Package "linux-hwe-5.8"

  linux-hwe-5.8 (5.8.0-53.60~20.04.1) focal; urgency=medium

  [ Ubuntu: 5.8.0-53.60 ]

  * CVE-2021-3491
    - io_uring: fix provide_buffers sign extension
    - io_uring: fix overflows checks in provide buffers
    - SAUCE: proc: Avoid mixing integer types in mem_rw()
    - SAUCE: io_uring: truncate lengths larger than MAX_RW_COUNT on provide
      buffers
  * CVE-2021-3490
    - bpf: Fix a verifier failure with xor
    - SAUCE: bpf: verifier: fix ALU32 bounds tracking with bitwise ops
  * CVE-2021-3489
    - SAUCE: bpf: ringbuf: deny reserve of buffers larger than ringbuf
    - SAUCE: bpf: prevent writable memory-mapping of read-only ringbuf pages

 -- Stefan Bader <email address hidden> Thu, 06 May 2021 11:28:58 +0200

  linux-hwe-5.8 (5.8.0-50.56~20.04.1) focal; urgency=medium

  [ Ubuntu: 5.8.0-50.56 ]

  * overlayfs calls vfs_setxattr without cap_convert_nscap
    - vfs: move cap_convert_nscap() call into vfs_setxattr()
  * CVE-2021-3492
    - SAUCE: shiftfs: free allocated memory in shiftfs_btrfs_ioctl_fd_replace()
      error paths
    - SAUCE: shiftfs: handle copy_to_user() return values correctly
  * CVE-2021-29154
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-32

 -- Kelsey Skunberg <email address hidden> Mon, 12 Apr 2021 12:47:37 -0600

  linux-hwe-5.8 (5.8.0-49.55~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-49.55~20.04.1 -proposed tracker (LP: #1921052)

  * Groovy update: upstream stable patchset 2021-03-05 (LP: #1917964)
    - hwe-5.8: [Config] updateconfigs for USB_BDC_PCI

  [ Ubuntu: 5.8.0-49.55 ]

  * groovy/linux: 5.8.0-49.55 -proposed tracker (LP: #1921053)
  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * improper memcg accounting causes NULL pointer derefs (LP: #1918668)
    - SAUCE: Revert "mm: memcg/slab: optimize objcg stock draining"
  * kernel: Enable CONFIG_BPF_LSM on Ubuntu (LP: #1905975)
    - [Config] Enable CONFIG_BPF_LSM
  * Groovy update: upstream stable patchset 2021-03-10 (LP: #1918516)
    - gpio: mvebu: fix pwm .get_state period calculation
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - media: v4l2-subdev.h: BIT() is not available in userspace
    - RDMA/vmw_pvrdma: Fix network_hdr_type reported in WC
    - kernel/io_uring: cancel io_uring before task works
    - io_uring: dont kill fasync under completion_lock
    - objtool: Don't fail on missing symbol table
    - mm/page_alloc: add a missing mm_page_alloc_zone_locked() tracepoint
    - mm: fix a race on nr_swap_pages
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - iwlwifi: provide gso_type to GSO packets
    - tty: avoid using vfs_iocb_iter_write() for redirected console writes
    - ACPI: sysfs: Prefer "compatible" modalias
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
    - ALSA: hda/via: Apply the workaround generically for Clevo machines
    - parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES
    - media: cec: add stm32 driver
    - media: hantro: Fix reset_raw_fmt initialization
    - media: rc: fix timeout handling after switch to microsecond durations
    - media: rc: ite-cir: fix min_timeout calculation
    - media: rc: ensure that uevent can be read directly after rc device register
    - ARM: dts: tbs2910: rename MMC node aliases
    - ARM: dts: ux500: Reserve memory carveouts
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - ASoC: AMD Renoir - refine DMI entries for some Lenovo products
    - drm/i915: Always flush the active worker before returning from the wait
    - drm/i915/gt: Always try to reserve GGTT address 0x0
    - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - s390: uv: Fix sysfs max number of VCPUs reporting
    - s390/vfio-ap: No need to disable IRQ after queue reset
    - PM: hibernate: flush swap writer after marking
    - x86/entry: Emit a symbol for register restoring thunk
    - efi/apple-properties: Reinstate support for boolean properties
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - btrfs: fix possible free space tree corruption with online conversion
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh()
    - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
    - KVM: x86: get smi pending status correctly
    - KVM: Forbid the use of tagged userspace addresses for memslots
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - arm64: dts: broadcom: Fix USB DMA address translation for Stingray
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit.
    - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals
    - drm/i915/pmu: Don't grab wakeref when enabling events
    - net/mlx5e: Fix IPSEC stats
    - ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight
    - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices
    - drm/i915: Check for all subplatform bits
    - drm/i915/selftest: Fix potential memory leak
    - uapi: fix big endian definition of ipv6_rpl_sr_hdr
    - KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM
    - tee: optee: replace might_sleep with cond_resched
    - xen-blkfront: allow discard-* nodes to be optional
    - clk: mmp2: fix build without CONFIG_PM
    - clk: qcom: gcc-sm250: Use floor ops for sdcc clks
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - ARM: zImage: atags_to_fdt: Fix node names on added root nodes
    - netfilter: nft_dynset: add timeout extension to template
    - Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion"
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - xfrm: fix disable_xfrm sysctl when used on xfrm interfaces
    - xfrm: Fix wraparound in xfrm_policy_addr_delta()
    - arm64: dts: ls1028a: fix the offset of the reset register
    - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status
    - ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms
    - arm64: dts: imx8mp: Correct the gpio ranges of gpio3
    - firmware: imx: select SOC_BUS to fix firmware build
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn
    - iwlwifi: pcie: set LTR on more devices
    - iwlwifi: pcie: use jiffies for memory read spin time li

  linux-hwe-5.8 (5.8.0-48.54~20.04.1) focal; urgency=medium

  [ Ubuntu: 5.8.0-48.54 ]

  * CVE-2020-27170
    - bpf: Fix off-by-one for area size in creating mask to left
  * CVE-2020-27171
    - bpf: Prohibit alu ops for pointer types not defining ptr_limit

  [ Ubuntu: 5.8.0-47.53 ]

  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script
  * CVE-2021-3444
    - bpf: Fix 32 bit src register truncation on div/mod
    - bpf: Fix truncation handling for mod32 dst reg wrt zero
  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

 -- Thadeu Lima de Souza Cascardo <email address hidden> Sat, 20 Mar 2021 10:05:59 -0300

  linux-hwe-5.8 (5.8.0-45.51~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-45.51~20.04.1 -proposed tracker (LP: #1916142)

  [ Ubuntu: 5.8.0-45.51 ]

  * groovy/linux: 5.8.0-45.51 -proposed tracker (LP: #1916143)
  * Please trust Canonical Livepatch Service kmod signing key (LP: #1898716)
    - [Config] enable CONFIG_MODVERSIONS=y
    - [Packaging] build canonical-certs.pem from branch/arch certs
    - [Config] add Canonical Livepatch Service key to SYSTEM_TRUSTED_KEYS
    - [Config] add ubuntu-drivers key to SYSTEM_TRUSTED_KEYS
    - [Config] Allow ASM_MODVERSIONS and MODULE_REL_CRCS
  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check
  * Missing device id for Intel TGL-H ISH [8086:43fc] in intel-ish-hid driver
    (LP: #1914543)
    - HID: intel-ish-hid: ipc: Add Tiger Lake H PCI device ID
  * Prevent thermal shutdown during boot process (LP: #1906168)
    - thermal/core: Emit a warning if the thermal zone is updated without ops
    - thermal/core: Add critical and hot ops
    - thermal/drivers/acpi: Use hot and critical ops
    - thermal/drivers/rcar: Remove notification usage
    - thermal: int340x: Fix unexpected shutdown at critical temperature
    - thermal: intel: pch: Fix unexpected shutdown at critical temperature
  * geneve overlay network on vlan interface broken with offload enabled
    (LP: #1914447)
    - net/mlx5e: Fix SWP offsets when vlan inserted by driver
  * Groovy update: upstream stable patchset 2021-02-11 (LP: #1915473)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: hns3: fix the number of queues actually used by ARQ
    - net: hns3: fix a phy loopback fail issue
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - tools: selftests: add test for changing routes with PTMU exceptions
    - net: fix pmtu check in nopmtudisc mode
    - net: ip: always refragment ip defragmented packets
    - octeontx2-af: fix memory leak of lmac and lmac->name
    - nexthop: Fix off-by-one error in error path
    - nexthop: Unlink nexthop group entry in error path
    - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
    - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
    - net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
    - net/mlx5e: ethtool, Fix restriction of autoneg with 56G
    - chtls: Fix hardware tid leak
    - chtls: Remove invalid set_tcb call
    - chtls: Fix panic when route to peer not configured
    - chtls: Replace skb_dequeue with skb_peek
    - chtls: Added a check to avoid NULL pointer dereference
    - chtls: Fix chtls resources release sequence
    - HID: wacom: Fix memory leakage caused by kfifo_alloc
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
    - can: tcan4x5x: fix bittiming const, use common bittiming from m_can driver
    - can: m_can: m_can_class_unregister(): remove erroneous m_can_clk_stop()
    - can: kvaser_pciefd: select CONFIG_CRC32
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - spi: stm32: FIFO threshold level - fix align packet size
    - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated
    - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling
      path of the probe function
    - dmaengine: xilinx_dma: check dma_async_device_register return value
    - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
    - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
    - qed: select CONFIG_CRC32
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - lightnvm: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - bpftool: Fix compilation failure for net.o with older glibc
    - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
    - net/mlx5e: Fix two double free cases
    - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev
    - wan: ds26522: select CONFIG_BITREVERSE
    - regulator: qcom-rpmh-regulator: correct hfsmps515 definition
    - net: mvpp2: disable force link UP during port init procedure
    - KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init()
    - drm/panfrost: Don't corrupt the queue mutex on open/close
    - scsi: ufs: Fix -Wsometimes-uninitialized warning
    - btrfs: skip unnecessary searches for xattrs when logging an inode
    - net: stmmac: dwmac-sun8i: Fix probe error handling
    - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization
    - net: bareudp: add missing error handling for bareudp_link_config()
    - ptp: ptp_ines: prevent build when HAS_IOMEM is not set
    - chtls: Avoid unnecessary freeing of oreq pointer
    - nexthop: Bounce NHA_GATEWAY in FDB nexthop groups
    - net/mlx5e: In skb build skip setting mark in switchdev mode
    - ionic: start queues before announcing link up
    - fanotify: Fix sys_fanotify_mark() on native x86-32
    - spi: spi-geni-qcom: Fix geni_spi_isr() NULL dereference in timeout case
    - i2c: mediatek: Fix apdma and i2c hand-shake timeout
    - interconnect: imx: Add a missing of_node_put after of_device_is_available
    - dmaengine: milbeaut-xdmac: Fix a resource leak in the error handling path of
      the probe function
    - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA