This bug was fixed in the package linux - 5.4.0-171.189 --------------- linux (5.4.0-171.189) focal; urgency=medium
* focal/linux: 5.4.0-171.189 -proposed tracker (LP: #2048282) * Packaging resync (LP: #1786013) - [Packaging] remove helper scripts - [Packaging] update annotations scripts - debian/dkms-versions -- update from kernel-versions (main/2024.01.08) * Page fault in RDMA ODP triggers BUG_ON during MMU notifier registration (LP: #2046534) - RDMA/odp: Ensure the mm is still alive before creating an implicit child * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382) - Revert "PCI: acpiphp: Reassign resources on bridge if necessary" * CVE-2023-6040 - netfilter: nf_tables: Reject tables of unsupported family * kernel_selftests failures on kernel-P10d-LPAR10.ppc64el.10 (LP: #2032641) - selftests: Skip TM tests on synthetic TM implementations * [Debian] autoreconstruct - Do not generate chmod -x for deleted files (LP: #2045562) - [Debian] autoreconstruct - Do not generate chmod -x for deleted files * CVE-2023-6931 - perf/core: Add a new read format to get a number of lost samples - perf: Fix perf_event_validate_size() - perf: Fix perf_event_validate_size() lockdep splat * CVE-2023-6932 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet * CVE-2023-6606 - smb: client: fix OOB in smbCalcSize() * CVE-2023-45863 - kobject: Fix slab-out-of-bounds in fill_kobj_path() * Focal update: v5.4.259 upstream stable release (LP: #2043724) - RDMA/cxgb4: Check skb value for failure to allocate - lib/test_meminit: fix off-by-one error in test_pages() - pwm: hibvt: Explicitly set .polarity in .get_state() - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect - quota: Fix slow quotaoff - net: prevent address rewrite in kernel_bind() - drm: etvnaviv: fix bad backport leading to warning - drm/msm/dsi: skip the wait for video mode done if not applicable - ravb: Fix up dma_free_coherent() call in ravb_remove() - ieee802154: ca8210: Fix a potential UAF in ca8210_probe - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type - xen-netback: use default TX queue size for vifs - drm/vmwgfx: fix typo of sizeof argument - ixgbe: fix crash with empty VF macvlan list - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() - nfc: nci: assert requested protocol is valid - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() - dmaengine: stm32-mdma: abort resume if no ongoing transfer - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read - usb: dwc3: Soft reset phy on probe for host - usb: musb: Get the musb_qh poniter after musb_giveback - usb: musb: Modify the "HWVers" register address - iio: pressure: bmp280: Fix NULL pointer exception - iio: pressure: dps310: Adjust Timeout Settings - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug - mcb: remove is_added flag from mcb_device struct - libceph: use kernel_connect() - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() - Input: powermate - fix use-after-free in powermate_config_complete - Input: psmouse - fix fast_reconnect function for PS/2 mode - Input: xpad - add PXN V900 support - cgroup: Remove duplicates in cgroup v1 tasks file - pinctrl: avoid unsafe code pattern in find_pinctrl() - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() - ravb: Fix use-after-free issue in ravb_tx_timeout_work() - Documentation: sysctl: align cells in second content column - usb: hub: Guard against accesses to uninitialized BOS descriptors - Bluetooth: hci_event: Ignore NULL link key - Bluetooth: Reject connection with the device which has same BD_ADDR - Bluetooth: Fix a refcnt underflow problem for hci_conn - Bluetooth: vhci: Fix race when opening vhci device - Bluetooth: hci_event: Fix coding style - Bluetooth: avoid memcmp() out of bounds warning - ice: fix over-shifted variable - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() - regmap: fix NULL deref on lookup - KVM: x86: Mask LVTPC when handling a PMI - netfilter: nft_payload: fix wrong mac header matching - qed: fix LL2 RX buffer allocation - xfrm: fix a data-race in xfrm_gen_index() - xfrm: interface: use DEV_STATS_INC() - net: ipv4: fix return value check in esp_remove_trailer - net: ipv6: fix return value check in esp_remove_trailer - net: rfkill: gpio: prevent value glitch during probe - tcp: fix excessive TLP and RACK timeouts from HZ rounding - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb - tun: prevent negative ifindex - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() - i40e: prevent crash on probe if hw registers have invalid values - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section - netfilter: nft_set_rbtree: .deactivate fails if element has expired - net: pktgen: Fix interface flags printing - resource: Add irqresource_disabled() - ACPI: Drop acpi_dev_irqresource_disabled() - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 - btrfs: initialize start_slot in btrfs_log_prealloc_extents - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter - overlayfs: set ctime when setting mtime and atime - gpio: timberdale: Fix potential deadlock on &tgpio->lock - ata: libata-eh: Fix compilation warning in ata_eh_link_report() - tracing: relax trace_event_eval_update() execution with cond_resched() - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event - Bluetooth: Avoid redundant authentication - Bluetooth: hci_core: Fix build warnings - wifi: mac80211: allow transmitting EAPOL frames with tainted key - wifi: cfg80211: avoid leaking stack data into trace - regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" - sky2: Make sure there is at least one frag_addr available - drm: panel-orientation-quirks: Add quirk for One Mix 2S - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c - HID: multitouch: Add required quirk for Synaptics 0xcd7e device - Bluetooth: hci_event: Fix using memcmp when comparing keys - mtd: rawnand: qcom: Unmap the right resource upon probe failure - mtd: spinand: micron: correct bitmask for ecc status - mtd: physmap-core: Restore map_rom fallback - mmc: core: sdio: hold retuning if sdio in 1-bit mode - mmc: core: Capture correct oemid-bits for eMMC cards - Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" - ACPI: irq: Fix incorrect return value in acpi_register_gsi() - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition - USB: serial: option: add entry for Sierra EM9191 with new firmware - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL - s390/pci: fix iommu bitmap allocation - gpio: vf610: set value before the direction to avoid a glitch - ASoC: pxa: fix a memory leak in probe() - phy: mapphone-mdm6600: Fix runtime disable on probe - phy: mapphone-mdm6600: Fix runtime PM for remove - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins - Bluetooth: hci_sock: fix slab oob read in create_monitor_event - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name - xfrm6: fix inet6_dev refcount underflow problem - Linux 5.4.259 * Focal update: v5.4.258 upstream stable release (LP: #2042107) - NFS/pNFS: Report EINVAL errors from connect() to the server - SUNRPC: Mark the cred for revalidation if the server rejects it - tracing: Increase trace array ref count on enable and filter files - ata: libahci: clear pending interrupt status - ext4: remove the 'group' parameter of ext4_trim_extent - ext4: add new helper interface ext4_try_to_trim_range() - ext4: scope ret locally in ext4_try_to_trim_range() - ext4: change s_last_trim_minblks type to unsigned long - ext4: mark group as trimmed only if it was fully scanned - ext4: replace the traditional ternary conditional operator with with max()/min() - ext4: move setting of trimmed bit into ext4_try_to_trim_range() - ext4: do not let fstrim block system suspend - ASoC: meson: spdifin: start hw on dai probe - netfilter: nf_tables: disallow element removal on anonymous sets - bpf: Avoid deadlock when using queue and stack maps from NMI - selftests/tls: Add {} to avoid static checker warning - selftests: tls: swap the TX and RX sockets in some tests - ASoC: imx-audmix: Fix return error with devm_clk_get() - i40e: Fix for persistent lldp support - SAUCE: Revert "UBUNTU: SAUCE: i40e Fix GPF when deleting VMs" - i40e: Remove scheduling while atomic possibility - i40e: Fix warning message and call stack during rmmod i40e driver - i40e: Fix VF VLAN offloading when port VLAN is configured - powerpc/perf/hv-24x7: Update domain value check - dccp: fix dccp_v4_err()/dccp_v6_err() again - net: hns3: add 5ms delay before clear firmware reset irq source - net: bridge: use DEV_STATS_INC() - team: fix null-ptr-deref when team device type is changed - net: rds: Fix possible NULL-pointer dereference - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() - Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN - scsi: qla2xxx: Fix update_fcport for current_topology - scsi: qla2xxx: Fix deletion race condition - drm/amd/display: Reinstate LFC optimization - drm/amd/display: Fix LFC multiplier changing erratically - drm/amd/display: prevent potential division by zero errors - ata: libata: disallow dev-initiated LPM transitions to unsupported states - MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled - clk: tegra: fix error return case for recalc_rate - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up - xtensa: add default definition for XCHAL_HAVE_DIV32 - xtensa: iss/network: make functions static - xtensa: boot: don't add include-dirs - xtensa: boot/lib: fix function prototypes - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip - parisc: sba: Fix compile warning wrt list of SBA devices - parisc: iosapic.c: Fix sparse warnings - parisc: drivers: Fix sparse warning - parisc: irq: Make irq_stack_union static to avoid sparse warning - selftests/ftrace: Correctly enable event in instance-event.tc - ring-buffer: Avoid softlockup in ring_buffer_resize() - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() - spi: nxp-fspi: reset the FLSHxCR1 registers - bpf: Clarify error expectations from bpf_clone_redirect - powerpc/watchpoints: Annotate atomic context in more places - ncsi: Propagate carrier gain/loss events to the NCSI controller - fbdev/sh7760fb: Depend on FB=y - nvme-pci: do not set the NUMA node of device if it has none - watchdog: iTCO_wdt: No need to stop the timer in probe - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running - i40e: improve locking of mac_filter_hash - i40e: always propagate error value in i40e_set_vsi_promisc() - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc - smack: Record transmuting in smk_transmuted - smack: Retrieve transmuting information in smack_inode_getsecurity() - Smack:- Use overlay inode label in smack_inode_copy_up() - serial: 8250_port: Check IRQ data before use - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES - i2c: i801: unregister tco_pdev in i801_probe() error path - ring-buffer: Update "shortest_full" in polling - btrfs: properly report 0 avail for very full file systems - net: thunderbolt: Fix TCPv6 GSO checksum calculation - ata: libata-core: Fix ata_port_request_pm() locking - ata: libata-core: Fix port and device removal - ata: libata-core: Do not register PM operations for SAS ports - ata: libata-sata: increase PMP SRST timeout to 10s - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC - rbd: move rbd_dev_refresh() definition - rbd: decouple header read-in from updating rbd_dev->header - rbd: decouple parent info read-in from updating rbd_dev - rbd: take header_rwsem in rbd_dev_refresh() only when updating - Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" - scsi: zfcp: Fix a double put in zfcp_port_enqueue() - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info - wifi: mwifiex: Fix tlv_buf_left calculation - net: replace calls to sock->ops->connect() with kernel_connect() - net: prevent rewrite of msg_name in sock_sendmsg() - wifi: iwlwifi: dbg_ini: fix structure packing - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling - regmap: rbtree: Fix wrong register marked as in-cache when creating new node - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig - scsi: target: core: Fix deadlock due to recursive locking - NFS4: Trace state recovery operation - NFS: Add a helper nfs_client_for_each_server() - NFSv4: Fix a nfs4_state_manager() race - modpost: add missing else to the "of" check - net: fix possible store tearing in neigh_periodic_work() - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() - net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg - net: nfc: llcp: Add lock when modifying device list - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp - net: stmmac: dwmac-stm32: fix resume on STM32 MCU - tcp: fix quick-ack counting to count actual ACKs of new data - tcp: fix delayed ACKs for MSS boundary condition - sctp: update transport state when processing a dupcook packet - sctp: update hb timer immediately after users change hb_interval - cpupower: add Makefile dependencies for install targets - RDMA/core: Require admin capabilities to set system parameters - IB/mlx4: Fix the size of a buffer in add_port_entries() - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() - gpio: pxa: disable pinctrl calls for MMP_GPIO - RDMA/cma: Fix truncation compilation warning in make_cma_ports - RDMA/uverbs: Fix typo of sizeof argument - RDMA/siw: Fix connection failure handling - RDMA/mlx5: Fix NULL string error - parisc: Restore __ldcw_align for PA-RISC 2.0 processors - NFS: Fix a race in __nfs_list_for_each_server() - ima: rework CONFIG_IMA dependency block - [Config] Update IMA_BLACKLIST_KEYRING and IMA_LOAD_X509 - xen/events: replace evtchn_rwlock with RCU - Linux 5.4.258 -- Roxana Nicolescu <roxana.nicole...@canonical.com> Fri, 05 Jan 2024 14:59:41 +0100 ** Changed in: linux (Ubuntu Focal) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-45863 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6040 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6606 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6931 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6932 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2032641 Title: kernel_selftests failures on kernel-P10d-LPAR10.ppc64el.10 Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Focal: Fix Released Bug description: [Impact] The powerpc tests from kernel selftests were unable to finish properly on Power10 VM with Focal 5.4 kernel. There will be lots of failures for powerpc/ptrace and powerpc/tm tests. For example the ptrace-tm-gpr: # selftests: powerpc/ptrace: ptrace-tm-gpr # test: ptrace_tm_gpr # tags: git_version:unknown # [FAIL] Test FAILED on line 94 # GPR[14]: 1 Expected: 2 # GPR[15]: 1 Expected: 2 # GPR[16]: 1 Expected: 2 # GPR[17]: 1 Expected: 2 # GPR[18]: 1 Expected: 2 # GPR[19]: 1 Expected: 2 # GPR[20]: 1 Expected: 2 # GPR[21]: 1 Expected: 2 # GPR[22]: 1 Expected: 2 # GPR[23]: 1 Expected: 2 # GPR[24]: 1 Expected: 2 # GPR[25]: 1 Expected: 2 # GPR[26]: 1 Expected: 2 # GPR[27]: 1 Expected: 2 # GPR[28]: 1 Expected: 2 # GPR[29]: 1 Expected: 2 # GPR[30]: 1 Expected: 2 # GPR[31]: 1 Expected: 2 # failure: ptrace_tm_gpr not ok 1 selftests: powerpc/ptrace: ptrace-tm-gpr # exit=1 [Fix] * 031fd80f87 selftests: Skip TM tests on synthetic TM implementations This patch has already landed on Jammy+. Only Focal will need this patch. And it needs to be backported to skip changes on the tm-signal-pagefault.c test, which does not exist on Focal tree. [Test Plan] Run the patched powerpc tests from kernel selftests: $ sudo make TARGETS=powerpc run_tests Previously failing powerpc/ptrace and powerpc/tm tests will be skipped. For example the ptrace-tm-gpr test: # selftests: powerpc/ptrace: ptrace-tm-gpr # test: ptrace_tm_gpr # tags: git_version:b315960-dirty # [SKIP] Test skipped on line 116 # skip: ptrace_tm_gpr ok 2 selftests: powerpc/ptrace: ptrace-tm-gpr [Where problems could occur] Change limited to testing tools, and it's just skipping unsuitable tests for specific architecture, no impact to real kernel functions. == Original Bug Report == First time seen on cycle 2023.08.10 because it was the first time we tested this instance. Tried previous focal version (5.4.09-156) and it seems it's happened before. The following tests are failing: * powerpc/ptrace:ptrace-tm-gpr FAIL * powerpc/ptrace:ptrace-tm-spd-gpr FAIL * powerpc/ptrace:ptrace-tm-tar timeout * powerpc/ptrace:ptrace-tm-spd-tar timeout * powerpc/ptrace:ptrace-tm-vsx timeout * powerpc/ptrace:ptrace-tm-spd-vsx timeout * powerpc/ptrace:ptrace-tm-spr timeout To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2032641/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp