This bug was fixed in the package linux - 5.13.0-41.46
---------------
linux (5.13.0-41.46) impish; urgency=medium
* impish/linux: 5.13.0-41.46 -proposed tracker (LP: #1969014)
* NVMe devices fail to probe due to ACPI power state change (LP: #1942624)
- ACPI: power: Rework turning off unused power resources
- ACPI: PM: Do not turn off power resources in unknown state
* Recent 5.13 kernel has broken KVM support (LP: #1966499)
- KVM: Add infrastructure and macro to mark VM as bugged
- KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled
* LRMv6: add multi-architecture support (LP: #1968774)
- [Packaging] resync dkms-build{,--nvidia-N}
* io_uring regression - lost write request (LP: #1952222)
- io-wq: split bounded and unbounded work into separate lists
* xfrm interface cannot be changed anymore (LP: #1968591)
- xfrm: fix the if_id check in changelink
* Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
- [Debian] Use kernel-testing repo from launchpad
* vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
selector (got 50)) (LP: #1956315)
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit
* audio from external sound card is distorted (LP: #1966066)
- ALSA: usb-audio: Fix packet size calculation regression
* Impish update: upstream stable patchset 2022-04-12 (LP: #1968771)
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- btrfs: tree-checker: check item_size for inode_item
- btrfs: tree-checker: check item_size for dev_item
- clk: jz4725b: fix mmc0 clock gating
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
- parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
- KVM: x86/mmu: make apf token non-zero to fix bug
- drm/amdgpu: disable MMHUB PG for Picasso
- drm/i915: Correctly populate use_sagv_wm for all pipes
- sr9700: sanity check for packet length
- USB: zaurus: support another broken Zaurus
- CDC-NCM: avoid overflow in sanity checking
- x86/fpu: Correct pkru/xstate inconsistency
- tee: export teedev_open() and teedev_close_context()
- optee: use driver internal tee_context for some rpc
- ping: remove pr_err from ping_lookup
- perf data: Fix double free in perf_session__delete()
- bnx2x: fix driver load from initrd
- bnxt_en: Fix active FEC reporting to ethtool
- hwmon: Handle failure to register sensor with thermal zone correctly
- bpf: Do not try bpf_msg_push_data with len 0
- selftests: bpf: Check bpf_msg_push_data return value
- bpf: Add schedule points in batch ops
- io_uring: add a schedule point in io_add_buffers()
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
- tipc: Fix end of loop tests for list_for_each_entry()
- gso: do not skip outer ip header in case of ipip and net_failover
- openvswitch: Fix setting ipv6 fields causing hw csum failure
- drm/edid: Always set RGB444
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
- net: ll_temac: check the return value of devm_kmalloc()
- net: Force inlining of checksum functions in net/checksum.h
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
- netfilter: nf_tables: fix memory leak during stateful obj update
- net/smc: Use a mutex for locking "struct smc_pnettable"
- surface: surface3_power: Fix battery readings on batteries without a
serial
number
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
- net/mlx5: Fix possible deadlock on rule deletion
- net/mlx5: Fix wrong limitation of metadata match on ecpf
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op()
- regmap-irq: Update interrupt clear register for proper reset
- RDMA/rtrs-clt: Fix possible double free in error case
- RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
- configfs: fix a race in configfs_{,un}register_subsystem()
- RDMA/ib_srp: Fix a deadlock
- tracing: Have traceon and traceoff trigger honor the instance
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
- iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
- iio: Fix error handling for PM
- sc16is7xx: Fix for incorrect data being transmitted
- ata: pata_hpt37x: disable primary channel on HPT371
- Revert "USB: serial: ch341: add new Product ID for CH341A"
- usb: gadget: rndis: add spinlock for rndis response list
- tracefs: Set the group ownership in apply_options() not parse_options()
- USB: serial: option: add support for DW5829e
- USB: serial: option: add Telit LE910R1 compositions
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
- xhci: re-initialize the HC during resume if HCE was set
- xhci: Prevent futile URB re-submissions due to incorrect return value.
- driver core: Free DMA range map when device is released
- RDMA/cma: Do not change route.addr.src_addr outside state checks
- thermal: int340x: fix memory leak in int3400_notify()
- riscv: fix oops caused by irqsoff latency tracer
- tty: n_gsm: fix encoding of control signal octet bit DV
- tty: n_gsm: fix proper link termination after failed open
- tty: n_gsm: fix NULL pointer access due to DLCI release
- tty: n_gsm: fix wrong tty control line for flow control
- tty: n_gsm: fix deadlock in gsmtty_open()
- gpio: tegra186: Fix chip_data type confusion
- memblock: use kfree() to release kmalloced memblock regions
- mm/filemap: Fix handling of THPs in generic_file_buffered_read()
- cgroup-v1: Correct privileges check in release_agent writes
- selinux: fix misuse of mutex_is_locked()
- drm/amd/display: Protect update_bw_bounding_box FPU code.
- drm/amdgpu: do not enable asic reset for raven2
- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
- netfilter: xt_socket: fix a typo in socket_mt_destroy()
- selftests: mptcp: fix diag instability
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
- bnxt_en: Fix incorrect multicast rx mask setting when not requested
- net/mlx5: Fix tc max supported prio for nic mode
- ice: initialize local variable 'tlv'
- net/mlx5: Update the list of the PCI supported devices
- net: mv643xx_eth: process retval from of_get_mac_address
- drm/vc4: crtc: Fix runtime_pm reference counting
- netfilter: nf_tables: unregister flowtable hooks on netns exit
- net/mlx5: DR, Cache STE shadow memory
- ibmvnic: schedule failover only if vioctl fails
- net/mlx5: DR, Don't allow match on IP w/o matching on full
ethertype/ip_version
- net/mlx5: DR, Fix the threshold that defines when pool sync is initiated
- net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
- net/mlx5: Update log_max_qp value to be 17 at most
- tracing: Dump stacktrace trigger to the corresponding instance
- usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail
- nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property
- mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios property
- staging: fbtft: fb_st7789v: reset display before initialization
- tps6598x: clear int mask on probe failure
- riscv: fix nommu_k210_sdcard_defconfig
- tty: n_gsm: fix wrong modem processing in convergence layer type 2
- pinctrl: fix loop in k210_pinconf_get_drive()
- pinctrl: k210: Fix bias-pull-up
- ice: Fix race conditions between virtchnl handling and VF ndo ops
- ice: fix concurrent reset and removal of VFs
* Impish update: upstream stable patchset 2022-04-07 (LP: #1968223)
- drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
- mm: memcg: synchronize objcg lists with a dedicated spinlock
- fs/proc: task_mmu.c: don't read mapcount for migration entry
- scsi: lpfc: Fix mailbox command failure during driver initialization
- HID:Add support for UGTABLET WP5540
- Revert "svm: Add warning message for AVIC IPI invalid target"
- serial: parisc: GSC: fix build when IOSAPIC is not set
- parisc: Drop __init from map_pages declaration
- parisc: Fix data TLB miss in sba_unmap_sg
- parisc: Fix sglist access in ccio-dma.c
- mmc: block: fix read single on recovery logic
- mm: don't try to NUMA-migrate COW pages that have other uses
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
topology
- parisc: Add ioread64_lo_hi() and iowrite64_lo_hi()
- btrfs: send: in case of IO error log it
- platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1
- platform/x86: ISST: Fix possible circular locking dependency detected
- selftests: rtc: Increase test timeout so that all tests run
- kselftest: signal all child processes
- net: ieee802154: at86rf230: Stop leaking skb's
- selftests/zram: Skip max_comp_streams interface on newer kernel
- selftests/zram01.sh: Fix compression ratio calculation
- selftests/zram: Adapt the situation that /dev/zram0 is being used
- selftests: openat2: Print also errno in failure messages
- selftests: openat2: Add missing dependency in Makefile
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP
- selftests: skip mincore.check_file_mmap when fs lacks needed support
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
- vfs: make freeze_super abort when sync_filesystem returns error
- quota: make dquot_quota_sync return errors from ->sync_fs
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
- nvme: fix a possible use-after-free in controller reset during load
- nvme-tcp: fix possible use-after-free in transport error_recovery work
- nvme-rdma: fix possible use-after-free in transport error_recovery work
- drm/amdgpu: fix logic inversion in check
- x86/Xen: streamline (and fix) PV CPU enumeration
- Revert "module, async: async_synchronize_full() on module init iff async
is
used"
- gcc-plugins/stackleak: Use noinstr in favor of notrace
- random: wake up /dev/random writers after zap
- iwlwifi: fix use-after-free
- drm/radeon: Fix backlight control on iMac 12,1
- drm/i915/opregion: check port number bounds for SWSCI display power state
- vsock: remove vsock from connected table when connect is interrupted by a
signal
- drm/i915/gvt: Make DRM_I915_GVT depend on X86
- iwlwifi: pcie: fix locking when "HW not ready"
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
- selftests: netfilter: fix exit value for nft_concat_range
- netfilter: nft_synproxy: unregister hooks on init error path
- ipv6: per-netns exclusive flowlabel checks
- net: dsa: lan9303: fix reset on probe
- net: dsa: lantiq_gswip: fix use after free in gswip_remove()
- net: ieee802154: ca8210: Fix lifs/sifs periods
- ping: fix the dif and sdif check in ping_lookup
- bonding: force carrier update when releasing slave
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
- net_sched: add __rcu annotation to netdev->qdisc
- bonding: fix data-races around agg_select_timer
- libsubcmd: Fix use-after-free for realloc(..., 0)
- dpaa2-eth: Initialize mutex used in one step timestamping path
- perf bpf: Defer freeing string after possible strlen() on it
- selftests/exec: Add non-regular to TEST_GEN_PROGS
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
- ALSA: hda/realtek: Fix deadlock by COEF mutex
- ALSA: hda: Fix regression on forced probe mask option
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
- powerpc/lib/sstep: fix 'ptesync' build error
- mtd: rawnand: gpmi: don't leak PM reference in error path
- ASoC: tas2770: Insert post reset delay
- block/wbt: fix negative inflight counter when remove scsi device
- NFS: LOOKUP_DIRECTORY is also ok with symlinks
- NFS: Do not report writeback errors in nfs_getattr()
- tty: n_tty: do not look ahead for EOL character past the end of the buffer
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
- KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
- KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf
event
- KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
- ARM: OMAP2+: hwmod: Add of_node_put() before break
- ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
- phy: usb: Leave some clocks running during suspend
- irqchip/sifive-plic: Add missing thead,c900-plic match string
- netfilter: conntrack: don't refresh sctp entries in closed state
- arm64: dts: meson-gx: add ATF BL32 reserved-memory region
- arm64: dts: meson-g12: add ATF BL32 reserved-memory region
- arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
- pidfd: fix test failure due to stack overflow on some arches
- selftests: fixup build warnings in pidfd / clone3 tests
- kconfig: let 'shell' return enough output for deep path names
- ata: libata-core: Disable TRIM on M88V29
- soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
- net: usb: qmi_wwan: Add support for Dell DW5829e
- net: macb: Align the dma and coherent dma masks
- kconfig: fix failing to generate auto.conf
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr()
- net: sched: limit TC_ACT_REPEAT loops
- dmaengine: sh: rcar-dmac: Check for error num after setting mask
- dmaengine: stm32-dmamux: Fix PM disable depth imbalance in
stm32_dmamux_probe
- dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
- i2c: qcom-cci: don't delete an unregistered adapter
- i2c: qcom-cci: don't put a device tree node before i2c_add_adapter()
- copy_process(): Move fd_install() out of sighand->siglock critical section
- i2c: brcmstb: fix support for DSL and CM variants
- lockdep: Correct lock_classes index mapping
- btrfs: zoned: cache reported zone during mount
- HID: amd_sfh: Add illuminance mask to limit ALS max value
- HID: amd_sfh: Correct the structure field name
- KVM: x86/xen: Fix runstate updates to be atomic when preempting vCPU
- drm/i915: Fix dbuf slice config lookup
- drm/cma-helper: Set VM_DONTEXPAND for mmap
- selftests: netfilter: disable rp_filter on router
- ipv4: fix data races in fib_alias_hw_flags_set
- ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
- mac80211: mlme: check for null after calling kmemdup
- cfg80211: fix race in netlink owner interface destruction
- net/smc: Avoid overwriting the copies of clcsock callback functions
- tipc: fix wrong publisher node address in link publications
- net: bridge: multicast: notify switchdev driver whenever MC processing
gets
disabled
- arm64: Correct wrong label in macro __init_el2_gicv3
- ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack
Ultra
- cifs: fix set of group SID via NTSD xattrs
- powerpc/603: Fix boot failure with DEBUG_PAGEALLOC and KFENCE
- smb3: fix snapshot mount option
- NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked()
- mtd: parsers: qcom: Fix kernel panic on skipped partition
- mtd: parsers: qcom: Fix missing free for pparts in cleanup
- mtd: phram: Prevent divide by zero bug in phram_setup()
- mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get
- tests: fix idmapped mount_setattr test
- ice: enable parsing IPSEC SPI headers for RSS
* Impish update: upstream stable patchset 2022-03-31 (LP: #1967439)
- integrity: check the return value of audit_log_start()
- ima: Remove ima_policy file before directory
- ima: Allow template selection with ima_template[_fmt]= after ima_hash=
- mmc: sdhci-of-esdhc: Check for error num after setting mask
- can: isotp: fix potential CAN frame reception race in isotp_rcv()
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible
PHYs
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
- NFS: Fix initialisation of nfs_client cl_flags field
- NFSD: Clamp WRITE offsets
- NFSD: Fix offset type in I/O trace points
- tracing: Propagate is_signed to expression
- NFS: change nfs_access_get_cached to only report the mask
- NFSv4 only print the label when its queried
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4.1: Fix uninitialised variable in devicenotify
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4 expose nfs_parse_server_name function
- NFSv4 handle port presence in fs_location server string
- x86/perf: Avoid warning for Arch LBR without XSAVE
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
- net: sched: Clarify error message when qdisc kind is unknown
- powerpc/fixmap: Fix VM debug warning on unmap
- scsi: target: iscsi: Make sure the np under each tpg is unique
- scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
- scsi: qedf: Add stag_work to all the vports
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
- scsi: pm8001: Fix bogus FW crash for maxcpus=1
- scsi: ufs: Treat link loss as fatal error
- scsi: myrs: Fix crash in error case
- PM: hibernate: Remove register_nosave_region_late()
- usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
- perf: Always wake the parent event
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
- net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
- KVM: eventfd: Fix false positive RCU usage warning
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
- KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow
- riscv: fix build with binutils 2.38
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
- ARM: dts: Fix boot regression on Skomer
- ARM: socfpga: fix missing RESET_CONTROLLER
- nvme-tcp: fix bogus request completion when failing to send AER
- ACPI/IORT: Check node revision for PMCG resources
- drm/rockchip: vop: Correct RK3399 VOP register fields
- ARM: dts: Fix timer regression for beagleboard revision c
- ARM: dts: meson: Fix the UART compatible strings
- ARM: dts: meson8: Fix the UART device-tree schema validation
- ARM: dts: meson8b: Fix the UART device-tree schema validation
- staging: fbtft: Fix error path in fbtft_driver_module_init()
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
- phy: xilinx: zynqmp: Fix bus width setting for SGMII
- ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
- usb: f_fs: Fix use-after-free for epfile
- gpio: aggregator: Fix calling into sleeping GPIO controllers
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
- misc: fastrpc: avoid double fput() on failed usercopy
- netfilter: ctnetlink: disable helper autoassign
- arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
- ixgbevf: Require large buffers for build_skb on 82599VF
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
- gpio: sifive: use the correct register to read output values
- bonding: pair enable_port with slave_arr_updates
- net: dsa: mv88e6xxx: don't use devres for mdiobus
- net: dsa: ar9331: register the mdiobus under devres
- net: dsa: bcm_sf2: don't use devres for mdiobus
- net: dsa: felix: don't use devres for mdiobus
- net: dsa: lantiq_gswip: don't use devres for mdiobus
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure
path
- nfp: flower: fix ida_idx not being released
- net: do not keep the dst cache when uncloning an skb dst and its metadata
- net: fix a memleak when uncloning an skb dst and its metadata
- veth: fix races around rq->rx_notify_masked
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
- tipc: rate limit warning for received illegal binding update
- net: amd-xgbe: disable interrupts during pci removal
- dpaa2-eth: unregister the netdev before disconnecting from the PHY
- ice: fix an error code in ice_cfg_phy_fec()
- ice: fix IPIP and SIT TSO offload
- net: mscc: ocelot: fix mutex lock error during ethtool stats read
- net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
- vt_ioctl: fix array_index_nospec in vt_setactivate
- vt_ioctl: add array_index_nospec to VT_ACTIVATE
- n_tty: wake up poll(POLLRDNORM) on receiving data
- eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
- Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured"
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- usb: ulpi: Move of_node_put to ulpi_dev_release
- usb: ulpi: Call of_node_put correctly
- usb: dwc3: gadget: Prevent core from processing stale TRBs
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
- USB: gadget: validate interface OS descriptor requests
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
- usb: gadget: f_uac2: Define specific wTerminalType
- usb: raw-gadget: fix handling of dual-direction-capable endpoints
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- USB: serial: option: add ZTE MF286D modem
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
- USB: serial: cp210x: add NCR Retail IO box id
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
- speakup-dectlk: Restore pitch setting
- phy: ti: Fix missing sentinel for clk_div_table
- hwmon: (dell-smm) Speed up setting of fan speed
- Makefile.extrawarn: Move -Wunaligned-access to W=1
- can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
- scsi: lpfc: Reduce log messages seen after firmware download
- arm64: dts: imx8mq: fix lcdif port node
- perf: Fix list corruption in perf_cgroup_switch()
- iommu: Fix potential use-after-free during probe
- ima: fix reference leak in asymmetric_verify()
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
- NFSD: Fix ia_size underflow
- NFSD: Fix the behavior of READ near OFFSET_MAX
- NFSv4 store server support for fs_location attribute
- NFSv4.1 query for fs_location attr on a new file system
- perf/x86/rapl: fix AMD event handling
- sched: Avoid double preemption in __cond_resched_*lock*()
- drm/vc4: Fix deadlock on DSI device attach error
- scsi: qedf: Change context reset messages to ratelimited
- net: stmmac: reduce unnecessary wakeups from eee sw timer
- MIPS: Fix build error due to PTR used in more places
- KVM: x86: Report deprecated x87 features in supported CPUID
- riscv: cpu-hotplug: clear cpu from numa map when teardown
- riscv: eliminate unreliable __builtin_frame_address(1)
- gfs2: Fix gfs2_release for non-writers regression
- phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option
- phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()
- phy: dphy: Correct clk_pre parameter
- NFS: Don't overfill uncached readdir pages
- NFS: Don't skip directory entries when doing uncached readdir
- gpiolib: Never return internal error codes to user space
- fbcon: Avoid 'cap' set but not used warning
- drm/amd/pm: fix hwmon node of power1_label create issue
- mptcp: netlink: process IPv6 addrs in creating listening sockets
- iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL
- seccomp: Invalidate seccomp mode to catch death failures
- x86/sgx: Silence softlockup detection when releasing large enclaves
* Impish update: upstream stable patchset 2022-03-22 (LP: #1966021)
- selinux: fix double free of cond_list on error paths
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
- ALSA: usb-audio: Correct quirk for VF0770
- ALSA: hda: Fix UAF of leds class devs at unbinding
- ALSA: hda: realtek: Fix race at concurrent COEF updates
- ALSA: hda/realtek: Add quirk for ASUS GU603
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
quirks
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
chipset)
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
reboot from Windows
- btrfs: fix deadlock between quota disable and qgroup rescan worker
- drm/nouveau: fix off by one in BIOS boundary checking
- drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple
Retina
panels
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
- mm/debug_vm_pgtable: remove pte entry from the page table
- mm/pgtable: define pte_index so that preprocessor could recognize it
- mm/kmemleak: avoid scanning potential huge holes
- block: bio-integrity: Advance seed correctly for larger interval sizes
- dma-buf: heaps: Fix potential spectre v1 gadget
- IB/hfi1: Fix AIP early init panic
- memcg: charge fs_context and legacy_fs_context
- RDMA/cma: Use correct address when leaving multicast group
- RDMA/ucma: Protect mc during concurrent multicast leaves
- IB/rdmavt: Validate remote_addr during loopback atomic tests
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
- RDMA/mlx4: Don't continue event handler after memory allocation failure
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
- spi: bcm-qspi: check for valid cs before applying chip select
- spi: mediatek: Avoid NULL pointer crash in interrupt
- spi: meson-spicc: add IRQ check in meson_spicc_probe
- spi: uniphier: fix reference count leak in uniphier_spi_probe()
- net: ieee802154: hwsim: Ensure proper channel selection at probe time
- net: ieee802154: mcr20a: Fix lifs/sifs periods
- net: ieee802154: ca8210: Stop leaking skb's
- net: ieee802154: Return meaningful error codes from the netlink helpers
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
- net: macsec: Verify that send_sci is on when setting Tx sci explicitly
- net: stmmac: dump gmac4 DMA registers correctly
- net: stmmac: ensure PTP time register reads are consistent
- drm/i915/overlay: Prevent divide by zero bugs in scaling
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period
bytes
- ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
- ASoC: max9759: fix underflow in speaker_gain_control_put()
- pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured
line
- pinctrl: intel: fix unexpected interrupt
- pinctrl: bcm2835: Fix a few error paths
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
- gve: fix the wrong AdminQ buffer queue index check
- bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
- selftests/exec: Remove pipe from TEST_GEN_FILES
- selftests: futex: Use variable MAKE instead of make
- tools/resolve_btfids: Do not print any commands when building silently
- rtc: cmos: Evaluate century appropriate
- Revert "fbcon: Disable accelerated scrolling"
- updateconfigs for FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION
- fbcon: Add option to enable legacy hardware acceleration
- perf stat: Fix display of grouped aliased events
- perf/x86/intel/pt: Fix crash with stop filters in single-range mode
- x86/perf: Default set FREEZE_ON_SMI for all
- EDAC/altera: Fix deferred probing
- EDAC/xgene: Fix deferred probing
- ext4: prevent used blocks from being allocated during fast commit replay
- ext4: modify the logic of ext4_mb_new_blocks_simple
- ext4: fix error handling in ext4_restore_inline_data()
- ext4: fix error handling in ext4_fc_record_modified_inode()
- ext4: fix incorrect type issue during replay_del_range
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
- cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
- selftests: nft_concat_range: add test for reload with no element add/del
- drm/i915: Disable DSB usage for now
- btrfs: don't start transaction for scrub if the fs is mounted read-only
- btrfs: fix use-after-free after failure to create a snapshot
- Revert "fs/9p: search open fids first"
- mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()
- KVM: arm64: Avoid consuming a stale esr value when SError occur
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError
occurs
- ALSA: usb-audio: initialize variables that could ignore errors
- ALSA: hda: Skip codec shutdown in case the codec is not registered
- IB/hfi1: Fix tstats alloc and dealloc
- IB/cm: Release previously acquired reference counter in the cm_id_priv
- netfilter: nft_reject_bridge: Fix for missing reply from prerouting
- net/smc: Forward wakeup to smc socket waitqueue after fallback
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
speed request.
- net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
- drm/kmb: Fix for build errors with Warray-bounds
- drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled
- ASoC: simple-card: fix probe failure on platform component
- ASoC: codecs: lpass-rx-macro: fix sidetone register offsets
- pinctrl: sunxi: Fix H616 I2S3 pin data
- kvm: add guest_state_{enter,exit}_irqoff()
- kvm/arm64: rework guest entry logic
- perf: Copy perf_event_attr::sig_data on modification
- tools include UAPI: Sync sound/asound.h copy with the kernel sources
- gpio: mpc8xxx: Fix an ignored error return from platform_get_irq()
- selftests: netfilter: check stateless nat udp checksum fixup
- moxart: fix potential use-after-free on remove path
- crypto: api - Move cryptomgr soft dependency into algapi
* Impish update: upstream stable patchset 2022-03-18 (LP: #1965589)
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
- net: ipa: use a bitmap for endpoint replenish_enabled
- net: ipa: prevent concurrent replenish
- KVM: x86: Forcibly leave nested virt when SMM state is toggled
- net/mlx5e: Fix handling of wrong devices during bond netevent
- net/mlx5: Use del_timer_sync in fw reset flow of halting poll
- net/mlx5: E-Switch, Fix uninitialized variable modact
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
- net: amd-xgbe: ensure to reset the tx_timer_active flag
- net: amd-xgbe: Fix skb data length underflow
- fanotify: Fix stale file descriptor in copy_event_to_user()
- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
- af_packet: fix data-race in packet_setsockopt / packet_setsockopt
- tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
- selftests: mptcp: fix ipv6 routing setup
- net/mlx5e: Fix module EEPROM query
- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
- net/mlx5e: Don't treat small ceil values as unlimited in HTB offload
- i40e: Fix reset path while removing the driver
* CVE-2022-27223
- USB: gadget: validate endpoint index for xilinx udc
* CVE-2022-26490
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
* CVE-2021-26401
- x86/speculation: Use generic retpoline by default on AMD
- x86/speculation: Update link to AMD speculation whitepaper
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
* CVE-2022-0001
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
reporting
* USB devices not detected during boot on USB 3.0 hubs (LP: #1968210)
- SAUCE: Revert "Revert "xhci: Set HCD flag to defer primary roothub
registration""
- SAUCE: Revert "Revert "usb: core: hcd: Add support for deferring roothub
registration""
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Thu, 14 Apr
2022 18:38:58 +0200
** Changed in: linux (Ubuntu Impish)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26401
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0001
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26490
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-27223
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1966499
Title:
Recent 5.13 kernel has broken KVM support
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Impish:
Fix Released
Status in linux source package in Jammy:
Fix Released
Bug description:
[Impact]
This is caused by commit 08335308 "KVM: x86: check PIR even for vCPUs
with disabled APICv", this patch needs 7e1901f6c "KVM: VMX: prepare
sync_pir_to_irr for running with APICv disabled" otherwise if APICv
is disabled in this vcpu it will trigger warning messages in
vmx_sync_pir_to_irr() of vmx.c:
WARN_ON(!vcpu->arch.apicv_active);
With warnings like:
------------[ cut here ]------------
WARNING: CPU: 13 PID: 6997 at arch/x86/kvm/vmx/vmx.c:6336
vmx_sync_pir_to_irr+0x9e/0xc0 [kvm_intel]
? xfer_to_guest_mode_work+0xe2/0x110
Modules linked in: vhost_net vhost vhost_iotlb tap xt_CHECKSUM xt_MASQUERADE
xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat
nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables
nfnetlink bridge stp llc nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc
scsi_dh_alua intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal
intel_powerclamp coretemp kvm_intel kvm joydev input_leds ioatdma rapl
intel_cstate efi_pstore ipmi_si mei_me mei mac_hid acpi_pad
vcpu_run+0x4d/0x220 [kvm]
acpi_power_meter sch_fq_codel ipmi_devintf ipmi_msghandler msr ip_tables
x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456
async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq
libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid mgag200
i2c_algo_bit drm_kms_helper crct10dif_pclmul syscopyarea crc32_pclmul
sysfillrect sysimgblt ghash_clmulni_intel fb_sys_fops ixgbe cec aesni_intel
rc_core crypto_simd xfrm_algo cryptd drm ahci dca i2c_i801 xhci_pci mdio
libahci i2c_smbus lpc_ich xhci_pci_renesas wmi
CPU: 13 PID: 6997 Comm: qemu-system-x86 Tainted: G W I 5.13.0-39-generic
#44-Ubuntu
Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS
SE5C610.86B.01.01.1008.031920151331 03/19/2015
kvm_arch_vcpu_ioctl_run+0xc5/0x4f0 [kvm]
RIP: 0010:vmx_sync_pir_to_irr+0x9e/0xc0 [kvm_intel]
Code: e8 47 f5 18 00 8b 93 00 03 00 00 89 45 ec 83 e2 20 85 d2 74 dc 48 8b 55
f0 65 48 2b 14 25 28 00 00 00 75 1d 48 8b 5d f8 c9 c3 <0f> 0b eb 87 f0 80 4b 39
40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
RSP: 0018:ffffae4d8d107c98 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff99c552942640 RCX: ffff99c5043a72f0
RDX: ffff99c552942640 RSI: 0000000000000001 RDI: ffff99c552942640
RBP: ffffae4d8d107cb0 R08: ffff99c86f6a7140 R09: 0000000000027100
R10: 0000000042280000 R11: 000000000000000a R12: ffff99c552942640
R13: 0000000000000000 R14: ffffae4d8d1a63e0 R15: ffff99c552942640
FS: 00007f6ae9be7640(0000) GS:ffff99c86f680000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010b8a6006 CR4: 00000000001726e0
Call Trace:
<TASK>
kvm_vcpu_ioctl+0x243/0x5e0 [kvm]
vcpu_enter_guest+0x383/0xf50 [kvm]
? xfer_to_guest_mode_work+0xe2/0x110
? kvm_vm_ioctl+0x364/0x730 [kvm]
? __fget_files+0x86/0xc0
vcpu_run+0x4d/0x220 [kvm]
__x64_sys_ioctl+0x91/0xc0
do_syscall_64+0x61/0xb0
? fput+0x13/0x20
? exit_to_user_mode_prepare+0x37/0xb0
? syscall_exit_to_user_mode+0x27/0x50
? do_syscall_64+0x6e/0xb0
? syscall_exit_to_user_mode+0x27/0x50
? do_syscall_64+0x6e/0xb0
? do_syscall_64+0x6e/0xb0
? do_syscall_64+0x6e/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f6aebce1a2b
Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f
1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d d5 f3 0f 00 f7 d8 64 89 01 48
RSP: 002b:00007f6ae8ffe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007f6aebce1a2b
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000c
RBP: 0000557d3b429b90 R08: 0000557d3a4ebff0 R09: 00000000ffffffff
kvm_arch_vcpu_ioctl_run+0xc5/0x4f0 [kvm]
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000003000 R15: 0000000000000000
</TASK>
---[ end trace 5b722d71a78069b1 ]---
This warning message will be flooding in system log files and
eventually eat up all the disk space then crash the server.
This issue will gone by either reverting it or adding the fixes below.
Reference:
https://patchwork.kernel.org/project/kvm/patch/20211118072531.1534938-1-pbonz...@redhat.com/
[Fixes]
* 0b8f11737 KVM: Add infrastructure and macro to mark VM as bugged
* 673692735 KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to
the VM
* 7e1901f6c KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled
The fix comes in two fold, the first two patches will fix the warning
message flooding issue, make it only gets printed once. The third
patch will change the prevent this to happen.
The first patch needs to be backported as we're missing:
2fdef3a2ae kvm: add PM-notifier
fcfe1baedd KVM: stats: Support binary stats retrieval for a VM
The second patch needs some context adjustment. And the last one can
be cherry-picked.
[Test]
Test kernels can be found here:
https://people.canonical.com/~phlin/kernel/lp-1966499-kvm-warn-flood/
This issue can be verified with LXD:
1. snap install lxd
2. lxc launch images:ubuntu/20.04 --vm vm1
On affected system, the dmesg output will be flooded with this warning
message. With patched kernel the VM can be started with clean dmesg.
I have this kernel tested on Impish, the F-5.13 has been tested by
Daniƫl Vos (vosdev) on launchpad. Both are working as expected.
kvm-unit-tests has also been tested on my Impish instance to ensure
there is no other issues.
[Where problems could occur]
This patchset will change how the KVM bug gets reported in the kernel,
if it's incorrect it might affect VMX capability.
[Original Bug Report]
Upgrading to 5.13.0-37 or 5.13.0-39 immediately crashes my production servers
as they hit:
https://lore.kernel.org/all/f1ea22d3-cff8-406a-ad6a-cb8e0124a...@leemhuis.info/T/#md1f5c8c4aa01130a449a47f3e7559f06b0372f55
It looks like we need to get e90e51d5f01d included in those kernels.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1966499/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
