This bug was fixed in the package linux - 5.4.0-9.12
---------------
linux (5.4.0-9.12) focal; urgency=medium
* alsa/hda/realtek: the line-out jack doens't work on a dell AIO
(LP: #1855999)
- SAUCE: ALSA: hda/realtek - Line-out jack doesn't work on a Dell AIO
* scsi: hisi_sas: Check sas_port before using it (LP: #1855952)
- scsi: hisi_sas: Check sas_port before using it
* CVE-2019-19078
- ath10k: fix memory leak
* cifs: DFS Caching feature causing problems traversing multi-tier DFS setups
(LP: #1854887)
- cifs: Fix retrieval of DFS referrals in cifs_mount()
* Support DPCD aux brightness control (LP: #1856134)
- SAUCE: drm/i915: Fix eDP DPCD aux max backlight calculations
- SAUCE: drm/i915: Assume 100% brightness when not in DPCD control mode
- SAUCE: drm/i915: Fix DPCD register order in
intel_dp_aux_enable_backlight()
- SAUCE: drm/i915: Auto detect DPCD backlight support by default
- SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED
panel
- USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision 4K
sku
* The system cannot resume from S3 if user unplugs the TB16 during suspend
state (LP: #1849269)
- PCI: pciehp: Do not disable interrupt twice on suspend
- PCI: pciehp: Prevent deadlock on disconnect
* change kconfig of the soundwire bus driver from y to m (LP: #1855685)
- [Config]: SOUNDWIRE=m
* alsa/sof: change to use hda hdmi codec driver to make hdmi audio on the
docking station work (LP: #1855666)
- ALSA: hda/hdmi - implement mst_no_extra_pcms flag
- ASoC: hdac_hda: add support for HDMI/DP as a HDA codec
- ASoC: Intel: skl-hda-dsp-generic: use snd-hda-codec-hdmi
- ASoC: Intel: skl-hda-dsp-generic: fix include guard name
- ASoC: SOF: Intel: add support for snd-hda-codec-hdmi
- ASoC: Intel: bxt-da7219-max98357a: common hdmi codec support
- ASoC: Intel: glk_rt5682_max98357a: common hdmi codec support
- ASoC: intel: sof_rt5682: common hdmi codec support
- ASoC: Intel: bxt_rt298: common hdmi codec support
- ASoC: SOF: enable sync_write in hdac_bus
- [config]: SND_SOC_SOF_HDA_COMMON_HDMI_CODEC=y
* Fix unusable USB hub on Dell TB16 after S3 (LP: #1855312)
- SAUCE: USB: core: Make port power cycle a seperate helper function
- SAUCE: USB: core: Attempt power cycle port when it's in eSS.Disabled state
* Focal update: v5.4.3 upstream stable release (LP: #1856583)
- rsi: release skb if rsi_prepare_beacon fails
- arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator
- perf scripts python: exported-sql-viewer.py: Fix use of TRUE with SQLite
- sparc64: implement ioremap_uc
- lp: fix sparc64 LPSETTIMEOUT ioctl
- time: Zero the upper 32-bits in __kernel_timespec on 32-bit
- mailbox: tegra: Fix superfluous IRQ error message
- staging/octeon: Use stubs for MIPS && !CAVIUM_OCTEON_SOC
- usb: gadget: u_serial: add missing port entry locking
- serial: 8250-mtk: Use platform_get_irq_optional() for optional irq
- tty: serial: fsl_lpuart: use the sg count from dma_map_sg
- tty: serial: msm_serial: Fix flow control
- serial: pl011: Fix DMA ->flush_buffer()
- serial: serial_core: Perform NULL checks for break_ctl ops
- serial: stm32: fix clearing interrupt error flags
- serial: 8250_dw: Avoid double error messaging when IRQ absent
- serial: ifx6x60: add missed pm_runtime_disable
- mwifiex: Re-work support for SDIO HW reset
- io_uring: fix dead-hung for non-iter fixed rw
- io_uring: transform send/recvmsg() -ERESTARTSYS to -EINTR
- fuse: fix leak of fuse_io_priv
- fuse: verify nlink
- fuse: verify write return
- fuse: verify attributes
- io_uring: fix missing kmap() declaration on powerpc
- io_uring: ensure req->submit is copied when req is deferred
- SUNRPC: Avoid RPC delays when exiting suspend
- ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC
- ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
- ALSA: pcm: oss: Avoid potential buffer overflows
- ALSA: hda - Add mute led support for HP ProBook 645 G4
- ALSA: hda: Modify stream stripe mask only when needed
- soc: mediatek: cmdq: fixup wrong input order of write api
- Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus
- Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
- Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
- Input: goodix - add upside-down quirk for Teclast X89 tablet
- coresight: etm4x: Fix input validation for sysfs.
- Input: Fix memory leak in psxpad_spi_probe
- media: rc: mark input device as pointing stick
- x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all()
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
- CIFS: Fix SMB2 oplock break processing
- tty: vt: keyboard: reject invalid keycodes
- can: slcan: Fix use-after-free Read in slcan_open
- nfsd: Ensure CLONE persists data and metadata changes to the target file
- nfsd: restore NFSv3 ACL support
- kernfs: fix ino wrap-around detection
- jbd2: Fix possible overflow in jbd2_log_space_left()
- drm/msm: fix memleak on release
- drm: damage_helper: Fix race checking plane->state->fb
- drm/i810: Prevent underflow in ioctl
- arm64: Validate tagged addresses in access_ok() called from kernel threads
- arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc
node"
- KVM: PPC: Book3S HV: XIVE: Free previous EQ page when setting up a new one
- KVM: PPC: Book3S HV: XIVE: Fix potential page leak on error path
- KVM: PPC: Book3S HV: XIVE: Set kvm->arch.xive when VPs are allocated
- KVM: nVMX: Always write vmcs02.GUEST_CR3 during nested VM-Enter
- KVM: arm/arm64: vgic: Don't rely on the wrong pending table
- KVM: x86: do not modify masked bits of shared MSRs
- KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
- KVM: x86: Remove a spurious export of a static function
- KVM: x86: Grab KVM's srcu lock when setting nested state
- crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
- crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize
- crypto: af_alg - cast ki_complete ternary op to int
- crypto: geode-aes - switch to skcipher for cbc(aes) fallback
- crypto: ccp - fix uninitialized list head
- crypto: ecdh - fix big endian bug in ECC library
- crypto: user - fix memory leak in crypto_report
- spi: spi-fsl-qspi: Clear TDH bits in FLSHCR register
- spi: stm32-qspi: Fix kernel oops when unbinding driver
- spi: atmel: Fix CS high support
- spi: Fix SPI_CS_HIGH setting when using native and GPIO CS
- spi: Fix NULL pointer when setting SPI_CS_HIGH for GPIO CS
- can: ucan: fix non-atomic allocation in completion handler
- RDMA/qib: Validate ->show()/store() callbacks before calling them
- rfkill: allocate static minor
- bdev: Factor out bdev revalidation into a common helper
- bdev: Refresh bdev size for disks without partitioning
- iomap: Fix pipe page leakage during splicing
- thermal: Fix deadlock in thermal thermal_zone_device_check
- vcs: prevent write access to vcsu devices
- Revert "serial/8250: Add support for NI-Serial PXI/PXIe+485 devices"
- binder: Fix race between mmap() and binder_alloc_print_pages()
- binder: Prevent repeated use of ->mmap() via NULL mapping
- binder: Handle start==NULL in binder_update_page_range()
- KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
(CVE-2019-19332)
- ALSA: hda - Fix pending unsol events at shutdown
- cpufreq: imx-cpufreq-dt: Correct i.MX8MN's default speed grade value
- md/raid0: Fix an error message in raid0_make_request()
- drm/mcde: Fix an error handling path in 'mcde_probe()'
- watchdog: aspeed: Fix clock behaviour for ast2600
- EDAC/ghes: Fix locking and memory barrier issues
- perf script: Fix invalid LBR/binary mismatch error
- kselftest: Fix NULL INSTALL_PATH for TARGETS runlist
- Linux 5.4.3
* Realtek ALC256M with DTS Audio Processing internal microphone doesn't work
on Redmi Book 14 2019 (LP: #1846148) // Focal update: v5.4.3 upstream stable
release (LP: #1856583)
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
* Miscellaneous Ubuntu changes
- [Debian] add python depends to ubuntu-regression-suite
- SAUCE: selftests: net: tls: remove recv_rcvbuf test
- update dkms package versions
-- Seth Forshee <seth.fors...@canonical.com> Mon, 16 Dec 2019 14:54:19
-0600
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19078
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19332
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1852663
Title:
i40e: general protection fault in i40e_config_vf_promiscuous_mode
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Eoan:
Fix Released
Bug description:
SRU Justification
[Impact]
Assign some VFs to VMs, when deleting VMs, a general protection fault occurs
in i40e_config_vf_promiscuous_mode
general protection fault: 0000 [#1] SMP PTI
CPU: 54 PID: 6200 Comm: libvirtd Not tainted 5.3.0-21-generic
#22~18.04.1-UbuntuHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10,
BIOS U30 05/21/2019
RIP: 0010:i40e_config_vf_promiscuous_mode+0x172/0x330 [i40e]
Code: 48 8b 00 83 d1 00 48 85 c0 75 ef 49 83 c4 08 4c 39 e6 75 dd 85 c9 74 73
0f b6 45 c0 45 31 d2 89 45 d0 4d 8b 3e 4d 85 ff 74 53 <41> 0f b7 4f 16 66 81 f9
ff 0f 77 3f 0f b7 b3 ea 0c 00 00 8b 55 d0
RSP: 0018:ffffb987b5c77760 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff9bb5df5a9000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000006000000 RDI: ffff9bace4bce350
RBP: ffffb987b5c777b0 R08: 0000000000000000 R09: ffff9bace56a9da0
R10: 0000000000000000 R11: 0000000000000100 R12: ffff9bb5df5a9a28
R13: ffff9bace4bce008 R14: ffff9bb5df5a9338 R15: 26c2b975d54f5980
FS: 00007f9f07fff700(0000) GS:ffff9bfcff480000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa73c9c0e10 CR3: 000000f6ab37a002 CR4: 00000000007626e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
i40e_ndo_set_vf_port_vlan+0x1a2/0x440[i40e]
do_setlink+0x53f/0xee0
?update_load_avg+0x596/0x620
?update_curr+0x7a/0x1d0
?__switch_to_asm+0x40/0x70
?__switch_to_asm+0x34/0x70
?__switch_to_asm+0x40/0x70
?__switch_to_asm+0x34/0x70
rtnl_setlink+0x113/0x150
rtnetlink_rcv_msg+0x296/0x340
?aa_label_sk_perm.part.4+0x10f/0x160
?_cond_resched+0x19/0x40
?rtnl_calcit.isra.30+0x120/0x120
netlink_rcv_skb+0x51/0x120
rtnetlink_rcv+0x15/0x20
netlink_unicast+0x1a4/0x250
netlink_sendmsg+0x2d7/0x3d0
sock_sendmsg+0x63/0x70
___sys_sendmsg+0x2a9/0x320
?aa_label_sk_perm.part.4+0x10f/0x160
?_raw_spin_unlock_bh+0x1e/0x20
?release_sock+0x8f/0xa0
__sys_sendmsg+0x63/0xa0
?__sys_sendmsg+0x63/0xa0
__x64_sys_sendmsg+0x1f/0x30
do_syscall_64+0x5a/0x130
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This issue also happens when deleting k8s pod if VF is used by k8s pod, there
was a bug reported in the e1000-devel mailing list
https://sourceforge.net/p/e1000/mailman/message/36766306/
The fix is suggested by Billy McFall, to add protection when accessing
the hash list(vsi->mac_filter_hash), but it's not upstream yet
[Test Case]
Spin up some VMs with VFs, then delete all VMs
[Regression Potential]
Low, the fix is to add a protection for a hash list, shouldn't have potential
regression
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1852663/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
