overflow with i_size near S64_MAX
    - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - scsi: ufs: Fix illegal offset in UPIU event trace
    - mac80211: fix use-after-free in CCMP/GCMP RX
    - x86/kvmclock: Move this_cpu_pvti into kvmclock.h
    - drm/amd/display: Pass PCI deviceid into DC
    - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
    - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced
      from sysfs
    - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
    - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    - mac80211: mesh: fix potentially unaligned access
    - mac80211-hwsim: fix late beacon hrtimer handling
    - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
    - hwmon: (tmp421) report /PVLD condition as fault
    - hwmon: (tmp421) fix rounding for negative values
    - net: ipv4: Fix rtnexthop len when RTA_FLOW is present
    - e100: fix length calculation in e100_get_regs_len
    - e100: fix buffer overrun in e100_get_regs
    - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
    - scsi: csiostor: Add module softdep on cxgb4
    - net: hns3: do not allow call hns3_nic_net_open repeatedly
    - net: sched: flower: protect fl_walk() with rcu
    - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
    - perf/x86/intel: Update event constraints for ICX
    - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
    - debugfs: debugfs_create_file_size(): use IS_ERR to check for error
    - ipack: ipoctal: fix stack information leak
    - ipack: ipoctal: fix tty registration race
    - ipack: ipoctal: fix tty-registration error handling
    - ipack: ipoctal: fix missing allocation-failure check
    - ipack: ipoctal: fix module reference leak
    - ext4: fix loff_t overflow in ext4_max_bitmap_size()
    - ext4: fix reserved space counter leakage
    - ext4: fix potential infinite loop in ext4_dx_readdir()
    - HID: u2fzero: ignore incomplete packets without data
    - net: udp: annotate data race around udp_sk(sk)->corkflag
    - net: stmmac: don't attach interface until resume finishes
    - PCI: Fix pci_host_bridge struct device release/free handling
    - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
    - hso: fix bailout in error case of probe
    - usb: hso: fix error handling code of hso_create_net_device
    - usb: hso: remove the bailout parameter
    - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
    - HID: betop: fix slab-out-of-bounds Write in betop_probe
    - netfilter: ipset: Fix oversized kvmalloc() calls
    - HID: usbhid: free raw_report buffers in usbhid_stop
    - Linux 5.4.151

* Focal update: v5.4.150 upstream stable release (LP: #1947886)
    - usb: gadget: r8a66597: fix a loop in set_feature()
    - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
    - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    - cifs: fix incorrect check for null pointer in header_assemble
    - xen/x86: fix PV trap handling on secondary processors
    - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
    - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    - USB: cdc-acm: fix minor-number release
    - binder: make sure fd closes complete
    - staging: greybus: uart: fix tty use after free
    - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
    - USB: serial: mos7840: remove duplicated 0xac24 device ID
    - USB: serial: option: add Telit LN920 compositions
    - USB: serial: option: remove duplicate USB device ID
    - USB: serial: option: add device id for Foxconn T99W265
    - mcb: fix error handling in mcb_alloc_bus()
    - erofs: fix up erofs_lookup tracepoint
    - btrfs: prevent __btrfs_dump_space_info() to underflow its free space
    - serial: mvebu-uart: fix driver's tx_empty callback
    - net: hso: fix muxed tty registration
    - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
    - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
    - enetc: Fix illegal access when reading affinity_hint
    - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
    - net/smc: add missing error check in smc_clc_prfx_set()
    - gpio: uniphier: Fix void functions to remove return value
    - qed: rdma - don't wait for resources under hw error recovery flow
    - net/mlx4_en: Don't allow aRFS for encapsulated packets
    - scsi: iscsi: Adjust iface sysfs attr detection
    - tty: synclink_gt, drop unneeded forward declarations
    - tty: synclink_gt: rename a conflicting function name
    - fpga: machxo2-spi: Return an error on failure
    - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    - thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    - cifs: fix a sign extension bug
    - scsi: qla2xxx: Restore initiator in dual mode
    - scsi: lpfc: Use correct scnprintf() limit
    - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
    - irqchip/gic-v3-its: Fix potential VPE leak on error
    - md: fix a lock order reversal in md_alloc
    - blktrace: Fix uaf in blk_trace access after removing by sysfs
    - net: macb: fix use after free on rmmod
    - net: stmmac: allow CSR clock of 300MHz
    - m68k: Double cast io functions to unsigned long
    - ipv6: delay fib6_sernum increase in fib6_add
    - bpf: Add oversize check before call kvcalloc()
    - xen/balloon: use a kernel thread instead a workqueue
    - nvme-multipath: fix ANA state updates when a namespace is not present
    - sparc32: page align size in arch_dma_alloc
    - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
    - compiler.h: Introduce absolute_pointer macro
    - net: i825xx: Use absolute_pointer for memcpy from fixed memory location
    - sparc: avoid stringop-overread errors
    - qnx4: avoid stringop-overread errors
    - parisc: Use absolute_pointer() to define PAGE0
    - arm64: Mark __stack_chk_guard as __ro_after_init
    - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
    - net: 6pack: Fix tx timeout and slot time
    - spi: Fix tegra20 build with CONFIG_PM=n
    - EDAC/synopsys: Fix wrong value type assignment for edac_mode
    - thermal/drivers/int340x: Do not set a wrong tcc offset on resume
    - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
    - xen/balloon: fix balloon kthread freezing
    - qnx4: work around gcc false positive warning bug
    - Linux 5.4.150

* ACL updates on OCFS2 are not revalidated (LP: #1947161) // Focal update:
    v5.4.150 upstream stable release (LP: #1947886)
    - ocfs2: drop acl cache for directories too

* Focal update: v5.4.149 upstream stable release (LP: #1947885)
    - PCI: pci-bridge-emul: Fix big-endian support
    - PCI: aardvark: Indicate error in 'val' when config read fails
    - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
    - PCI: aardvark: Fix reporting CRS value
    - PCI/ACPI: Add Ampere Altra SOC MCFG quirk
    - KVM: remember position in kvm->vcpus array
    - console: consume APC, DM, DCS
    - s390/pci_mmio: fully validate the VMA before calling follow_pte()
    - ARM: Qualify enabling of swiotlb_init()
    - apparmor: remove duplicate macro list_entry_is_head()
    - ARM: 9077/1: PLT: Move struct plt_entries definition to header
    - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
    - ARM: 9079/1: ftrace: Add MODULE_PLTS support
    - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
    - sctp: validate chunk size in __rcv_asconf_lookup
    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
    - staging: rtl8192u: Fix bitwise vs logical operator in
      TranslateRxSignalStuff819xUsb()
    - um: virtio_uml: fix memory leak on init failures
    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
    - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    - 9p/trans_virtio: Remove sysfs file on probe failure
    - prctl: allow to setup brk for et_dyn executables
    - nilfs2: use refcount_dec_and_lock() to fix potential UAF
    - profiling: fix shift-out-of-bounds bugs
    - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was
      registered
    - phy: avoid unnecessary link-up delay in polling mode
    - net: stmmac: reset Tx desc base address before restarting Tx
    - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
    - thermal/core: Fix thermal_cooling_device_register() prototype
    - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
    - parisc: Move pci_dev_is_behind_card_dino to where it is used
    - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
    - dmaengine: ioat: depends on !UML
    - dmaengine: xilinx_dma: Set DMA mask for coherent APIs
    - ceph: request Fw caps before updating the mtime in ceph_write_iter
    - ceph: lockdep annotations for try_nonblocking_invalidate
    - btrfs: fix lockdep warning while mounting sprout fs
    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
    - pwm: img: Don't modify HW state in .remove() callback
    - pwm: rockchip: Don't modify HW state in .remove() callback
    - pwm: stm32-lp: Don't modify HW state in .remove() callback
    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
    - rtc: rx8010: select REGMAP_I2C
    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
    - Linux 5.4.149

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Fri, 05 Nov 2021 17:02:56 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Focal update: v5.4.151 upstream stable release

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package