Package "linux-ibm-5.4"

  linux-ibm-5.4 (5.4.0-1019.21~18.04.1) bionic; urgency=medium

  * bionic/linux-ibm-5.4: 5.4.0-1019.21~18.04.1 -proposed tracker (LP: #1966260)

  [ Ubuntu: 5.4.0-1019.21 ]

  * focal/linux-ibm: 5.4.0-1019.21 -proposed tracker (LP: #1966261)
  * Miscellaneous Ubuntu changes
    - [config] ibm: Update gcc version
  * focal/linux: 5.4.0-107.121 -proposed tracker (LP: #1966275)
  * CVE-2022-27666
    - esp: Fix possible buffer overflow in ESP transformation
  * CVE-2022-1055
    - net: sched: fix use-after-free in tc_new_tfilter()
  * Pick fixup from v5.4.176 upstream stable release to address cert
    failure with clock jitter test in NUC7i3DNHE (LP: #1964204)
    - Bluetooth: refactor malicious adv data check

 -- Khalid Elmously <email address hidden> Fri, 01 Apr 2022 22:40:14 -0400

  linux-ibm-5.4 (5.4.0-1018.20~18.04.1) bionic; urgency=medium

  * bionic/linux-ibm-5.4: 5.4.0-1018.20~18.04.1 -proposed tracker (LP: #1964193)

  [ Ubuntu: 5.4.0-1018.20 ]

  * focal/linux-ibm: 5.4.0-1018.20 -proposed tracker (LP: #1964194)
  * CVE-2022-0847
    - lib/iov_iter: initialize "flags" in new pipe_buffer
  * Broken network on some AWS instances with focal/impish kernels
    (LP: #1961968)
    - SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"
  * [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
  * Hipersocket page allocation failure on Ubuntu 20.04 based SSC environments
    (LP: #1959529)
    - s390/qeth: use memory reserves to back RX buffers
  * CVE-2022-0516
    - KVM: s390: Return error on SIDA memop on normal guest
  * CVE-2022-0435
    - tipc: improve size validations for received domain records
  * CVE-2022-0492
    - cgroup-v1: Require capabilities to set release_agent
  * Recalled NFSv4 files delegations overwhelm server (LP: #1957986)
    - NFSv4: Fix delegation handling in update_open_stateid()
    - NFSv4: nfs4_callback_getattr() should ignore revoked delegations
    - NFSv4: Delegation recalls should not find revoked delegations
    - NFSv4: fail nfs4_refresh_delegation_stateid() when the delegation was
      revoked
    - NFS: Rename nfs_inode_return_delegation_noreclaim()
    - NFSv4: Don't remove the delegation from the super_list more than once
    - NFSv4: Hold the delegation spinlock when updating the seqid
    - NFSv4: Clear the NFS_DELEGATION_REVOKED flag in
      nfs_update_inplace_delegation()
    - NFSv4: Update the stateid seqid in nfs_revoke_delegation()
    - NFSv4: Revoke the delegation on success in nfs4_delegreturn_done()
    - NFSv4: Ignore requests to return the delegation if it was revoked
    - NFSv4: Don't reclaim delegations that have been returned or revoked
    - NFSv4: nfs4_return_incompatible_delegation() should check delegation
      validity
    - NFSv4: Fix nfs4_inode_make_writeable()
    - NFS: nfs_inode_find_state_and_recover() fix stateid matching
    - NFSv4: Fix races between open and delegreturn
    - NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
    - NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
    - NFSv4: nfs_inode_evict_delegation() should set NFS_DELEGATION_RETURNING
    - NFS: Clear NFS_DELEGATION_RETURN_IF_CLOSED when the delegation is returned
    - NFSv4: Try to return the delegation immediately when marked for return on
      close
    - NFSv4: Add accounting for the number of active delegations held
    - NFSv4: Limit the total number of cached delegations
    - NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
    - NFSv4: Ensure the delegation cred is pinned when we call delegreturn
  * Focal update: v5.4.174 upstream stable release (LP: #1960566)
    - HID: uhid: Fix worker destroying device without any protection
    - HID: wacom: Reset expected and received contact counts at the same time
    - HID: wacom: Ignore the confidence flag when a touch is removed
    - HID: wacom: Avoid using stale array indicies to read contact count
    - f2fs: fix to do sanity check in is_alive()
    - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
      bind()
    - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
    - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
    - x86/gpu: Reserve stolen memory for first integrated Intel GPU
    - tools/nolibc: x86-64: Fix startup code bug
    - tools/nolibc: i386: fix initial stack alignment
    - tools/nolibc: fix incorrect truncation of exit code
    - rtc: cmos: take rtc_lock while reading from CMOS
    - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
    - media: flexcop-usb: fix control-message timeouts
    - media: mceusb: fix control-message timeouts
    - media: em28xx: fix control-message timeouts
    - media: cpia2: fix control-message timeouts
    - media: s2255: fix control-message timeouts
    - media: dib0700: fix undefined behavior in tuner shutdown
    - media: redrat3: fix control-message timeouts
    - media: pvrusb2: fix control-message timeouts
    - media: stk1160: fix control-message timeouts
    - can: softing_cs: softingcs_probe(): fix memleak on registration failure
    - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
    - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
    - mm_zone: add function to check if managed dma zone exists
    - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
      pages
    - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
    - drm/rockchip: dsi: Hold pm-runtime across bind/unbind
    - drm/rockchip: dsi: Reconfigure hardware on resume()
    - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
    - drm/panel: innolux-p079zca: Delete panel on attach() failure
    - drm/rockchip: dsi: Fix unbalanced clock on probe error
    - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
    - clk: bcm-2835: Pick the closest clock rate
    - clk: bcm-2835: Remove rounding up the dividers
    - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
    - wcn36xx: Release DMA channel descriptor allocations
    - media: videobuf2: Fix the size printk format
    - media: aspeed: fix mode-detect always time out at 2nd run
    - media: em28xx: fix memory leak in em28xx_init_dev
    - media: aspeed: Update signal status immediately to ensure sane hw state
    - arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
    - arm64: dts: meson-gxbb-wete

  linux-ibm-5.4 (5.4.0-1016.17~18.04.1) bionic; urgency=medium

  * bionic/linux-ibm-5.4: 5.4.0-1016.17~18.04.1 -proposed tracker (LP: #1961242)

  [ Ubuntu: 5.4.0-1016.17 ]

  * focal/linux-ibm: 5.4.0-1016.17 -proposed tracker (LP: #1961243)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
  * focal/linux: 5.4.0-102.115 -proposed tracker (LP: #1961974)
  * Broken network on some AWS instances with focal/impish kernels
    (LP: #1961968)
    - SAUCE: Revert "PCI/MSI: Mask MSI-X vectors only on success"
  * focal/linux: 5.4.0-101.114 -proposed tracker (LP: #1961258)
  * [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit
  * Hipersocket page allocation failure on Ubuntu 20.04 based SSC environments
    (LP: #1959529)
    - s390/qeth: use memory reserves to back RX buffers
  * CVE-2022-0516
    - KVM: s390: Return error on SIDA memop on normal guest
  * CVE-2022-0435
    - tipc: improve size validations for received domain records
  * CVE-2022-0492
    - cgroup-v1: Require capabilities to set release_agent
  * Recalled NFSv4 files delegations overwhelm server (LP: #1957986)
    - NFSv4: Fix delegation handling in update_open_stateid()
    - NFSv4: nfs4_callback_getattr() should ignore revoked delegations
    - NFSv4: Delegation recalls should not find revoked delegations
    - NFSv4: fail nfs4_refresh_delegation_stateid() when the delegation was
      revoked
    - NFS: Rename nfs_inode_return_delegation_noreclaim()
    - NFSv4: Don't remove the delegation from the super_list more than once
    - NFSv4: Hold the delegation spinlock when updating the seqid
    - NFSv4: Clear the NFS_DELEGATION_REVOKED flag in
      nfs_update_inplace_delegation()
    - NFSv4: Update the stateid seqid in nfs_revoke_delegation()
    - NFSv4: Revoke the delegation on success in nfs4_delegreturn_done()
    - NFSv4: Ignore requests to return the delegation if it was revoked
    - NFSv4: Don't reclaim delegations that have been returned or revoked
    - NFSv4: nfs4_return_incompatible_delegation() should check delegation
      validity
    - NFSv4: Fix nfs4_inode_make_writeable()
    - NFS: nfs_inode_find_state_and_recover() fix stateid matching
    - NFSv4: Fix races between open and delegreturn
    - NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
    - NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
    - NFSv4: nfs_inode_evict_delegation() should set NFS_DELEGATION_RETURNING
    - NFS: Clear NFS_DELEGATION_RETURN_IF_CLOSED when the delegation is returned
    - NFSv4: Try to return the delegation immediately when marked for return on
      close
    - NFSv4: Add accounting for the number of active delegations held
    - NFSv4: Limit the total number of cached delegations
    - NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
    - NFSv4: Ensure the delegation cred is pinned when we call delegreturn
  * Focal update: v5.4.174 upstream stable release (LP: #1960566)
    - HID: uhid: Fix worker destroying device without any protection
    - HID: wacom: Reset expected and received contact counts at the same time
    - HID: wacom: Ignore the confidence flag when a touch is removed
    - HID: wacom: Avoid using stale array indicies to read contact count
    - f2fs: fix to do sanity check in is_alive()
    - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
      bind()
    - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
    - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
    - x86/gpu: Reserve stolen memory for first integrated Intel GPU
    - tools/nolibc: x86-64: Fix startup code bug
    - tools/nolibc: i386: fix initial stack alignment
    - tools/nolibc: fix incorrect truncation of exit code
    - rtc: cmos: take rtc_lock while reading from CMOS
    - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
    - media: flexcop-usb: fix control-message timeouts
    - media: mceusb: fix control-message timeouts
    - media: em28xx: fix control-message timeouts
    - media: cpia2: fix control-message timeouts
    - media: s2255: fix control-message timeouts
    - media: dib0700: fix undefined behavior in tuner shutdown
    - media: redrat3: fix control-message timeouts
    - media: pvrusb2: fix control-message timeouts
    - media: stk1160: fix control-message timeouts
    - can: softing_cs: softingcs_probe(): fix memleak on registration failure
    - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
    - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
    - mm_zone: add function to check if managed dma zone exists
    - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
      pages
    - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
    - drm/rockchip: dsi: Hold pm-runtime across bind/unbind
    - drm/rockchip: dsi: Reconfigure hardware on resume()
    - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
    - drm/panel: innolux-p079zca: Delete panel on attach() failure
    - drm/rockchip: dsi: Fix unbalanced clock on probe error
    - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
    - clk: bcm-2835: Pick the closest clock rate
    - clk: bcm-2835: Remove rounding up the dividers
    - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
    - wcn36xx: Release DMA channel descriptor allocations
    - media: videobuf2: Fix the size printk format
    - media: aspeed: fix mode-detect always time out at 2nd run
    - media: em28xx: fix memory leak in em28xx_init_dev
    - media: aspeed: Update signal status immedia

  linux-ibm-5.4 (5.4.0-1015.16~18.04.1) bionic; urgency=medium

  * bionic/linux-ibm-5.4: 5.4.0-1015.16~18.04.1 -proposed tracker (LP: #1959262)

  [ Ubuntu: 5.4.0-1015.16 ]

  * focal/linux-ibm: 5.4.0-1015.16 -proposed tracker (LP: #1959263)
  * focal/linux: 5.4.0-100.113 -proposed tracker (LP: #1959900)
  * CVE-2022-22942
    - SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy
  * CVE-2022-0330
    - drm/i915: Flush TLBs before releasing backing store
  * Focal update: v5.4.166 upstream stable release (LP: #1957008)
    - netfilter: selftest: conntrack_vrf.sh: fix file permission
    - Linux 5.4.166
    - net/packet: rx_owner_map depends on pg_vec
    - USB: gadget: bRequestType is a bitfield, not a enum
    - HID: holtek: fix mouse probing
    - udp: using datalen to cap ipv6 udp max gso segments
    - selftests: Calculate udpgso segment count without header adjustment
  * Focal update: v5.4.165 upstream stable release (LP: #1957007)
    - serial: tegra: Change lower tolerance baud rate limit for tegra20 and
      tegra30
    - ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type
    - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
    - HID: google: add eel USB id
    - HID: add hid_is_usb() function to make it simpler for USB detection
    - HID: add USB_HID dependancy to hid-prodikeys
    - HID: add USB_HID dependancy to hid-chicony
    - HID: add USB_HID dependancy on some USB HID drivers
    - HID: bigbenff: prevent null pointer dereference
    - HID: wacom: fix problems when device is not a valid USB device
    - HID: check for valid USB device for many HID drivers
    - can: kvaser_usb: get CAN clock frequency from device
    - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct
      stats->{rx,tx}_errors counter
    - can: sja1000: fix use after free in ems_pcmcia_add_card()
    - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
    - selftests: netfilter: add a vrf+conntrack testcase
    - vrf: don't run conntrack on vrf with !dflt qdisc
    - bpf: Fix the off-by-two error in range markings
    - ice: ignore dropped packets during init
    - bonding: make tx_rebalance_counter an atomic
    - nfp: Fix memory leak in nfp_cpp_area_cache_add()
    - seg6: fix the iif in the IPv6 socket control block
    - udp: using datalen to cap max gso segments
    - iavf: restore MSI state on reset
    - iavf: Fix reporting when setting descriptor count
    - IB/hfi1: Correct guard on eager buffer deallocation
    - mm: bdi: initialize bdi_min_ratio when bdi is unregistered
    - ALSA: ctl: Fix copy of updated id with element read/write
    - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
    - ALSA: pcm: oss: Fix negative period/buffer sizes
    - ALSA: pcm: oss: Limit the period size to 16MB
    - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
    - btrfs: clear extent buffer uptodate when we fail to write it
    - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
    - nfsd: Fix nsfd startup race (again)
    - tracefs: Have new files inherit the ownership of their parent
    - clk: qcom: regmap-mux: fix parent clock lookup
    - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
    - can: pch_can: pch_can_rx_normal: fix use after free
    - can: m_can: Disable and ignore ELO interrupt
    - x86/sme: Explicitly map new EFI memmap table as encrypted
    - libata: add horkage for ASMedia 1092
    - wait: add wake_up_pollfree()
    - SAUCE: binder: export __wake_up_pollfree for binder module
    - binder: use wake_up_pollfree()
    - signalfd: use wake_up_pollfree()
    - aio: keep poll requests on waitqueue until completed
    - aio: fix use-after-free due to missing POLLFREE handling
    - tracefs: Set all files to the same group ownership as the mount option
    - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
    - qede: validate non LSO skb length
    - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
    - i40e: Fix failed opcode appearing if handling messages from VF
    - i40e: Fix pre-set max number of queues for VF
    - mtd: rawnand: fsmc: Take instruction delay into account
    - mtd: rawnand: fsmc: Fix timing computation
    - dt-bindings: net: Reintroduce PHY no lane swap binding
    - tools build: Remove needless libpython-version feature check that breaks
      test-all fast path
    - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
    - net: altera: set a couple error code in probe()
    - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
    - net, neigh: clear whole pneigh_entry at alloc time
    - net/qla3xxx: fix an error code in ql_adapter_up()
    - Revert "UBUNTU: SAUCE: selftests: fib_tests: assign address to dummy1 for
      rp_filter tests"
    - selftests/fib_tests: Rework fib_rp_filter_test()
    - USB: gadget: detect too-big endpoint 0 requests
    - USB: gadget: zero allocate endpoint 0 buffers
    - usb: core: config: fix validation of wMaxPacketValue entries
    - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
      suspending
    - usb: core: config: using bit mask instead of individual bits
    - xhci: avoid race between disable slot command and host runtime suspend
    - iio: trigger: Fix reference counting
    - iio: trigger: stm32-timer: fix MODULE_ALIAS
    - iio: stk3310: Don't return error code in interrupt handler
    - iio: mma8452: Fix trigger reference couting
    - iio: ltr501: Don't return error code in trigger handler
    - iio: kxsd9: Don't return error code in trigger handler
    - iio: itg3200: Call iio_trigger_notify_done() on error
    - iio: dln2-adc: Fix lockdep complaint
    - iio: dln2: Check return value of devm_iio_trigger_register()
    - iio: at91-sama5d2: Fix incorrect sign extension
    - iio: adc: axp20x_adc: fix charging current reporting on AXP22x
    - iio: ad7768-1: Call iio_