Ubuntu
linux-azure package

[Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time

Bug #1972662 reported by Tim Gardner on 2022-05-09

This bug affects 1 person

	Status	Importance	Assigned to
linux-azure (Ubuntu)	Fix Released	Undecided	Unassigned
Focal	Fix Released	Medium	Tim Gardner
Impish	Fix Released	Medium	Tim Gardner
Jammy	Fix Released	Medium	Tim Gardner

Bug Description

SRU Justification

[Impact]

A VM on Azure can have 14 GPUs, and each GPU may have a huge MMIO BAR,
e.g. 128 GB. Currently the boot time of such a VM can be 4+ minutes, and
most of the time is used by the host to unmap/map the vBAR from/to pBAR
when the VM clears and sets the PCI_COMMAND_MEMORY bit: each unmap/map
operation for a 128GB BAR needs about 1.8 seconds, and the pci-hyperv
driver and the Linux PCI subsystem flip the PCI_COMMAND_MEMORY bit
eight times (see pci_setup_device() -> pci_read_bases() and
pci_std_update_resource()), increasing the boot time by 1.8 * 8 = 14.4
seconds per GPU, i.e. 14.4 * 14 = 201.6 seconds in total.

Fix the slowness by not turning on the PCI_COMMAND_MEMORY in pci-hyperv.c,
so the bit stays in the off state before the PCI device driver calls
pci_enable_device(): when the bit is off, pci_read_bases() and
pci_std_update_resource() don't cause Hyper-V to unmap/map the vBARs.
With this change, the boot time of such a VM is reduced by
1.8 * (8-1) * 14 = 176.4 seconds.

[Test Case]

Microsoft tested

[Where things could go wrong]

PCI BAR setup could fail or be incorrect.

[Other Info]

SF: #00336342

Tags:

CVE References

Tim Gardner (timg-tpi) on 2022-05-09

affects:	linux (Ubuntu) → linux-azure (Ubuntu)
Changed in linux-azure (Ubuntu):
status:	New → Fix Released
Changed in linux-azure (Ubuntu Jammy):
assignee:	nobody → Tim Gardner (timg-tpi)
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux-azure (Ubuntu Impish):
assignee:	nobody → Tim Gardner (timg-tpi)
importance:	Undecided → Medium
status:	New → In Progress

Tim Gardner (timg-tpi) on 2022-05-09

Changed in linux-azure (Ubuntu Focal):
assignee:	nobody → Tim Gardner (timg-tpi)
importance:	Undecided → Medium
status:	New → In Progress

Tim Gardner (timg-tpi) on 2022-05-11

Changed in linux-azure (Ubuntu Focal):
status:	In Progress → Fix Committed
Changed in linux-azure (Ubuntu Impish):
status:	In Progress → Fix Committed
Changed in linux-azure (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-05-13:

This bug is awaiting verification that the linux-azure/5.15.0-1006.7 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-05-13:

This bug is awaiting verification that the linux-azure/5.13.0-1024.28 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-impish

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-05-27:

This bug is awaiting verification that the linux-azure/5.4.0-1081.84 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2022-05-30:

Microsoft tested. Marking verification done.

tags:

added: verification-done-focal verification-done-impish verification-done-jammy
removed: verification-needed-focal verification-needed-impish verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-06-03:

Download full text (12.2 KiB)

This bug was fixed in the package linux-azure - 5.13.0-1026.30

---------------
linux-azure (5.13.0-1026.30) impish; urgency=medium

* impish/linux-azure: 5.13.0-1026.30 -proposed tracker (LP: #1974334)

  * [Azure] WARNING: CPU: 0 PID: 499 at include/linux/dma-mapping.h:555
    netvsc_probe+0x3c9/0x3e0 (LP: #1975717)
    - Drivers: hv: vmbus: Rework use of DMA_BIT_MASK(64)
    - Drivers: hv: vmbus: Fix initialization of device object in
      vmbus_device_register()

  * [Azure] hv_netvsc: Add support for XDP_REDIRECT (LP: #1972832)
    - hv_netvsc: Add comment of netvsc_xdp_xmit()
    - hv_netvsc: Add support for XDP_REDIRECT

  * linux-azure: Patch Set for ARM64 Images 20.04 and 18.04 (LP: #1970468)
    - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
    - Drivers: hv: balloon: Support status report for larger page sizes
    - Drivers: hv: balloon: Disable balloon and hot-add accordingly

  * [Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
    (LP: #1972662)
    - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time

* config CONFIG_HISI_PMU for kunpeng920 (LP: #1956086)
- [Config] azure: CONFIG_HISI_PMU=m

[ Ubuntu: 5.13.0-46.51 ]

* CVE-2022-21499
- SAUCE: debug: Lock down kgdb

[ Ubuntu: 5.13.0-45.50 ]

This bug was fixed in the package linux-azure - 5.13.0-1026.30

---------------
linux-azure (5.13.0-1026.30) impish; urgency=medium

* impish/linux-azure: 5.13.0-1026.30 -proposed tracker (LP: #1974334)

* [Azure] hv_netvsc: Add support for XDP_REDIRECT (LP: #1972832)
    - hv_netvsc: Add comment of netvsc_xdp_xmit()
    - hv_netvsc: Add support for XDP_REDIRECT

* [Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
    (LP: #1972662)
    - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time

* config CONFIG_HISI_PMU for  kunpeng920 (LP: #1956086)
    - [Config] azure: CONFIG_HISI_PMU=m

[ Ubuntu: 5.13.0-46.51 ]

* CVE-2022-21499
    - SAUCE: debug: Lock down kgdb

[ Ubuntu: 5.13.0-45.50 ]

* impish/linux: 5.13.0-45.50 -proposed tracker (LP: #1974347)
  * CVE-2022-1158
    - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
  * config CONFIG_HISI_PMU for  kunpeng920 (LP: #1956086)
    - [Config] CONFIG_HISI_PMU=m
  * re-apply missing overlayfs SAUCE patch (LP: #1967924)
    - SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
  * Impish update: upstream stable patchset 2022-04-20 (LP: #1969666)
    - mac80211_hwsim: report NOACK frames in tx_status
    - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
    - i2c: bcm2835: Avoid clock stretching timeouts
    - ASoC: rt5668: do not block workqueue if card is unbound
    - ASoC: rt5682: do not block workqueue if card is unbound
    - regulator: core: fix false positive in regulator_late_cleanup()
    - KVM: arm64: vgic: Read HW interrupt pending state from the HW
    - tipc: fix a bit overflow in tipc_crypto_key_rcv()
    - cifs: fix double free race when mount fails in cifs_get_root()
    - selftests/seccomp: Fix seccomp failure by adding missing headers
    - i2c: cadence: allow COMPILE_TEST
    - i2c: qup: allow COMPILE_TEST
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
    - usb: gadget: don't release an existing dev->buf
    - usb: gadget: clear related members when goto fail
    - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
    - exfat: fix i_blocks for files truncated over 4 GiB
    - tracing: Add test for user space strings when filtering on string pointers
    - serial: stm32: prevent TDR register overwrite when sending x_char
    - ata: pata_hpt37x: fix PCI clock detection
    - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
    - tracing: Add ustring operation to filtering string pointers
    - ALSA: intel_hdmi: Fix reference to PCM buffer address
    - riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
    - riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
    - riscv: Fix config KASAN && DEBUG_VIRTUAL
    - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
    - iommu/amd: Recover from event log overflow
    - drm/i915: s/JSP2/ICP2/ PCH
    - xen/netfront: destroy queues before real_num_tx_queues is zeroed
    - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
    - ntb: intel: fix port config status offset for SPR
    - mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
    - xfrm: fix MTU regression
    - netfilter: fix use-after-free in __nf_register_net_hook()
    - bpf, sockmap: Do not ignore orig_len parameter
    - xfrm: enforce validity of offload input flags
    - e1000e: Correct NVM checksum verification flow
    - net: fix up skbs delta_truesize in UDP GRO frag_list
    - netfilter: nf_queue: don't assume sk is full socket
    - netfilter: nf_queue: fix possible use-after-free
    - netfilter: nf_queue: handle socket prefetch
    - batman-adv: Request iflink once in batadv-on-batadv check
    - batman-adv: Request iflink once in batadv_get_real_netdevice
    - batman-adv: Don't expect inter-netns unique iflink indices
    - net: ipv6: ensure we call ipv6_mc_down() at most once
    - net: dcb: flush lingering app table entries for unregistered devices
    - net/smc: fix connection leak
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
    - mac80211: fix forwarded mesh frames AC & queue selection
    - net: stmmac: fix return value of __setup handler
    - mac80211: treat some SAE auth steps as final
    - iavf: Fix missing check for running netdev
    - net: sxgbe: fix return value of __setup handler
    - ibmvnic: register netdev after init of adapter
    - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
    - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
    - efivars: Respect "block" flag in efivar_entry_set_safe()
    - firmware: arm_scmi: Remove space in MODULE_ALIAS name
    - ASoC: cs4265: Fix the duplicated control name
    - can: gs_usb: change active_channels's type from atomic_t to u8
    - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
    - igc: igc_read_phy_reg_gpy: drop premature return
    - ARM: Fix kgdb breakpoint for Thumb2
    - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
    - selftests: mlxsw: tc_police_scale: Make test more robust
    - pinctrl: sunxi: Use unique lockdep classes for IRQs
    - igc: igc_write_phy_reg_gpy: drop premature return
    - ibmvnic: free reset-work-item when flushing
    - memfd: fix F_SEAL_WRITE after shmem huge page allocated
    - s390/extable: fix exception table sorting
    - ARM: dts: switch timer config to common devkit8000 devicetree
    - ARM: dts: Use 32KiHz oscillator on devkit8000
    - soc: fsl: guts: Revert commit 3c0d64e867ed
    - soc: fsl: guts: Add a missing memory allocation failure check
    - soc: fsl: qe: Check of ioremap return value
    - ARM: tegra: Move panels to AUX bus
    - ibmvnic: complete init_done on transport events
    - net: chelsio: cxgb3: check the return value of pci_find_capability()
    - iavf: Refactor iavf state machine tracking
    - nl80211: Handle nla_memdup failures in handle_nan_filter
    - drm/amdgpu: fix suspend/resume hang regression
    - net: dcb: disable softirqs in dcbnl_flush_dev()
    - Input: elan_i2c - move regulator_[en|dis]able() out of
      elan_[en|dis]able_power()
    - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
    - Input: samsung-keypad - properly state IOMEM dependency
    - HID: add mapping for KEY_DICTATE
    - HID: add mapping for KEY_ALL_APPLICATIONS
    - tracing/histogram: Fix sorting on old "cpu" value
    - tracing: Fix return value of __setup handlers
    - btrfs: fix lost prealloc extents beyond eof after full fsync
    - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
    - btrfs: add missing run of delayed items after unlink during log replay
    - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
    - hamradio: fix macro redefine warning
    - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
    - sched/fair: Fix fault in reweight_entity
    - tools/resolve_btf_ids: Close ELF file on error
    - mtd: spi-nor: Fix mtd size for s3an flashes
    - MIPS: fix local_{add,sub}_return on MIPS64
    - signal: In get_signal test for signal_group_exit every time through the loop
    - PCI: mediatek-gen3: Disable DVFSRC voltage request
    - PCI: dwc: Do not remap invalid res
    - PCI: aardvark: Fix checking for MEM resource type
    - KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest
    - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU
    - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
    - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg
    - KVM: x86: Exit to userspace if emulation prepared a completion callback
    - i3c: fix incorrect address slot lookup on 64-bit
    - i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in
      'hci_dat_v1_get_index()'
    - tracing: Do not let synth_events block other dyn_event systems during create
    - Input: ti_am335x_tsc - set ADCREFM for X configuration
    - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
    - NFSD: Fix verifier returned in stable WRITEs
    - Revert "nfsd: skip some unnecessary stats in the v4 case"
    - nfsd: fix crash on COPY_NOTIFY with special stateid
    - x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi()
    - SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point
    - SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points
    - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
    - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable
      in self refresh mode
    - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
    - ntb_hw_switchtec: Fix bug with more than 32 partitions
    - drm/amdkfd: Check for null pointer after calling kmemdup
    - i3c: master: dw: check return of dw_i3c_master_get_free_pos()
    - dma-buf: cma_heap: Fix mutex locking section
    - tracing/uprobes: Check the return value of kstrdup() for tu->filename
    - tracing/probes: check the return value of kstrndup() for pbuf
    - mm: defer kmemleak object creation of module_alloc()
    - kasan: fix quarantine conflicting with init_on_free
    - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
      setting
    - hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
    - ethtool: Fix link extended state for big endian
    - bpf: Fix possible race in inc_misses_counter
    - gve: Recording rx queue before sending to napi
    - ibmvnic: don't release napi in __ibmvnic_open()
    - bnxt_en: Fix occasional ethtool -t loopback test failures
    - iwlwifi: mvm: check debugfs_dir ptr before use
    - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
    - mac80211: fix EAPoL rekey fail in 802.3 rx path
    - blktrace: fix use after free for struct blk_trace
    - net: ipa: add an interconnect dependency
    - iavf: Fix deadlock in iavf_reset_task
    - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
    - auxdisplay: lcd2s: Fix memory leak in ->remove()
    - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object
    - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
    - mips: setup: fix setnocoherentio() boolean setting
    - mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
    - sched: Fix yet more sched_fork() races
    - arm64: dts: juno: Remove GICv2m dma-range
    - iommu/amd: Fix I/O page table memory leak
    - netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
    - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8
    - e1000e: Fix possible HW unit hang after an s0ix exit
    - selftests: mlxsw: resource_scale: Fix return value
    - iavf: do not override the adapter state in the watchdog task (again)
    - btrfs: fix relocation crash due to premature return from
      btrfs_commit_transaction()
    - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots()
  * CVE-2022-28390
    - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path

linux-azure (5.13.0-1025.29) impish; urgency=medium

* impish/linux-azure: 5.13.0-1025.29 -proposed tracker (LP: #1973931)

[ Ubuntu: 5.13.0-44.49 ]

* impish/linux: 5.13.0-44.49 -proposed tracker (LP: #1973941)
  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()
  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

-- Tim Gardner <tim.gardner@canonical.com>  Thu, 26 May 2022 10:46:59 -0600

Changed in linux-azure (Ubuntu Impish):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-06-03:

Download full text (105.5 KiB)

This bug was fixed in the package linux-azure - 5.15.0-1008.9

---------------
linux-azure (5.15.0-1008.9) jammy; urgency=medium

* jammy/linux-azure: 5.15.0-1008.9 -proposed tracker (LP: #1974294)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.04.18)

* config CONFIG_HISI_PMU for kunpeng920 (LP: #1956086)
- [Config] azure: CONFIG_HISI_PMU=m

* linux: CONFIG_SERIAL_8250_MID=y (LP: #1967338)
- [Config] azure: CONFIG_SERIAL_8250_MID=y

  * Support AMD P-State cpufreq control mechanism (LP: #1956509) // Enable
    speakup kernel modules to allow the speakup screen reader to function
    (LP: #1967702)
    - [Config] azure: Update configs after rebase

  * Azure: swiotlb patch needed for CVM (LP: #1971701) // [Azure][CVM] Fix
    swiotlb_max_mapping_size() for potential bounce buffer allocation failure in
    storvsc (LP: #1973169)
    - SAUCE: swiotlb: Max mapping size takes min align mask into account

  * Azure: swiotlb patch needed for CVM (LP: #1971701)
    - SAUCE: treewide: Replace the use of mem_encrypt_active() with
      cc_platform_has()
    - SAUCE: swiotlb: use bitmap to track free slots
    - SAUCE: swiotlb: allocate memory in a cache-friendly way
    - SAUCE: swiotlb: Split up single swiotlb lock

  * jammy/linux-azure: Update cifs to 5.15 backport (LP: #1970977)
    - improve error message when mount options conflict with posix
    - cifs: call cifs_reconnect when a connection is marked
    - cifs: call helper functions for marking channels for reconnect
    - cifs: mark sessions for reconnection in helper function
    - treewide: Replace zero-length arrays with flexible-array members
    - smb3: fix incorrect session setup check for multiuser mounts
    - cifs: truncate the inode and mapping when we simulate fcollapse
    - cifs: use a different reconnect helper for non-cifsd threads
    - cifs: do not skip link targets when an I/O fails
    - cifs: convert the path to utf16 in smb2_query_info_compound
    - cifs: change smb2_query_info_compound to use a cached fid, if available
    - cifs: fix bad fids sent over wire
    - cifs: fix incorrect use of list iterator after the loop
    - move more common protocol header definitions to smbfs_common
    - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common
    - smb3: move defines for query info and query fsinfo to smbfs_common
    - smb3: cleanup and clarify status of tree connections
    - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to
      smbfs_common
    - fs: Remove ->readpages address space operation
    - cifs: fix potential race with cifsd thread
    - cifs: remove check of list iterator against head past the loop body
    - cifs: force new session setup and tcon for dfs
    - cifs: update internal module number
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - cifs: Split the smb3_a...

This bug was fixed in the package linux-azure - 5.15.0-1008.9

---------------
linux-azure (5.15.0-1008.9) jammy; urgency=medium

* jammy/linux-azure: 5.15.0-1008.9 -proposed tracker (LP: #1974294)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.04.18)

* config CONFIG_HISI_PMU for  kunpeng920 (LP: #1956086)
    - [Config] azure: CONFIG_HISI_PMU=m

* linux: CONFIG_SERIAL_8250_MID=y (LP: #1967338)
    - [Config] azure: CONFIG_SERIAL_8250_MID=y

* [Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
    (LP: #1972662)
    - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time

* Jammy/linux-azure: CONFIG_BLK_DEV_FD=n (LP: #1972017)
    - [Config] azure: CONFIG_BLK_DEV_FD=n

* [Azure] hv_netvsc: Add support for XDP_REDIRECT (LP: #1972832)
    - hv_netvsc: Add comment of netvsc_xdp_xmit()
    - hv_netvsc: Add support for XDP_REDIRECT

* linux-azure: Patch Set for ARM64 Images 20.04 and 18.04 (LP: #1970468)
    - Drivers: hv: balloon: Support status report for larger page sizes

[ Ubuntu: 5.15.0-35.36 ]

* CVE-2022-21499
    - SAUCE: debug: Lock down kgdb

[ Ubuntu: 5.15.0-34.35 ]

* jammy/linux: 5.15.0-34.35 -proposed tracker (LP: #1974322)
  * AMD APU s2idle is broken after the ASIC reset fix (LP: #1972134)
    - drm/amdgpu: unify BO evicting method in amdgpu_ttm
    - drm/amdgpu: explicitly check for s0ix when evicting resources
  * amd_gpio AMDI0030:00: Failed to translate GPIO pin 0x0000 to IRQ, err -517
    (LP: #1971597)
    - gpio: Request interrupts after IRQ is initialized
  * config CONFIG_HISI_PMU for  kunpeng920 (LP: #1956086)
    - [Config] CONFIG_HISI_PMU=m
  * Mute/mic LEDs no function on EliteBook G9 platfroms (LP: #1970552)
    - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops
  * network-manager/1.36.4-2ubuntu1 ADT test failure with linux/5.15.0-28.29
    (LP: #1971418)
    - Revert "rfkill: make new event layout opt-in"
  * PCIE LnkCtl ASPM not enabled under VMD mode for Alder Lake platforms
    (LP: #1942160)
    - SAUCE: vmd: fixup bridge ASPM by driver name instead
  * Mute/mic LEDs no function on HP EliteBook 845/865 G9 (LP: #1970178)
    - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
      845/865 G9
  * Enable headset mic on Lenovo P360 (LP: #1967069)
    - ALSA: hda/realtek: Enable headset mic on Lenovo P360
  * WCN6856 BT keep in OFF state after coldboot system (LP: #1967067)
    - Bluetooth: btusb: Improve stability for QCA devices
  * Screen sometimes can't update [Failed to post KMS update: CRTC property
    (GAMMA_LUT) not found] (LP: #1967274)
    - drm/i915/xelpd: Enable Pipe color support for D13 platform
    - drm/i915: Use unlocked register accesses for LUT loads
    - drm/i915/xelpd: Enable Pipe Degamma
    - drm/i915/xelpd: Add Pipe Color Lut caps to platform config
  * Jammy update: v5.15.35 upstream stable release (LP: #1969857)
    - drm/amd/display: Add pstate verification and recovery for DCN31
    - drm/amd/display: Fix p-state allow debug index on dcn31
    - hamradio: defer 6pack kfree after unregister_netdev
    - hamradio: remove needs_free_netdev to avoid UAF
    - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
    - ACPI: processor idle: Check for architectural support for LPI
    - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40
    - btrfs: remove unused parameter nr_pages in add_ra_bio_pages()
    - btrfs: remove no longer used counter when reading data page
    - btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
    - soc: qcom: aoss: Expose send for generic usecase
    - dt-bindings: net: qcom,ipa: add optional qcom,qmp property
    - net: ipa: request IPA register values be retained
    - btrfs: release correct delalloc amount in direct IO write path
    - ALSA: core: Add snd_card_free_on_error() helper
    - ALSA: sis7019: Fix the missing error handling
    - ALSA: ali5451: Fix the missing snd_card_free() call at probe error
    - ALSA: als300: Fix the missing snd_card_free() call at probe error
    - ALSA: als4000: Fix the missing snd_card_free() call at probe error
    - ALSA: atiixp: Fix the missing snd_card_free() call at probe error
    - ALSA: au88x0: Fix the missing snd_card_free() call at probe error
    - ALSA: aw2: Fix the missing snd_card_free() call at probe error
    - ALSA: azt3328: Fix the missing snd_card_free() call at probe error
    - ALSA: bt87x: Fix the missing snd_card_free() call at probe error
    - ALSA: ca0106: Fix the missing snd_card_free() call at probe error
    - ALSA: cmipci: Fix the missing snd_card_free() call at probe error
    - ALSA: cs4281: Fix the missing snd_card_free() call at probe error
    - ALSA: cs5535audio: Fix the missing snd_card_free() call at probe error
    - ALSA: echoaudio: Fix the missing snd_card_free() call at probe error
    - ALSA: emu10k1x: Fix the missing snd_card_free() call at probe error
    - ALSA: ens137x: Fix the missing snd_card_free() call at probe error
    - ALSA: es1938: Fix the missing snd_card_free() call at probe error
    - ALSA: es1968: Fix the missing snd_card_free() call at probe error
    - ALSA: fm801: Fix the missing snd_card_free() call at probe error
    - ALSA: galaxy: Fix the missing snd_card_free() call at probe error
    - ALSA: hdsp: Fix the missing snd_card_free() call at probe error
    - ALSA: hdspm: Fix the missing snd_card_free() call at probe error
    - ALSA: ice1724: Fix the missing snd_card_free() call at probe error
    - ALSA: intel8x0: Fix the missing snd_card_free() call at probe error
    - ALSA: intel_hdmi: Fix the missing snd_card_free() call at probe error
    - ALSA: korg1212: Fix the missing snd_card_free() call at probe error
    - ALSA: lola: Fix the missing snd_card_free() call at probe error
    - ALSA: lx6464es: Fix the missing snd_card_free() call at probe error
    - ALSA: maestro3: Fix the missing snd_card_free() call at probe error
    - ALSA: oxygen: Fix the missing snd_card_free() call at probe error
    - ALSA: riptide: Fix the missing snd_card_free() call at probe error
    - ALSA: rme32: Fix the missing snd_card_free() call at probe error
    - ALSA: rme9652: Fix the missing snd_card_free() call at probe error
    - ALSA: rme96: Fix the missing snd_card_free() call at probe error
    - ALSA: sc6000: Fix the missing snd_card_free() call at probe error
    - ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error
    - ALSA: via82xx: Fix the missing snd_card_free() call at probe error
    - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
    - ALSA: nm256: Don't call card private_free at probe error path
    - drm/msm: Add missing put_task_struct() in debugfs path
    - firmware: arm_scmi: Remove clear channel call on the TX channel
    - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
    - Revert "ath11k: mesh: add support for 256 bitmap in blockack frames in 11ax"
    - firmware: arm_scmi: Fix sorting of retrieved clock rates
    - media: rockchip/rga: do proper error checking in probe
    - SUNRPC: Fix the svc_deferred_event trace class
    - net/sched: flower: fix parsing of ethertype following VLAN header
    - veth: Ensure eth header is in skb's linear part
    - gpiolib: acpi: use correct format characters
    - cifs: release cached dentries only if mount is complete
    - net: mdio: don't defer probe forever if PHY IRQ provider is missing
    - mlxsw: i2c: Fix initialization error flow
    - net/sched: fix initialization order when updating chain 0 head
    - net: dsa: felix: suppress -EPROBE_DEFER errors
    - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
    - net/sched: taprio: Check if socket flags are valid
    - cfg80211: hold bss_lock while updating nontrans_list
    - netfilter: nft_socket: make cgroup match work in input too
    - drm/msm: Fix range size vs end confusion
    - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
    - drm/msm/dp: add fail safe mode outside of event_mutex context
    - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
    - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
    - scsi: pm80xx: Enable upper inbound, outbound queues
    - scsi: iscsi: Move iscsi_ep_disconnect()
    - scsi: iscsi: Fix offload conn cleanup when iscsid restarts
    - scsi: iscsi: Fix endpoint reuse regression
    - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart
    - scsi: iscsi: Fix unbound endpoint error handling
    - sctp: Initialize daddr on peeled off socket
    - netfilter: nf_tables: nft_parse_register can return a negative value
    - ALSA: ad1889: Fix the missing snd_card_free() call at probe error
    - ALSA: mtpav: Don't call card private_free at probe error path
    - io_uring: move io_uring_rsrc_update2 validation
    - io_uring: verify that resv2 is 0 in io_uring_rsrc_update2
    - io_uring: verify pad field is 0 in io_get_ext_arg
    - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
    - ALSA: usb-audio: Increase max buffer size
    - ALSA: usb-audio: Limit max buffer and period sizes per time
    - perf tools: Fix misleading add event PMU debug message
    - macvlan: Fix leaking skb in source mode with nodst option
    - net: ftgmac100: access hardware register after clock ready
    - nfc: nci: add flush_workqueue to prevent uaf
    - cifs: potential buffer overflow in handling symlinks
    - dm mpath: only use ktime_get_ns() in historical selector
    - vfio/pci: Fix vf_token mechanism when device-specific VF drivers are used
    - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering"
    - block: fix offset/size check in bio_trim()
    - drm/amd: Add USBC connector ID
    - btrfs: fix fallocate to use file_modified to update permissions consistently
    - btrfs: do not warn for free space inode in cow_file_range
    - drm/amdgpu: conduct a proper cleanup of PDB bo
    - drm/amdgpu/gmc: use PCI BARs for APUs in passthrough
    - drm/amd/display: fix audio format not updated after edid updated
    - drm/amd/display: FEC check in timing validation
    - drm/amd/display: Update VTEM Infopacket definition
    - drm/amdkfd: Fix Incorrect VMIDs passed to HWS
    - drm/amdgpu/vcn: improve vcn dpg stop procedure
    - drm/amdkfd: Check for potential null return of kmalloc_array()
    - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in
      isolated guests
    - PCI: hv: Propagate coherence from VMbus device to PCI device
    - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
    - scsi: target: tcmu: Fix possible page UAF
    - scsi: lpfc: Fix queue failures when recovering from PCI parity error
    - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
    - net: micrel: fix KS8851_MLL Kconfig
    - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
    - gpu: ipu-v3: Fix dev_dbg frequency output
    - regulator: wm8994: Add an off-on delay for WM8994 variant
    - arm64: alternatives: mark patch_alternative() as `noinstr`
    - tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
    - net: axienet: setup mdio unconditionally
    - Drivers: hv: balloon: Disable balloon and hot-add accordingly
    - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
    - myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
    - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations
    - drm/amd/display: Enable power gating before init_pipes
    - drm/amd/display: Revert FEC check in validation
    - drm/amd/display: Fix allocate_mst_payload assert on resume
    - drbd: set QUEUE_FLAG_STABLE_WRITES
    - scsi: mpt3sas: Fail reset operation if config request timed out
    - scsi: mvsas: Add PCI ID of RocketRaid 2640
    - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
    - drivers: net: slip: fix NPD bug in sl_tx_timeout()
    - io_uring: zero tag on rsrc removal
    - io_uring: use nospec annotation for more indexes
    - perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
    - mm/secretmem: fix panic when growing a memfd_secret
    - mm, page_alloc: fix build_zonerefs_node()
    - mm: fix unexpected zeroed page mapping with zram swap
    - mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
    - KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
    - SUNRPC: Fix NFSD's request deferral on RDMA transports
    - memory: renesas-rpc-if: fix platform-device leak in error path
    - gcc-plugins: latent_entropy: use /dev/urandom
    - cifs: verify that tcon is valid before dereference in cifs_kill_sb
    - ath9k: Properly clear TX status area before reporting to mac80211
    - ath9k: Fix usage of driver-private space in tx_info
    - btrfs: fix root ref counts in error handling in btrfs_get_root_ref
    - btrfs: mark resumed async balance as writing
    - ALSA: hda/realtek: Add quirk for Clevo PD50PNT
    - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
    - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
    - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
    - ipv6: fix panic when forwarding a pkt with no in6 dev
    - drm/amd/display: don't ignore alpha property on pre-multiplied mode
    - drm/amdgpu: Enable gfxoff quirk on MacBook Pro
    - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits
    - x86/tsx: Disable TSX development mode at boot
    - genirq/affinity: Consider that CPUs on nodes can be unbalanced
    - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
    - ARM: davinci: da850-evm: Avoid NULL pointer dereference
    - dm integrity: fix memory corruption when tag_size is less than digest size
    - i2c: dev: check return value when calling dev_set_name()
    - smp: Fix offline cpu check in flush_smp_call_function_queue()
    - i2c: pasemi: Wait for write xfers to finish
    - dt-bindings: net: snps: remove duplicate name
    - timers: Fix warning condition in __run_timers()
    - dma-direct: avoid redundant memory sync for swiotlb
    - drm/i915: Sunset igpu legacy mmap support based on GRAPHICS_VER_FULL
    - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state
    - soc: qcom: aoss: Fix missing put_device call in qmp_get
    - net: ipa: fix a build dependency
    - cpufreq: intel_pstate: ITMT support for overclocked system
    - ax25: add refcount in ax25_dev to avoid UAF bugs
    - ax25: fix reference count leaks of ax25_dev
    - ax25: fix UAF bugs of net_device caused by rebinding operation
    - ax25: Fix refcount leaks caused by ax25_cb_del()
    - ax25: fix UAF bug in ax25_send_control()
    - ax25: fix NPD bug in ax25_disconnect
    - ax25: Fix NULL pointer dereferences in ax25 timers
    - ax25: Fix UAF bugs in ax25 timers
    - Linux 5.15.35
  * CONFIG_SND_COMPRESS_OFFLOAD missing in jammy/ppc64el kernel config
    (LP: #1969807)
    - [Config] updateconfigs for SND_COMPRESS_OFFLOAD (ppc64el)
  * Micmute LED support for Zbook Fury 16 G9 (LP: #1968892)
    - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9
  * Fix broken HDMI audio on AMD PRO VII after S3 (LP: #1968475)
    - drm/amdgpu: don't set s3 and s0ix at the same time
    - drm/amdgpu: Ensure HDA function is suspended before ASIC reset
  * [Ubuntu 22.04] mpi3mr: Request to include latest bug fixes (LP: #1967116)
    - scsi: mpi3mr: Clean up mpi3mr_print_ioc_info()
    - scsi: mpi3mr: Use scnprintf() instead of snprintf()
    - scsi: mpi3mr: Add debug APIs based on logging_level bits
    - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave()
    - scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status
    - scsi: mpi3mr: Update MPI3 headers - part1
    - scsi: mpi3mr: Update MPI3 headers - part2
    - scsi: mpi3mr: Add support for PCIe Managed Switch SES device
    - scsi: mpi3mr: Do access status validation before adding devices
    - scsi: mpi3mr: Increase internal cmnds timeout to 60s
    - scsi: mpi3mr: Handle unaligned PLL in unmap cmnds
    - scsi: mpi3mr: Display IOC firmware package version
    - scsi: mpi3mr: Fault IOC when internal command gets timeout
    - scsi: mpi3mr: Code refactor of IOC init - part1
    - scsi: mpi3mr: Code refactor of IOC init - part2
    - scsi: mpi3mr: Handle offline FW activation in graceful manner
    - scsi: mpi3mr: Add IOC reinit function
    - scsi: mpi3mr: Detect async reset that occurred in firmware
    - scsi: mpi3mr: Gracefully handle online FW update operation
    - scsi: mpi3mr: Add Event acknowledgment logic
    - scsi: mpi3mr: Support Prepare for Reset event
    - scsi: mpi3mr: Print cable mngnt and temp threshold events
    - scsi: mpi3mr: Add io_uring interface support in I/O-polled mode
    - scsi: mpi3mr: Use TM response codes from MPI3 headers
    - scsi: mpi3mr: Enhanced Task Management Support Reply handling
    - scsi: mpi3mr: Bump driver version to 8.0.0.61.0
    - scsi: mpi3mr: Fix some spelling mistakes
    - scsi: mpi3mr: Fix formatting problems in some kernel-doc comments
    - scsi: mpi3mr: Fix deadlock while canceling the fw event
    - scsi: mpi3mr: Fix printing of pending I/O count
    - scsi: mpi3mr: Update MPI3 headers
    - scsi: mpi3mr: Fix hibernation issue
    - scsi: mpi3mr: Fix cmnd getting marked as in use forever
    - scsi: mpi3mr: Update the copyright year
    - scsi: mpi3mr: Bump driver version to 8.0.0.68.0
    - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning
  * Support AMD P-State cpufreq control mechanism (LP: #1956509)
    - x86/cpufeatures: Add AMD Collaborative Processor Performance Control feature
      flag
    - x86/msr: Add AMD CPPC MSR definitions
    - ACPI: CPPC: Implement support for SystemIO registers
    - ACPI: CPPC: Add CPPC enable register function
    - cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future
      processors
    - cpufreq: amd-pstate: Add fast switch function for AMD P-State
    - cpufreq: amd-pstate: Introduce the support for the processors with shared
      memory solution
    - cpufreq: amd-pstate: Add trace for AMD P-State module
    - cpufreq: amd-pstate: Add boost mode support for AMD P-State
    - cpufreq: amd-pstate: Add AMD P-State frequencies attributes
    - cpufreq: amd-pstate: Add AMD P-State performance attributes
    - Documentation: amd-pstate: Add AMD P-State driver introduction
    - MAINTAINERS: Add AMD P-State driver maintainer entry
    - cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment
    - cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State
    - [Config] enable X86_AMD_PSTATE as built-in on amd64
  * Bolt doesn't work with native USB4 hosts (LP: #1962349)
    - thunderbolt: Retry DROM reads for more failure scenarios
    - thunderbolt: Do not resume routers if UID is not set
    - thunderbolt: Do not make DROM read success compulsory
    - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
  * linux-image-5.0.0-35-generic breaks checkpointing of container
    (LP: #1857257) // re-apply missing overlayfs SAUCE patch (LP: #1967924)
    - SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
  * [Jammy, mlx5, ConnectX-7] add CX7 support for software steering
    (LP: #1966194)
    - net/mlx5: DR, Fix vport number data type to u16
    - net/mlx5: DR, Replace local WIRE_PORT macro with the existing
      MLX5_VPORT_UPLINK
    - net/mlx5: DR, Add missing query for vport 0
    - net/mlx5: DR, Align error messages for failure to obtain vport caps
    - net/mlx5: DR, Support csum recalculation flow table on SFs
    - net/mlx5: DR, Add support for SF vports
    - net/mlx5: DR, Increase supported num of actions to 32
    - net/mlx5: DR, Fix typo 'offeset' to 'offset'
    - net/mlx5: DR, init_next_match only if needed
    - net/mlx5: DR, Add missing string for action type SAMPLER
    - net/mlx5: DR, Add check for unsupported fields in match param
    - net/mlx5: Introduce new uplink destination type
    - net/mlx5: DR, Handle eswitch manager and uplink vports separately
    - net/mlx5: DR, Fix querying eswitch manager vport for ECPF
    - net/mlx5: DR, Fix check for unsupported fields in match param
    - net/mlx5: DR, Fix error flow in creating matcher
    - net/mlx5: DR, Fix lower case macro prefix "mlx5_" to "MLX5_"
    - net/mlx5: DR, Remove unused struct member in matcher
    - net/mlx5: DR, Rename list field in matcher struct to list_node
    - net/mlx5: DR, Add check for flex parser ID value
    - net/mlx5: DR, Add missing reserved fields to dr_match_param
    - net/mlx5: DR, Add support for dumping steering info
    - net/mlx5: DR, Add support for UPLINK destination type
    - net/mlx5: DR, Warn on failure to destroy objects due to refcount
    - net/mlx5: Add misc5 flow table match parameters
    - net/mlx5: DR, Add misc5 to match_param structs
    - net/mlx5: DR, Support matching on tunnel headers 0 and 1
    - net/mlx5: DR, Add support for matching on geneve_tlv_option_0_exist field
    - net/mlx5: DR, Improve steering for empty or RX/TX-only matchers
    - net/mlx5: DR, Ignore modify TTL if device doesn't support it
    - net/mlx5: Set SMFS as a default steering mode if device supports it
    - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
    - net/mlx5: DR, Add support for matching on Internet Header Length (IHL)
    - net/mlx5: DR, Remove unneeded comments
    - net/mlx5: DR, Fix handling of different actions on the same STE in STEv1
    - net/mlx5: DR, Rename action modify fields to reflect naming in HW spec
    - net/mlx5: DR, Refactor ste_ctx handling for STE v0/1
    - net/mlx5: Introduce software defined steering capabilities
    - net/mlx5: DR, Add support for ConnectX-7 steering
  * alsa: enable the cirrus-logic side-codec to make the speaker output sound
    (LP: #1965496)
    - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier
    - ASoC: cs35l41: Fix use of an uninitialised variable
    - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot
    - ASoC: cs35l41: Combine adjacent register writes
    - ASoC: cs35l41: Don't overwrite returned error code
    - ASoC: cs35l41: Fixup the error messages
    - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues
    - misc: cs35l41: Remove unused pdn variable
    - ASoC: cs35l41: Make cs35l41_remove() return void
    - ASoC: cs35l41: Change monitor widgets to siggens
    - ASoC: cs35l41: DSP Support
    - ASoC: cs35l41: Set the max SPI speed for the whole device
    - ASoC: cs35l41: Fix link problem
    - ASoC: cs35l41: Fix undefined reference to core functions
    - ASoC: cs35l41: Convert tables to shared source code
    - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code
    - ASoC: cs35l41: Move power initializations to reg_sequence
    - ASoC: cs35l41: Create shared function for errata patches
    - ASoC: cs35l41: Create shared function for setting channels
    - ASoC: cs35l41: Create shared function for boost configuration
    - ASoC: cs35l41: Add cs35l51/53 IDs
    - ASoC: cs35l41: Remove incorrect comment
    - ASoC: cs35l41: Correct DSP power down
    - ASoC: cs35l41: Correct handling of some registers in the cache
    - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems
    - ASoC: cs35l41: Update handling of test key registers
    - ASoC: cs35l41: Add support for hibernate memory retention mode
    - ALSA: hda: cs35l41: fix double free on error in probe()
    - ALSA: hda: cs35l41: Avoid overwriting register patch
    - ALSA: hda: cs35l41: Add calls to newly added test key function
    - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace
    - ALSA: hda: cs35l41: Add missing default cases
    - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()
    - ALSA: hda: cs35l41: Tidyup code
    - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void
    - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop
    - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops
    - ALSA: hda/realtek: fix speakers and micmute on HP 855 G8
    - Revert "platform/x86: i2c-multi-instantiate: Don't create platform device
      for INT3515 ACPI nodes"
    - spi: Create helper API to lookup ACPI info for spi device
    - spi: Support selection of the index of the ACPI Spi Resource before alloc
    - spi: Add API to count spi acpi resources
    - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver
      name
    - platform/x86: serial-multi-instantiate: Reorganize I2C functions
    - platform/x86: serial-multi-instantiate: Add SPI support
    - ALSA: hda/realtek: Add support for HP Laptops
    - ACPI / scan: Create platform device for CS35L41
    - [Config] Add cirruslogic side codec support
  * Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
    - [Debian] Use kernel-testing repo from launchpad
  * Fix ADL, WD22TB4,Dual monitors display resolution can't reach 4K 60hz
    (LP: #1967986)
    - drm/i915/display: Remove check for low voltage sku for max dp source rate
    - drm/i915/intel_combo_phy: Print I/O voltage info
  * Support different Cirrus audio codec configurations on Dell laptops
    (LP: #1967988)
    - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration
    - ALSA: hda/cs8409: Re-order quirk table into ascending order
    - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants
    - ALSA: hda/cs8409: Support new Warlock MLK Variants
    - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg
    - ALSA: hda/cs8409: Add new Dolphin HW variants
  * Enable speakup kernel modules to allow the speakup screen reader to function
    (LP: #1967702)
    - [Config] CONFIG_SPEAKUP=m
  * linux: CONFIG_SERIAL_8250_MID=y (LP: #1967338)
    - [Config] amd64 CONFIG_SERIAL_8250_MID=y
  * alsa/sdw: Fix the audio issue on a Dell machine without internal mic
    (LP: #1966841)
    - ASoC: Intel: soc-acpi: add entries in ADL match table
  * Jammy update: v5.15.34 upstream stable release (LP: #1969107)
    - Revert "UBUNTU: SAUCE: Revert "scsi: core: Reallocate device's budget map on
      queue depth change""
    - lib/logic_iomem: correct fallback config references
    - um: fix and optimize xor select template for CONFIG64 and timetravel mode
    - rtc: wm8350: Handle error for wm8350_register_irq
    - nbd: add error handling support for add_disk()
    - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add
    - nbd: Fix hungtask when nbd_config_put
    - nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
    - kfence: count unexpectedly skipped allocations
    - kfence: move saving stack trace of allocations into __kfence_alloc()
    - kfence: limit currently covered allocations when pool nearly full
    - KVM: x86/pmu: Use different raw event masks for AMD and Intel
    - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode()
    - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
    - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic
    - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
    - drm: Add orientation quirk for GPD Win Max
    - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
    - drm/amd/display: Add signal type check when verify stream backends same
    - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
    - drm/amd/display: Fix memory leak
    - drm/amd/display: Use PSR version selected during set_psr_caps
    - usb: gadget: tegra-xudc: Do not program SPARAM
    - usb: gadget: tegra-xudc: Fix control endpoint's definitions
    - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value
    - ptp: replace snprintf with sysfs_emit
    - drm/amdkfd: Don't take process mutex for svm ioctls
    - powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
    - ath11k: fix kernel panic during unload/load ath11k modules
    - ath11k: pci: fix crash on suspend if board file is not found
    - ath11k: mhi: use mhi_sync_power_up()
    - net/smc: Send directly when TCP_CORK is cleared
    - drm/bridge: Add missing pm_runtime_put_sync
    - bpf: Make dst_port field in struct bpf_sock 16-bit wide
    - scsi: mvsas: Replace snprintf() with sysfs_emit()
    - scsi: bfa: Replace snprintf() with sysfs_emit()
    - drm/v3d: fix missing unlock
    - power: supply: axp20x_battery: properly report current when discharging
    - mt76: mt7921: fix crash when startup fails.
    - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
    - cfg80211: don't add non transmitted BSS to 6GHz scanned channels
    - libbpf: Fix build issue with llvm-readelf
    - ipv6: make mc_forwarding atomic
    - net: initialize init_net earlier
    - powerpc: Set crashkernel offset to mid of RMA region
    - drm/amdgpu: Fix recursive locking warning
    - scsi: smartpqi: Fix kdump issue when controller is locked up
    - PCI: aardvark: Fix support for MSI interrupts
    - iommu/arm-smmu-v3: fix event handling soft lockup
    - usb: ehci: add pci device support for Aspeed platforms
    - PCI: endpoint: Fix alignment fault error in copy tests
    - tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
    - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
    - scsi: mpi3mr: Fix reporting of actual data transfer size
    - scsi: mpi3mr: Fix memory leaks
    - powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
    - power: supply: axp288-charger: Set Vhold to 4.4V
    - net/mlx5e: Disable TX queues before registering the netdev
    - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks()
    - iwlwifi: mvm: Correctly set fragmented EBS
    - iwlwifi: mvm: move only to an enabled channel
    - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag
    - ipv4: Invalidate neighbour for broadcast address upon address addition
    - dm ioctl: prevent potential spectre v1 gadget
    - dm: requeue IO if mapping table not yet available
    - drm/amdkfd: make CRAT table missing message informational only
    - vfio/pci: Stub vfio_pci_vga_rw when !CONFIG_VFIO_PCI_VGA
    - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
    - scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
    - scsi: pm8001: Fix task leak in pm8001_send_abort_all()
    - scsi: pm8001: Fix tag leaks on error
    - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
    - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU
    - powerpc/64s/hash: Make hash faults work in NMI context
    - mt76: mt7615: Fix assigning negative values to unsigned variable
    - scsi: aha152x: Fix aha152x_setup() __setup handler return value
    - scsi: hisi_sas: Free irq vectors in order for v3 HW
    - scsi: hisi_sas: Limit users changing debugfs BIST count value
    - net/smc: correct settings of RMB window update limit
    - mips: ralink: fix a refcount leak in ill_acc_of_setup()
    - macvtap: advertise link netns via netlink
    - tuntap: add sanity checks about msg_controllen in sendmsg
    - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
    - Bluetooth: use memset avoid memory leaks
    - bnxt_en: Eliminate unintended link toggle during FW reset
    - PCI: endpoint: Fix misused goto label
    - MIPS: fix fortify panic when copying asm exception handlers
    - powerpc/64e: Tie PPC_BOOK3E_64 to PPC_FSL_BOOK3E
    - powerpc/secvar: fix refcount leak in format_show()
    - scsi: libfc: Fix use after free in fc_exch_abts_resp()
    - can: isotp: set default value for N_As to 50 micro seconds
    - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before
      calling es58x_check_msg_len()
    - riscv: Fixed misaligned memory access. Fixed pointer comparison.
    - net: account alternate interface name memory
    - net: limit altnames to 64k total
    - net/mlx5e: Remove overzealous validations in netlink EEPROM query
    - net: sfp: add 2500base-X quirk for Lantech SFP module
    - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
    - mt76: fix monitor mode crash with sdio driver
    - xtensa: fix DTC warning unit_address_format
    - MIPS: ingenic: correct unit node address
    - Bluetooth: Fix use after free in hci_send_acl
    - netfilter: conntrack: revisit gc autotuning
    - netlabel: fix out-of-bounds memory accesses
    - ceph: fix inode reference leakage in ceph_get_snapdir()
    - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
    - lib/Kconfig.debug: add ARCH dependency for FUNCTION_ALIGN option
    - init/main.c: return 1 from handled __setup() functions
    - minix: fix bug when opening a file with O_DIRECT
    - clk: si5341: fix reported clk_rate when output divider is 2
    - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances
    - staging: vchiq_core: handle NULL result of find_service_by_handle
    - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use
    - phy: amlogic: meson8b-usb2: Use dev_err_probe()
    - phy: amlogic: meson8b-usb2: fix shared reset control use
    - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568
    - cpufreq: CPPC: Fix performance/frequency conversion
    - opp: Expose of-node's name in debugfs
    - staging: wfx: fix an error handling in wfx_init_common()
    - w1: w1_therm: fixes w1_seq for ds28ea00 sensors
    - NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
    - NFSv4: Protect the state recovery thread against direct reclaim
    - habanalabs: fix possible memory leak in MMU DR fini
    - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
    - clk: ti: Preserve node in ti_dt_clocks_register()
    - clk: Enforce that disjoints limits are invalid
    - SUNRPC/call_alloc: async tasks mustn't block waiting for memory
    - SUNRPC/xprt: async tasks mustn't block waiting for memory
    - SUNRPC: remove scheduling boost for "SWAPPER" tasks.
    - NFS: swap IO handling is slightly different for O_DIRECT IO
    - NFS: swap-out must always use STABLE writes.
    - x86: Annotate call_on_stack()
    - x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
    - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
    - virtio_console: eliminate anonymous module_init & module_exit
    - jfs: prevent NULL deref in diFree
    - SUNRPC: Fix socket waits for write buffer space
    - NFS: nfsiod should not block forever in mempool_alloc()
    - NFS: Avoid writeback threads getting stuck in mempool_alloc()
    - selftests: net: Add tls config dependency for tls selftests
    - parisc: Fix CPU affinity for Lasi, WAX and Dino chips
    - parisc: Fix patch code locking and flushing
    - mm: fix race between MADV_FREE reclaim and blkdev direct IO read
    - rtc: mc146818-lib: change return values of mc146818_get_time()
    - rtc: Check return value from mc146818_get_time()
    - rtc: mc146818-lib: fix RTC presence check
    - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
    - Drivers: hv: vmbus: Fix potential crash on module unload
    - Revert "NFSv4: Handle the special Linux file open access mode"
    - NFSv4: fix open failure with O_ACCMODE flag
    - scsi: sr: Fix typo in CDROM(CLOSETRAY|EJECT) handling
    - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
    - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
    - vdpa/mlx5: Rename control VQ workqueue to vdpa wq
    - vdpa/mlx5: Propagate link status from device to vdpa driver
    - vdpa: mlx5: prevent cvq work from hogging CPU
    - net: sfc: add missing xdp queue reinitialization
    - net/tls: fix slab-out-of-bounds bug in decrypt_internal
    - vrf: fix packet sniffing for traffic originating from ip tunnels
    - skbuff: fix coalescing for page_pool fragment recycling
    - ice: Clear default forwarding VSI during VSI release
    - mctp: Fix check for dev_hard_header() result
    - net: ipv4: fix route with nexthop object delete warning
    - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
    - drm/imx: imx-ldb: Check for null pointer after calling kmemdup
    - drm/imx: Fix memory leak in imx_pd_connector_get_modes
    - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe
    - regulator: rtq2134: Fix missing active_discharge_on setting
    - regulator: atc260x: Fix missing active_discharge_on setting
    - arch/arm64: Fix topology initialization for core scheduling
    - bnxt_en: Synchronize tx when xdp redirects happen on same ring
    - bnxt_en: reserve space inside receive page for skb_shared_info
    - bnxt_en: Prevent XDP redirect from running when stopping TX queue
    - sfc: Do not free an empty page_ring
    - RDMA/mlx5: Don't remove cache MRs when a delay is needed
    - RDMA/mlx5: Add a missing update of cache->last_add
    - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD
    - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
    - sctp: count singleton chunks in assoc user stats
    - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
    - ice: Set txq_teid to ICE_INVAL_TEID on ring creation
    - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
    - ipv6: Fix stats accounting in ip6_pkt_drop
    - ice: synchronize_rcu() when terminating rings
    - ice: xsk: fix VSI state check in ice_xsk_wakeup()
    - net: openvswitch: don't send internal clone attribute to the userspace.
    - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()
    - net: openvswitch: fix leak of nested actions
    - rxrpc: fix a race in rxrpc_exit_net()
    - net: sfc: fix using uninitialized xdp tx_queue
    - net: phy: mscc-miim: reject clause 45 register accesses
    - qede: confirm skb is allocated before using
    - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
    - bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
    - drbd: Fix five use after free bugs in get_initial_state
    - scsi: ufs: ufshpb: Fix a NULL check on list iterator
    - io_uring: nospec index for tags on files update
    - io_uring: don't touch scm_fp_list after queueing skb
    - SUNRPC: Handle ENOMEM in call_transmit_status()
    - SUNRPC: Handle low memory situations in call_status()
    - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
    - iommu/omap: Fix regression in probe for NULL pointer dereference
    - perf: arm-spe: Fix perf report --mem-mode
    - perf tools: Fix perf's libperf_print callback
    - perf session: Remap buf if there is no space for event
    - arm64: Add part number for Arm Cortex-A78AE
    - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
    - scsi: ufs: ufs-pci: Add support for Intel MTL
    - Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
    - mmc: block: Check for errors after write on SPI
    - mmc: mmci: stm32: correctly check all elements of sg list
    - mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is
      complete
    - mmc: core: Fixup support for writeback-cache for eMMC and SD
    - lz4: fix LZ4_decompress_safe_partial read out of bound
    - highmem: fix checks in __kmap_local_sched_{in,out}
    - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
    - mm/mempolicy: fix mpol_new leak in shared_policy_replace
    - io_uring: don't check req->file in io_fsync_prep()
    - io_uring: defer splice/tee file validity check until command issue
    - io_uring: implement compat handling for IORING_REGISTER_IOWQ_AFF
    - io_uring: fix race between timeout flush and removal
    - x86/pm: Save the MSR validity status at context setup
    - x86/speculation: Restore speculation related MSRs during S3 resume
    - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids
    - btrfs: fix qgroup reserve overflow the qgroup limit
    - btrfs: prevent subvol with swapfile from being deleted
    - spi: core: add dma_map_dev for __spi_unmap_msg()
    - arm64: patch_text: Fixup last cpu should be master
    - RDMA/hfi1: Fix use-after-free bug for mm struct
    - gpio: Restrict usage of GPIO chip irq members before initialization
    - x86/msi: Fix msi message data shadow struct
    - x86/mm/tlb: Revert retpoline avoidance approach
    - perf/x86/intel: Don't extend the pseudo-encoding to GP counters
    - ata: sata_dwc_460ex: Fix crash due to OOB write
    - perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
    - perf/core: Inherit event_caps
    - irqchip/gic-v3: Fix GICR_CTLR.RWP polling
    - fbdev: Fix unregistering of framebuffers without device
    - amd/display: set backlight only if required
    - SUNRPC: Prevent immediate close+reconnect
    - drm/panel: ili9341: fix optional regulator handling
    - drm/amdgpu/display: change pipe policy for DCN 2.1
    - drm/amdgpu/smu10: fix SoC/fclk units in auto mode
    - drm/amdgpu/vcn: Fix the register setting for vcn1
    - drm/nouveau/pmu: Add missing callbacks for Tegra devices
    - drm/amdkfd: Create file descriptor after client is added to smi_clients list
    - drm/amdgpu: don't use BACO for reset in S3
    - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255
    - net/smc: send directly on setting TCP_NODELAY
    - Revert "selftests: net: Add tls config dependency for tls selftests"
    - bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide
    - selftests/bpf: Fix u8 narrow load checks for bpf_sk_lookup remote_port
    - rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
    - SUNRPC: Don't call connect() more than once on a TCP socket
    - Revert "nbd: fix possible overflow on 'first_minor' in nbd_dev_add()"
    - perf build: Don't use -ffat-lto-objects in the python feature test when
      building with clang-13
    - perf python: Fix probing for some clang command line options
    - tools build: Filter out options and warnings not supported by clang
    - tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
    - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
    - KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
    - Revert "net/mlx5: Accept devlink user input after driver initialization
      complete"
    - ubsan: remove CONFIG_UBSAN_OBJECT_SIZE
    - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
    - selftests: cgroup: Test open-time credential usage for migration checks
    - selftests: cgroup: Test open-time cgroup namespace usage for migration
      checks
    - mm: don't skip swap entry even if zap_details specified
    - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
    - x86/bug: Prevent shadowing in __WARN_FLAGS
    - sched: Teach the forced-newidle balancer about CPU affinity limitation.
    - x86,static_call: Fix __static_call_return0 for i386
    - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling
    - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S
    - irqchip/gic, gic-v3: Prevent GSI to SGI translations
    - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
    - static_call: Don't make __static_call_return0 static
    - powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
    - stacktrace: move filter_irq_stacks() to kernel/stacktrace.c
    - Linux 5.15.34
    - [Config] armhf, s390x: update annotations following
      DEBUG_FORCE_FUNCTION_ALIGN_64B support removal in v5.15.34
  * Jammy update: v5.15.33 upstream stable release (LP: #1969110)
    - Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    - USB: serial: pl2303: add IBM device IDs
    - dt-bindings: usb: hcd: correct usb-device path
    - USB: serial: pl2303: fix GS type detection
    - USB: serial: simple: add Nokia phone driver
    - mm: kfence: fix missing objcg housekeeping for SLAB
    - hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
    - HID: logitech-dj: add new lightspeed receiver id
    - HID: Add support for open wheel and no attachment to T300
    - xfrm: fix tunnel model fragmentation behavior
    - ARM: mstar: Select HAVE_ARM_ARCH_TIMER
    - virtio_console: break out of buf poll on remove
    - vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
    - tools/virtio: fix virtio_test execution
    - ethernet: sun: Free the coherent when failing in probing
    - gpio: Revert regression in sysfs-gpio (gpiolib.c)
    - spi: Fix invalid sgs value
    - net:mcf8390: Use platform_get_irq() to get the interrupt
    - Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
    - spi: Fix erroneous sgs value with min_t()
    - Input: zinitix - do not report shadow fingers
    - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
      pfkey_register
    - net: dsa: microchip: add spi_device_id tables
    - selftests: vm: fix clang build error multiple output files
    - locking/lockdep: Avoid potential access of invalid memory in lock_class
    - drm/amdgpu: move PX checking into amdgpu_device_ip_early_init
    - drm/amdgpu: only check for _PR3 on dGPUs
    - iommu/iova: Improve 32-bit free space estimate
    - virtio-blk: Use blk_validate_block_size() to validate block size
    - tpm: fix reference counting for struct tpm_chip
    - usb: typec: tipd: Forward plug orientation to typec subsystem
    - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
    - xhci: fix garbage USBSTS being logged in some cases
    - xhci: fix runtime PM imbalance in USB2 resume
    - xhci: make xhci_handshake timeout for xhci_reset() adjustable
    - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
    - mei: me: disable driver on the ign firmware
    - mei: me: add Alder Lake N device id.
    - mei: avoid iterator usage outside of list_for_each_entry
    - bus: mhi: pci_generic: Add mru_default for Quectel EM1xx series
    - bus: mhi: Fix MHI DMA structure endianness
    - docs: sphinx/requirements: Limit jinja2<3.1
    - coresight: Fix TRCCONFIGR.QE sysfs interface
    - coresight: syscfg: Fix memleak on registration failure in
      cscfg_create_device
    - iio: afe: rescale: use s64 for temporary scale calculations
    - iio: inkern: apply consumer scale on IIO_VAL_INT cases
    - iio: inkern: apply consumer scale when no channel scale is available
    - iio: inkern: make a best effort on offset calculation
    - greybus: svc: fix an error handling bug in gb_svc_hello()
    - clk: rockchip: re-add rational best approximation algorithm to the
      fractional divider
    - clk: uniphier: Fix fixed-rate initialization
    - cifs: fix handlecache and multiuser
    - cifs: we do not need a spinlock around the tree access during umount
    - KEYS: fix length validation in keyctl_pkey_params_get_2()
    - KEYS: asymmetric: enforce that sig algo matches key algo
    - KEYS: asymmetric: properly validate hash_algo and encoding
    - Documentation: add link to stable release candidate tree
    - Documentation: update stable tree link
    - firmware: stratix10-svc: add missing callback parameter on RSU
    - firmware: sysfb: fix platform-device leak in error path
    - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
    - SUNRPC: avoid race between mod_timer() and del_timer_sync()
    - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR
    - NFSD: prevent underflow in nfssvc_decode_writeargs()
    - NFSD: prevent integer overflow on 32 bit systems
    - f2fs: fix to unlock page correctly in error path of is_alive()
    - f2fs: quota: fix loop condition at f2fs_quota_sync()
    - f2fs: fix to do sanity check on .cp_pack_total_block_count
    - remoteproc: Fix count check in rproc_coredump_write()
    - mm/mlock: fix two bugs in user_shm_lock()
    - pinctrl: ingenic: Fix regmap on X series SoCs
    - pinctrl: samsung: drop pin banks references on error paths
    - net: bnxt_ptp: fix compilation error
    - spi: mxic: Fix the transmit path
    - mtd: rawnand: protect access to rawnand devices while in suspend
    - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
    - can: m_can: m_can_tx_handler(): fix use after free of skb
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path
    - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
    - jffs2: fix memory leak in jffs2_do_mount_fs
    - jffs2: fix memory leak in jffs2_scan_medium
    - mm: fs: fix lru_cache_disabled race in bh_lru
    - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
    - mm: invalidate hwpoison page cache page in fault path
    - mempolicy: mbind_range() set_policy() after vma_merge()
    - scsi: core: sd: Add silence_suspend flag to suppress some PM messages
    - scsi: ufs: Fix runtime PM messages never-ending cycle
    - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters
    - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
    - qed: display VF trust config
    - qed: validate and restrict untrusted VFs vlan promisc mode
    - riscv: dts: canaan: Fix SPI3 bus width
    - riscv: Fix fill_callchain return value
    - riscv: Increase stack size under KASAN
    - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
    - cifs: prevent bad output lengths in smb2_ioctl_query_info()
    - cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
    - ALSA: cs4236: fix an incorrect NULL check on list iterator
    - ALSA: hda: Avoid unsol event during RPM suspending
    - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
    - rtc: mc146818-lib: fix locking in mc146818_set_time
    - rtc: pl031: fix rtc features null pointer dereference
    - ocfs2: fix crash when mount with quota enabled
    - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD
      panels
    - mm: madvise: skip unmapped vma holes passed to process_madvise
    - mm: madvise: return correct bytes advised with process_madvise
    - Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
    - mm,hwpoison: unmap poisoned page before invalidation
    - mm/kmemleak: reset tag when compare object pointer
    - dm stats: fix too short end duration_ns when using precise_timestamps
    - dm: fix use-after-free in dm_cleanup_zoned_dev()
    - dm: interlock pending dm_io and dm_wait_for_bios_completion
    - dm: fix double accounting of flush with data
    - dm integrity: set journal entry unused when shrinking device
    - tracing: Have trace event string test handle zero length strings
    - drbd: fix potential silent data corruption
    - powerpc/kvm: Fix kvm_use_magic_page
    - PCI: fu740: Force 2.5GT/s for initial device probe
    - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available
    - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory
      zones
    - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2
    - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
    - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
    - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
    - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs
    - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
    - Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query
      flag"
    - ACPI: properties: Consistently return -ENOENT if there are no more
      references
    - coredump: Also dump first pages of non-executable ELF libraries
    - ext4: fix ext4_fc_stats trace point
    - ext4: fix fs corruption when tring to remove a non-empty directory with IO
      error
    - ext4: make mb_optimize_scan performance mount option work with extents
    - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
    - samples/landlock: Fix path_list memory leak
    - landlock: Use square brackets around "landlock-ruleset"
    - mailbox: tegra-hsp: Flush whole channel
    - block: limit request dispatch loop duration
    - block: don't merge across cgroup boundaries if blkcg is enabled
    - drm/edid: check basic audio support on CEA extension block
    - fbdev: Hot-unplug firmware fb devices on forced removal
    - video: fbdev: sm712fb: Fix crash in smtcfb_read()
    - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
    - rfkill: make new event layout opt-in
    - ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes
    - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
    - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5420
    - mgag200 fix memmapsl configuration in GCTL6 register
    - carl9170: fix missing bit-wise or operator for tx_params
    - pstore: Don't use semaphores in always-atomic-context code
    - thermal: int340x: Increase bitmap size
    - lib/raid6/test: fix multiple definition linking error
    - exec: Force single empty string when argv is empty
    - crypto: rsa-pkcs1pad - only allow with rsa
    - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
    - crypto: rsa-pkcs1pad - restore signature length check
    - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
    - bcache: fixup multiple threads crash
    - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
    - DEC: Limit PMAX memory probing to R3k systems
    - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
    - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3
    - media: venus: venc: Fix h264 8x8 transform control
    - media: davinci: vpif: fix unbalanced runtime PM get
    - media: davinci: vpif: fix unbalanced runtime PM enable
    - btrfs: zoned: mark relocation as writing
    - btrfs: extend locking to all space_info members accesses
    - btrfs: verify the tranisd of the to-be-written dirty extent buffer
    - xtensa: define update_mmu_tlb function
    - xtensa: fix stop_machine_cpuslocked call in patch_text
    - xtensa: fix xtensa_wsr always writing 0
    - drm/syncobj: flatten dma_fence_chains on transfer
    - drm/nouveau/backlight: Fix LVDS backlight detection on some laptops
    - drm/nouveau/backlight: Just set all backlight types as RAW
    - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB
    - brcmfmac: firmware: Allocate space for default boardrev in nvram
    - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
    - brcmfmac: pcie: Declare missing firmware files in pcie.c
    - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
    - brcmfmac: pcie: Fix crashes due to early IRQs
    - drm/i915/opregion: check port number bounds for SWSCI display power state
    - drm/i915/gem: add missing boundary check in vm_access
    - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
    - PCI: pciehp: Clear cmd_busy bit in polling mode
    - PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
    - regulator: qcom_smd: fix for_each_child.cocci warnings
    - selinux: access superblock_security_struct in LSM blob way
    - selinux: check return value of sel_make_avc_files
    - crypto: ccp - Ensure psp_ret is always init'd in
      __sev_platform_init_locked()
    - hwrng: cavium - Check health status while reading random data
    - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
    - crypto: sun8i-ss - really disable hash on A80
    - crypto: authenc - Fix sleep in atomic context in decrypt_tail
    - crypto: mxs-dcp - Fix scatterlist processing
    - selinux: Fix selinux_sb_mnt_opts_compat()
    - thermal: int340x: Check for NULL after calling kmemdup()
    - crypto: octeontx2 - remove CONFIG_DM_CRYPT check
    - spi: tegra114: Add missing IRQ check in tegra_spi_probe
    - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe
    - stack: Constrain and fix stack offset randomization with Clang builds
    - arm64/mm: avoid fixmap race condition when create pud mapping
    - blk-cgroup: set blkg iostat after percpu stat aggregation
    - selftests/x86: Add validity check and allow field splitting
    - selftests/sgx: Treat CC as one argument
    - crypto: rockchip - ECB does not need IV
    - audit: log AUDIT_TIME_* records only from rules
    - EVM: fix the evm= __setup handler return value
    - crypto: ccree - don't attempt 0 len DMA mappings
    - crypto: hisilicon/sec - fix the aead software fallback for engine
    - spi: pxa2xx-pci: Balance reference count for PCI DMA device
    - hwmon: (pmbus) Add mutex to regulator ops
    - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
    - nvme: cleanup __nvme_check_ids
    - nvme: fix the check for duplicate unique identifiers
    - block: don't delete queue kobject before its children
    - PM: hibernate: fix __setup handler error handling
    - PM: suspend: fix return value of __setup handler
    - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
    - hwrng: atmel - disable trng on failure path
    - crypto: sun8i-ss - call finalize with bh disabled
    - crypto: sun8i-ce - call finalize with bh disabled
    - crypto: amlogic - call finalize with bh disabled
    - crypto: gemini - call finalize with bh disabled
    - crypto: vmx - add missing dependencies
    - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix
    - clocksource/drivers/exynos_mct: Refactor resources allocation
    - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts
    - clocksource/drivers/timer-microchip-pit64b: Use notrace
    - clocksource/drivers/timer-of: Check return value of of_iomap in
      timer_of_base_init()
    - arm64: prevent instrumentation of bp hardening callbacks
    - KEYS: trusted: Fix trusted key backends when building as module
    - KEYS: trusted: Avoid calling null function trusted_key_exit
    - ACPI: APEI: fix return value of __setup handlers
    - crypto: ccp - ccp_dmaengine_unregister release dma channels
    - crypto: ccree - Fix use after free in cc_cipher_exit()
    - hwrng: nomadik - Change clk_disable to clk_disable_unprepare
    - hwmon: (pmbus) Add Vin unit off handling
    - clocksource: acpi_pm: fix return value of __setup handler
    - io_uring: don't check unrelated req->open.how in accept request
    - io_uring: terminate manual loop iterator loop correctly for non-vecs
    - watch_queue: Fix NULL dereference in error cleanup
    - watch_queue: Actually free the watch
    - f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
    - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
    - sched/core: Export pelt_thermal_tp
    - sched/uclamp: Fix iowait boost escaping uclamp restriction
    - rseq: Remove broken uapi field layout on 32-bit little endian
    - perf/core: Fix address filter parser for multiple filters
    - perf/x86/intel/pt: Fix address filter config for 32-bit kernel
    - sched/fair: Improve consistency of allowed NUMA balance calculations
    - f2fs: fix missing free nid in f2fs_handle_failed_inode
    - nfsd: more robust allocation failure handling in nfsd_file_cache_init
    - sched/cpuacct: Fix charge percpu cpuusage
    - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race
    - f2fs: fix to avoid potential deadlock
    - btrfs: fix unexpected error path when reflinking an inline extent
    - f2fs: fix compressed file start atomic write may cause data corruption
    - selftests, x86: fix how check_cc.sh is being invoked
    - drivers/base/memory: add memory block to memory group after registration
      succeeded
    - kunit: make kunit_test_timeout compatible with comment
    - pinctrl: samsung: Remove EINT handler for Exynos850 ALIVE and CMGP gpios
    - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size
    - media: camss: csid-170: fix non-10bit formats
    - media: camss: csid-170: don't enable unused irqs
    - media: camss: csid-170: set the right HALT_CMD when disabled
    - media: camss: vfe-170: fix "VFE halt timeout" error
    - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique
    - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    - media: mtk-vcodec: potential dereference of null pointer
    - media: imx: imx8mq-mipi-csi2: remove wrong irq config write operation
    - media: imx: imx8mq-mipi_csi2: fix system resume
    - media: bttv: fix WARNING regression on tunerless devices
    - media: atmel: atmel-sama7g5-isc: fix ispck leftover
    - ASoC: sh: rz-ssi: Drop calling rz_ssi_pio_recv() recursively
    - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio
    - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
    - ASoC: simple-card-utils: Set sysclk on all components
    - media: coda: Fix missing put_device() call in coda_get_vdoa_data
    - media: meson: vdec: potential dereference of null pointer
    - media: hantro: Fix overfill bottom register field name
    - media: ov6650: Fix set format try processing path
    - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers
    - media: ov5648: Don't pack controls struct
    - media: aspeed: Correct value for h-total-pixels
    - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
      avoid black screen
    - video: fbdev: controlfb: Fix COMPILE_TEST build
    - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
    - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
    - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
    - ARM: dts: Fix OpenBMC flash layout label addresses
    - firmware: qcom: scm: Remove reassignment to desc following initializer
    - ARM: dts: qcom: ipq4019: fix sleep clock
    - soc: qcom: rpmpd: Check for null return of devm_kcalloc
    - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
    - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
    - arm64: dts: qcom: sdm845: fix microphone bias properties and values
    - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema
    - arm64: dts: broadcom: bcm4908: use proper TWD binding
    - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
    - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc
    - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not
      defined
    - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
    - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order
    - vsprintf: Fix potential unaligned access
    - ARM: dts: imx: Add missing LVDS decoder on M53Menlo
    - media: mexon-ge2d: fixup frames size in registers
    - media: video/hdmi: handle short reads of hdmi info frame.
    - media: ti-vpe: cal: Fix a NULL pointer dereference in
      cal_ctx_v4l2_init_formats()
    - media: em28xx: initialize refcount before kref_get
    - media: usb: go7007: s2250-board: fix leak in probe()
    - media: cedrus: H265: Fix neighbour info buffer size
    - media: cedrus: h264: Fix neighbour info buffer size
    - ASoC: codecs: rx-macro: fix accessing compander for aux
    - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type
    - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
    - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
    - ASoC: codecs: wcd938x: fix kcontrol max values
    - ASoC: codecs: wcd934x: fix kcontrol max values
    - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
    - media: v4l2-core: Initialize h264 scaling matrix
    - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated
    - selftests/lkdtm: Add UBSAN config
    - lib: uninline simple_strntoull() as well
    - vsprintf: Fix %pK with kptr_restrict == 0
    - uaccess: fix nios2 and microblaze get_user_8()
    - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
    - soc: mediatek: pm-domains: Add wakeup capacity support in power domain
    - mmc: sdhci_am654: Fix the driver data of AM64 SoC
    - ASoC: ti: davinci-i2s: Add check for clk_enable()
    - ALSA: spi: Add check for clk_enable()
    - arm64: dts: ns2: Fix spi-cpol and spi-cpha property
    - arm64: dts: broadcom: Fix sata nodename
    - printk: fix return value of printk.devkmsg __setup handler
    - ASoC: mxs-saif: Handle errors for clk_enable
    - ASoC: atmel_ssc_dai: Handle errors for clk_enable
    - ASoC: dwc-i2s: Handle errors for clk_enable
    - ASoC: soc-compress: prevent the potentially use of null pointer
    - memory: emif: Add check for setup_interrupts
    - memory: emif: check the pointer temp in get_device_details()
    - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
    - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
    - m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined
    - media: stk1160: If start stream fails, return buffers with
      VB2_BUF_STATE_QUEUED
    - media: vidtv: Check for null return of vzalloc
    - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
    - ASoC: wm8350: Handle error for wm8350_register_irq
    - ASoC: fsi: Add check for clk_enable
    - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
    - media: saa7134: fix incorrect use to determine if list is empty
    - ivtv: fix incorrect device_caps for ivtvfb
    - ASoC: atmel: Fix error handling in snd_proto_probe
    - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in
      rockchip_i2s_probe
    - ASoC: SOF: Add missing of_node_put() in imx8m_probe
    - ASoC: mediatek: use of_device_get_match_data()
    - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe
    - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe
    - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
    - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
    - ASoC: fsl_spdif: Disable TX clock when stop
    - ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
    - ASoC: SOF: Intel: enable DMI L1 for playback streams
    - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
      msm8916_wcd_digital_probe
    - mmc: davinci_mmc: Handle error for clk_enable
    - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
    - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
    - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
    - ASoC: amd: Fix reference to PCM buffer address
    - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS
    - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx
    - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
    - drm/meson: Make use of the helper function
      devm_platform_ioremap_resourcexxx()
    - drm/meson: split out encoder from meson_dw_hdmi
    - drm/meson: Fix error handling when afbcd.ops->init fails
    - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
    - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
    - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
    - drm: bridge: adv7511: Fix ADV7535 HPD enablement
    - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
    - drm/v3d/v3d_drv: Check for error num after setting mask
    - drm/panfrost: Check for error num after setting mask
    - libbpf: Fix possible NULL pointer dereference when destroying skeleton
    - bpftool: Only set obj->skeleton on complete success
    - udmabuf: validate ubuf->pagecount
    - bpf: Fix UAF due to race between btf_try_get_module and load_module
    - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in
      sideband_msg_req_encode_decode
    - selftests: bpf: Fix bind on used port
    - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products
    - Bluetooth: hci_serdev: call init_rwsem() before p->open()
    - mtd: onenand: Check for error irq
    - mtd: rawnand: gpmi: fix controller timings setting
    - drm/edid: Don't clear formats if using deep color
    - drm/edid: Split deep color modes between RGB and YUV444
    - ionic: fix type complaint in ionic_dev_cmd_clean()
    - ionic: start watchdog after all is setup
    - ionic: Don't send reset commands if FW isn't running
    - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
    - drm/amd/display: Fix a NULL pointer dereference in
      amdgpu_dm_connector_add_common_modes()
    - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
    - net: phy: at803x: move page selection fix to config_init
    - selftests/bpf: Normalize XDP section names in selftests
    - selftests/bpf/test_xdp_redirect_multi: use temp netns for testing
    - ath9k_htc: fix uninit value bugs
    - RDMA/core: Set MR type in ib_reg_user_mr
    - KVM: PPC: Fix vmx/vsx mixup in mmio emulation
    - selftests/net: timestamping: Fix bind_phc check
    - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
    - i40e: respect metadata on XSK Rx to skb
    - igc: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
    - ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly
    - ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
    - ixgbe: respect metadata on XSK Rx to skb
    - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
    - ray_cs: Check ioremap return value
    - powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch
    - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
    - powerpc/perf: Don't use perf_hw_context for trace IMC PMU
    - mt76: connac: fix sta_rec_wtbl tag len
    - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta
      mode
    - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
    - mt76: mt7921: fix a leftover race in runtime-pm
    - mt76: mt7615: fix a leftover race in runtime-pm
    - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
    - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
    - ptp: unregister virtual clocks when unregistering physical clock.
    - net: dsa: mv88e6xxx: Enable port policy support on 6097
    - mac80211: Remove a couple of obsolete TODO
    - mac80211: limit bandwidth in HE capabilities
    - scripts/dtc: Call pkg-config POSIXly correct
    - livepatch: Fix build failure on 32 bits processors
    - net: asix: add proper error handling of usb read errors
    - i2c: bcm2835: Use platform_get_irq() to get the interrupt
    - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()'
    - mtd: mchp23k256: Add SPI ID table
    - mtd: mchp48l640: Add SPI ID table
    - igc: avoid kernel warning when changing RX ring parameters
    - igb: refactor XDP registration
    - PCI: aardvark: Fix reading MSI interrupt number
    - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
    - RDMA/rxe: Check the last packet by RXE_END_MASK
    - libbpf: Fix signedness bug in btf_dump_array_data()
    - cxl/core: Fix cxl_probe_component_regs() error message
    - cxl/regs: Fix size of CXL Capability Header Register
    - net:enetc: allocate CBD ring data memory using DMA coherent methods
    - libbpf: Fix compilation warning due to mismatched printf format
    - drm/bridge: dw-hdmi: use safe format when first in bridge chain
    - libbpf: Use dynamically allocated buffer when receiving netlink messages
    - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
    - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
    - iommu/ipmmu-vmsa: Check for error num after setting mask
    - drm/bridge: anx7625: Fix overflow issue on reading EDID
    - bpftool: Fix the error when lookup in no-btf maps
    - drm/amd/pm: enable pm sysfs write for one VF mode
    - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
    - libbpf: Fix memleak in libbpf_netlink_recv()
    - IB/cma: Allow XRC INI QPs to set their local ACK timeout
    - dax: make sure inodes are flushed before destroy cache
    - selftests: mptcp: add csum mib check for mptcp_connect
    - iwlwifi: mvm: Don't call iwl_mvm_sta_from_mac80211() with NULL sta
    - iwlwifi: mvm: don't iterate unadded vifs when handling FW SMPS req
    - iwlwifi: mvm: align locking in D3 test debugfs
    - iwlwifi: yoyo: remove DBGI_SRAM address reset writing
    - iwlwifi: Fix -EIO error code that is never returned
    - iwlwifi: mvm: Fix an error code in iwl_mvm_up()
    - mtd: rawnand: pl353: Set the nand chip node as the flash node
    - drm/msm/dp: populate connector of struct dp_panel
    - drm/msm/dp: stop link training after link training 2 failed
    - drm/msm/dp: always add fail-safe mode into connector mode list
    - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent
    - drm/msm/dsi/phy: fix 7nm v4.0 settings for C-PHY mode
    - drm/msm/dpu: add DSPP blocks teardown
    - drm/msm/dpu: fix dp audio condition
    - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
    - vfio/pci: fix memory leak during D3hot to D0 transition
    - vfio/pci: wake-up devices around reset functions
    - scsi: fnic: Fix a tracing statement
    - scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
    - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
    - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
    - scsi: pm8001: Fix le32 values handling in
      pm80xx_set_sas_protocol_timer_config()
    - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
    - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
    - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
    - scsi: pm8001: Fix NCQ NON DATA command task initialization
    - scsi: pm8001: Fix NCQ NON DATA command completion handling
    - scsi: pm8001: Fix abort all task initialization
    - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
    - drm/amd/display: Remove vupdate_int_entry definition
    - TOMOYO: fix __setup handlers return values
    - power: supply: sbs-charger: Don't cancel work that is not initialized
    - ext2: correct max file size computing
    - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
    - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
      return
    - scsi: hisi_sas: Change permission of parameter prot_mask
    - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
    - bpf, arm64: Call build_prologue() first in first JIT pass
    - bpf, arm64: Feed byte-offset into bpf line info
    - xsk: Fix race at socket teardown
    - RDMA/irdma: Fix netdev notifications for vlan's
    - RDMA/irdma: Fix Passthrough mode in VM
    - RDMA/irdma: Remove incorrect masking of PD
    - gpu: host1x: Fix a memory leak in 'host1x_remove()'
    - libbpf: Skip forward declaration when counting duplicated type names
    - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
    - powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
    - KVM: x86: Fix emulation in writing cr8
    - KVM: x86/emulator: Defer not-present segment check in
      __load_segment_descriptor()
    - hv_balloon: rate-limit "Unhandled message" warning
    - i2c: xiic: Make bus names unique
    - power: supply: wm8350-power: Handle error for wm8350_register_irq
    - power: supply: wm8350-power: Add missing free in free_charger_irq
    - IB/hfi1: Allow larger MTU without AIP
    - RDMA/core: Fix ib_qp_usecnt_dec() called when error
    - PCI: Reduce warnings on possible RW1C corruption
    - net: axienet: fix RX ring refill allocation failure handling
    - drm/msm/a6xx: Fix missing ARRAY_SIZE() check
    - mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
    - MIPS: Sanitise Cavium switch cases in TLB handler synthesizers
    - powerpc/sysdev: fix incorrect use to determine if list is empty
    - powerpc/64s: Don't use DSISR for SLB faults
    - mfd: mc13xxx: Add check for mc13xxx_irq_request
    - libbpf: Unmap rings when umem deleted
    - selftests/bpf: Make test_lwt_ip_encap more stable and faster
    - platform/x86: huawei-wmi: check the return value of device_create_file()
    - scsi: mpt3sas: Fix incorrect 4GB boundary check
    - powerpc: 8xx: fix a return value error in mpc8xx_pic_init
    - vxcan: enable local echo for sent CAN frames
    - ath10k: Fix error handling in ath10k_setup_msa_resources
    - mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
    - MIPS: RB532: fix return value of __setup handler
    - MIPS: pgalloc: fix memory leak caused by pgd_free()
    - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
    - power: ab8500_chargalg: Use CLOCK_MONOTONIC
    - RDMA/irdma: Prevent some integer underflows
    - Revert "RDMA/core: Fix ib_qp_usecnt_dec() called when error"
    - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
    - bpf, sockmap: Fix memleak in sk_psock_queue_msg
    - bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
    - bpf, sockmap: Fix more uncharged while msg has more_data
    - bpf, sockmap: Fix double uncharge the mem of sk_msg
    - samples/bpf, xdpsock: Fix race when running for fix duration of time
    - USB: storage: ums-realtek: fix error code in rts51x_read_mem()
    - drm/i915/display: Fix HPD short pulse handling for eDP
    - netfilter: flowtable: Fix QinQ and pppoe support for inet table
    - mt76: mt7921: fix mt7921_queues_acq implementation
    - can: isotp: sanitize CAN ID checks in isotp_bind()
    - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
    - can: isotp: support MSG_TRUNC flag when reading from socket
    - bareudp: use ipv6_mod_enabled to check if IPv6 enabled
    - ibmvnic: fix race between xmit and reset
    - af_unix: Fix some data-races around unix_sk(sk)->oob_skb.
    - selftests/bpf: Fix error reporting from sock_fields programs
    - Bluetooth: hci_uart: add missing NULL check in h5_enqueue
    - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
    - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
    - ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
    - af_netlink: Fix shift out of bounds in group mask calculation
    - i2c: meson: Fix wrong speed use from probe
    - netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()
    - i2c: mux: demux-pinctrl: do not deactivate a master that is not active
    - powerpc/pseries: Fix use after free in remove_phb_dynamic()
    - selftests/bpf/test_lirc_mode2.sh: Exit with proper code
    - PCI: Avoid broken MSI on SB600 USB devices
    - net: bcmgenet: Use stronger register read/writes to assure ordering
    - tcp: ensure PMTU updates are processed during fastopen
    - openvswitch: always update flow key after nat
    - net: dsa: fix panic on shutdown if multi-chip tree failed to probe
    - tipc: fix the timer expires after interval 100ms
    - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
    - ice: fix 'scheduling while atomic' on aux critical err interrupt
    - ice: don't allow to run ice_send_event_to_aux() in atomic ctx
    - drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via
      ethtool
    - kernel/resource: fix kfree() of bootmem memory again
    - staging: r8188eu: convert DBG_88E_LEVEL call in hal/rtl8188e_hal_init.c
    - staging: r8188eu: release_firmware is not called if allocation fails
    - mxser: fix xmit_buf leak in activate when LSR == 0xff
    - fsi: scom: Fix error handling
    - fsi: scom: Remove retries in indirect scoms
    - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
    - pps: clients: gpio: Propagate return value from pps_gpio_probe
    - fsi: Aspeed: Fix a potential double free
    - misc: alcor_pci: Fix an error handling path
    - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
    - soundwire: intel: fix wrong register name in intel_shim_wake
    - clk: qcom: ipq8074: fix PCI-E clock oops
    - dmaengine: idxd: check GENCAP config support for gencfg register
    - dmaengine: idxd: change bandwidth token to read buffers
    - dmaengine: idxd: restore traffic class defaults after wq reset
    - iio: mma8452: Fix probe failing when an i2c_device_id is used
    - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type
    - staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
    - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
    - pinctrl: renesas: checker: Fix miscalculation of number of states
    - clk: qcom: ipq8074: Use floor ops for SDCC1 clock
    - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
    - phy: phy-brcm-usb: fixup BCM4908 support
    - serial: 8250_mid: Balance reference count for PCI DMA device
    - serial: 8250_lpss: Balance reference count for PCI DMA device
    - NFS: Use of mapping_set_error() results in spurious errors
    - serial: 8250: Fix race condition in RTS-after-send handling
    - iio: adc: Add check for devm_request_threaded_irq
    - habanalabs: Add check for pci_enable_device
    - NFS: Return valid errors from nfs2/3_decode_dirent()
    - staging: r8188eu: fix endless loop in recv_func
    - dma-debug: fix return value of __setup handlers
    - clk: imx7d: Remove audio_mclk_root_clk
    - clk: imx: off by one in imx_lpcg_parse_clks_from_dt()
    - clk: at91: sama7g5: fix parents of PDMCs' GCLK
    - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
    - clk: qcom: clk-rcg2: Update the frac table for pixel clock
    - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
    - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
    - remoteproc: qcom_wcnss: Add missing of_node_put() in
      wcnss_alloc_memory_region
    - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
    - nvdimm/region: Fix default alignment for small regions
    - clk: actions: Terminate clk_div_table with sentinel element
    - clk: loongson1: Terminate clk_div_table with sentinel element
    - clk: hisilicon: Terminate clk_div_table with sentinel element
    - clk: clps711x: Terminate clk_div_table with sentinel element
    - clk: Fix clk_hw_get_clk() when dev is NULL
    - clk: tegra: tegra124-emc: Fix missing put_device() call in
      emc_ensure_emc_driver
    - mailbox: imx: fix crash in resume on i.mx8ulp
    - NFS: remove unneeded check in decode_devicenotify_args()
    - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
    - staging: mt7621-dts: fix formatting
    - staging: mt7621-dts: fix pinctrl properties for ethernet
    - staging: mt7621-dts: fix GB-PC2 devicetree
    - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
    - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
    - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
    - pinctrl: mediatek: paris: Fix pingroup pin config state readback
    - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual
      GPIOs
    - pinctrl: microchip sgpio: use reset driver
    - pinctrl: microchip-sgpio: lock RMW access
    - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
    - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
    - tty: hvc: fix return value of __setup handler
    - kgdboc: fix return value of __setup handler
    - serial: 8250: fix XOFF/XON sending when DMA is used
    - virt: acrn: obtain pa from VMA with PFNMAP flag
    - virt: acrn: fix a memory leak in acrn_dev_ioctl()
    - kgdbts: fix return value of __setup handler
    - firmware: google: Properly state IOMEM dependency
    - driver core: dd: fix return value of __setup handler
    - jfs: fix divide error in dbNextAG
    - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
    - SUNRPC don't resend a task on an offlined transport
    - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
    - kdb: Fix the putarea helper function
    - perf stat: Fix forked applications enablement of counters
    - clk: qcom: gcc-msm8994: Fix gpll4 width
    - vsock/virtio: initialize vdev->priv before using VQs
    - vsock/virtio: read the negotiated features before using VQs
    - vsock/virtio: enable VQs early on probe
    - clk: Initialize orphan req_rate
    - xen: fix is_xen_pmu()
    - net: enetc: report software timestamping via SO_TIMESTAMPING
    - net: hns3: fix bug when PF set the duplicate MAC address for VFs
    - net: hns3: fix port base vlan add fail when concurrent with reset
    - net: hns3: add vlan list lock to protect vlan list
    - net: hns3: format the output of the MAC address
    - net: hns3: refine the process when PF set VF VLAN
    - net: phy: broadcom: Fix brcm_fet_config_init()
    - selftests: test_vxlan_under_vrf: Fix broken test case
    - NFS: Don't loop forever in nfs_do_recoalesce()
    - net: hns3: clean residual vf config after disable sriov
    - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL
    - qlcnic: dcb: default to returning -EOPNOTSUPP
    - net/x25: Fix null-ptr-deref caused by x25_disconnect
    - net: sparx5: switchdev: fix possible NULL pointer dereference
    - octeontx2-af: initialize action variable
    - net: prefer nf_ct_put instead of nf_conntrack_put
    - net/sched: act_ct: fix ref leak when switching zones
    - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
    - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
    - fs: fd tables have to be multiples of BITS_PER_LONG
    - lib/test: use after free in register_test_dev_kmod()
    - fs: fix fd table size alignment properly
    - LSM: general protection fault in legacy_parse_param
    - regulator: rpi-panel: Handle I2C errors/timing to the Atmel
    - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos
    - gcc-plugins/stackleak: Exactly match strings instead of prefixes
    - pinctrl: npcm: Fix broken references to chip->parent_device
    - rcu: Mark writes to the rcu_segcblist structure's ->flags field
    - block/bfq_wf2q: correct weight to ioprio
    - crypto: xts - Add softdep on ecb
    - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3
    - block, bfq: don't move oom_bfqq
    - selinux: use correct type for context length
    - arm64: module: remove (NOLOAD) from linker script
    - selinux: allow FIOCLEX and FIONCLEX with policy capability
    - loop: use sysfs_emit() in the sysfs xxx show()
    - Fix incorrect type in assignment of ipv6 port for audit
    - irqchip/qcom-pdc: Fix broken locking
    - irqchip/nvic: Release nvic_base upon failure
    - fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
    - bfq: fix use-after-free in bfq_dispatch_request
    - ACPICA: Avoid walking the ACPI Namespace if it is not there
    - lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
    - Revert "Revert "block, bfq: honor already-setup queue merges""
    - ACPI/APEI: Limit printable size of BERT table data
    - PM: core: keep irq flags in device_pm_check_callbacks()
    - parisc: Fix handling off probe non-access faults
    - nvme-tcp: lockdep: annotate in-kernel sockets
    - spi: tegra20: Use of_device_get_match_data()
    - atomics: Fix atomic64_{read_acquire,set_release} fallbacks
    - locking/lockdep: Iterate lock_classes directly when reading lockdep files
    - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
    - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
    - sched/tracing: Report TASK_RTLOCK_WAIT tasks as TASK_UNINTERRUPTIBLE
    - ext4: don't BUG if someone dirty pages without asking ext4 first
    - f2fs: fix to do sanity check on curseg->alloc_type
    - NFSD: Fix nfsd_breaker_owns_lease() return values
    - f2fs: don't get FREEZE lock in f2fs_evict_inode in frozen fs
    - btrfs: harden identification of a stale device
    - btrfs: make search_csum_tree return 0 if we get -EFBIG
    - f2fs: use spin_lock to avoid hang
    - f2fs: compress: fix to print raw data size in error path of lz4
      decompression
    - Adjust cifssb maximum read size
    - ntfs: add sanity check on allocation size
    - media: staging: media: zoran: move videodev alloc
    - media: staging: media: zoran: calculate the right buffer number for
      zoran_reap_stat_com
    - media: staging: media: zoran: fix various V4L2 compliance errors
    - media: atmel: atmel-isc-base: report frame sizes as full supported range
    - media: ir_toy: free before error exiting
    - ASoC: sh: rz-ssi: Make the data structures available before registering the
      handlers
    - ASoC: SOF: Intel: match sdw version on link_slaves_found
    - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers
    - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already
      has
    - media: iommu/mediatek: Return ENODEV if the device is NULL
    - media: iommu/mediatek: Add device_link between the consumer and the larb
      devices
    - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
    - video: fbdev: w100fb: Reset global state
    - video: fbdev: cirrusfb: check pixclock to avoid divide by zero
    - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
    - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
    - ARM: dts: bcm2837: Add the missing L1/L2 cache information
    - ASoC: madera: Add dependencies on MFD
    - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator
      off on some boards
    - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
    - ARM: ftrace: avoid redundant loads or clobbering IP
    - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
    - arm64: defconfig: build imx-sdma as a module
    - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
    - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of
      snprintf()
    - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
    - ARM: dts: bcm2711: Add the missing L1/L2 cache information
    - ASoC: soc-core: skip zero num_dai component in searching dai name
    - media: imx-jpeg: fix a bug of accessing array out of bounds
    - media: cx88-mpeg: clear interrupt status register before streaming video
    - uaccess: fix type mismatch warnings from access_ok()
    - lib/test_lockup: fix kernel pointer check for separate address spaces
    - ARM: tegra: tamonten: Fix I2C3 pad setting
    - ARM: mmp: Fix failure to remove sram device
    - ASoC: amd: vg: fix for pm resume callback sequence
    - video: fbdev: sm712fb: Fix crash in smtcfb_write()
    - media: i2c: ov5648: Fix lockdep error
    - media: Revert "media: em28xx: add missing em28xx_close_extension"
    - media: hdpvr: initialize dev->worker at hdpvr_register_videodev
    - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13"
    - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
    - mmc: host: Return an error when ->enable_sdio_irq() ops is missing
    - media: atomisp: fix bad usage at error handling logic
    - ALSA: hda/realtek: Add alc256-samsung-headphone fixup
    - KVM: x86: Reinitialize context if host userspace toggles EFER.LME
    - KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root()
    - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
    - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU
    - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()
    - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb()
    - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB
      flush hypercalls
    - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
    - powerpc/kasan: Fix early region not updated correctly
    - powerpc/lib/sstep: Fix 'sthcx' instruction
    - powerpc/lib/sstep: Fix build errors with newer binutils
    - powerpc: Add set_memory_{p/np}() and remove set_memory_attr()
    - powerpc: Fix build errors with newer binutils
    - drm/dp: Fix off-by-one in register cache size
    - drm/i915: Treat SAGV block time 0 as SAGV disabled
    - drm/i915: Fix PSF GV point mask when SAGV is not possible
    - drm/i915: Reject unsupported TMDS rates on ICL+
    - scsi: qla2xxx: Refactor asynchronous command initialization
    - scsi: qla2xxx: Implement ref count for SRB
    - scsi: qla2xxx: Fix stuck session in gpdb
    - scsi: qla2xxx: Fix warning message due to adisc being flushed
    - scsi: qla2xxx: Fix scheduling while atomic
    - scsi: qla2xxx: Fix premature hw access after PCI error
    - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
    - scsi: qla2xxx: Fix warning for missing error code
    - scsi: qla2xxx: Fix device reconnect in loop topology
    - scsi: qla2xxx: edif: Fix clang warning
    - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters
    - scsi: qla2xxx: Add devids and conditionals for 28xx
    - scsi: qla2xxx: Check for firmware dump already collected
    - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
    - scsi: qla2xxx: Fix disk failure to rediscover
    - scsi: qla2xxx: Fix incorrect reporting of task management failure
    - scsi: qla2xxx: Fix hang due to session stuck
    - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
    - scsi: qla2xxx: Fix N2N inconsistent PLOGI
    - scsi: qla2xxx: Fix stuck session of PRLI reject
    - scsi: qla2xxx: Reduce false trigger to login
    - scsi: qla2xxx: Use correct feature type field during RFF_ID processing
    - platform: chrome: Split trace include file
    - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
    - KVM: x86: Avoid theoretical NULL pointer dereference in
      kvm_irq_delivery_to_apic_fast()
    - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
    - KVM: Prevent module exit until all VMs are freed
    - KVM: x86: fix sending PV IPI
    - KVM: SVM: fix panic on out-of-bounds guest IRQ
    - ubifs: rename_whiteout: Fix double free for whiteout_ui->data
    - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
    - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
    - ubifs: Rename whiteout atomically
    - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work
    - ubifs: Rectify space amount budget for mkdir/tmpfile operations
    - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
    - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
    - ubifs: Fix to add refcount once page is set private
    - ubifs: rename_whiteout: correct old_dir size computing
    - nvme: allow duplicate NSIDs for private namespaces
    - nvme: fix the read-only state for zoned namespaces with unsupposed features
    - wireguard: queueing: use CFI-safe ptr_ring cleanup function
    - wireguard: socket: free skb in send6 when ipv6 is disabled
    - wireguard: socket: ignore v6 endpoints when ipv6 is disabled
    - XArray: Fix xas_create_range() when multi-order entry present
    - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
    - can: mcba_usb: properly check endpoint type
    - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value
    - XArray: Update the LRU list in xas_split()
    - modpost: restore the warning message for missing symbol versions
    - rtc: check if __rtc_read_time was successful
    - gfs2: gfs2_setattr_size error path fix
    - gfs2: Make sure FITRIM minlen is rounded up to fs block size
    - net: hns3: fix the concurrency between functions reading debugfs
    - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
    - rxrpc: fix some null-ptr-deref bugs in server_key.c
    - rxrpc: Fix call timer start racing with call destruction
    - mailbox: imx: fix wakeup failure from freeze mode
    - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
    - watch_queue: Free the page array when watch_queue is dismantled
    - pinctrl: pinconf-generic: Print arguments for bias-pull-*
    - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function
    - net: sparx5: uses, depends on BRIDGE or !BRIDGE
    - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
    - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
    - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
    - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
    - ARM: iop32x: offset IRQ numbers by 1
    - block: Fix the maximum minor value is blk_alloc_ext_minor()
    - io_uring: fix memory leak of uid in files registration
    - riscv module: remove (NOLOAD)
    - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
    - vhost: handle error while adding split ranges to iotlb
    - spi: Fix Tegra QSPI example
    - platform/chrome: cros_ec_typec: Check for EC device
    - can: isotp: restore accidentally removed MSG_PEEK feature
    - proc: bootconfig: Add null pointer check
    - drm/connector: Fix typo in documentation
    - scsi: qla2xxx: Add qla2x00_async_done() for async routines
    - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet
    - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition
    - ASoC: soc-compress: Change the check for codec_dai
    - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    - tracing: Have type enum modifications copy the strings
    - net: add skb_set_end_offset() helper
    - net: preserve skb_end_offset() in skb_unclone_keeptruesize()
    - mm/mmap: return 1 from stack_guard_gap __setup() handler
    - ARM: 9187/1: JIVE: fix return value of __setup handler
    - mm/memcontrol: return 1 from cgroup.memory __setup() handler
    - mm/usercopy: return 1 from hardened_usercopy __setup() handler
    - af_unix: Support POLLPRI for OOB.
    - bpf: Adjust BPF stack helper functions to accommodate skip > 0
    - bpf: Fix comment for helper bpf_current_task_under_cgroup()
    - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM
    - dt-bindings: mtd: nand-controller: Fix the reg property description
    - dt-bindings: mtd: nand-controller: Fix a comment in the examples
    - dt-bindings: spi: mxic: The interrupt property is not mandatory
    - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167
    - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example
    - ubi: fastmap: Return error code if memory allocation fails in add_aeb()
    - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV
    - ASoC: topology: Allow TLV control to be either read or write
    - perf vendor events: Update metrics for SkyLake Server
    - media: ov6650: Add try support to selection API operations
    - media: ov6650: Fix crop rectangle affected by set format
    - spi: mediatek: support tick_delay without enhance_timing
    - ARM: dts: spear1340: Update serial node properties
    - ARM: dts: spear13xx: Update SPI dma properties
    - arm64: dts: ls1043a: Update i2c dma properties
    - arm64: dts: ls1046a: Update i2c node dma properties
    - um: Fix uml_mconsole stop/go
    - docs: sysctl/kernel: add missing bit to panic_print
    - openvswitch: Fixed nd target mask field in the flow dump.
    - torture: Make torture.sh help message match reality
    - n64cart: convert bi_disk to bi_bdev->bd_disk fix build
    - mmc: rtsx: Let MMC core handle runtime PM
    - mmc: rtsx: Fix build errors/warnings for unused variable
    - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
    - iommu/dma: Skip extra sync during unmap w/swiotlb
    - iommu/dma: Fold _swiotlb helpers into callers
    - iommu/dma: Check CONFIG_SWIOTLB more broadly
    - swiotlb: Support aligned swiotlb buffers
    - iommu/dma: Account for min_align_mask w/swiotlb
    - coredump: Snapshot the vmas in do_coredump
    - coredump: Remove the WARN_ON in dump_vma_snapshot
    - coredump/elf: Pass coredump_params into fill_note_info
    - coredump: Use the vma snapshot in fill_files_note
    - PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
    - Linux 5.15.33
  * Jammy update: v5.15.32 upstream stable release (LP: #1969106)
    - net: ipv6: fix skb_over_panic in __ip6_append_data
    - tpm: Fix error handling in async work
    - Bluetooth: btusb: Add another Realtek 8761BU
    - llc: fix netdevice reference leaks in llc_ui_bind()
    - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
    - ALSA: oss: Fix PCM OSS buffer allocation overflow
    - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE
    - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
    - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    - ALSA: hda/realtek: Add quirk for ASUS GA402
    - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    - ALSA: pcm: Fix races among concurrent read/write and buffer changes
    - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    - ALSA: pcm: Fix races among concurrent prealloc proc writes
    - ALSA: pcm: Add stream lock during PCM reset ioctl operations
    - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
    - ALSA: cmipci: Restore aux vol on suspend/resume
    - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
    - drivers: net: xgene: Fix regression in CRC stripping
    - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
    - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
    - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
    - crypto: qat - disable registration of algorithms
    - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE
    - Revert "ath: add support for special 0x0 regulatory domain"
    - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
    - rcu: Don't deboost before reporting expedited quiescent state
    - uaccess: fix integer overflow on access_ok()
    - mac80211: fix potential double free on mesh join
    - tpm: use try_get_ops() in tpm-space.c
    - wcn36xx: Differentiate wcn3660 from wcn3620
    - m68k: fix access_ok for coldfire
    - nds32: fix access_ok() checks in get/put_user
    - llc: only change llc->dev when bind() succeeds
    - Linux 5.15.32
  * Jammy update: v5.15.31 upstream stable release (LP: #1969105)
    - crypto: qcom-rng - ensure buffer for generate is completely filled
    - ocfs2: fix crash when initialize filecheck kobj fails
    - mm: swap: get rid of livelock in swapin readahead
    - block: release rq qos structures for queue without disk
    - drm/mgag200: Fix PLL setup for g200wb and g200ew
    - efi: fix return value of __setup handlers
    - alx: acquire mutex for alx_reinit in alx_change_mtu
    - vsock: each transport cycles only on its own sockets
    - esp6: fix check on ipv6_skip_exthdr's return value
    - net: phy: marvell: Fix invalid comparison in the resume and suspend
      functions
    - net/packet: fix slab-out-of-bounds access in packet_recvmsg()
    - atm: eni: Add check for dma_map_single
    - iavf: Fix double free in iavf_reset_task
    - hv_netvsc: Add check for kvmalloc_array
    - drm/imx: parallel-display: Remove bus flags check in
      imx_pd_bridge_atomic_check()
    - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
    - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
    - drm: Don't make DRM_PANEL_BRIDGE dependent on DRM_KMS_HELPERS
    - net: dsa: Add missing of_node_put() in dsa_port_parse_of
    - net: phy: mscc: Add MODULE_FIRMWARE macros
    - bnx2x: fix built-in kernel driver load failure
    - net: bcmgenet: skip invalid partial checksums
    - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower
      offload
    - iavf: Fix hang during reboot/shutdown
    - arm64: fix clang warning about TRAMP_VALIAS
    - usb: gadget: rndis: prevent integer overflow in rndis_set_response()
    - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
    - usb: usbtmc: Fix bug in pipe direction for control transfers
    - scsi: mpt3sas: Page fault in reply q processing
    - Input: aiptek - properly check endpoint type
    - perf symbols: Fix symbol size calculation condition
    - btrfs: skip reserved bytes warning on unmount after log cleanup failure
    - Linux 5.15.31

-- Tim Gardner <tim.gardner@canonical.com>  Thu, 26 May 2022 09:13:53 -0600

Changed in linux-azure (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-06-07:

This bug was fixed in the package linux-azure - 5.4.0-1083.87

---------------
linux-azure (5.4.0-1083.87) focal; urgency=medium

[ Ubuntu: 5.4.0-117.132 ]

  * CVE-2022-1966
    - netfilter: nf_tables: add nft_set_elem_expr_alloc()
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

-- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 01 Jun 2022 21:52:55 -0300

Changed in linux-azure (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-azure package

[Azure] PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-azure package