diff -u linux-6.2.0/arch/x86/include/asm/cpufeatures.h linux-6.2.0/arch/x86/include/asm/cpufeatures.h --- linux-6.2.0/arch/x86/include/asm/cpufeatures.h +++ linux-6.2.0/arch/x86/include/asm/cpufeatures.h @@ -14,7 +14,7 @@ * Defines x86 CPU feature bits */ #define NCAPINTS 20 /* N 32-bit words worth of info */ -#define NBUGINTS 1 /* N 32-bit bug flags */ +#define NBUGINTS 2 /* N 32-bit bug flags */ /* * Note: If the comment begins with a quoted string, that string is used @@ -471,2 +471,4 @@ +/* BUG word 2 */ +#define X86_BUG_DIV0 X86_BUG(1*32 + 1) /* AMD DIV0 speculation bug */ #endif /* _ASM_X86_CPUFEATURES_H */ diff -u linux-6.2.0/arch/x86/include/asm/processor.h linux-6.2.0/arch/x86/include/asm/processor.h --- linux-6.2.0/arch/x86/include/asm/processor.h +++ linux-6.2.0/arch/x86/include/asm/processor.h @@ -680,9 +680,11 @@ #ifdef CONFIG_CPU_SUP_AMD extern u32 amd_get_nodes_per_socket(void); extern u32 amd_get_highest_perf(void); +extern void amd_clear_divider(void); #else static inline u32 amd_get_nodes_per_socket(void) { return 0; } static inline u32 amd_get_highest_perf(void) { return 0; } +static inline void amd_clear_divider(void) { } #endif extern unsigned long arch_align_stack(unsigned long sp); diff -u linux-6.2.0/arch/x86/kernel/cpu/amd.c linux-6.2.0/arch/x86/kernel/cpu/amd.c --- linux-6.2.0/arch/x86/kernel/cpu/amd.c +++ linux-6.2.0/arch/x86/kernel/cpu/amd.c @@ -75,6 +75,10 @@ AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf), AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf)); +static const int amd_div0[] = + AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x00, 0x0, 0x2f, 0xf), + AMD_MODEL_RANGE(0x17, 0x50, 0x0, 0x5f, 0xf)); + static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum) { int osvw_id = *erratum++; @@ -1115,6 +1119,11 @@ check_null_seg_clears_base(c); zenbleed_check(c); + + if (cpu_has_amd_erratum(c, amd_div0)) { + pr_notice_once("AMD Zen1 DIV0 bug detected. Disable SMT for full protection.\n"); + setup_force_cpu_bug(X86_BUG_DIV0); + } } #ifdef CONFIG_X86_32 @@ -1258,0 +1268,11 @@ + +/* + * Issue a DIV 0/1 insn to clear any division data from previous DIV + * operations. + */ +void noinstr amd_clear_divider(void) +{ + asm volatile(ALTERNATIVE("", "div %2\n\t", X86_BUG_DIV0) + :: "a" (0), "d" (0), "r" (1)); +} +EXPORT_SYMBOL_GPL(amd_clear_divider); diff -u linux-6.2.0/arch/x86/kvm/svm/svm.c linux-6.2.0/arch/x86/kvm/svm/svm.c --- linux-6.2.0/arch/x86/kvm/svm/svm.c +++ linux-6.2.0/arch/x86/kvm/svm/svm.c @@ -3945,6 +3945,8 @@ guest_state_enter_irqoff(); + amd_clear_divider(); + if (sev_es_guest(vcpu->kvm)) __svm_sev_es_vcpu_run(svm, spec_ctrl_intercepted); else diff -u linux-6.2.0/debian.master/abi/abiname linux-6.2.0/debian.master/abi/abiname --- linux-6.2.0/debian.master/abi/abiname +++ linux-6.2.0/debian.master/abi/abiname @@ -1 +1 @@ -30 +32 diff -u linux-6.2.0/debian.master/abi/version linux-6.2.0/debian.master/abi/version --- linux-6.2.0/debian.master/abi/version +++ linux-6.2.0/debian.master/abi/version @@ -1 +1 @@ -6.2.0-30.30 +6.2.0-32.32 diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,34 @@ +linux (6.2.0-33.33) lunar; urgency=medium + + * lunar/linux: 6.2.0-33.33 -proposed tracker (LP: #2034158) + + * Packaging resync (LP: #1786013) + - [Packaging] update helper scripts + + * CVE-2023-21264 + - KVM: arm64: Prevent unconditional donation of unmapped regions from the host + + * CVE-2023-4569 + - netfilter: nf_tables: deactivate catchall elements in next generation + + * CVE-2023-40283 + - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb + + * CVE-2023-20588 + - x86/bugs: Increase the x86 bugs vector size to two u32s + - x86/CPU/AMD: Do not leak quotient data after a division by 0 + - x86/CPU/AMD: Fix the DIV(0) initial fix attempt + + * CVE-2023-4128 + - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after- + free + - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after- + free + - net/sched: cls_route: No longer copy tcf_result on update to avoid use- + after-free + + -- Thadeu Lima de Souza Cascardo Tue, 05 Sep 2023 09:47:04 -0300 + linux (6.2.0-32.32) lunar; urgency=medium * lunar/linux: 6.2.0-32.32 -proposed tracker (LP: #2031134) diff -u linux-6.2.0/debian.master/tracking-bug linux-6.2.0/debian.master/tracking-bug --- linux-6.2.0/debian.master/tracking-bug +++ linux-6.2.0/debian.master/tracking-bug @@ -1 +1 @@ -2031134 2023.08.07-3 +2034158 s2023.08.07-1 diff -u linux-6.2.0/debian/changelog linux-6.2.0/debian/changelog --- linux-6.2.0/debian/changelog +++ linux-6.2.0/debian/changelog @@ -1,3 +1,34 @@ +linux (6.2.0-33.33) lunar; urgency=medium + + * lunar/linux: 6.2.0-33.33 -proposed tracker (LP: #2034158) + + * Packaging resync (LP: #1786013) + - [Packaging] update helper scripts + + * CVE-2023-21264 + - KVM: arm64: Prevent unconditional donation of unmapped regions from the host + + * CVE-2023-4569 + - netfilter: nf_tables: deactivate catchall elements in next generation + + * CVE-2023-40283 + - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb + + * CVE-2023-20588 + - x86/bugs: Increase the x86 bugs vector size to two u32s + - x86/CPU/AMD: Do not leak quotient data after a division by 0 + - x86/CPU/AMD: Fix the DIV(0) initial fix attempt + + * CVE-2023-4128 + - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after- + free + - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after- + free + - net/sched: cls_route: No longer copy tcf_result on update to avoid use- + after-free + + -- Thadeu Lima de Souza Cascardo Tue, 05 Sep 2023 09:47:04 -0300 + linux (6.2.0-32.32) lunar; urgency=medium * lunar/linux: 6.2.0-32.32 -proposed tracker (LP: #2031134) diff -u linux-6.2.0/debian/control linux-6.2.0/debian/control --- linux-6.2.0/debian/control +++ linux-6.2.0/debian/control @@ -93,7 +93,7 @@ you do not want this package. Install the appropriate linux-headers package instead. -Package: linux-headers-6.2.0-32 +Package: linux-headers-6.2.0-33 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -103,7 +103,7 @@ Description: Header files related to Linux kernel version 6.2.0 This package provides kernel header files for version 6.2.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-6.2.0-32/debian.README.gz for details + /usr/share/doc/linux-headers-6.2.0-33/debian.README.gz for details Package: linux-tools-common Build-Profiles: @@ -118,18 +118,18 @@ version locked tools (such as perf and x86_energy_perf_policy) for version 6.2.0. -Package: linux-tools-6.2.0-32 +Package: linux-tools-6.2.0-33 Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 6.2.0-32 +Description: Linux kernel version specific tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 6.2.0-32 on + version 6.2.0-33 on 64 bit x86. - You probably want to install linux-tools-6.2.0-32-. + You probably want to install linux-tools-6.2.0-33-. Package: linux-cloud-tools-common Build-Profiles: @@ -142,17 +142,17 @@ This package provides the architecture independent parts for kernel version locked tools for cloud tools for version 6.2.0. -Package: linux-cloud-tools-6.2.0-32 +Package: linux-cloud-tools-6.2.0-33 Build-Profiles: Architecture: amd64 armhf Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-cloud-tools-common -Description: Linux kernel version specific cloud tools for version 6.2.0-32 +Description: Linux kernel version specific cloud tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel - version locked tools for cloud tools for version 6.2.0-32 on + version locked tools for cloud tools for version 6.2.0-33 on 64 bit x86. - You probably want to install linux-cloud-tools-6.2.0-32-. + You probably want to install linux-cloud-tools-6.2.0-33-. Package: linux-tools-host Build-Profiles: @@ -192,17 +192,17 @@ contained in each file. -Package: linux-image-unsigned-6.2.0-32-generic +Package: linux-image-unsigned-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-32-generic +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-33-generic Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64] | flash-kernel [armhf arm64] | grub-efi-arm64 [arm64] | grub-efi-arm [armhf] | grub-ieee1275 [ppc64el], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-6.2.0-32-generic -Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-32-generic, linux-modules-extra-6.2.0-32-generic +Conflicts: linux-image-6.2.0-33-generic +Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-33-generic, linux-modules-extra-6.2.0-33-generic Description: Linux kernel image for version 6.2.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 6.2.0 on 64 bit x86 SMP. @@ -215,7 +215,7 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-6.2.0-32-generic +Package: linux-modules-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel @@ -235,12 +235,12 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-6.2.0-32-generic +Package: linux-modules-extra-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-32-generic, wireless-regdb +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-33-generic, wireless-regdb Description: Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP. @@ -257,21 +257,21 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-6.2.0-32-generic +Package: linux-headers-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-6.2.0-32, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-6.2.0-33, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 6.2.0 on 64 bit x86 SMP This package provides kernel header files for version 6.2.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-6.2.0-32/debian.README.gz for details. + /usr/share/doc/linux-headers-6.2.0-33/debian.README.gz for details. -Package: linux-lib-rust-6.2.0-32-generic +Package: linux-lib-rust-6.2.0-33-generic Build-Profiles: Architecture: amd64 Multi-Arch: foreign @@ -282,7 +282,7 @@ This package provides kernel library files for version 6.2.0, that allow to compile out-of-tree kernel modules written in Rust. -Package: linux-image-unsigned-6.2.0-32-generic-dbgsym +Package: linux-image-unsigned-6.2.0-33-generic-dbgsym Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel @@ -299,31 +299,31 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-6.2.0-32-generic +Package: linux-tools-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-6.2.0-32 -Description: Linux kernel version specific tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-tools-6.2.0-33 +Description: Linux kernel version specific tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 6.2.0-32 on + version 6.2.0-33 on 64 bit x86. -Package: linux-cloud-tools-6.2.0-32-generic +Package: linux-cloud-tools-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-32 -Description: Linux kernel version specific cloud tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-33 +Description: Linux kernel version specific cloud tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 6.2.0-32 on + version locked tools for cloud for version 6.2.0-33 on 64 bit x86. -Package: linux-buildinfo-6.2.0-32-generic +Package: linux-buildinfo-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel @@ -337,18 +337,18 @@ You likely do not want to install this package. -Package: linux-modules-ipu6-6.2.0-32-generic +Package: linux-modules-ipu6-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic | linux-image-unsigned-6.2.0-32-generic, + linux-image-6.2.0-33-generic | linux-image-unsigned-6.2.0-33-generic, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ipu6 modules for version 6.2.0-32 +Description: Linux kernel ipu6 modules for version 6.2.0-33 This package provides the Linux kernel ipu6 modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ipu6-generic* meta-packages, @@ -356,18 +356,18 @@ also installed. -Package: linux-modules-ivsc-6.2.0-32-generic +Package: linux-modules-ivsc-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic | linux-image-unsigned-6.2.0-32-generic, + linux-image-6.2.0-33-generic | linux-image-unsigned-6.2.0-33-generic, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ivsc modules for version 6.2.0-32 +Description: Linux kernel ivsc modules for version 6.2.0-33 This package provides the Linux kernel ivsc modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ivsc-generic* meta-packages, @@ -375,18 +375,18 @@ also installed. -Package: linux-modules-iwlwifi-6.2.0-32-generic +Package: linux-modules-iwlwifi-6.2.0-33-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic | linux-image-unsigned-6.2.0-32-generic, + linux-image-6.2.0-33-generic | linux-image-unsigned-6.2.0-33-generic, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 6.2.0-32 +Description: Linux kernel iwlwifi modules for version 6.2.0-33 This package provides the Linux kernel iwlwifi modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-generic* meta-packages, @@ -394,17 +394,17 @@ also installed. -Package: linux-image-unsigned-6.2.0-32-generic-64k +Package: linux-image-unsigned-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-32-generic-64k +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-33-generic-64k Recommends: grub-efi-arm64 [arm64] | flash-kernel [arm64], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-6.2.0-32-generic-64k -Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-32-generic-64k, linux-modules-extra-6.2.0-32-generic-64k +Conflicts: linux-image-6.2.0-33-generic-64k +Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-33-generic-64k, linux-modules-extra-6.2.0-33-generic-64k Description: Linux kernel image for version 6.2.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 6.2.0 on 64 bit x86 SMP. @@ -417,7 +417,7 @@ the linux-generic-64k meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-6.2.0-32-generic-64k +Package: linux-modules-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel @@ -437,12 +437,12 @@ the linux-generic-64k meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-6.2.0-32-generic-64k +Package: linux-modules-extra-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-32-generic-64k, wireless-regdb +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-33-generic-64k, wireless-regdb Description: Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP. @@ -459,21 +459,21 @@ the linux-generic-64k meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-6.2.0-32-generic-64k +Package: linux-headers-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-6.2.0-32, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-6.2.0-33, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 6.2.0 on 64 bit x86 SMP This package provides kernel header files for version 6.2.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-6.2.0-32/debian.README.gz for details. + /usr/share/doc/linux-headers-6.2.0-33/debian.README.gz for details. -Package: linux-lib-rust-6.2.0-32-generic-64k +Package: linux-lib-rust-6.2.0-33-generic-64k Build-Profiles: Architecture: amd64 Multi-Arch: foreign @@ -484,7 +484,7 @@ This package provides kernel library files for version 6.2.0, that allow to compile out-of-tree kernel modules written in Rust. -Package: linux-image-unsigned-6.2.0-32-generic-64k-dbgsym +Package: linux-image-unsigned-6.2.0-33-generic-64k-dbgsym Build-Profiles: Architecture: arm64 Section: devel @@ -501,31 +501,31 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-6.2.0-32-generic-64k +Package: linux-tools-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-6.2.0-32 -Description: Linux kernel version specific tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-tools-6.2.0-33 +Description: Linux kernel version specific tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 6.2.0-32 on + version 6.2.0-33 on 64 bit x86. -Package: linux-cloud-tools-6.2.0-32-generic-64k +Package: linux-cloud-tools-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-32 -Description: Linux kernel version specific cloud tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-33 +Description: Linux kernel version specific cloud tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 6.2.0-32 on + version locked tools for cloud for version 6.2.0-33 on 64 bit x86. -Package: linux-buildinfo-6.2.0-32-generic-64k +Package: linux-buildinfo-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel @@ -539,18 +539,18 @@ You likely do not want to install this package. -Package: linux-modules-ipu6-6.2.0-32-generic-64k +Package: linux-modules-ipu6-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-64k | linux-image-unsigned-6.2.0-32-generic-64k, + linux-image-6.2.0-33-generic-64k | linux-image-unsigned-6.2.0-33-generic-64k, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ipu6 modules for version 6.2.0-32 +Description: Linux kernel ipu6 modules for version 6.2.0-33 This package provides the Linux kernel ipu6 modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ipu6-generic-64k* meta-packages, @@ -558,18 +558,18 @@ also installed. -Package: linux-modules-ivsc-6.2.0-32-generic-64k +Package: linux-modules-ivsc-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-64k | linux-image-unsigned-6.2.0-32-generic-64k, + linux-image-6.2.0-33-generic-64k | linux-image-unsigned-6.2.0-33-generic-64k, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ivsc modules for version 6.2.0-32 +Description: Linux kernel ivsc modules for version 6.2.0-33 This package provides the Linux kernel ivsc modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ivsc-generic-64k* meta-packages, @@ -577,18 +577,18 @@ also installed. -Package: linux-modules-iwlwifi-6.2.0-32-generic-64k +Package: linux-modules-iwlwifi-6.2.0-33-generic-64k Build-Profiles: Architecture: arm64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-64k | linux-image-unsigned-6.2.0-32-generic-64k, + linux-image-6.2.0-33-generic-64k | linux-image-unsigned-6.2.0-33-generic-64k, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 6.2.0-32 +Description: Linux kernel iwlwifi modules for version 6.2.0-33 This package provides the Linux kernel iwlwifi modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-generic-64k* meta-packages, @@ -596,17 +596,17 @@ also installed. -Package: linux-image-unsigned-6.2.0-32-generic-lpae +Package: linux-image-unsigned-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-32-generic-lpae +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-6.2.0-33-generic-lpae Recommends: flash-kernel [armhf] | grub-efi-arm [armhf], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-6.2.0-32-generic-lpae -Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-32-generic-lpae, linux-modules-extra-6.2.0-32-generic-lpae +Conflicts: linux-image-6.2.0-33-generic-lpae +Suggests: fdutils, linux-doc | linux-source-6.2.0, linux-tools, linux-headers-6.2.0-33-generic-lpae, linux-modules-extra-6.2.0-33-generic-lpae Description: Linux kernel image for version 6.2.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 6.2.0 on 64 bit x86 SMP. @@ -619,7 +619,7 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-6.2.0-32-generic-lpae +Package: linux-modules-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel @@ -639,12 +639,12 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-6.2.0-32-generic-lpae +Package: linux-modules-extra-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-32-generic-lpae, wireless-regdb +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-modules-6.2.0-33-generic-lpae, wireless-regdb Description: Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP. @@ -661,21 +661,21 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-6.2.0-32-generic-lpae +Package: linux-headers-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-6.2.0-32, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-6.2.0-33, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 6.2.0 on 64 bit x86 SMP This package provides kernel header files for version 6.2.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-6.2.0-32/debian.README.gz for details. + /usr/share/doc/linux-headers-6.2.0-33/debian.README.gz for details. -Package: linux-lib-rust-6.2.0-32-generic-lpae +Package: linux-lib-rust-6.2.0-33-generic-lpae Build-Profiles: Architecture: amd64 Multi-Arch: foreign @@ -686,7 +686,7 @@ This package provides kernel library files for version 6.2.0, that allow to compile out-of-tree kernel modules written in Rust. -Package: linux-image-unsigned-6.2.0-32-generic-lpae-dbgsym +Package: linux-image-unsigned-6.2.0-33-generic-lpae-dbgsym Build-Profiles: Architecture: armhf Section: devel @@ -703,31 +703,31 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-6.2.0-32-generic-lpae +Package: linux-tools-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-6.2.0-32 -Description: Linux kernel version specific tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-tools-6.2.0-33 +Description: Linux kernel version specific tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 6.2.0-32 on + version 6.2.0-33 on 64 bit x86. -Package: linux-cloud-tools-6.2.0-32-generic-lpae +Package: linux-cloud-tools-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-32 -Description: Linux kernel version specific cloud tools for version 6.2.0-32 +Depends: ${misc:Depends}, linux-cloud-tools-6.2.0-33 +Description: Linux kernel version specific cloud tools for version 6.2.0-33 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 6.2.0-32 on + version locked tools for cloud for version 6.2.0-33 on 64 bit x86. -Package: linux-buildinfo-6.2.0-32-generic-lpae +Package: linux-buildinfo-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel @@ -741,18 +741,18 @@ You likely do not want to install this package. -Package: linux-modules-ipu6-6.2.0-32-generic-lpae +Package: linux-modules-ipu6-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-lpae | linux-image-unsigned-6.2.0-32-generic-lpae, + linux-image-6.2.0-33-generic-lpae | linux-image-unsigned-6.2.0-33-generic-lpae, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ipu6 modules for version 6.2.0-32 +Description: Linux kernel ipu6 modules for version 6.2.0-33 This package provides the Linux kernel ipu6 modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ipu6-generic-lpae* meta-packages, @@ -760,18 +760,18 @@ also installed. -Package: linux-modules-ivsc-6.2.0-32-generic-lpae +Package: linux-modules-ivsc-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-lpae | linux-image-unsigned-6.2.0-32-generic-lpae, + linux-image-6.2.0-33-generic-lpae | linux-image-unsigned-6.2.0-33-generic-lpae, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel ivsc modules for version 6.2.0-32 +Description: Linux kernel ivsc modules for version 6.2.0-33 This package provides the Linux kernel ivsc modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-ivsc-generic-lpae* meta-packages, @@ -779,18 +779,18 @@ also installed. -Package: linux-modules-iwlwifi-6.2.0-32-generic-lpae +Package: linux-modules-iwlwifi-6.2.0-33-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-6.2.0-32-generic-lpae | linux-image-unsigned-6.2.0-32-generic-lpae, + linux-image-6.2.0-33-generic-lpae | linux-image-unsigned-6.2.0-33-generic-lpae, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 6.2.0-32 +Description: Linux kernel iwlwifi modules for version 6.2.0-33 This package provides the Linux kernel iwlwifi modules for version - 6.2.0-32. + 6.2.0-33. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-generic-lpae* meta-packages, diff -u linux-6.2.0/debian/scripts/helpers/open linux-6.2.0/debian/scripts/helpers/open --- linux-6.2.0/debian/scripts/helpers/open +++ linux-6.2.0/debian/scripts/helpers/open @@ -192,8 +192,8 @@ if [ -f "$DEBIAN/abi/version" ]; then # This is an unversioned ABI directory, so simply update the # version file - echo "$new" > "$DEBIAN/abi/version" - git add "$DEBIAN/abi/version" + echo "$new" | run tee "$DEBIAN/abi/version" >/dev/null + run git add "$DEBIAN/abi/version" else # Get the old ABI directory: old=$(find "$DEBIAN/abi/" -mindepth 1 -maxdepth 1 -type d | \ diff -u linux-6.2.0/net/bluetooth/l2cap_sock.c linux-6.2.0/net/bluetooth/l2cap_sock.c --- linux-6.2.0/net/bluetooth/l2cap_sock.c +++ linux-6.2.0/net/bluetooth/l2cap_sock.c @@ -46,6 +46,7 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent); static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern); +static void l2cap_sock_cleanup_listen(struct sock *parent); bool l2cap_is_socket(struct socket *sock) { @@ -1415,6 +1416,7 @@ if (!sk) return 0; + l2cap_sock_cleanup_listen(sk); bt_sock_unlink(&l2cap_sk_list, sk); err = l2cap_sock_shutdown(sock, SHUT_RDWR); diff -u linux-6.2.0/net/netfilter/nf_tables_api.c linux-6.2.0/net/netfilter/nf_tables_api.c --- linux-6.2.0/net/netfilter/nf_tables_api.c +++ linux-6.2.0/net/netfilter/nf_tables_api.c @@ -6776,6 +6776,7 @@ ret = __nft_set_catchall_flush(ctx, set, &elem); if (ret < 0) break; + nft_set_elem_change_active(ctx->net, set, ext); } return ret; diff -u linux-6.2.0/net/sched/cls_fw.c linux-6.2.0/net/sched/cls_fw.c --- linux-6.2.0/net/sched/cls_fw.c +++ linux-6.2.0/net/sched/cls_fw.c @@ -267,7 +267,6 @@ return -ENOBUFS; fnew->id = f->id; - fnew->res = f->res; fnew->ifindex = f->ifindex; fnew->tp = f->tp; diff -u linux-6.2.0/net/sched/cls_u32.c linux-6.2.0/net/sched/cls_u32.c --- linux-6.2.0/net/sched/cls_u32.c +++ linux-6.2.0/net/sched/cls_u32.c @@ -815,7 +815,6 @@ new->ifindex = n->ifindex; new->fshift = n->fshift; - new->res = n->res; new->flags = n->flags; RCU_INIT_POINTER(new->ht_down, ht); only in patch2: unchanged: --- linux-6.2.0.orig/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ linux-6.2.0/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -568,7 +568,7 @@ struct check_walk_data { enum pkvm_page_state desired; - enum pkvm_page_state (*get_page_state)(kvm_pte_t pte); + enum pkvm_page_state (*get_page_state)(kvm_pte_t pte, u64 addr); }; static int __check_page_state_visitor(const struct kvm_pgtable_visit_ctx *ctx, @@ -576,10 +576,7 @@ { struct check_walk_data *d = ctx->arg; - if (kvm_pte_valid(ctx->old) && !addr_is_allowed_memory(kvm_pte_to_phys(ctx->old))) - return -EINVAL; - - return d->get_page_state(ctx->old) == d->desired ? 0 : -EPERM; + return d->get_page_state(ctx->old, ctx->addr) == d->desired ? 0 : -EPERM; } static int check_page_state_range(struct kvm_pgtable *pgt, u64 addr, u64 size, @@ -594,8 +591,11 @@ return kvm_pgtable_walk(pgt, addr, size, &walker); } -static enum pkvm_page_state host_get_page_state(kvm_pte_t pte) +static enum pkvm_page_state host_get_page_state(kvm_pte_t pte, u64 addr) { + if (!addr_is_allowed_memory(addr)) + return PKVM_NOPAGE; + if (!kvm_pte_valid(pte) && pte) return PKVM_NOPAGE; @@ -702,7 +702,7 @@ return host_stage2_set_owner_locked(addr, size, host_id); } -static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte) +static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte, u64 addr) { if (!kvm_pte_valid(pte)) return PKVM_NOPAGE; only in patch2: unchanged: --- linux-6.2.0.orig/arch/x86/include/asm/entry-common.h +++ linux-6.2.0/arch/x86/include/asm/entry-common.h @@ -92,6 +92,7 @@ static __always_inline void arch_exit_to_user_mode(void) { mds_user_clear_cpu_buffers(); + amd_clear_divider(); } #define arch_exit_to_user_mode arch_exit_to_user_mode only in patch2: unchanged: --- linux-6.2.0.orig/net/sched/cls_route.c +++ linux-6.2.0/net/sched/cls_route.c @@ -513,7 +513,6 @@ if (fold) { f->id = fold->id; f->iif = fold->iif; - f->res = fold->res; f->handle = fold->handle; f->tp = fold->tp; only in patch2: unchanged: --- linux-6.2.0.orig/tools/arch/x86/include/asm/cpufeatures.h +++ linux-6.2.0/tools/arch/x86/include/asm/cpufeatures.h @@ -14,7 +14,7 @@ * Defines x86 CPU feature bits */ #define NCAPINTS 20 /* N 32-bit words worth of info */ -#define NBUGINTS 1 /* N 32-bit bug flags */ +#define NBUGINTS 2 /* N 32-bit bug flags */ /* * Note: If the comment begins with a quoted string, that string is used