kunpeng920

hisi_sas driver may oops in prep_ssp_v3_hw()

Bug #1953386 reported by dann frazier on 2021-12-06

This bug affects 1 person

	Status	Importance	Assigned to
kunpeng920	Fix Released	Undecided	dann frazier
Ubuntu-18.04	Fix Released	Undecided	dann frazier
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	High	dann frazier

Bug Description

[Impact]
The hisi_sas driver occasionally oopses on boot.

[ 32.724666] Unable to handle kernel NULL pointer dereference at virtual address 00000110
[ 32.732720] Mem abort info:
[ 32.735504] ESR = 0x96000004
[ 32.738546] Exception class = DABT (current EL), IL = 32 bits
[ 32.744440] SET = 0, FnV = 0
[ 32.747482] EA = 0, S1PTW = 0
[ 32.750612] Data abort info:
[ 32.753478] ISV = 0, ISS = 0x00000004
[ 32.757298] CM = 0, WnR = 0
[ 32.760256] user pgtable: 4k pages, 48-bit VAs, pgd = (ptrval)
[ 32.766755] [0000000000000110] *pgd=0000000000000000
[ 32.771700] Internal error: Oops: 96000004 [#1] SMP
[ 32.776557] Modules linked in: realtek hibmc_drm aes_ce_blk aes_ce_cipher ttm crct10dif_ce ghash_ce drm_kms_helper ixgbe(+) syscopyarea sha2_ce sysfillrect sysimgblt fb_sys_fops ptp sha256_arm64 sha1_ce hns3 hisi_sas_v3_hw(+) hinic pps_core hisi_sas_main drm hclge mdio libsas ahci hnae3 scsi_transport_sas libahci gpio_dwapb hid_generic usbhid hid aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64
[ 32.811755] Process kworker/u256:1 (pid: 1280, stack limit = 0x (ptrval))
[ 32.819118] CPU: 66 PID: 1280 Comm: kworker/u256:1 Not tainted 4.15.18+ #24
[ 32.826047] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V3.B160.01 01/15/2020
[ 32.834884] Workqueue: 0000:74:02.0_disco_q sas_discover_domain [libsas]
[ 32.839182] hns3 0000:bd:00.0 enp189s0f0: renamed from eth8
[ 32.841558] pstate: a0c00009 (NzCv daif +PAN +UAO)
[ 32.851878] pc : prep_ssp_v3_hw+0x64/0x340 [hisi_sas_v3_hw]
[ 32.857426] lr : hisi_sas_task_exec.constprop.0+0x304/0x640 [hisi_sas_main]
[ 32.864354] sp : ffff000021833a00
[ 32.867653] x29: ffff000021833a00 x28: ffffb790728621e0
[ 32.872940] x27: ffffb790728607d8 x26: ffffb79072861158
[ 32.878227] x25: ffffd7b07b9340a0 x24: 0000000000000028
[ 32.883515] x23: ffffd7906cd69400 x22: ffffd7906cd69418
[ 32.888802] x21: ffffb79072aad3d0 x20: ffff000021b33000
[ 32.894089] x19: ffffb79072aad3d0 x18: 0000000000000030
[ 32.899376] x17: 000000009e710776 x16: ffff3efb16aabb00
[ 32.904663] x15: ffffffffffffffff x14: ffff3efb976abcef
[ 32.909950] x13: 0000000000000006 x12: ffffb79072863480
[ 32.915237] x11: ffffb79072aad3e0 x10: ffffb79072861148
[ 32.920524] x9 : 0000000000000000 x8 : ffff000024cc0fb0
[ 32.925812] x7 : 0000000000000000 x6 : 000000000000003f
[ 32.931099] x5 : 0000000000000040 x4 : 00000000200000a0
[ 32.936386] x3 : ffffd79071e2d400 x2 : ffff000021833bb4
[ 32.941673] x1 : ffffb79072863460 x0 : 00000000280000a0
[ 32.946960] Call trace:
[ 32.949398] prep_ssp_v3_hw+0x64/0x340 [hisi_sas_v3_hw]
[ 32.954600] hisi_sas_task_exec.constprop.0+0x304/0x640 [hisi_sas_main]
[ 32.961184] hisi_sas_exec_internal_tmf_task+0xec/0x290 [hisi_sas_main]
[ 32.967767] hisi_sas_init_device+0x84/0x100 [hisi_sas_main]
[ 32.973401] hisi_sas_dev_found+0xa4/0x24c [hisi_sas_main]
[ 32.978864] sas_notify_lldd_dev_found+0x44/0xc0 [libsas]
[ 32.984239] sas_discover_end_dev+0x24/0x30 [libsas]
[ 32.989182] sas_ex_discover_devices+0x950/0xbfc [libsas]
[ 32.994557] sas_discover_root_expander+0x12c/0x150 [libsas]
[ 33.000192] sas_discover_domain+0x340/0x664 [libsas]
[ 33.005225] process_one_work+0x1bc/0x3ec
[ 33.009217] worker_thread+0x58/0x4a0
[ 33.012863] kthread+0x13c/0x170
[ 33.016077] ret_from_fork+0x10/0x18
[ 33.019638] Code: 2a004820 2a040000 f9400ed8 f9410061 (3943a319)
[ 33.025705] ---[ end trace da9256b7aa3297ba ]---

[Test Case]
Boot a hi1620-based server w/ root disk attached to hisi_sas v3 controller.

[Fix]
e1ba0b0b4451 scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd

[Where things could go wrong]
We could potentially be trading one boot time crash for another that hasn't popped up in testing.

Tags:

dann frazier (dannf) on 2021-12-06

Changed in linux (Ubuntu):
status:	New → Fix Released
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
assignee:	nobody → dann frazier (dannf)
Changed in kunpeng920:
assignee:	nobody → dann frazier (dannf)
status:	New → In Progress

Stefan Bader (smb) on 2021-12-15

Changed in linux (Ubuntu Bionic):
importance:	Undecided → High

Kleber Sacilotto de Souza (kleber-souza) on 2021-12-15

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

dann frazier (dannf) on 2021-12-15

Changed in kunpeng920:
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-06:

This bug is awaiting verification that the linux/4.15.0-167.175 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

dann frazier (dannf) wrote on 2022-01-07:

Verification:

ubuntu@d06-4:~$ cat /proc/version
Linux version 4.15.0-167-generic (buildd@bos02-arm64-067) (gcc version 7.5.0 (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04)) #175-Ubuntu SMP Wed Jan 5 01:58:16 UTC 2022
ubuntu@d06-4:~$ lsmod | grep hisi_sas
hisi_sas_v3_hw 40960 2
hisi_sas_main 40960 1 hisi_sas_v3_hw
libsas 81920 2 hisi_sas_v3_hw,hisi_sas_main
scsi_transport_sas 40960 4 hisi_sas_v3_hw,ses,hisi_sas_main,libsas

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-31:

Download full text (19.1 KiB)

This bug was fixed in the package linux - 4.15.0-167.175

---------------
linux (4.15.0-167.175) bionic; urgency=medium

* bionic/linux: 4.15.0-167.175 -proposed tracker (LP: #1955276)

* hisi_sas driver may oops in prep_ssp_v3_hw() (LP: #1953386)
- scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd

This bug was fixed in the package linux - 4.15.0-167.175

---------------
linux (4.15.0-167.175) bionic; urgency=medium

* bionic/linux: 4.15.0-167.175 -proposed tracker (LP: #1955276)

* hisi_sas driver may oops in prep_ssp_v3_hw() (LP: #1953386)
    - scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd

* Bionic update: upstream stable patchset 2021-12-13 (LP: #1954703)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - binder: use euid from cred instead of using task
    - Input: elantench - fix misreporting trackpoint coordinates
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - media: ite-cir: IR receiver stop working after receive overflow
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - cavium: Fix return values of the probe function
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - mmc: winbond: don't build on M68K
    - bpf: Prevent increasing bpf_jit_limit above max
    - xen/netfront: stop tx queues during live migration
    - spi: spl022: fix Microwire full duplex mode
    - watchdog: Fix OMAP watchdog early handling
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - btrfs: fix lost error handling when replaying directory deletes
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - serial: core: Fix initializing and restoring termios speed
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - iio: dac: ad5446: Fix ad5622_write() return value
    - USB: serial: keyspan: fix memleak on probe errors
    - USB: iowarrior: fix control-message timeouts
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: uvcvideo: Set capability in s_param
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - ACPI: battery: Accept charges over the design capacity as full
    - leaking_addresses: Always print a trailing newline
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: si470x: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - cpuidle: Fix kobject memory leaks in error paths
    - ath9k: Fix potential interrupt storm on queue reset
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - ath10k: fix max antenna gain unit
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mwifiex: Send DELBA requests according to spec
    - phy: micrel: ksz8041nl: do not use power down mode
    - PM: hibernate: fix sparse warnings
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - irq: mips: avoid nested irq_enter()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - ibmvnic: Process crqs after enabling interrupts
    - RDMA/rxe: Fix wrong port_cap_flags
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - USB: chipidea: fix interrupt deadlock
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - s390/cio: check the subchannel validity for dev_busid
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - arm64: zynqmp: Fix serial compatible string
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - scsi: advansys: Fix kernel pointer leak
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - powerpc/5200: dts: fix memory node unit name
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: define __BIG_ENDIAN for math-emu
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - net: bnx2x: fix variable dereferenced before check
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - NFC: reorganize the functions in nci_request
    - NFC: reorder the logic in nfc_{un,}register_device
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/udl: fix control-message timeout
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - perf/core: Avoid put_page() when GUP fails
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
    - batman-adv: Consider fragmentation for needed_headroom
    - batman-adv: Reserve needed_*room for fragments
    - batman-adv: Don't always reallocate the fragmentation skb head
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - soc/tegra: pmc: Fix imbalanced clock disabling in error code path
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - wcn36xx: add proper DMA memory barriers in rx path
    - s390/tape: fix timer initialization in tape_std_assign()
    - fuse: truncate pagecache on atomic_o_trunc
    - f2fs: fix up f2fs_lookup tracepoints
    - iavf: check for null in iavf_fix_features
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix display error code in dmesg

* Bionic update: upstream stable patchset 2021-12-03 (LP: #1953202)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 8819/1: Remove '-p' from LDFLAGS
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - mmc: vub300: fix control-message timeouts
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning
      circuit
    - net: lan78xx: fix division by zero in send path
    - regmap: Fix possible double-free in regcache_rbtree_exit()
    - net: batman-adv: fix error handling
    - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
    - net: nxp: lpc_eth.c: avoid hang when bringing interface down
    - sctp: use init_tag from inithdr for ABORT chunk
    - sctp: fix the processing for COOKIE_ECHO chunk
    - sctp: add vtag check in sctp_sf_violation
    - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
    - sctp: add vtag check in sctp_sf_ootb
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - arm64: Avoid premature usercopy failure
    - ipv6: use siphash in rt6_exception_hash()
    - ipv6: make exception cache less predictible
    - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - sfc: Fix reading non-legacy supported link modes
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS
    - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
    - block: introduce multi-page bvec helpers
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - printk/console: Allow to disable console output by using console="" or
      console=null
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - rsi: fix control-message timeout
    - usb: ehci: handshake CMD_RUN instead of STS_HALT

-- Kelsey Skunberg <kelsey.skunberg@canonical.com>  Tue, 04 Jan 2022 17:01:18 -0700

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Andrew Cloke (andrew-cloke) on 2022-02-14

Changed in kunpeng920:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.