This bug was fixed in the package linux-kvm - 5.4.0-1018.18

---------------
linux-kvm (5.4.0-1018.18) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1018.18 -proposed tracker (LP: #1885099)

  * LXD 4.2 broken on linux-kvm due to missing VLAN filtering (LP: #1882955)
    - [Config] kvm: VLAN_8021Q=m && BRIDGE_VLAN_FILTERING=y

  * Make linux-kvm bootable in LXD VMs (LP: #1873809)
    - [Config] kvm: Match ramdisk config with master
    - [Config] kvm: Build-in EFI framebuffer

linux-kvm (5.4.0-1017.17) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1017.17 -proposed tracker (LP: #1883517)

  * Make linux-kvm bootable in LXD VMs (LP: #1873809)
    - [Packaging] Start to sign the KVM kernel

linux-kvm (5.4.0-1016.16) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1016.16 -proposed tracker (LP: #1882691)

  * Focal update: v5.4.42 upstream stable release (LP: #1879759)
    - [Config] kvm: Record CC_HAS_WARN_MAYBE_UNINITIALIZED drop

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 5.4.0-38.42 ]

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off 
when
      not supported
  * Realtek 8723DE [10ec:d723] subsystem [10ec:d738]  disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and 
assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier
  * CPU stress test fails with focal kernel (LP: #1867900)
    - [Config] Disable hisi_sec2 temporarily
  * Enforce all config annotations (LP: #1879327)
    - [Config]: do not enforce CONFIG_VERSION_SIGNATURE
    - [Config]: prepare to enforce all
    - [Config]: enforce all config options
  * Focal update: v5.4.44 upstream stable release (LP: #1881927)
    - ax25: fix setsockopt(SO_BINDTODEVICE)
    - dpaa_eth: fix usage as DSA master, try 3
    - net: don't return invalid table id error when we fall back to PF_UNSPEC
    - net: dsa: mt7530: fix roaming from DSA user ports
    - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
    - __netif_receive_skb_core: pass skb by reference
    - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
    - net: ipip: fix wrong address family in init error path
    - net/mlx5: Add command entry handling completion
    - net: mvpp2: fix RX hashing for non-10G ports
    - net: nlmsg_cancel() if put fails for nhmsg
    - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
    - net: revert "net: get rid of an signed integer overflow in
      ip_idents_reserve()"
    - net sched: fix reporting the first-time use timestamp
    - net/tls: fix race condition causing kernel panic
    - nexthop: Fix attribute checking for groups
    - r8152: support additional Microsoft Surface Ethernet Adapter variant
    - sctp: Don't add the shutdown timer if its already been added
    - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
      socket is closed
    - tipc: block BH before using dst_cache
    - net/mlx5e: kTLS, Destroy key object after destroying the TIS
    - net/mlx5e: Fix inner tirs handling
    - net/mlx5: Fix memory leak in mlx5_events_init
    - net/mlx5e: Update netdev txq on completions during closure
    - net/mlx5: Fix error flow in case of function_setup failure
    - net/mlx5: Annotate mutex destroy for root ns
    - net/tls: fix encryption error checking
    - net/tls: free record only on encryption error
    - net: sun: fix missing release regions in cas_init_one().
    - net/mlx4_core: fix a memory leak bug.
    - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case 
reload
      fails
    - ARM: dts: rockchip: fix phy nodename for rk3228-evb
    - ARM: dts: rockchip: fix phy nodename for rk3229-xms6
    - arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
    - arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
    - ARM: dts: rockchip: swap clock-names of gpu nodes
    - ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
    - gpio: tegra: mask GPIO IRQs during IRQ shutdown
    - ALSA: usb-audio: add mapping for ASRock TRX40 Creator
    - net: microchip: encx24j600: add missed kthread_stop
    - gfs2: move privileged user check to gfs2_quota_lock_check
    - gfs2: Grab glock reference sooner in gfs2_add_revoke
    - drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate
    - drm/amd/powerplay: perform PG ungate prior to CG ungate
    - drm/amdgpu: Use GEM obj reference for KFD BOs
    - cachefiles: Fix race between read_waiter and read_copier involving 
op->to_do
    - usb: dwc3: pci: Enable extcon driver for Intel Merrifield
    - usb: phy: twl6030-usb: Fix a resource leak in an error handling path in
      'twl6030_usb_probe()'
    - usb: gadget: legacy: fix redundant initialization warnings
    - net: freescale: select CONFIG_FIXED_PHY where needed
    - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
    - riscv: stacktrace: Fix undefined reference to `walk_stackframe'
    - clk: ti: am33xx: fix RTC clock parent
    - csky: Fixup msa highest 3 bits mask
    - csky: Fixup perf callchain unwind
    - csky: Fixup remove duplicate irq_disable
    - hwmon: (nct7904) Fix incorrect range of temperature limit registers
    - cifs: Fix null pointer check in cifs_read
    - csky: Fixup raw_copy_from_user()
    - samples: bpf: Fix build error
    - drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
    - Input: usbtouchscreen - add support for BonXeon TP
    - Input: evdev - call input_flush_device() on release(), not flush()
    - Input: xpad - add custom init packet for Xbox One S controllers
    - Input: dlink-dir685-touchkeys - fix a typo in driver name
    - Input: i8042 - add ThinkPad S230u to i8042 reset list
    - Input: synaptics-rmi4 - really fix attn_data use-after-free
    - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
    - ARM: 8970/1: decompressor: increase tag size
    - ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
    - ARM: uaccess: integrate uaccess_save and uaccess_restore
    - ARM: uaccess: fix DACR mismatch with nested exceptions
    - gpio: exar: Fix bad handling for ida_simple_get error path
    - arm64: dts: mt8173: fix vcodec-enc clock
    - soc: mediatek: cmdq: return send msg error code
    - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type
    - IB/qib: Call kobject_put() when kobject_init_and_add() fails
    - ARM: dts/imx6q-bx50v3: Set display interface clock parents
    - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
    - ARM: dts: bcm: HR2: Fix PPI interrupt types
    - mmc: block: Fix use-after-free issue for rpmb
    - gpio: pxa: Fix return value of pxa_gpio_probe()
    - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe()
    - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
    - ALSA: hwdep: fix a left shifting 1 by 31 UB bug
    - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
    - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
    - exec: Always set cap_ambient in cap_bprm_set_creds
    - clk: qcom: gcc: Fix parent for gpll0_out_even
    - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
    - ALSA: hda/realtek - Add new codec supported for ALC287
    - libceph: ignore pool overlay and cache logic on redirects
    - ceph: flush release queue when handling caps for unknown inode
    - RDMA/core: Fix double destruction of uobject
    - drm/amd/display: drop cursor position check in atomic test
    - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
    - mm,thp: stop leaking unreleased file pages
    - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
    - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
    - Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and
      REQ_NOWAIT"
    - gpio: fix locking open drain IRQ lines
    - iommu: Fix reference count leak in iommu_group_alloc.
    - parisc: Fix kernel panic in mem_init()
    - cfg80211: fix debugfs rename crash
    - x86/syscalls: Revert "x86/syscalls: Make __X32_SYSCALL_BIT be unsigned 
long"
    - mac80211: mesh: fix discovery timer re-arming issue / crash
    - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
    - copy_xstate_to_kernel(): don't leave parts of destination uninitialized
    - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
    - xfrm: do pskb_pull properly in __xfrm_transport_prep
    - xfrm: remove the xfrm_state_put call becofe going to out_reset
    - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
    - xfrm interface: fix oops when deleting a x-netns interface
    - xfrm: fix a warning in xfrm_policy_insert_list
    - xfrm: fix a NULL-ptr deref in xfrm_local_error
    - xfrm: fix error in comment
    - ip_vti: receive ipip packet by calling ip_tunnel_rcv
    - netfilter: nft_reject_bridge: enable reject with bridge vlan
    - netfilter: ipset: Fix subcounter update skip
    - netfilter: conntrack: make conntrack userspace helpers work again
    - netfilter: nfnetlink_cthelper: unbreak userspace helper support
    - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
    - esp6: get the right proto for transport mode in esp6_gso_encap
    - bnxt_en: Fix accumulation of bp->net_stats_prev.
    - ieee80211: Fix incorrect mask for default PE duration
    - xsk: Add overflow check for u64 division, stored into u32
    - qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
    - crypto: chelsio/chtls: properly set tp->lsndtime
    - nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry
    - nexthops: don't modify published nexthop groups
    - nexthop: Expand nexthop_is_multipath in a few places
    - ipv4: nexthop version of fib_info_nh_uses_dev
    - net: dsa: declare lockless TX feature for slave ports
    - bonding: Fix reference count leak in bond_sysfs_slave_add.
    - netfilter: conntrack: comparison of unsigned in cthelper confirmation
    - netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update
    - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
    - perf: Make perf able to build with latest libbfd
    - Linux 5.4.44
  * Focal update: v5.4.43 upstream stable release (LP: #1881178)
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - ubifs: fix wrong use of crypto_shash_descsize()
    - ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtable()
    - ubifs: remove broken lazytime support
    - i2c: fix missing pm_runtime_put_sync in i2c_device_probe
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - evm: Fix a small race in init_desc()
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - afs: Don't unlock fetched data pages until the op completes successfully
    - mtd: Fix mtd not registered due to nvmem name collision
    - kbuild: avoid concurrency issue in parallel building dtbs and dtbs_check
    - net: drop_monitor: use IS_REACHABLE() to guard net_dm_hw_report()
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - HID: alps: Add AUI1657 device ID
    - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - scsi: qla2xxx: Delete all sessions before unregister local nvme port
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - aquantia: Fix the media type of AQC100 ethernet controller in the driver
    - component: Silence bind error on -EPROBE_DEFER
    - net/ena: Fix build warning in ena_xdp_set()
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - HID: i2c-hid: reset Synaptics SYNA2393 on resume
    - x86/mm/cpa: Flush direct map alias during cpa
    - ibmvnic: Skip fatal error reset after passive init
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A 
keyboard-dock
    - ceph: fix double unlock in handle_cap_export()
    - stmmac: fix pointer check after utilization in stmmac_interrupt
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - iommu/amd: Call domain_flush_complete() in update_domain()
    - drm/amd/display: Prevent dpcd reads with passive dongles
    - KVM: selftests: Fix build for evmcs.h
    - ARM: futex: Address build warning
    - scripts/gdb: repair rb_first() and rb_last()
    - ALSA: hda - constify and cleanup static NodeID tables
    - ALSA: hda: patch_realtek: fix empty macro usage in if block
    - ALSA: hda: Manage concurrent reg access more properly
    - ALSA: hda/realtek - Add supported new mute Led for HP
    - ALSA: hda/realtek - Add HP new mute led supported for ALC236
    - ALSA: hda/realtek: Add quirk for Samsung Notebook
    - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295
    - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295
    - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295
    - KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
    - ALSA: hda/realtek - Add more fixup entries for Clevo machines
    - scsi: qla2xxx: Do not log message when reading port speed via sysfs
    - scsi: target: Put lun_ref at end of tmr processing
    - arm64: Fix PTRACE_SYSEMU semantics
    - drm/etnaviv: fix perfmon domain interation
    - apparmor: Fix aa_label refcnt leak in policy_update
    - dmaengine: tegra210-adma: Fix an error handling path in 
'tegra_adma_probe()'
    - drm/etnaviv: Fix a leak in submit_pin_objects()
    - dmaengine: dmatest: Restore default for channel
    - dmaengine: owl: Use correct lock in owl_dma_get_pchan()
    - vsprintf: don't obfuscate NULL and error pointers
    - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of 
inheritance.
    - drm/i915: Propagate error from completed fences
    - powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
    - powerpc/64s: Disable STRICT_KERNEL_RWX
    - bpf: Avoid setting bpf insns pages read-only when prog is jited
    - kbuild: Remove debug info from kallsyms linking
    - Revert "gfs2: Don't demote a glock until its revokes are written"
    - media: fdp1: Fix R-Car M3-N naming in debug message
    - staging: iio: ad2s1210: Fix SPI reading
    - staging: kpc2000: fix error return code in kp2000_pcie_probe()
    - staging: greybus: Fix uninitialized scalar variable
    - iio: sca3000: Remove an erroneous 'get_device()'
    - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
    - iio: adc: ti-ads8344: Fix channel selection
    - misc: rtsx: Add short delay after exit from ASPM
    - tty: serial: add missing spin_lock_init for SiFive serial console
    - mei: release me_cl object reference
    - ipack: tpci200: fix error return code in tpci200_register()
    - s390/kaslr: add support for R_390_JMP_SLOT relocation type
    - device-dax: don't leak kernel memory to user space after unloading kmem
    - rapidio: fix an error in get_user_pages_fast() error handling
    - kasan: disable branch tracing for core runtime
    - rxrpc: Fix the excessive initial retransmission timeout
    - rxrpc: Fix a memory leak in rxkad_verify_response()
    - s390/kexec_file: fix initrd location for kdump kernel
    - flow_dissector: Drop BPF flow dissector prog ref on netns cleanup
    - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
    - iio: adc: stm32-adc: Use dma_request_chan() instead
      dma_request_slave_channel()
    - iio: adc: stm32-adc: fix device used to request dma
    - iio: adc: stm32-dfsdm: Use dma_request_chan() instead
      dma_request_slave_channel()
    - iio: adc: stm32-dfsdm: fix device used to request dma
    - rxrpc: Trace discarded ACKs
    - rxrpc: Fix ack discard
    - tpm: check event log version before reading final events
    - sched/fair: Reorder enqueue/dequeue_task_fair path
    - sched/fair: Fix reordering of enqueue/dequeue_task_fair()
    - sched/fair: Fix enqueue_task_fair() warning some more
    - Linux 5.4.43
  * Focal update: v5.4.42 upstream stable release (LP: #1879759)
    - net: dsa: Do not make user port errors fatal
    - shmem: fix possible deadlocks on shmlock_user_lock
    - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx 
phy.
    - KVM: arm: vgic: Synchronize the whole guest on GIC{D,R}_I{S,C}ACTIVER read
    - gpio: pca953x: Fix pca953x_gpio_set_config
    - SUNRPC: Add "@len" parameter to gss_unwrap()
    - SUNRPC: Fix GSS privacy computation of auth->au_ralign
    - net/sonic: Fix a resource leak in an error handling path in
      'jazz_sonic_probe()'
    - net: moxa: Fix a potential double 'free_irq()'
    - ftrace/selftests: workaround cgroup RT scheduling issues
    - drop_monitor: work around gcc-10 stringop-overflow warning
    - virtio-blk: handle block_device_operations callbacks after hot unplug
    - sun6i: dsi: fix gcc-4.8
    - net_sched: fix tcm_parent in tc filter dump
    - scsi: sg: add sg_remove_request in sg_write
    - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040
    - dpaa2-eth: properly handle buffer size restrictions
    - net: fix a potential recursive NETDEV_FEAT_CHANGE
    - netlabel: cope with NULL catmap
    - net: phy: fix aneg restart in phy_ethtool_set_eee
    - net: stmmac: fix num_por initialization
    - pppoe: only process PADT targeted at local interfaces
    - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
    - tcp: fix error recovery in tcp_zerocopy_receive()
    - tcp: fix SO_RCVLOWAT hangs with fat skbs
    - virtio_net: fix lockdep warning on 32 bit
    - dpaa2-eth: prevent array underflow in update_cls_rule()
    - hinic: fix a bug of ndo_stop
    - net: dsa: loop: Add module soft dependency
    - net: ipv4: really enforce backoff for redirects
    - netprio_cgroup: Fix unlimited memory leak of v2 cgroups
    - net: tcp: fix rx timestamp behavior for tcp_recvmsg
    - nfp: abm: fix error return code in nfp_abm_vnic_alloc()
    - r8169: re-establish support for RTL8401 chip version
    - umh: fix memory leak on execve failure
    - riscv: fix vdso build with lld
    - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
    - dmaengine: mmp_tdma: Do not ignore slave config validation errors
    - dmaengine: mmp_tdma: Reset channel error on release
    - selftests/ftrace: Check the first record for kprobe_args_type.tc
    - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
    - ALSA: hda/hdmi: fix race in monitor detection during probe
    - drm/amd/powerplay: avoid using pm_en before it is initialized revised
    - drm/amd/display: check if REFCLK_CNTL register is present
    - drm/amd/display: Update downspread percent to match spreadsheet for DCN2.1
    - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
    - drm/amdgpu: simplify padding calculations (v2)
    - drm/amdgpu: invalidate L2 before SDMA IBs (v2)
    - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
    - gfs2: Another gfs2_walk_metadata fix
    - mmc: sdhci-pci-gli: Fix no irq handler from suspend
    - IB/hfi1: Fix another case where pq is left on waitlist
    - ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()
    - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H
    - pinctrl: baytrail: Enable pin configuration setting for GPIO chip
    - pinctrl: qcom: fix wrong write in update_dual_edge
    - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
    - bpf: Fix error return code in map_lookup_and_delete_elem()
    - ALSA: firewire-lib: fix 'function sizeof not defined' error of tracepoints
      format
    - i40iw: Fix error handling in i40iw_manage_arp_cache()
    - drm/i915: Don't enable WaIncreaseLatencyIPCEnabled when IPC is disabled
    - bpf, sockmap: msg_pop_data can incorrecty set an sge length
    - bpf, sockmap: bpf_tcp_ingress needs to subtract bytes from sg.size
    - mmc: alcor: Fix a resource leak in the error path for ->probe()
    - mmc: sdhci-pci-gli: Fix can not access GL9750 after reboot from Windows 10
    - mmc: core: Check request type before completing the request
    - mmc: core: Fix recursive locking issue in CQE recovery path
    - mmc: block: Fix request completion in the CQE timeout path
    - gfs2: More gfs2_find_jhead fixes
    - fork: prevent accidental access to clone3 features
    - drm/amdgpu: force fbdev into vram
    - NFS: Fix fscache super_cookie index_key from changing after umount
    - nfs: fscache: use timespec64 in inode auxdata
    - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included
    - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
    - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest
    - arm64: fix the flush_icache_range arguments in machine_kexec
    - nfs: fix NULL deference in nfs4_get_valid_delegation
    - SUNRPC: Signalled ASYNC tasks need to exit
    - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
    - netfilter: nft_set_rbtree: Add missing expired checks
    - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info()
    - IB/mlx4: Test return value of calls to ib_get_cached_pkey
    - IB/core: Fix potential NULL pointer dereference in pkey cache
    - RDMA/core: Fix double put of resource
    - RDMA/iw_cxgb4: Fix incorrect function parameters
    - hwmon: (da9052) Synchronize access with mfd
    - s390/ism: fix error return code in ism_probe()
    - mm, memcg: fix inconsistent oom event behavior
    - NFSv3: fix rpc receive buffer size for MOUNT call
    - pnp: Use list_for_each_entry() instead of open coding
    - net/rds: Use ERR_PTR for rds_message_alloc_sgs()
    - Stop the ad-hoc games with -Wno-maybe-initialized
    - [Config] updateconfigs for CC_HAS_WARN_MAYBE_UNINITIALIZED
    - gcc-10: disable 'zero-length-bounds' warning for now
    - gcc-10: disable 'array-bounds' warning for now
    - gcc-10: disable 'stringop-overflow' warning for now
    - gcc-10: disable 'restrict' warning for now
    - gcc-10 warnings: fix low-hanging fruit
    - gcc-10: mark more functions __init to avoid section mismatch warnings
    - gcc-10: avoid shadowing standard library 'free()' in crypto
    - usb: usbfs: correct kernel->user page attribute mismatch
    - USB: usbfs: fix mmap dma mismatch
    - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
    - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA
    - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
    - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX 
headset
    - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
    - usb: host: xhci-plat: keep runtime active when removing host
    - usb: cdns3: gadget: prev_req->trb is NULL for ep0
    - usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg 
list
    - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE()
    - ARM: dts: dra7: Fix bus_dma_limit for PCIe
    - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
    - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection
    - drm/amd/display: add basic atomic check for cursor plane
    - powerpc/32s: Fix build failure with CONFIG_PPC_KUAP_DEBUG
    - cifs: fix leaked reference on requeued write
    - x86: Fix early boot crash on gcc-10, third try
    - x86/unwind/orc: Fix error handling in __unwind_start()
    - exec: Move would_dump into flush_old_exec
    - clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
    - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
    - fanotify: fix merging marks masks with FAN_ONDIR
    - usb: gadget: net2272: Fix a memory leak in an error handling path in
      'net2272_plat_probe()'
    - usb: gadget: audio: Fix a missing error return value in audio_bind()
    - usb: gadget: legacy: fix error return code in gncm_bind()
    - usb: gadget: legacy: fix error return code in cdc_bind()
    - clk: Unlink clock if failed to prepare or enable
    - arm64: dts: meson-g12b-khadas-vim3: add missing frddr_a status property
    - arm64: dts: meson-g12-common: fix dwc2 clock names
    - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328
      boards
    - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
    - arm64: dts: imx8mn: Change SDMA1 ahb clock for imx8mn
    - ARM: dts: r8a73a4: Add missing CMT1 interrupts
    - arm64: dts: renesas: r8a77980: Fix IPMMU VIP[01] nodes
    - ARM: dts: r8a7740: Add missing extal2 to CPG node
    - SUNRPC: Revert 241b1f419f0e ("SUNRPC: Remove xdr_buf_trim()")
    - bpf: Fix sk_psock refcnt leak when receiving message
    - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
    - Makefile: disallow data races on gcc-10 as well
    - Linux 5.4.42
  * upgrading to 4.15.0-99-generic breaks the sound and the trackpad
    (LP: #1875916) // Focal update: v5.4.42 upstream stable release
    (LP: #1879759)
    - Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
  * Pop sound from build-in speaker during cold boot and resume from S3
    (LP: #1866357) // Focal update: v5.4.42 upstream stable release
    (LP: #1879759)
    - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
  * tpm: fix TIS locality timeout problems (LP: #1881710)
    - SAUCE: tpm: fix TIS locality timeout problems
  * [UBUNTU 20.04] s390x/pci: fix linking between PF and VF for multifunction
    devices (LP: #1879704)
    - PCI/IOV: Introduce pci_iov_sysfs_link() function
    - s390/pci: create links between PFs and VFs
  * Performing function level reset of AMD onboard USB and audio devices causes
    system lockup (LP: #1865988)
    - SAUCE: PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
    - SAUCE: PCI: Avoid FLR for AMD Starship USB 3.0
  * seccomp_benchmark times out on eoan (LP: #1881576)
    - SAUCE: selftests/seccomp: use 90s as timeout
  * ASoC/amd: add audio driver for amd renoir (LP: #1881046)
    - ASoC: amd: add Renoir ACP3x IP register header
    - ASoC: amd: add Renoir ACP PCI driver
    - ASoC: amd: add acp init/de-init functions
    - ASoC: amd: create acp3x pdm platform device
    - ASoC: amd: add ACP3x PDM platform driver
    - ASoC: amd: irq handler changes for ACP3x PDM dma driver
    - ASoC: amd: add acp3x pdm driver dma ops
    - ASoC: amd: add ACP PDM DMA driver dai ops
    - ASoC: amd: add Renoir ACP PCI driver PM ops
    - ASoC: amd: add ACP PDM DMA driver pm ops
    - ASoC: amd: enable Renoir acp3x drivers build
    - ASoC: amd: create platform devices for Renoir
    - ASoC: amd: RN machine driver using dmic
    - ASoC: amd: enable build for RN machine driver
    - ASoC: amd: fix kernel warning
    - ASoC: amd: refactoring dai_hw_params() callback
    - ASoC: amd: return error when acp de-init fails
    - [Config]: enable amd renoir ASoC audio
  * Fix for secure boot rules in IMA arch policy on powerpc (LP: #1877955)
    - powerpc/ima: Fix secure boot rules in ima arch policy
  * [UBUNTU 20.04] s390x/pci: s390_pci_mmio_write/read fail when MIO
    instructions are available (LP: #1874055)
    - s390/pci: Fix s390_mmio_read/write with MIO
  * security: lockdown: remove trailing semicolon before function body
    (LP: #1880660)
    - SAUCE: (lockdown) security: lockdown: remove trailing semicolon before
      function body
  * Fix incorrect speed/duplex when I210 device is runtime suspended
    (LP: #1880656)
    - igb: Report speed and duplex as unknown when device is runtime suspended
  * [OMEN by HP Laptop 15-dh0xxx, Realtek ALC285, Black Mic, Left] Recording
    problem (LP: #1874698)
    - ASoC: SOF: Intel: hda: allow operation without i915 gfx
    - ASoC: intel/skl/hda - add no-HDMI cases to generic HDA driver
  * CVE-2020-13143
    - USB: gadget: fix illegal array access in binding with UDC
  * rtl8723bu wifi issue after being turned off (LP: #1878296)
    - rtl8xxxu: Improve TX performance of RTL8723BU on rtl8xxxu driver
    - rtl8xxxu: add bluetooth co-existence support for single antenna
    - rtl8xxxu: remove set but not used variable 'rate_mask'
    - rtl8xxxu: Remove set but not used variable 'vif', 'dev', 'len'
  * Fix Pericom USB controller OHCI/EHCI PME# defect (LP: #1879321)
    - serial: 8250_pci: Move Pericom IDs to pci_ids.h
    - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
  * shiftfs: fix btrfs snapshot deletion (LP: #1879688)
    - SAUCE: shiftfs: let userns root destroy subvolumes from other users
  * [UBUNTU 20.04] s390x/pci: enumerate pci functions per physical adapter
    (LP: #1874056)
    - s390/pci: Improve handling of unset UID
    - s390/pci: embedding hotplug_slot in zdev
    - s390/pci: Expose new port attribute for PCIe functions
    - s390/pci: adaptation of iommu to multifunction
    - s390/pci: define kernel parameters for PCI multifunction
    - s390/pci: define RID and RID available
    - s390/pci: create zPCI bus
    - s390/pci: adapt events for zbus
    - s390/pci: Handling multifunctions
    - s390/pci: Do not disable PF when VFs exist
    - s390/pci: Documentation for zPCI
    - s390/pci: removes wrong PCI multifunction assignment
  * update-initramfs complains of missing amdgpu firmware files (LP: #1873325)
    - SAUCE: drm/amdgpu: Remove unreleased arcturus and navi12 firmware from
      modinfo

 -- Stefan Bader <stefan.ba...@canonical.com>  Thu, 25 Jun 2020 11:31:16
+0200

** Changed in: linux-kvm (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-0543

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13143

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1882955

Title:
  LXD 4.2 broken on linux-kvm due to missing VLAN filtering

Status in linux-kvm package in Ubuntu:
  Invalid
Status in linux-kvm source package in Xenial:
  Fix Committed
Status in linux-kvm source package in Bionic:
  Fix Committed
Status in linux-kvm source package in Eoan:
  Fix Committed
Status in linux-kvm source package in Focal:
  Fix Released

Bug description:
  [Description]

  Some VLAN options (BRIDGE_VLAN_FILTERING, and its dependencies
  VLAN_8021Q*) were in a different state in Focal/kvm compared to
  Focal/generic: LXD now depends on BRIDGE_VLAN_FILTERING and due to
  this discrepancy it fails to work on the Focal/kvm kernel: fix it by
  aligning the config with Focal/generic

  [Fix]

  Apply the attached config patch

  [Regression potential]

  Low, just some config changes already present in generic.

  ---
  This is another case of linux-kvm having unexplained differences compared to 
linux-generic in areas that aren't related to hardware drivers (see other bug 
we filed for missing nft).

  This time, CPC is reporting that LXD no longer works on linux-kvm as
  we now set vlan filtering on our bridges to prevent containers from
  escaping firewalling through custom vlan tags.

  This relies on CONFIG_BRIDGE_VLAN_FILTERING which is a built-in on the
  generic kernel but is apparently missing on linux-kvm (I don't have
  any system running that kernel to confirm its config, but the behavior
  certainly matches that).

  We need this fixed in focal and groovy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1882955/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to