Bug #1990124 “icmp_redirect.sh in ubuntu_kernel_selftests failed...” : Bugs : ubuntu-kernel-tests

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-09-19: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1990124

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Jammy):
status:	New → Incomplete

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-09-19 (last edit on 2022-09-19):

#2

This commit seems to be the cause, test passed by reverting it:

commit 07e4bcbce061bb58f109ed746b770adea5914d80
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed Jul 13 13:48:52 2022 +0200

ip: fix dflt addr selection for connected nexthop

BugLink: https://bugs.launchpad.net/bugs/1988351

commit 747c14307214b55dbd8250e1ab44cad8305756f1 upstream.

Now building a test kernel with possible fix: eb55dc09b (" ip: fix triggering of 'icmp redirect' ")

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-09-19:

#3

Test kernel with commit eb55dc09b works as expected:
https://people.canonical.com/~phlin/kernel/lp-1990124-icmp-redirect/

This test is not failing anymore.

Revision history for this message

Stefan Bader (smb) wrote on 2022-09-19:

#4

Focal will also be affected since it contains 5.4.207 which has the break commit and needs the related fix for it from 5.4.213.

Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
status:	New → Triaged
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
status:	Incomplete → Triaged

Revision history for this message

Luke Nowakowski-Krijger (lukenow) wrote on 2022-09-19:

#5

We might be missing this patch "ip: fix triggering of 'icmp redirect'" that I sent to the kt-ML as one of the backport request patchsets from the Author of that commit that is breaking things. I think applying that will make the behavior consistent and get those tests to pass.

Revision history for this message

Luke Nowakowski-Krijger (lukenow) wrote on 2022-09-19:

#6

Ah @Po-Hsu Lin didnt see you already found the commit :) FYI the patchset I sent here https://lists.ubuntu.com/archives/kernel-team/2022-September/133062.html also includes a new test case for the initial regression that that patch fixes. Don't know if you need to update anything with testing for that or not.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-09-20:

#7

@Luke
Thanks for the link! I don't need to prepare for the SRU \o/
We're using the test from tools/testing/selftests/ for ubuntu_kernel_selftests, so once the patchset was applied we will get the updated test case.

Stefan Bader (smb) on 2022-09-20

Changed in linux (Ubuntu):
status:	Incomplete → Fix Released
Changed in linux (Ubuntu Focal):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Jammy):
status:	Triaged → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-09-21:

#8

This bug is awaiting verification that the linux/5.15.0-50.56 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-09-22:

#9

This bug is awaiting verification that the linux/5.4.0-128.144 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-10-10:

#10

Download full text (19.8 KiB)

This bug was fixed in the package linux - 5.4.0-128.144

---------------
linux (5.4.0-128.144) focal; urgency=medium

* focal/linux: 5.4.0-128.144 -proposed tracker (LP: #1990152)

* CVE-2022-3176
- io_uring: disable polling pollfree files

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.4.0-127.143) focal; urgency=medium

* focal/linux: 5.4.0-127.143 -proposed tracker (LP: #1989892)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.09.19)

  * [UBUNTU 20.04] mlx5 driver crashes on accessing device attributes during
    recovery (LP: #1987287)
    - net/mlx5: Avoid processing commands before cmdif is ready

  * Focal update: v5.4.210 upstream stable release (LP: #1989230)
    - thermal: Fix NULL pointer dereferences in of_thermal_ functions
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - bpf: Test_verifier, #70 error message updates for 32-bit right shift
    - KVM: Don't null dereference ops->destroy
    - selftests: KVM: Handle compiler optimizations in ucall
    - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    - macintosh/adb: fix oob read in do_adb_query() function
    - x86/speculation: Add RSB VM Exit protections
    - x86/speculation: Add LFENCE to RSB fill sequence
    - Linux 5.4.210

  * Focal update: v5.4.209 upstream stable release (LP: #1989228)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    -...

This bug was fixed in the package linux - 5.4.0-128.144

---------------
linux (5.4.0-128.144) focal; urgency=medium

* focal/linux: 5.4.0-128.144 -proposed tracker (LP: #1990152)

* CVE-2022-3176
    - io_uring: disable polling pollfree files

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.4.0-127.143) focal; urgency=medium

* focal/linux: 5.4.0-127.143 -proposed tracker (LP: #1989892)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.09.19)

* [UBUNTU 20.04] mlx5 driver crashes on accessing device attributes during
    recovery (LP: #1987287)
    - net/mlx5: Avoid processing commands before cmdif is ready

* Focal update: v5.4.210 upstream stable release (LP: #1989230)
    - thermal: Fix NULL pointer dereferences in of_thermal_ functions
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - bpf: Test_verifier, #70 error message updates for 32-bit right shift
    - KVM: Don't null dereference ops->destroy
    - selftests: KVM: Handle compiler optimizations in ucall
    - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    - macintosh/adb: fix oob read in do_adb_query() function
    - x86/speculation: Add RSB VM Exit protections
    - x86/speculation: Add LFENCE to RSB fill sequence
    - Linux 5.4.210

* Focal update: v5.4.209 upstream stable release (LP: #1989228)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    - tcp: Fix a data-race around sysctl_tcp_autocorking.
    - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    - Documentation: fix sctp_wmem in ip-sysctl.rst
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    - i40e: Fix interface init with MSI interrupts (no MSI-X)
    - sctp: fix sleep in atomic context bug in timer handlers
    - virtio-net: fix the race between refill work and close
    - perf symbol: Correct address for bss symbols
    - sfc: disable softirqs for ptp TX
    - sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    - ARM: crypto: comment out gcc warning that breaks clang builds
    - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
    - scsi: core: Fix race between handling STS_RESOURCE and completion
    - Linux 5.4.209

* Focal update: v5.4.208 upstream stable release (LP: #1988225)
    - pinctrl: stm32: fix optional IRQ support to gpios
    - riscv: add as-options for modules with assembly compontents
    - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    - lockdown: Fix kexec lockdown bypass with ima policy
    - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    - PCI: hv: Fix multi-MSI to allow more than one MSI vector
    - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    - PCI: hv: Fix interrupt mapping for multi-MSI
    - serial: mvebu-uart: correctly report configured baudrate value
    - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
      xfrm_bundle_lookup()
    - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    - pinctrl: ralink: Check for null return of devm_kcalloc
    - perf/core: Fix data race between perf_event_set_output() and
      perf_mmap_close()
    - igc: Reinstate IGC_REMOVED logic and implement it properly
    - ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    - ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    - ip: Fix data-races around sysctl_ip_nonlocal_bind.
    - ip: Fix a data-race around sysctl_fwmark_reflect.
    - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    - tcp: Fix data-races around sysctl_tcp_mtu_probing.
    - tcp: Fix data-races around sysctl_tcp_base_mss.
    - tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    - tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    - tcp: Fix a data-race around sysctl_tcp_probe_interval.
    - i2c: cadence: Change large transfer count reset logic to be unconditional
    - net: stmmac: fix dma queue left shift overflow issue
    - net/tls: Fix race in TLS device down flow
    - igmp: Fix data-races around sysctl_igmp_llm_reports.
    - igmp: Fix a data-race around sysctl_igmp_max_memberships.
    - tcp: Fix data-races around sysctl_tcp_syncookies.
    - tcp: Fix data-races around sysctl_tcp_reordering.
    - tcp: Fix data-races around some timeout sysctl knobs.
    - tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    - tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    - tcp: Fix data-races around sysctl_max_syn_backlog.
    - tcp: Fix data-races around sysctl_tcp_fastopen.
    - iavf: Fix handling of dummy receive descriptors
    - i40e: Fix erroneous adapter reinitialization during recovery process
    - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    - gpio: pca953x: only use single read/write for No AI mode
    - be2net: Fix buffer overflow in be_get_module_eeprom
    - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    - udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    - tcp: Fix data-races around sysctl knobs related to SYN option.
    - tcp: Fix a data-race around sysctl_tcp_early_retrans.
    - tcp: Fix data-races around sysctl_tcp_recovery.
    - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    - tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    - tcp: Fix a data-race around sysctl_tcp_stdurg.
    - tcp: Fix a data-race around sysctl_tcp_rfc1337.
    - tcp: Fix data-races around sysctl_tcp_max_reordering.
    - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
      transfers
    - mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    - bpf: Make sure mac_header was set before using it
    - dlm: fix pending remove if msg allocation fails
    - ima: remove the IMA_TEMPLATE Kconfig option
    - [Config] updateconfigs for IMA_TEMPLATE
    - locking/refcount: Define constants for saturation and max refcount values
    - locking/refcount: Ensure integer operands are treated as signed
    - locking/refcount: Remove unused refcount_*_checked() variants
    - locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the
      <linux/refcount.h> header
    - locking/refcount: Improve performance of generic REFCOUNT_FULL code
    - locking/refcount: Move saturation warnings out of line
    - locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
    - locking/refcount: Consolidate implementations of refcount_t
    - [Config] updateconfigs for REFCOUNT_FULL
    - x86: get rid of small constant size cases in raw_copy_{to,from}_user()
    - x86/uaccess: Implement macros for CMPXCHG on user addresses
    - mmap locking API: initial implementation as rwsem wrappers
    - x86/mce: Deduplicate exception handling
    - bitfield.h: Fix "type of reg too small for mask" test
    - ALSA: memalloc: Align buffer allocations in page size
    - Bluetooth: Add bt_skb_sendmsg helper
    - Bluetooth: Add bt_skb_sendmmsg helper
    - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    - Bluetooth: Fix passing NULL to PTR_ERR
    - Bluetooth: SCO: Fix sco_send_frame returning skb->len
    - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    - tty: drivers/tty/, stop using tty_schedule_flip()
    - tty: the rest, stop using tty_schedule_flip()
    - tty: drop tty_schedule_flip()
    - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    - Linux 5.4.208

* Focal update: v5.4.207 upstream stable release (LP: #1988219)
    - ALSA: hda - Add fixup for Dell Latitidue E5430
    - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    - tracing/histograms: Fix memory leak problem
    - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
      pointer
    - ip: fix dflt addr selection for connected nexthop
    - ARM: 9213/1: Print message about disabled Spectre workarounds only once
    - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    - wifi: mac80211: fix queue selection for mesh/OCB interfaces
    - cgroup: Use separate src/dst nodes when preloading css_sets for migration
    - drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    - nilfs2: fix incorrect masking of permission flags for symlinks
    - Revert "evm: Fix memleak in init_desc"
    - sched/rt: Disable RT_RUNTIME_SHARE by default
    - ext4: fix race condition between ext4_write and ext4_convert_inline_data
    - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    - ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    - ima: Fix a potential integer overflow in ima_appraise_measurement
    - ASoC: sgtl5000: Fix noise on shutdown/remove
    - net: stmmac: dwc-qos: Disable split header for Tegra194
    - inetpeer: Fix data-races around sysctl.
    - net: Fix data-races around sysctl_mem.
    - cipso: Fix data-races around sysctl.
    - icmp: Fix data-races around sysctl.
    - ipv4: Fix a data-race around sysctl_fib_sync_mem.
    - ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    - drm/i915/gt: Serialize TLB invalidates with GT resets
    - icmp: Fix a data-race around sysctl_icmp_ratelimit.
    - icmp: Fix a data-race around sysctl_icmp_ratemask.
    - raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    - ipv4: Fix data-races around sysctl_ip_dynaddr.
    - net: ftgmac100: Hold reference returned by of_get_child_by_name()
    - sfc: fix use after free when disabling sriov
    - seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    - seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    - sfc: fix kernel panic when creating VF
    - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    - virtio_mmio: Add missing PM calls to freeze/restore
    - virtio_mmio: Restore guest page size on resume
    - netfilter: br_netfilter: do not skip all hooks with 0 priority
    - cpufreq: pmac32-cpufreq: Fix refcount leak bug
    - platform/x86: hp-wmi: Ignore Sanitization Mode event
    - net: tipc: fix possible refcount leak in tipc_sk_create()
    - NFC: nxp-nci: don't print header length mismatch on i2c error
    - nvme: fix regression when disconnect a recovering ctrl
    - net: sfp: fix memory leak in sfp_probe()
    - ASoC: ops: Fix off by one in range control validation
    - ASoC: wm5110: Fix DRE control
    - ASoC: cs47l15: Fix event generation for low power mux control
    - ASoC: madera: Fix event generation for OUT1 demux
    - ASoC: madera: Fix event generation for rate controls
    - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    - x86: Clear .brk area at early boot
    - soc: ixp4xx/npe: Fix unused match warning
    - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    - signal handling: don't use BUG_ON() for debugging
    - USB: serial: ftdi_sio: add Belimo device ids
    - usb: typec: add missing uevent when partner support PD
    - usb: dwc3: gadget: Fix event pending check
    - tty: serial: samsung_tty: set dma burst_size to 1
    - serial: 8250: fix return error code in serial8250_request_std_resource()
    - serial: stm32: Clear prev values before setting RTS delays
    - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    - can: m_can: m_can_tx_handler(): fix use after free of skb
    - Linux 5.4.207

* Focal update: v5.4.206 upstream stable release (LP: #1988215)
    - Linux 5.4.206

* Focal update: v5.4.205 upstream stable release (LP: #1988214)
    - esp: limit skb_page_frag_refill use to a single page
    - mm/slub: add missing TID updates on slab deactivation
    - can: bcm: use call_rcu() instead of costly synchronize_rcu()
    - can: grcan: grcan_probe(): remove extra of_node_get()
    - can: gs_usb: gs_usb_open/close(): fix memory leak
    - usbnet: fix memory leak in error case
    - net: rose: fix UAF bug caused by rose_t0timer_expiry
    - iommu/vt-d: Fix PCI bus rescan device hot add
    - fbdev: fbmem: Fix logo center image dx issue
    - video: of_display_timing.h: include errno.h
    - powerpc/powernv: delay rng platform device creation until later in boot
    - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    - xfs: remove incorrect ASSERT in xfs_rename
    - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    - pinctrl: sunxi: a83t: Fix NAND function name for some pins
    - pinctrl: sunxi: sunxi_pconf_set: use correct offset
    - ARM: at91: pm: use proper compatible for sama5d2's rtc
    - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    - ibmvnic: Properly dispose of all skbs during a failover.
    - selftests: forwarding: fix flood_unicast_test when h2 supports
      IFF_UNICAST_FLT
    - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    - selftests: forwarding: fix error message in learning_test
    - i2c: cadence: Unregister the clk notifier in error path
    - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    - misc: rtsx_usb: use separate command and response buffers
    - misc: rtsx_usb: set return value in rsp_buf alloc err path
    - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    - ida: don't use BUG_ON() for debugging
    - dmaengine: pl330: Fix lockdep warning about non-static key
    - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    - Linux 5.4.205

* Focal update: v5.4.204 upstream stable release (LP: #1988212)
    - ipv6: take care of disable_policy when restoring routes
    - nvdimm: Fix badblocks clear off-by-one error
    - powerpc/prom_init: Fix kernel config grep
    - powerpc/bpf: Fix use of user_pt_regs in uapi
    - dm raid: fix accesses beyond end of raid member array
    - dm raid: fix KASAN warning in raid5_add_disks
    - s390/archrandom: simplify back to earlier design and initialize earlier
    - SUNRPC: Fix READ_PLUS crasher
    - net: rose: fix UAF bugs caused by timer handler
    - net: usb: ax88179_178a: Fix packet receiving
    - virtio-net: fix race between ndo_open() and virtio_device_ready()
    - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
    - net: tun: unlink NAPI from device on destruction
    - net: tun: stop NAPI when detaching queues
    - RDMA/qedr: Fix reporting QP timeout attribute
    - linux/dim: Fix divide by 0 in RDMA DIM
    - usbnet: fix memory allocation in helpers
    - net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    - caif_virtio: fix race between virtio_device_ready() and ndo_open()
    - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
    - s390: remove unneeded 'select BUILD_BIN2C'
    - netfilter: nft_dynset: restore set element counter when failing to update
    - net/sched: act_api: Notify user space if any actions were flushed before
      error
    - net: bonding: fix possible NULL deref in rlb code
    - net: bonding: fix use-after-free after 802.3ad slave unbind
    - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    - NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    - net: tun: avoid disabling NAPI twice
    - xen/gntdev: Avoid blocking in unmap_grant_pages()
    - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
      fails
    - net: dsa: bcm_sf2: force pause link settings
    - sit: use min
    - ipv6/sit: fix ipip6_tunnel_get_prl return value
    - rseq/selftests,x86_64: Add rseq_offset_deref_addv()
    - selftests/rseq: remove ARRAY_SIZE define from individual tests
    - selftests/rseq: introduce own copy of rseq uapi header
    - selftests/rseq: Remove useless assignment to cpu variable
    - selftests/rseq: Remove volatile from __rseq_abi
    - selftests/rseq: Introduce rseq_get_abi() helper
    - selftests/rseq: Introduce thread pointer getters
    - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
    - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
    - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
      load/store
    - selftests/rseq: Fix ppc32 offsets by using long rather than off_t
    - selftests/rseq: Fix warnings about #if checks of undefined tokens
    - selftests/rseq: Remove arm/mips asm goto compiler work-around
    - selftests/rseq: Fix: work-around asm goto compiler bugs
    - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread
      area
    - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread
      area
    - selftests/rseq: Change type of rseq_offset to ptrdiff_t
    - xen/blkfront: fix leaking data in shared pages
    - xen/netfront: fix leaking data in shared pages
    - xen/netfront: force data bouncing when backend is untrusted
    - xen/blkfront: force data bouncing when backend is untrusted
    - xen/arm: Fix race in RB-tree based P2M accounting
    - net: usb: qmi_wwan: add Telit 0x1060 composition
    - net: usb: qmi_wwan: add Telit 0x1070 composition
    - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from
      ixp4xx_timer_setup()
    - Linux 5.4.204

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 20 Sep 2022 11:19:18 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-10-10:

#11

Download full text (42.9 KiB)

This bug was fixed in the package linux - 5.15.0-50.56

---------------
linux (5.15.0-50.56) jammy; urgency=medium

* jammy/linux: 5.15.0-50.56 -proposed tracker (LP: #1990148)

  * CVE-2022-3176
    - io_uring: refactor poll update
    - io_uring: move common poll bits
    - io_uring: kill poll linking optimisation
    - io_uring: inline io_poll_complete
    - io_uring: correct fill events helpers types
    - io_uring: clean cqe filling functions
    - io_uring: poll rework
    - io_uring: remove poll entry from list when canceling all
    - io_uring: bump poll refs to full 31-bits
    - io_uring: fail links when poll fails
    - io_uring: fix wrong arm_poll error handling
    - io_uring: fix UAF due to missing POLLFREE handling

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.15.0-49.55) jammy; urgency=medium

* jammy/linux: 5.15.0-49.55 -proposed tracker (LP: #1989785)

* amdgpu module crash after 5.15 kernel update (LP: #1981883)
- drm/amdgpu: fix check in fbdev init

  * scsi: hisi_sas: Increase debugfs_dump_index after dump is completed
    (LP: #1982070)
    - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed

* [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
- s390/qeth: cache link_info for ethtool

* WARN in trace_event_dyn_put_ref (LP: #1987232)
- tracing/perf: Fix double put of trace event when init fails

  * Jammy update: v5.15.60 upstream stable release (LP: #1989221)
    - x86/speculation: Make all RETbleed mitigations 64-bit only
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - selftests/bpf: Check dst_port only on the client socket
    - block: fix default IO priority handling again
    - tools/vm/slabinfo: Handle files in debugfs
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - crypto: arm64/poly1305 - fix a read out-of-bound
    - KVM: x86: do not report a vCPU as preempted outside instruction boundaries
    - KVM: x86: do not set st->preempted when going back to user space
    - KVM: selftests: Make hyperv_clock selftest more stable
    - tools/kvm_stat: fix display of error when multiple processes are found
    - selftests: KVM: Handle compiler optimizations in ucall
    - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
    - arm64: set UXN on swapper page tables
    - btrfs: zoned: prevent allocation from previous data relocation BG
    - btrfs: zoned: fix critical section of relocation inode writeback
    - Bluetooth: hci_bcm: Add BCM4349B1 variant
    - Bluetooth: hci_bcm: Add DT compatible for CYW55572
    - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding
    - Bluetooth: btusb: Add support of IMC Netw...

This bug was fixed in the package linux - 5.15.0-50.56

---------------
linux (5.15.0-50.56) jammy; urgency=medium

* jammy/linux: 5.15.0-50.56 -proposed tracker (LP: #1990148)

* CVE-2022-3176
    - io_uring: refactor poll update
    - io_uring: move common poll bits
    - io_uring: kill poll linking optimisation
    - io_uring: inline io_poll_complete
    - io_uring: correct fill events helpers types
    - io_uring: clean cqe filling functions
    - io_uring: poll rework
    - io_uring: remove poll entry from list when canceling all
    - io_uring: bump poll refs to full 31-bits
    - io_uring: fail links when poll fails
    - io_uring: fix wrong arm_poll error handling
    - io_uring: fix UAF due to missing POLLFREE handling

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.15.0-49.55) jammy; urgency=medium

* jammy/linux: 5.15.0-49.55 -proposed tracker (LP: #1989785)

* amdgpu module crash after 5.15 kernel update (LP: #1981883)
    - drm/amdgpu: fix check in fbdev init

* scsi: hisi_sas: Increase debugfs_dump_index after dump is  completed
    (LP: #1982070)
    - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed

* [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
    - s390/qeth: cache link_info for ethtool

* WARN in trace_event_dyn_put_ref (LP: #1987232)
    - tracing/perf: Fix double put of trace event when init fails

* Jammy update: v5.15.60 upstream stable release (LP: #1989221)
    - x86/speculation: Make all RETbleed mitigations 64-bit only
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - selftests/bpf: Check dst_port only on the client socket
    - block: fix default IO priority handling again
    - tools/vm/slabinfo: Handle files in debugfs
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - crypto: arm64/poly1305 - fix a read out-of-bound
    - KVM: x86: do not report a vCPU as preempted outside instruction boundaries
    - KVM: x86: do not set st->preempted when going back to user space
    - KVM: selftests: Make hyperv_clock selftest more stable
    - tools/kvm_stat: fix display of error when multiple processes are found
    - selftests: KVM: Handle compiler optimizations in ucall
    - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
    - arm64: set UXN on swapper page tables
    - btrfs: zoned: prevent allocation from previous data relocation BG
    - btrfs: zoned: fix critical section of relocation inode writeback
    - Bluetooth: hci_bcm: Add BCM4349B1 variant
    - Bluetooth: hci_bcm: Add DT compatible for CYW55572
    - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding
    - Bluetooth: btusb: Add support of IMC Networks PID 0x3568
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
    - macintosh/adb: fix oob read in do_adb_query() function
    - x86/speculation: Add RSB VM Exit protections
    - x86/speculation: Add LFENCE to RSB fill sequence
    - Linux 5.15.60

* Jammy update: v5.15.59 upstream stable release (LP: #1989218)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - Revert "ocfs2: mount shared volume without ha stack"
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - fs: sendfile handles O_NONBLOCK of out_fd
    - secretmem: fix unhandled fault in truncate
    - mm: fix page leak with multiple threads mapping the same page
    - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte
    - asm-generic: remove a broken and needless ifdef conditional
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - nouveau/svm: Fix to migrate all requested pages
    - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid()
    - watch_queue: Fix missing rcu annotation
    - watch_queue: Fix missing locking in add_watch_to_object()
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - Revert "tcp: change pingpong threshold to 3"
    - octeontx2-pf: Fix UDP/TCP src and dst port tc filters
    - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - scsi: core: Fix warning in scsi_alloc_sgtables()
    - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - net/tls: Remove the context from the list in tls_device_down
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    - tcp: Fix a data-race around sysctl_tcp_autocorking.
    - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    - Documentation: fix sctp_wmem in ip-sysctl.rst
    - macsec: fix NULL deref in macsec_add_rxsa
    - macsec: fix error message in macsec_add_rxsa and _txsa
    - macsec: limit replay window size with XPN
    - macsec: always read MACSEC_SA_ATTR_PN as a u64
    - net: macsec: fix potential resource leak in macsec_add_rxsa() and
      macsec_add_txsa()
    - net: mld: fix reference count leak in mld_{query | report}_work()
    - tcp: Fix data-races around sk_pacing_rate.
    - net: Fix data-races around sysctl_[rw]mem(_offset)?.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    - tcp: Fix data-races around sysctl_tcp_reflect_tos.
    - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change.
    - i40e: Fix interface init with MSI interrupts (no MSI-X)
    - sctp: fix sleep in atomic context bug in timer handlers
    - octeontx2-pf: cn10k: Fix egress ratelimit configuration
    - virtio-net: fix the race between refill work and close
    - perf symbol: Correct address for bss symbols
    - sfc: disable softirqs for ptp TX
    - sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    - ARM: crypto: comment out gcc warning that breaks clang builds
    - mm/hmm: fault non-owner device private entries
    - page_alloc: fix invalid watermark check on a negative value
    - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
    - EDAC/ghes: Set the DIMM label unconditionally
    - docs/kernel-parameters: Update descriptions for "mitigations=" param with
      retbleed
    - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by
      first waiter
    - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
    - Linux 5.15.59

* Jammy update: v5.15.58 upstream stable release (LP: #1988479)
    - pinctrl: stm32: fix optional IRQ support to gpios
    - riscv: add as-options for modules with assembly compontents
    - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    - lockdown: Fix kexec lockdown bypass with ima policy
    - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers
    - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision
    - bus: mhi: host: pci_generic: add Telit FN990
    - Revert "selftest/vm: verify remap destination address in mremap_test"
    - Revert "selftest/vm: verify mmap addr in mremap_test"
    - PCI: hv: Fix multi-MSI to allow more than one MSI vector
    - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    - PCI: hv: Fix interrupt mapping for multi-MSI
    - serial: mvebu-uart: correctly report configured baudrate value
    - batman-adv: Use netif_rx_any_context() any.
    - xfs: fix maxlevels comparisons in the btree staging code
    - xfs: fold perag loop iteration logic into helper function
    - xfs: rename the next_agno perag iteration variable
    - xfs: terminate perag iteration reliably on agcount
    - xfs: fix perag reference leak on iteration race with growfs
    - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
    - r8152: fix a WOL issue
    - ip: Fix data-races around sysctl_ip_default_ttl.
    - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
      xfrm_bundle_lookup()
    - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    - RDMA/irdma: Do not advertise 1GB page size for x722
    - RDMA/irdma: Fix sleep from invalid context BUG
    - pinctrl: ralink: rename MT7628(an) functions to MT76X8
    - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink
    - pinctrl: ralink: Check for null return of devm_kcalloc
    - perf/core: Fix data race between perf_event_set_output() and
      perf_mmap_close()
    - ipv4/tcp: do not use per netns ctl sockets
    - net: tun: split run_ebpf_filter() and pskb_trim() into different "if
      statement"
    - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30%
    - sysctl: move some boundary constants from sysctl.c to sysctl_vals
    - tcp: Fix data-races around sysctl_tcp_ecn.
    - drm/amd/display: Add option to defer works of hpd_rx_irq
    - drm/amd/display: Fork thread to offload work of hpd_rx_irq
    - drm/amdgpu/display: add quirk handling for stutter mode
    - drm/amd/display: Ignore First MST Sideband Message Return Error
    - scsi: megaraid: Clear READ queue map's nr_queues
    - scsi: ufs: core: Drop loglevel of WriteBoost message
    - nvme: check for duplicate identifiers earlier
    - nvme: fix block device naming collision
    - igc: Reinstate IGC_REMOVED logic and implement it properly
    - ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    - ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    - ip: Fix data-races around sysctl_ip_fwd_update_priority.
    - ip: Fix data-races around sysctl_ip_nonlocal_bind.
    - ip: Fix a data-race around sysctl_ip_autobind_reuse.
    - ip: Fix a data-race around sysctl_fwmark_reflect.
    - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
    - tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
    - tcp: Fix data-races around sysctl_tcp_mtu_probing.
    - tcp: Fix data-races around sysctl_tcp_base_mss.
    - tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    - tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    - tcp: Fix a data-race around sysctl_tcp_probe_interval.
    - net: stmmac: fix pm runtime issue in stmmac_dvr_remove()
    - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
    - mtd: rawnand: gpmi: validate controller clock rate
    - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    - net: dsa: microchip: ksz_common: Fix refcount leak bug
    - net: skb: introduce kfree_skb_reason()
    - net: skb: use kfree_skb_reason() in tcp_v4_rcv()
    - net: skb: use kfree_skb_reason() in __udp4_lib_rcv()
    - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER
    - net: skb_drop_reason: add document for drop reasons
    - net: netfilter: use kfree_drop_reason() for NF_DROP
    - net: ipv4: use kfree_skb_reason() in ip_rcv_core()
    - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core()
    - i2c: mlxcpld: Fix register setting for 400KHz frequency
    - i2c: cadence: Change large transfer count reset logic to be unconditional
    - perf tests: Fix Convert perf time to TSC test for hybrid
    - net: stmmac: fix dma queue left shift overflow issue
    - net/tls: Fix race in TLS device down flow
    - igmp: Fix data-races around sysctl_igmp_llm_reports.
    - igmp: Fix a data-race around sysctl_igmp_max_memberships.
    - igmp: Fix data-races around sysctl_igmp_max_msf.
    - tcp: Fix data-races around keepalive sysctl knobs.
    - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries.
    - tcp: Fix data-races around sysctl_tcp_syncookies.
    - tcp: Fix data-races around sysctl_tcp_migrate_req.
    - tcp: Fix data-races around sysctl_tcp_reordering.
    - tcp: Fix data-races around some timeout sysctl knobs.
    - tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    - tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    - tcp: Fix data-races around sysctl_max_syn_backlog.
    - tcp: Fix data-races around sysctl_tcp_fastopen.
    - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
    - iavf: Fix handling of dummy receive descriptors
    - pinctrl: armada-37xx: Use temporary variable for struct device
    - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource()
    - pinctrl: armada-37xx: Convert to use dev_err_probe()
    - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait
      context
    - i40e: Fix erroneous adapter reinitialization during recovery process
    - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    - net: stmmac: remove redunctant disable xPCS EEE call
    - gpio: pca953x: only use single read/write for No AI mode
    - gpio: pca953x: use the correct range when do regmap sync
    - gpio: pca953x: use the correct register address when regcache sync during
      init
    - be2net: Fix buffer overflow in be_get_module_eeprom
    - net: dsa: sja1105: silent spi_device_id warnings
    - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings
    - drm/imx/dcss: Add missing of_node_put() in fail path
    - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.
    - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields.
    - ip: Fix data-races around sysctl_ip_prot_sock.
    - udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    - tcp: Fix data-races around sysctl knobs related to SYN option.
    - tcp: Fix a data-race around sysctl_tcp_early_retrans.
    - tcp: Fix data-races around sysctl_tcp_recovery.
    - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    - tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    - tcp: Fix a data-race around sysctl_tcp_stdurg.
    - tcp: Fix a data-race around sysctl_tcp_rfc1337.
    - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow.
    - tcp: Fix data-races around sysctl_tcp_max_reordering.
    - gpio: gpio-xilinx: Fix integer overflow
    - KVM: selftests: Fix target thread to be migrated in rseq_test
    - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
      transfers
    - KVM: Don't null dereference ops->destroy
    - mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    - bpf: Make sure mac_header was set before using it
    - sched/deadline: Fix BUG_ON condition for deboosted tasks
    - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    - dlm: fix pending remove if msg allocation fails
    - x86/uaccess: Implement macros for CMPXCHG on user addresses
    - bitfield.h: Fix "type of reg too small for mask" test
    - x86/entry_32: Remove .fixup usage
    - x86/extable: Extend extable functionality
    - x86/msr: Remove .fixup usage
    - x86/futex: Remove .fixup usage
    - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
    - xhci: dbc: refactor xhci_dbc_init()
    - xhci: dbc: create and remove dbc structure in dbgtty driver.
    - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit
    - xhci: Set HCD flag to defer primary roothub registration
    - mt76: fix use-after-free by removing a non-RCU wcid pointer
    - iwlwifi: fw: uefi: add missing include guards
    - crypto: qat - set to zero DH parameters before free
    - crypto: qat - use pre-allocated buffers in datapath
    - crypto: qat - refactor submission logic
    - crypto: qat - add backlog mechanism
    - crypto: qat - fix memory leak in RSA
    - crypto: qat - remove dma_free_coherent() for RSA
    - crypto: qat - remove dma_free_coherent() for DH
    - crypto: qat - add param check for RSA
    - crypto: qat - add param check for DH
    - crypto: qat - re-enable registration of algorithms
    - exfat: fix referencing wrong parent directory information after renaming
    - tracing: Have event format check not flag %p* on __get_dynamic_array()
    - tracing: Place trace_pid_list logic into abstract functions
    - tracing: Fix return value of trace_pid_write()
    - um: virtio_uml: Allow probing from devicetree
    - um: virtio_uml: Fix broken device handling in time-travel
    - Bluetooth: Add bt_skb_sendmsg helper
    - Bluetooth: Add bt_skb_sendmmsg helper
    - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    - Bluetooth: Fix passing NULL to PTR_ERR
    - Bluetooth: SCO: Fix sco_send_frame returning skb->len
    - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    - exfat: use updated exfat_chain directly during renaming
    - x86/amd: Use IBPB for firmware calls
    - x86/alternative: Report missing return thunk details
    - watchqueue: make sure to serialize 'wqueue->defunct' properly
    - tty: drivers/tty/, stop using tty_schedule_flip()
    - tty: the rest, stop using tty_schedule_flip()
    - tty: drop tty_schedule_flip()
    - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    - watch-queue: remove spurious double semicolon
    - drm/amd/display: invalid parameter check in dmub_hpd_callback
    - x86/extable: Prefer local labels in .set directives
    - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
    - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
    - x86/entry_32: Fix segment exceptions
    - Linux 5.15.58

* Jammy update: v5.15.57 upstream stable release (LP: #1988353)
    - x86/xen: Fix initialisation in hypercall_page after rethunk
    - tools arch x86: Sync the msr-index.h copy with the kernel sources
    - tools headers cpufeatures: Sync with the kernel sources
    - um: Add missing apply_returns()
    - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
    - Linux 5.15.57

* Jammy update: v5.15.56 upstream stable release (LP: #1988351)
    - ALSA: hda - Add fixup for Dell Latitidue E5430
    - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    - ALSA: hda/realtek: Fix headset mic for Acer SF313-51
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    - fix race between exit_itimers() and /proc/pid/timers
    - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
    - mm: split huge PUD on wp_huge_pud fallback
    - tracing/histograms: Fix memory leak problem
    - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
      pointer
    - ip: fix dflt addr selection for connected nexthop
    - ARM: 9213/1: Print message about disabled Spectre workarounds only once
    - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    - wifi: mac80211: fix queue selection for mesh/OCB interfaces
    - cgroup: Use separate src/dst nodes when preloading css_sets for migration
    - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline
      extents
    - drm/panfrost: Put mapping instead of shmem obj on
      panfrost_mmu_map_fault_addr() error
    - drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    - fs/remap: constrain dedupe of EOF blocks
    - nilfs2: fix incorrect masking of permission flags for symlinks
    - sh: convert nommu io{re,un}map() to static inline functions
    - Revert "evm: Fix memleak in init_desc"
    - xfs: only run COW extent recovery when there are no live extents
    - xfs: don't include bnobt blocks when reserving free block pool
    - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
    - xfs: drop async cache flushes from CIL commits.
    - reset: Fix devm bulk optional exclusive control getter
    - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    - spi: amd: Limit max transfer and message size
    - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    - ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    - net/mlx5e: kTLS, Fix build time constant test in TX
    - net/mlx5e: kTLS, Fix build time constant test in RX
    - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
    - net/mlx5e: Fix capability check for updating vnic env counters
    - net/mlx5e: Ring the TX doorbell on DMA errors
    - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    - ima: Fix a potential integer overflow in ima_appraise_measurement
    - ASoC: sgtl5000: Fix noise on shutdown/remove
    - ASoC: tas2764: Add post reset delays
    - ASoC: tas2764: Fix and extend FSYNC polarity handling
    - ASoC: tas2764: Correct playback volume range
    - ASoC: tas2764: Fix amp gain register offset & default
    - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
    - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
    - net: stmmac: dwc-qos: Disable split header for Tegra194
    - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence
    - sysctl: Fix data races in proc_dointvec().
    - sysctl: Fix data races in proc_douintvec().
    - sysctl: Fix data races in proc_dointvec_minmax().
    - sysctl: Fix data races in proc_douintvec_minmax().
    - sysctl: Fix data races in proc_doulongvec_minmax().
    - sysctl: Fix data races in proc_dointvec_jiffies().
    - tcp: Fix a data-race around sysctl_tcp_max_orphans.
    - inetpeer: Fix data-races around sysctl.
    - net: Fix data-races around sysctl_mem.
    - cipso: Fix data-races around sysctl.
    - icmp: Fix data-races around sysctl.
    - ipv4: Fix a data-race around sysctl_fib_sync_mem.
    - ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
    - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
    - netfilter: nf_log: incorrect offset to network header
    - netfilter: nf_tables: replace BUG_ON by element length check
    - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
    - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    - lockd: set fl_owner when unlocking files
    - lockd: fix nlm_close_files
    - tracing: Fix sleeping while atomic in kdb ftdump
    - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
    - drm/i915/dg2: Add Wa_22011100796
    - drm/i915/gt: Serialize GRDOM access between multiple engine resets
    - drm/i915/gt: Serialize TLB invalidates with GT resets
    - drm/i915/uc: correctly track uc_fw init failure
    - drm/i915: Require the vm mutex for i915_vma_bind()
    - bnxt_en: Fix bnxt_reinit_after_abort() code path
    - bnxt_en: Fix bnxt_refclk_read()
    - sysctl: Fix data-races in proc_dou8vec_minmax().
    - sysctl: Fix data-races in proc_dointvec_ms_jiffies().
    - icmp: Fix data-races around sysctl_icmp_echo_enable_probe.
    - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses.
    - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
    - icmp: Fix a data-race around sysctl_icmp_ratelimit.
    - icmp: Fix a data-race around sysctl_icmp_ratemask.
    - raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    - tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
    - ipv4: Fix data-races around sysctl_ip_dynaddr.
    - nexthop: Fix data-races around nexthop_compat_mode.
    - net: ftgmac100: Hold reference returned by of_get_child_by_name()
    - net: stmmac: fix leaks in probe
    - ima: force signature verification when CONFIG_KEXEC_SIG is configured
    - ima: Fix potential memory leak in ima_init_crypto()
    - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines.
    - drm/amd/pm: Prevent divide by zero
    - sfc: fix use after free when disabling sriov
    - ceph: switch netfs read ops to use rreq->inode instead of
      rreq->mapping->host
    - seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    - seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    - sfc: fix kernel panic when creating VF
    - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
    - net/tls: Check for errors in tls_device_init
    - ACPI: video: Fix acpi_video_handles_brightness_key_presses()
    - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    - btrfs: rename btrfs_bio to btrfs_io_context
    - btrfs: zoned: fix a leaked bioc in read_zone_info
    - ksmbd: use SOCK_NONBLOCK type for kernel_accept()
    - powerpc/xive/spapr: correct bitmap allocation size
    - vdpa/mlx5: Initialize CVQ vringh only once
    - vduse: Tie vduse mgmtdev and its device
    - virtio_mmio: Add missing PM calls to freeze/restore
    - virtio_mmio: Restore guest page size on resume
    - netfilter: br_netfilter: do not skip all hooks with 0 priority
    - scsi: hisi_sas: Limit max hw sectors for v3 HW
    - cpufreq: pmac32-cpufreq: Fix refcount leak bug
    - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer
    - firmware: sysfb: Add sysfb_disable() helper function
    - fbdev: Disable sysfb device registration when removing conflicting FBs
    - net: tipc: fix possible refcount leak in tipc_sk_create()
    - NFC: nxp-nci: don't print header length mismatch on i2c error
    - nvme-tcp: always fail a request when sending it failed
    - nvme: fix regression when disconnect a recovering ctrl
    - net: sfp: fix memory leak in sfp_probe()
    - ASoC: ops: Fix off by one in range control validation
    - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
    - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
    - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
    - ASoC: Intel: sof_sdw: handle errors on card registration
    - ASoC: rt711: fix calibrate mutex initialization
    - ASoC: rt7*-sdw: harden jack_detect_handler
    - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
    - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
    - ASoC: wcd938x: Fix event generation for some controls
    - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
    - ASoC: wm5110: Fix DRE control
    - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
    - ASoC: dapm: Initialise kcontrol data for mux/demux controls
    - ASoC: cs47l15: Fix event generation for low power mux control
    - ASoC: madera: Fix event generation for OUT1 demux
    - ASoC: madera: Fix event generation for rate controls
    - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    - x86: Clear .brk area at early boot
    - soc: ixp4xx/npe: Fix unused match warning
    - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    - Revert "can: xilinx_can: Limit CANFD brp to 2"
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - ALSA: usb-audio: Add quirk for Fiero SC-01
    - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
    - nvme-pci: phison e16 has bogus namespace ids
    - signal handling: don't use BUG_ON() for debugging
    - USB: serial: ftdi_sio: add Belimo device ids
    - usb: typec: add missing uevent when partner support PD
    - usb: dwc3: gadget: Fix event pending check
    - tty: serial: samsung_tty: set dma burst_size to 1
    - vt: fix memory overlapping when deleting chars in the buffer
    - serial: 8250: fix return error code in serial8250_request_std_resource()
    - serial: stm32: Clear prev values before setting RTS delays
    - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    - serial: 8250: Fix PM usage_count for console handover
    - x86/pat: Fix x86_has_pat_wp()
    - drm/aperture: Run fbdev removal before internal helpers
    - Linux 5.15.56

* Jammy update: v5.15.55 upstream stable release (LP: #1988338)
    - Linux 5.15.55

* Jammy update: v5.15.54 upstream stable release (LP: #1987451)
    - mm/slub: add missing TID updates on slab deactivation
    - mm/filemap: fix UAF in find_lock_entries
    - Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
    - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
    - ALSA: hda/realtek: Add quirk for Clevo L140PU
    - ALSA: cs46xx: Fix missing snd_card_free() call at probe error
    - can: bcm: use call_rcu() instead of costly synchronize_rcu()
    - can: grcan: grcan_probe(): remove extra of_node_get()
    - can: gs_usb: gs_usb_open/close(): fix memory leak
    - can: m_can: m_can_chip_config(): actually enable internal timestamping
    - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32
      bits
    - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for
      mcp2517fd
    - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on
      TBC register
    - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
    - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
    - usbnet: fix memory leak in error case
    - net: rose: fix UAF bug caused by rose_t0timer_expiry
    - netfilter: nft_set_pipapo: release elements in clone from abort path
    - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk
    - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref
    - btrfs: fix invalid delayed ref after subvolume creation failure
    - btrfs: fix warning when freeing leaf after subvolume creation failure
    - Input: cpcap-pwrbutton - handle errors from platform_get_irq()
    - Input: goodix - change goodix_i2c_write() len parameter type to int
    - Input: goodix - add a goodix.h header file
    - Input: goodix - refactor reset handling
    - Input: goodix - try not to touch the reset-pin on x86/ACPI devices
    - dma-buf/poll: Get a file reference for outstanding fence callbacks
    - btrfs: fix deadlock between chunk allocation and chunk btree modifications
    - drm/i915: Disable bonding on gen12+ platforms
    - drm/i915/gt: Register the migrate contexts with their engines
    - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range()
    - media: ir_toy: prevent device from hanging during transmit
    - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash
    - ath11k: add hw_param for wakeup_mhi
    - qed: Improve the stack space of filter_config()
    - platform/x86: wmi: introduce helper to convert driver to WMI driver
    - platform/x86: wmi: Replace read_takes_no_args with a flags field
    - platform/x86: wmi: Fix driver->notify() vs ->probe() race
    - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
    - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine
    - mt76: mt7921: fix a possible race enabling/disabling runtime-pm
    - bpf: Stop caching subprog index in the bpf_pseudo_func insn
    - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC
    - riscv: defconfig: enable DRM_NOUVEAU
    - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console
    - net/mlx5e: Check action fwd/drop flag exists also for nic flows
    - net/mlx5e: Split actions_match_supported() into a sub function
    - net/mlx5e: TC, Reject rules with drop and modify hdr action
    - net/mlx5e: TC, Reject rules with forward and drop actions
    - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend
    - ASoC: rt5682: Re-detect the combo jack after resuming
    - ASoC: rt5682: Fix deadlock on resume
    - netfilter: nf_tables: convert pktinfo->tprot_set to flags field
    - netfilter: nft_payload: support for inner header matching / mangling
    - netfilter: nft_payload: don't allow th access for fragments
    - s390/boot: allocate amode31 section in decompressor
    - s390/setup: use physical pointers for memblock_reserve()
    - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
    - ibmvnic: init init_done_rc earlier
    - ibmvnic: clear fop when retrying probe
    - ibmvnic: Allow queueing resets during probe
    - virtio-blk: avoid preallocating big SGL for data
    - io_uring: ensure that fsnotify is always called
    - block: use bdev_get_queue() in bio.c
    - block: only mark bio as tracked if it really is tracked
    - block: fix rq-qos breakage from skipping rq_qos_done_bio()
    - stddef: Introduce struct_group() helper macro
    - media: omap3isp: Use struct_group() for memcpy() region
    - media: davinci: vpif: fix use-after-free on driver unbind
    - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
    - mt76: mt7921: do not always disable fw runtime-pm
    - cxl/port: Hold port reference until decoder release
    - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3
    - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping
    - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook
    - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
    - scsi: qla2xxx: Fix laggy FC remote port session recovery
    - scsi: qla2xxx: edif: Replace list_for_each_safe with
      list_for_each_entry_safe
    - scsi: qla2xxx: Fix crash during module load unload test
    - gfs2: Fix gfs2_file_buffered_write endless loop workaround
    - vdpa/mlx5: Avoid processing works if workqueue was destroyed
    - btrfs: handle device lookup with btrfs_dev_lookup_args
    - btrfs: add a btrfs_get_dev_args_from_path helper
    - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls
    - btrfs: remove device item and update super block in the same transaction
    - drbd: add error handling support for add_disk()
    - drbd: Fix double free problem in drbd_create_device
    - drbd: fix an invalid memory access caused by incorrect use of list iterator
    - drm/amd/display: Set min dcfclk if pipe count is 0
    - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
    - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
    - NFSD: COMMIT operations must not return NFS?ERR_INVAL
    - riscv/mm: Add XIP_FIXUP for riscv_pfn_base
    - iio: accel: mma8452: use the correct logic to get mma8452_data
    - batman-adv: Use netif_rx().
    - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set
    - Compiler Attributes: add __alloc_size() for better bounds checking
    - mm: vmalloc: introduce array allocation functions
    - KVM: use __vcalloc for very large allocations
    - btrfs: don't access possibly stale fs_info data in device_list_add
    - KVM: s390x: fix SCK locking
    - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
    - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs
    - powerpc: flexible GPR range save/restore macros
    - powerpc/tm: Fix more userspace r13 corruption
    - serial: sc16is7xx: Clear RS485 bits in the shutdown
    - bus: mhi: core: Use correctly sized arguments for bit field
    - bus: mhi: Fix pm_state conversion to string
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper
    - uapi/linux/stddef.h: Add include guards
    - ASoC: rt5682: move clk related code to rt5682_i2c_probe
    - ASoC: rt5682: fix an incorrect NULL check on list iterator
    - drm/amd/vcn: fix an error msg on vcn 3.0
    - KVM: Don't create VM debugfs files outside of the VM directory
    - tty: n_gsm: Modify CR,PF bit when config requester
    - tty: n_gsm: Save dlci address open status when config requester
    - tty: n_gsm: fix frame reception handling
    - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi.
    - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX.
    - tty: n_gsm: fix missing update of modem controls after DLCI open
    - btrfs: zoned: encapsulate inode locking for zoned relocation
    - btrfs: zoned: use dedicated lock for data relocation
    - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref
    - mm/hwpoison: mf_mutex for soft offline and unpoison
    - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce
      handler
    - mm/memory-failure.c: fix race with changing page compound again
    - mm/hwpoison: fix race between hugetlb free/demotion and
      memory_failure_hugetlb()
    - tty: n_gsm: fix invalid use of MSC in advanced option
    - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output()
    - serial: 8250_mtk: Make sure to select the right FEATURE_SEL
    - tty: n_gsm: fix invalid gsmtty_write_room() result
    - drm/i915: Fix a race between vma / object destruction and unbinding
    - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
    - drm/mediatek: Remove the pointer of struct cmdq_client
    - drm/mediatek: Detect CMDQ execution timeout
    - drm/mediatek: Add cmdq_handle in mtk_crtc
    - drm/mediatek: Add vblank register/unregister callback functions
    - Bluetooth: protect le accept and resolv lists with hdev->lock
    - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
    - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL
    - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling
    - irqchip/gic-v3: Refactor ISB + EOIR at ack time
    - rxrpc: Fix locking issue
    - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
    - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
    - module: change to print useful messages from elf_validity_check()
    - module: fix [e_shstrndx].sh_size=0 OOB access
    - iommu/vt-d: Fix PCI bus rescan device hot add
    - fbdev: fbmem: Fix logo center image dx issue
    - PM: runtime: Redefine pm_runtime_release_supplier()
    - memregion: Fix memregion_free() fallback definition
    - video: of_display_timing.h: include errno.h
    - powerpc/powernv: delay rng platform device creation until later in boot
    - net: dsa: qca8k: reset cpu port on MTU change
    - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    - xfs: remove incorrect ASSERT in xfs_rename
    - Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown"
    - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2()
    - virtio-blk: modify the value type of num in virtio_queue_rq()
    - btrfs: fix use of uninitialized variable at rm device ioctl
    - tty: n_gsm: fix encoding of command/response bit
    - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    - pinctrl: sunxi: a83t: Fix NAND function name for some pins
    - ASoC: rt711: Add endianness flag in snd_soc_component_driver
    - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver
    - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect
    - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values
    - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
    - ARM: mxs_defconfig: Enable the framebuffer
    - arm64: dts: imx8mp-evk: correct mmc pad settings
    - arm64: dts: imx8mp-evk: correct the uart2 pinctl value
    - arm64: dts: imx8mp-evk: correct gpio-led pad settings
    - arm64: dts: imx8mp-evk: correct vbus pad settings
    - arm64: dts: imx8mp-evk: correct eqos pad settings
    - arm64: dts: imx8mp-evk: correct I2C1 pad settings
    - arm64: dts: imx8mp-evk: correct I2C3 pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings
    - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings
    - pinctrl: sunxi: sunxi_pconf_set: use correct offset
    - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
    - ARM: at91: pm: use proper compatible for sama5d2's rtc
    - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
    - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
    - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
    - ARM: at91: fix soc detection for SAM9X60 SiPs
    - xsk: Clear page contiguity bit when unmapping pool
    - i2c: piix4: Fix a memory leak in the EFCH MMIO support
    - i40e: Fix dropped jumbo frames statistics
    - i40e: Fix VF's MAC Address change on VM
    - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151
    - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15
    - ibmvnic: Properly dispose of all skbs during a failover.
    - selftests: forwarding: fix flood_unicast_test when h2 supports
      IFF_UNICAST_FLT
    - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    - selftests: forwarding: fix error message in learning_test
    - r8169: fix accessing unset transport header
    - i2c: cadence: Unregister the clk notifier in error path
    - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    - misc: rtsx_usb: use separate command and response buffers
    - misc: rtsx_usb: set return value in rsp_buf alloc err path
    - Revert "mm/memory-failure.c: fix race with changing page compound again"
    - Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
    - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    - ida: don't use BUG_ON() for debugging
    - dmaengine: pl330: Fix lockdep warning about non-static key
    - dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
    - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    - dmaengine: qcom: bam_dma: fix runtime PM underflow
    - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    - dmaengine: idxd: force wq context cleanup on device disable path
    - selftests/net: fix section name when using xdp_dummy.o
    - Linux 5.15.54

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 20 Sep 2022 11:17:11 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-10-14:

#12

This bug is awaiting verification that the linux-gkeop-5.15/5.15.0-1005.7~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-10-17:

#13

Passed with F-gkeop-5.15.0-1005

tags:

added: verification-done-focal

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-10-17:

#14

Hints removed, marked as fix-released.

Changed in ubuntu-kernel-tests:
status:	New → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-10-25:

#15

This bug is awaiting verification that the linux-bluefield/5.15.0-1009.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-10-25:

#16

This bug is awaiting verification that the linux-intel-iotg/5.15.0-1017.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-10-26:

#17

Verified with linux-intel-iotg/5.15.0-1017.22 kernel, this test is not failing anymore.
# Tests passed: 40
# Tests failed: 0
# Tests xfailed: 0
ok 1 selftests: net: icmp_redirect.sh

tags:

added: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-07:

#18

This bug is awaiting verification that the linux-bluefield/5.15.0-1010.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-bluefield verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-12:

#19

This bug is awaiting verification that the linux-nvidia/5.15.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-15:

#20

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1020.24 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-xilinx-zynqmp verification-needed-focal
removed: verification-done-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-01:

#21

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

ubuntu-kernel-tests

icmp_redirect.sh in ubuntu_kernel_selftests failed on Jammy 5.15.0-49.55

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
ubuntu-kernel-tests	Fix Released	Undecided	Unassigned
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Focal	Fix Released	Medium	Unassigned
Jammy	Fix Released	Medium	Unassigned