Public bug reported: SRU Justification
Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2022-02-11 Ported from the following upstream stable releases: v4.14.263, v4.19.226 from git://git.kernel.org/ Bluetooth: bfusb: fix division by zero in send path USB: core: Fix bug in resuming hub's handling of wakeup requests USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} random: fix data race on crng_node_pool random: fix data race on crng init time staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() media: uvcvideo: fix division by zero at stream start rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled Bluetooth: schedule SCO timeouts with delayed_work Bluetooth: fix init and cleanup of sco_conn.timeout_work HID: uhid: Fix worker destroying device without any protection HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Avoid using stale array indicies to read contact count nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() rtc: cmos: take rtc_lock while reading from CMOS media: flexcop-usb: fix control-message timeouts media: mceusb: fix control-message timeouts media: em28xx: fix control-message timeouts media: cpia2: fix control-message timeouts media: s2255: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: redrat3: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: stk1160: fix control-message timeouts can: softing_cs: softingcs_probe(): fix memleak on registration failure shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails clk: bcm-2835: Pick the closest clock rate clk: bcm-2835: Remove rounding up the dividers wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND media: em28xx: fix memory leak in em28xx_init_dev Bluetooth: stop proccessing malicious adv data media: dmxdev: fix UAF when dvb_register_device() fails crypto: qce - fix uaf on qce_ahash_register_one tty: serial: atmel: Check return code of dmaengine_submit() tty: serial: atmel: Call dma_async_issue_pending() media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released netfilter: bridge: add support for pppoe filtering arm64: dts: qcom: msm8916: fix MMC controller aliases drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() serial: amba-pl011: do not request memory region twice floppy: Fix hang in watchdog when disk is ejected media: dib8000: Fix a memleak in dib8000_init() media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: si2157: Fix "warm" tuner state detection sched/rt: Try to restart rt period timer when rt runtime exceeded media: dw2102: Fix use after free media: msi001: fix possible null-ptr-deref in msi001_probe() usb: ftdi-elan: fix memory leak on device disconnect x86/mce/inject: Avoid out-of-bounds write when setting flags pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() ppp: ensure minimum packet size in ppp_write() fsl/fman: Check for null pointer after calling devm_ioremap spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe tpm: add request_locality before write TPM_INT_ENABLE can: softing: softing_startstop(): fix set but not used variable warning can: xilinx_can: xcan_probe(): check for error irq pcmcia: fix setting of kthread task states net: mcs7830: handle usb read errors properly ext4: avoid trim error on fs with small groups ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: hda: Add missing rwsem around snd_ctl_remove() calls RDMA/hns: Validate the pkey index powerpc/prom_init: Fix improper check of prom_getprop() ALSA: oss: fix compile error when OSS_DEBUG is enabled char/mwave: Adjust io port register size scsi: ufs: Fix race conditions related to driver data RDMA/core: Let ib_find_gid() continue search even after empty entry dmaengine: pxa/mmp: stop referencing config->slave_id iommu/iova: Fix race between FQ timeout and teardown ASoC: samsung: idma: Check of ioremap return value misc: lattice-ecp3-config: Fix task hung when firmware load failed mips: lantiq: add support for clk_set_parent() mips: bcm63xx: add support for clk_set_parent() RDMA/cxgb4: Set queue pair state when being queried Bluetooth: Fix debugfs entry leak in hci_register_dev() fs: dlm: filter user dlm messages for kernel locks ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR usb: gadget: f_fs: Use stream_open() for endpoint files HID: apple: Do not reset quirks when the Fn key is not found media: b2c2: Add missing check in flexcop_pci_isr: mlxsw: pci: Add shutdown method in PCI driver drm/bridge: megachips: Ensure both bridges are probed before registration gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use HSI: core: Fix return freed object in hsi_new_client mwifiex: Fix skb_over_panic in mwifiex_usb_recv() usb: uhci: add aspeed ast2600 uhci support floppy: Add max size check for user space request media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: m920x: don't use stack on USB reads iwlwifi: mvm: synchronize with FW after multicast commands ath10k: Fix tx hanging net: bonding: debug: avoid printing debug logs when bond is not notifying peers bpf: Do not WARN in bpf_warn_invalid_xdp_action() media: igorplugusb: receiver overflow should be reported media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO arm64: tegra: Adjust length of CCPLEX cluster MMIO region usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream iwlwifi: fix leaks/bad data after failed firmware load iwlwifi: remove module loading failure message um: registers: Rename function names to avoid conflicts and build problems jffs2: GC deadlock reading a page that is used in jffs2_write_begin() ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 btrfs: remove BUG_ON() in find_parent_nodes() btrfs: remove BUG_ON(!eie) in find_parent_nodes net: mdio: Demote probed message to debug print mac80211: allow non-standard VHT MCS-10/11 dm btree: add a defensive bounds check to insert_at() dm space map common: add bounds check to sm_ll_lookup_bitmap() net: phy: marvell: configure RGMII delays for 88E1118 serial: pl010: Drop CR register reset on set_termios serial: core: Keep mctrl register state and cached copy in sync parisc: Avoid calling faulthandler_disabled() twice powerpc/6xx: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/btext: add missing of_node_put powerpc/watchdog: Fix missed watchdog reset due to memory ordering race i2c: i801: Don't silently correct invalid transfer size powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: mpc: Correct I2C reset procedure w1: Misuse of get_user()/put_user() reported by sparse ALSA: seq: Set upper limit of processed events MIPS: OCTEON: add put_device() after of_find_device_by_node() i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: Octeon: Fix build errors using clang scsi: sr: Don't use GFP_DMA ASoC: mediatek: mt8173: fix device_node leak power: bq25890: Enable continuous conversion for ADC at charging ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers serial: Fix incorrect rs485 polarity on uart open cputime, cpuacct: Include guest time in user time in cpuacct.stat iwlwifi: mvm: Increase the scan timeout guard to 30 seconds ext4: make sure quota gets properly shutdown on error ext4: set csum seed in tmp inode while migrating to extents ext4: Fix BUG_ON in ext4_bread when write quota data ext4: don't use the orphan list when migrating an inode crypto: stm32/crc32 - Fix kernel BUG triggered in probe() drm/radeon: fix error handling in radeon_driver_open_kms firmware: Update Kconfig help text for Google firmware Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization RDMA/hns: Modify the mapping attribute of doorbell to device RDMA/rxe: Fix a typo in opcode name powerpc/cell: Fix clang -Wimplicit-fallthrough warning powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress net: axienet: Wait for PhyRstCmplt after core reset net: axienet: fix number of TX ring slots for available check netns: add schedule point in ops_exit_list() libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() dmaengine: at_xdmac: Don't start transactions at tx_submit level dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Fix at_xdmac_lld struct definition net_sched: restore "mpu xxx" handling bcmgenet: add WOL IRQ check scripts/dtc: dtx_diff: remove broken example from help text lib82596: Fix IRQ check in sni_82596_probe mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue gianfar: simplify FCS handling and fix memory leak firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries firmware: qemu_fw_cfg: fix kobject leak in probe error path ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows wcn36xx: Release DMA channel descriptor allocations tty: serial: uartlite: allow 64 bit address xfrm: fix a small bug in xfrm_sa_len() mmc: meson-mx-sdio: add IRQ check netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() staging: greybus: audio: Check null pointer Bluetooth: hci_bcm: Check for error irq ASoC: rt5663: Handle device_property_read_u32_array error codes rpmsg: Only invoke announce_create for rpdev with endpoints rpmsg: core: Clean up resources on announce_create failure. dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK rtc: pxa: fix null pointer dereference UBUNTU: upstream stable to v4.14.263, v4.19.226 ** Affects: linux (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux (Ubuntu Bionic) Importance: Medium Assignee: Kamal Mostafa (kamalmostafa) Status: In Progress ** Tags: kernel-stable-tracking-bug ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Tags added: kernel-stable-tracking-bug ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The following upstream + stable patches should be included in the Ubuntu kernel: - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The following upstream - stable patches should be included in the Ubuntu kernel: + upstream stable patchset 2022-02-11 + from git://git.kernel.org/ - upstream stable patchset 2022-02-11 - from git://git.kernel.org/ + Bluetooth: bfusb: fix division by zero in send path + USB: core: Fix bug in resuming hub's handling of wakeup requests + USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status + mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() + can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data + can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} + random: fix data race on crng_node_pool + random: fix data race on crng init time + staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() + drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() + orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() + media: uvcvideo: fix division by zero at stream start + rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled + Bluetooth: schedule SCO timeouts with delayed_work + Bluetooth: fix init and cleanup of sco_conn.timeout_work + HID: uhid: Fix worker destroying device without any protection + HID: wacom: Ignore the confidence flag when a touch is removed + HID: wacom: Avoid using stale array indicies to read contact count + nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() + rtc: cmos: take rtc_lock while reading from CMOS + media: flexcop-usb: fix control-message timeouts + media: mceusb: fix control-message timeouts + media: em28xx: fix control-message timeouts + media: cpia2: fix control-message timeouts + media: s2255: fix control-message timeouts + media: dib0700: fix undefined behavior in tuner shutdown + media: redrat3: fix control-message timeouts + media: pvrusb2: fix control-message timeouts + media: stk1160: fix control-message timeouts + can: softing_cs: softingcs_probe(): fix memleak on registration failure + shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode + PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller + Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails + clk: bcm-2835: Pick the closest clock rate + clk: bcm-2835: Remove rounding up the dividers + wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND + media: em28xx: fix memory leak in em28xx_init_dev + Bluetooth: stop proccessing malicious adv data + media: dmxdev: fix UAF when dvb_register_device() fails + crypto: qce - fix uaf on qce_ahash_register_one + tty: serial: atmel: Check return code of dmaengine_submit() + tty: serial: atmel: Call dma_async_issue_pending() + media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released + netfilter: bridge: add support for pppoe filtering + arm64: dts: qcom: msm8916: fix MMC controller aliases + drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() + drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() + serial: amba-pl011: do not request memory region twice + floppy: Fix hang in watchdog when disk is ejected + media: dib8000: Fix a memleak in dib8000_init() + media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() + media: si2157: Fix "warm" tuner state detection + sched/rt: Try to restart rt period timer when rt runtime exceeded + media: dw2102: Fix use after free + media: msi001: fix possible null-ptr-deref in msi001_probe() + usb: ftdi-elan: fix memory leak on device disconnect + x86/mce/inject: Avoid out-of-bounds write when setting flags + pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() + pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() + ppp: ensure minimum packet size in ppp_write() + fsl/fman: Check for null pointer after calling devm_ioremap + spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe + tpm: add request_locality before write TPM_INT_ENABLE + can: softing: softing_startstop(): fix set but not used variable warning + can: xilinx_can: xcan_probe(): check for error irq + pcmcia: fix setting of kthread task states + net: mcs7830: handle usb read errors properly + ext4: avoid trim error on fs with small groups + ALSA: jack: Add missing rwsem around snd_ctl_remove() calls + ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls + ALSA: hda: Add missing rwsem around snd_ctl_remove() calls + RDMA/hns: Validate the pkey index + powerpc/prom_init: Fix improper check of prom_getprop() + ALSA: oss: fix compile error when OSS_DEBUG is enabled + char/mwave: Adjust io port register size + scsi: ufs: Fix race conditions related to driver data + RDMA/core: Let ib_find_gid() continue search even after empty entry + dmaengine: pxa/mmp: stop referencing config->slave_id + iommu/iova: Fix race between FQ timeout and teardown + ASoC: samsung: idma: Check of ioremap return value + misc: lattice-ecp3-config: Fix task hung when firmware load failed + mips: lantiq: add support for clk_set_parent() + mips: bcm63xx: add support for clk_set_parent() + RDMA/cxgb4: Set queue pair state when being queried + Bluetooth: Fix debugfs entry leak in hci_register_dev() + fs: dlm: filter user dlm messages for kernel locks + ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply + drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR + usb: gadget: f_fs: Use stream_open() for endpoint files + HID: apple: Do not reset quirks when the Fn key is not found + media: b2c2: Add missing check in flexcop_pci_isr: + mlxsw: pci: Add shutdown method in PCI driver + drm/bridge: megachips: Ensure both bridges are probed before registration + gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use + HSI: core: Fix return freed object in hsi_new_client + mwifiex: Fix skb_over_panic in mwifiex_usb_recv() + usb: uhci: add aspeed ast2600 uhci support + floppy: Add max size check for user space request + media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. + media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() + media: m920x: don't use stack on USB reads + iwlwifi: mvm: synchronize with FW after multicast commands + ath10k: Fix tx hanging + net: bonding: debug: avoid printing debug logs when bond is not notifying peers + bpf: Do not WARN in bpf_warn_invalid_xdp_action() + media: igorplugusb: receiver overflow should be reported + media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() + mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO + arm64: tegra: Adjust length of CCPLEX cluster MMIO region + usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 + ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream + iwlwifi: fix leaks/bad data after failed firmware load + iwlwifi: remove module loading failure message + um: registers: Rename function names to avoid conflicts and build problems + jffs2: GC deadlock reading a page that is used in jffs2_write_begin() + ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions + ACPICA: Utilities: Avoid deleting the same object twice in a row + ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() + ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 + btrfs: remove BUG_ON() in find_parent_nodes() + btrfs: remove BUG_ON(!eie) in find_parent_nodes + net: mdio: Demote probed message to debug print + mac80211: allow non-standard VHT MCS-10/11 + dm btree: add a defensive bounds check to insert_at() + dm space map common: add bounds check to sm_ll_lookup_bitmap() + net: phy: marvell: configure RGMII delays for 88E1118 + serial: pl010: Drop CR register reset on set_termios + serial: core: Keep mctrl register state and cached copy in sync + parisc: Avoid calling faulthandler_disabled() twice + powerpc/6xx: add missing of_node_put + powerpc/powernv: add missing of_node_put + powerpc/cell: add missing of_node_put + powerpc/btext: add missing of_node_put + powerpc/watchdog: Fix missed watchdog reset due to memory ordering race + i2c: i801: Don't silently correct invalid transfer size + powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING + i2c: mpc: Correct I2C reset procedure + w1: Misuse of get_user()/put_user() reported by sparse + ALSA: seq: Set upper limit of processed events + MIPS: OCTEON: add put_device() after of_find_device_by_node() + i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters + MIPS: Octeon: Fix build errors using clang + scsi: sr: Don't use GFP_DMA + ASoC: mediatek: mt8173: fix device_node leak + power: bq25890: Enable continuous conversion for ADC at charging + ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers + serial: Fix incorrect rs485 polarity on uart open + cputime, cpuacct: Include guest time in user time in cpuacct.stat + iwlwifi: mvm: Increase the scan timeout guard to 30 seconds + ext4: make sure quota gets properly shutdown on error + ext4: set csum seed in tmp inode while migrating to extents + ext4: Fix BUG_ON in ext4_bread when write quota data + ext4: don't use the orphan list when migrating an inode + crypto: stm32/crc32 - Fix kernel BUG triggered in probe() + drm/radeon: fix error handling in radeon_driver_open_kms + firmware: Update Kconfig help text for Google firmware + Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization + RDMA/hns: Modify the mapping attribute of doorbell to device + RDMA/rxe: Fix a typo in opcode name + powerpc/cell: Fix clang -Wimplicit-fallthrough warning + powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses + net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module + parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries + af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress + net: axienet: Wait for PhyRstCmplt after core reset + net: axienet: fix number of TX ring slots for available check + netns: add schedule point in ops_exit_list() + libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() + dmaengine: at_xdmac: Don't start transactions at tx_submit level + dmaengine: at_xdmac: Print debug message after realeasing the lock + dmaengine: at_xdmac: Fix lld view setting + dmaengine: at_xdmac: Fix at_xdmac_lld struct definition + net_sched: restore "mpu xxx" handling + bcmgenet: add WOL IRQ check + scripts/dtc: dtx_diff: remove broken example from help text + lib82596: Fix IRQ check in sni_82596_probe + mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue + gianfar: simplify FCS handling and fix memory leak + firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries + firmware: qemu_fw_cfg: fix kobject leak in probe error path + ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows + wcn36xx: Release DMA channel descriptor allocations + tty: serial: uartlite: allow 64 bit address + xfrm: fix a small bug in xfrm_sa_len() + mmc: meson-mx-sdio: add IRQ check + netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() + staging: greybus: audio: Check null pointer + Bluetooth: hci_bcm: Check for error irq + ASoC: rt5663: Handle device_property_read_u32_array error codes + rpmsg: Only invoke announce_create for rpdev with endpoints + rpmsg: core: Clean up resources on announce_create failure. + dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK + rtc: pxa: fix null pointer dereference + UBUNTU: upstream stable to v4.14.263, v4.19.226 ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1960681 Title: Bionic update: upstream stable patchset 2022-02-11 Status in linux package in Ubuntu: Invalid Status in linux source package in Bionic: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2022-02-11 Ported from the following upstream stable releases: v4.14.263, v4.19.226 from git://git.kernel.org/ Bluetooth: bfusb: fix division by zero in send path USB: core: Fix bug in resuming hub's handling of wakeup requests USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} random: fix data race on crng_node_pool random: fix data race on crng init time staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() media: uvcvideo: fix division by zero at stream start rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled Bluetooth: schedule SCO timeouts with delayed_work Bluetooth: fix init and cleanup of sco_conn.timeout_work HID: uhid: Fix worker destroying device without any protection HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Avoid using stale array indicies to read contact count nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() rtc: cmos: take rtc_lock while reading from CMOS media: flexcop-usb: fix control-message timeouts media: mceusb: fix control-message timeouts media: em28xx: fix control-message timeouts media: cpia2: fix control-message timeouts media: s2255: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: redrat3: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: stk1160: fix control-message timeouts can: softing_cs: softingcs_probe(): fix memleak on registration failure shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails clk: bcm-2835: Pick the closest clock rate clk: bcm-2835: Remove rounding up the dividers wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND media: em28xx: fix memory leak in em28xx_init_dev Bluetooth: stop proccessing malicious adv data media: dmxdev: fix UAF when dvb_register_device() fails crypto: qce - fix uaf on qce_ahash_register_one tty: serial: atmel: Check return code of dmaengine_submit() tty: serial: atmel: Call dma_async_issue_pending() media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released netfilter: bridge: add support for pppoe filtering arm64: dts: qcom: msm8916: fix MMC controller aliases drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() serial: amba-pl011: do not request memory region twice floppy: Fix hang in watchdog when disk is ejected media: dib8000: Fix a memleak in dib8000_init() media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: si2157: Fix "warm" tuner state detection sched/rt: Try to restart rt period timer when rt runtime exceeded media: dw2102: Fix use after free media: msi001: fix possible null-ptr-deref in msi001_probe() usb: ftdi-elan: fix memory leak on device disconnect x86/mce/inject: Avoid out-of-bounds write when setting flags pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() ppp: ensure minimum packet size in ppp_write() fsl/fman: Check for null pointer after calling devm_ioremap spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe tpm: add request_locality before write TPM_INT_ENABLE can: softing: softing_startstop(): fix set but not used variable warning can: xilinx_can: xcan_probe(): check for error irq pcmcia: fix setting of kthread task states net: mcs7830: handle usb read errors properly ext4: avoid trim error on fs with small groups ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: hda: Add missing rwsem around snd_ctl_remove() calls RDMA/hns: Validate the pkey index powerpc/prom_init: Fix improper check of prom_getprop() ALSA: oss: fix compile error when OSS_DEBUG is enabled char/mwave: Adjust io port register size scsi: ufs: Fix race conditions related to driver data RDMA/core: Let ib_find_gid() continue search even after empty entry dmaengine: pxa/mmp: stop referencing config->slave_id iommu/iova: Fix race between FQ timeout and teardown ASoC: samsung: idma: Check of ioremap return value misc: lattice-ecp3-config: Fix task hung when firmware load failed mips: lantiq: add support for clk_set_parent() mips: bcm63xx: add support for clk_set_parent() RDMA/cxgb4: Set queue pair state when being queried Bluetooth: Fix debugfs entry leak in hci_register_dev() fs: dlm: filter user dlm messages for kernel locks ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR usb: gadget: f_fs: Use stream_open() for endpoint files HID: apple: Do not reset quirks when the Fn key is not found media: b2c2: Add missing check in flexcop_pci_isr: mlxsw: pci: Add shutdown method in PCI driver drm/bridge: megachips: Ensure both bridges are probed before registration gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use HSI: core: Fix return freed object in hsi_new_client mwifiex: Fix skb_over_panic in mwifiex_usb_recv() usb: uhci: add aspeed ast2600 uhci support floppy: Add max size check for user space request media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: m920x: don't use stack on USB reads iwlwifi: mvm: synchronize with FW after multicast commands ath10k: Fix tx hanging net: bonding: debug: avoid printing debug logs when bond is not notifying peers bpf: Do not WARN in bpf_warn_invalid_xdp_action() media: igorplugusb: receiver overflow should be reported media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO arm64: tegra: Adjust length of CCPLEX cluster MMIO region usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream iwlwifi: fix leaks/bad data after failed firmware load iwlwifi: remove module loading failure message um: registers: Rename function names to avoid conflicts and build problems jffs2: GC deadlock reading a page that is used in jffs2_write_begin() ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 btrfs: remove BUG_ON() in find_parent_nodes() btrfs: remove BUG_ON(!eie) in find_parent_nodes net: mdio: Demote probed message to debug print mac80211: allow non-standard VHT MCS-10/11 dm btree: add a defensive bounds check to insert_at() dm space map common: add bounds check to sm_ll_lookup_bitmap() net: phy: marvell: configure RGMII delays for 88E1118 serial: pl010: Drop CR register reset on set_termios serial: core: Keep mctrl register state and cached copy in sync parisc: Avoid calling faulthandler_disabled() twice powerpc/6xx: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/btext: add missing of_node_put powerpc/watchdog: Fix missed watchdog reset due to memory ordering race i2c: i801: Don't silently correct invalid transfer size powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: mpc: Correct I2C reset procedure w1: Misuse of get_user()/put_user() reported by sparse ALSA: seq: Set upper limit of processed events MIPS: OCTEON: add put_device() after of_find_device_by_node() i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: Octeon: Fix build errors using clang scsi: sr: Don't use GFP_DMA ASoC: mediatek: mt8173: fix device_node leak power: bq25890: Enable continuous conversion for ADC at charging ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers serial: Fix incorrect rs485 polarity on uart open cputime, cpuacct: Include guest time in user time in cpuacct.stat iwlwifi: mvm: Increase the scan timeout guard to 30 seconds ext4: make sure quota gets properly shutdown on error ext4: set csum seed in tmp inode while migrating to extents ext4: Fix BUG_ON in ext4_bread when write quota data ext4: don't use the orphan list when migrating an inode crypto: stm32/crc32 - Fix kernel BUG triggered in probe() drm/radeon: fix error handling in radeon_driver_open_kms firmware: Update Kconfig help text for Google firmware Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization RDMA/hns: Modify the mapping attribute of doorbell to device RDMA/rxe: Fix a typo in opcode name powerpc/cell: Fix clang -Wimplicit-fallthrough warning powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress net: axienet: Wait for PhyRstCmplt after core reset net: axienet: fix number of TX ring slots for available check netns: add schedule point in ops_exit_list() libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() dmaengine: at_xdmac: Don't start transactions at tx_submit level dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Fix at_xdmac_lld struct definition net_sched: restore "mpu xxx" handling bcmgenet: add WOL IRQ check scripts/dtc: dtx_diff: remove broken example from help text lib82596: Fix IRQ check in sni_82596_probe mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue gianfar: simplify FCS handling and fix memory leak firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries firmware: qemu_fw_cfg: fix kobject leak in probe error path ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows wcn36xx: Release DMA channel descriptor allocations tty: serial: uartlite: allow 64 bit address xfrm: fix a small bug in xfrm_sa_len() mmc: meson-mx-sdio: add IRQ check netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() staging: greybus: audio: Check null pointer Bluetooth: hci_bcm: Check for error irq ASoC: rt5663: Handle device_property_read_u32_array error codes rpmsg: Only invoke announce_create for rpdev with endpoints rpmsg: core: Clean up resources on announce_create failure. dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK rtc: pxa: fix null pointer dereference UBUNTU: upstream stable to v4.14.263, v4.19.226 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1960681/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp