kunpeng920

scsi: hisi_sas: Increase debugfs_dump_index after dump is completed

Bug #1982070 reported by Fred Kimmy on 2022-07-19

This bug affects 1 person

	Status	Importance	Assigned to
kunpeng920	Fix Released	Undecided	Ike Panhc
Ubuntu-20.04-hwe	Fix Released	Undecided	Ike Panhc
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Jammy	Fix Released	Medium	Ike Panhc
Kinetic	Fix Released	Undecided	Unassigned

Bug Description

[Impact]
Trigger dump on hisi_sas in debugfs will cause kernel oops.

[Test Plan]
1) modprobe hisi_sas_main with "debugfs_enable=1"
2) echo 1 | sudo tee /sys/kernel/debug/hisi_sas/0000\:74\:02.0/trigger_dump
3) dmesg | grep Oops

[Regression Risk]
Only touch code in hisi_sas. Need to run full test on hisi_sas. Other drivers/platforms are not affected.

================
[Bug Description]
When the hisi_sas_main driver is loaded, the DFX function is enabled. When the dump is triggered or the SAS controller is reset, call_trace is displayed. In addition, the hisi_sas_v3_hw driver is occupied and cannot be uninstalled.

[Steps to Reproduce]
1)dmesg -C
2)dmesg
3)lsblk
4)lsscsi -p
5)lsmod | grep hisi_sas_v3
6)rmmod hisi_sas_v3_hw
7)rmmod hisi_sas_main
8)modprobe hisi_sas_main debugfs_enable=1
9)modprobe hisi_sas_v3_hw
10)cd /sys/kernel/debug/hisi_sas/0000\:74\:02.0/
11)ll
12)echo 1 > trigger_dump
13)echo 1 > trigger_dump
14)dmesg

[Actual Results]
[ 1005.899976] sas: broadcast received: 0
[ 1005.899997] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.901775] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.901777] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.901793] sas: broadcast received: 0
[ 1005.901820] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.903563] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.903570] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.903586] sas: broadcast received: 0
[ 1005.903611] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.905387] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.905388] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.905404] sas: broadcast received: 0
[ 1005.905429] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.907161] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.907168] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.907182] sas: broadcast received: 0
[ 1005.907207] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.908944] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.908946] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.909025] sas: broadcast received: 0
[ 1005.909062] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.910912] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.910919] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.910947] sas: broadcast received: 0
[ 1005.910985] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.912843] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.912847] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.912877] sas: broadcast received: 0
[ 1005.912911] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.915191] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.915198] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.915221] sas: broadcast received: 0
[ 1005.915259] sas: REVALIDATING DOMAIN on port 0, pid:1170
[ 1005.917957] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.917965] sas: done REVALIDATING DOMAIN on port 0, pid:1170, res 0x0
[ 1005.920337] sd 4:0:11:0: [sdl] Attached SCSI disk
[ 1005.921692] sd 4:0:4:0: [sde] Attached SCSI disk
[ 1008.107610] hisi_sas_v3_hw 0000:b4:02.0: 16 hw queues
[ 1008.112712] scsi host6: hisi_sas_v3_hw
[ 1010.428061] hisi_sas_v3_hw 0000:b4:04.0: 16 hw queues
[ 1010.433120] scsi host7: hisi_sas_v3_hw
root@ubuntu:/sys/kernel/debug/hisi_sas/0000:74:02.0#

[Expected Results]
Recurrence Logs：
[ 360.441633] SET = 0, FnV = 0
[ 360.444689] EA = 0, S1PTW = 0
[ 360.447863] Data abort info:
[ 360.450783] ISV = 0, ISS = 0x00000044
[ 360.454663] CM = 0, WnR = 1
[ 360.457673] user pgtable: 4k pages, 48-bit VAs, pgdp=000000211b7ae000
[ 360.464140] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 360.470969] Internal error: Oops: 96000044 [#2] SMP
[ 360.475844] Modules linked in: hisi_sas_v3_hw hisi_sas_main nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ipmi_ssif joydev input_leds efi_pstore arm_spe_pmu hisi_hpre ecdh_generic libcurve25519_generic hns_roce_hw_v2 ecc hisi_zip uio_pdrv_genirq uio hisi_sec2 hisi_qm uacce authenc acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler hisi_trng_v2 cppc_cpufreq sch_fq_codel ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor xor_neon raid6_pq libcrc32c raid1 raid0 multipath linear mlx5_ib ib_uverbs ib_core realtek hibmc_drm drm_vram_helper drm_ttm_helper ttm i2c_algo_bit drm_kms_helper syscopyarea sysfillrect crct10dif_ce hid_generic ghash_ce sysimgblt sha2_ce fb_sys_fops sha256_arm64 mlx5_core cec usbhid ixgbe sha1_ce hns3 rc_core hclge psample xfrm_algo hid nvme drm mdio libsas mlxfw xhci_pci hnae3 nvme_core xhci_pci_renesas ahci scsi_transport_sas tls spi_dw_mmio gpio_dwapb spi_dw
[ 360.476356] aes_neon_bs aes_neon_blk aes_ce_blk crypto_simd cryptd aes_ce_cipher [last unloaded: hisi_sas_main]
[ 360.572957] CPU: 12 PID: 1389 Comm: kworker/u256:3 Tainted: G D 5.13.0-44-generic #49~20.04.1-Ubuntu
[ 360.583361] Hardware name: Huawei TaiShan 200 (Model 2280)/BC82AMDD, BIOS 2280-V2 CS V5.B221.01 12/09/2021
[ 360.592983] Workqueue: 0000:b4:04.0 hisi_sas_rst_work_handler [hisi_sas_main]
[ 360.600138] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[ 360.606135] pc : debugfs_snapshot_regs_v3_hw+0xe4/0x418 [hisi_sas_v3_hw]
[ 360.612841] lr : debugfs_snapshot_regs_v3_hw+0xe4/0x418 [hisi_sas_v3_hw]
[ 360.619536] sp : ffff80002fdebd10
[ 360.622846] x29: ffff80002fdebd10 x28: 0000000000000000 x27: 0000000000000000
[ 360.629974] x26: ffff202000cdaa6c x25: 0000000000000000 x24: ffff0020fe8fe8b0
[ 360.637101] x23: 0000000000000000 x22: ffff202017395ce8 x21: ffff2020173a4880
[ 360.644225] x20: 0000000000000000 x19: ffff202017380880 x18: 000000000000000e
[ 360.651351] x17: 0000000000000001 x16: ffffba5e9251f9a8 x15: 0000000000000000
[ 360.658474] x14: 0000000000000000 x13: 0000000000000020 x12: ffffba5e9388fa58
[ 360.665599] x11: 0000000000000040 x10: ffffba5e949a7cc0 x9 : ffffba5e4c21a8e4
[ 360.672724] x8 : ffff202001a56ff0 x7 : 0000000000000000 x6 : 0000000000000000
[ 360.679848] x5 : ffff202001a56fc8 x4 : ffff202001a57050 x3 : 0000000000003011
[ 360.686974] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
[ 360.694100] Call trace:
[ 360.696547] debugfs_snapshot_regs_v3_hw+0xe4/0x418 [hisi_sas_v3_hw]
[ 360.702900] hisi_sas_controller_prereset+0x8c/0xa8 [hisi_sas_main]
[ 360.709168] hisi_sas_rst_work_handler+0x28/0x48 [hisi_sas_main]
[ 360.715175] process_one_work+0x1fc/0x4b8
[ 360.719194] worker_thread+0x148/0x510
[ 360.722946] kthread+0x114/0x120
[ 360.726177] ret_from_fork+0x10/0x18
[ 360.729762] Code: d503201f 2a1403e1 f9401660 97fff114 (b8346ae0)
[ 360.735843] ---[ end trace ff032567bd4ebc0a ]---
root@mycover:~#

Normal log：
[ 1005.899976] sas: broadcast received: 0
[ 1005.899997] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.901775] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.901777] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.901793] sas: broadcast received: 0
[ 1005.901820] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.903563] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.903570] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.903586] sas: broadcast received: 0
[ 1005.903611] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.905387] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.905388] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.905404] sas: broadcast received: 0
[ 1005.905429] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.907161] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.907168] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.907182] sas: broadcast received: 0
[ 1005.907207] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.908944] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.908946] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.909025] sas: broadcast received: 0
[ 1005.909062] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.910912] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.910919] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.910947] sas: broadcast received: 0
[ 1005.910985] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.912843] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.912847] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.912877] sas: broadcast received: 0
[ 1005.912911] sas: REVALIDATING DOMAIN on port 0, pid:8
[ 1005.915191] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.915198] sas: done REVALIDATING DOMAIN on port 0, pid:8, res 0x0
[ 1005.915221] sas: broadcast received: 0
[ 1005.915259] sas: REVALIDATING DOMAIN on port 0, pid:1170
[ 1005.917957] sas: ex 570fd45f9d17b01f phys DID NOT change
[ 1005.917965] sas: done REVALIDATING DOMAIN on port 0, pid:1170, res 0x0
[ 1005.920337] sd 4:0:11:0: [sdl] Attached SCSI disk
[ 1005.921692] sd 4:0:4:0: [sde] Attached SCSI disk
[ 1008.107610] hisi_sas_v3_hw 0000:b4:02.0: 16 hw queues
[ 1008.112712] scsi host6: hisi_sas_v3_hw
[ 1010.428061] hisi_sas_v3_hw 0000:b4:04.0: 16 hw queues
[ 1010.433120] scsi host7: hisi_sas_v3_hw
root@ubuntu:/sys/kernel/debug/hisi_sas/0000:74:02.0#

[Reproducibility]
Conditionally recurs.

[Additional information2022053006819]
Ubuntu-hwe-5.13-5.13.0-35.40_20.04.1

[Resolution]
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.16-rc1&id=9aec5ffa6e39926cff1a6b576c815a9cee90e259

scsi: hisi_sas: Increase debugfs_dump_index after dump is
completed

See original description

Tags:

CVE References

2022-3176

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-07-25:

LGTM, I will try to backport and reproduce.

Changed in kunpeng920:
status:	New → In Progress
assignee:	nobody → Ike Panhc (ikepanhc)

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-08-31:

I can reproduce but it seems kernel log with backtrace is the faulty one. Will build kernel and verify.

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-01:

Build patched kernel and I can trigger dump without kernel oops. Thanks. I will send the patch.

Ike Panhc (ikepanhc) on 2022-09-02

Changed in linux (Ubuntu):
status:	New → In Progress
assignee:	nobody → Ike Panhc (ikepanhc)

Ike Panhc (ikepanhc) on 2022-09-02

description:

updated

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-02:

Patch hits mainline kernel since v5.16. When Kinetic kernel rolls to v5.19, this issue will be fix for 22.10.

Changed in linux (Ubuntu Jammy):
status:	New → In Progress
assignee:	nobody → Ike Panhc (ikepanhc)
Changed in linux (Ubuntu):
assignee:	Ike Panhc (ikepanhc) → nobody
status:	In Progress → Fix Committed

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-05:

Patch sent. https://lists.ubuntu.com/archives/kernel-team/2022-September/132987.html

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-05:

Dig deeper with 5.4 kernels and it also support debugfs with hisi_sas but can not clean cherry-pick the mainline patch. I will try to reproduce this issue with 5.4 kernel and find out if we need to backport.

Stefan Bader (smb) on 2022-09-13

Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium

Stefan Bader (smb) on 2022-09-14

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Kinetic):
status:	Fix Committed → Fix Released

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-16:

I can not reproduce on 5.4.0-125.141-generic kernel. The only Ubuntu kernel affected is 5.15.

Changed in kunpeng920:
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-09-21:

This bug is awaiting verification that the linux/5.15.0-50.56 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-09-22:

Jammy kernel 5.15.0-50.56 works for me. Thanks.

tags:

added: verification-done-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-10-10:

#10

Download full text (42.9 KiB)

This bug was fixed in the package linux - 5.15.0-50.56

---------------
linux (5.15.0-50.56) jammy; urgency=medium

* jammy/linux: 5.15.0-50.56 -proposed tracker (LP: #1990148)

  * CVE-2022-3176
    - io_uring: refactor poll update
    - io_uring: move common poll bits
    - io_uring: kill poll linking optimisation
    - io_uring: inline io_poll_complete
    - io_uring: correct fill events helpers types
    - io_uring: clean cqe filling functions
    - io_uring: poll rework
    - io_uring: remove poll entry from list when canceling all
    - io_uring: bump poll refs to full 31-bits
    - io_uring: fail links when poll fails
    - io_uring: fix wrong arm_poll error handling
    - io_uring: fix UAF due to missing POLLFREE handling

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.15.0-49.55) jammy; urgency=medium

* jammy/linux: 5.15.0-49.55 -proposed tracker (LP: #1989785)

* amdgpu module crash after 5.15 kernel update (LP: #1981883)
- drm/amdgpu: fix check in fbdev init

  * scsi: hisi_sas: Increase debugfs_dump_index after dump is completed
    (LP: #1982070)
    - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed

* [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
- s390/qeth: cache link_info for ethtool

* WARN in trace_event_dyn_put_ref (LP: #1987232)
- tracing/perf: Fix double put of trace event when init fails

  * Jammy update: v5.15.60 upstream stable release (LP: #1989221)
    - x86/speculation: Make all RETbleed mitigations 64-bit only
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - selftests/bpf: Check dst_port only on the client socket
    - block: fix default IO priority handling again
    - tools/vm/slabinfo: Handle files in debugfs
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - crypto: arm64/poly1305 - fix a read out-of-bound
    - KVM: x86: do not report a vCPU as preempted outside instruction boundaries
    - KVM: x86: do not set st->preempted when going back to user space
    - KVM: selftests: Make hyperv_clock selftest more stable
    - tools/kvm_stat: fix display of error when multiple processes are found
    - selftests: KVM: Handle compiler optimizations in ucall
    - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
    - arm64: set UXN on swapper page tables
    - btrfs: zoned: prevent allocation from previous data relocation BG
    - btrfs: zoned: fix critical section of relocation inode writeback
    - Bluetooth: hci_bcm: Add BCM4349B1 variant
    - Bluetooth: hci_bcm: Add DT compatible for CYW55572
    - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding
    - Bluetooth: btusb: Add support of IMC Netw...

This bug was fixed in the package linux - 5.15.0-50.56

---------------
linux (5.15.0-50.56) jammy; urgency=medium

* jammy/linux: 5.15.0-50.56 -proposed tracker (LP: #1990148)

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

linux (5.15.0-49.55) jammy; urgency=medium

* jammy/linux: 5.15.0-49.55 -proposed tracker (LP: #1989785)

* amdgpu module crash after 5.15 kernel update (LP: #1981883)
    - drm/amdgpu: fix check in fbdev init

* scsi: hisi_sas: Increase debugfs_dump_index after dump is  completed
    (LP: #1982070)
    - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed

* [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
    - s390/qeth: cache link_info for ethtool

* WARN in trace_event_dyn_put_ref (LP: #1987232)
    - tracing/perf: Fix double put of trace event when init fails

* Jammy update: v5.15.59 upstream stable release (LP: #1989218)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - Revert "ocfs2: mount shared volume without ha stack"
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - fs: sendfile handles O_NONBLOCK of out_fd
    - secretmem: fix unhandled fault in truncate
    - mm: fix page leak with multiple threads mapping the same page
    - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte
    - asm-generic: remove a broken and needless ifdef conditional
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - nouveau/svm: Fix to migrate all requested pages
    - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid()
    - watch_queue: Fix missing rcu annotation
    - watch_queue: Fix missing locking in add_watch_to_object()
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - Revert "tcp: change pingpong threshold to 3"
    - octeontx2-pf: Fix UDP/TCP src and dst port tc filters
    - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - scsi: core: Fix warning in scsi_alloc_sgtables()
    - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - net/tls: Remove the context from the list in tls_device_down
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    - tcp: Fix a data-race around sysctl_tcp_autocorking.
    - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    - Documentation: fix sctp_wmem in ip-sysctl.rst
    - macsec: fix NULL deref in macsec_add_rxsa
    - macsec: fix error message in macsec_add_rxsa and _txsa
    - macsec: limit replay window size with XPN
    - macsec: always read MACSEC_SA_ATTR_PN as a u64
    - net: macsec: fix potential resource leak in macsec_add_rxsa() and
      macsec_add_txsa()
    - net: mld: fix reference count leak in mld_{query | report}_work()
    - tcp: Fix data-races around sk_pacing_rate.
    - net: Fix data-races around sysctl_[rw]mem(_offset)?.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    - tcp: Fix data-races around sysctl_tcp_reflect_tos.
    - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change.
    - i40e: Fix interface init with MSI interrupts (no MSI-X)
    - sctp: fix sleep in atomic context bug in timer handlers
    - octeontx2-pf: cn10k: Fix egress ratelimit configuration
    - virtio-net: fix the race between refill work and close
    - perf symbol: Correct address for bss symbols
    - sfc: disable softirqs for ptp TX
    - sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    - ARM: crypto: comment out gcc warning that breaks clang builds
    - mm/hmm: fault non-owner device private entries
    - page_alloc: fix invalid watermark check on a negative value
    - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
    - EDAC/ghes: Set the DIMM label unconditionally
    - docs/kernel-parameters: Update descriptions for "mitigations=" param with
      retbleed
    - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by
      first waiter
    - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
    - Linux 5.15.59

* Jammy update: v5.15.58 upstream stable release (LP: #1988479)
    - pinctrl: stm32: fix optional IRQ support to gpios
    - riscv: add as-options for modules with assembly compontents
    - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    - lockdown: Fix kexec lockdown bypass with ima policy
    - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers
    - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision
    - bus: mhi: host: pci_generic: add Telit FN990
    - Revert "selftest/vm: verify remap destination address in mremap_test"
    - Revert "selftest/vm: verify mmap addr in mremap_test"
    - PCI: hv: Fix multi-MSI to allow more than one MSI vector
    - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    - PCI: hv: Fix interrupt mapping for multi-MSI
    - serial: mvebu-uart: correctly report configured baudrate value
    - batman-adv: Use netif_rx_any_context() any.
    - xfs: fix maxlevels comparisons in the btree staging code
    - xfs: fold perag loop iteration logic into helper function
    - xfs: rename the next_agno perag iteration variable
    - xfs: terminate perag iteration reliably on agcount
    - xfs: fix perag reference leak on iteration race with growfs
    - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
    - r8152: fix a WOL issue
    - ip: Fix data-races around sysctl_ip_default_ttl.
    - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
      xfrm_bundle_lookup()
    - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    - RDMA/irdma: Do not advertise 1GB page size for x722
    - RDMA/irdma: Fix sleep from invalid context BUG
    - pinctrl: ralink: rename MT7628(an) functions to MT76X8
    - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink
    - pinctrl: ralink: Check for null return of devm_kcalloc
    - perf/core: Fix data race between perf_event_set_output() and
      perf_mmap_close()
    - ipv4/tcp: do not use per netns ctl sockets
    - net: tun: split run_ebpf_filter() and pskb_trim() into different "if
      statement"
    - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30%
    - sysctl: move some boundary constants from sysctl.c to sysctl_vals
    - tcp: Fix data-races around sysctl_tcp_ecn.
    - drm/amd/display: Add option to defer works of hpd_rx_irq
    - drm/amd/display: Fork thread to offload work of hpd_rx_irq
    - drm/amdgpu/display: add quirk handling for stutter mode
    - drm/amd/display: Ignore First MST Sideband Message Return Error
    - scsi: megaraid: Clear READ queue map's nr_queues
    - scsi: ufs: core: Drop loglevel of WriteBoost message
    - nvme: check for duplicate identifiers earlier
    - nvme: fix block device naming collision
    - igc: Reinstate IGC_REMOVED logic and implement it properly
    - ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    - ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    - ip: Fix data-races around sysctl_ip_fwd_update_priority.
    - ip: Fix data-races around sysctl_ip_nonlocal_bind.
    - ip: Fix a data-race around sysctl_ip_autobind_reuse.
    - ip: Fix a data-race around sysctl_fwmark_reflect.
    - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
    - tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
    - tcp: Fix data-races around sysctl_tcp_mtu_probing.
    - tcp: Fix data-races around sysctl_tcp_base_mss.
    - tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    - tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    - tcp: Fix a data-race around sysctl_tcp_probe_interval.
    - net: stmmac: fix pm runtime issue in stmmac_dvr_remove()
    - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
    - mtd: rawnand: gpmi: validate controller clock rate
    - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    - net: dsa: microchip: ksz_common: Fix refcount leak bug
    - net: skb: introduce kfree_skb_reason()
    - net: skb: use kfree_skb_reason() in tcp_v4_rcv()
    - net: skb: use kfree_skb_reason() in __udp4_lib_rcv()
    - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER
    - net: skb_drop_reason: add document for drop reasons
    - net: netfilter: use kfree_drop_reason() for NF_DROP
    - net: ipv4: use kfree_skb_reason() in ip_rcv_core()
    - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core()
    - i2c: mlxcpld: Fix register setting for 400KHz frequency
    - i2c: cadence: Change large transfer count reset logic to be unconditional
    - perf tests: Fix Convert perf time to TSC test for hybrid
    - net: stmmac: fix dma queue left shift overflow issue
    - net/tls: Fix race in TLS device down flow
    - igmp: Fix data-races around sysctl_igmp_llm_reports.
    - igmp: Fix a data-race around sysctl_igmp_max_memberships.
    - igmp: Fix data-races around sysctl_igmp_max_msf.
    - tcp: Fix data-races around keepalive sysctl knobs.
    - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries.
    - tcp: Fix data-races around sysctl_tcp_syncookies.
    - tcp: Fix data-races around sysctl_tcp_migrate_req.
    - tcp: Fix data-races around sysctl_tcp_reordering.
    - tcp: Fix data-races around some timeout sysctl knobs.
    - tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    - tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    - tcp: Fix data-races around sysctl_max_syn_backlog.
    - tcp: Fix data-races around sysctl_tcp_fastopen.
    - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
    - iavf: Fix handling of dummy receive descriptors
    - pinctrl: armada-37xx: Use temporary variable for struct device
    - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource()
    - pinctrl: armada-37xx: Convert to use dev_err_probe()
    - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait
      context
    - i40e: Fix erroneous adapter reinitialization during recovery process
    - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    - net: stmmac: remove redunctant disable xPCS EEE call
    - gpio: pca953x: only use single read/write for No AI mode
    - gpio: pca953x: use the correct range when do regmap sync
    - gpio: pca953x: use the correct register address when regcache sync during
      init
    - be2net: Fix buffer overflow in be_get_module_eeprom
    - net: dsa: sja1105: silent spi_device_id warnings
    - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings
    - drm/imx/dcss: Add missing of_node_put() in fail path
    - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.
    - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields.
    - ip: Fix data-races around sysctl_ip_prot_sock.
    - udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    - tcp: Fix data-races around sysctl knobs related to SYN option.
    - tcp: Fix a data-race around sysctl_tcp_early_retrans.
    - tcp: Fix data-races around sysctl_tcp_recovery.
    - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    - tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    - tcp: Fix a data-race around sysctl_tcp_stdurg.
    - tcp: Fix a data-race around sysctl_tcp_rfc1337.
    - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow.
    - tcp: Fix data-races around sysctl_tcp_max_reordering.
    - gpio: gpio-xilinx: Fix integer overflow
    - KVM: selftests: Fix target thread to be migrated in rseq_test
    - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
      transfers
    - KVM: Don't null dereference ops->destroy
    - mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    - bpf: Make sure mac_header was set before using it
    - sched/deadline: Fix BUG_ON condition for deboosted tasks
    - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    - dlm: fix pending remove if msg allocation fails
    - x86/uaccess: Implement macros for CMPXCHG on user addresses
    - bitfield.h: Fix "type of reg too small for mask" test
    - x86/entry_32: Remove .fixup usage
    - x86/extable: Extend extable functionality
    - x86/msr: Remove .fixup usage
    - x86/futex: Remove .fixup usage
    - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
    - xhci: dbc: refactor xhci_dbc_init()
    - xhci: dbc: create and remove dbc structure in dbgtty driver.
    - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit
    - xhci: Set HCD flag to defer primary roothub registration
    - mt76: fix use-after-free by removing a non-RCU wcid pointer
    - iwlwifi: fw: uefi: add missing include guards
    - crypto: qat - set to zero DH parameters before free
    - crypto: qat - use pre-allocated buffers in datapath
    - crypto: qat - refactor submission logic
    - crypto: qat - add backlog mechanism
    - crypto: qat - fix memory leak in RSA
    - crypto: qat - remove dma_free_coherent() for RSA
    - crypto: qat - remove dma_free_coherent() for DH
    - crypto: qat - add param check for RSA
    - crypto: qat - add param check for DH
    - crypto: qat - re-enable registration of algorithms
    - exfat: fix referencing wrong parent directory information after renaming
    - tracing: Have event format check not flag %p* on __get_dynamic_array()
    - tracing: Place trace_pid_list logic into abstract functions
    - tracing: Fix return value of trace_pid_write()
    - um: virtio_uml: Allow probing from devicetree
    - um: virtio_uml: Fix broken device handling in time-travel
    - Bluetooth: Add bt_skb_sendmsg helper
    - Bluetooth: Add bt_skb_sendmmsg helper
    - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    - Bluetooth: Fix passing NULL to PTR_ERR
    - Bluetooth: SCO: Fix sco_send_frame returning skb->len
    - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    - exfat: use updated exfat_chain directly during renaming
    - x86/amd: Use IBPB for firmware calls
    - x86/alternative: Report missing return thunk details
    - watchqueue: make sure to serialize 'wqueue->defunct' properly
    - tty: drivers/tty/, stop using tty_schedule_flip()
    - tty: the rest, stop using tty_schedule_flip()
    - tty: drop tty_schedule_flip()
    - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    - watch-queue: remove spurious double semicolon
    - drm/amd/display: invalid parameter check in dmub_hpd_callback
    - x86/extable: Prefer local labels in .set directives
    - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
    - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
    - x86/entry_32: Fix segment exceptions
    - Linux 5.15.58

* Jammy update: v5.15.57 upstream stable release (LP: #1988353)
    - x86/xen: Fix initialisation in hypercall_page after rethunk
    - tools arch x86: Sync the msr-index.h copy with the kernel sources
    - tools headers cpufeatures: Sync with the kernel sources
    - um: Add missing apply_returns()
    - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
    - Linux 5.15.57

* Jammy update: v5.15.56 upstream stable release (LP: #1988351)
    - ALSA: hda - Add fixup for Dell Latitidue E5430
    - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    - ALSA: hda/realtek: Fix headset mic for Acer SF313-51
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    - fix race between exit_itimers() and /proc/pid/timers
    - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
    - mm: split huge PUD on wp_huge_pud fallback
    - tracing/histograms: Fix memory leak problem
    - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
      pointer
    - ip: fix dflt addr selection for connected nexthop
    - ARM: 9213/1: Print message about disabled Spectre workarounds only once
    - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    - wifi: mac80211: fix queue selection for mesh/OCB interfaces
    - cgroup: Use separate src/dst nodes when preloading css_sets for migration
    - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline
      extents
    - drm/panfrost: Put mapping instead of shmem obj on
      panfrost_mmu_map_fault_addr() error
    - drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    - fs/remap: constrain dedupe of EOF blocks
    - nilfs2: fix incorrect masking of permission flags for symlinks
    - sh: convert nommu io{re,un}map() to static inline functions
    - Revert "evm: Fix memleak in init_desc"
    - xfs: only run COW extent recovery when there are no live extents
    - xfs: don't include bnobt blocks when reserving free block pool
    - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
    - xfs: drop async cache flushes from CIL commits.
    - reset: Fix devm bulk optional exclusive control getter
    - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    - spi: amd: Limit max transfer and message size
    - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    - ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    - net/mlx5e: kTLS, Fix build time constant test in TX
    - net/mlx5e: kTLS, Fix build time constant test in RX
    - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
    - net/mlx5e: Fix capability check for updating vnic env counters
    - net/mlx5e: Ring the TX doorbell on DMA errors
    - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    - ima: Fix a potential integer overflow in ima_appraise_measurement
    - ASoC: sgtl5000: Fix noise on shutdown/remove
    - ASoC: tas2764: Add post reset delays
    - ASoC: tas2764: Fix and extend FSYNC polarity handling
    - ASoC: tas2764: Correct playback volume range
    - ASoC: tas2764: Fix amp gain register offset & default
    - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
    - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
    - net: stmmac: dwc-qos: Disable split header for Tegra194
    - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence
    - sysctl: Fix data races in proc_dointvec().
    - sysctl: Fix data races in proc_douintvec().
    - sysctl: Fix data races in proc_dointvec_minmax().
    - sysctl: Fix data races in proc_douintvec_minmax().
    - sysctl: Fix data races in proc_doulongvec_minmax().
    - sysctl: Fix data races in proc_dointvec_jiffies().
    - tcp: Fix a data-race around sysctl_tcp_max_orphans.
    - inetpeer: Fix data-races around sysctl.
    - net: Fix data-races around sysctl_mem.
    - cipso: Fix data-races around sysctl.
    - icmp: Fix data-races around sysctl.
    - ipv4: Fix a data-race around sysctl_fib_sync_mem.
    - ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
    - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
    - netfilter: nf_log: incorrect offset to network header
    - netfilter: nf_tables: replace BUG_ON by element length check
    - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
    - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    - lockd: set fl_owner when unlocking files
    - lockd: fix nlm_close_files
    - tracing: Fix sleeping while atomic in kdb ftdump
    - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
    - drm/i915/dg2: Add Wa_22011100796
    - drm/i915/gt: Serialize GRDOM access between multiple engine resets
    - drm/i915/gt: Serialize TLB invalidates with GT resets
    - drm/i915/uc: correctly track uc_fw init failure
    - drm/i915: Require the vm mutex for i915_vma_bind()
    - bnxt_en: Fix bnxt_reinit_after_abort() code path
    - bnxt_en: Fix bnxt_refclk_read()
    - sysctl: Fix data-races in proc_dou8vec_minmax().
    - sysctl: Fix data-races in proc_dointvec_ms_jiffies().
    - icmp: Fix data-races around sysctl_icmp_echo_enable_probe.
    - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses.
    - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
    - icmp: Fix a data-race around sysctl_icmp_ratelimit.
    - icmp: Fix a data-race around sysctl_icmp_ratemask.
    - raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    - tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
    - ipv4: Fix data-races around sysctl_ip_dynaddr.
    - nexthop: Fix data-races around nexthop_compat_mode.
    - net: ftgmac100: Hold reference returned by of_get_child_by_name()
    - net: stmmac: fix leaks in probe
    - ima: force signature verification when CONFIG_KEXEC_SIG is configured
    - ima: Fix potential memory leak in ima_init_crypto()
    - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines.
    - drm/amd/pm: Prevent divide by zero
    - sfc: fix use after free when disabling sriov
    - ceph: switch netfs read ops to use rreq->inode instead of
      rreq->mapping->host
    - seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    - seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    - sfc: fix kernel panic when creating VF
    - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
    - net/tls: Check for errors in tls_device_init
    - ACPI: video: Fix acpi_video_handles_brightness_key_presses()
    - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    - btrfs: rename btrfs_bio to btrfs_io_context
    - btrfs: zoned: fix a leaked bioc in read_zone_info
    - ksmbd: use SOCK_NONBLOCK type for kernel_accept()
    - powerpc/xive/spapr: correct bitmap allocation size
    - vdpa/mlx5: Initialize CVQ vringh only once
    - vduse: Tie vduse mgmtdev and its device
    - virtio_mmio: Add missing PM calls to freeze/restore
    - virtio_mmio: Restore guest page size on resume
    - netfilter: br_netfilter: do not skip all hooks with 0 priority
    - scsi: hisi_sas: Limit max hw sectors for v3 HW
    - cpufreq: pmac32-cpufreq: Fix refcount leak bug
    - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer
    - firmware: sysfb: Add sysfb_disable() helper function
    - fbdev: Disable sysfb device registration when removing conflicting FBs
    - net: tipc: fix possible refcount leak in tipc_sk_create()
    - NFC: nxp-nci: don't print header length mismatch on i2c error
    - nvme-tcp: always fail a request when sending it failed
    - nvme: fix regression when disconnect a recovering ctrl
    - net: sfp: fix memory leak in sfp_probe()
    - ASoC: ops: Fix off by one in range control validation
    - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
    - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
    - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
    - ASoC: Intel: sof_sdw: handle errors on card registration
    - ASoC: rt711: fix calibrate mutex initialization
    - ASoC: rt7*-sdw: harden jack_detect_handler
    - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
    - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
    - ASoC: wcd938x: Fix event generation for some controls
    - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
    - ASoC: wm5110: Fix DRE control
    - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
    - ASoC: dapm: Initialise kcontrol data for mux/demux controls
    - ASoC: cs47l15: Fix event generation for low power mux control
    - ASoC: madera: Fix event generation for OUT1 demux
    - ASoC: madera: Fix event generation for rate controls
    - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    - x86: Clear .brk area at early boot
    - soc: ixp4xx/npe: Fix unused match warning
    - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    - Revert "can: xilinx_can: Limit CANFD brp to 2"
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - ALSA: usb-audio: Add quirk for Fiero SC-01
    - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
    - nvme-pci: phison e16 has bogus namespace ids
    - signal handling: don't use BUG_ON() for debugging
    - USB: serial: ftdi_sio: add Belimo device ids
    - usb: typec: add missing uevent when partner support PD
    - usb: dwc3: gadget: Fix event pending check
    - tty: serial: samsung_tty: set dma burst_size to 1
    - vt: fix memory overlapping when deleting chars in the buffer
    - serial: 8250: fix return error code in serial8250_request_std_resource()
    - serial: stm32: Clear prev values before setting RTS delays
    - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    - serial: 8250: Fix PM usage_count for console handover
    - x86/pat: Fix x86_has_pat_wp()
    - drm/aperture: Run fbdev removal before internal helpers
    - Linux 5.15.56

* Jammy update: v5.15.55 upstream stable release (LP: #1988338)
    - Linux 5.15.55

* Jammy update: v5.15.54 upstream stable release (LP: #1987451)
    - mm/slub: add missing TID updates on slab deactivation
    - mm/filemap: fix UAF in find_lock_entries
    - Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
    - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
    - ALSA: hda/realtek: Add quirk for Clevo L140PU
    - ALSA: cs46xx: Fix missing snd_card_free() call at probe error
    - can: bcm: use call_rcu() instead of costly synchronize_rcu()
    - can: grcan: grcan_probe(): remove extra of_node_get()
    - can: gs_usb: gs_usb_open/close(): fix memory leak
    - can: m_can: m_can_chip_config(): actually enable internal timestamping
    - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32
      bits
    - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for
      mcp2517fd
    - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on
      TBC register
    - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
    - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
    - usbnet: fix memory leak in error case
    - net: rose: fix UAF bug caused by rose_t0timer_expiry
    - netfilter: nft_set_pipapo: release elements in clone from abort path
    - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk
    - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref
    - btrfs: fix invalid delayed ref after subvolume creation failure
    - btrfs: fix warning when freeing leaf after subvolume creation failure
    - Input: cpcap-pwrbutton - handle errors from platform_get_irq()
    - Input: goodix - change goodix_i2c_write() len parameter type to int
    - Input: goodix - add a goodix.h header file
    - Input: goodix - refactor reset handling
    - Input: goodix - try not to touch the reset-pin on x86/ACPI devices
    - dma-buf/poll: Get a file reference for outstanding fence callbacks
    - btrfs: fix deadlock between chunk allocation and chunk btree modifications
    - drm/i915: Disable bonding on gen12+ platforms
    - drm/i915/gt: Register the migrate contexts with their engines
    - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range()
    - media: ir_toy: prevent device from hanging during transmit
    - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash
    - ath11k: add hw_param for wakeup_mhi
    - qed: Improve the stack space of filter_config()
    - platform/x86: wmi: introduce helper to convert driver to WMI driver
    - platform/x86: wmi: Replace read_takes_no_args with a flags field
    - platform/x86: wmi: Fix driver->notify() vs ->probe() race
    - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
    - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine
    - mt76: mt7921: fix a possible race enabling/disabling runtime-pm
    - bpf: Stop caching subprog index in the bpf_pseudo_func insn
    - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC
    - riscv: defconfig: enable DRM_NOUVEAU
    - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console
    - net/mlx5e: Check action fwd/drop flag exists also for nic flows
    - net/mlx5e: Split actions_match_supported() into a sub function
    - net/mlx5e: TC, Reject rules with drop and modify hdr action
    - net/mlx5e: TC, Reject rules with forward and drop actions
    - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend
    - ASoC: rt5682: Re-detect the combo jack after resuming
    - ASoC: rt5682: Fix deadlock on resume
    - netfilter: nf_tables: convert pktinfo->tprot_set to flags field
    - netfilter: nft_payload: support for inner header matching / mangling
    - netfilter: nft_payload: don't allow th access for fragments
    - s390/boot: allocate amode31 section in decompressor
    - s390/setup: use physical pointers for memblock_reserve()
    - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
    - ibmvnic: init init_done_rc earlier
    - ibmvnic: clear fop when retrying probe
    - ibmvnic: Allow queueing resets during probe
    - virtio-blk: avoid preallocating big SGL for data
    - io_uring: ensure that fsnotify is always called
    - block: use bdev_get_queue() in bio.c
    - block: only mark bio as tracked if it really is tracked
    - block: fix rq-qos breakage from skipping rq_qos_done_bio()
    - stddef: Introduce struct_group() helper macro
    - media: omap3isp: Use struct_group() for memcpy() region
    - media: davinci: vpif: fix use-after-free on driver unbind
    - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
    - mt76: mt7921: do not always disable fw runtime-pm
    - cxl/port: Hold port reference until decoder release
    - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3
    - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping
    - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook
    - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
    - scsi: qla2xxx: Fix laggy FC remote port session recovery
    - scsi: qla2xxx: edif: Replace list_for_each_safe with
      list_for_each_entry_safe
    - scsi: qla2xxx: Fix crash during module load unload test
    - gfs2: Fix gfs2_file_buffered_write endless loop workaround
    - vdpa/mlx5: Avoid processing works if workqueue was destroyed
    - btrfs: handle device lookup with btrfs_dev_lookup_args
    - btrfs: add a btrfs_get_dev_args_from_path helper
    - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls
    - btrfs: remove device item and update super block in the same transaction
    - drbd: add error handling support for add_disk()
    - drbd: Fix double free problem in drbd_create_device
    - drbd: fix an invalid memory access caused by incorrect use of list iterator
    - drm/amd/display: Set min dcfclk if pipe count is 0
    - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
    - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
    - NFSD: COMMIT operations must not return NFS?ERR_INVAL
    - riscv/mm: Add XIP_FIXUP for riscv_pfn_base
    - iio: accel: mma8452: use the correct logic to get mma8452_data
    - batman-adv: Use netif_rx().
    - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set
    - Compiler Attributes: add __alloc_size() for better bounds checking
    - mm: vmalloc: introduce array allocation functions
    - KVM: use __vcalloc for very large allocations
    - btrfs: don't access possibly stale fs_info data in device_list_add
    - KVM: s390x: fix SCK locking
    - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
    - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs
    - powerpc: flexible GPR range save/restore macros
    - powerpc/tm: Fix more userspace r13 corruption
    - serial: sc16is7xx: Clear RS485 bits in the shutdown
    - bus: mhi: core: Use correctly sized arguments for bit field
    - bus: mhi: Fix pm_state conversion to string
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper
    - uapi/linux/stddef.h: Add include guards
    - ASoC: rt5682: move clk related code to rt5682_i2c_probe
    - ASoC: rt5682: fix an incorrect NULL check on list iterator
    - drm/amd/vcn: fix an error msg on vcn 3.0
    - KVM: Don't create VM debugfs files outside of the VM directory
    - tty: n_gsm: Modify CR,PF bit when config requester
    - tty: n_gsm: Save dlci address open status when config requester
    - tty: n_gsm: fix frame reception handling
    - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi.
    - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX.
    - tty: n_gsm: fix missing update of modem controls after DLCI open
    - btrfs: zoned: encapsulate inode locking for zoned relocation
    - btrfs: zoned: use dedicated lock for data relocation
    - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref
    - mm/hwpoison: mf_mutex for soft offline and unpoison
    - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce
      handler
    - mm/memory-failure.c: fix race with changing page compound again
    - mm/hwpoison: fix race between hugetlb free/demotion and
      memory_failure_hugetlb()
    - tty: n_gsm: fix invalid use of MSC in advanced option
    - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output()
    - serial: 8250_mtk: Make sure to select the right FEATURE_SEL
    - tty: n_gsm: fix invalid gsmtty_write_room() result
    - drm/i915: Fix a race between vma / object destruction and unbinding
    - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
    - drm/mediatek: Remove the pointer of struct cmdq_client
    - drm/mediatek: Detect CMDQ execution timeout
    - drm/mediatek: Add cmdq_handle in mtk_crtc
    - drm/mediatek: Add vblank register/unregister callback functions
    - Bluetooth: protect le accept and resolv lists with hdev->lock
    - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
    - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL
    - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling
    - irqchip/gic-v3: Refactor ISB + EOIR at ack time
    - rxrpc: Fix locking issue
    - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
    - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
    - module: change to print useful messages from elf_validity_check()
    - module: fix [e_shstrndx].sh_size=0 OOB access
    - iommu/vt-d: Fix PCI bus rescan device hot add
    - fbdev: fbmem: Fix logo center image dx issue
    - PM: runtime: Redefine pm_runtime_release_supplier()
    - memregion: Fix memregion_free() fallback definition
    - video: of_display_timing.h: include errno.h
    - powerpc/powernv: delay rng platform device creation until later in boot
    - net: dsa: qca8k: reset cpu port on MTU change
    - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    - xfs: remove incorrect ASSERT in xfs_rename
    - Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown"
    - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2()
    - virtio-blk: modify the value type of num in virtio_queue_rq()
    - btrfs: fix use of uninitialized variable at rm device ioctl
    - tty: n_gsm: fix encoding of command/response bit
    - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    - pinctrl: sunxi: a83t: Fix NAND function name for some pins
    - ASoC: rt711: Add endianness flag in snd_soc_component_driver
    - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver
    - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect
    - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values
    - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
    - ARM: mxs_defconfig: Enable the framebuffer
    - arm64: dts: imx8mp-evk: correct mmc pad settings
    - arm64: dts: imx8mp-evk: correct the uart2 pinctl value
    - arm64: dts: imx8mp-evk: correct gpio-led pad settings
    - arm64: dts: imx8mp-evk: correct vbus pad settings
    - arm64: dts: imx8mp-evk: correct eqos pad settings
    - arm64: dts: imx8mp-evk: correct I2C1 pad settings
    - arm64: dts: imx8mp-evk: correct I2C3 pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings
    - pinctrl: sunxi: sunxi_pconf_set: use correct offset
    - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
    - ARM: at91: pm: use proper compatible for sama5d2's rtc
    - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
    - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
    - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
    - ARM: at91: fix soc detection for SAM9X60 SiPs
    - xsk: Clear page contiguity bit when unmapping pool
    - i2c: piix4: Fix a memory leak in the EFCH MMIO support
    - i40e: Fix dropped jumbo frames statistics
    - i40e: Fix VF's MAC Address change on VM
    - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151
    - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15
    - ibmvnic: Properly dispose of all skbs during a failover.
    - selftests: forwarding: fix flood_unicast_test when h2 supports
      IFF_UNICAST_FLT
    - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    - selftests: forwarding: fix error message in learning_test
    - r8169: fix accessing unset transport header
    - i2c: cadence: Unregister the clk notifier in error path
    - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    - misc: rtsx_usb: use separate command and response buffers
    - misc: rtsx_usb: set return value in rsp_buf alloc err path
    - Revert "mm/memory-failure.c: fix race with changing page compound again"
    - Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
    - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    - ida: don't use BUG_ON() for debugging
    - dmaengine: pl330: Fix lockdep warning about non-static key
    - dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
    - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    - dmaengine: qcom: bam_dma: fix runtime PM underflow
    - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    - dmaengine: idxd: force wq context cleanup on device disable path
    - selftests/net: fix section name when using xdp_dummy.o
    - Linux 5.15.54

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 20 Sep 2022 11:17:11 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Ike Panhc (ikepanhc) on 2022-10-11

Changed in kunpeng920:
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-10-14:

#11

This bug is awaiting verification that the linux-gkeop-5.15/5.15.0-1005.7~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-07:

#12

This bug is awaiting verification that the linux-bluefield/5.15.0-1010.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-bluefield verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ike Panhc (ikepanhc) wrote on 2022-12-12:

#13

This issue is already verified with -generic kernel.

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-12:

#14

This bug is awaiting verification that the linux-nvidia/5.15.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia verification-needed-jammy
removed: verification-done-jammy

Ike Panhc (ikepanhc) on 2022-12-14

tags:	added: verification-donejammy removed: verification-needed-jammy
tags:	added: verification-done-jammy removed: verification-donejammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-01:

#15

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.