Package "linux"

  linux (5.4.0-122.138) focal; urgency=medium

  * focal/linux: 5.4.0-122.138 -proposed tracker (LP: #1979489)

  * Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"

  * Enable Asus USB-BT500 Bluetooth dongle(0b05:190e) (LP: #1976613)
    - Bluetooth: btusb: Add flag to define wideband speech capability
    - Bluetooth: btrtl: Add support for RTL8761B
    - Bluetooth: btusb: Add 0x0b05:0x190e Realtek 8761BU (ASUS BT500) device.

  * [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest

  * Ubuntu 5.4.0-117.132-generic 5.4.189 has BUG: kernel NULL pointer
    dereference, address: 0000000000000034 (LP: #1978719)
    - mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas()

  * Focal update: upstream stable patchset v5.4.192 (LP: #1979014)
    - floppy: disable FDRAWCMD by default
    - [Config] updateconfigs for BLK_DEV_FD_RAWCMD
    - hamradio: defer 6pack kfree after unregister_netdev
    - hamradio: remove needs_free_netdev to avoid UAF
    - lightnvm: disable the subsystem
    - [Config] updateconfigs for NVM, NVM_PBLK
    - usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    - USB: quirks: add a Realtek card reader
    - USB: quirks: add STRING quirk for VCOM device
    - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    - xhci: stop polling roothubs after shutdown
    - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    - iio: dac: ad5592r: Fix the missing return value.
    - iio: dac: ad5446: Fix read_raw not returning set value
    - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    - usb: misc: fix improper handling of refcount in uss720_probe()
    - usb: typec: ucsi: Fix role swapping
    - usb: gadget: uvc: Fix crash when encoding data for usb request
    - usb: gadget: configfs: clear deactivation flag in
      configfs_composite_unbind()
    - usb: dwc3: core: Fix tx/rx threshold settings
    - usb: dwc3: gadget: Return proper request status
    - serial: imx: fix overrun interrupts in DMA mode
    - serial: 8250: Also set sticky MCR bits in console restoration
    - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    - arch_topology: Do not set llc_sibling if llc_id is invalid
    - hex2bin: make the function hex_to_bin constant-time
    - hex2bin: fix access beyond string end
    - video: fbdev: udlfb: properly check endpoint type
    - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    - mtd: rawnand: fix ecc parameters for mt7622
    - USB: Fix xhci event ring dequeue pointer ERDP update issue
    - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    - phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    - ARM: dts: Fix mmc order for omap3-gta04
    - ARM: dts: am3517-evm: Fix misc pinmuxing
    - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    - ipvs: correctly print the memory size of ip_vs_conn_tab
    - mtd: rawnand: Fix return value check of wait_for_completion_timeout
    - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
      hook
    - tcp: md5: incorrect tcp_header_len for incoming connections
    - tcp: ensure to use the most recently sent skb when filling the rate sample
    - sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    - ARM: dts: imx6ull-colibri: fix vqmmc regulator
    - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    - pinctrl: pistachio: fix use of irq_of_parse_and_map()
    - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    - net: hns3: add validity check for message data length
    - net/smc: sync err code when tcp connection was refused
    - ip_gre: Make o_seqno start from 0 in native mode
    - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    - clk: sunxi: sun9i-mmc: check return value after calling
      platform_get_resource()
    - net: bcmgenet: hide status block before TX timestamping
    - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    - drm/amd/display: Fix memory leak in dcn21_clock_source_create
    - tls: Skip tls_append_frag on zero copy size
    - bnx2x: fix napi API usage sequence
    - ixgbe: ensure IPsec VF<->PF compatibility
    - tcp: fix F-RTO may not work correctly when receiving DSACK
    - ASoC: wm8731: Disable the regulator when probing fails
    - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    - cifs: destage any unwritten data to the server before calling
      copychunk_write
    - drivers: net: hippi: Fix deadlock in rr_close()
    - net: ethernet: stmmac: fix write to sgmii_adapter_base
    - x86/cpu: Load microcode during restore_processor_state()
    - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
 

  linux (5.4.0-121.137) focal; urgency=medium

  * focal/linux: 5.4.0-121.137 -proposed tracker (LP: #1978666)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.05.30)

  * CVE-2022-28388
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path

  * test_vxlan_under_vrf.sh in net from ubuntu_kernel_selftests failed (Check VM
    connectivity through VXLAN (underlay in the default VRF) [FAIL])
    (LP: #1871015)
    - selftests: net: test_vxlan_under_vrf: fix HV connectivity test

  * [UBUNTU 20.04] CPU-MF: add extended counter set definitions for new IBM z16
    (LP: #1974433)
    - s390/cpumf: add new extended counter set for IBM z16

  * [UBUNTU 20.04] KVM nesting support leaks too much memory, might result in
    stalls during cleanup (LP: #1974017)
    - KVM: s390: vsie/gmap: reduce gmap_rmap overhead

  * [UBUNTU 20.04] Null Pointer issue in nfs code running Ubuntu on IBM Z
    (LP: #1968096)
    - NFS: Fix up nfs_ctx_key_to_expire()

 -- Stefan Bader <email address hidden> Wed, 15 Jun 2022 15:13:27 +0200

  linux (5.4.0-115.129) focal; urgency=medium

  * CVE-2022-21499
    - SAUCE: debug: Lock down kgdb

  linux (5.4.0-114.128) focal; urgency=medium

  * focal/linux: 5.4.0-114.128 -proposed tracker (LP: #1974391)

  * 32 GT/s PCI link speeds reporting "Unknown speed" in sysfs (LP: #1970798)
    - PCI: Add 32 GT/s decoding in some macros
    - PCI: Add pci_speed_string()
    - PCI: Use pci_speed_string() for all PCI/PCI-X/PCIe strings
    - PCI: Add PCIE_LNKCAP2_SLS2SPEED() macro

  * issuing invalid ioctl to /dev/vsock may spam dmesg (LP: #1971480)
    - vsock: remove ratelimit unknown ioctl message

  * config CONFIG_HISI_PMU for kunpeng920 (LP: #1956086)
    - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers
    - [Config] CONFIG_HISI_PMU=m

  * Focal update: v5.4.189 upstream stable release (LP: #1971497)
    - swiotlb: fix info leak with DMA_FROM_DEVICE
    - USB: serial: pl2303: add IBM device IDs
    - USB: serial: simple: add Nokia phone driver
    - netdevice: add the case if dev is NULL
    - HID: logitech-dj: add new lightspeed receiver id
    - xfrm: fix tunnel model fragmentation behavior
    - virtio_console: break out of buf poll on remove
    - ethernet: sun: Free the coherent when failing in probing
    - spi: Fix invalid sgs value
    - net:mcf8390: Use platform_get_irq() to get the interrupt
    - spi: Fix erroneous sgs value with min_t()
    - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
      pfkey_register
    - net: dsa: microchip: add spi_device_id tables
    - iommu/iova: Improve 32-bit free space estimate
    - tpm: fix reference counting for struct tpm_chip
    - block: Add a helper to validate the block size
    - virtio-blk: Use blk_validate_block_size() to validate block size
    - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
    - xhci: fix runtime PM imbalance in USB2 resume
    - xhci: make xhci_handshake timeout for xhci_reset() adjustable
    - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
    - coresight: Fix TRCCONFIGR.QE sysfs interface
    - iio: afe: rescale: use s64 for temporary scale calculations
    - iio: inkern: apply consumer scale on IIO_VAL_INT cases
    - iio: inkern: apply consumer scale when no channel scale is available
    - iio: inkern: make a best effort on offset calculation
    - greybus: svc: fix an error handling bug in gb_svc_hello()
    - clk: uniphier: Fix fixed-rate initialization
    - KEYS: fix length validation in keyctl_pkey_params_get_2()
    - Documentation: add link to stable release candidate tree
    - Documentation: update stable tree link
    - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
    - SUNRPC: avoid race between mod_timer() and del_timer_sync()
    - NFSD: prevent underflow in nfssvc_decode_writeargs()
    - NFSD: prevent integer overflow on 32 bit systems
    - f2fs: fix to unlock page correctly in error path of is_alive()
    - f2fs: quota: fix loop condition at f2fs_quota_sync()
    - f2fs: fix to do sanity check on .cp_pack_total_block_count
    - pinctrl: samsung: drop pin banks references on error paths
    - spi: mxic: Fix the transmit path
    - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
    - jffs2: fix memory leak in jffs2_do_mount_fs
    - jffs2: fix memory leak in jffs2_scan_medium
    - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
    - mm: invalidate hwpoison page cache page in fault path
    - mempolicy: mbind_range() set_policy() after vma_merge()
    - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
    - qed: display VF trust config
    - qed: validate and restrict untrusted VFs vlan promisc mode
    - riscv: Fix fill_callchain return value
    - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
    - ALSA: cs4236: fix an incorrect NULL check on list iterator
    - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
    - mm,hwpoison: unmap poisoned page before invalidation
    - mm/kmemleak: reset tag when compare object pointer
    - drbd: fix potential silent data corruption
    - powerpc/kvm: Fix kvm_use_magic_page
    - udp: call udp_encap_enable for v6 sockets when enabling encap
    - ACPI: properties: Consistently return -ENOENT if there are no more
      references
    - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
    - mailbox: tegra-hsp: Flush whole channel
    - block: don't merge across cgroup boundaries if blkcg is enabled
    - drm/edid: check basic audio support on CEA extension block
    - video: fbdev: sm712fb: Fix crash in smtcfb_read()
    - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
    - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
    - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5420
    - carl9170: fix missing bit-wise or operator for tx_params
    - thermal: int340x: Increase bitmap size
    - lib/raid6/test: fix multiple definition linking error
    - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
    - crypto: rsa-pkcs1pad - restore signature length check
    - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
    - DEC: Limit PMAX memory probing to R3k systems
    - media: davinci: vpif: fix unbalanced runtime PM get
    - xtensa: fix stop_machine_cpuslocked call in patch_text
    - xtensa: fix xtensa_wsr always writing 0
    - brcmfmac: firmware: Allocate space for default boardrev in nvram
    - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
    - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
    - brcmfmac: pcie: Fix crashes due to early IRQs
    - PCI: pciehp: Clear cmd_busy bit in polling mode
    - regulator: qcom_smd: fix for_each_child.cocci warnings
    - crypto: authenc - Fix sleep in atomic context in decrypt_tail
    - crypto: mxs-dcp - Fix scatterlist processing
    - spi: tegra114: Add missing IRQ check in tegra_s

  linux (5.4.0-113.127) focal; urgency=medium

  * focal/linux: 5.4.0-113.127 -proposed tracker (LP: #1973980)

  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()

  * CVE-2022-1116
    - io_uring: fix fs->users overflow

  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

 -- Stefan Bader <email address hidden> Wed, 18 May 2022 16:07:54 +0200