Public bug reported: SRU Justification
Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2020-11-10 Ported from the following upstream stable releases: v4.14.202, v4.19.152, v4.14.203, v4.19.153 from git://git.kernel.org/ Bluetooth: fix kernel oops in store_pending_adv_report Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Bluetooth: Fix update of connection state in `hci_encrypt_cfm` Bluetooth: Disconnect if E0 is used for Level 4 media: usbtv: Fix refcounting mixup USB: serial: option: add Cellient MPL200 card USB: serial: option: Add Telit FT980-KS composition staging: comedi: check validity of wMaxPacketSize of usb endpoints found USB: serial: pl2303: add device-id for HP GC device USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters reiserfs: Initialize inode keys properly reiserfs: Fix oops during mount drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case crypto: bcm - Verify GCM/CCM key length in setkey crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO ARM: 8939/1: kbuild: use correct nm executable ARM: 8867/1: vdso: pass --be8 to linker if necessary UBUNTU: upstream stable to v4.14.202, v4.19.152 ibmveth: Switch order of ibmveth_helper calls. ibmveth: Identify ingress large send packets. ipv4: Restore flowi4_oif update before call to xfrm_lookup_route mlx4: handle non-napi callers to napi_poll net: usb: qmi_wwan: add Cellient MPL200 card tipc: fix the skb_unshare() in tipc_buf_append() net/ipv4: always honour route mtu during forwarding r8169: fix data corruption issue on RTL8402 binder: fix UAF when releasing todo list ALSA: bebob: potential info leak in hwdep_read() net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() tcp: fix to update snd_wl1 in bulk receiver fast path icmp: randomize the global rate limiter cifs: remove bogus debug code cifs: Return the error from crypt_message when enc/dec key not found. KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages KVM: SVM: Initialize prev_ga_tag before use ima: Don't ignore errors from crypto_shash_update() crypto: algif_aead - Do not set MAY_BACKLOG on the async path EDAC/i5100: Fix error handling order in i5100_init_one() x86/fpu: Allow multiple bits in clearcpuid= parameter drivers/perf: xgene_pmu: Fix uninitialized resource struct crypto: algif_skcipher - EBUSY on aio should be an error crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call media: tuner-simple: fix regression in simple_set_radio_freq media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: m5mols: Check function pointer in m5mols_sensor_power media: uvcvideo: Set media controller entity functions media: omap3isp: Fix memleak in isp_probe crypto: omap-sham - fix digcnt register handling with export/import cypto: mediatek - fix leaks in mtk_desc_ring_alloc media: mx2_emmaprp: Fix memleak in emmaprp_probe media: tc358743: initialize variable media: platform: fcp: Fix a reference count leak. media: s5p-mfc: Fix a reference count leak media: ti-vpe: Fix a missing check and reference count leak regulator: resolve supply after creating regulator ath10k: provide survey info as accumulated data Bluetooth: hci_uart: Cancel init work before unregistering ath6kl: prevent potential array overflow in ath6kl_add_new_sta() ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ASoC: qcom: lpass-platform: fix memory leak ASoC: qcom: lpass-cpu: fix concurrency issue brcmfmac: check ndev pointer mwifiex: Do not use GFP_KERNEL in atomic context drm/gma500: fix error check scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() backlight: sky81452-backlight: Fix refcount imbalance on error VMCI: check return value of get_user_pages_fast() for errors tty: serial: earlycon dependency pty: do tty_flip_buffer_push without port->lock in pty_write pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pwm: lpss: Add range limit check for the base_unit register value drivers/virt/fsl_hypervisor: Fix error handling path video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error video: fbdev: sis: fix null ptr dereference HID: roccat: add bounds checking in kone_sysfs_write_settings() pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser pinctrl: mcp23s08: Fix mcp23x17 precious range ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() misc: mic: scif: Fix error handling path ALSA: seq: oss: Avoid mutex lock for a long-time ioctl usb: dwc2: Fix parameter type in function pointer prototype quota: clear padding in v2r1_mem2diskdqb() HID: hid-input: fix stylus battery reporting qtnfmac: fix resource leaks on unsupported iftype error return path net: enic: Cure the enic api locking trainwreck mfd: sm501: Fix leaks in probe() iwlwifi: mvm: split a print to avoid a WARNING in ROC usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well nl80211: fix non-split wiphy information usb: dwc2: Fix INTR OUT transfers in DDMA mode. scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() mwifiex: fix double free net: korina: fix kfree of rx/tx descriptor array mm/memcg: fix device private memcg accounting mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary IB/mlx4: Fix starvation in paravirt mux/demux IB/mlx4: Adjust delayed work when a dup is observed powerpc/pseries: Fix missing of_node_put() in rng_init() powerpc/icp-hv: Fix missing of_node_put() in success path mtd: lpddr: fix excessive stack usage with clang mtd: mtdoops: Don't write panic data twice ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER xfs: limit entries returned when counting fsmap records RDMA/qedr: Fix use of uninitialized field powerpc/tau: Use appropriate temperature sample interval powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Disable TAU between measurements perf intel-pt: Fix "context_switch event has no tid" error RDMA/hns: Set the unsupported wr opcode kdb: Fix pager search for multi-line strings overflow: Include header file with SIZE_MAX declaration powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints powerpc/perf/hv-gpci: Fix starting index value cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier IB/rdmavt: Fix sizeof mismatch f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info lib/crc32.c: fix trivial typo in preprocessor condition ramfs: fix nommu mmap with gaps in the page cache rapidio: fix error handling path rapidio: fix the missed put_device() for rio_mport_add_riodev mailbox: avoid timer start from callback i2c: rcar: Auto select RESET_CONTROLLER PCI: iproc: Set affinity mask on MSI interrupts clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: bcm2835: add missing release if devm_clk_hw_register fails ext4: limit entries returned when counting fsmap records vfio/pci: Clear token on bypass registration failure vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Input: stmfts - fix a & vs && typo Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error KVM: x86: emulating RDPID failure shall return #UD rather than #GP memory: omap-gpmc: Fix a couple off by ones memory: fsl-corenet-cf: Fix handling of platform_get_irq() error arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: zynqmp: Remove additional compatible string for i2c IPs powerpc/powernv/dump: Fix race while processing OPAL dump nvmet: fix uninitialized work for zero kato NTB: hw: amd: fix an issue about leak system resources perf: correct SNOOPX field offset i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs crypto: ccp - fix error handling media: firewire: fix memory leak media: ati_remote: sanity check for both endpoints media: st-delta: Fix reference count leak in delta_run_work media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: media/pci: prevent memory leak in bttv_probe media: uvcvideo: Ensure all probed info is returned to v4l2 mmc: sdio: Check for CISTPL_VERS_1 buffer size media: saa7134: avoid a shift overflow fs: dlm: fix configfs memory leak media: venus: core: Fix runtime PM imbalance in venus_probe ntfs: add check for mft record size in superblock mac80211: handle lack of sband->bitrates in rates PM: hibernate: remove the bogus call to get_gendisk() in software_resume() scsi: mvumi: Fix error return in mvumi_io_attach() scsi: target: core: Add CONTROL field for trace events mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic usb: gadget: function: printer: fix use-after-free in __lock_acquire udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read USB: cdc-acm: handle broken union descriptors can: flexcan: flexcan_chip_stop(): add error handling and propagate error value ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() misc: rtsx: Fix memory leak in rtsx_pci_probe reiserfs: only call unlock_new_inode() if I_NEW xfs: make sure the rt allocator doesn't run off the end usb: ohci: Default to per-port over-current protection Bluetooth: Only mark socket zapped after unlocking scsi: ibmvfc: Fix error return in ibmvfc_probe() brcmsmac: fix memory leak in wlc_phy_attach_lcnphy rtl8xxxu: prevent potential memory leak Fix use after free in get_capset_info callback. scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O tty: ipwireless: fix error handling ipvs: Fix uninit-value in do_ip_vs_set_ctl() reiserfs: Fix memory leak in reiserfs_parse_options() mwifiex: don't call del_timer_sync() on uninitialized timer brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach usb: core: Solve race condition in anchor cleanup functions scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() net: korina: cast KSEG0 address to pointer in kfree tty: serial: fsl_lpuart: fix lpuart32_poll_get_char usb: cdc-acm: add quirk to blacklist ETAS ES58X devices USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). eeprom: at25: set minimum read/write access stride to 1 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler net: fix pos incrementment in ipv6_route_seq_next ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 x86/nmi: Fix nmi_handle() duration miscalculation x86/events/amd/iommu: Fix sizeof mismatch media: uvcvideo: Silence shift-out-of-bounds warning hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} media: tc358743: cleanup tc358743_cec_isr pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() staging: rtl8192u: Do not use GFP_KERNEL in atomic context net: stmmac: use netif_tx_start|stop_all_queues() function scsi: target: tcmu: Fix warning: 'page' may be used uninitialized ipvs: clear skb->tstamp in forwarding path netfilter: nf_log: missing vlan offload tag and proto RDMA/ucma: Fix locking for ctx->events_reported RDMA/ucma: Add missing locking around rdma_leave_multicast() RDMA/qedr: Fix inline size returned for iWARP UBUNTU: upstream stable to v4.14.203, v4.19.153 ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: linux (Ubuntu Bionic) Importance: Undecided Assignee: Kamal Mostafa (kamalmostafa) Status: In Progress ** Tags: kernel-stable-tracking-bug ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Tags added: kernel-stable-tracking-bug ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) ** Description changed: - - SRU Justification - - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The following upstream - stable patches should be included in the Ubuntu kernel: - - upstream stable patchset 2020-11-10 - from git://git.kernel.org/ + SRU Justification + + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The following upstream + stable patches should be included in the Ubuntu kernel: + + upstream stable patchset 2020-11-10 + + Ported from the following upstream stable releases: + v4.14.202, v4.19.152, + v4.14.203, v4.19.153 + + from git://git.kernel.org/ + + Bluetooth: fix kernel oops in store_pending_adv_report + Bluetooth: Consolidate encryption handling in hci_encrypt_cfm + Bluetooth: Fix update of connection state in `hci_encrypt_cfm` + Bluetooth: Disconnect if E0 is used for Level 4 + media: usbtv: Fix refcounting mixup + USB: serial: option: add Cellient MPL200 card + USB: serial: option: Add Telit FT980-KS composition + staging: comedi: check validity of wMaxPacketSize of usb endpoints found + USB: serial: pl2303: add device-id for HP GC device + USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters + reiserfs: Initialize inode keys properly + reiserfs: Fix oops during mount + drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case + crypto: bcm - Verify GCM/CCM key length in setkey + crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA + ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO + ARM: 8939/1: kbuild: use correct nm executable + ARM: 8867/1: vdso: pass --be8 to linker if necessary + UBUNTU: upstream stable to v4.14.202, v4.19.152 + ibmveth: Switch order of ibmveth_helper calls. + ibmveth: Identify ingress large send packets. + ipv4: Restore flowi4_oif update before call to xfrm_lookup_route + mlx4: handle non-napi callers to napi_poll + net: usb: qmi_wwan: add Cellient MPL200 card + tipc: fix the skb_unshare() in tipc_buf_append() + net/ipv4: always honour route mtu during forwarding + r8169: fix data corruption issue on RTL8402 + binder: fix UAF when releasing todo list + ALSA: bebob: potential info leak in hwdep_read() + net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device + net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup + nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() + tcp: fix to update snd_wl1 in bulk receiver fast path + icmp: randomize the global rate limiter + cifs: remove bogus debug code + cifs: Return the error from crypt_message when enc/dec key not found. + KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages + KVM: SVM: Initialize prev_ga_tag before use + ima: Don't ignore errors from crypto_shash_update() + crypto: algif_aead - Do not set MAY_BACKLOG on the async path + EDAC/i5100: Fix error handling order in i5100_init_one() + x86/fpu: Allow multiple bits in clearcpuid= parameter + drivers/perf: xgene_pmu: Fix uninitialized resource struct + crypto: algif_skcipher - EBUSY on aio should be an error + crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() + crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call + media: tuner-simple: fix regression in simple_set_radio_freq + media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" + media: m5mols: Check function pointer in m5mols_sensor_power + media: uvcvideo: Set media controller entity functions + media: omap3isp: Fix memleak in isp_probe + crypto: omap-sham - fix digcnt register handling with export/import + cypto: mediatek - fix leaks in mtk_desc_ring_alloc + media: mx2_emmaprp: Fix memleak in emmaprp_probe + media: tc358743: initialize variable + media: platform: fcp: Fix a reference count leak. + media: s5p-mfc: Fix a reference count leak + media: ti-vpe: Fix a missing check and reference count leak + regulator: resolve supply after creating regulator + ath10k: provide survey info as accumulated data + Bluetooth: hci_uart: Cancel init work before unregistering + ath6kl: prevent potential array overflow in ath6kl_add_new_sta() + ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() + wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 + ASoC: qcom: lpass-platform: fix memory leak + ASoC: qcom: lpass-cpu: fix concurrency issue + brcmfmac: check ndev pointer + mwifiex: Do not use GFP_KERNEL in atomic context + drm/gma500: fix error check + scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' + scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() + backlight: sky81452-backlight: Fix refcount imbalance on error + VMCI: check return value of get_user_pages_fast() for errors + tty: serial: earlycon dependency + pty: do tty_flip_buffer_push without port->lock in pty_write + pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() + pwm: lpss: Add range limit check for the base_unit register value + drivers/virt/fsl_hypervisor: Fix error handling path + video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error + video: fbdev: sis: fix null ptr dereference + HID: roccat: add bounds checking in kone_sysfs_write_settings() + pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser + pinctrl: mcp23s08: Fix mcp23x17 precious range + ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() + misc: mic: scif: Fix error handling path + ALSA: seq: oss: Avoid mutex lock for a long-time ioctl + usb: dwc2: Fix parameter type in function pointer prototype + quota: clear padding in v2r1_mem2diskdqb() + HID: hid-input: fix stylus battery reporting + qtnfmac: fix resource leaks on unsupported iftype error return path + net: enic: Cure the enic api locking trainwreck + mfd: sm501: Fix leaks in probe() + iwlwifi: mvm: split a print to avoid a WARNING in ROC + usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. + usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well + nl80211: fix non-split wiphy information + usb: dwc2: Fix INTR OUT transfers in DDMA mode. + scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() + mwifiex: fix double free + net: korina: fix kfree of rx/tx descriptor array + mm/memcg: fix device private memcg accounting + mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary + IB/mlx4: Fix starvation in paravirt mux/demux + IB/mlx4: Adjust delayed work when a dup is observed + powerpc/pseries: Fix missing of_node_put() in rng_init() + powerpc/icp-hv: Fix missing of_node_put() in success path + mtd: lpddr: fix excessive stack usage with clang + mtd: mtdoops: Don't write panic data twice + ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values + arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER + xfs: limit entries returned when counting fsmap records + RDMA/qedr: Fix use of uninitialized field + powerpc/tau: Use appropriate temperature sample interval + powerpc/tau: Remove duplicated set_thresholds() call + powerpc/tau: Disable TAU between measurements + perf intel-pt: Fix "context_switch event has no tid" error + RDMA/hns: Set the unsupported wr opcode + kdb: Fix pager search for multi-line strings + overflow: Include header file with SIZE_MAX declaration + powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints + powerpc/perf/hv-gpci: Fix starting index value + cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier + IB/rdmavt: Fix sizeof mismatch + f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info + lib/crc32.c: fix trivial typo in preprocessor condition + ramfs: fix nommu mmap with gaps in the page cache + rapidio: fix error handling path + rapidio: fix the missed put_device() for rio_mport_add_riodev + mailbox: avoid timer start from callback + i2c: rcar: Auto select RESET_CONTROLLER + PCI: iproc: Set affinity mask on MSI interrupts + clk: at91: clk-main: update key before writing AT91_CKGR_MOR + clk: bcm2835: add missing release if devm_clk_hw_register fails + ext4: limit entries returned when counting fsmap records + vfio/pci: Clear token on bypass registration failure + vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages + Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() + Input: stmfts - fix a & vs && typo + Input: ep93xx_keypad - fix handling of platform_get_irq() error + Input: omap4-keypad - fix handling of platform_get_irq() error + Input: twl4030_keypad - fix handling of platform_get_irq() error + Input: sun4i-ps2 - fix handling of platform_get_irq() error + KVM: x86: emulating RDPID failure shall return #UD rather than #GP + memory: omap-gpmc: Fix a couple off by ones + memory: fsl-corenet-cf: Fix handling of platform_get_irq() error + arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts + ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers + arm64: dts: zynqmp: Remove additional compatible string for i2c IPs + powerpc/powernv/dump: Fix race while processing OPAL dump + nvmet: fix uninitialized work for zero kato + NTB: hw: amd: fix an issue about leak system resources + perf: correct SNOOPX field offset + i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs + crypto: ccp - fix error handling + media: firewire: fix memory leak + media: ati_remote: sanity check for both endpoints + media: st-delta: Fix reference count leak in delta_run_work + media: sti: Fix reference count leaks + media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync + media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync + media: exynos4-is: Fix a reference count leak + media: vsp1: Fix runtime PM imbalance on error + media: platform: s3c-camif: Fix runtime PM imbalance on error + media: platform: sti: hva: Fix runtime PM imbalance on error + media: bdisp: Fix runtime PM imbalance on error + media: media/pci: prevent memory leak in bttv_probe + media: uvcvideo: Ensure all probed info is returned to v4l2 + mmc: sdio: Check for CISTPL_VERS_1 buffer size + media: saa7134: avoid a shift overflow + fs: dlm: fix configfs memory leak + media: venus: core: Fix runtime PM imbalance in venus_probe + ntfs: add check for mft record size in superblock + mac80211: handle lack of sband->bitrates in rates + PM: hibernate: remove the bogus call to get_gendisk() in software_resume() + scsi: mvumi: Fix error return in mvumi_io_attach() + scsi: target: core: Add CONTROL field for trace events + mic: vop: copy data to kernel space then write to io memory + misc: vop: add round_up(x,4) for vring_size to avoid kernel panic + usb: gadget: function: printer: fix use-after-free in __lock_acquire + udf: Limit sparing table size + udf: Avoid accessing uninitialized data on failed inode read + USB: cdc-acm: handle broken union descriptors + can: flexcan: flexcan_chip_stop(): add error handling and propagate error value + ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() + misc: rtsx: Fix memory leak in rtsx_pci_probe + reiserfs: only call unlock_new_inode() if I_NEW + xfs: make sure the rt allocator doesn't run off the end + usb: ohci: Default to per-port over-current protection + Bluetooth: Only mark socket zapped after unlocking + scsi: ibmvfc: Fix error return in ibmvfc_probe() + brcmsmac: fix memory leak in wlc_phy_attach_lcnphy + rtl8xxxu: prevent potential memory leak + Fix use after free in get_capset_info callback. + scsi: qedi: Protect active command list to avoid list corruption + scsi: qedi: Fix list_del corruption while removing active I/O + tty: ipwireless: fix error handling + ipvs: Fix uninit-value in do_ip_vs_set_ctl() + reiserfs: Fix memory leak in reiserfs_parse_options() + mwifiex: don't call del_timer_sync() on uninitialized timer + brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach + usb: core: Solve race condition in anchor cleanup functions + scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() + ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() + net: korina: cast KSEG0 address to pointer in kfree + tty: serial: fsl_lpuart: fix lpuart32_poll_get_char + usb: cdc-acm: add quirk to blacklist ETAS ES58X devices + USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). + eeprom: at25: set minimum read/write access stride to 1 + usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. + powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler + net: fix pos incrementment in ipv6_route_seq_next + ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 + x86/nmi: Fix nmi_handle() duration miscalculation + x86/events/amd/iommu: Fix sizeof mismatch + media: uvcvideo: Silence shift-out-of-bounds warning + hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} + media: tc358743: cleanup tc358743_cec_isr + pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB + spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() + staging: rtl8192u: Do not use GFP_KERNEL in atomic context + net: stmmac: use netif_tx_start|stop_all_queues() function + scsi: target: tcmu: Fix warning: 'page' may be used uninitialized + ipvs: clear skb->tstamp in forwarding path + netfilter: nf_log: missing vlan offload tag and proto + RDMA/ucma: Fix locking for ctx->events_reported + RDMA/ucma: Add missing locking around rdma_leave_multicast() + RDMA/qedr: Fix inline size returned for iWARP + UBUNTU: upstream stable to v4.14.203, v4.19.153 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1903768 Title: Bionic update: upstream stable patchset 2020-11-10 Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2020-11-10 Ported from the following upstream stable releases: v4.14.202, v4.19.152, v4.14.203, v4.19.153 from git://git.kernel.org/ Bluetooth: fix kernel oops in store_pending_adv_report Bluetooth: Consolidate encryption handling in hci_encrypt_cfm Bluetooth: Fix update of connection state in `hci_encrypt_cfm` Bluetooth: Disconnect if E0 is used for Level 4 media: usbtv: Fix refcounting mixup USB: serial: option: add Cellient MPL200 card USB: serial: option: Add Telit FT980-KS composition staging: comedi: check validity of wMaxPacketSize of usb endpoints found USB: serial: pl2303: add device-id for HP GC device USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters reiserfs: Initialize inode keys properly reiserfs: Fix oops during mount drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case crypto: bcm - Verify GCM/CCM key length in setkey crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO ARM: 8939/1: kbuild: use correct nm executable ARM: 8867/1: vdso: pass --be8 to linker if necessary UBUNTU: upstream stable to v4.14.202, v4.19.152 ibmveth: Switch order of ibmveth_helper calls. ibmveth: Identify ingress large send packets. ipv4: Restore flowi4_oif update before call to xfrm_lookup_route mlx4: handle non-napi callers to napi_poll net: usb: qmi_wwan: add Cellient MPL200 card tipc: fix the skb_unshare() in tipc_buf_append() net/ipv4: always honour route mtu during forwarding r8169: fix data corruption issue on RTL8402 binder: fix UAF when releasing todo list ALSA: bebob: potential info leak in hwdep_read() net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() tcp: fix to update snd_wl1 in bulk receiver fast path icmp: randomize the global rate limiter cifs: remove bogus debug code cifs: Return the error from crypt_message when enc/dec key not found. KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages KVM: SVM: Initialize prev_ga_tag before use ima: Don't ignore errors from crypto_shash_update() crypto: algif_aead - Do not set MAY_BACKLOG on the async path EDAC/i5100: Fix error handling order in i5100_init_one() x86/fpu: Allow multiple bits in clearcpuid= parameter drivers/perf: xgene_pmu: Fix uninitialized resource struct crypto: algif_skcipher - EBUSY on aio should be an error crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call media: tuner-simple: fix regression in simple_set_radio_freq media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: m5mols: Check function pointer in m5mols_sensor_power media: uvcvideo: Set media controller entity functions media: omap3isp: Fix memleak in isp_probe crypto: omap-sham - fix digcnt register handling with export/import cypto: mediatek - fix leaks in mtk_desc_ring_alloc media: mx2_emmaprp: Fix memleak in emmaprp_probe media: tc358743: initialize variable media: platform: fcp: Fix a reference count leak. media: s5p-mfc: Fix a reference count leak media: ti-vpe: Fix a missing check and reference count leak regulator: resolve supply after creating regulator ath10k: provide survey info as accumulated data Bluetooth: hci_uart: Cancel init work before unregistering ath6kl: prevent potential array overflow in ath6kl_add_new_sta() ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ASoC: qcom: lpass-platform: fix memory leak ASoC: qcom: lpass-cpu: fix concurrency issue brcmfmac: check ndev pointer mwifiex: Do not use GFP_KERNEL in atomic context drm/gma500: fix error check scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() backlight: sky81452-backlight: Fix refcount imbalance on error VMCI: check return value of get_user_pages_fast() for errors tty: serial: earlycon dependency pty: do tty_flip_buffer_push without port->lock in pty_write pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pwm: lpss: Add range limit check for the base_unit register value drivers/virt/fsl_hypervisor: Fix error handling path video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error video: fbdev: sis: fix null ptr dereference HID: roccat: add bounds checking in kone_sysfs_write_settings() pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser pinctrl: mcp23s08: Fix mcp23x17 precious range ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() misc: mic: scif: Fix error handling path ALSA: seq: oss: Avoid mutex lock for a long-time ioctl usb: dwc2: Fix parameter type in function pointer prototype quota: clear padding in v2r1_mem2diskdqb() HID: hid-input: fix stylus battery reporting qtnfmac: fix resource leaks on unsupported iftype error return path net: enic: Cure the enic api locking trainwreck mfd: sm501: Fix leaks in probe() iwlwifi: mvm: split a print to avoid a WARNING in ROC usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well nl80211: fix non-split wiphy information usb: dwc2: Fix INTR OUT transfers in DDMA mode. scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() mwifiex: fix double free net: korina: fix kfree of rx/tx descriptor array mm/memcg: fix device private memcg accounting mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary IB/mlx4: Fix starvation in paravirt mux/demux IB/mlx4: Adjust delayed work when a dup is observed powerpc/pseries: Fix missing of_node_put() in rng_init() powerpc/icp-hv: Fix missing of_node_put() in success path mtd: lpddr: fix excessive stack usage with clang mtd: mtdoops: Don't write panic data twice ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER xfs: limit entries returned when counting fsmap records RDMA/qedr: Fix use of uninitialized field powerpc/tau: Use appropriate temperature sample interval powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Disable TAU between measurements perf intel-pt: Fix "context_switch event has no tid" error RDMA/hns: Set the unsupported wr opcode kdb: Fix pager search for multi-line strings overflow: Include header file with SIZE_MAX declaration powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints powerpc/perf/hv-gpci: Fix starting index value cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier IB/rdmavt: Fix sizeof mismatch f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info lib/crc32.c: fix trivial typo in preprocessor condition ramfs: fix nommu mmap with gaps in the page cache rapidio: fix error handling path rapidio: fix the missed put_device() for rio_mport_add_riodev mailbox: avoid timer start from callback i2c: rcar: Auto select RESET_CONTROLLER PCI: iproc: Set affinity mask on MSI interrupts clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: bcm2835: add missing release if devm_clk_hw_register fails ext4: limit entries returned when counting fsmap records vfio/pci: Clear token on bypass registration failure vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Input: stmfts - fix a & vs && typo Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error KVM: x86: emulating RDPID failure shall return #UD rather than #GP memory: omap-gpmc: Fix a couple off by ones memory: fsl-corenet-cf: Fix handling of platform_get_irq() error arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: zynqmp: Remove additional compatible string for i2c IPs powerpc/powernv/dump: Fix race while processing OPAL dump nvmet: fix uninitialized work for zero kato NTB: hw: amd: fix an issue about leak system resources perf: correct SNOOPX field offset i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs crypto: ccp - fix error handling media: firewire: fix memory leak media: ati_remote: sanity check for both endpoints media: st-delta: Fix reference count leak in delta_run_work media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: media/pci: prevent memory leak in bttv_probe media: uvcvideo: Ensure all probed info is returned to v4l2 mmc: sdio: Check for CISTPL_VERS_1 buffer size media: saa7134: avoid a shift overflow fs: dlm: fix configfs memory leak media: venus: core: Fix runtime PM imbalance in venus_probe ntfs: add check for mft record size in superblock mac80211: handle lack of sband->bitrates in rates PM: hibernate: remove the bogus call to get_gendisk() in software_resume() scsi: mvumi: Fix error return in mvumi_io_attach() scsi: target: core: Add CONTROL field for trace events mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic usb: gadget: function: printer: fix use-after-free in __lock_acquire udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read USB: cdc-acm: handle broken union descriptors can: flexcan: flexcan_chip_stop(): add error handling and propagate error value ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() misc: rtsx: Fix memory leak in rtsx_pci_probe reiserfs: only call unlock_new_inode() if I_NEW xfs: make sure the rt allocator doesn't run off the end usb: ohci: Default to per-port over-current protection Bluetooth: Only mark socket zapped after unlocking scsi: ibmvfc: Fix error return in ibmvfc_probe() brcmsmac: fix memory leak in wlc_phy_attach_lcnphy rtl8xxxu: prevent potential memory leak Fix use after free in get_capset_info callback. scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O tty: ipwireless: fix error handling ipvs: Fix uninit-value in do_ip_vs_set_ctl() reiserfs: Fix memory leak in reiserfs_parse_options() mwifiex: don't call del_timer_sync() on uninitialized timer brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach usb: core: Solve race condition in anchor cleanup functions scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() net: korina: cast KSEG0 address to pointer in kfree tty: serial: fsl_lpuart: fix lpuart32_poll_get_char usb: cdc-acm: add quirk to blacklist ETAS ES58X devices USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). eeprom: at25: set minimum read/write access stride to 1 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler net: fix pos incrementment in ipv6_route_seq_next ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 x86/nmi: Fix nmi_handle() duration miscalculation x86/events/amd/iommu: Fix sizeof mismatch media: uvcvideo: Silence shift-out-of-bounds warning hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} media: tc358743: cleanup tc358743_cec_isr pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() staging: rtl8192u: Do not use GFP_KERNEL in atomic context net: stmmac: use netif_tx_start|stop_all_queues() function scsi: target: tcmu: Fix warning: 'page' may be used uninitialized ipvs: clear skb->tstamp in forwarding path netfilter: nf_log: missing vlan offload tag and proto RDMA/ucma: Fix locking for ctx->events_reported RDMA/ucma: Add missing locking around rdma_leave_multicast() RDMA/qedr: Fix inline size returned for iWARP UBUNTU: upstream stable to v4.14.203, v4.19.153 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1903768/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp