Package "linux"

  linux (5.4.0-164.181) focal; urgency=medium

  * focal/linux: 5.4.0-164.181 -proposed tracker (LP: #2033867)

  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console

  * Azure: hv_netvsc: add support for vlans in AF_PACKET mode (LP: #2030872)
    - hv_netvsc: add support for vlans in AF_PACKET mode

  * systemd mount units fail during boot, while file system is correctly mounted
    (LP: #1837227)
    - list: introduce list_for_each_continue()
    - proc/mounts: add cursor

  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt

  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()

  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().

  * CVE-2021-4001
    - bpf: Fix toctou on read-only map's constant scalar tracking

  * Focal update: v5.4.248 upstream stable release (LP: #2031121)
    - test_firmware: fix a memory leak with reqs buffer
    - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
    - dasd: refactor dasd_ioctl_information
    - s390/dasd: Use correct lock while counting channel queue length
    - power: supply: ab8500: Fix external_power_changed race
    - power: supply: sc27xx: Fix external_power_changed race
    - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
      schedule()
    - ARM: dts: vexpress: add missing cache properties
    - power: supply: Ratelimit no data debug output
    - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
    - regulator: Fix error checking for debugfs_create_dir
    - irqchip/meson-gpio: Mark OF related data as maybe unused
    - power: supply: Fix logic checking if system is running from battery
    - btrfs: handle memory allocation failure in btrfs_csum_one_bio
    - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
    - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
    - MIPS: Alchemy: fix dbdma2
    - mips: Move initrd_start check after initrd address sanitisation.
    - xen/blkfront: Only check REQ_FUA for writes
    - drm:amd:amdgpu: Fix missing buffer object unlock in failure path
    - ocfs2: fix use-after-free when unmounting read-only filesystem
    - ocfs2: check new file size on fallocate call
    - nios2: dts: Fix tse_mac "max-frame-size" property
    - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
    - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
    - kexec: support purgatories with .text.hot sections
    - powerpc/purgatory: remove PGO flags
    - nouveau: fix client work fence deletion race
    - RDMA/uverbs: Restrict usage of privileged QKEYs
    - net: usb: qmi_wwan: add support for Compal RXM-G1
    - ALSA: hda/realtek: Add a quirk for Compaq N14JP6
    - Remove DECnet support from kernel
    - [Config] updateconfigs for DECNET
    - USB: serial: option: add Quectel EM061KGL series
    - serial: lantiq: add missing interrupt ack
    - usb: dwc3: gadget: Reset num TRBs before giving back the request
    - spi: spi-fsl-dspi: Remove unused chip->void_write_data
    - spi: fsl-dspi: avoid SCK glitches with continuous transfers
    - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
    - ping6: Fix send to link-local addresses with VRF.
    - RDMA/rxe: Remove the unused variable obj
    - RDMA/rxe: Removed unused name from rxe_task struct
    - RDMA/rxe: Fix the use-before-initialization error of resp_pkts
    - iavf: remove mask from iavf_irq_enable_queues()
    - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
    - IB/isert: Fix dead lock in ib_isert
    - IB/isert: Fix possible list corruption in CMA handler
    - IB/isert: Fix incorrect release of isert connection
    - ipvlan: fix bound dev checking for IPv6 l3s mode
    - sctp: fix an error code in sctp_sf_eat_auth()
    - igb: fix nvm.ops.read() error handling
    - drm/nouveau/dp: check for NULL nv_connector->native_mode
    - drm/nouveau/kms: Don't change EDID when it hasn't actually changed
    - drm/nouveau: add nv_encoder pointer check for NULL
    - net/sched: cls_api: Fix lockup on flushing explicitly created chain
    - net: lapbether: only support ethernet devices
    - net: tipc: resize nlattr array to correct size
    - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
    - afs: Fix vlserver probe RTT handling
    - neighbour: Remove unused inline function neigh_key_eq16()
    - net: Remove unused inline function dst_hold_and_use()
    - neighbour: delete neigh_lookup_nodev as not used
    - drm/nouveau/kms: Fix NULL pointer dereference in
      nouveau_connector_detect_depth
    - mmc: block: ensure error propagation for non-blk
    - Linux 5.4.248

  * Focal update: v5.4.247 upstream stable release (LP: #2030818)
    - blk-iocost: avoid 64-bit division in ioc_timer_fn
    - block/blk-iocost (gcc13): keep large values in a new enum
    - i40iw: fix build warning in i40iw_manage_apbvt()
    - i40e: fix build warnings in i40e_alloc.h
    - spi: qup: Request DMA before enabling clocks
    - neighbour: Replace zero-length array with flexible-array member
    - neighbour: fix unaligned access to pneigh_entry
    - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
    - Bluetooth: Fix l2cap_disconnect_req deadlock
    - Bluetooth: L2CAP: Add missing checks for invalid DCID
    - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
    - netfilter: ipset: Add schedule point in call_ad().
    - rfs: annotate lockless accesses to sk->sk_rxhash
    - rfs: annotate lockless accesses to RFS sock flow table
    - net

  linux (5.4.0-162.179) focal; urgency=medium

  * focal/linux: 5.4.0-162.179 -proposed tracker (LP: #2031128)

  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  linux (5.4.0-156.173) focal; urgency=medium

  * focal/linux: 5.4.0-156.173 -proposed tracker (LP: #2026585)

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * Focal update: v5.4.241 upstream stable release (LP: #2023930)
    - scsi: ses: Handle enclosure with just a primary component gracefully
    - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
    - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
    - treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()
    - smb3: fix problem with null cifs super block with previous patch
    - pinctrl: amd: Use irqchip template
    - pinctrl: amd: disable and mask interrupts on probe
    - pinctrl: amd: Disable and mask interrupts on resume
    - pwm: cros-ec: Explicitly set .polarity in .get_state()
    - pwm: sprd: Explicitly set .polarity in .get_state()
    - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
      sta
    - icmp: guard against too small mtu
    - net: don't let netpoll invoke NAPI if in xmit context
    - sctp: check send stream number after wait_for_sndbuf
    - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
    - gpio: davinci: Add irq chip flag to skip set wake
    - sunrpc: only free unix grouplist after RCU settles
    - NFSD: callback request does not use correct credential for AUTH_SYS
    - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
    - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
    - usb: typec: altmodes/displayport: Fix configure initial pin assignment
    - USB: serial: option: add Telit FE990 compositions
    - USB: serial: option: add Quectel RM500U-CN modem
    - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
    - iio: dac: cio-dac: Fix max DAC write value check for 12-bit
    - tty: serial: sh-sci: Fix transmit end interrupt handler
    - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
    - tty: serial: fsl_lpuart: avoid checking for transfer complete when
      UARTCTRL_SBK is asserted in lpuart32_tx_empty
    - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
    - nilfs2: fix sysfs interface lifetime
    - ALSA: hda/realtek: Add quirk for Clevo X370SNW
    - perf/core: Fix the same task check in perf_event_set_output
    - ftrace: Mark get_lock_parent_ip() __always_inline
    - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
    - tracing: Free error logs of tracing instances
    - net_sched: prevent NULL dereference if default qdisc setup failed
    - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
    - ring-buffer: Fix race while reader and writer are on the same page
    - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
    - irqdomain: Look for existing mapping only once
    - irqdomain: Refactor __irq_domain_alloc_irqs()
    - irqdomain: Fix mapping-creation race
    - Revert "pinctrl: amd: Disable and mask interrupts on resume"
    - ALSA: emu10k1: fix capture interrupt handler unlinking
    - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
    - ALSA: i2c/cs8427: fix iec958 mixer control deactivation
    - ALSA: firewire-tascam: add missing unwind goto in
      snd_tscm_stream_start_duplex()
    - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
    - Bluetooth: Fix race condition in hidp_session_thread
    - btrfs: print checksum type and implementation at mount time
    - btrfs: fix fast csum implementation detection
    - mtdblock: tolerate corrected bit-flips
    - mtd: rawnand: meson: fix bitmask for length in command word
    - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
    - niu: Fix missing unwind goto in niu_alloc_channels()
    - qlcnic: check pci_reset_function result
    - sctp: fix a potential overflow in sctp_ifwdtsn_skip
    - RDMA/core: Fix GID entry ref leak when create_ah fails
    - udp6: fix potential access to stale information
    - net: macb: fix a memory corruption in extended buffer descriptor mode
    - power: supply: cros_usbpd: reclassify "default case!" as debug
    - i2c: imx-lpi2c: clean rx/tx buffers upon new message
    - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
    - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
    - verify_pefile: relax wrapper length check
    - asymmetric_keys: log on fatal failures in PE/pkcs7
    - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
    - mtd: ubi: wl: Fix a couple of kernel-doc issues
    - ubi: Fix deadlock caused by recursively holding work_sem
    - i2c: ocores: generate stop condition after timeout in polling mode
    - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
    - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
    - xfs: show the proper user quota options
    - xfs: remove the kuid/kgid conversion wrappers
    - xfs: add a new xfs_sb_version_has_v3inode helper
    - xfs: only check the superblock version for dinode size calculation
    - xfs: simplify di_flags2 inheritance in xfs_ialloc
    - xfs: simplify a check in xfs_ioctl_setattr_check_cowextsize
    - xfs: remove the di_version field from struct icdinode
    - xfs: set inode size after creating symlink
    - xfs: report corruption only as a regular error
    - xfs: shut down the filesystem if we screw up quota reservation
    - xfs: consider shutdown in bmapbt cursor delete assert
    - xfs: don't reuse busy extents on extent trim
    - xfs: force log and push AIL to clear pinned inodes when aborting mount
    - Linux 5.4.241

  * [UBUNTU 20.04] [HPS] Kernel panic with "refcount_t: underflow" in mlx5
    driver (LP: #2019011)
    - net/mlx5: cmdif, Avoid skipping reclaim pages if FW is not accessible
    - net/mlx5: Fix handling of entry refcount when command i

  linux (5.4.0-154.171) focal; urgency=medium

  * focal/linux: 5.4.0-154.171 -proposed tracker (LP: #2024170)

  * Severe NFS performance degradation after LP #2003053 (LP: #2022098)
    - SAUCE: Make NFS file-access stale cache behaviour opt-in

  * Encountering an issue with memcpy_fromio causing failed boot of SEV-enabled
    guest (LP: #2020319)
    - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO

  * Focal update: v5.4.240 upstream stable release (LP: #2023601)
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()
    - power: supply: da9150: Fix use after free bug in da9150_charger_remove due
      to race condition
    - iavf: fix inverted Rx hash condition leading to disabled hash
    - iavf: fix non-tunneled IPv6 UDP packet type and hashing
    - intel/igbvf: free irq on the error path in igbvf_request_msix()
    - igbvf: Regard vf reset nack as success
    - i2c: imx-lpi2c: check only for enabled interrupt flags
    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
    - net: usb: smsc95xx: Limit packet length to skb->len
    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    - net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    - net/ps3_gelic_net: Fix RX sk_buff length
    - net/ps3_gelic_net: Use dma_mapping_error
    - keys: Do not cache key in task struct if key is requested from kernel thread
    - bpf: Adjust insufficient default bpf_jit_limit
    - net/mlx5: Read the TC mapping of all priorities on ETS query
    - atm: idt77252: fix kmemleak when rmmod idt77252
    - erspan: do not use skb_mac_header() in ndo_start_xmit()
    - net/sonic: use dma_mapping_error() for error check
    - nvme-tcp: fix nvme_tcp_term_pdu to match spec
    - hvc/xen: prevent concurrent accesses to the shared ring
    - net: mdio: thunder: Add missing fwnode_handle_put()
    - Bluetooth: btqcomsmd: Fix command timeout after setting BD address
    - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
    - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
    - scsi: qla2xxx: Perform lockless command completion in abort path
    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
    - thunderbolt: Use const qualifier for `ring_interrupt_index`
    - riscv: Bump COMMAND_LINE_SIZE value to 1024
    - ca8210: fix mac_len negative array access
    - m68k: Only force 030 bus error if PC not in exception table
    - selftests/bpf: check that modifier resolves after pointer
    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
    - scsi: lpfc: Avoid usage of list iterator variable after loop
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
    - net: usb: qmi_wwan: add Telit 0x1080 composition
    - sh: sanitize the flags on sigreturn
    - cifs: empty interface list when server doesn't support query interfaces
    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
    - usb: gadget: u_audio: don't let userspace block driver unbind
    - fsverity: Remove WQ_UNBOUND from fsverity read workqueue
    - igb: revert rtnl_lock() that causes deadlock
    - dm thin: fix deadlock when swapping to thin device
    - usb: cdns3: Fix issue with using incorrect PCI device function
    - usb: chipdea: core: fix return -EINVAL if request role is the same with
      current role
    - usb: chipidea: core: fix possible concurrent when switch role
    - wifi: mac80211: fix qos on mesh interfaces
    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
    - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    - dm stats: check for and propagate alloc_percpu failure
    - dm crypt: add cond_resched() to dmcrypt_write()
    - sched/fair: sanitize vruntime of entity being placed
    - sched/fair: Sanitize vruntime of entity being migrated
    - tun: avoid double free in tun_free_netdev
    - ocfs2: fix data corruption after failed write
    - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
    - bus: imx-weim: fix branch condition evaluates to a garbage value
    - md: avoid signed overflow in slot_store()
    - ALSA: asihpi: check pao in control_message()
    - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
    - fbdev: tgafb: Fix potential divide by zero
    - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
    - fbdev: nvidia: Fix potential divide by zero
    - fbdev: intelfb: Fix potential divide by zero
    - fbdev: lxfb: Fix potential divide by zero
    - fbdev: au1200fb: Fix potential divide by zero
    - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
    - dma-mapping: drop the dev argument to arch_sync_dma_for_*
    - mips: bmips: BCM6358: disable RAC flush for TP1
    - mtd: rawnand: meson: invalidate cache on polling ECC bit
    - scsi: megaraid_sas: Fix crash after a double completion
    - ptp_qoriq: fix memory leak in probe()
    - regulator: fix spelling mistake "Cant" -> "Can't"
    - regulator: Handle deferred clk
    - net/net_failover: fix txq exceeding warning
    - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
    - s390/vfio-ap: fix memory leak in vfio_ap device driver
    - i40e: fix registers dump after run ethtool adapter self test
    - bnxt_en: Fix typo in PCI id to device description string mapping
    - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
    - net: mvneta: make tx buffer array agnostic
    - pinctrl: ocelot: Fix alt mode for ocelot
    - Input: alps - fix compatibility with -funsigned-char
    - Input: focaltech - use explicitly signed char type
    - cifs: prevent infinite recursion in CIFSGetDFSRefer()
    - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
    - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
    - xen/netback: don

  linux (5.4.0-152.169) focal; urgency=medium

  * focal/linux: 5.4.0-152.169 -proposed tracker (LP: #2023070)

  * Focal update: v5.4.236 upstream stable release (LP: #2020390)
    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis