Bug #1975582 “[UBUNTU 20.04] rcu stalls with many storage key gu...” : Bugs : linux package : Ubuntu

Revision history for this message

bugproxy (bugproxy) wrote on 2022-05-24: patch that adds scheduling points

#1

patch that adds scheduling points Edit (2.3 KiB, text/plain)

Default Comment by Bridge

tags:

added: architecture-s39064 bugnameltc-198360 severity-medium targetmilestone-inin---

Revision history for this message

bugproxy (bugproxy) wrote on 2022-05-24: patch that uses cheaper key setting variant

#2

patch that uses cheaper key setting variant Edit (1.2 KiB, text/plain)

Default Comment by Bridge

Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2022-05-24

Changed in ubuntu-z-systems:
importance:	Undecided → Medium
Changed in linux (Ubuntu):
importance:	Undecided → Medium
Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-05-24 (last edit on 2022-05-24):

#3

Hi, I have some questions on these patches:
Looks to me that these are not upstream, yet?
At least I couldn't find them in 'linux-next' (nor in some staging trees I'm aware of).
We actually would need to have them upstream accepted first, before we can pick them up.
Is it planned to get them upstream accepted? And if so with which kernel version?
And would it make sense tagging these as stable updates?

Revision history for this message

bugproxy (bugproxy) wrote on 2022-05-24: Comment bridged from LTC Bugzilla

#4

At least I couldn't find them in 'linux-next'.
We actually would need to have them upstream first, before we can pick them up.

------- Comment From <email address hidden> 2022-05-24 07:14 EDT-------
(In reply to comment #9)
> Hi, I have some questions on these patches:
> Looks to me that these are not upstream, yet?
> At least I couldn't find them in 'linux-next'.
> We actually would need to have them upstream first, before we can pick them
> up.
> Is it planned to get them upstream accepted? And if so with which kernel
> version?
> And would it make sense tagging these as stable updates?

Not upstream yet and not yet queued. I wrote these patches after looking at the symptoms. My idea was to let you build a test ppa with these patches to verify that they really fix the issue. I will then queue them upstream.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-05-24:

#5

Okay, happy to do that.
I'll kick off a test build in PPA soon.
Will do focal 5.4 and bionic hwe-5.4.

Revision history for this message

bugproxy (bugproxy) wrote on 2022-05-24:

#6

------- Comment From <email address hidden> 2022-05-24 07:34 EDT-------
@ Frank: as already mentioned via slack please build a test ppa with these 2 attached patches, including / on top of the another 2 fixes from bug 198271 / launchpad LP#1974017
Thanks a lot.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-05-24:

#7

A focal 5.4 and a bionic hwe-5.4 kernel are now build for testing at PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1975582
respectively:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1975582/+packages

They both include (top-most commits):
"s390/pgtable: use non-quiescing sske for KVM switch to keyed"
"s390/gmap: voluntarily schedule during key setting"
"KVM: s390: vsie/gmap: reduce gmap_rmap overhead"
"NFS: Fix up nfs_ctx_key_to_expire()"

Changed in linux (Ubuntu):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	New → In Progress

Revision history for this message

bugproxy (bugproxy) wrote on 2022-06-01:

#8

------- Comment From <email address hidden> 2022-06-01 10:42 EDT-------
We now queued these patches on the upstream s390 tree targeting 5.19
https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=for-next&id=3ae11dbcfac906a8c3a480e98660a823130dc16a

https://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git/commit/?h=for-next&id=6d5946274df1fff539a7eece458a43be733d1db8

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-06-07:

#9

Another issue was just reported which looks very similar: LP#1977837
I asked to re-try the cert. suite with the same test kernel that was build for this ticket.

Frank Heimes (fheimes) on 2022-06-10

Changed in linux (Ubuntu):
status:	In Progress → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Impish):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
description:	updated
Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
Changed in linux (Ubuntu Impish):
importance:	Undecided → Medium
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Focal):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Impish):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-06-10:

#10

SRU request submitted to the Ubuntu kernel team mailing list for jammy, impish and focal:
https://lists.ubuntu.com/archives/kernel-team/2022-June/thread.html#130934
Changing status to 'In Progress' for jammy, impish and focal.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-06-10:

#11

Added test builds for Impish and Jammy on top of the focal ones:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1975582

Revision history for this message

bugproxy (bugproxy) wrote on 2022-06-20:

#12

------- Comment From <email address hidden> 2022-06-20 04:34 EDT-------
One patch was picked by the stable team:

Patch "s390/gmap: voluntarily schedule during key setting" has been added to the 5.18-stable tree

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-06-20:

#13

Ok, thx for the info.
I've arranged to get in both and submitted the request to the kernel teams mailing list.
(Thekernel team will notice that one is now stable and get it via that way ...)

Revision history for this message

bugproxy (bugproxy) wrote on 2022-06-20:

#14

------- Comment From <email address hidden> 2022-06-20 04:51 EDT-------
(In reply to comment #16)
> Another issue was just reported which looks very similar: LP#1977837
> I asked to re-try the cert. suite with the same test kernel that was build
> for this ticket.

I would think that this is a different bug (no KVM involved in 1977837 as far as I can see).

Stefan Bader (smb) on 2022-06-21

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Impish):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2022-06-21

Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

bugproxy (bugproxy) wrote on 2022-06-23:

#15

------- Comment From <email address hidden> 2022-06-23 11:33 EDT-------
I asked the stable team to also pick the other patch.

https://lore.kernel.org/linux-s390/20220623151520.73354-1-
<email address hidden>/T/#u

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-06-23:

#16

Perfect, thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-06-29:

#17

This bug is awaiting verification that the linux/5.15.0-41.44 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: verification-needed-jammy
tags:	added: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-06-29:

#18

This bug is awaiting verification that the linux/5.4.0-122.138 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

bugproxy (bugproxy) on 2022-06-29

tags:

added: targetmilestone-inin2004
removed: targetmilestone-inin---

bugproxy (bugproxy) on 2022-06-29

tags:

added: verification-done-focal verification-done-jammy
removed: verification-needed-focal verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-07-11:

#19

Download full text (14.2 KiB)

This bug was fixed in the package linux - 5.4.0-122.138

---------------
linux (5.4.0-122.138) focal; urgency=medium

* focal/linux: 5.4.0-122.138 -proposed tracker (LP: #1979489)

  * Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"

  * Enable Asus USB-BT500 Bluetooth dongle(0b05:190e) (LP: #1976613)
    - Bluetooth: btusb: Add flag to define wideband speech capability
    - Bluetooth: btrtl: Add support for RTL8761B
    - Bluetooth: btusb: Add 0x0b05:0x190e Realtek 8761BU (ASUS BT500) device.

  * [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest

  * Ubuntu 5.4.0-117.132-generic 5.4.189 has BUG: kernel NULL pointer
    dereference, address: 0000000000000034 (LP: #1978719)
    - mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas()

  * Focal update: upstream stable patchset v5.4.192 (LP: #1979014)
    - floppy: disable FDRAWCMD by default
    - [Config] updateconfigs for BLK_DEV_FD_RAWCMD
    - hamradio: defer 6pack kfree after unregister_netdev
    - hamradio: remove needs_free_netdev to avoid UAF
    - lightnvm: disable the subsystem
    - [Config] updateconfigs for NVM, NVM_PBLK
    - usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    - USB: quirks: add a Realtek card reader
    - USB: quirks: add STRING quirk for VCOM device
    - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    - xhci: stop polling roothubs after shutdown
    - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    - iio: dac: ad5592r: Fix the missing return value.
    - iio: dac: ad5446: Fix read_raw not returning set value
    - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    - usb: misc: fix improper handling of refcount in uss720_probe()
    - usb: typec: ucsi: Fix role swapping
    - usb: gadget: uvc: Fix crash when encoding data for usb request
    - usb: gadget: configfs: clear deactivation flag in
      configfs_composite_unbind()
    - usb: dwc3: core: Fix tx/rx threshold settings
    - usb: dwc3: gadget: Return proper request status
    - serial: imx: fix overrun interrupts in DMA mode
    - serial: 8250: Also set sticky MCR bits in console restoration
    - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    - arch_topology: Do not set llc_sibling if llc_id is invalid
    - hex2bin: make the function hex_to_bin constant-time
    - hex2bin: fix access beyond string end
    - video: fbdev: udlfb: properly check endpoint type
    - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    - arm64: dts: meson: remove CPU opps below 1GHz fo...

This bug was fixed in the package linux - 5.4.0-122.138

---------------
linux (5.4.0-122.138) focal; urgency=medium

* focal/linux: 5.4.0-122.138 -proposed tracker (LP: #1979489)

* Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"

* Enable Asus USB-BT500 Bluetooth dongle(0b05:190e) (LP: #1976613)
    - Bluetooth: btusb: Add flag to define wideband speech capability
    - Bluetooth: btrtl: Add support for RTL8761B
    - Bluetooth: btusb: Add 0x0b05:0x190e Realtek 8761BU (ASUS BT500) device.

* [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest

* Ubuntu 5.4.0-117.132-generic 5.4.189 has BUG: kernel NULL pointer
    dereference, address: 0000000000000034 (LP: #1978719)
    - mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas()

* Focal update: upstream stable patchset v5.4.192 (LP: #1979014)
    - floppy: disable FDRAWCMD by default
    - [Config] updateconfigs for BLK_DEV_FD_RAWCMD
    - hamradio: defer 6pack kfree after unregister_netdev
    - hamradio: remove needs_free_netdev to avoid UAF
    - lightnvm: disable the subsystem
    - [Config] updateconfigs for NVM, NVM_PBLK
    - usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    - USB: quirks: add a Realtek card reader
    - USB: quirks: add STRING quirk for VCOM device
    - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    - xhci: stop polling roothubs after shutdown
    - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    - iio: dac: ad5592r: Fix the missing return value.
    - iio: dac: ad5446: Fix read_raw not returning set value
    - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    - usb: misc: fix improper handling of refcount in uss720_probe()
    - usb: typec: ucsi: Fix role swapping
    - usb: gadget: uvc: Fix crash when encoding data for usb request
    - usb: gadget: configfs: clear deactivation flag in
      configfs_composite_unbind()
    - usb: dwc3: core: Fix tx/rx threshold settings
    - usb: dwc3: gadget: Return proper request status
    - serial: imx: fix overrun interrupts in DMA mode
    - serial: 8250: Also set sticky MCR bits in console restoration
    - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    - arch_topology: Do not set llc_sibling if llc_id is invalid
    - hex2bin: make the function hex_to_bin constant-time
    - hex2bin: fix access beyond string end
    - video: fbdev: udlfb: properly check endpoint type
    - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    - mtd: rawnand: fix ecc parameters for mt7622
    - USB: Fix xhci event ring dequeue pointer ERDP update issue
    - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    - phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    - ARM: dts: Fix mmc order for omap3-gta04
    - ARM: dts: am3517-evm: Fix misc pinmuxing
    - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    - ipvs: correctly print the memory size of ip_vs_conn_tab
    - mtd: rawnand: Fix return value check of wait_for_completion_timeout
    - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
      hook
    - tcp: md5: incorrect tcp_header_len for incoming connections
    - tcp: ensure to use the most recently sent skb when filling the rate sample
    - sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    - ARM: dts: imx6ull-colibri: fix vqmmc regulator
    - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    - pinctrl: pistachio: fix use of irq_of_parse_and_map()
    - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    - net: hns3: add validity check for message data length
    - net/smc: sync err code when tcp connection was refused
    - ip_gre: Make o_seqno start from 0 in native mode
    - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    - clk: sunxi: sun9i-mmc: check return value after calling
      platform_get_resource()
    - net: bcmgenet: hide status block before TX timestamping
    - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    - drm/amd/display: Fix memory leak in dcn21_clock_source_create
    - tls: Skip tls_append_frag on zero copy size
    - bnx2x: fix napi API usage sequence
    - ixgbe: ensure IPsec VF<->PF compatibility
    - tcp: fix F-RTO may not work correctly when receiving DSACK
    - ASoC: wm8731: Disable the regulator when probing fails
    - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    - cifs: destage any unwritten data to the server before calling
      copychunk_write
    - drivers: net: hippi: Fix deadlock in rr_close()
    - net: ethernet: stmmac: fix write to sgmii_adapter_base
    - x86/cpu: Load microcode during restore_processor_state()
    - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
    - tty: n_gsm: fix malformed counter for out of frame data
    - netfilter: nft_socket: only do sk lookups when indev is available
    - tty: n_gsm: fix insufficient txframe size
    - tty: n_gsm: fix missing explicit ldisc flush
    - tty: n_gsm: fix wrong command retry handling
    - tty: n_gsm: fix wrong command frame length field encoding
    - tty: n_gsm: fix incorrect UA handling
    - hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
    - mm, hugetlb: allow for "high" userspace addresses
    - Linux 5.4.192

* CVE-2022-1789
    - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID

* Focal update: v5.4.191 upstream stable release (LP: #1976116)
    - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
    - mm: page_alloc: fix building error on -Werror=array-compare
    - tracing: Dump stacktrace trigger to the corresponding instance
    - gfs2: assign rgrp glock before compute_bitstructs
    - tcp: fix race condition when creating child sockets from syncookies
    - tcp: Fix potential use-after-free due to double kfree()
    - ALSA: usb-audio: Clear MIDI port active flag after draining
    - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
    - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    - dmaengine: mediatek:Fix PM usage reference leak of
      mtk_uart_apdma_alloc_chan_resources
    - igc: Fix infinite loop in release_swfw_sync
    - igc: Fix BUG: scheduling while atomic
    - rxrpc: Restore removed timer deletion
    - net/smc: Fix sock leak when release after smc_shutdown()
    - net/packet: fix packet_sock xmit return value checking
    - net/sched: cls_u32: fix possible leak in u32_init_knode()
    - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
      netdev_master_upper_dev_get_rcu
    - netlink: reset network and mac headers in netlink_dump()
    - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    - ARM: vexpress/spc: Avoid negative array index when !SMP
    - reset: tegra-bpmp: Restore Handle errors in BPMP response
    - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
      negative
    - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
      constant
    - vxlan: fix error return code in vxlan_fdb_append
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - mt76: Fix undefined behavior due to shift overflowing the constant
    - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    - dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
    - drm/msm/mdp5: check the return of kzalloc()
    - net: macb: Restart tx only if queue pointer is lagging
    - scsi: qedi: Fix failed disconnect handling
    - stat: fix inconsistency between struct stat and struct compat_stat
    - EDAC/synopsys: Read the error count from the correct register
    - oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
      cleanup
    - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    - dma: at_xdmac: fix a missing check on list iterator
    - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
    - KVM: PPC: Fix TCE handling for VFIO
    - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
    - powerpc/perf: Fix power9 event alternatives
    - xtensa: patch_text: Fixup last cpu should be master
    - xtensa: fix a7 clobbering in coprocessor context load/store
    - openvswitch: fix OOB access in reserve_sfa_size()
    - ASoC: soc-dapm: fix two incorrect uses of list iterator
    - e1000e: Fix possible overflow in LTR decoding
    - ARC: entry: fix syscall_trace_exit argument
    - arm_pmu: Validate single/group leader events
    - ext4: fix symlink file size not match to file content
    - ext4: fix use-after-free in ext4_search_dir
    - ext4, doc: fix incorrect h_reserved size
    - ext4: fix overhead calculation to account for the reserved gdt blocks
    - ext4: force overhead calculation if the s_overhead_cluster makes no sense
    - jbd2: fix a potential race while discarding reserved buffers after an abort
    - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
      controller
    - staging: ion: Prevent incorrect reference counting behavour
    - block/compat_ioctl: fix range check in BLKGETSIZE
    - Linux 5.4.191

* Focal update: v5.4.190 upstream stable release (LP: #1973085)
    - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
    - net/sched: flower: fix parsing of ethertype following VLAN header
    - veth: Ensure eth header is in skb's linear part
    - gpiolib: acpi: use correct format characters
    - mlxsw: i2c: Fix initialization error flow
    - net/sched: fix initialization order when updating chain 0 head
    - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
    - net/sched: taprio: Check if socket flags are valid
    - cfg80211: hold bss_lock while updating nontrans_list
    - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
    - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
    - sctp: Initialize daddr on peeled off socket
    - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
    - nfc: nci: add flush_workqueue to prevent uaf
    - cifs: potential buffer overflow in handling symlinks
    - drm/amd: Add USBC connector ID
    - drm/amd/display: fix audio format not updated after edid updated
    - drm/amd/display: Update VTEM Infopacket definition
    - drm/amdkfd: Fix Incorrect VMIDs passed to HWS
    - drm/amdkfd: Check for potential null return of kmalloc_array()
    - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
    - scsi: target: tcmu: Fix possible page UAF
    - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
    - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
    - gpu: ipu-v3: Fix dev_dbg frequency output
    - regulator: wm8994: Add an off-on delay for WM8994 variant
    - arm64: alternatives: mark patch_alternative() as `noinstr`
    - tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
    - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
    - drm/amd/display: Fix allocate_mst_payload assert on resume
    - powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
    - scsi: mvsas: Add PCI ID of RocketRaid 2640
    - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
    - drivers: net: slip: fix NPD bug in sl_tx_timeout()
    - perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
    - mm, page_alloc: fix build_zonerefs_node()
    - mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
    - gcc-plugins: latent_entropy: use /dev/urandom
    - ath9k: Properly clear TX status area before reporting to mac80211
    - ath9k: Fix usage of driver-private space in tx_info
    - btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
    - btrfs: mark resumed async balance as writing
    - ALSA: hda/realtek: Add quirk for Clevo PD50PNT
    - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
    - ipv6: fix panic when forwarding a pkt with no in6 dev
    - drm/amd/display: don't ignore alpha property on pre-multiplied mode
    - genirq/affinity: Consider that CPUs on nodes can be unbalanced
    - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
    - ARM: davinci: da850-evm: Avoid NULL pointer dereference
    - dm integrity: fix memory corruption when tag_size is less than digest size
    - smp: Fix offline cpu check in flush_smp_call_function_queue()
    - i2c: pasemi: Wait for write xfers to finish
    - dma-direct: avoid redundant memory sync for swiotlb
    - ax25: add refcount in ax25_dev to avoid UAF bugs
    - ax25: fix reference count leaks of ax25_dev
    - ax25: fix UAF bugs of net_device caused by rebinding operation
    - ax25: Fix refcount leaks caused by ax25_cb_del()
    - ax25: fix UAF bug in ax25_send_control()
    - ax25: fix NPD bug in ax25_disconnect
    - ax25: Fix NULL pointer dereferences in ax25 timers
    - ax25: Fix UAF bugs in ax25 timers
    - Linux 5.4.190

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 22 Jun 2022 15:00:52 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-07-11:

#20

Download full text (31.7 KiB)

This bug was fixed in the package linux - 5.15.0-41.44

---------------
linux (5.15.0-41.44) jammy; urgency=medium

* jammy/linux: 5.15.0-41.44 -proposed tracker (LP: #1979448)

  * Fix can't boot up after change to vmd (LP: #1976587)
    - PCI: vmd: Assign VMD IRQ domain before enumeration
    - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if
      interrupt remapping is enabled by IOMMU.")

* [SRU][Jammy/OEM-5.17][PATCH 0/1] Fix calltrace in mac80211 (LP: #1978297)
- mac80211: fix struct ieee80211_tx_info size

  * [SRU][Jammy][PATCH 0/1] Fix amd display corruption on s2idle resume
    (LP: #1978244)
    - drm/amd/display: Don't reinitialize DMCUB on s0ix resume

* pl2303 serial adapter not recognized (LP: #1967493)
- USB: serial: pl2303: fix type detection for odd device

  * Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"

* Fix hp_wmi_read_int() reporting error (0x05) (LP: #1979051)
- platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05)

  * Request to back port vmci patches to Ubuntu kernel (LP: #1978145)
    - VMCI: dma dg: whitespace formatting change for vmci register defines
    - VMCI: dma dg: add MMIO access to registers
    - VMCI: dma dg: detect DMA datagram capability
    - VMCI: dma dg: set OS page size
    - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
    - VMCI: dma dg: allocate send and receive buffers for DMA datagrams
    - VMCI: dma dg: add support for DMA datagrams sends
    - VMCI: dma dg: add support for DMA datagrams receive
    - VMCI: Fix some error handling paths in vmci_guest_probe_device()
    - VMCI: Release notification_bitmap in error path
    - VMCI: Check exclusive_vectors when freeing interrupt 1
    - VMCI: Add support for ARM64
    - [Config] Update policies for VMWARE_VMCI and VMWARE_VMCI_VSOCKETS

  * [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest

  * [SRU][OEM-5.14/OEM-5.17/Jammy][PATCH 0/1] Fix i915 calltrace on new ADL BIOS
    (LP: #1976214)
    - drm/i915: update new TMDS clock setting defined by VBT

* Revert PPC get_user workaround (LP: #1976248)
- powerpc: Export mmu_feature_keys[] as non-GPL

  * Jammy update: v5.15.39 upstream stable release (LP: #1978240)
    - MIPS: Fix CP0 counter erratum detection for R4k CPUs
    - parisc: Merge model and model name into one line in /proc/cpuinfo
    - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
    - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
    - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits
    - mmc: core: Set HS clock speed before sending HS CMD13
    - gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    - x86/fpu: Prevent FPU s...

This bug was fixed in the package linux - 5.15.0-41.44

---------------
linux (5.15.0-41.44) jammy; urgency=medium

* jammy/linux: 5.15.0-41.44 -proposed tracker (LP: #1979448)

* Fix can't boot up after change to vmd  (LP: #1976587)
    - PCI: vmd: Assign VMD IRQ domain before enumeration
    - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if
      interrupt remapping is enabled by IOMMU.")

* [SRU][Jammy/OEM-5.17][PATCH 0/1] Fix calltrace in mac80211 (LP: #1978297)
    - mac80211: fix struct ieee80211_tx_info size

* [SRU][Jammy][PATCH 0/1] Fix amd display corruption on s2idle resume
    (LP: #1978244)
    - drm/amd/display: Don't reinitialize DMCUB on s0ix resume

* pl2303 serial adapter not recognized (LP: #1967493)
    - USB: serial: pl2303: fix type detection for odd device

* Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"

* Fix hp_wmi_read_int() reporting error (0x05) (LP: #1979051)
    - platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05)

* Request to back port vmci patches to Ubuntu kernel (LP: #1978145)
    - VMCI: dma dg: whitespace formatting change for vmci register defines
    - VMCI: dma dg: add MMIO access to registers
    - VMCI: dma dg: detect DMA datagram capability
    - VMCI: dma dg: set OS page size
    - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
    - VMCI: dma dg: allocate send and receive buffers for DMA datagrams
    - VMCI: dma dg: add support for DMA datagrams sends
    - VMCI: dma dg: add support for DMA datagrams receive
    - VMCI: Fix some error handling paths in vmci_guest_probe_device()
    - VMCI: Release notification_bitmap in error path
    - VMCI: Check exclusive_vectors when freeing interrupt 1
    - VMCI: Add support for ARM64
    - [Config] Update policies for VMWARE_VMCI and VMWARE_VMCI_VSOCKETS

* [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest

* [SRU][OEM-5.14/OEM-5.17/Jammy][PATCH 0/1] Fix i915 calltrace on new ADL BIOS
    (LP: #1976214)
    - drm/i915: update new TMDS clock setting defined by VBT

* Revert PPC get_user workaround (LP: #1976248)
    - powerpc: Export mmu_feature_keys[] as non-GPL

* Jammy update: v5.15.39 upstream stable release (LP: #1978240)
    - MIPS: Fix CP0 counter erratum detection for R4k CPUs
    - parisc: Merge model and model name into one line in /proc/cpuinfo
    - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
    - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
    - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits
    - mmc: core: Set HS clock speed before sending HS CMD13
    - gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    - x86/fpu: Prevent FPU state corruption
    - KVM: x86/svm: Account for family 17h event renumberings in
      amd_pmc_perf_hw_id
    - iommu/vt-d: Calculate mask for non-aligned flushes
    - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range()
    - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT
    - drm/amdgpu: do not use passthrough mode in Xen dom0
    - RISC-V: relocate DTB if it's outside memory region
    - Revert "SUNRPC: attempt AF_LOCAL connect on setup"
    - timekeeping: Mark NMI safe time accessors as notrace
    - firewire: fix potential uaf in outbound_phy_packet_callback()
    - firewire: remove check of list iterator against head past the loop body
    - firewire: core: extend card->lock in fw_core_handle_bus_reset
    - net: stmmac: disable Split Header (SPH) for Intel platforms
    - genirq: Synchronize interrupt thread startup
    - ASoC: da7219: Fix change notifications for tone generator frequency
    - ASoC: wm8958: Fix change notifications for DSP controls
    - ASoC: meson: Fix event generation for AUI ACODEC mux
    - ASoC: meson: Fix event generation for G12A tohdmi mux
    - ASoC: meson: Fix event generation for AUI CODEC mux
    - s390/dasd: fix data corruption for ESE devices
    - s390/dasd: prevent double format of tracks for ESE devices
    - s390/dasd: Fix read for ESE with blksize < 4k
    - s390/dasd: Fix read inconsistency for ESE DASD devices
    - can: grcan: grcan_close(): fix deadlock
    - can: isotp: remove re-binding of bound socket
    - can: grcan: use ofdev->dev when allocating DMA memory
    - can: grcan: grcan_probe(): fix broken system id check for errata workaround
      needs
    - can: grcan: only use the NAPI poll budget for RX
    - nfc: replace improper check device_is_registered() in netlink related
      functions
    - nfc: nfcmrvl: main: reorder destructive operations in
      nfcmrvl_nci_unregister_dev to avoid bugs
    - NFC: netlink: fix sleep in atomic bug when firmware download timeout
    - gpio: visconti: Fix fwnode of GPIO IRQ
    - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not
      set)
    - hwmon: (adt7470) Fix warning on module removal
    - hwmon: (pmbus) disable PEC if not enabled
    - ASoC: dmaengine: Restore NULL prepare_slave_config() callback
    - ASoC: soc-ops: fix error handling
    - iommu/vt-d: Drop stop marker messages
    - iommu/dart: check return value after calling platform_get_resource()
    - net/mlx5e: Fix trust state reset in reload
    - net/mlx5e: Don't match double-vlan packets if cvlan is not set
    - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft
      release
    - net/mlx5e: Fix the calling of update_buffer_lossy() API
    - net/mlx5: Avoid double clear or set of sync reset requested
    - net/mlx5: Fix deadlock in sync reset flow
    - selftests/seccomp: Don't call read() on TTY from background pgrp
    - SUNRPC release the transport of a relocated task with an assigned transport
    - RDMA/siw: Fix a condition race issue in MPA request processing
    - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state
    - RDMA/irdma: Reduce iWARP QP destroy time
    - RDMA/irdma: Fix possible crash due to NULL netdev in notifier
    - NFSv4: Don't invalidate inode attributes on delegation return
    - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
    - net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
    - net: stmmac: dwmac-sun8i: add missing of_node_put() in
      sun8i_dwmac_register_mdio_mux()
    - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
    - net: cpsw: add missing of_node_put() in cpsw_probe_dt()
    - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
    - net: emaclite: Add error handling for of_address_to_resource()
    - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems
    - selftests/net: so_txtime: usage(): fix documentation of default clock
    - drm/msm/dp: remove fail safe mode related code
    - btrfs: do not BUG_ON() on failure to update inode when setting xattr
    - hinic: fix bug of wq out of bound access
    - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter()
    - rxrpc: Enable IPv6 checksums on transport socket
    - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
      operational
    - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
    - bnxt_en: Fix unnecessary dropping of RX packets
    - selftests: ocelot: tc_flower_chains: specify conform-exceed action for
      policer
    - smsc911x: allow using IRQ0
    - btrfs: force v2 space cache usage for subpage mount
    - btrfs: always log symlinks in full mode
    - gpio: mvebu: drop pwm base assignment
    - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
    - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu
    - net/mlx5e: Lag, Fix use-after-free in fib event handler
    - net/mlx5e: Lag, Fix fib_info pointer assignment
    - net/mlx5e: Lag, Don't skip fib events on current dst
    - iommu/dart: Add missing module owner to ops structure
    - kvm: selftests: do not use bitfields larger than 32-bits for PTEs
    - KVM: selftests: Silence compiler warning in the kvm_page_table_test
    - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
    - KVM: x86: Do not change ICR on write to APIC_SELF_IPI
    - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs
    - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
    - selftest/vm: verify mmap addr in mremap_test
    - selftest/vm: verify remap destination address in mremap_test
    - Revert "parisc: Mark sched_clock unstable only if clocks are not
      syncronized"
    - rcu: Fix callbacks processing time limit retaining cond_resched()
    - rcu: Apply callbacks processing time limit only on softirq
    - PCI: pci-bridge-emul: Add description for class_revision field
    - PCI: pci-bridge-emul: Add definitions for missing capabilities registers
    - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2
      registers on emulated bridge
    - PCI: aardvark: Clear all MSIs at setup
    - PCI: aardvark: Comment actions in driver remove method
    - PCI: aardvark: Disable bus mastering when unbinding driver
    - PCI: aardvark: Mask all interrupts when unbinding driver
    - PCI: aardvark: Fix memory leak in driver unbind
    - PCI: aardvark: Assert PERST# when unbinding driver
    - PCI: aardvark: Disable link training when unbinding driver
    - PCI: aardvark: Disable common PHY when unbinding driver
    - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_*
    - PCI: aardvark: Check return value of generic_handle_domain_irq() when
      processing INTx IRQ
    - PCI: aardvark: Make MSI irq_chip structures static driver structures
    - PCI: aardvark: Make msi_domain_info structure a static driver structure
    - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node)
    - PCI: aardvark: Refactor unmasking summary MSI interrupt
    - PCI: aardvark: Add support for masking MSI interrupts
    - PCI: aardvark: Fix setting MSI address
    - PCI: aardvark: Enable MSI-X support
    - PCI: aardvark: Add support for ERR interrupt on emulated bridge
    - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on
      emulated bridge
    - PCI: aardvark: Add support for PME interrupts
    - PCI: aardvark: Fix support for PME requester on emulated bridge
    - PCI: aardvark: Use separate INTA interrupt for emulated root bridge
    - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts
    - PCI: aardvark: Don't mask irq when mapping
    - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy()
    - PCI: aardvark: Update comment about link going down after link-up
    - Linux 5.15.39

* Jammy update: v5.15.38 upstream stable release (LP: #1978234)
    - usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    - USB: quirks: add a Realtek card reader
    - USB: quirks: add STRING quirk for VCOM device
    - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    - usb: xhci: tegra:Fix PM usage reference leak of
      tegra_xusb_unpowergate_partitions
    - xhci: Enable runtime PM on second Alderlake controller
    - xhci: stop polling roothubs after shutdown
    - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    - iio: dac: ad5592r: Fix the missing return value.
    - iio: dac: ad5446: Fix read_raw not returning set value
    - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    - iio: imu: inv_icm42600: Fix I2C init possible nack
    - usb: misc: fix improper handling of refcount in uss720_probe()
    - usb: core: Don't hold the device lock while sleeping in do_proc_control()
    - usb: typec: ucsi: Fix reuse of completion structure
    - usb: typec: ucsi: Fix role swapping
    - usb: gadget: uvc: Fix crash when encoding data for usb request
    - usb: gadget: configfs: clear deactivation flag in
      configfs_composite_unbind()
    - usb: dwc3: Try usb-role-switch first in dwc3_drd_init
    - usb: dwc3: core: Fix tx/rx threshold settings
    - usb: dwc3: core: Only handle soft-reset in DCTL
    - usb: dwc3: gadget: Return proper request status
    - usb: dwc3: pci: add support for the Intel Meteor Lake-P
    - usb: cdns3: Fix issue for clear halt endpoint
    - usb: phy: generic: Get the vbus supply
    - serial: imx: fix overrun interrupts in DMA mode
    - serial: amba-pl011: do not time out prematurely when draining tx fifo
    - serial: 8250: Also set sticky MCR bits in console restoration
    - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    - arch_topology: Do not set llc_sibling if llc_id is invalid
    - ceph: fix possible NULL pointer dereference for req->r_session
    - bus: mhi: host: pci_generic: Add missing poweroff() PM callback
    - bus: mhi: host: pci_generic: Flush recovery worker during freeze
    - arm64: dts: imx8mm-venice: fix spi2 pin configuration
    - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config
    - hex2bin: make the function hex_to_bin constant-time
    - hex2bin: fix access beyond string end
    - riscv: patch_text: Fixup last cpu should be master
    - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
    - iocost: don't reset the inuse weight of under-weighted debtors
    - virtio_net: fix wrong buf address calculation when using xdp
    - cpufreq: qcom-hw: fix the race between LMH worker and cpuhp
    - cpufreq: qcom-cpufreq-hw: Fix throttle frequency value on EPSS platforms
    - video: fbdev: udlfb: properly check endpoint type
    - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    - iio:imu:bmi160: disable regulator in error path
    - mtd: rawnand: fix ecc parameters for mt7622
    - xsk: Fix l2fwd for copy mode + busy poll combo
    - arm64: dts: imx8qm: Correct SCU clock controller's compatible property
    - USB: Fix xhci event ring dequeue pointer ERDP update issue
    - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    - arm64: dts: imx8mn: Fix SAI nodes
    - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1
    - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    - phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific
    - ARM: dts: dra7: Fix suspend warning for vpe powerdomain
    - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name
    - ARM: dts: at91: fix pinctrl phandles
    - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    - interconnect: qcom: sdx55: Drop IP0 interconnects
    - ARM: dts: Fix mmc order for omap3-gta04
    - ARM: dts: am3517-evm: Fix misc pinmuxing
    - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    - ipvs: correctly print the memory size of ip_vs_conn_tab
    - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe()
    - pinctrl: mediatek: moore: Fix build error
    - mtd: rawnand: Fix return value check of wait_for_completion_timeout
    - mtd: fix 'part' field data corruption in mtd_info
    - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI
    - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode
    - net: dsa: Add missing of_node_put() in dsa_port_link_register_of
    - netfilter: nft_set_rbtree: overlap detection with element re-addition after
      deletion
    - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
      hook
    - pinctrl: rockchip: fix RK3308 pinmux bits
    - tcp: md5: incorrect tcp_header_len for incoming connections
    - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested
    - tcp: ensure to use the most recently sent skb when filling the rate sample
    - wireguard: device: check for metadata_dst with skb_valid_dst()
    - sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    - ARM: dts: imx6ull-colibri: fix vqmmc regulator
    - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    - pinctrl: pistachio: fix use of irq_of_parse_and_map()
    - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    - net: hns3: clear inited state and stop client after failed to register
      netdev
    - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx
    - net: hns3: add validity check for message data length
    - net: hns3: add return value for mailbox handling in PF
    - net/smc: sync err code when tcp connection was refused
    - ip_gre: Make o_seqno start from 0 in native mode
    - ip6_gre: Make o_seqno start from 0 in native mode
    - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
    - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    - tcp: make sure treq->af_specific is initialized
    - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    - clk: sunxi: sun9i-mmc: check return value after calling
      platform_get_resource()
    - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts
    - net: bcmgenet: hide status block before TX timestamping
    - net: phy: marvell10g: fix return value on error
    - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr
    - drm/sun4i: Remove obsolete references to PHYS_OFFSET
    - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    - io_uring: check reserved fields for send/sendmsg
    - io_uring: check reserved fields for recv/recvmsg
    - netfilter: conntrack: fix udp offload timeout sysctl
    - drm/amdkfd: Fix GWS queue count
    - drm/amd/display: Fix memory leak in dcn21_clock_source_create
    - tls: Skip tls_append_frag on zero copy size
    - bnx2x: fix napi API usage sequence
    - net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
    - gfs2: Prevent endless loops in gfs2_file_buffered_write
    - gfs2: Minor retry logic cleanup
    - gfs2: Make sure not to return short direct writes
    - gfs2: No short reads or writes upon glock contention
    - perf arm-spe: Fix addresses of synthesized SPE events
    - ixgbe: ensure IPsec VF<->PF compatibility
    - Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits"
    - tcp: fix F-RTO may not work correctly when receiving DSACK
    - ASoC: Intel: soc-acpi: correct device endpoints for max98373
    - ASoC: wm8731: Disable the regulator when probing fails
    - ext4: fix bug_on in start_this_handle during umount filesystem
    - arch: xtensa: platforms: Fix deadlock in rs_close()
    - ksmbd: increment reference count of parent fp
    - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION
    - bonding: do not discard lowest hash bit for non layer3+4 hashing
    - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    - cifs: destage any unwritten data to the server before calling
      copychunk_write
    - drivers: net: hippi: Fix deadlock in rr_close()
    - powerpc/perf: Fix 32bit compile
    - selftest/vm: verify mmap addr in mremap_test
    - selftest/vm: verify remap destination address in mremap_test
    - Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40"
    - zonefs: Fix management of open zones
    - zonefs: Clear inode information flags on inode creation
    - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink
      occur at same time
    - mtd: rawnand: qcom: fix memory corruption that causes panic
    - netfilter: Update ip6_route_me_harder to consider L3 domain
    - drm/i915: Check EDID for HDR static metadata when choosing blc
    - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
    - net: ethernet: stmmac: fix write to sgmii_adapter_base
    - ACPI: processor: idle: Avoid falling back to C3 type C-states
    - thermal: int340x: Fix attr.show callback prototype
    - btrfs: fix leaked plug after failure syncing log on zoned filesystems
    - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines
    - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode
    - x86/cpu: Load microcode during restore_processor_state()
    - perf symbol: Pass is_kallsyms to symbols__fixup_end()
    - perf symbol: Update symbols__fixup_end()
    - tty: n_gsm: fix restart handling via CLD command
    - tty: n_gsm: fix decoupled mux resource
    - tty: n_gsm: fix mux cleanup after unregister tty device
    - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
    - tty: n_gsm: fix malformed counter for out of frame data
    - netfilter: nft_socket: only do sk lookups when indev is available
    - tty: n_gsm: fix insufficient txframe size
    - tty: n_gsm: fix wrong DLCI release order
    - tty: n_gsm: fix missing explicit ldisc flush
    - tty: n_gsm: fix wrong command retry handling
    - tty: n_gsm: fix wrong command frame length field encoding
    - tty: n_gsm: fix wrong signal octets encoding in MSC
    - tty: n_gsm: fix missing tty wakeup in convergence layer type 2
    - tty: n_gsm: fix reset fifo race condition
    - tty: n_gsm: fix incorrect UA handling
    - tty: n_gsm: fix software flow control handling
    - perf symbol: Remove arch__symbols__fixup_end()
    - eeprom: at25: Use DMA safe buffers
    - objtool: Fix code relocs vs weak symbols
    - objtool: Fix type of reloc::addend
    - powerpc/64: Add UADDR64 relocation support
    - Linux 5.15.38

* Jammy update: v5.15.37 upstream stable release (LP: #1976135)
    - floppy: disable FDRAWCMD by default
    - [Config] updateconfigs for BLK_DEV_FD_RAWCMD
    - bpf: Introduce composable reg, ret and arg types.
    - bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL
    - bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL
    - bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
    - bpf: Introduce MEM_RDONLY flag
    - bpf: Convert PTR_TO_MEM_OR_NULL to composable types.
    - bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM.
    - bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem.
    - bpf/selftests: Test PTR_TO_RDONLY_MEM
    - bpf: Fix crash due to out of bounds access into reg2btf_ids.
    - spi: cadence-quadspi: fix write completion support
    - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi"
    - mm: kfence: fix objcgs vector allocation
    - gup: Turn fault_in_pages_{readable,writeable} into
      fault_in_{readable,writeable}
    - iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable
    - iov_iter: Introduce fault_in_iov_iter_writeable
    - gfs2: Add wrapper for iomap_file_buffered_write
    - gfs2: Clean up function may_grant
    - gfs2: Introduce flag for glock holder auto-demotion
    - gfs2: Move the inode glock locking to gfs2_file_buffered_write
    - gfs2: Eliminate ip->i_gh
    - gfs2: Fix mmap + page fault deadlocks for buffered I/O
    - iomap: Fix iomap_dio_rw return value for user copies
    - iomap: Support partial direct I/O on user copy failures
    - iomap: Add done_before argument to iomap_dio_rw
    - gup: Introduce FOLL_NOFAULT flag to disable page faults
    - iov_iter: Introduce nofault flag to disable page faults
    - gfs2: Fix mmap + page fault deadlocks for direct I/O
    - btrfs: fix deadlock due to page faults during direct IO reads and writes
    - btrfs: fallback to blocking mode when doing async dio over multiple extents
    - mm: gup: make fault_in_safe_writeable() use fixup_user_fault()
    - selftests/bpf: Add test for reg2btf_ids out of bounds access
    - Linux 5.15.37

* CVE-2022-1789
    - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID

* Jammy update: v5.15.36 upstream stable release (LP: #1972905)
    - block: simplify the block device syncing code
    - xfs: return errors in xfs_fs_sync_fs
    - dma-mapping: remove bogus test for pfn_valid from dma_map_resource
    - arm64/mm: drop HAVE_ARCH_PFN_VALID
    - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
    - mm: page_alloc: fix building error on -Werror=array-compare
    - perf tools: Fix segfault accessing sample_id xyarray
    - mm, kfence: support kmem_dump_obj() for KFENCE objects
    - gfs2: assign rgrp glock before compute_bitstructs
    - scsi: ufs: core: scsi_get_lba() error fix
    - ALSA: usb-audio: Clear MIDI port active flag after draining
    - ALSA: hda/realtek: Add quirk for Clevo NP70PNP
    - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create()
    - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe
    - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
    - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
    - dmaengine: idxd: fix device cleanup on disable
    - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    - dmaengine: mediatek:Fix PM usage reference leak of
      mtk_uart_apdma_alloc_chan_resources
    - dmaengine: dw-edma: Fix unaligned 64bit access
    - spi: spi-mtk-nor: initialize spi controller after resume
    - esp: limit skb_page_frag_refill use to a single page
    - spi: cadence-quadspi: fix incorrect supports_op() return value
    - igc: Fix infinite loop in release_swfw_sync
    - igc: Fix BUG: scheduling while atomic
    - igc: Fix suspending when PTM is active
    - ALSA: hda/hdmi: fix warning about PCM count when used with SOF
    - rxrpc: Restore removed timer deletion
    - net/smc: Fix sock leak when release after smc_shutdown()
    - net/packet: fix packet_sock xmit return value checking
    - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    - ip6_gre: Fix skb_under_panic in __gre6_xmit()
    - net: restore alpha order to Ethernet devices in config
    - net/sched: cls_u32: fix possible leak in u32_init_knode()
    - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
      netdev_master_upper_dev_get_rcu
    - ipv6: make ip6_rt_gc_expire an atomic_t
    - can: isotp: stop timeout monitoring when no first frame was sent
    - net: dsa: hellcreek: Calculate checksums in tagger
    - net: mscc: ocelot: fix broken IP multicast flooding
    - netlink: reset network and mac headers in netlink_dump()
    - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in
      intel_psr2_config_valid() fails
    - net: stmmac: Use readl_poll_timeout_atomic() in atomic state
    - dmaengine: idxd: add RO check for wq max_batch_size write
    - dmaengine: idxd: add RO check for wq max_transfer_size write
    - dmaengine: idxd: skip clearing device context when device is read-only
    - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    - arm64: mm: fix p?d_leaf()
    - ARM: vexpress/spc: Avoid negative array index when !SMP
    - reset: renesas: Check return value of reset_control_deassert()
    - reset: tegra-bpmp: Restore Handle errors in BPMP response
    - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
      negative
    - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
      constant
    - drm/msm/disp: check the return value of kzalloc()
    - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes
    - vxlan: fix error return code in vxlan_fdb_append
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - mt76: Fix undefined behavior due to shift overflowing the constant
    - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    - dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
    - drm/msm/mdp5: check the return of kzalloc()
    - net: macb: Restart tx only if queue pointer is lagging
    - scsi: iscsi: Release endpoint ID when its freed
    - scsi: iscsi: Merge suspend fields
    - scsi: iscsi: Fix NOP handling during conn recovery
    - scsi: qedi: Fix failed disconnect handling
    - stat: fix inconsistency between struct stat and struct compat_stat
    - VFS: filename_create(): fix incorrect intent.
    - nvme: add a quirk to disable namespace identifiers
    - nvme-pci: disable namespace identifiers for the MAXIO MAP1002/1202
    - nvme-pci: disable namespace identifiers for Qemu controllers
    - EDAC/synopsys: Read the error count from the correct register
    - mm/memory-failure.c: skip huge_zero_page in memory_failure()
    - memcg: sync flush only if periodic flush is delayed
    - mm, hugetlb: allow for "high" userspace addresses
    - oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
      cleanup
    - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
    - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    - dma: at_xdmac: fix a missing check on list iterator
    - dmaengine: imx-sdma: fix init of uart scripts
    - net: atlantic: invert deep par in pm functions, preventing null derefs
    - Input: omap4-keypad - fix pm_runtime_get_sync() error checking
    - scsi: sr: Do not leak information in ioctl
    - sched/pelt: Fix attach_entity_load_avg() corner case
    - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled
    - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
    - KVM: PPC: Fix TCE handling for VFIO
    - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
    - powerpc/perf: Fix power9 event alternatives
    - powerpc/perf: Fix power10 event alternatives
    - perf script: Always allow field 'data_src' for auxtrace
    - perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event
    - xtensa: patch_text: Fixup last cpu should be master
    - xtensa: fix a7 clobbering in coprocessor context load/store
    - openvswitch: fix OOB access in reserve_sfa_size()
    - ASoC: soc-dapm: fix two incorrect uses of list iterator
    - e1000e: Fix possible overflow in LTR decoding
    - ARC: entry: fix syscall_trace_exit argument
    - arm_pmu: Validate single/group leader events
    - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
    - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race
    - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
    - KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs
    - netfilter: conntrack: convert to refcount_t api
    - netfilter: conntrack: avoid useless indirection during conntrack destruction
    - ext4: fix fallocate to use file_modified to update permissions consistently
    - ext4: fix symlink file size not match to file content
    - ext4: fix use-after-free in ext4_search_dir
    - ext4, doc: fix incorrect h_reserved size
    - ext4: fix overhead calculation to account for the reserved gdt blocks
    - ext4: force overhead calculation if the s_overhead_cluster makes no sense
    - netfilter: nft_ct: fix use after free when attaching zone template
    - jbd2: fix a potential race while discarding reserved buffers after an abort
    - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
      controller
    - block/compat_ioctl: fix range check in BLKGETSIZE
    - arm64: dts: qcom: add IPA qcom,qmp property
    - Linux 5.15.36

* Aquantia GbE LAN driver causes UBSAN error during kernel boot
    (LP: #1958770) // Jammy update: v5.15.36 upstream stable release
    (LP: #1972905)
    - net: atlantic: Avoid out-of-bounds indexing

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 22 Jun 2022 14:42:28 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-07-11:

#21

Since Impish with reach it's EOL this week on July the 14th,
I'll change Impish here also to Won't Fix
that allows to close this bug entirely.

Changed in linux (Ubuntu Impish):
status:	Fix Committed → Won't Fix
Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2022-07-11:

#22

------- Comment From <email address hidden> 2022-07-11 11:05 EDT-------
With this fix being released to -updates, I am closing the bug.
Thanks to everyone for your work on this.

Changing Bugzilla status to: CLOSED

Ubuntu
linux package

[UBUNTU 20.04] rcu stalls with many storage key guests

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	Medium	Skipper Bug Screeners
linux (Ubuntu)	Invalid	Medium	Skipper Bug Screeners
Focal	Fix Released	Medium	Canonical Kernel Team
Impish	Won't Fix	Medium	Canonical Kernel Team
Jammy	Fix Released	Medium	Canonical Kernel Team

Ubuntulinux package

[UBUNTU 20.04] rcu stalls with many storage key guests

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package