Bug #2013088 “kernel: fix __clear_user() inline assembly constra...” : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2023-03-28

tags:	added: architecture-s39064 bugnameltc-202103 severity-high targetmilestone-inin---
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2023-03-28

Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
importance:	Undecided → High
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)

Frank Heimes (fheimes) on 2023-03-28

summary:

- [UBUNTU 18.04] kernel: fix __clear_user() inline assembly constraints
+ kernel: fix __clear_user() inline assembly constraints

Frank Heimes (fheimes) on 2023-03-28

description:

updated

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-03-28:

#1

Patch request submitted for lunar:
https://lists.ubuntu.com/archives/kernel-team/2023-March/thread.html#138158
Updating status for series lunar to 'In Progress'.

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-03-28:

#2

In addition a test build for lunar's 6.2 was done in PPA at:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088

Changed in linux (Ubuntu Lunar):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	New → In Progress
Changed in linux (Ubuntu Lunar):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)

Frank Heimes (fheimes) on 2023-04-03

Changed in linux (Ubuntu Bionic):
status:	New → Incomplete
Changed in linux (Ubuntu Focal):
status:	New → Incomplete

Revision history for this message

bugproxy (bugproxy) wrote on 2023-04-03: uaccess clear_user() fix

#3

------- Comment on attachment From <email address hidden> 2023-04-03 14:32 EDT-------

Attached patch applies to 18.04 and 20.04.

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-04-04:

#4

More test kernels are being build at:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2013088
For the K and J series based on a cherrypick of 89aba4c26fae
and for the F and B series based on the above backport (with slightly modified meta data).

description:

updated

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-04-04:

#5

The SRU request for series K, J, F and B was submitted to the kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2023-April/thread.html#138413

Changed in linux (Ubuntu Kinetic):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
Changed in linux (Ubuntu Focal):
status:	Incomplete → In Progress
Changed in linux (Ubuntu Bionic):
status:	Incomplete → In Progress
Changed in linux (Ubuntu Kinetic):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Focal):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Kinetic):
importance:	Undecided → High
Changed in linux (Ubuntu Jammy):
importance:	Undecided → High
Changed in linux (Ubuntu Focal):
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
importance:	Undecided → High

Stefan Bader (smb) on 2023-04-06

Changed in linux (Ubuntu Kinetic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2023-04-06

Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-04-19:

#6

Due to:
https://lists.ubuntu.com/archives/kernel-team/2023-April/138879.html
"Already applied as part of upstream stable v6.2.10."
I'll update the lunar entry status to Fix Released.

Changed in linux (Ubuntu Lunar):
status:	In Progress → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-19:

#7

This bug is awaiting verification that the linux/5.4.0-149.166 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-20:

#8

This bug is awaiting verification that the linux/5.19.0-41.42 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux verification-needed-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-20:

#9

This bug is awaiting verification that the linux/4.15.0-211.222 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-bionic-linux verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-20:

#10

This bug is awaiting verification that the linux/5.15.0-72.79 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux verification-needed-jammy

Revision history for this message

bugproxy (bugproxy) wrote on 2023-04-21: Comment bridged from LTC Bugzilla

#11

------- Comment From <email address hidden> 2023-04-21 07:49 EDT-------
Verified on focal, bionic, kinetic, and jammy.

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-04-21:

#12

Many thx for the verifications! (I'm adjusting the tags accordingly ...)

tags:

added: verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic
removed: verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-27:

#13

This bug is awaiting verification that the linux-nvidia-5.19/5.19.0-1010.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-5.19 verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-04-27:

#14

This bug does not affect nvidia-5.19, hence set jammy to done again to unblock.

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-15:

#15

Download full text (5.2 KiB)

This bug was fixed in the package linux - 4.15.0-211.222

---------------
linux (4.15.0-211.222) bionic; urgency=medium

* bionic/linux: 4.15.0-211.222 -proposed tracker (LP: #2016623)

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
- [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
- s390/uaccess: add missing earlyclobber annotations to __clear_user()

* Fix selftests/ftracetests/Meta-selftests (LP: #2006453)
- selftests/ftrace: Fix bash specific "==" operator

  * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - sctp: do not check hb_timer.expires when resetting hb_timer
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - scsi: target: core: Fix warning on RT kernels
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - net/x25: Fix to not accept on connected socket
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - fbcon: Check font dimension limits
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - btrfs: limit device extents to the device size
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - ALSA: pci: lx6464es: fix a debug loop
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - aio: fix mremap after fork null-deref
    - mmc: sdio: fix possible resource leaks in some error paths
    - ALSA: hda/conexant: add a new hda codec SN6180
    - hugetlb: check for undefined shift on 32 bit architectures
    - revert...

This bug was fixed in the package linux - 4.15.0-211.222

---------------
linux (4.15.0-211.222) bionic; urgency=medium

* bionic/linux: 4.15.0-211.222 -proposed tracker (LP: #2016623)

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()

* Fix selftests/ftracetests/Meta-selftests (LP: #2006453)
    - selftests/ftrace: Fix bash specific "==" operator

* Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - sctp: do not check hb_timer.expires when resetting hb_timer
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - scsi: target: core: Fix warning on RT kernels
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - net/x25: Fix to not accept on connected socket
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - fbcon: Check font dimension limits
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - btrfs: limit device extents to the device size
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - ALSA: pci: lx6464es: fix a debug loop
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - aio: fix mremap after fork null-deref
    - mmc: sdio: fix possible resource leaks in some error paths
    - ALSA: hda/conexant: add a new hda codec SN6180
    - hugetlb: check for undefined shift on 32 bit architectures
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - nilfs2: fix underflow in second superblock position calculations
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - thermal: intel: int340x: Protect trip temperature from concurrent updates
    - iio:adc:twl6030: Enable measurement of VAC
    - IB/hfi1: Restore allocated resources on failed copyout
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - random: always mix cycle counter in add_latent_entropy()
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - bpf: add missing header file include
    - vc_screen: don't clobber return value in vcs_read
    - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size

* CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

-- Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>  Tue, 18 Apr 2023 11:29:54 -0700

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-15:

#16

Download full text (23.7 KiB)

This bug was fixed in the package linux - 5.15.0-72.79

---------------
linux (5.15.0-72.79) jammy; urgency=medium

* jammy/linux: 5.15.0-72.79 -proposed tracker (LP: #2016548)

* Add split lock detection for EMR (LP: #2015855)
- x86/split_lock: Enumerate architectural split lock disable bit

* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit

  * Add support for intel EMR cpu (LP: #2015372)
    - platform/x86: intel-uncore-freq: add Emerald Rapids support
    - perf/x86/intel/cstate: Add Emerald Rapids
    - perf/x86/rapl: Add support for Intel Emerald Rapids
    - intel_idle: add Emerald Rapids Xeon support
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - tools/power turbostat: Introduce support for EMR
    - powercap: intel_rapl: add support for Emerald Rapids
    - EDAC/i10nm: Add Intel Emerald Rapids server support

  * Kernel livepatch ftrace graph fix (LP: #2013603)
    - kprobes: treewide: Remove trampoline_address from
      kretprobe_trampoline_handler()
    - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly
    - kprobes: Add kretprobe_find_ret_addr() for searching return address
    - s390/unwind: recover kretprobe modified return address in stacktrace
    - s390/unwind: fix fgraph return address recovery

* Jammy update: v5.15.98 upstream stable release (LP: #2015600)
- Linux 5.15.98

  * Jammy update: v5.15.97 upstream stable release (LP: #2015599)
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - staging: mt7621-dts: change palmbus address to lower case
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: Invoke 'realpath' via 'xargs'
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 5.15.97

  * Jammy update: v5.15.96 upstream stable release (LP: #2015595)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - ...

This bug was fixed in the package linux - 5.15.0-72.79

---------------
linux (5.15.0-72.79) jammy; urgency=medium

* jammy/linux: 5.15.0-72.79 -proposed tracker (LP: #2016548)

* Add split lock detection for EMR (LP: #2015855)
    - x86/split_lock: Enumerate architectural split lock disable bit

*  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

* Add support for intel EMR cpu (LP: #2015372)
    - platform/x86: intel-uncore-freq: add Emerald Rapids support
    - perf/x86/intel/cstate: Add Emerald Rapids
    - perf/x86/rapl: Add support for Intel Emerald Rapids
    - intel_idle: add Emerald Rapids Xeon support
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - tools/power turbostat: Introduce support for EMR
    - powercap: intel_rapl: add support for Emerald Rapids
    - EDAC/i10nm: Add Intel Emerald Rapids server support

* Kernel livepatch ftrace graph fix (LP: #2013603)
    - kprobes: treewide: Remove trampoline_address from
      kretprobe_trampoline_handler()
    - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly
    - kprobes: Add kretprobe_find_ret_addr() for searching return address
    - s390/unwind: recover kretprobe modified return address in stacktrace
    - s390/unwind: fix fgraph return address recovery

* Jammy update: v5.15.98 upstream stable release (LP: #2015600)
    - Linux 5.15.98

* Jammy update: v5.15.97 upstream stable release (LP: #2015599)
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - staging: mt7621-dts: change palmbus address to lower case
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: Invoke 'realpath' via 'xargs'
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 5.15.97

* Jammy update: v5.15.96 upstream stable release (LP: #2015595)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - clk: mxl: Remove redundant spinlocks
    - clk: mxl: Add option to override gate clks
    - clk: mxl: Fix a clk entry by adding relevant flags
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - clk: mxl: syscon_node_to_regmap() returns error pointers
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - powerpc: use generic version of arch_is_kernel_initmem_freed()
    - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
    - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
    - powerpc/64s/radix: Fix crash with unaligned relocated kernel
    - powerpc/64s/radix: Fix RWX mapping with relocated kernel
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - uaccess: Add speculation barrier to copy_from_user()
    - binder: read pre-translated fds from sender buffer
    - binder: defer copies of pre-patched txn data
    - binder: fix pointer cast warning
    - binder: Address corner cases in deferred copy and fixup
    - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    - nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - audit: update the mailing list in MAINTAINERS
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - bpf: add missing header file include
    - Linux 5.15.96

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()

* Kernel crash during Mellanox performance testing (LP: #2015097)
    - net/mlx5: fs, refactor software deletion rule

* expoline.o is packaged unconditionally for s390x (LP: #2013209)
    - [Packaging] Copy expoline.o only when produced by the build

* Intel E810 NICs driver in causing hangs when booting and bonds configured
    (LP: #2004262)
    - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock

* Jammy update: v5.15.95 upstream stable release (LP: #2013118)
    - mptcp: fix locking for in-kernel listener creation
    - kprobes: treewide: Cleanup the error messages for kprobes
    - riscv: kprobe: Fixup misaligned load text
    - ACPI / x86: Add support for LPS0 callback handler
    - ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
    - ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ALSA: hda: Do not unset preset when cleaning up codec
    - bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - drm/amd/display: Properly handle additional cases where DCN is not supported
    - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
    - nvmem: core: add error handling for dev_set_name
    - nvmem: core: fix cleanup after dev_set_name()
    - nvmem: core: fix registration vs use race
    - nvmem: core: fix return value
    - xfs: zero inode fork buffer at allocation
    - xfs: fix potential log item leak
    - xfs: detect self referencing btree sibling pointers
    - xfs: set XFS_FEAT_NLINK correctly
    - xfs: validate v5 feature fields
    - xfs: avoid unnecessary runtime sibling pointer endian conversions
    - xfs: don't assert fail on perag references on teardown
    - xfs: assert in xfs_btree_del_cursor should take into account error
    - xfs: purge dquots after inode walk fails during quotacheck
    - xfs: don't leak btree cursor when insrec fails after a split
    - mptcp: do not wait for bare sockets' timeout
    - aio: fix mremap after fork null-deref
    - drm/amd/display: Fail atomic_check early on normalize_zpos error
    - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled
    - platform/x86: amd-pmc: Correct usage of SMU version
    - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN
    - netfilter: nft_tproxy: restrict to prerouting hook
    - tcp: Fix listen() regression in 5.15.88.
    - mmc: jz4740: Work around bug on JZ4760(B)
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
    - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - nilfs2: fix underflow in second superblock position calculations
    - mm/filemap: fix page end in filemap_get_read_batch
    - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
    - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
    - flow_offload: fill flags to action structure
    - net/sched: act_ctinfo: use percpu stats
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - platform/x86/amd: pmc: add CONFIG_SERIO dependency
    - Linux 5.15.95

* CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

* devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute
    (KeyError: 'flavour') (LP: #1937133)
    - selftests: net: devlink_port_split.py: skip test if no suitable device
      available

* Connection timeout due to conntrack limits (LP: #2011616)
    - netfilter: conntrack: adopt safer max chain length

* Jammy update: v5.15.94 upstream stable release (LP: #2012673)
    - mm/migration: return errno when isolate_huge_page failed
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: hda/realtek: Add Positivo N14KP6-TG
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
    - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - of/address: Return an error when no valid dma-ranges are found
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - xfrm: compat: change expression for switch in xfrm_xlate64
    - IB/hfi1: Restore allocated resources on failed copyout
    - xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - RDMA/irdma: Fix potential NULL-ptr-dereference
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - net: phylink: move phy_device_free() to correctly release phy device
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - uapi: add missing ip/ipv6 header dependencies for linux/stddef.h
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware
    - net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol
      802.1Q"
    - net/mlx5e: Move repeating clear_bit in mlx5e_rx_reporter_err_rq_cqe_recover
    - net/mlx5e: Introduce the mlx5e_flush_rq function
    - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
    - net/mlx5: Bridge, fix ageing of peer FDB entries
    - net/mlx5e: IPoIB, Show unknown speed instead of error
    - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
    - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
    - net/mlx5: Serialize module cleanup with reload and remove
    - igc: Add ndo_tx_timeout support
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - riscv: stacktrace: Fix missing the first frame
    - ASoC: topology: Return -ENOMEM on memory allocation failure
    - pinctrl: mediatek: Fix the drive register definition of some Pins
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - spi: dw: Fix wrong FIFO level setting for long xfers
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - cifs: Fix use-after-free in rdata->read_into_pages()
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - mptcp: be careful on subflow status propagation on errors
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - clk: ingenic: jz4760: Update M/N/OD calculation algorithm
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
      switch
    - rtmutex: Ensure that the top waiter is always woken up
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - Fix page corruption caused by racy check in __free_pages
    - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
    - drm/i915: Initialize the obj flags for shmem objects
    - drm/i915: Fix VBT DSI DVO port handling
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
    - Linux 5.15.94

* Jammy update: v5.15.93 upstream stable release (LP: #2012665)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: boards: fix spelling in comments
    - ASoC: Intel: bytcht_es8316: move comment to the right place
    - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
    - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - bpf: Support <8-byte scalar spill and refill
    - bpf: Fix to preserve reg parent/live fields when copying range info
    - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - drm/vc4: hdmi: make CEC adapter name unique
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - vhost/net: Clear the pending messages when the backend is removed
    - WRITE is "data source", not destination...
    - READ is "data destination", not source...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - ice: Prevent set_channel from changing queues while RDMA active
    - qede: execute xdp_do_flush() before napi_complete_done()
    - virtio-net: execute xdp_do_flush() before napi_complete_done()
    - dpaa_eth: execute xdp_do_flush() before napi_complete_done()
    - dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
    - sfc: correctly advertise tunneled IPv6 segmentation
    - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
    - block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"
    - block, bfq: replace 0/1 with false/true in bic apis
    - block, bfq: fix uaf for bfqq in bic_set_bfqq()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - drm/i915/guc: Fix locking when searching for a hung request
    - drm/i915/adlp: Fix typo for reference clock
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local
      address
    - ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local
      address
    - riscv: kprobe: Fixup kernel panic when probing an illegal position
    - igc: return an error if the mac type is unknown in
      igc_ptp_systim_to_hwtstamp()
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
    - i2c: mxs: suppress probe-deferral error message
    - scsi: target: core: Fix warning on RT kernels
    - perf/x86/intel: Add Emerald Rapids
    - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
    - net/x25: Fix to not accept on connected socket
    - drm/amd/display: Fix timing not changning when freesync video is enabled
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - Input: i8042 - add Clevo PCX0DX to i8042 quirk table
    - fbcon: Check font dimension limits
    - net: qrtr: free memory on error path in radix_tree_insert()
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - ALSA: hda/realtek: Add Acer Predator PH315-54
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: hid: fix the retval in gyro_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - iio: imu: fxos8700: fix ACCEL measurement range selection
    - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix IMU data bits returned to user space
    - iio: imu: fxos8700: fix map label of channel type to MAGN sensor
    - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix incorrect ODR mode readback
    - iio: imu: fxos8700: fix failed initialization ODR mode assignment
    - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
    - iio: imu: fxos8700: fix MAGN sensor scale and unit
    - nvmem: qcom-spmi-sdam: fix module autoloading
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
    - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
    - x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - highmem: round down the address passed to kunmap_flush_on_unmap()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - drm/i915: Fix potential bit_17 double-free
    - nvmem: core: initialise nvmem->id early
    - nvmem: core: remove nvmem_config wp_gpio
    - nvmem: core: fix cell removal on error
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - phy: qcom-qmp-combo: disable runtime PM on unbind
    - phy: qcom-qmp-combo: fix memleak on probe deferral
    - phy: qcom-qmp-usb: fix memleak on probe deferral
    - phy: qcom-qmp-combo: fix broken power on
    - phy: qcom-qmp-combo: fix runtime suspend
    - bpf: Fix incorrect state pruning for <8B spill/fill
    - bpf: Do not reject when the stack read size is different from the tracked
      scalar size
    - iio:adc:twl6030: Enable measurement of VAC
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fs/ntfs3: Validate attribute data and valid sizes
    - ovl: Use "buf" flexible array for memcpy() destination
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
    - gfs2: Always check inode size of inline inodes
    - bpf: Skip invalid kfunc call in backtrack_insn
    - Linux 5.15.93

* CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

* [SRU][Ubuntu 22.04.1]: Observed "Array Index out of bounds" Call Trace
    multiple times on Ubuntu 22.04.1 OS during boot (LP: #2008157)
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_FW_RAID_MAP
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_FW_RAID_MAP_DYNAMIC
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_DRV_RAID_MAP
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_PD_CFG_SEQ_NUM_SYNC
    - scsi: megaraid_sas: Use struct_size() in code related to struct
      MR_FW_RAID_MAP
    - scsi: megaraid_sas: Use struct_size() in code related to struct
      MR_PD_CFG_SEQ_NUM_SYNC

* Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
    child qdiscs" (LP: #2011926)
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 18 Apr 2023 16:42:38 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-15:

#17

Download full text (72.0 KiB)

This bug was fixed in the package linux - 5.19.0-42.43

---------------
linux (5.19.0-42.43) kinetic; urgency=medium

* kinetic/linux: 5.19.0-42.43 -proposed tracker (LP: #2016503)

* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
- [Debian] autoreconstruct - fix restoration of execute permissions

  * Kinetic update: upstream stable patchset 2023-04-10 (LP: #2015812)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - clk: mxl: Remove redundant spinlocks
    - clk: mxl: Add option to override gate clks
    - clk: mxl: Fix a clk entry by adding relevant flags
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - clk: mxl: syscon_node_to_regmap() returns error pointers
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
    - powerpc/64s/radix: Fix RWX mapping with relocated kernel
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - audit: update the mailing list in MAINTAINERS
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - wifi: ath11k: fix warning in dma_free_coherent() of memory chunks while
      recovery
    - sched/psi: Stop relying on timer_pending() for poll_work rescheduling
    - docs: perf: Fix PMU instance name of hisi-pcie-pmu
    - randstruct: disable Clang 15 support
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add suppo...

This bug was fixed in the package linux - 5.19.0-42.43

---------------
linux (5.19.0-42.43) kinetic; urgency=medium

* kinetic/linux: 5.19.0-42.43 -proposed tracker (LP: #2016503)

*  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* Kinetic update: upstream stable patchset 2023-04-10 (LP: #2015812)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - clk: mxl: Remove redundant spinlocks
    - clk: mxl: Add option to override gate clks
    - clk: mxl: Fix a clk entry by adding relevant flags
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - clk: mxl: syscon_node_to_regmap() returns error pointers
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
    - powerpc/64s/radix: Fix RWX mapping with relocated kernel
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - audit: update the mailing list in MAINTAINERS
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - wifi: ath11k: fix warning in dma_free_coherent() of memory chunks while
      recovery
    - sched/psi: Stop relying on timer_pending() for poll_work rescheduling
    - docs: perf: Fix PMU instance name of hisi-pcie-pmu
    - randstruct: disable Clang 15 support
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file

* Kinetic update: upstream stable patchset 2023-04-06 (LP: #2015511)
    - ARM: dts: imx: Fix pca9547 i2c-mux node name
    - ARM: dts: vf610: Fix pca9548 i2c-mux node names
    - arm64: dts: freescale: Fix pca954x i2c-mux node names
    - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
    - firmware: arm_scmi: Clear stale xfer->hdr.status
    - bpf: Skip task with pid=1 in send_signal_common()
    - erofs/zmap.c: Fix incorrect offset calculation
    - blk-cgroup: fix missing pd_online_fn() while activating policy
    - HID: playstation: sanity check DualSense calibration data.
    - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
    - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
    - extcon: usbc-tusb320: fix kernel-doc warning
    - net: fix NULL pointer in skb_segment_list
    - net: mctp: purge receive queues on sk destruction
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
    - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - bpf: Fix to preserve reg parent/live fields when copying range info
    - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - drm/vc4: hdmi: make CEC adapter name unique
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - vhost/net: Clear the pending messages when the backend is removed
    - WRITE is "data source", not destination...
    - READ is "data destination", not source...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - ice: Prevent set_channel from changing queues while RDMA active
    - qede: execute xdp_do_flush() before napi_complete_done()
    - virtio-net: execute xdp_do_flush() before napi_complete_done()
    - dpaa_eth: execute xdp_do_flush() before napi_complete_done()
    - dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
    - sfc: correctly advertise tunneled IPv6 segmentation
    - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
    - block, bfq: replace 0/1 with false/true in bic apis
    - block, bfq: fix uaf for bfqq in bic_set_bfqq()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - drm/i915/guc: Fix locking when searching for a hung request
    - drm/i915/adlp: Fix typo for reference clock
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local
      address
    - ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local
      address
    - riscv: kprobe: Fixup kernel panic when probing an illegal position
    - igc: return an error if the mac type is unknown in
      igc_ptp_systim_to_hwtstamp()
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
    - i2c: mxs: suppress probe-deferral error message
    - scsi: target: core: Fix warning on RT kernels
    - perf/x86/intel: Add Emerald Rapids
    - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
    - net/x25: Fix to not accept on connected socket
    - drm/amd/display: Fix timing not changning when freesync video is enabled
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - fbcon: Check font dimension limits
    - net: qrtr: free memory on error path in radix_tree_insert()
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - ALSA: hda/realtek: Add Acer Predator PH315-54
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: hid: fix the retval in gyro_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - iio: imu: fxos8700: fix ACCEL measurement range selection
    - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix IMU data bits returned to user space
    - iio: imu: fxos8700: fix map label of channel type to MAGN sensor
    - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix incorrect ODR mode readback
    - iio: imu: fxos8700: fix failed initialization ODR mode assignment
    - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
    - iio: imu: fxos8700: fix MAGN sensor scale and unit
    - nvmem: qcom-spmi-sdam: fix module autoloading
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
    - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
    - x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - highmem: round down the address passed to kunmap_flush_on_unmap()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - drm/i915: Fix potential bit_17 double-free
    - nvmem: core: initialise nvmem->id early
    - nvmem: core: remove nvmem_config wp_gpio
    - nvmem: core: fix cell removal on error
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - phy: qcom-qmp-combo: fix memleak on probe deferral
    - phy: qcom-qmp-usb: fix memleak on probe deferral
    - phy: qcom-qmp-combo: fix broken power on
    - phy: qcom-qmp-combo: fix runtime suspend
    - iio:adc:twl6030: Enable measurement of VAC
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fs/ntfs3: Validate attribute data and valid sizes
    - ovl: Use "buf" flexible array for memcpy() destination
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
    - gfs2: Always check inode size of inline inodes
    - bpf: Skip invalid kfunc call in backtrack_insn
    - ASoC: Intel: sof_es8336: Drop reference count of ACPI device after use
    - ASoC: Intel: avs: Implement PCI shutdown
    - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs
    - arm64: dts: imx8mm-verdin: Do not power down eth-phy
    - vhost-scsi: unbreak any layout for response
    - skb: Do mix page pool and page referenced frags in GRO
    - net: wwan: t7xx: Fix Runtime PM initialization
    - fscache: Use wait_on_bit() to wait for the freeing of relinquished volume
    - drm/i915: Fix request ref counting during error capture & debugfs dump
    - drm/i915: Fix up locking around dumping requests lists
    - ALSA: firewire-motu: fix unreleased lock warning in hwdep device
    - sctp: do not check hb_timer.expires when resetting hb_timer
    - can: mcp251xfd: mcp251xfd_ring_set_ringparam(): assign missing
      tx_obj_num_coalesce_irq
    - rtc: sunplus: fix format string for printing resource
    - certs: Fix build error when PKCS#11 URI contains semicolon
    - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap()
    - ARM: dts: imx7d-smegw01: Fix USB host over-current polarity
    - can: isotp: split tx timer into transmission and timeout
    - can: isotp: handle wait_event_interruptible() return values
    - iio: adc: xilinx-ams: fix devm_krealloc() return value check
    - iio: imx8qxp-adc: fix irq flood when call imx8qxp_adc_read_raw()
    - nvmem: brcm_nvram: Add check for kzalloc
    - nvmem: sunxi_sid: Always use 32-bit MMIO reads
    - Revert "mm: kmemleak: alloc gray object for reserved region with direct map"
    - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
    - usb: typec: ucsi: Don't attempt to resume the ports before they exist
    - usb: gadget: udc: do not clear gadget driver.bus
    - mm/uffd: fix pte marker when fork() without fork event
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - drm/i915: Avoid potential vm use-after-free
    - nvmem: core: fix device node refcounting
    - powerpc/64s/radix: Fix crash with unaligned relocated kernel
    - powerpc/64s: Fix local irq disable when PMIs are disabled
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: hda/realtek: Add Positivo N14KP6-TG
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
    - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - of/address: Return an error when no valid dma-ranges are found
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - xfrm: compat: change expression for switch in xfrm_xlate64
    - IB/hfi1: Restore allocated resources on failed copyout
    - xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - RDMA/irdma: Fix potential NULL-ptr-dereference
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - net: phylink: move phy_device_free() to correctly release phy device
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - uapi: add missing ip/ipv6 header dependencies for linux/stddef.h
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware
    - net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol
      802.1Q"
    - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
    - net/mlx5: Bridge, fix ageing of peer FDB entries
    - net/mlx5e: IPoIB, Show unknown speed instead of error
    - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
    - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
    - net/mlx5: Serialize module cleanup with reload and remove
    - igc: Add ndo_tx_timeout support
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - riscv: stacktrace: Fix missing the first frame
    - ASoC: topology: Return -ENOMEM on memory allocation failure
    - pinctrl: mediatek: Fix the drive register definition of some Pins
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - spi: dw: Fix wrong FIFO level setting for long xfers
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - cifs: Fix use-after-free in rdata->read_into_pages()
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - mptcp: be careful on subflow status propagation on errors
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - clk: ingenic: jz4760: Update M/N/OD calculation algorithm
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
      switch
    - rtmutex: Ensure that the top waiter is always woken up
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - Fix page corruption caused by racy check in __free_pages
    - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
    - drm/i915: Initialize the obj flags for shmem objects
    - drm/i915: Fix VBT DSI DVO port handling
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
    - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
    - xfrm: annotate data-race around use_time
    - of: Make OF framebuffer device names unique
    - cpufreq: qcom-hw: Fix cpufreq_driver->get() for non-LMH systems
    - net: microchip: sparx5: fix PTP init/deinit not checking all ports
    - drm/virtio: exbuf->fence_fd unmodified on interrupted wait
    - ice: Fix disabling Rx VLAN filtering with port VLAN enabled
    - ice: switch: fix potential memleak in ice_add_adv_recipe()
    - net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode
    - txhash: fix sk->sk_txrehash default
    - selftests: Fix failing VXLAN VNI filtering test
    - arm64: dts: rockchip: fix input enable pinconf on rk3399
    - arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a
    - ASoC: tas5805m: rework to avoid scheduling while atomic.
    - ASoC: tas5805m: add missing page switch.
    - ASoC: fsl_sai: fix getting version from VERID
    - mptcp: do not wait for bare sockets' timeout
    - selftests: mptcp: allow more slack for slow test-case
    - selftests: mptcp: stop tests earlier
    - riscv: kprobe: Fixup misaligned load text
    - tracing: Fix TASK_COMM_LEN in trace event format file
    - drm/i915: Move fd_install after last use of fence
    - mptcp: fix locking for in-kernel listener creation
    - ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
    - ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ALSA: hda: Do not unset preset when cleaning up codec
    - bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - drm/amd/display: Properly handle additional cases where DCN is not supported
    - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
    - nvmem: core: add error handling for dev_set_name
    - nvmem: core: fix cleanup after dev_set_name()
    - nvmem: core: fix registration vs use race
    - nvmem: core: fix return value
    - aio: fix mremap after fork null-deref
    - drm/amd/display: Fail atomic_check early on normalize_zpos error
    - tcp: Fix listen() regression in 5.15.88.
    - mmc: jz4740: Work around bug on JZ4760(B)
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - nilfs2: fix underflow in second superblock position calculations
    - mm/filemap: fix page end in filemap_get_read_batch
    - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
    - net/sched: act_ctinfo: use percpu stats
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - platform/x86/amd: pmc: add CONFIG_SERIO dependency
    - kasan: fix Oops due to missing calls to kasan_arch_is_ready()
    - fbdev: Fix invalid page access after closing deferred I/O devices
    - drm/vmwgfx: Stop accessing buffer objects which failed init
    - drm/vmwgfx: Do not drop the reference to the handle too soon
    - gpio: sim: fix a memory leak
    - coredump: Move dump_emit_page() to kill unused warning
    - drm/vc4: crtc: Increase setup cost in core clock calculation to handle
      extreme reduced blanking
    - ice: fix lost multicast packets in promisc mode
    - ice: xsk: Fix cleaning of XDP_TX frames
    - tracing: Make trace_define_field_ext() static
    - net: use a bounce buffer for copying skb->mark
    - igb: conditionalize I2C bit banging on external thermal sensor support
    - igb: Fix PPS input and output using 3rd and 4th SDP

* cm32181 module error blocking suspend (LP: #1988346) // Kinetic update:
    upstream stable patchset 2023-04-06 (LP: #2015511)
    - iio: light: cm32181: Fix PM support on system with 2 I2C resources

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()

* expoline.o is packaged unconditionally for s390x (LP: #2013209)
    - [Packaging] Copy expoline.o only when produced by the build

* Fix selftests/ftracetests/Meta-selftests (LP: #2006453)
    - selftests/ftrace: Fix bash specific "==" operator

* No HDMI audio under 5.19.0-35 & -37 (regression from -32) (LP: #2009136)
    - ALSA: memalloc: Try dma_alloc_noncontiguous() at first
    - ALSA: memalloc: Drop special handling of GFP for CONTINUOUS allocation
    - ALSA: vx: Drop superfluous GFP setup
    - ALSA: pdaudiocf: Drop superfluous GFP setup
    - ASoC: Intel: sst: Switch to standard device pages
    - ALSA: memalloc: Workaround for Xen PV

* Intel E810 NICs driver in causing hangs when booting and bonds configured
    (LP: #2004262)
    - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock

* Kinetic update: upstream stable patchset 2023-04-04 (LP: #2015288)
    - memory: tegra: Remove clients SID override programming
    - memory: atmel-sdramc: Fix missing clk_disable_unprepare in
      atmel_ramc_probe()
    - memory: mvebu-devbus: Fix missing clk_disable_unprepare in
      mvebu_devbus_probe()
    - dmaengine: ti: k3-udma: Do conditional decrement of
      UDMA_CHAN_RT_PEER_BCNT_REG
    - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property
    - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency'
    - ARM: dts: imx7d-pico: Use 'clock-frequency'
    - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
    - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux
    - ARM: imx: add missing of_node_put()
    - HID: intel_ish-hid: Add check for ishtp_dma_tx_map
    - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity
    - soc: imx8m: Fix incorrect check for of_clk_get_by_name()
    - reset: uniphier-glue: Fix possible null-ptr-deref
    - EDAC/highbank: Fix memory leak in highbank_mc_probe()
    - firmware: arm_scmi: Harden shared memory access in fetch_response
    - firmware: arm_scmi: Harden shared memory access in fetch_notification
    - tomoyo: fix broken dependency on *.conf.default
    - RDMA/core: Fix ib block iterator counter overflow
    - IB/hfi1: Reject a zero-length user expected buffer
    - IB/hfi1: Reserve user expected TIDs
    - IB/hfi1: Fix expected receive setup error exit issues
    - IB/hfi1: Immediately remove invalid memory from hardware
    - IB/hfi1: Remove user expected buffer invalidate race
    - affs: initialize fsdata in affs_truncate()
    - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
    - arm64: dts: qcom: msm8992: Don't use sfpb mutex
    - arm64: dts: qcom: msm8992-libra: Fix the memory map
    - phy: ti: fix Kconfig warning and operator precedence
    - NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
    - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
    - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
    - amd-xgbe: Delay AN timeout during KR training
    - bpf: Fix pointer-leak due to insufficient speculative store bypass
      mitigation
    - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
      rockchip_usb2phy_power_on()
    - net: nfc: Fix use-after-free in local_cleanup()
    - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
    - net: enetc: avoid deadlock in enetc_tx_onestep_tstamp()
    - sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb
    - gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock
    - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
    - pinctrl: rockchip: fix reading pull type on rk3568
    - net: stmmac: Fix queue statistics reading
    - net/sched: sch_taprio: fix possible use-after-free
    - l2tp: Serialize access to sk_user_data with sk_callback_lock
    - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
    - l2tp: convert l2tp_tunnel_list to idr
    - l2tp: close all race conditions in l2tp_tunnel_register()
    - net: usb: sr9700: Handle negative len
    - net: mdio: validate parameter addr in mdiobus_get_phy()
    - HID: check empty report_list in hid_validate_values()
    - HID: check empty report_list in bigben_probe()
    - net: stmmac: fix invalid call to mdiobus_get_phy()
    - pinctrl: rockchip: fix mux route data for rk3568
    - HID: revert CHERRY_MOUSE_000C quirk
    - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
    - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
    - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
    - net: ipa: disable ipa interrupt during suspend
    - net/mlx5: E-switch, Fix setting of reserved fields on
      MODIFY_SCHEDULING_ELEMENT
    - net: mlx5: eliminate anonymous module_init & module_exit
    - drm/panfrost: fix GENERIC_ATOMIC64 dependency
    - dmaengine: Fix double increment of client_count in dma_chan_get()
    - net: macb: fix PTP TX timestamp failure due to packet padding
    - virtio-net: correctly enable callback during start_xmit
    - l2tp: prevent lockdep issue in l2tp_tunnel_register()
    - HID: betop: check shape of output reports
    - cifs: fix potential deadlock in cache_refresh_path()
    - dmaengine: xilinx_dma: call of_node_put() when breaking out of
      for_each_child_of_node()
    - phy: phy-can-transceiver: Skip warning if no "max-bitrate"
    - drm/amd/display: fix issues with driver unload
    - nvme-pci: fix timeout request state check
    - tcp: avoid the lookup process failing to get sk in ehash table
    - ptdma: pt_core_execute_cmd() should use spinlock
    - device property: fix of node refcount leak in
      fwnode_graph_get_next_endpoint()
    - w1: fix deadloop in __w1_remove_master_device()
    - w1: fix WARNING after calling w1_process()
    - driver core: Fix test_async_probe_init saves device in wrong array
    - selftests/net: toeplitz: fix race on tpacket_v3 block close
    - net: dsa: microchip: ksz9477: port map correction in ALU table entry
      register
    - thermal/core: Remove duplicate information when an error occurs
    - thermal/core: Rename 'trips' to 'num_trips'
    - thermal: Validate new state in cur_state_store()
    - thermal/core: fix error code in __thermal_cooling_device_register()
    - thermal: core: call put_device() only after device_register() fails
    - net: stmmac: enable all safety features by default
    - tcp: fix rate_app_limited to default to 1
    - scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace
    - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
    - kcsan: test: don't put the expect array on the stack
    - cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist
    - ASoC: fsl_micfil: Correct the number of steps on SX controls
    - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
    - drm: Add orientation quirk for Lenovo ideapad D330-10IGL
    - s390/debug: add _ASM_S390_ prefix to header guard
    - s390: expicitly align _edata and _end symbols on page boundary
    - perf/x86/msr: Add Emerald Rapids
    - perf/x86/intel/uncore: Add Emerald Rapids
    - cpufreq: armada-37xx: stop using 0 as NULL pointer
    - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
    - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
    - spi: spidev: remove debug messages that access spidev->spi without locking
    - KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
    - scsi: hisi_sas: Set a port invalid only if there are no devices attached
      when refreshing port id
    - r8152: add vendor/device ID pair for Microsoft Devkit
    - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
    - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
    - lockref: stop doing cpu_relax in the cmpxchg loop
    - firmware: coreboot: Check size of table entry and use flex-array
    - drm/i915: Remove unused variable
    - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs
    - panic: Separate sysctl logic from CONFIG_SMP
    - exit: Put an upper limit on how often we can oops
    - exit: Expose "oops_count" to sysfs
    - exit: Allow oops_limit to be disabled
    - panic: Consolidate open-coded panic_on_warn checks
    - panic: Introduce warn_limit
    - panic: Expose "warn_count" to sysfs
    - docs: Fix path paste-o for /sys/kernel/warn_count
    - exit: Use READ_ONCE() for all oops/warn limit reads
    - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
    - drm/amdgpu: complete gfxoff allow signal during suspend without delay
    - scsi: hpsa: Fix allocation size for scsi_host_alloc()
    - module: Don't wait for GOING modules
    - tracing: Make sure trace_printk() can output as soon as it can be used
    - trace_events_hist: add check for return value of 'create_hist_field'
    - ftrace/scripts: Update the instructions for ftrace-bisect.sh
    - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
    - i2c: mv64xxx: Remove shutdown method from driver
    - i2c: mv64xxx: Add atomic_xfer method to driver
    - ksmbd: add max connections parameter
    - ksmbd: do not sign response to session request for guest login
    - ksmbd: downgrade ndr version error message to debug
    - ksmbd: limit pdu length size according to connection status
    - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
    - KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation
    - thermal: intel: int340x: Protect trip temperature from concurrent updates
    - ipv6: fix reachability confirmation with proxy_ndp
    - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
    - EDAC/device: Respect any driver-supplied workqueue polling value
    - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
    - net: mana: Fix IRQ name - add PCI and queue number
    - scsi: ufs: core: Fix devfreq deadlocks
    - i2c: designware: use casting of u64 in clock multiplication to avoid
      overflow
    - netlink: prevent potential spectre v1 gadgets
    - net: fix UaF in netns ops registration error path
    - drm/i915/selftest: fix intel_selftest_modify_policy argument types
    - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
    - netfilter: nft_set_rbtree: skip elements in transaction from garbage
      collection
    - netlink: annotate data races around nlk->portid
    - netlink: annotate data races around dst_portid and dst_group
    - netlink: annotate data races around sk_state
    - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
    - ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
    - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
    - netrom: Fix use-after-free of a listening socket.
    - net/sched: sch_taprio: do not schedule in taprio_reset()
    - sctp: fail if no bound addresses can be used for a given scope
    - riscv/kprobe: Fix instruction simulation of JALR
    - nvme: fix passthrough csi check
    - gpio: mxc: Unlock on error path in mxc_flip_edge()
    - net: ravb: Fix lack of register setting after system resumed for Gen3
    - net: ravb: Fix possible hang if RIS2_QFF1 happen
    - net: mctp: mark socks as dead on unhash, prevent re-add
    - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
    - net/tg3: resolve deadlock in tg3_reset_task() during EEH
    - net: mdio-mux-meson-g12a: force internal PHY off on mux switch
    - treewide: fix up files incorrectly marked executable
    - tools: gpio: fix -c option of gpio-event-mon
    - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI
      mode"
    - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
    - netfilter: conntrack: unify established states for SCTP paths
    - perf/x86/amd: fix potential integer overflow on shift of a int
    - dmaengine: qcom: gpi: Set link_rx bit on GO TRE for rx operation
    - soc: imx: imx8mp-blk-ctrl: enable global pixclk with HDMI_TX_PHY PD
    - arm64: dts: verdin-imx8mm: fix dahlia audio playback
    - arm64: dts: verdin-imx8mm: fix dev board audio playback
    - soc: imx: imx8mp-blk-ctrl: don't set power device name
    - arm64: dts: imx8mp: Fix missing GPC Interrupt
    - arm64: dts: imx8mp: Fix power-domain typo
    - reset: ti-sci: honor TI_SCI_PROTOCOL setting when not COMPILE_TEST
    - firmware: arm_scmi: Fix virtio channels cleanup on shutdown
    - interconnect: qcom: msm8996: Provide UFS clocks to A2NoC
    - interconnect: qcom: msm8996: Fix regmap max_register values
    - RDMA/rxe: Fix inaccurate constants in rxe_type_info
    - RDMA/rxe: Prevent faulty rkey generation
    - drm/msm/gpu: Fix potential double-free
    - bpf: hash map, avoid deadlock with suitable hash mask
    - net: lan966x: add missing fwnode_handle_put() for ports node
    - block/rnbd-clt: fix wrong max ID in ida_alloc_max
    - usb: ucsi: Ensure connector delayed work items are flushed
    - netfilter: conntrack: handle tcp challenge acks during connection reuse
    - net/mlx5e: Avoid false lock dependency warning on tc_ht even more
    - net/mlx5e: Set decap action based on attr for sample
    - dmaengine: tegra: Fix memory leak in terminate_all()
    - net: sched: gred: prevent races when adding offloads to stats
    - usb: dwc3: fix extcon dependency
    - bnxt: Do not read past the end of test names
    - btrfs: zoned: enable metadata over-commit for non-ZNS setup
    - vfio/type1: Respect IOMMU reserved regions in vfio_test_domain_fgsp()
    - kvm/vfio: Fix potential deadlock on vfio group_lock
    - ftrace: Export ftrace_free_filter() to modules
    - riscv: fix -Wundef warning for CONFIG_RISCV_BOOT_SPINWAIT
    - regulator: dt-bindings: samsung,s2mps14: add lost samsung,ext-control-gpios
    - i2c: designware: Fix unbalanced suspended flag
    - iavf: schedule watchdog immediately when changing primary MAC
    - tracing/osnoise: Use built-in RCU list checking
    - gpio: ep93xx: Fix port F hwirq numbers in handler
    - net: mctp: add an explicit reference from a mctp_sk_key to sock
    - net: mctp: move expiry timer delete to unhash
    - net: mctp: hold key reference when looking up a general key
    - riscv: Move call to init_cpu_topology() to later initialization stage
    - Partially revert "perf/arm-cmn: Optimise DTC counter accesses"
    - x86/sev: Add SEV-SNP guest feature negotiation support
    - acpi: Fix suspend with Xen PV

* CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

* devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute
    (KeyError: 'flavour') (LP: #1937133)
    - selftests: net: devlink_port_split.py: skip test if no suitable device
      available

* Connection timeout due to conntrack limits (LP: #2011616)
    - netfilter: conntrack: adopt safer max chain length

* Kinetic update: upstream stable patchset 2023-03-27 (LP: #2012977)
    - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
    - pNFS/filelayout: Fix coalescing test for single DS
    - tools/virtio: initialize spinlocks in vring_test.c
    - virtio_pci: modify ENOENT to EINVAL
    - vduse: Validate vq_num in vduse_validate_config()
    - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
    - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down()
    - RDMA/srp: Move large values to a new enum for gcc13
    - btrfs: always report error in run_one_delayed_ref()
    - x86/asm: Fix an assembler warning with current binutils
    - f2fs: let's avoid panic if extent_tree is not created
    - perf/x86/rapl: Treat Tigerlake like Icelake
    - fbdev: omapfb: avoid stack overflow warning
    - Bluetooth: hci_qca: Fix driver shutdown on closed serdev
    - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
    - wifi: mac80211: sdata can be NULL during AMPDU start
    - Add exception protection processing for vd in axi_chan_handle_err function
    - zonefs: Detect append writes at invalid locations
    - nilfs2: fix general protection fault in nilfs_btree_insert()
    - efi: fix userspace infinite retry read efivars after EFI runtime services
      page fault
    - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform
    - hugetlb: unshare some PMDs when splitting VMAs
    - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL
    - eventpoll: add EPOLL_URING_WAKE poll wakeup flag
    - eventfd: provide a eventfd_signal_mask() helper
    - xhci-pci: set the dma max_seg_size
    - usb: xhci: Check endpoint is valid before dereferencing it
    - xhci: Fix null pointer dereference when host dies
    - xhci: Add update_hub_device override for PCI xHCI hosts
    - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
    - usb: acpi: add helper to check port lpm capability using acpi _DSM
    - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
    - prlimit: do_prlimit needs to have a speculation check
    - USB: serial: option: add Quectel EM05-G (GR) modem
    - USB: serial: option: add Quectel EM05-G (CS) modem
    - USB: serial: option: add Quectel EM05-G (RS) modem
    - USB: serial: option: add Quectel EC200U modem
    - USB: serial: option: add Quectel EM05CN (SG) modem
    - USB: serial: option: add Quectel EM05CN modem
    - staging: vchiq_arm: fix enum vchiq_status return types
    - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
    - misc: fastrpc: Don't remove map on creater_process and device_release
    - misc: fastrpc: Fix use-after-free race condition for maps
    - usb: core: hub: disable autosuspend for TI TUSB8041
    - comedi: adv_pci1760: Fix PWM instruction handling
    - ACPI: PRM: Check whether EFI runtime is available
    - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
    - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
    - btrfs: do not abort transaction on failure to write log tree when syncing
      log
    - btrfs: fix race between quota rescan and disable leading to NULL pointer
      deref
    - cifs: do not include page data when checking signature
    - thunderbolt: Use correct function to calculate maximum USB3 link rate
    - riscv: dts: sifive: fu740: fix size of pcie 32bit memory
    - bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and
      PERF_BPF_EVENT_PROG_UNLOAD
    - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
    - tty: fix possible null-ptr-defer in spk_ttyio_release
    - USB: serial: cp210x: add SCALANCE LPE-9000 device id
    - usb: cdns3: remove fetched trb from cache before dequeuing
    - usb: host: ehci-fsl: Fix module alias
    - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail
    - usb: typec: altmodes/displayport: Add pin assignment helper
    - usb: typec: altmodes/displayport: Fix pin assignment calculation
    - usb: gadget: g_webcam: Send color matching descriptor per frame
    - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
    - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
    - dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation
    - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
    - serial: pch_uart: Pass correct sg to dma_unmap_sg()
    - dmaengine: lgm: Move DT parsing after initialization
    - dmaengine: tegra210-adma: fix global intr clear
    - dmaengine: idxd: Let probe fail when workqueue cannot be enabled
    - serial: amba-pl011: fix high priority character transmission in rs486 mode
    - serial: atmel: fix incorrect baudrate setup
    - gsmi: fix null-deref in gsmi_get_variable
    - mei: me: add meteor lake point M DID
    - drm/i915: re-disable RC6p on Sandy Bridge
    - drm/i915/display: Check source height is > 0
    - drm/amd/display: Fix set scaling doesn's work
    - drm/amd/display: Calculate output_color_space after pixel encoding
      adjustment
    - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
    - fs/ntfs3: Fix attr_punch_hole() null pointer derenference
    - arm64: efi: Execute runtime services from a dedicated stack
    - efi: rt-wrapper: Add missing include
    - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
    - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work()
    - block: mq-deadline: Rename deadline_is_seq_writes()
    - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
    - soc: qcom: apr: Make qcom,protection-domain optional again
    - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
    - serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ
      handler
    - misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
    - btrfs: fix missing error handling when logging directory items
    - thunderbolt: Disable XDomain lane 1 only in software connection manager
    - thunderbolt: Do not report errors if on-board retimers are found
    - thunderbolt: Do not call PM runtime functions in tb_retimer_scan()
    - mptcp: explicitly specify sock family at subflow creation time
    - mptcp: netlink: respect v4/v6-only sockets
    - usb: musb: fix error return code in omap2430_probe()
    - USB: gadget: Add ID numbers to configfs-gadget driver names
    - arm64: dts: imx8mp: correct usb clocks
    - dmaengine: idxd: Prevent use after free on completion memory
    - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable
    - mei: bus: fix unlink on bus in error path
    - VMCI: Use threaded irqs instead of tasklets
    - ARM: omap1: fix !ARCH_OMAP1_ANY link failures
    - drm/amdgpu: Correct the power calcultion for Renior/Cezanne.
    - drm/i915: Allow switching away via vga-switcheroo if uninitialized
    - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
    - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt

* Kinetic update: upstream stable patchset 2023-03-21 (LP: #2012438)
    - ALSA: control-led: use strscpy in set_led_id()
    - ALSA: hda/realtek - Turn on power early
    - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx
    - KVM: arm64: Fix S1PTW handling on RO memslots
    - KVM: arm64: nvhe: Fix build with profile optimization
    - selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c
    - efi: tpm: Avoid READ_ONCE() for accessing the event log
    - docs: Fix the docs build with Sphinx 6.0
    - net: stmmac: add aux timestamps fifo clearance wait
    - perf auxtrace: Fix address filter duplicate symbol selection
    - s390/kexec: fix ipl report address for kdump
    - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling
    - s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops
    - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
    - drm/virtio: Fix GEM handle creation UAF
    - drm/i915/gt: Reset twice
    - cifs: Fix uninitialized memory read for smb311 posix symlink create
    - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present
    - platform/surface: aggregator: Ignore command messages not intended for us
    - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting
    - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint
    - drm/msm/adreno: Make adreno quirks not overwrite each other
    - dt-bindings: msm: dsi-controller-main: Fix power-domain constraint
    - dt-bindings: msm: dsi-controller-main: Fix description of core clock
    - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode
    - platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to
      set_fn_lock_led_list[]
    - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux
      transfer
    - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY
    - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY
    - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during
      probe
    - ixgbe: fix pci device refcount leak
    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    - usb: ulpi: defer ulpi_register on ulpi_read_id timeout
    - iommu/iova: Fix alloc iova overflows issue
    - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
    - sched/core: Fix use-after-free bug in dup_user_cpus_ptr()
    - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
      function.
    - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
    - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
    - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
    - x86/resctrl: Fix task CLOSID/RMID update race
    - regulator: da9211: Use irq handler when ready
    - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile
    - scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery
    - ASoC: wm8904: fix wrong outputs volume after power reactivation
    - ALSA: usb-audio: Make sure to stop endpoints before closing EPs
    - ALSA: usb-audio: Relax hw constraints for implicit fb sync
    - tipc: fix unexpected link reset due to discovery messages
    - octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable
    - hvc/xen: lock console list traversal
    - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
    - af_unix: selftest: Fix the size of the parameter to connect()
    - tools/nolibc: restore mips branch ordering in the _start block
    - tools/nolibc: fix the O_* fcntl/open macro definitions for riscv
    - net/sched: act_mpls: Fix warning during failed attribute validation
    - net/mlx5: Fix ptp max frequency adjustment range
    - net/mlx5e: Don't support encap rules with gbp option
    - perf build: Properly guard libbpf includes
    - igc: Fix PPS delta between two synchronized end-points
    - platform/surface: aggregator: Add missing call to ssam_request_sync_free()
    - KVM: x86: Do not return host topology information from
      KVM_GET_SUPPORTED_CPUID
    - arm64: atomics: remove LL/SC trampolines
    - arm64: cmpxchg_double*: hazard against entire exchange variable
    - efi: fix NULL-deref in init error path
    - io_uring/io-wq: free worker if task_work creation is canceled
    - io_uring/io-wq: only free worker if it was allocated for creation
    - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
    - pinctrl: amd: Add dynamic debugging for active GPIOs
    - arm64: mte: Fix double-freeing of the temporary tag storage during coredump
    - elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size}
    - cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering
    - drm/i915: Reserve enough fence slot for i915_vma_unbind_async
    - drm/i915: Fix potential context UAFs
    - cifs: do not query ifaces on smb1 mounts
    - ASoC: rt9120: Make dev PM runtime bind AsoC component PM
    - platform/x86: int3472/discrete: Ensure the clk/power enable pins are in
      output mode
    - platform/x86: asus-wmi: Don't load fan curves without fan
    - drm/msm: another fix for the headless Adreno GPU
    - arm64/signal: Always allocate SVE signal frames on SME only systems
    - arm64/signal: Always accept SVE signal frames on SME only systems
    - arm64/mm: add pud_user_exec() check in pud_user_accessible_page()
    - arm64: ptrace: Use ARM64_SME to guard the SME register enumerations
    - arm64/mm: fix incorrect file_map_count for invalid pmd
    - iavf/iavf_main: actually log ->src mask when talking about it
    - x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case
    - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
    - ASoC: Intel: fix sof-nau8825 link failure
    - drm/msm/dpu: Fix some kernel-doc comments
    - drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
    - mtd: cfi: allow building spi-intel standalone
    - stmmac: dwmac-mediatek: remove the dwmac_fix_mac_speed
    - sched/core: Fix arch_scale_freq_tick() on tickless systems
    - net/mlx5: check attr pointer validity before dereferencing it
    - net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc
    - net/mlx5: Fix command stats access after free
    - net/mlx5e: Verify dev is present for fix features ndo
    - net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are
      present
    - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
    - net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path
    - octeontx2-pf: Fix resource leakage in VF driver unbind
    - net: lan966x: check for ptp to be enabled in lan966x_ptp_deinit()
    - net: hns3: fix wrong use of rss size during VF rss config
    - bnxt: make sure we return pages to the pool
    - platform/x86/amd: Fix refcount leak in amd_pmc_probe

* Kinetic update: upstream stable patchset 2023-03-20 (LP: #2012307)
    - parisc: Align parisc MADV_XXX constants with all other architectures
    - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate()
    - x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate().
    - x86/fpu: Add a pkru argument to copy_uabi_to_xstate()
    - x86/fpu: Allow PKRU to be (once again) written by ptrace.
    - x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set
    - selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace
    - serial: fixup backport of "serial: Deassert Transmit Enable on probe in
      driver-specific way"
    - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
    - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254
    - Revert "SUNRPC: Use RMW bitops in single-threaded hot paths"
    - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle

* Kinetic update: upstream stable patchset 2023-03-06 (LP: #2009546)
    - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
    - cifs: fix oops during encryption
    - nvme-pci: fix doorbell buffer value endianness
    - nvme-pci: fix mempool alloc size
    - nvme-pci: fix page size checks
    - ACPI: resource: do IRQ override on LENOVO IdeaPad
    - ACPI: resource: do IRQ override on XMG Core 15
    - ACPI: resource: do IRQ override on Lenovo 14ALC7
    - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
    - ata: ahci: Fix PCS quirk application for suspend
    - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
    - nvmet: don't defer passthrough commands with trivial effects to the
      workqueue
    - fs/ntfs3: Validate BOOT record_size
    - fs/ntfs3: Add overflow check for attribute size
    - fs/ntfs3: Validate data run offset
    - fs/ntfs3: Add null pointer check to attr_load_runs_vcn
    - fs/ntfs3: Fix memory leak on ntfs_fill_super() error path
    - fs/ntfs3: Add null pointer check for inode operations
    - fs/ntfs3: Validate attribute name offset
    - fs/ntfs3: Validate buffer length while parsing index
    - fs/ntfs3: Validate resident attribute name
    - fs/ntfs3: Fix slab-out-of-bounds read in run_unpack
    - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15
    - fs/ntfs3: Validate index root when initialize NTFS security
    - fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init()
    - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super()
    - fs/ntfs3: Delete duplicate condition in ntfs_read_mft()
    - fs/ntfs3: Fix slab-out-of-bounds in r_page
    - objtool: Fix SEGFAULT
    - powerpc/rtas: avoid device tree lookups in rtas_os_term()
    - powerpc/rtas: avoid scheduling in rtas_os_term()
    - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
    - HID: plantronics: Additional PIDs for double volume key presses quirk
    - pstore: Properly assign mem_type property
    - pstore/zone: Use GFP_ATOMIC to allocate zone buffer
    - hfsplus: fix bug causing custom uid and gid being unable to be assigned with
      mount
    - binfmt: Fix error return code in load_elf_fdpic_binary()
    - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
    - ALSA: line6: correct midi status byte when receiving data from podxt
    - ALSA: line6: fix stack overflow in line6_midi_transmit
    - pnode: terminate at peers of source
    - mfd: mt6360: Add bounds checking in Regmap read/write call-backs
    - md: fix a crash in mempool_free
    - mm, compaction: fix fast_isolate_around() to stay within boundaries
    - f2fs: should put a page when checking the summary info
    - f2fs: allow to read node block after shutdown
    - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
    - tpm: acpi: Call acpi_put_table() to fix memory leak
    - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
    - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
    - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
    - kcsan: Instrument memcpy/memset/memmove with newer Clang
    - media: stv0288: use explicitly signed char
    - soc: qcom: Select REMAP_MMIO for LLCC driver
    - kest.pl: Fix grub2 menu handling for rebooting
    - ktest.pl minconfig: Unset configs instead of just removing them
    - jbd2: use the correct print format
    - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D
    - perf/x86/intel/uncore: Clear attr_update properly
    - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
    - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
    - btrfs: fix resolving backrefs for inline extent followed by prealloc
    - ARM: ux500: do not directly dereference __iomem
    - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
    - selftests: Use optional USERCFLAGS and USERLDFLAGS
    - PM/devfreq: governor: Add a private governor_data for governor
    - cpufreq: Init completion before kobject_init_and_add()
    - ALSA: patch_realtek: Fix Dell Inspiron Plus 16
    - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
    - fs: dlm: fix sock release if listen fails
    - fs: dlm: retry accept() until -EAGAIN or error returns
    - mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
    - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
    - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
    - dm thin: Use last transaction's pmd->root when commit failed
    - dm thin: resume even if in FAIL mode
    - dm thin: Fix UAF in run_timer_softirq()
    - dm integrity: Fix UAF in dm_integrity_dtr()
    - dm clone: Fix UAF in clone_dtr()
    - dm cache: Fix UAF in destroy()
    - dm cache: set needs_check flag after aborting metadata
    - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
    - perf/core: Call LSM hook after copying perf_event_attr
    - of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values
    - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
    - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
    - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
    - x86/microcode/intel: Do not retry microcode reloading on the APs
    - ftrace/x86: Add back ftrace_expected for ftrace bug reports
    - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
    - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
    - tracing: Fix race where eprobes can be called before the event
    - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
    - tracing/hist: Fix wrong return value in parse_action_params()
    - tracing/probes: Handle system names with hyphens
    - tracing: Fix infinite loop in tracing_read_pipe on overflowed
      print_trace_line
    - staging: media: tegra-video: fix chan->mipi value on error
    - staging: media: tegra-video: fix device_node use after free
    - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
    - media: dvb-core: Fix double free in dvb_register_device()
    - cifs: fix confusing debug message
    - cifs: fix missing display of three mount options
    - rtc: ds1347: fix value written to century register
    - block: mq-deadline: Do not break sequential write streams to zoned HDDs
    - md/bitmap: Fix bitmap chunk size overflow issues
    - efi: Add iMac Pro 2017 to uefi skip cert quirk
    - wifi: wilc1000: sdio: fix module autoloading
    - ASoC: jz4740-i2s: Handle independent FIFO flush bits
    - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()
    - ipmi: fix long wait in unload when IPMI disconnect
    - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
    - ima: Fix a potential NULL pointer access in ima_restore_measurement_list
    - ipmi: fix use after free in _ipmi_destroy_user()
    - PCI: Fix pci_device_is_present() for VFs by checking PF
    - PCI/sysfs: Fix double free in error path
    - riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
    - riscv: mm: notify remote harts about mmu cache updates
    - crypto: n2 - add missing hash statesize
    - driver core: Fix bus_type.match() error handling in __driver_attach()
    - phy: qcom-qmp-combo: fix sc8180x reset
    - iommu/amd: Fix ivrs_acpihid cmdline parsing code
    - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
    - parisc: led: Fix potential null-ptr-deref in start_task()
    - device_cgroup: Roll back to original exceptions after copy failure
    - drm/connector: send hotplug uevent on connector cleanup
    - drm/i915/dsi: fix VBT send packet port selection for dual link DSI
    - drm/ingenic: Fix missing platform_driver_unregister() call in
      ingenic_drm_init()
    - ext4: silence the warning when evicting inode with dioread_nolock
    - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
      infinite loop
    - ext4: remove trailing newline from ext4_msg() message
    - fs: ext4: initialize fsdata in pagecache_write()
    - ext4: fix use-after-free in ext4_orphan_cleanup
    - ext4: fix undefined behavior in bit shift for ext4_check_flag_values
    - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
    - ext4: add helper to check quota inums
    - ext4: fix bug_on in __es_tree_search caused by bad quota inode
    - ext4: fix reserved cluster accounting in __es_remove_extent()
    - ext4: check and assert if marking an no_delete evicting inode dirty
    - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
    - ext4: fix leaking uninitialized memory in fast-commit journal
    - ext4: fix uninititialized value in 'ext4_evict_inode'
    - ext4: init quota for 'old.inode' in 'ext4_rename'
    - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
    - ext4: fix error code return to user-space in ext4_get_branch()
    - ext4: avoid BUG_ON when creating xattrs
    - ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
    - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
    - ext4: initialize quota before expanding inode in setproject ioctl
    - ext4: avoid unaccounted block allocation when expanding inode
    - ext4: allocate extended attribute value in vmalloc area
    - drm/amdgpu: handle polaris10/11 overlap asics (v2)
    - block: mq-deadline: Fix dd_finish_request() for zoned devices
    - tracing: Fix issue of missing one synthetic field
    - ext4: use ext4_debug() instead of jbd_debug()
    - ext4: introduce EXT4_FC_TAG_BASE_LEN helper
    - ext4: factor out ext4_fc_get_tl()
    - ext4: fix potential out of bound read in ext4_fc_replay_scan()
    - ext4: disable fast-commit of encrypted dir operations
    - ext4: don't set up encryption key during jbd2 transaction
    - ext4: add missing validation of fast-commit record lengths
    - ext4: fix unaligned memory access in ext4_fc_reserve_space()
    - ext4: fix off-by-one errors in fast-commit block filling
    - ARM: renumber bits related to _TIF_WORK_MASK
    - phy: qcom-qmp-combo: fix out-of-bounds clock access
    - btrfs: replace strncpy() with strscpy()
    - btrfs: fix extent map use-after-free when handling missing device in
      read_one_chunk
    - x86/MCE/AMD: Clear DFR errors found in THR handler
    - media: s5p-mfc: Fix to handle reference queue during finishing
    - media: s5p-mfc: Clear workbit to handle error condition
    - media: s5p-mfc: Fix in register read and write for H264
    - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
    - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged
      data
    - ravb: Fix "failed to switch device to config mode" message during unbind
    - ext4: goto right label 'failed_mount3a'
    - ext4: correct inconsistent error msg in nojournal mode
    - mbcache: automatically delete entries from cache on freeing
    - ext4: fix deadlock due to mbcache entry corruption
    - SUNRPC: ensure the matching upcall is in-flight upon downcall
    - btrfs: fix an error handling path in btrfs_defrag_leaves()
    - bpf: pull before calling skb_postpull_rcsum()
    - drm/panfrost: Fix GEM handle creation ref-counting
    - netfilter: nf_tables: consolidate set description
    - netfilter: nf_tables: add function to create set stateful expressions
    - netfilter: nf_tables: perform type checking for existing sets
    - vmxnet3: correctly report csum_level for encapsulated packet
    - netfilter: nf_tables: honor set timeout and garbage collection updates
    - veth: Fix race with AF_XDP exposing old or uninitialized descriptors
    - nfsd: shut down the NFSv4 state objects before the filecache
    - net: hns3: add interrupts re-initialization while doing VF FLR
    - net: hns3: fix miss L3E checking for rx packet
    - net: hns3: fix VF promisc mode not update when mac table full
    - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
    - net: dsa: mv88e6xxx: depend on PTP conditionally
    - nfc: Fix potential resource leaks
    - vdpa_sim: fix possible memory leak in vdpasim_net_init() and
      vdpasim_blk_init()
    - vhost/vsock: Fix error handling in vhost_vsock_init()
    - vringh: fix range used in iotlb_translate()
    - vhost: fix range used in translate_desc()
    - vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
    - net/mlx5: E-Switch, properly handle ingress tagged packets on VST
    - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
    - net/mlx5: Avoid recovery in probe flows
    - net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default
    - net/mlx5e: Always clear dest encap in neigh-update-del
    - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
    - net: amd-xgbe: add missed tasklet_kill
    - net: ena: Fix toeplitz initial hash value
    - net: ena: Don't register memory info on XDP exchange
    - net: ena: Account for the number of processed bytes in XDP
    - net: ena: Use bitmask to indicate packet redirection
    - net: ena: Fix rx_copybreak value update
    - net: ena: Set default value for RX interrupt moderation
    - net: ena: Update NUMA TPH hint register upon NUMA node update
    - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
    - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
    - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
    - drm/meson: Reduce the FIFO lines held when AFBC is not used
    - filelock: new helper: vfs_inode_has_locks
    - ceph: switch to vfs_inode_has_locks() to fix file lock bug
    - gpio: sifive: Fix refcount leak in sifive_gpio_probe
    - net: sched: atm: dont intepret cls results when asked to drop
    - net: sched: cbq: dont intepret cls results when asked to drop
    - net: sparx5: Fix reading of the MAC address
    - netfilter: ipset: fix hash:net,port,net hang with /0 subnet
    - netfilter: ipset: Rework long task execution when adding/deleting entries
    - perf tools: Fix resources leak in perf_data__open_dir()
    - drm/imx: ipuv3-plane: Fix overlay plane width
    - fs/ntfs3: don't hold ni_lock when calling truncate_setsize()
    - drivers/net/bonding/bond_3ad: return when there's no aggregator
    - octeontx2-pf: Fix lmtst ID used in aura free
    - usb: rndis_host: Secure rndis_query check against int overflow
    - perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match
      non BPF mode
    - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
    - caif: fix memory leak in cfctrl_linkup_request()
    - udf: Fix extension of the last extent in the file
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
    - nvme: fix multipath crash caused by flush request when blktrace is enabled
    - io_uring: check for valid register opcode earlier
    - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
    - nvme: also return I/O command effects from nvme_command_effects
    - btrfs: check superblock to ensure the fs was not modified at thaw time
    - x86/kexec: Fix double-free of elf header buffer
    - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
    - block: don't allow splitting of a REQ_NOWAIT bio
    - io_uring: fix CQ waiting timeout handling
    - thermal: int340x: Add missing attribute for data rate base
    - riscv: uaccess: fix type of 0 variable on error in get_user()
    - riscv, kprobes: Stricter c.jr/c.jalr decoding
    - drm/i915/gvt: fix gvt debugfs destroy
    - drm/i915/gvt: fix vgpu debugfs clean in remove
    - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
    - ksmbd: fix infinite loop in ksmbd_conn_handler_loop()
    - ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in
      ksmbd_decode_ntlmssp_auth_blob
    - Revert "ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007"
    - mptcp: dedicated request sock for subflow in v6
    - mptcp: use proper req destructor for IPv6
    - ext4: don't allow journal inode to have encrypt flag
    - btrfs: make thaw time super block check to also verify checksum
    - mbcache: Avoid nesting of cache->c_list_lock under bit locks
    - efi: random: combine bootloader provided RNG seed with RNG protocol output
    - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4
    - futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
    - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path
    - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call
    - block: Do not reread partition table on exclusively open device
    - arm64: dts: qcom: sdm850-samsung-w737: correct I2C12 pins drive strength
    - EDAC/mc_sysfs: Increase legacy channel support to 12
    - ext2: unbugger ext2_empty_dir()
    - bpf: Resolve fext program type when checking map compatibility
    - mptcp: netlink: fix some error return code
    - ima: Fix hash dependency to correct algorithm
    - KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself
    - powerpc/ftrace: fix syscall tracing on PPC64_ELF_ABI_V1
    - arm64: dts: mediatek: mt8195-demo: fix the memory size of node secmon
    - drm/amdgpu: fix mmhub register base coding error
    - mtd: spi-nor: gigadevice: gd25q256: replace gd25q256_default_init with
      gd25q256_post_bfpt
    - ima: Fix memory leak in __ima_inode_hash()
    - crypto: ccree,hisilicon - Fix dependencies to correct algorithm
    - RISC-V: kexec: Fix memory leak of fdt buffer
    - riscv: Fixup compile error with !MMU
    - RISC-V: kexec: Fix memory leak of elf header buffer
    - bus: mhi: host: Fix race between channel preparation and M0 event
    - test_kprobes: Fix implicit declaration error of test_kprobes
    - remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
    - remoteproc: imx_rproc: Correct i.MX93 DRAM mapping
    - parisc: Add missing FORCE prerequisites in Makefile
    - ext4: journal_path mount options should follow links
    - drm/i915: improve the catch-all evict to handle lock contention
    - drm/i915/migrate: Account for the reserved_space
    - cifs: fix interface count calculation during refresh
    - cifs: refcount only the selected iface during interface update
    - usb: dwc3: gadget: Ignore End Transfer delay on teardown
    - ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf
    - net: vrf: determine the dst using the original ifindex for multicast
    - mptcp: fix lockdep false positive
    - net: lan966x: Fix configuration of the PCS
    - bnxt_en: Simplify bnxt_xdp_buff_init()
    - bnxt_en: Fix XDP RX path
    - bnxt_en: Fix first buffer size calculations for XDP multi-buffer
    - bnxt_en: Fix HDS and jumbo thresholds for RX packets
    - vdpa/mlx5: Fix rule forwarding VLAN to TIR
    - vdpa/mlx5: Fix wrong mac address deletion
    - vhost-vdpa: fix an iotlb memory leak
    - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
    - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
    - vdpasim: fix memory leak when freeing IOTLBs
    - net/mlx5: Fix io_eq_size and event_eq_size params validation
    - net/mlx5: Fix RoCE setting at HCA level
    - net/mlx5e: CT: Fix ct debugfs folder name
    - net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option
    - net/mlx5: Lag, fix failure to cancel delayed bond work
    - vxlan: Fix memory leaks in error path
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - qed: allow sleep in qed_mcp_trace_dump()
    - usb: dwc3: xilinx: include linux/gpio/consumer.h
    - net: dsa: tag_qca: fix wrong MGMT_DATA2 size
    - vhost_vdpa: fix the crash in unmap a large memory
    - of/fdt: run soc memory setup when early_init_dt_scan_memory fails

* CVE-2022-36280
    - drm/vmwgfx: Validate the box size for the snooped cursor

* CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

-- Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>  Tue, 18 Apr 2023 10:50:41 -0700

Changed in linux (Ubuntu Kinetic):
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2023-05-16:

#18

------- Comment From <email address hidden> 2023-05-16 05:24 EDT-------
Fix has been successfully verified and released to bionic, focal, jammy, kinetic and lunar.
With that, we can close this bug.

@Carsten, Frank and the teams: thanks for your work!

==> Changing status to: CLOSED

tags:

added: targetmilestone-inin1804
removed: targetmilestone-inin---

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-18:

#19

This bug is awaiting verification that the linux-gcp/5.19.0-1024.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux-gcp verification-needed-kinetic
removed: verification-done-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-18:

#20

This bug is awaiting verification that the linux-riscv-5.15/5.15.0-1034.38~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-riscv-5.15 verification-needed-focal
removed: verification-done-focal

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-05-18:

#21

This bug doesn't affect riscv-5.15, it's an s390x inline assembler thing only.
Hence I'm updating the focal verification again to done to unblock the process.

tags:

added: verification-done-focal verification-done-kinetic
removed: verification-needed-focal verification-needed-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-22:

#22

This bug is awaiting verification that the linux-allwinner/5.19.0-1012.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux-allwinner verification-needed-kinetic
removed: verification-done-kinetic

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-05-22:

#23

This bug does not affect linux-allwinner/5.19.0-1012.12, hence I'm again updating the tags to unblock the process.

tags:

added: verification-done-kinetic
removed: verification-needed-kinetic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-22:

#24

Download full text (12.1 KiB)

This bug was fixed in the package linux - 5.4.0-149.166

---------------
linux (5.4.0-149.166) focal; urgency=medium

* focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591)

  * Focal update: v5.4.233 upstream stable release (LP: #2015909)
    - dma-mapping: add generic helpers for mapping sgtable objects
    - scatterlist: add generic wrappers for iterating over sgtable objects
    - drm: etnaviv: fix common struct sg_table related issues
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - Linux 5.4.233

* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit

  * fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal
    (LP: #2015440)
    - selftests: Fix the executable permissions for fib_tests.sh

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
- [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
- s390/uaccess: add missing earlyclobber annotations to __clear_user()

* i/o error if next unused loop device is queried (LP: #1856871)
- loop: fix I/O error on fsync() in detached loop devices

* CVE-2023-1075
- net/tls: tls_is_tx_ready() checked list_entry

  * Focal update: v5.4.232 upstream stable release (LP: #2011625)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - WRITE is "data source", not destination...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
  ...

This bug was fixed in the package linux - 5.4.0-149.166

---------------
linux (5.4.0-149.166) focal; urgency=medium

* focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591)

* Focal update: v5.4.233 upstream stable release (LP: #2015909)
    - dma-mapping: add generic helpers for mapping sgtable objects
    - scatterlist: add generic wrappers for iterating over sgtable objects
    - drm: etnaviv: fix common struct sg_table related issues
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - Linux 5.4.233

*  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

* fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal
    (LP: #2015440)
    - selftests: Fix the executable permissions for fib_tests.sh

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()

* i/o error if next unused loop device is queried (LP: #1856871)
    - loop: fix I/O error on fsync() in detached loop devices

* CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

* Focal update: v5.4.232 upstream stable release (LP: #2011625)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - WRITE is "data source", not destination...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - scsi: target: core: Fix warning on RT kernels
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - net/x25: Fix to not accept on connected socket
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - Input: i8042 - move __initconst to fix code styling warning
    - Input: i8042 - merge quirk tables
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables
    - Input: i8042 - add Clevo PCX0DX to i8042 quirk table
    - fbcon: Check font dimension limits
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - nvmem: core: fix cell removal on error
    - mm: swap: properly update readahead statistics in unuse_pte_range()
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - iio:adc:twl6030: Enable measurement of VAC
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - IB/hfi1: Restore allocated resources on failed copyout
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - iommu: Add gfp parameter to iommu_ops::map
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - nvme-pci: Move enumeration by class to be last in the table
    - bpf: Always return target ifindex in bpf_fib_lookup
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - aio: fix mremap after fork null-deref
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - netfilter: nft_tproxy: restrict to prerouting hook
    - xfs: remove the xfs_efi_log_item_t typedef
    - xfs: remove the xfs_efd_log_item_t typedef
    - xfs: remove the xfs_inode_log_item_t typedef
    - xfs: factor out a xfs_defer_create_intent helper
    - xfs: merge the ->log_item defer op into ->create_intent
    - xfs: merge the ->diff_items defer op into ->create_intent
    - xfs: turn dfp_intent into a xfs_log_item
    - xfs: refactor xfs_defer_finish_noroll
    - xfs: log new intent items created as part of finishing recovered intent
      items
    - xfs: fix finobt btree block recovery ordering
    - xfs: proper replay of deferred ops queued during log recovery
    - xfs: xfs_defer_capture should absorb remaining block reservations
    - xfs: xfs_defer_capture should absorb remaining transaction reservation
    - xfs: clean up bmap intent item recovery checking
    - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering
    - xfs: fix an incore inode UAF in xfs_bui_recover
    - xfs: change the order in which child and parent defer ops are finished
    - xfs: periodically relog deferred intent items
    - xfs: expose the log push threshold
    - xfs: only relog deferred intent items if free space in the log gets low
    - xfs: fix missing CoW blocks writeback conversion retry
    - xfs: ensure inobt record walks always make forward progress
    - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
    - xfs: prevent UAF in xfs_log_item_in_current_chkpt
    - xfs: sync lazy sb accounting on quiesce of read-only mounts
    - Revert "ipv4: Fix incorrect route flushing when source address is deleted"
    - ipv4: Fix incorrect route flushing when source address is deleted
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - Revert "mm: Always release pages to the buddy allocator in
      memblock_free_late()."
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - nilfs2: fix underflow in second superblock position calculations
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()
    - Linux 5.4.232

* CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 18 Apr 2023 17:54:42 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2023-05-22

Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-22:

#25

This bug is awaiting verification that the linux-bluefield/5.4.0-1064.70 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-bluefield verification-needed-focal
removed: verification-done-focal

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-05-23:

#26

This bug does not affect linux-bluefield, hence I'm again updating the tags to unblock the process.

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-25:

#27

This bug is awaiting verification that the linux-intel-iotg/5.15.0-1031.36 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-intel-iotg verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-05-25:

#28

This bug doesn't affect linux-intel-iotg.
Hence I'm updating the jammy verification again to done to unblock the process.

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-25:

#29

This bug is awaiting verification that the linux-aws/5.19.0-1027.28 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux-aws verification-needed-kinetic
removed: verification-done-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-02:

#30

This bug is awaiting verification that the linux-aws/5.15.0-1038.43 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-03:

#31

This bug is awaiting verification that the linux-azure/5.15.0-1040.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-azure

Revision history for this message

Frank Heimes (fheimes) wrote on 2023-06-03:

#32

This bug does affect s390x only, so setting again tags to verified-done to unblock.

tags:

added: verification-done-jammy verification-done-kinetic
removed: verification-needed-jammy verification-needed-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-06:

#33

This bug is awaiting verification that the linux-aws/5.4.0-1104.112 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-aws verification-needed-focal
removed: verification-done-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-06:

#34

This bug is awaiting verification that the linux-azure/5.4.0-1110.116 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-azure

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-06:

#35

This bug is awaiting verification that the linux-azure/5.19.0-1028.31 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux-azure verification-needed-kinetic
removed: verification-done-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-09-09:

#36

This bug is awaiting verification that the linux-aws-5.15/5.15.0-1046.51~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-done-focal-linux-aws-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-failed-focal-linux-aws-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-aws-5.15-v2 verification-needed-focal-linux-aws-5.15

Revision history for this message

bugproxy (bugproxy) wrote on 2024-02-08: uaccess clear_user() fix

#37

uaccess clear_user() fix Edit (1.5 KiB, text/plain)

------- Comment on attachment From <email address hidden> 2023-04-03 14:32 EDT-------

Attached patch applies to 18.04 and 20.04.

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-01:

#38

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-03-01:

#39

This bug only affected s390x, updating all other verification requests to done (to unblock potential processes).

tags:

added: verification-done-focal verification-done-focal-linux-aws-5.15 verification-done-jammy-linux-mtk verification-done-kinetic
removed: verification-needed-focal verification-needed-focal-linux-aws-5.15 verification-needed-jammy-linux-mtk verification-needed-kinetic

Ubuntu
linux package

kernel: fix __clear_user() inline assembly constraints

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	High	Canonical Kernel Team
Bionic	Fix Released	High	Canonical Kernel Team
Focal	Fix Released	High	Canonical Kernel Team
Jammy	Fix Released	High	Canonical Kernel Team
Kinetic	Fix Released	High	Canonical Kernel Team
Lunar	Fix Released	High	Canonical Kernel Team

Ubuntulinux package

kernel: fix __clear_user() inline assembly constraints

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package