Bug #1965723 “audit: improve audit queue handling when “audit=1”...” : Bugs : linux package : Ubuntu

gerald.yang (gerald-yang-tw) on 2022-03-21

Changed in linux (Ubuntu):
assignee:	nobody → gerald.yang (gerald-yang-tw)
importance:	Undecided → Critical
status:	New → In Progress

gerald.yang (gerald-yang-tw) on 2022-03-21

Changed in linux (Ubuntu Impish):
status:	New → In Progress
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
Changed in linux (Ubuntu Impish):
importance:	Undecided → Critical
Changed in linux (Ubuntu Focal):
importance:	Undecided → Critical
Changed in linux (Ubuntu Bionic):
importance:	Undecided → Critical
Changed in linux (Ubuntu Impish):
assignee:	nobody → gerald.yang (gerald-yang-tw)
Changed in linux (Ubuntu Focal):
assignee:	nobody → gerald.yang (gerald-yang-tw)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → gerald.yang (gerald-yang-tw)
tags:	added: sts

gerald.yang (gerald-yang-tw) on 2022-03-21

no longer affects:

linux (Ubuntu Jammy)

Revision history for this message

gerald.yang (gerald-yang-tw) wrote on 2022-03-21:

#1

This one has been merged in the last upstream stable patch set

no longer affects:	linux (Ubuntu Impish)
no longer affects:	linux (Ubuntu Focal)
no longer affects:	linux (Ubuntu Bionic)
Changed in linux (Ubuntu):
status:	In Progress → Invalid

Revision history for this message

Kenyon Ralph (kralph) wrote on 2022-03-29 (last edit on 2022-03-29):

#3

Focal is LP: #1964634. LP: #1964422 is for Impish.

Revision history for this message

gerald.yang (gerald-yang-tw) wrote on 2022-03-29 (last edit on 2022-03-29):

#4

the fix in Impish is still in progress here LP: #1966021

Kleber Sacilotto de Souza (kleber-souza) on 2022-03-29

Changed in linux (Ubuntu Impish):
status:	New → Confirmed
Changed in linux (Ubuntu Focal):
status:	New → Confirmed
Changed in linux (Ubuntu Bionic):
status:	New → Confirmed

Kleber Sacilotto de Souza (kleber-souza) on 2022-03-29

Changed in linux (Ubuntu Impish):
status:	Confirmed → Fix Committed
Changed in linux (Ubuntu Focal):
status:	Confirmed → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	Confirmed → Fix Committed

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2022-03-29:

#5

For Impish, I have cherry-picked the fix from the pull-request for bug 1966021 and applied to the master-next branch and it will be included in the current kernel SRU cycle re-spin.

Note that for Focal the patch was already applied for a re-spin and I wasn't able to include the additional BugLink to the commit message, therefore this bug report won't receive automatic updates about the fix.

Revision history for this message

gerald.yang (gerald-yang-tw) wrote on 2022-03-30:

#6

Thanks a lot for the help Kleber

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-03-30:

#7

This bug is awaiting verification that the linux/4.15.0-176.185 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-03-30:

#8

This bug is awaiting verification that the linux/5.13.0-40.45 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-impish

Revision history for this message

John Lewis (jlewis-johnlewis-deactivatedaccount) wrote on 2022-04-01:

#9

I've reproduced the original problem then been running proposed kernels in bionic and focal now for at least 2 hours, and problem seems fixed:

root@machine-1:~# uname -r
4.15.0-176-generic
root@machine-1:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.6 LTS"
root@machine-1:~#

5.4.0-108-generic
root@machine-2:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"
root@machine-2:~#

Marking as verified in bionic - should we be doing so in focal too?

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2022-04-07:

#10

Hello John,

Thank you for verifying the fix. The verification-needed tag was not added automatically for Focal because the commit contains only the link to the upstream stable update https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1964634. I'll add the tag manually to flag that it has been verified.

Thank you!

tags:

added: verification-done-focal

Revision history for this message

Simon Mijolovic (smijolovic) wrote on 2022-04-11:

#11

Identified this issue in Focal starting with the update to 105 kernel. Constant soft lockups then freezing when kauditd/auditd exceeded backlog limit. Due to DoD requirements, all systems set to audit=1 in kernel boot options and have stringent list of syscalls/binaries/files that are audited.

Added focal-proposed repo and updated to 109 kernel. Few hours of compiling and heavy static code analysis loads on system and no lockups as of yet.

This is a really scary bug - seems to be present on all linux kernels and a huge threat as a DDoS.

gerald.yang (gerald-yang-tw) on 2022-04-14

Changed in linux (Ubuntu):
status:	Invalid → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-04-19:

#12

Download full text (53.1 KiB)

This bug was fixed in the package linux - 5.13.0-40.45

---------------
linux (5.13.0-40.45) impish; urgency=medium

* impish/linux: 5.13.0-40.45 -proposed tracker (LP: #1966701)

* CVE-2022-1016
- netfilter: nf_tables: initialize registers in nft_do_chain()

* CVE-2022-1015
- netfilter: nf_tables: validate registers coming from userspace.

  * audit: improve audit queue handling when "audit=1" on cmdline
    (LP: #1965723) // Impish update: upstream stable patchset 2022-03-22
    (LP: #1966021)
    - audit: improve audit queue handling when "audit=1" on cmdline

  * PS/2 Keyboard wakeup from s2idle not functioning on AMD Yellow Carp platform
    (LP: #1961739)
    - PM: s2idle: ACPI: Fix wakeup interrupts handling

* Low RX performance for 40G Solarflare NICs (LP: #1964512)
- SAUCE: sfc: The size of the RX recycle ring should be more flexible

  * [UBUNTU 20.04] Fix SIGP processing on KVM/s390 (LP: #1962578)
    - KVM: s390: Simplify SIGP Set Arch handling
    - KVM: s390: Add a routine for setting userspace CPU state

  * Move virtual graphics drivers from linux-modules-extra to linux-modules
    (LP: #1960633)
    - [Packaging] Move VM DRM drivers into modules

  * Impish update: upstream stable patchset 2022-03-09 (LP: #1964422)
    - bnx2x: Utilize firmware 7.13.21.0
    - bnx2x: Invalidate fastpath HSI version for VFs
    - rcu: Tighten rcu_advance_cbs_nowake() checks
    - select: Fix indefinitely sleeping task in poll_schedule_timeout()
    - drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2
    - arm64/bpf: Remove 128MB limit for BPF JIT programs
    - Bluetooth: refactor malicious adv data check
    - net: sfp: ignore disabled SFP node
    - net: stmmac: skip only stmmac_ptp_register when resume from suspend
    - s390/hypfs: include z/VM guests with access control group set
    - bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
    - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
      devices
    - udf: Restore i_lenAlloc when inode expansion fails
    - udf: Fix NULL ptr deref when converting from inline format
    - efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
    - PM: wakeup: simplify the output logic of pm_show_wakelocks()
    - tracing/histogram: Fix a potential memory leak for kstrdup()
    - tracing: Don't inc err_log entry count if entry allocation fails
    - ceph: properly put ceph_string reference after async create attempt
    - ceph: set pool_ns in new inode layout for async creates
    - fsnotify: fix fsnotify hooks in pseudo filesystems
    - Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
    - perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
    - drm/etnaviv: relax submit size limits
    - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
    - netfilter: nft_payload: do not update layer 4 checksum when mangling
      fragments
    - serial: 8250: of: Fix mapped region size when using reg-offset property
    - serial: stm32: fix software flow control transfer
    - tty: n_gsm: fix SW flow control encoding/handling
    - tty: Add support for Brainboxes UC cards.
    - usb-storage: Add unusual-devs...

This bug was fixed in the package linux - 5.13.0-40.45

---------------
linux (5.13.0-40.45) impish; urgency=medium

* impish/linux: 5.13.0-40.45 -proposed tracker (LP: #1966701)

* CVE-2022-1016
    - netfilter: nf_tables: initialize registers in nft_do_chain()

* CVE-2022-1015
    - netfilter: nf_tables: validate registers coming from userspace.

* audit: improve audit queue handling when "audit=1" on cmdline
    (LP: #1965723) // Impish update: upstream stable patchset 2022-03-22
    (LP: #1966021)
    - audit: improve audit queue handling when "audit=1" on cmdline

* PS/2 Keyboard wakeup from s2idle not functioning on AMD Yellow Carp platform
    (LP: #1961739)
    - PM: s2idle: ACPI: Fix wakeup interrupts handling

* Low RX performance for 40G Solarflare NICs (LP: #1964512)
    - SAUCE: sfc: The size of the RX recycle ring should be more flexible

* [UBUNTU 20.04] Fix SIGP processing on KVM/s390 (LP: #1962578)
    - KVM: s390: Simplify SIGP Set Arch handling
    - KVM: s390: Add a routine for setting userspace CPU state

* Move virtual graphics drivers from linux-modules-extra to linux-modules
    (LP: #1960633)
    - [Packaging] Move VM DRM drivers into modules

* Impish update: upstream stable patchset 2022-03-09 (LP: #1964422)
    - bnx2x: Utilize firmware 7.13.21.0
    - bnx2x: Invalidate fastpath HSI version for VFs
    - rcu: Tighten rcu_advance_cbs_nowake() checks
    - select: Fix indefinitely sleeping task in poll_schedule_timeout()
    - drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2
    - arm64/bpf: Remove 128MB limit for BPF JIT programs
    - Bluetooth: refactor malicious adv data check
    - net: sfp: ignore disabled SFP node
    - net: stmmac: skip only stmmac_ptp_register when resume from suspend
    - s390/hypfs: include z/VM guests with access control group set
    - bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
    - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
      devices
    - udf: Restore i_lenAlloc when inode expansion fails
    - udf: Fix NULL ptr deref when converting from inline format
    - efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
    - PM: wakeup: simplify the output logic of pm_show_wakelocks()
    - tracing/histogram: Fix a potential memory leak for kstrdup()
    - tracing: Don't inc err_log entry count if entry allocation fails
    - ceph: properly put ceph_string reference after async create attempt
    - ceph: set pool_ns in new inode layout for async creates
    - fsnotify: fix fsnotify hooks in pseudo filesystems
    - Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
    - perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
    - drm/etnaviv: relax submit size limits
    - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
    - netfilter: nft_payload: do not update layer 4 checksum when mangling
      fragments
    - serial: 8250: of: Fix mapped region size when using reg-offset property
    - serial: stm32: fix software flow control transfer
    - tty: n_gsm: fix SW flow control encoding/handling
    - tty: Add support for Brainboxes UC cards.
    - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
    - usb: xhci-plat: fix crash when suspend if remote wake enable
    - usb: common: ulpi: Fix crash in ulpi_match()
    - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
    - USB: core: Fix hang in usb_kill_urb by adding memory barriers
    - usb: typec: tcpm: Do not disconnect while receiving VBUS off
    - ucsi_ccg: Check DEV_INT bit only when starting CCG4
    - jbd2: export jbd2_journal_[grab|put]_journal_head
    - ocfs2: fix a deadlock when commit trans
    - sched/membarrier: Fix membarrier-rseq fence command missing from query
      bitmask
    - x86/MCE/AMD: Allow thresholding interface updates after init
    - powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs
    - powerpc/32s: Fix kasan_init_region() for KASAN
    - powerpc/32: Fix boot failure with GCC latent entropy plugin
    - i40e: Increase delay to 1 s after global EMP reset
    - i40e: Fix issue when maximum queues is exceeded
    - i40e: Fix queues reservation for XDP
    - i40e: Fix for failed to init adminq while VF reset
    - i40e: fix unsigned stat widths
    - usb: roles: fix include/linux/usb/role.h compile issue
    - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
    - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
    - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
    - ipv6_tunnel: Rate limit warning messages
    - net: fix information leakage in /proc/net/ptype
    - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
    - hwmon: (lm90) Mark alert as broken for MAX6680
    - ping: fix the sk_bound_dev_if match in ping_lookup
    - ipv4: avoid using shared IP generator for connected sockets
    - hwmon: (lm90) Reduce maximum conversion rate for G781
    - NFSv4: Handle case where the lookup of a directory fails
    - NFSv4: nfs_atomic_open() can race when looking up a non-regular file
    - net-procfs: show net devices bound packet types
    - drm/msm: Fix wrong size calculation
    - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
    - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
    - ipv6: annotate accesses to fn->fn_sernum
    - NFS: Ensure the server has an up to date ctime before hardlinking
    - NFS: Ensure the server has an up to date ctime before renaming
    - powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
    - netfilter: conntrack: don't increment invalid counter on NF_REPEAT
    - perf: Fix perf_event_read_local() time
    - sched/pelt: Relax the sync of util_sum with util_avg
    - net: phy: broadcom: hook up soft_reset for BCM54616S
    - phylib: fix potential use-after-free
    - octeontx2-pf: Forward error codes to VF
    - rxrpc: Adjust retransmission backoff
    - efi/libstub: arm64: Fix image check alignment at entry
    - hwmon: (lm90) Mark alert as broken for MAX6654
    - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if
      PMI is pending
    - net: ipv4: Move ip_options_fragment() out of loop
    - net: ipv4: Fix the warning for dereference
    - ipv4: fix ip option filtering for locally generated fragments
    - ibmvnic: init ->running_cap_crqs early
    - ibmvnic: don't spin in tasklet
    - video: hyperv_fb: Fix validation of screen resolution
    - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
    - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
    - yam: fix a memory leak in yam_siocdevprivate()
    - net: cpsw: Properly initialise struct page_pool_params
    - net: hns3: handle empty unknown interrupt for VF
    - Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
    - net: bridge: vlan: fix single net device option dumping
    - ipv4: raw: lock the socket in raw_bind()
    - ipv4: tcp: send zero IPID in SYNACK messages
    - ipv4: remove sparse error in ip_neigh_gw4()
    - net: bridge: vlan: fix memory leak in __allowed_ingress
    - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
    - usr/include/Makefile: add linux/nfc.h to the compile-test coverage
    - fsnotify: invalidate dcache before IN_DELETE event
    - block: Fix wrong offset in bio_truncate()
    - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
    - net: stmmac: configure PTP clock source prior to PTP initialization
    - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE
    - s390/nmi: handle guarded storage validity failures for KVM guests
    - powerpc32/bpf: Fix codegen for bpf-to-bpf calls
    - powerpc/bpf: Update ldimm64 instructions during extra pass
    - psi: Fix uaf issue when psi trigger is destroyed while being polled
    - perf/x86/intel: Add a quirk for the calculation of the number of counters on
      Alder Lake
    - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true
    - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
    - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT
    - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time
    - tty: Partially revert the removal of the Cyclades public API
    - usb: cdnsp: Fix segmentation fault in cdns_lost_power function
    - usb: dwc3: xilinx: Skip resets and USB3 register settings for USB2.0 mode
    - usb: dwc3: xilinx: Fix error handling when getting USB3 PHY
    - usb: typec: tcpci: don't touch CC line if it's Vconn source
    - usb: typec: tcpm: Do not disconnect when receiving VSAFE0V
    - mm, kasan: use compare-exchange operation to set KASAN page tag
    - PCI/sysfs: Find shadow ROM before static attribute initialization
    - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
    - ARM: 9170/1: fix panic when kasan and kprobe are enabled
    - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL
    - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode
    - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces
    - io_uring: fix bug in slow unregistering of nodes
    - ibmvnic: Allow extra failures before disabling
    - net/smc: Transitional solution for clcsock race issue
    - can: tcan4x5x: regmap: fix max register value
    - drm/msm/a6xx: Add missing suspend_count increment
    - sch_htb: Fail on unsupported parameters when offload is requested
    - Revert "drm/ast: Support 1600x900 with 108MHz PCLK"
    - irqchip/realtek-rtl: Map control data to virq
    - irqchip/realtek-rtl: Fix off-by-one in routing
    - perf/core: Fix cgroup event list management
    - psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n
    - psi: fix "defined but not used" warnings when CONFIG_PROC_FS=n

* Impish update: upstream stable patchset 2022-02-24 (LP: #1962230)
    - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
    - HID: uhid: Fix worker destroying device without any protection
    - HID: wacom: Avoid using stale array indicies to read contact count
    - f2fs: fix to do sanity check in is_alive()
    - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
      bind()
    - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
    - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
    - mtd: Fixed breaking list in __mtd_del_partition.
    - mtd: rawnand: davinci: Don't calculate ECC when reading page
    - mtd: rawnand: davinci: Avoid duplicated page read
    - mtd: rawnand: davinci: Rewrite function description
    - x86/gpu: Reserve stolen memory for first integrated Intel GPU
    - tools/nolibc: x86-64: Fix startup code bug
    - tools/nolibc: i386: fix initial stack alignment
    - tools/nolibc: fix incorrect truncation of exit code
    - rtc: cmos: take rtc_lock while reading from CMOS
    - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
    - media: flexcop-usb: fix control-message timeouts
    - media: mceusb: fix control-message timeouts
    - media: em28xx: fix control-message timeouts
    - media: cpia2: fix control-message timeouts
    - media: s2255: fix control-message timeouts
    - media: dib0700: fix undefined behavior in tuner shutdown
    - media: redrat3: fix control-message timeouts
    - media: pvrusb2: fix control-message timeouts
    - media: stk1160: fix control-message timeouts
    - media: cec-pin: fix interrupt en/disable handling
    - can: softing_cs: softingcs_probe(): fix memleak on registration failure
    - iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
    - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
    - gpu: host1x: Add back arm_iommu_detach_device()
    - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
    - mm_zone: add function to check if managed dma zone exists
    - dma/pool: create dma atomic pool only if dma zone has managed pages
    - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
      pages
    - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
    - drm/ttm: Put BO in its memory manager's lru list
    - Bluetooth: L2CAP: Fix not initializing sk_peer_pid
    - drm/bridge: display-connector: fix an uninitialized pointer in probe()
    - drm: fix null-ptr-deref in drm_dev_init_release()
    - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
    - drm/panel: innolux-p079zca: Delete panel on attach() failure
    - drm/rockchip: dsi: Fix unbalanced clock on probe error
    - drm/rockchip: dsi: Hold pm-runtime across bind/unbind
    - drm/rockchip: dsi: Disable PLL clock on bind error
    - drm/rockchip: dsi: Reconfigure hardware on resume()
    - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
    - clk: bcm-2835: Pick the closest clock rate
    - clk: bcm-2835: Remove rounding up the dividers
    - drm/vc4: hdmi: Set a default HSM rate
    - wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
    - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
    - wcn36xx: Fix DMA channel enable/disable cycle
    - wcn36xx: Release DMA channel descriptor allocations
    - wcn36xx: Put DXE block into reset before freeing memory
    - wcn36xx: populate band before determining rate on RX
    - wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
    - ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
    - mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
    - media: videobuf2: Fix the size printk format
    - media: atomisp: add missing media_device_cleanup() in
      atomisp_unregister_entities()
    - media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case
    - media: atomisp: fix inverted logic in buffers_needed()
    - media: atomisp: do not use err var when checking port validity for ISP2400
    - media: atomisp: fix inverted error check for
      ia_css_mipi_is_source_port_valid()
    - media: atomisp: fix ifdefs in sh_css.c
    - media: staging: media: atomisp: pci: Balance braces around conditional
      statements in file atomisp_cmd.c
    - media: atomisp: add NULL check for asd obtained from atomisp_video_pipe
    - media: atomisp: fix enum formats logic
    - media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr()
    - media: aspeed: fix mode-detect always time out at 2nd run
    - media: em28xx: fix memory leak in em28xx_init_dev
    - media: aspeed: Update signal status immediately to ensure sane hw state
    - arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name
    - arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+
    - arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
    - arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
    - fs: dlm: use sk->sk_socket instead of con->sock
    - fs: dlm: don't call kernel_getpeername() in error_report()
    - memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails
    - Bluetooth: stop proccessing malicious adv data
    - ath11k: Fix ETSI regd with weather radar overlap
    - ath11k: clear the keys properly via DISABLE_KEY
    - ath11k: reset RSN/WPA present state for open BSS
    - tee: fix put order in teedev_close_context()
    - fs: dlm: fix build with CONFIG_IPV6 disabled
    - drm/vboxvideo: fix a NULL vs IS_ERR() check
    - arm64: dts: renesas: cat875: Add rx/tx delays
    - media: dmxdev: fix UAF when dvb_register_device() fails
    - crypto: qce - fix uaf on qce_ahash_register_one
    - crypto: qce - fix uaf on qce_skcipher_register_one
    - mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove
    - ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429
      disco
    - crypto: qat - remove unnecessary collision prevention step in PFVF
    - crypto: qat - make pfvf send message direction agnostic
    - crypto: qat - fix undetected PFVF timeout in ACK loop
    - ath11k: Use host CE parameters for CE interrupts configuration
    - arm64: dts: ti: k3-j721e: correct cache-sets info
    - tty: serial: atmel: Check return code of dmaengine_submit()
    - tty: serial: atmel: Call dma_async_issue_pending()
    - mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP
    - mfd: atmel-flexcom: Use .resume_noirq
    - media: rcar-csi2: Correct the selection of hsfreqrange
    - media: imx-pxp: Initialize the spinlock prior to using it
    - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
    - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
    - media: coda: fix CODA960 JPEG encoder buffer overflow
    - media: venus: core: Fix a potential NULL pointer dereference in an error
      handling path
    - media: venus: core: Fix a resource leak in the error handling path of
      'venus_probe()'
    - thermal/drivers/imx: Implement runtime PM support
    - netfilter: bridge: add support for pppoe filtering
    - arm64: dts: qcom: msm8916: fix MMC controller aliases
    - cgroup: Trace event cgroup id fields should be u64
    - ACPI: EC: Rework flushing of EC work while suspended to idle
    - thermal/drivers/imx8mm: Enable ADC when enabling monitor
    - drm/amdgpu: Fix a NULL pointer dereference in
      amdgpu_connector_lcd_native_mode()
    - drm/radeon/radeon_kms: Fix a NULL pointer dereference in
      radeon_driver_open_kms()
    - arm64: dts: ti: k3-j7200: Fix the L2 cache sets
    - arm64: dts: ti: k3-j721e: Fix the L2 cache sets
    - arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
    - tty: serial: uartlite: allow 64 bit address
    - serial: amba-pl011: do not request memory region twice
    - floppy: Fix hang in watchdog when disk is ejected
    - staging: rtl8192e: return error code from rtllib_softmac_init()
    - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
    - Bluetooth: btmtksdio: fix resume failure
    - sched/fair: Fix detection of per-CPU kthreads waking a task
    - sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
    - bpf: Adjust BTF log size limit.
    - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
    - bpf: Remove config check to enable bpf support for branch records
    - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
    - media: dib8000: Fix a memleak in dib8000_init()
    - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
    - media: si2157: Fix "warm" tuner state detection
    - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
    - sched/rt: Try to restart rt period timer when rt runtime exceeded
    - drm/msm/dp: displayPort driver need algorithm rational
    - rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
    - mwifiex: Fix possible ABBA deadlock
    - xfrm: fix a small bug in xfrm_sa_len()
    - x86/uaccess: Move variable into switch case statement
    - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
    - selftests: harness: avoid false negatives if test has no ASSERTs
    - crypto: stm32/cryp - fix CTR counter carry
    - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
    - crypto: stm32/cryp - check early input data
    - crypto: stm32/cryp - fix double pm exit
    - crypto: stm32/cryp - fix lrw chaining mode
    - crypto: stm32/cryp - fix bugs and crash in tests
    - crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
    - ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
    - ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
    - media: dw2102: Fix use after free
    - media: msi001: fix possible null-ptr-deref in msi001_probe()
    - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
    - ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
    - arm64: dts: qcom: c630: Fix soundcard setup
    - arm64: dts: qcom: ipq6018: Fix gpio-ranges property
    - drm/msm/dpu: fix safe status debugfs file
    - drm/bridge: ti-sn65dsi86: Set max register for regmap
    - drm/tegra: vic: Fix DMA API misuse
    - media: hantro: Fix probe func error path
    - xfrm: interface with if_id 0 should return error
    - xfrm: state and policy should fail if XFRMA_IF_ID 0
    - ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
    - usb: ftdi-elan: fix memory leak on device disconnect
    - arm64: dts: marvell: cn9130: add GPIO and SPI aliases
    - arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
    - ARM: dts: armada-38x: Add generic compatible to UART nodes
    - iwlwifi: mvm: fix 32-bit build in FTM
    - iwlwifi: mvm: test roc running status bits before removing the sta
    - mmc: meson-mx-sdhc: add IRQ check
    - mmc: meson-mx-sdio: add IRQ check
    - selinux: fix potential memleak in selinux_add_opt()
    - um: fix ndelay/udelay defines
    - um: virtio_uml: Fix time-travel external time propagation
    - Bluetooth: L2CAP: Fix using wrong mode
    - bpftool: Enable line buffering for stdout
    - backlight: qcom-wled: Validate enabled string indices in DT
    - backlight: qcom-wled: Pass number of elements to read to read_u32_array
    - backlight: qcom-wled: Fix off-by-one maximum with default num_strings
    - backlight: qcom-wled: Override default length with qcom,enabled-strings
    - backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion
    - backlight: qcom-wled: Respect enabled-strings in set_brightness
    - software node: fix wrong node passed to find nargs_prop
    - Bluetooth: hci_qca: Stop IBS timer during BT OFF
    - x86/boot/compressed: Move CLANG_FLAGS to beginning of KBUILD_CFLAGS
    - hwmon: (mr75203) fix wrong power-up delay value
    - x86/mce/inject: Avoid out-of-bounds write when setting flags
    - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
    - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
      __nonstatic_find_io_region()
    - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
      nonstatic_find_mem_region()
    - power: reset: mt6397: Check for null res pointer
    - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
    - bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
    - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
    - ppp: ensure minimum packet size in ppp_write()
    - rocker: fix a sleeping in atomic bug
    - staging: greybus: audio: Check null pointer
    - fsl/fman: Check for null pointer after calling devm_ioremap
    - Bluetooth: hci_bcm: Check for error irq
    - Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
    - usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
    - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
    - HID: hid-uclogic-params: Invalid parameter check in
      uclogic_params_get_str_desc
    - HID: hid-uclogic-params: Invalid parameter check in
      uclogic_params_huion_init
    - HID: hid-uclogic-params: Invalid parameter check in
      uclogic_params_frame_init_v1_buttonpad
    - debugfs: lockdown: Allow reading debugfs files that are not world readable
    - net/mlx5e: Fix page DMA map/unmap attributes
    - net/mlx5e: Don't block routes with nexthop objects in SW
    - Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
    - net/mlx5: Set command entry semaphore up once got index free
    - lib/mpi: Add the return value check of kcalloc()
    - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
    - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
    - ax25: uninitialized variable in ax25_setsockopt()
    - netrom: fix api breakage in nr_setsockopt()
    - regmap: Call regmap_debugfs_exit() prior to _init()
    - can: mcp251xfd: add missing newline to printed strings
    - tpm: add request_locality before write TPM_INT_ENABLE
    - tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
    - can: softing: softing_startstop(): fix set but not used variable warning
    - can: xilinx_can: xcan_probe(): check for error irq
    - pcmcia: fix setting of kthread task states
    - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing()
    - net: mcs7830: handle usb read errors properly
    - ext4: avoid trim error on fs with small groups
    - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
    - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
    - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
    - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with
      pending cmd-bit"
    - RDMA/hns: Validate the pkey index
    - scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
    - clk: imx8mn: Fix imx8mn_clko1_sels
    - powerpc/prom_init: Fix improper check of prom_getprop()
    - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
    - dt-bindings: thermal: Fix definition of cooling-maps contribution property
    - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an
      overflown PMC
    - powerpc/32s: Fix shift-out-of-bounds in KASAN init
    - clocksource: Reduce clocksource-skew threshold
    - clocksource: Avoid accidental unstable marking of clocksources
    - ALSA: oss: fix compile error when OSS_DEBUG is enabled
    - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
    - char/mwave: Adjust io port register size
    - binder: fix handling of error during copy
    - openrisc: Add clone3 ABI wrapper
    - iommu/io-pgtable-arm: Fix table descriptor paddr formatting
    - scsi: ufs: Fix race conditions related to driver data
    - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs
    - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
    - powerpc/powermac: Add additional missing lockdep_register_key()
    - RDMA/core: Let ib_find_gid() continue search even after empty entry
    - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
    - ASoC: rt5663: Handle device_property_read_u32_array error codes
    - of: unittest: fix warning on PowerPC frame size warning
    - of: unittest: 64 bit dma address test requires arch support
    - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system
      enter shell
    - mips: add SYS_HAS_CPU_MIPS64_R5 config for MIPS Release 5 support
    - mips: fix Kconfig reference to PHYS_ADDR_T_64BIT
    - dmaengine: pxa/mmp: stop referencing config->slave_id
    - iommu/amd: Remove iommu_init_ga()
    - iommu/amd: Restore GA log/tail pointer on host resume
    - ASoC: Intel: catpt: Test dmaengine_submit() result before moving on
    - iommu/iova: Fix race between FQ timeout and teardown
    - scsi: block: pm: Always set request queue runtime active in
      blk_post_runtime_resume()
    - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
    - ASoC: samsung: idma: Check of ioremap return value
    - misc: lattice-ecp3-config: Fix task hung when firmware load failed
    - arm64: tegra: Remove non existent Tegra194 reset
    - mips: lantiq: add support for clk_set_parent()
    - mips: bcm63xx: add support for clk_set_parent()
    - powerpc/xive: Add missing null check after calling kmalloc
    - ASoC: fsl_mqs: fix MODULE_ALIAS
    - RDMA/cxgb4: Set queue pair state when being queried
    - ASoC: fsl_asrc: refine the check of available clock divider
    - clk: bm1880: remove kfrees on static allocations
    - of: base: Fix phandle argument length mismatch error message
    - ARM: dts: omap3-n900: Fix lp5523 for multi color
    - Bluetooth: Fix debugfs entry leak in hci_register_dev()
    - fs: dlm: filter user dlm messages for kernel locks
    - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
    - selftests/bpf: Fix bpf_object leak in skb_ctx selftest
    - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
    - drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR
    - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
    - media: atomisp: fix try_fmt logic
    - media: atomisp: set per-device's default mode
    - media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure
    - ARM: shmobile: rcar-gen2: Add missing of_node_put()
    - batman-adv: allow netlink usage in unprivileged containers
    - media: atomisp: handle errors at sh_css_create_isp_params()
    - ath11k: Fix crash caused by uninitialized TX ring
    - usb: gadget: f_fs: Use stream_open() for endpoint files
    - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
    - HID: apple: Do not reset quirks when the Fn key is not found
    - media: b2c2: Add missing check in flexcop_pci_isr:
    - EDAC/synopsys: Use the quirk for version instead of ddr version
    - ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
    - drm/amd/display: check top_pipe_to_program pointer
    - drm/amdgpu/display: set vblank_disable_immediate for DC
    - soc: ti: pruss: fix referenced node in error message
    - mlxsw: pci: Add shutdown method in PCI driver
    - drm/bridge: megachips: Ensure both bridges are probed before registration
    - tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown()
    - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
    - HSI: core: Fix return freed object in hsi_new_client
    - crypto: jitter - consider 32 LSB for APT
    - mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
    - rsi: Fix use-after-free in rsi_rx_done_handler()
    - rsi: Fix out-of-bounds read in rsi_read_pkt()
    - ath11k: Avoid NULL ptr access during mgmt tx cleanup
    - media: venus: avoid calling core_clk_setrate() concurrently during
      concurrent video sessions
    - ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table
    - ACPI: Change acpi_device_always_present() into acpi_device_override_status()
    - ACPI / x86: Allow specifying acpi_device_override_status() quirks by path
    - ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD
      win
    - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node
    - usb: uhci: add aspeed ast2600 uhci support
    - floppy: Add max size check for user space request
    - x86/mm: Flush global TLB when switching to trampoline page-table
    - drm: rcar-du: Fix CRTC timings when CMM is used
    - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
    - media: rcar-vin: Update format alignment constraints
    - media: saa7146: hexium_orion: Fix a NULL pointer dereference in
      hexium_attach()
    - media: m920x: don't use stack on USB reads
    - thunderbolt: Runtime PM activate both ends of the device link
    - iwlwifi: mvm: synchronize with FW after multicast commands
    - iwlwifi: mvm: avoid clearing a just saved session protection id
    - ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work
    - ath10k: Fix tx hanging
    - net-sysfs: update the queue counts in the unregistration path
    - net: phy: prefer 1000baseT over 1000baseKX
    - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
    - selftests/ftrace: make kprobe profile testcase description unique
    - ath11k: Avoid false DEADLOCK warning reported by lockdep
    - x86/mce: Allow instrumentation during task work queueing
    - x86/mce: Mark mce_panic() noinstr
    - x86/mce: Mark mce_end() noinstr
    - x86/mce: Mark mce_read_aux() noinstr
    - net: bonding: debug: avoid printing debug logs when bond is not notifying
      peers
    - bpf: Do not WARN in bpf_warn_invalid_xdp_action()
    - HID: quirks: Allow inverting the absolute X/Y values
    - media: igorplugusb: receiver overflow should be reported
    - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
      hexium_attach()
    - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
    - audit: ensure userspace is penalized the same as the kernel when under
      pressure
    - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
    - arm64: tegra: Adjust length of CCPLEX cluster MMIO region
    - PM: runtime: Add safety net to supplier device release
    - cpufreq: Fix initialization of min and max frequency QoS requests
    - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
    - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
    - rtw88: 8822c: update rx settings to prevent potential hw deadlock
    - PM: AVS: qcom-cpr: Use div64_ul instead of do_div
    - iwlwifi: fix leaks/bad data after failed firmware load
    - iwlwifi: remove module loading failure message
    - iwlwifi: mvm: Fix calculation of frame length
    - iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ
    - um: registers: Rename function names to avoid conflicts and build problems
    - ath11k: Fix napi related hang
    - Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES
    - xfrm: rate limit SA mapping change message to user space
    - drm/etnaviv: consider completed fence seqno in hang check
    - jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
    - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
    - ACPICA: Utilities: Avoid deleting the same object twice in a row
    - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
    - ACPICA: Fix wrong interpretation of PCC address
    - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
    - drm/amdgpu: fixup bad vram size on gmc v8
    - amdgpu/pm: Make sysfs pm attributes as read-only for VFs
    - ACPI: battery: Add the ThinkPad "Not Charging" quirk
    - btrfs: remove BUG_ON() in find_parent_nodes()
    - btrfs: remove BUG_ON(!eie) in find_parent_nodes
    - net: mdio: Demote probed message to debug print
    - mac80211: allow non-standard VHT MCS-10/11
    - dm btree: add a defensive bounds check to insert_at()
    - dm space map common: add bounds check to sm_ll_lookup_bitmap()
    - mlxsw: pci: Avoid flow control for EMAD packets
    - net: phy: marvell: configure RGMII delays for 88E1118
    - net: gemini: allow any RGMII interface mode
    - regulator: qcom_smd: Align probe function with rpmh-regulator
    - serial: pl010: Drop CR register reset on set_termios
    - serial: core: Keep mctrl register state and cached copy in sync
    - random: do not throw away excess input to crng_fast_load
    - parisc: Avoid calling faulthandler_disabled() twice
    - x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs
    - powerpc/6xx: add missing of_node_put
    - powerpc/powernv: add missing of_node_put
    - powerpc/cell: add missing of_node_put
    - powerpc/btext: add missing of_node_put
    - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
    - i2c: i801: Don't silently correct invalid transfer size
    - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
    - i2c: mpc: Correct I2C reset procedure
    - clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
    - powerpc/powermac: Add missing lockdep_register_key()
    - KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
    - KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
    - w1: Misuse of get_user()/put_user() reported by sparse
    - nvmem: core: set size for sysfs bin file
    - dm: fix alloc_dax error handling in alloc_dev
    - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
    - ALSA: seq: Set upper limit of processed events
    - MIPS: Loongson64: Use three arguments for slti
    - powerpc/40x: Map 32Mbytes of memory at startup
    - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
    - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
    - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic
    - udf: Fix error handling in udf_new_inode()
    - MIPS: OCTEON: add put_device() after of_find_device_by_node()
    - irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time
    - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
    - MIPS: Octeon: Fix build errors using clang
    - scsi: sr: Don't use GFP_DMA
    - ASoC: mediatek: mt8173: fix device_node leak
    - ASoC: mediatek: mt8183: fix device_node leak
    - phy: mediatek: Fix missing check in mtk_mipi_tx_probe
    - rpmsg: core: Clean up resources on announce_create failure.
    - crypto: omap-aes - Fix broken pm_runtime_and_get() usage
    - crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
    - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
    - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
    - tpm: fix NPE on probe for missing device
    - spi: uniphier: Fix a bug that doesn't point to private data correctly
    - xen/gntdev: fix unmap notification order
    - fuse: Pass correct lend value to filemap_write_and_wait_range()
    - serial: Fix incorrect rs485 polarity on uart open
    - cputime, cpuacct: Include guest time in user time in cpuacct.stat
    - tracing/kprobes: 'nmissed' not showed correctly for kretprobe
    - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
    - s390/mm: fix 2KB pgtable release race
    - device property: Fix fwnode_graph_devcon_match() fwnode leak
    - drm/etnaviv: limit submit sizes
    - drm/nouveau/kms/nv04: use vzalloc for nv04_display
    - drm/bridge: analogix_dp: Make PSR-exit block less
    - parisc: Fix lpa and lpa_user defines
    - powerpc/64s/radix: Fix huge vmap false positive
    - PCI: xgene: Fix IB window setup
    - PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
    - PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only
    - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
    - PCI: pci-bridge-emul: Fix definitions of reserved bits
    - PCI: pci-bridge-emul: Correctly set PCIe capabilities
    - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
    - xfrm: fix policy lookup for ipv6 gre packets
    - btrfs: fix deadlock between quota enable and other quota operations
    - btrfs: check the root node for uptodate before returning it
    - btrfs: respect the max size in the header when activating swap file
    - ext4: make sure to reset inode lockdep class when quota enabling fails
    - ext4: make sure quota gets properly shutdown on error
    - ext4: fix a possible ABBA deadlock due to busy PA
    - ext4: initialize err_blk before calling __ext4_get_inode_loc
    - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
    - ext4: set csum seed in tmp inode while migrating to extents
    - ext4: Fix BUG_ON in ext4_bread when write quota data
    - ext4: use ext4_ext_remove_space() for fast commit replay delete range
    - ext4: fast commit may miss tracking unwritten range during ftruncate
    - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
    - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
    - ext4: don't use the orphan list when migrating an inode
    - drm/radeon: fix error handling in radeon_driver_open_kms
    - of: base: Improve argument length mismatch error
    - firmware: Update Kconfig help text for Google firmware
    - can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message
    - media: rcar-csi2: Optimize the selection PHTW register
    - media: correct MEDIA_TEST_SUPPORT help text
    - Documentation: dmaengine: Correctly describe dmatest with channel unset
    - Documentation: ACPI: Fix data node reference documentation
    - Documentation: refer to config RANDOMIZE_BASE for kernel address-space
      randomization
    - Documentation: fix firewire.rst ABI file path error
    - Bluetooth: hci_sync: Fix not setting adv set duration
    - scsi: core: Show SCMD_LAST in text form
    - dmaengine: uniphier-xdmac: Fix type of address variables
    - RDMA/hns: Modify the mapping attribute of doorbell to device
    - RDMA/rxe: Fix a typo in opcode name
    - dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
    - Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
    - powerpc/cell: Fix clang -Wimplicit-fallthrough warning
    - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
    - block: Fix fsync always failed if once failed
    - bpftool: Remove inclusion of utilities.mak from Makefiles
    - xdp: check prog type before updating BPF link
    - perf evsel: Override attr->sample_period for non-libpfm4 events
    - ipv4: update fib_info_cnt under spinlock protection
    - ipv4: avoid quadratic behavior in netns dismantle
    - net/fsl: xgmac_mdio: Add workaround for erratum A-009885
    - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
    - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
    - f2fs: compress: fix potential deadlock of compress file
    - f2fs: fix to reserve space for IO align feature
    - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
    - clk: Emit a stern warning with writable debugfs enabled
    - clk: si5341: Fix clock HW provider cleanup
    - net/smc: Fix hung_task when removing SMC-R devices
    - net: axienet: increase reset timeout
    - net: axienet: Wait for PhyRstCmplt after core reset
    - net: axienet: reset core on initialization prior to MDIO access
    - net: axienet: add missing memory barriers
    - net: axienet: limit minimum TX ring size
    - net: axienet: Fix TX ring slot available check
    - net: axienet: fix number of TX ring slots for available check
    - net: axienet: fix for TX busy handling
    - net: axienet: increase default TX ring size to 128
    - HID: vivaldi: fix handling devices not using numbered reports
    - rtc: pxa: fix null pointer dereference
    - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
    - virtio_ring: mark ring unused on error
    - taskstats: Cleanup the use of task->exit_code
    - inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
    - netns: add schedule point in ops_exit_list()
    - xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
    - gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
    - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
    - perf script: Fix hex dump character output
    - dmaengine: at_xdmac: Don't start transactions at tx_submit level
    - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
    - dmaengine: at_xdmac: Print debug message after realeasing the lock
    - dmaengine: at_xdmac: Fix concurrency over xfers_list
    - dmaengine: at_xdmac: Fix lld view setting
    - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
    - perf probe: Fix ppc64 'perf probe add events failed' case
    - devlink: Remove misleading internal_flags from health reporter dump
    - arm64: dts: qcom: msm8996: drop not documented adreno properties
    - net: bonding: fix bond_xmit_broadcast return value error bug
    - net_sched: restore "mpu xxx" handling
    - bcmgenet: add WOL IRQ check
    - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
    - net: sfp: fix high power modules without diagnostic monitoring
    - net: mscc: ocelot: fix using match before it is set
    - dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
    - dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
    - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7
    - scripts/dtc: dtx_diff: remove broken example from help text
    - lib82596: Fix IRQ check in sni_82596_probe
    - mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
    - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
    - mtd: nand: bbt: Fix corner case in bad block table handling
    - ath10k: Fix the MTU size on QCA9377 SDIO
    - scripts: sphinx-pre-install: add required ctex dependency
    - scripts: sphinx-pre-install: Fix ctex support on Debian
    - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU
    - HID: Ignore battery for Elan touchscreen on HP Envy X360 15t-dr100
    - f2fs: fix to do sanity check on inode type during garbage collection
    - mtd: rawnand: Export nand_read_page_hwecc_oob_first()
    - mtd: rawnand: ingenic: JZ4740 needs 'oob_first' read page function
    - riscv: Get rid of MAXPHYSMEM configs
    - RISC-V: Use common riscv_cpuid_to_hartid_mask() for both SMP=y and SMP=n
    - riscv: try to allocate crashkern region from 32bit addressible memory
    - riscv: Don't use va_pa_offset on kdump
    - riscv: use hart id instead of cpu id on machine_kexec
    - crypto: x86/aesni - don't require alignment of data
    - net: phy: marvell: add Marvell specific PHY loopback
    - media: cec: fix a deadlock situation
    - media: ov8865: Disable only enabled regulators on error path
    - mei: hbm: fix client dma reply status
    - iio: trigger: Fix a scheduling whilst atomic issue seen on tsc2046
    - bus: mhi: pci_generic: Graceful shutdown on freeze
    - bus: mhi: core: Fix reading wake_capable channel configuration
    - arm64: errata: Fix exec handling in erratum 1418040 workaround
    - drm/tegra: Add back arm_iommu_detach_device()
    - virtio/virtio_mem: handle a possible NULL as a memcpy parameter
    - Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle()
    - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling
    - libbpf: Free up resources used by inner map definition
    - bpftool: Fix memory leak in prog_dump()
    - arm64: dts: qcom: sc7280: Fix incorrect clock name
    - libbpf: Fix glob_syms memory leak in bpf_linker
    - libbpf: Fix using invalidated memory in bpf_linker
    - bfq: Do not let waker requests skip proper accounting
    - media: i2c: imx274: fix s_frame_interval runtime resume not requested
    - media: i2c: Re-order runtime pm initialisation
    - media: i2c: ov8865: Fix lockdep error
    - net: stmmac: Add platform level debug register dump feature
    - drm/vmwgfx: Remove the deprecated lower mem limit
    - crypto: caam - save caam memory to support crypto engine retry mechanism.
    - arm64: dts: ti: k3-am642: Fix the L2 cache sets
    - bpf: Fix the test_task_vma selftest to support output shorter than 1 kB
    - Bluetooth: refactor set_exp_feature with a feature table
    - Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag
    - drm/amd/display: Fix bug in debugfs crc_win_update entry
    - wcn36xx: Fix max channels retrieval
    - perf/arm-cmn: Fix CPU hotplug unregistration
    - net: dsa: hellcreek: Fix insertion of static FDB entries
    - net: dsa: hellcreek: Add STP forwarding rule
    - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports
    - net: dsa: hellcreek: Add missing PTP via UDP rules
    - mt76: mt7921: drop offload_flags overwritten
    - iwlwifi: mvm: perform 6GHz passive scan after suspend
    - iwlwifi: mvm: set protected flag only for NDP ranging
    - crypto: octeontx2 - prevent underflow in get_cores_bmap()
    - regulator: qcom-labibb: OCP interrupts are not a failure while disabled
    - io_uring: remove double poll on poll update
    - serial: 8250_bcm7271: Propagate error codes from brcmuart_probe()
    - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
    - net: dsa: fix incorrect function pointer check for MRP ring roles
    - net/smc: Reset conn->lgr when link group registration fails
    - usb: dwc2: do not gate off the hardware if it does not support clock gating
    - serial: liteuart: fix MODULE_ALIAS
    - serial: stm32: move tx dma terminate DMA to shutdown
    - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build
      error
    - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects
      are used
    - Revert "net/mlx5e: Block offload of outer header csum for GRE tunnel"
    - net/mlx5e: Fix matching on modified inner ip_ecn bits
    - net/mlx5: Fix access to sf_dev_table on allocation failure
    - net/mlx5e: Sync VXLAN udp ports during uplink representor profile change
    - net: mscc: ocelot: fix incorrect balancing with down LAG ports
    - net/sched: flow_dissector: Fix matching on zone id for invalid conns
    - net: openvswitch: Fix matching zone id for invalid conns arriving from tc
    - net: openvswitch: Fix ct_state nat flags for conns arriving from tc
    - bnxt_en: Refactor coredump functions
    - RDMA/rtrs-clt: Fix the initial value of min_latency
    - ALSA: hda: Make proper use of timecounter
    - binder: avoid potential data leakage when copying txn
    - scsi: core: Fix scsi_device_max_queue_depth()
    - iommu/amd: X2apic mode: re-enable after resume
    - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
    - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
    - iommu/amd: Remove useless irq affinity notifier
    - phy: cadence: Sierra: Fix to get correct parent for mux clocks
    - ALSA: hda/cs8409: Increase delay during jack detection
    - ALSA: hda/cs8409: Fix Jack detection after resume
    - clk: qcom: gcc-sc7280: Mark gcc_cfg_noc_lpass_clk always enabled
    - of/fdt: Don't worry about non-memory region overlap for no-map
    - drm/panel: Delete panel on mipi_dsi_attach() failure
    - selftests/bpf: Fix memory leaks in btf_type_c_dump() helper
    - media: atomisp: check before deference asd variable
    - usb: dwc3: meson-g12a: fix shared reset control use
    - psi: Fix PSI_MEM_FULL state when tasks are in memstall and doing reclaim
    - HID: magicmouse: Report battery level over USB
    - libbpf: Accommodate DWARF/compiler bug with duplicated structs
    - ethernet: renesas: Use div64_ul instead of do_div
    - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name
    - drm/amd/display: add else to avoid double destroy clk_mgr
    - regulator: da9121: Prevent current limit change when enabled
    - drm/vmwgfx: Release ttm memory if probe fails
    - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node
    - media: atomisp: fix "variable dereferenced before check 'asd'"
    - arm64: dts: renesas: Fix thermal bindings
    - ARM: dts: qcom: sdx55: fix IPA interconnect definitions
    - media: rockchip: rkisp1: use device name for debugfs subdir name
    - mmc: tmio: reinit card irqs in reset routine
    - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV
    - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV
    - crypto: ccp - Move SEV_INIT retry for corrupted data
    - mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy()
    - mt76: mt7615: improve wmm index allocation
    - ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
    - ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
    - iwlwifi: mvm: fix AUX ROC removal
    - mmc: sdhci-pci-gli: GL9755: Support for CD/WP inversion on OF platforms
    - mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling
    - ACPI: CPPC: Check present CPUs for determining _CPC is valid
    - bpf/selftests: Fix namespace mount setup in tc_redirect
    - serial: pl011: Drop CR register reset on set_termios
    - net/mlx5: Update log_max_qp value to FW max capability
    - ASoC: imx-hdmi: add put_device() after of_find_device_by_node()
    - interconnect: qcom: rpm: Prevent integer overflow in rate
    - scsi: ufs: Fix a kernel crash during shutdown
    - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
    - selftests/powerpc: Add a test of sigreturning to the kernel
    - scsi: mpi3mr: Fixes around reply request queues
    - ASoC: mediatek: mt8192-mt6359: fix device_node leak
    - seg6: export get_srh() for ICMP handling
    - icmp: ICMPV6: Examine invoking packet for Segment Route Headers.
    - udp6: Use Segment Routing Header for dest address if present
    - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev
    - tpm: fix potential NULL pointer access in tpm_del_char_device
    - mfd: tps65910: Set PWR_OFF bit during driver probe
    - sched/cpuacct: Fix user/system in shown cpuacct.usage*
    - tracing: Have syscall trace events use trace_event_buffer_lock_reserve()
    - remoteproc: imx_rproc: Fix a resource leak in the remove function
    - drm/amd/display: Fix the uninitialized variable in enable_stream_features()
    - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance
    - drm/amdgpu: don't do resets on APUs which don't support it
    - ath11k: qmi: avoid error messages when dma allocation fails
    - scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl()
    - RDMA/cma: Remove open coding of overflow checking for private_data_len
    - dmaengine: idxd: fix wq settings post wq disable
    - drm/vc4: crtc: Drop feed_txp from state
    - drm/vc4: Fix non-blocking commit getting stuck forever
    - drm/vc4: crtc: Copy assigned channel to the CRTC
    - bpf: Mark PTR_TO_FUNC register initially with zero offset
    - mlx5: Don't accidentally set RTO_ONLINK before mlx5e_route_lookup_ipv4_get()
    - riscv: dts: microchip: mpfs: Drop empty chosen node
    - drm/vmwgfx: Remove unused compile options
    - f2fs: fix remove page failed in invalidate compress pages
    - f2fs: fix to avoid panic in is_alive() if metadata is inconsistent
    - crypto: octeontx2 - uninitialized variable in kvf_limits_store()
    - gpio: mpc8xxx: Fix IRQ check in mpc8xxx_probe
    - bitops: protect find_first_{,zero}_bit properly
    - net: ipa: fix atomic update in ipa_endpoint_replenish()
    - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account
    - net: phy: micrel: use kszphy_suspend()/kszphy_resume for irq aware devices
    - sch_api: Don't skip qdisc attach on ingress

* Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build{,--nvidia-N} from LRMv5

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Tue, 29 Mar 2022 16:09:44 +0200

Changed in linux (Ubuntu Impish):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-04-19:

#13

Download full text (5.1 KiB)

This bug was fixed in the package linux - 4.15.0-176.185

---------------
linux (4.15.0-176.185) bionic; urgency=medium

* bionic/linux: 4.15.0-176.185 -proposed tracker (LP: #1966771)

  * Bionic update: upstream stable patchset 2022-03-04 (LP: #1963717)
    - can: bcm: fix UAF of bcm op
    - net: bridge: clear bridge's private skb space on xmit
    - s390/hypfs: include z/VM guests with access control group set
    - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP
      devices
    - udf: Restore i_lenAlloc when inode expansion fails
    - udf: Fix NULL ptr deref when converting from inline format
    - PM: wakeup: simplify the output logic of pm_show_wakelocks()
    - netfilter: nft_payload: do not update layer 4 checksum when mangling
      fragments
    - serial: stm32: fix software flow control transfer
    - tty: n_gsm: fix SW flow control encoding/handling
    - tty: Add support for Brainboxes UC cards.
    - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
    - usb: common: ulpi: Fix crash in ulpi_match()
    - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
    - USB: core: Fix hang in usb_kill_urb by adding memory barriers
    - usb: typec: tcpm: Do not disconnect while receiving VBUS off
    - net: sfp: ignore disabled SFP node
    - powerpc/32: Fix boot failure with GCC latent entropy plugin
    - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
    - i40e: Increase delay to 1 s after global EMP reset
    - i40e: fix unsigned stat widths
    - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
    - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
    - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
    - ipv6_tunnel: Rate limit warning messages
    - net: fix information leakage in /proc/net/ptype
    - ping: fix the sk_bound_dev_if match in ping_lookup
    - ipv4: avoid using shared IP generator for connected sockets
    - hwmon: (lm90) Reduce maximum conversion rate for G781
    - NFSv4: Handle case where the lookup of a directory fails
    - NFSv4: nfs_atomic_open() can race when looking up a non-regular file
    - net-procfs: show net devices bound packet types
    - drm/msm: Fix wrong size calculation
    - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
    - ibmvnic: don't spin in tasklet
    - yam: fix a memory leak in yam_siocdevprivate()
    - ipv4: raw: lock the socket in raw_bind()
    - ipv4: tcp: send zero IPID in SYNACK messages
    - netfilter: nat: remove l4 protocol port rovers
    - netfilter: nat: limit port clash resolution attempts
    - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
    - net: amd-xgbe: ensure to reset the tx_timer_active flag
    - net: amd-xgbe: Fix skb data length underflow
    - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
    - af_packet: fix data-race in packet_setsockopt / packet_setsockopt
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
    - drm/n...

Ubuntu
linux package

audit: improve audit queue handling when "audit=1" on cmdline

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Committed	Critical	gerald.yang
Bionic	Fix Released	Undecided	Unassigned
Focal	Fix Released	Undecided	Unassigned
Impish	Fix Released	Undecided	Unassigned

Ubuntulinux package

audit: improve audit queue handling when "audit=1" on cmdline

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package