Ubuntu
linux package

Jammy update: v5.15.101 upstream stable release

Bug #2020391 reported by Kamal Mostafa on 2023-05-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Jammy	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.15.101 upstream stable release
from git://git.kernel.org/

*** Note: This is an "empty" patch set. The single patch it contained
*** was a revert for a commit which was not applied.

Linux 5.15.101
UBUNTU: Upstream stable to v5.15.101

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-05-22

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Kamal Mostafa (kamalmostafa) on 2023-05-22

description:	updated
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Luke Nowakowski-Krijger (lukenow) on 2023-06-08

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-14:

Download full text (83.7 KiB)

This bug was fixed in the package linux - 5.15.0-79.86

---------------
linux (5.15.0-79.86) jammy; urgency=medium

* jammy/linux: 5.15.0-79.86 -proposed tracker (LP: #2026531)

This bug was fixed in the package linux - 5.15.0-79.86

---------------
linux (5.15.0-79.86) jammy; urgency=medium

* jammy/linux: 5.15.0-79.86 -proposed tracker (LP: #2026531)

* Jammy update: v5.15.111 upstream stable release (LP: #2025095)
    - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
    - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
    - x86/hyperv: Block root partition functionality in a Confidential VM
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - selftests mount: Fix mount_setattr_test builds failed
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - x86/cpu: Add model number for Intel Arrow Lake processor
    - wireguard: timers: cast enum limits members to int in prints
    - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
    - arm64: Always load shadow stack pointer directly from the task struct
    - arm64: Stash shadow stack pointer in the task struct on interrupt
    - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
    - PCI: qcom: Fix the incorrect register usage in v2.7.0 config
    - IMA: allow/fix UML builds
    - USB: dwc3: fix runtime pm imbalance on probe errors
    - USB: dwc3: fix runtime pm imbalance on unbind
    - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
    - hwmon: (adt7475) Use device_property APIs when configuring polarity
    - posix-cpu-timers: Implement the missing timer_wait_running callback
    - blk-mq: release crypto keyslot before reporting I/O complete
    - blk-crypto: make blk_crypto_evict_key() return void
    - blk-crypto: make blk_crypto_evict_key() more robust
    - ext4: use ext4_journal_start/stop for fast commit transactions
    - staging: iio: resolver: ads1210: fix config mode
    - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
    - xhci: fix debugfs register accesses while suspended
    - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
    - MIPS: fw: Allow firmware to pass a empty env
    - ipmi:ssif: Add send_retries increment
    - ipmi: fix SSIF not responding under certain cond.
    - kheaders: Use array declaration instead of char
    - wifi: mt76: add missing locking to protect against concurrent rx/status
      calls
    - pwm: meson: Fix axg ao mux parents
    - pwm: meson: Fix g12a ao clk81 name
    - soundwire: qcom: correct setting ignore bit on v1.5.1
    - pinctrl: qcom: lpass-lpi: set output value before enabling output
    - ring-buffer: Sync IRQ works before buffer destruction
    - crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
    - crypto: safexcel - Cleanup ring IRQ workqueues on load failure
    - rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-
      ed
    - reiserfs: Add security prefix to xattr name in reiserfs_security_write()
    - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
    - relayfs: fix out-of-bounds access in relay_file_read
    - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
    - ksmbd: call rcu_barrier() in ksmbd_server_exit()
    - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
    - ksmbd: fix memleak in session setup
    - i2c: omap: Fix standard mode false ACK readings
    - riscv: mm: remove redundant parameter of create_fdt_early_page_table
    - tracing: Fix permissions for the buffer_percent file
    - iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
    - ubifs: Fix memleak when insert_old_idx() failed
    - ubi: Fix return value overwrite issue in try_write_vid_and_data()
    - ubifs: Free memory for tmpfile name
    - xfs: don't consider future format versions valid
    - sound/oss/dmasound: fix build when drivers are mixed =y/=m
    - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
    - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
    - selftests/resctrl: Extend CPU vendor detection
    - selftests/resctrl: Move ->setup() call outside of test specific branches
    - selftests/resctrl: Allow ->setup() to return errors
    - selftests/resctrl: Check for return value after write_schemata()
    - selinux: fix Makefile dependencies of flask.h
    - selinux: ensure av_permissions.h is built when needed
    - tpm, tpm_tis: Do not skip reset of original interrupt vector
    - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
    - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
    - tpm, tpm_tis: Claim locality before writing interrupt registers
    - tpm, tpm: Implement usage counter for locality
    - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
    - erofs: stop parsing non-compact HEAD index if clusterofs is invalid
    - erofs: fix potential overflow calculating xattr_isize
    - drm/rockchip: Drop unbalanced obj unref
    - drm/vgem: add missing mutex_destroy
    - drm/probe-helper: Cancel previous job before starting new one
    - tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
    - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
    - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
    - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
    - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release
      shared resources
    - EDAC/skx: Fix overflows on the DRAM row address mapping arrays
    - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since
      booted
    - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
    - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
    - arm64: dts: Add DTS files for bcmbca SoC BCM63158
    - arm64: dts: Add DTS files for bcmbca SoC BCM4912
    - ARM64: dts: Add DTS files for bcmbca SoC BCM6858
    - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
    - arm64: dts: Move BCM4908 dts to bcmbca folder
    - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name
    - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename
    - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
    - arm64: dts: qcom: sdm845: correct dynamic power coefficients
    - arm64: dts: qcom: sdm845: Fix the PCI I/O port range
    - arm64: dts: qcom: msm8998: Fix the PCI I/O port range
    - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
    - arm64: dts: qcom: ipq6018: Fix the PCI I/O port range
    - arm64: dts: qcom: msm8996: Fix the PCI I/O port range
    - arm64: dts: qcom: sm8250: Fix the PCI I/O port range
    - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
    - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K
    - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
    - x86/MCE/AMD: Use an u64 for bank_map
    - media: bdisp: Add missing check for create_workqueue
    - media: av7110: prevent underflow in write_ts_to_decoder()
    - firmware: qcom_scm: Clear download bit during reboot
    - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
    - media: max9286: Free control handler
    - drm/msm/adreno: Defer enabling runpm until hw_init()
    - drm/msm/adreno: drop bogus pm_runtime_set_active()
    - drm: msm: adreno: Disable preemption on Adreno 510
    - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known
      override-init warnings
    - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
    - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
    - drm: rcar-du: Fix a NULL vs IS_ERR() bug
    - ARM: dts: gta04: fix excess dma channel usage
    - firmware: arm_scmi: Fix xfers allocation on Rx channel
    - ACPI: VIOT: Initialize the correct IOMMU fwspec
    - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
    - mailbox: mpfs: switch to txdone_poll
    - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
    - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator
    - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994
      regulator
    - drm/ttm: optimize pool allocations a bit v2
    - drm/ttm/pool: Fix ttm_pool_alloc error path
    - regulator: core: Consistently set mutex_owner when using
      ww_mutex_lock_slow()
    - regulator: core: Avoid lockdep reports when resolving supplies
    - x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
    - media: rkvdec: fix use after free bug in rkvdec_remove
    - media: dm1105: Fix use after free bug in dm1105_remove due to race condition
    - media: saa7134: fix use after free bug in saa7134_finidev due to race
      condition
    - media: rcar_fdp1: Make use of the helper function
      devm_platform_ioremap_resource()
    - media: rcar_fdp1: Fix the correct variable assignments
    - platform: Provide a remove callback that returns no value
    - media: rcar_fdp1: Convert to platform remove callback returning void
    - media: rcar_fdp1: Fix refcount leak in probe and remove function
    - drm/amd/display: Fix potential null dereference
    - media: rc: gpio-ir-recv: Fix support for wake-up
    - media: venus: dec: Fix handling of the start cmd
    - regulator: stm32-pwr: fix of_iomap leak
    - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
    - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
    - debugobject: Prevent init race with static objects
    - drm/i915: Make intel_get_crtc_new_encoder() less oopsy
    - tick/common: Align tick period with the HZ tick.
    - cpufreq: use correct unit when verify cur freq
    - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
    - wifi: ath6kl: minor fix for allocation size
    - wifi: ath9k: hif_usb: fix memory leak of remain_skbs
    - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
    - wifi: brcmfmac: support CQM RSSI notification with older firmware
    - wifi: ath6kl: reduce WARN to dev_dbg() in callback
    - tools: bpftool: Remove invalid \' json escape
    - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
    - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
    - bpf: take into account liveness when propagating precision
    - bpf: fix precision propagation verbose logging
    - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
    - selftests/bpf: Fix a fd leak in an error path in network_helpers.c
    - bpf: Remove misleading spec_v1 check on var-offset stack read
    - net: pcs: xpcs: remove double-read of link state when using AN
    - vlan: partially enable SIOCSHWTSTAMP in container
    - net/packet: annotate accesses to po->xmit
    - net/packet: convert po->origdev to an atomic flag
    - net/packet: convert po->auxdata to an atomic flag
    - scsi: target: Fix multiple LUN_RESET handling
    - scsi: target: iscsit: Fix TAS handling during conn cleanup
    - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
    - f2fs: handle dqget error in f2fs_transfer_project_quota()
    - f2fs: enforce single zone capacity
    - f2fs: apply zone capacity to all zone type
    - f2fs: compress: fix to call f2fs_wait_on_page_writeback() in
      f2fs_write_raw_pages()
    - crypto: caam - Clear some memory in instantiate_rng
    - crypto: sa2ul - Select CRYPTO_DES
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
    - wifi: rt2x00: Fix memory leak when handling surveys
    - net: qrtr: correct types of trace event parameters
    - selftests: xsk: Disable IPv6 on VETH1
    - selftests/bpf: Wait for receive in cg_storage_multi test
    - bpftool: Fix bug for long instructions in program CFG dumps
    - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
    - crypto: drbg - Only fail when jent is unavailable in FIPS mode
    - xsk: Fix unaligned descriptor validation
    - f2fs: fix to avoid use-after-free for cached IPU bio
    - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
    - net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
    - bpf, sockmap: fix deadlocks in the sockhash and sockmap
    - nvmet: use i_size_read() to set size for file-ns
    - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate
    - nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()
    - nvmet: fix Identify Namespace handling
    - nvmet: fix Identify Controller handling
    - nvmet: fix Identify Active Namespace ID list handling
    - nvmet: fix I/O Command Set specific Identify Controller
    - nvme: handle the persistent internal error AER
    - nvme: fix async event trace event
    - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
    - selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach
    - bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
    - md: drop queue limitation for RAID1 and RAID10
    - md: raid10 add nowait support
    - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier()
    - md/raid10: fix task hung in raid10d
    - md/raid10: fix leak of 'r10bio->remaining' for recovery
    - md/raid10: fix memleak for 'conf->bio_split'
    - md/raid10: fix memleak of md thread
    - md/raid10: don't call bio_start_io_acct twice for bio which experienced read
      error
    - wifi: iwlwifi: yoyo: skip dump correctly on hw error
    - wifi: iwlwifi: yoyo: Fix possible division by zero
    - wifi: iwlwifi: mvm: initialize seq variable
    - wifi: iwlwifi: fw: move memset before early return
    - jdb2: Don't refuse invalidation of already invalidated buffers
    - wifi: iwlwifi: make the loop for card preparation effective
    - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
    - wifi: mt76: add flexible polling wait-interval support
    - wifi: mt76: mt7921e: fix probe timeout after reboot
    - wifi: mt76: fix 6GHz high channel not be scanned
    - wifi: mt76: mt7921e: improve reliability of dma reset
    - wifi: iwlwifi: mvm: check firmware response size
    - wifi: iwlwifi: fw: fix memory leak in debugfs
    - ixgbe: Allow flow hash to be set via ethtool
    - ixgbe: Enable setting RSS table to default values
    - net/mlx5: E-switch, Don't destroy indirect table in split rule
    - net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports
    - bpf: Don't EFAULT for getsockopt with optval=NULL
    - netfilter: nf_tables: don't write table validation state without mutex
    - net/sched: sch_fq: fix integer overflow of "credit"
    - ipv4: Fix potential uninit variable access bug in __ip_make_skb()
    - netlink: Use copy_to_user() for optval in netlink_getsockopt().
    - net: amd: Fix link leak when verifying config failed
    - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
    - ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
    - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
    - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
    - pstore: Revert pmsg_lock back to a normal mutex
    - usb: host: xhci-rcar: remove leftover quirk handling
    - usb: dwc3: gadget: Change condition for processing suspend event
    - serial: stm32: re-introduce an irq flag condition in usart_receive_chars
    - serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are
      transmitted
    - fpga: bridge: fix kernel-doc parameter description
    - iio: light: max44009: add missing OF device matching
    - serial: 8250_bcm7271: Fix arbitration handling
    - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
    - spi: imx: Don't skip cleanup in remove's error path
    - usb: gadget: udc: renesas_usb3: Fix use after free bug in
      renesas_usb3_remove due to race condition
    - PCI: imx6: Install the fault handler only on compatible match
    - ASoC: es8316: Handle optional IRQ assignment
    - linux/vt_buffer.h: allow either builtin or modular for macros
    - spi: qup: Don't skip cleanup in remove's error path
    - spi: fsl-spi: Fix CPM/QE mode Litte Endian
    - vmci_host: fix a race condition in vmci_host_poll() causing GPF
    - of: Fix modalias string generation
    - PCI/EDR: Clear Device Status after EDR error recovery
    - ia64: mm/contig: fix section mismatch warning/error
    - ia64: salinfo: placate defined-but-not-used warning
    - scripts/gdb: bail early if there are no clocks
    - scripts/gdb: bail early if there are no generic PD
    - HID: amd_sfh: Add support for shutdown operation
    - coresight: etm_pmu: Set the module field
    - ASoC: fsl_mqs: move of_node_put() to the correct location
    - spi: cadence-quadspi: fix suspend-resume implementations
    - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
    - scripts/gdb: raise error with reduced debugging information
    - uapi/linux/const.h: prefer ISO-friendly __typeof__
    - sh: sq: Fix incorrect element size for allocating bitmap buffer
    - usb: gadget: tegra-xudc: Fix crash in vbus_draw
    - usb: chipidea: fix missing goto in `ci_hdrc_probe`
    - usb: mtu3: fix kernel panic at qmu transfer done irq handler
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - tty: serial: fsl_lpuart: adjust buffer length to the intended size
    - serial: 8250: Add missing wakeup event reporting
    - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
    - spmi: Add a check for remove callback when removing a SPMI driver
    - virtio_ring: don't update event idx on get_buf
    - macintosh/windfarm_smu_sat: Add missing of_node_put()
    - powerpc/mpc512x: fix resource printk format warning
    - powerpc/wii: fix resource printk format warnings
    - powerpc/sysdev/tsi108: fix resource printk format warnings
    - macintosh: via-pmu-led: requires ATA to be set
    - powerpc/rtas: use memmove for potentially overlapping buffer copy
    - sched/fair: Use __schedstat_set() in set_next_entity()
    - sched: Make struct sched_statistics independent of fair sched class
    - sched/fair: Fix inaccurate tally of ttwu_move_affine
    - perf/core: Fix hardlockup failure caused by perf throttle
    - Revert "objtool: Support addition to set CFA base"
    - sched/rt: Fix bad task migration for rt tasks
    - clk: at91: clk-sam9x60-pll: fix return value check
    - RDMA/siw: Fix potential page_array out of range access
    - RDMA/rdmavt: Delete unnecessary NULL check
    - workqueue: Introduce show_one_worker_pool and show_one_workqueue.
    - workqueue: Fix hung time report of worker pools
    - rtc: omap: include header for omap_rtc_power_off_program prototype
    - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
    - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
    - fs/ntfs3: Fix memory leak if ntfs_read_mft failed
    - fs/ntfs3: Add check for kmemdup
    - fs/ntfs3: Fix OOB read in indx_insert_into_buffer
    - fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
    - power: supply: generic-adc-battery: fix unit scaling
    - clk: add missing of_node_put() in "assigned-clocks" property parsing
    - RDMA/siw: Remove namespace check from siw_netdev_event()
    - clk: qcom: gcc-sm6115: Mark RCGs shared where applicable
    - RDMA/cm: Trace icm_send_rej event before the cm state is reset
    - RDMA/srpt: Add a check for valid 'mad_agent' pointer
    - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
    - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
    - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
    - clk: qcom: regmap: add PHY clock source implementation
    - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
    - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
    - RDMA/mlx5: Fix flow counter query via DEVX
    - SUNRPC: remove the maximum number of retries in call_bind_status
    - RDMA/mlx5: Use correct device num_ports when modify DC
    - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when
      init fails
    - openrisc: Properly store r31 to pt_regs on unhandled exceptions
    - timekeeping: Fix references to nonexistent ktime_get_fast_ns()
    - SMB3: Add missing locks to protect deferred close file list
    - SMB3: Close deferred file handles in case of handle lease break
    - ext4: fix i_disksize exceeding i_size problem in paritally written case
    - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
    - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration
    - leds: TI_LMU_COMMON: select REGMAP instead of depending on it
    - dmaengine: mv_xor_v2: Fix an error code.
    - leds: tca6507: Fix error handling of using fwnode_property_read_string
    - pwm: mtk-disp: Disable shadow registers before setting backlight values
    - pwm: mtk-disp: Configure double buffering before reading in .get_state()
    - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and
      ulpi_port
    - dma: gpi: remove spurious unlock in gpi_ch_init
    - dmaengine: dw-edma: Fix to change for continuous transfer
    - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
    - dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie
    - dmaengine: at_xdmac: Fix race for the tx desc callback
    - dmaengine: at_xdmac: do not enable all cyclic channels
    - thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in
      mtk_thermal_probe
    - mfd: tqmx86: Do not access I2C_DETECT register through io_base
    - mfd: tqmx86: Specify IO port register range more precisely
    - mfd: tqmx86: Correct board names for TQMxE39x
    - afs: Fix updating of i_size with dv jump from server
    - parisc: Fix argument pointer in real64_call_asm()
    - ALSA: usb-audio: Add quirk for Pioneer DDJ-800
    - nilfs2: do not write dirty data after degenerating to read-only
    - nilfs2: fix infinite loop in nilfs_mdt_get_block()
    - md/raid10: fix null-ptr-deref in raid10_sync_request
    - mtd: core: provide unique name for nvmem device, take two
    - mtd: core: fix nvmem error reporting
    - mtd: core: fix error path for nvmem provider
    - mailbox: zynqmp: Fix IPI isr handling
    - mailbox: zynqmp: Fix typo in IPI documentation
    - wifi: rtl8xxxu: RTL8192EU always needs full init
    - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
    - scripts/gdb: fix lx-timerlist for Python3
    - btrfs: scrub: reject unsupported scrub flags
    - s390/dasd: fix hanging blockdevice after request requeue
    - ia64: fix an addr to taddr in huge_pte_offset()
    - dm verity: fix error handling for check_at_most_once on FEC
    - dm clone: call kmem_cache_destroy() in dm_clone_init() error path
    - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
    - dm flakey: fix a crash with invalid table line
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern
    - dm: don't lock fs when the map is NULL in process of resume
    - perf auxtrace: Fix address filter entire kernel size
    - perf intel-pt: Fix CYC timestamps after standalone CBR
    - sound/oss/dmasound: fix 'dmasound_setup' defined but not used
    - arm64: dts: qcom: sdm845: correct dynamic power coefficients - again
    - sched: Fix DEBUG && !SCHEDSTATS warn
    - Linux 5.15.111

* Jammy update: v5.15.110 upstream stable release (LP: #2025090)
    - PCI/ASPM: Remove pcie_aspm_pm_state_change()
    - selftests/kselftest/runner/run_one(): allow running non-executable files
    - KVM: arm64: Retry fault if vma_lookup() results become invalid
    - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
    - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()
    - USB: serial: option: add UNISOC vendor and TOZED LT70C product
    - driver core: Don't require dynamic_debug for initcall_debug probe timing
    - selftests: mptcp: join: fix "invalid address, ADD_ADDR timeout"
    - riscv: Move early dtb mapping into the fixmap region
    - riscv: Do not set initial_boot_params to the linear address of the dtb
    - riscv: No need to relocate the dtb as it lies in the fixmap region
    - Linux 5.15.110

* Jammy update: v5.15.109 upstream stable release (LP: #2024265)
    - ARM: dts: rockchip: fix a typo error for rk3288 spdif node
    - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
    - arm64: dts: meson-g12-common: specify full DMC range
    - arm64: dts: imx8mm-evk: correct pmic clock source
    - netfilter: br_netfilter: fix recent physdev match breakage
    - regulator: fan53555: Explicitly include bits header
    - regulator: fan53555: Fix wrong TCS_SLEW_MASK
    - virtio_net: bugfix overflow inside xdp_linearize_page()
    - sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP.
    - sfc: Fix use-after-free due to selftest_work
    - netfilter: nf_tables: fix ifdef to also consider nf_tables=m
    - i40e: fix accessing vsi->active_filters without holding lock
    - i40e: fix i40e_setup_misc_vector() error handling
    - netfilter: nf_tables: validate catch-all set elements
    - netfilter: nf_tables: tighten netlink attribute requirements for catch-all
      elements
    - bnxt_en: Do not initialize PTP on older P3/P4 chips
    - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
    - bonding: Fix memory leak when changing bond type to Ethernet
    - net: rpl: fix rpl header size calculation
    - mlxsw: pci: Fix possible crash during initialization
    - spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe()
    - bpf: Fix incorrect verifier pruning due to missing register precision taints
    - e1000e: Disable TSO on i219-LM card to increase speed
    - f2fs: Fix f2fs_truncate_partial_nodes ftrace event
    - Input: i8042 - add quirk for Fujitsu Lifebook A574/H
    - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
    - selftests: sigaltstack: fix -Wuninitialized
    - scsi: megaraid_sas: Fix fw_crash_buffer_show()
    - scsi: core: Improve scsi_vpd_inquiry() checks
    - net: dsa: b53: mmap: add phy ops
    - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
    - nvme-tcp: fix a possible UAF when failing to allocate an io queue
    - xen/netback: use same error messages for same errors
    - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
    - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path
    - iio: light: tsl2772: fix reading proximity-diodes from device tree
    - nilfs2: initialize unused bytes in segment summary blocks
    - memstick: fix memory leak if card device is never registered
    - kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
    - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
    - drm/i915: Fix fast wake AUX sync len
    - mm/khugepaged: check again on anon uffd-wp during isolation
    - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages
    - sched/uclamp: Fix fits_capacity() check in feec()
    - sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
    - sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit
      condition
    - sched/fair: Detect capacity inversion
    - sched/fair: Consider capacity inversion in util_fits_cpu()
    - sched/uclamp: Fix a uninitialized variable warnings
    - sched/fair: Fixes for capacity inversion detection
    - MIPS: Define RUNTIME_DISCARD_EXIT in LD script
    - docs: futex: Fix kernel-doc references after code split-up preparation
    - purgatory: fix disabling debug info
    - fuse: fix attr version comparison in fuse_read_update_size()
    - fuse: always revalidate rename target dentry
    - fuse: fix deadlock between atomic O_TRUNC and page invalidation
    - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
    - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
    - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
    - dccp: Call inet6_destroy_sock() via sk->sk_destruct().
    - sctp: Call inet6_destroy_sock() via sk->sk_destruct().
    - pwm: meson: Explicitly set .polarity in .get_state()
    - pwm: iqs620a: Explicitly set .polarity in .get_state()
    - pwm: hibvt: Explicitly set .polarity in .get_state()
    - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
    - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
    - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
    - ASoC: fsl_asrc_dma: fix potential null-ptr-deref
    - ASN.1: Fix check for strdup() success
    - soc: sifive: l2_cache: fix missing iounmap() in error path in
      sifive_l2_init()
    - soc: sifive: l2_cache: fix missing free_irq() in error path in
      sifive_l2_init()
    - soc: sifive: l2_cache: fix missing of_node_put() in sifive_l2_init()
    - Linux 5.15.109

* Disable hv-kvp-daemon if /dev/vmbus/hv_kvp is not present (LP: #2024900)
    - [Packaging] disable hv-kvp-daemon if needed

* A deadlock issue in scsi rescan task while resuming from S3 (LP: #2018566)
    - ata: libata-scsi: Avoid deadlock on rescan after device resume

* [SRU] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU (LP: #2008745)
    - [Config] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU

* [22.04 FEAT] Enhanced Interpretation for PCI Functions on s390x - kernel
    part (LP: #1853306)
    - kvm: use kvfree() in kvm_arch_free_vm()
    - s390/sclp: add detection of IPL-complete-control facility
    - s390/pci: use phys_to_virt() for AIBVs/DIBVs
    - s390/sclp: detect the zPCI load/store interpretation facility
    - s390/sclp: detect the AISII facility
    - s390/sclp: detect the AENI facility
    - s390/sclp: detect the AISI facility
    - s390/airq: pass more TPI info to airq handlers
    - s390/airq: allow for airq structure that uses an input vector
    - s390/pci: externalize the SIC operation controls and routine
    - s390/pci: stash associated GISA designation
    - s390/pci: stash dtsm and maxstbl
    - vfio/pci: introduce CONFIG_VFIO_PCI_ZDEV_KVM
    - KVM: s390: pci: add basic kvm_zdev structure
    - KVM: s390: pci: do initial setup for AEN interpretation
    - KVM: s390: pci: enable host forwarding of Adapter Event Notifications
    - KVM: s390: mechanism to enable guest zPCI Interpretation
    - KVM: s390: pci: provide routines for enabling/disabling interrupt forwarding
    - KVM: s390: pci: add routines to start/stop interpretive execution
    - vfio-pci/zdev: add open/close device hooks
    - vfio-pci/zdev: add function handle to clp base capability
    - vfio-pci/zdev: different maxstbl for interpreted devices
    - KVM: s390: add KVM_S390_ZPCI_OP to manage guest zPCI devices
    - MAINTAINERS: additional files related kvm s390 pci passthrough
    - Documentation: kvm: extend KVM_S390_ZPCI_OP subheading underline
    - KVM: s390: pci: Hook to access KVM lowlevel from VFIO
    - KVM: s390: pci: fix plain integer as NULL pointer warnings
    - KVM: s390: pci: fix GAIT physical vs virtual pointers usage
    - KVM: s390: pci: register pci hooks without interpretation
    - [Config] enable VFIO zPCI pass-through for s390x

* Undefined Behavior Sanitizer (UBSAN) causes failure to match symbols
    (LP: #2003374)
    - [Config] s390x: Re-adding UBSAN to configuration

* CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

* CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id

* CVE-2023-3389
    - io_uring: hold uring mutex around poll removal

* CVE-2023-3439
    - mctp: Add refcounts to mctp_dev
    - mctp: Allow MCTP on tun devices
    - mctp: make __mctp_dev_get() take a refcount hold
    - mctp: defer the kfree of object mdev->addrs

* CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

* CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

* CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

* CVE-2022-48502
    - fs/ntfs3: Check fields while reading

* ftrace in ubuntu_kernel_selftests failed with "check if duplicate events are
    caught" on J-5.15 P9 / J-kvm / L-kvm (LP: #1977827)
    - SAUCE: selftests/ftrace: Add test dependency

* Add microphone support of the front headphone port on P3 Tower
    (LP: #2023650)
    - ALSA: hda/realtek: Add Lenovo P3 Tower platform

* Add audio support for ThinkPad P1 Gen 6 and Z16 Gen 2 (LP: #2023539)
    - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
    - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6

* Resolve synchronous exception on arm64 (LP: #2023311)
    - arm64: efi: Recover from synchronous exceptions occurring in firmware

* Enable Tracing Configs for OSNOISE and TIMERLAT (LP: #2018591)
    - [Config] Enable OSNOISE_TRACER and TIMERLAT_TRACER configs

* Severe NFS performance degradation after LP #2003053 (LP: #2022098)
    - SAUCE: Make NFS file-access stale cache behaviour opt-in

* Encountering an issue with memcpy_fromio causing failed boot of SEV-enabled
    guest (LP: #2020319)
    - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO

* linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
    images (LP: #2019040)
    - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y

* CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

* CVE-2023-0597
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

* Jammy update: v5.15.108 upstream stable release (LP: #2023328)
    - Revert "pinctrl: amd: Disable and mask interrupts on resume"
    - ALSA: emu10k1: fix capture interrupt handler unlinking
    - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
    - ALSA: i2c/cs8427: fix iec958 mixer control deactivation
    - ALSA: firewire-tascam: add missing unwind goto in
      snd_tscm_stream_start_duplex()
    - ALSA: emu10k1: don't create old pass-through playback device on Audigy
    - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
    - Bluetooth: Fix race condition in hidp_session_thread
    - btrfs: print checksum type and implementation at mount time
    - btrfs: fix fast csum implementation detection
    - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
    - mtdblock: tolerate corrected bit-flips
    - mtd: rawnand: meson: fix bitmask for length in command word
    - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
    - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
    - KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
    - drm/i915/dsi: fix DSS CTL register offsets for TGL+
    - clk: sprd: set max_register according to mapping range
    - RDMA/irdma: Fix memory leak of PBLE objects
    - RDMA/irdma: Increase iWARP CM default rexmit count
    - RDMA/irdma: Add ipv4 check to irdma_find_listener()
    - IB/mlx5: Add support for 400G_8X lane speed
    - RDMA/cma: Allow UD qp_type to join multicast only
    - bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
    - niu: Fix missing unwind goto in niu_alloc_channels()
    - tcp: restrict net.ipv4.tcp_app_win
    - drm/armada: Fix a potential double free in an error handling path
    - qlcnic: check pci_reset_function result
    - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
    - sctp: fix a potential overflow in sctp_ifwdtsn_skip
    - RDMA/core: Fix GID entry ref leak when create_ah fails
    - udp6: fix potential access to stale information
    - net: macb: fix a memory corruption in extended buffer descriptor mode
    - skbuff: Fix a race between coalescing and releasing SKBs
    - libbpf: Fix single-line struct definition output in btf_dump
    - ARM: 9290/1: uaccess: Fix KASAN false-positives
    - power: supply: cros_usbpd: reclassify "default case!" as debug
    - wifi: mwifiex: mark OF related data as maybe unused
    - i2c: imx-lpi2c: clean rx/tx buffers upon new message
    - i2c: hisi: Avoid redundant interrupts
    - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
    - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
    - verify_pefile: relax wrapper length check
    - asymmetric_keys: log on fatal failures in PE/pkcs7
    - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
    - ACPI: resource: Add Medion S17413 to IRQ override quirk
    - counter: stm32-lptimer-cnt: Provide defines for clock polarities
    - counter: stm32-timer-cnt: Provide defines for slave mode selection
    - counter: Internalize sysfs interface code
    - counter: 104-quad-8: Fix Synapse action reported for Index signals
    - tracing: Add trace_array_puts() to write into instance
    - tracing: Have tracing_snapshot_instance_cond() write errors to the
      appropriate instance
    - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
    - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
    - riscv: add icache flush for nommu sigreturn trampoline
    - net: sfp: initialize sfp->i2c_block_size at sfp allocation
    - net: phy: nxp-c45-tja11xx: add remove callback
    - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
    - scsi: ses: Handle enclosure with just a primary component gracefully
    - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
    - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
    - mptcp: use mptcp_schedule_work instead of open-coding it
    - mptcp: stricter state check in mptcp_worker
    - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
    - ubi: Fix deadlock caused by recursively holding work_sem
    - powerpc/papr_scm: Update the NUMA distance table for the target node
    - sched/fair: Move calculate of avg_load to a better location
    - sched/fair: Fix imbalance overflow
    - x86/rtc: Remove __init for runtime functions
    - i2c: ocores: generate stop condition after timeout in polling mode
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S50
    - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
    - nvme-pci: Crucial P2 has bogus namespace ids
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM760
    - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
    - kexec: turn all kexec_mutex acquisitions into trylocks
    - panic, kexec: make __crash_kexec() NMI safe
    - counter: fix docum. build problems after filename change
    - counter: Add the necessary colons and indents to the comments of
      counter_compi
    - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
    - Linux 5.15.108

* Jammy update: v5.15.107 upstream stable release (LP: #2023320)
    - ocfs2: ocfs2_mount_volume does cleanup job before return error
    - ocfs2: rewrite error handling of ocfs2_fill_super
    - ocfs2: fix memory leak in ocfs2_mount_volume()
    - NFSD: Fix sparse warning
    - NFSD: pass range end to vfs_fsync_range() instead of count
    - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc
    - platform/x86: int3472: Split into 2 drivers
    - [Config] updateconfigs for Intel skl_int3472 driver split
    - platform/x86: int3472/discrete: Ensure the clk/power enable pins are in
      output mode
    - iavf: return errno code instead of status code
    - iavf/iavf_main: actually log ->src mask when talking about it
    - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards
    - serial: exar: Add support for Sealevel 7xxxC serial cards
    - bpf: hash map, avoid deadlock with suitable hash mask
    - gpio: GPIO_REGMAP: select REGMAP instead of depending on it
    - Drivers: vmbus: Check for channel allocation before looking up relids
    - pwm: cros-ec: Explicitly set .polarity in .get_state()
    - pwm: sprd: Explicitly set .polarity in .get_state()
    - KVM: s390: pv: fix external interruption loop not always detected
    - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
      sta
    - net: qrtr: combine nameservice into main module
    - [Config] updateconfigs for ns module merger
    - net: qrtr: Fix a refcount bug in qrtr_recvmsg()
    - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
    - icmp: guard against too small mtu
    - net: don't let netpoll invoke NAPI if in xmit context
    - net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
    - sctp: check send stream number after wait_for_sndbuf
    - net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
    - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
    - platform/x86: think-lmi: Fix memory leak when showing current settings
    - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI
      strings
    - platform/x86: think-lmi: Clean up display of current_value on Thinkstation
    - gpio: davinci: Add irq chip flag to skip set wake
    - net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
    - net: stmmac: fix up RX flow hash indirection table when setting channels
    - sunrpc: only free unix grouplist after RCU settles
    - NFSD: callback request does not use correct credential for AUTH_SYS
    - ice: fix wrong fallback logic for FDIR
    - ice: Reset FDIR counter in FDIR init stage
    - ethtool: reset #lanes when lanes is omitted
    - gve: Secure enough bytes in the first TX desc for all TCP pkts
    - kbuild: refactor single builds of *.ko
    - usb: xhci: tegra: fix sleep in atomic call
    - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
    - usb: cdnsp: Fixes error: uninitialized symbol 'len'
    - usb: dwc3: pci: add support for the Intel Meteor Lake-S
    - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
    - usb: typec: altmodes/displayport: Fix configure initial pin assignment
    - USB: serial: option: add Telit FE990 compositions
    - USB: serial: option: add Quectel RM500U-CN modem
    - iio: adis16480: select CONFIG_CRC32
    - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
    - iio: dac: cio-dac: Fix max DAC write value check for 12-bit
    - iio: light: cm32181: Unregister second I2C client if present
    - tty: serial: sh-sci: Fix transmit end interrupt handler
    - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
    - tty: serial: fsl_lpuart: avoid checking for transfer complete when
      UARTCTRL_SBK is asserted in lpuart32_tx_empty
    - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
    - nilfs2: fix sysfs interface lifetime
    - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
    - ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
    - ALSA: hda/realtek: Add quirk for Clevo X370SNW
    - coresight: etm4x: Do not access TRCIDR1 for identification
    - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
    - iio: adc: ad7791: fix IRQ flags
    - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
    - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
    - smb3: allow deferred close timeout to be configurable
    - smb3: lower default deferred close timeout to address perf regression
    - cifs: sanitize paths in cifs_update_super_prepath.
    - perf/core: Fix the same task check in perf_event_set_output
    - ftrace: Mark get_lock_parent_ip() __always_inline
    - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
    - fs: drop peer group ids under namespace lock
    - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
    - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
    - tracing: Free error logs of tracing instances
    - ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
    - mm: vmalloc: avoid warn_alloc noise caused by fatal signal
    - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
    - drm/nouveau/disp: Support more modes by checking with lower bpc
    - ring-buffer: Fix race while reader and writer are on the same page
    - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
    - drm/bridge: lt9611: Fix PLL being unable to lock
    - mm: take a page reference when removing device exclusive entries
    - kbuild: fix single directory build
    - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
    - bpftool: Print newline before '}' for struct with padding only fields
    - Linux 5.15.107

* Jammy update: v5.15.106 upstream stable release (LP: #2023233)
    - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
    - usb: dwc3: gadget: move cmd_endtransfer to extra function
    - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
    - kernel: kcsan: kcsan_test: build without structleak plugin
    - kcsan: avoid passing -g for test
    - ksmbd: don't terminate inactive sessions after a few seconds
    - bus: imx-weim: fix branch condition evaluates to a garbage value
    - xfrm: Zero padding when dumping algos and encap
    - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
    - md: avoid signed overflow in slot_store()
    - x86/PVH: obtain VGA console info in Dom0
    - net: hsr: Don't log netdev_err message on unknown prp dst node
    - ALSA: asihpi: check pao in control_message()
    - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
    - fbdev: tgafb: Fix potential divide by zero
    - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
    - fbdev: nvidia: Fix potential divide by zero
    - fbdev: intelfb: Fix potential divide by zero
    - fbdev: lxfb: Fix potential divide by zero
    - fbdev: au1200fb: Fix potential divide by zero
    - tools/power turbostat: Fix /dev/cpu_dma_latency warnings
    - tools/power turbostat: fix decoding of HWP_STATUS
    - tracing: Fix wrong return in kprobe_event_gen_test.c
    - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
    - mips: bmips: BCM6358: disable RAC flush for TP1
    - ALSA: usb-audio: Fix recursive locking at XRUN during syncing
    - platform/x86: think-lmi: add missing type attribute
    - platform/x86: think-lmi: use correct possible_values delimiters
    - platform/x86: think-lmi: only display possible_values if available
    - platform/x86: think-lmi: Add possible_values for ThinkStation
    - mtd: rawnand: meson: invalidate cache on polling ECC bit
    - SUNRPC: fix shutdown of NFS TCP client socket
    - sfc: ef10: don't overwrite offload features at NIC reset
    - scsi: megaraid_sas: Fix crash after a double completion
    - scsi: mpt3sas: Don't print sense pool info twice
    - ptp_qoriq: fix memory leak in probe()
    - net: dsa: microchip: ksz8863_smi: fix bulk access
    - r8169: fix RTL8168H and RTL8107E rx crc error
    - regulator: Handle deferred clk
    - net/net_failover: fix txq exceeding warning
    - net: stmmac: don't reject VLANs when IFF_PROMISC is set
    - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
    - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
    - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
    - s390/vfio-ap: fix memory leak in vfio_ap device driver
    - loop: suppress uevents while reconfiguring the device
    - loop: LOOP_CONFIGURE: send uevents for partitions
    - net: mvpp2: classifier flow fix fragmentation flags
    - net: mvpp2: parser fix QinQ
    - net: mvpp2: parser fix PPPoE
    - smsc911x: avoid PHY being resumed when interface is not up
    - ice: add profile conflict check for AVF FDIR
    - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg()
    - ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
    - ALSA: ymfpci: Fix BUG_ON in probe function
    - net: ipa: compute DMA pool size properly
    - i40e: fix registers dump after run ethtool adapter self test
    - bnxt_en: Fix reporting of test result in ethtool selftest
    - bnxt_en: Fix typo in PCI id to device description string mapping
    - bnxt_en: Add missing 200G link speed reporting
    - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
    - net: ethernet: mtk_eth_soc: fix flow block refcounting logic
    - pinctrl: ocelot: Fix alt mode for ocelot
    - iommu/vt-d: Allow zero SAGAW if second-stage not supported
    - Input: alps - fix compatibility with -funsigned-char
    - Input: focaltech - use explicitly signed char type
    - cifs: prevent infinite recursion in CIFSGetDFSRefer()
    - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
    - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
    - btrfs: fix race between quota disable and quota assign ioctls
    - btrfs: scan device in non-exclusive mode
    - zonefs: Always invalidate last cached page on append write
    - can: j1939: prevent deadlock by moving j1939_sk_errqueue()
    - xen/netback: don't do grant copy across page boundary
    - net: phy: dp83869: fix default value for tx-/rx-internal-delay
    - pinctrl: amd: Disable and mask interrupts on resume
    - pinctrl: at91-pio4: fix domain name assignment
    - powerpc: Don't try to copy PPR for task with NULL pt_regs
    - NFSv4: Fix hangs when recovering open state after a server reboot
    - ALSA: hda/conexant: Partial revert of a quirk for Lenovo
    - ALSA: usb-audio: Fix regression on detection of Roland VS-100
    - ALSA: hda/realtek: Add quirks for some Clevo laptops
    - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
    - xtensa: fix KASAN report for show_stack
    - rcu: Fix rcu_torture_read ftrace event
    - drm/etnaviv: fix reference leak when mmaping imported buffer
    - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
    - KVM: arm64: Disable interrupts while walking userspace PTs
    - KVM: VMX: Move preemption timer <=> hrtimer dance to common x86
    - KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
    - KVM: x86: Purge "highest ISR" cache when updating APICv state
    - zonefs: Fix error message in zonefs_file_dio_append()
    - selftests/bpf: Test btf dump for struct with padding only fields
    - libbpf: Fix BTF-to-C converter's padding logic
    - selftests/bpf: Add few corner cases to test padding handling of btf_dump
    - libbpf: Fix btf_dump's packed struct determination
    - hsr: ratelimit only when errors are printed
    - x86/PVH: avoid 32-bit build warning when obtaining VGA console info
    - Linux 5.15.106

* Jammy update: v5.15.105 upstream stable release (LP: #2023230)
    - interconnect: qcom: osm-l3: fix icc_onecell_data allocation
    - perf/core: Fix perf_output_begin parameter is incorrectly invoked in
      perf_event_bpf_output
    - perf: fix perf_event_context->time
    - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
    - serial: fsl_lpuart: Fix comment typo
    - tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API
    - tty: serial: fsl_lpuart: fix race on RX DMA shutdown
    - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
    - [Config] updateconfigs for SERIAL_8250_ASPEED_VUART
    - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
    - kthread: add the helper function kthread_run_on_cpu()
    - trace/hwlat: make use of the helper function kthread_run_on_cpu()
    - trace/hwlat: Do not start per-cpu thread if it is already running
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()
    - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of
      pm_runtime_get_sync
    - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race
      condition
    - power: supply: da9150: Fix use after free bug in da9150_charger_remove due
      to race condition
    - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
    - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
    - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
    - xsk: Add missing overflow check in xdp_umem_reg
    - iavf: fix inverted Rx hash condition leading to disabled hash
    - iavf: fix non-tunneled IPv6 UDP packet type and hashing
    - intel/igbvf: free irq on the error path in igbvf_request_msix()
    - igbvf: Regard vf reset nack as success
    - igc: fix the validation logic for taprio's gate list
    - i2c: imx-lpi2c: check only for enabled interrupt flags
    - i2c: hisi: Only use the completion interrupt to finish the transfer
    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
    - net: dsa: b53: mmap: fix device tree support
    - net: usb: smsc95xx: Limit packet length to skb->len
    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    - net: phy: Ensure state transitions are processed from phy_stop()
    - net: mdio: fix owner field for mdio buses registered using device-tree
    - net: mdio: fix owner field for mdio buses registered using ACPI
    - drm/i915/gt: perform uc late init after probe error injection
    - net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    - net/ps3_gelic_net: Fix RX sk_buff length
    - net/ps3_gelic_net: Use dma_mapping_error
    - octeontx2-vf: Add missing free for alloc_percpu
    - bootconfig: Fix testcase to increase max node
    - keys: Do not cache key in task struct if key is requested from kernel thread
    - iavf: fix hang on reboot with ice
    - i40e: fix flow director packet filter programming
    - bpf: Adjust insufficient default bpf_jit_limit
    - net/mlx5e: Set uplink rep as NETNS_LOCAL
    - net/mlx5: Fix steering rules cleanup
    - net/mlx5: Read the TC mapping of all priorities on ETS query
    - net/mlx5: E-Switch, Fix an Oops in error handling code
    - net: dsa: tag_brcm: legacy: fix daisy-chained switches
    - atm: idt77252: fix kmemleak when rmmod idt77252
    - erspan: do not use skb_mac_header() in ndo_start_xmit()
    - net/sonic: use dma_mapping_error() for error check
    - nvme-tcp: fix nvme_tcp_term_pdu to match spec
    - hvc/xen: prevent concurrent accesses to the shared ring
    - ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA
    - ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES
    - ksmbd: fix possible refcount leak in smb2_open()
    - gve: Cache link_speed value from device
    - net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup()
    - net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup()
    - net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case
    - net: mdio: thunder: Add missing fwnode_handle_put()
    - Bluetooth: btqcomsmd: Fix command timeout after setting BD address
    - Bluetooth: L2CAP: Fix responding with wrong PDU type
    - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
    - thread_info: Add helpers to snapshot thread flags
    - entry: Snapshot thread flags
    - entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up
    - hwmon: fix potential sensor registration fail if of_node is missing
    - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
    - scsi: qla2xxx: Synchronize the IOCB count to be in order
    - scsi: qla2xxx: Perform lockless command completion in abort path
    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
    - thunderbolt: Use scale field when allocating USB3 bandwidth
    - thunderbolt: Call tb_check_quirks() after initializing adapters
    - thunderbolt: Disable interrupt auto clear for rings
    - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
    - thunderbolt: Use const qualifier for `ring_interrupt_index`
    - thunderbolt: Rename shadowed variables bit to interrupt_bit and
      auto_clear_bit
    - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
    - riscv: Bump COMMAND_LINE_SIZE value to 1024
    - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update()
    - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
    - ca8210: fix mac_len negative array access
    - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
    - m68k: Only force 030 bus error if PC not in exception table
    - selftests/bpf: check that modifier resolves after pointer
    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
    - scsi: hisi_sas: Check devm_add_action() return value
    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
    - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
    - scsi: lpfc: Avoid usage of list iterator variable after loop
    - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
    - net: usb: qmi_wwan: add Telit 0x1080 composition
    - sh: sanitize the flags on sigreturn
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress
    - cifs: empty interface list when server doesn't support query interfaces
    - cifs: print session id while listing open files
    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
    - usb: dwc2: fix a devres leak in hw_enable upon suspend resume
    - usb: gadget: u_audio: don't let userspace block driver unbind
    - efi: sysfb_efi: Fix DMI quirks not working for simpledrm
    - mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP
    - fscrypt: destroy keyring after security_sb_delete()
    - fsverity: Remove WQ_UNBOUND from fsverity read workqueue
    - lockd: set file_lock start and end when decoding nlm4 testargs
    - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
    - igb: revert rtnl_lock() that causes deadlock
    - dm thin: fix deadlock when swapping to thin device
    - usb: typec: tcpm: fix warning when handle discover_identity message
    - usb: cdns3: Fix issue with using incorrect PCI device function
    - usb: cdnsp: Fixes issue with redundant Status Stage
    - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
    - usb: chipdea: core: fix return -EINVAL if request role is the same with
      current role
    - usb: chipidea: core: fix possible concurrent when switch role
    - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
    - kfence: avoid passing -g for test
    - KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() with
      vcpu_mask==NULL
    - ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION
    - ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect
    - ksmbd: return unsupported error on smb1 mount
    - wifi: mac80211: fix qos on mesh interfaces
    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
    - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
    - drm/meson: fix missing component unbind on bind errors
    - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi
    - drm/i915/active: Fix missing debug object activation
    - drm/i915: Preserve crtc_state->inherited during state clearing
    - riscv: mm: Fix incorrect ASID argument when flushing TLB
    - riscv: Handle zicsr/zifencei issues between clang and binutils
    - tee: amdtee: fix race condition in amdtee_open_session
    - firmware: arm_scmi: Fix device node validation for mailbox transport
    - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    - dm stats: check for and propagate alloc_percpu failure
    - dm crypt: add cond_resched() to dmcrypt_write()
    - dm crypt: avoid accessing uninitialized tasklet
    - sched/fair: sanitize vruntime of entity being placed
    - sched/fair: Sanitize vruntime of entity being migrated
    - mm: kfence: fix using kfence_metadata without initialization in
      show_object()
    - ocfs2: fix data corruption after failed write
    - Linux 5.15.105

* Jammy update: v5.15.104 upstream stable release (LP: #2023225)
    - xfrm: Allow transport-mode states with AF_UNSPEC selector
    - drm/panfrost: Don't sync rpm suspension after mmu flushing
    - cifs: Move the in_send statistic to __smb_send_rqst()
    - drm/meson: fix 1px pink line on GXM when scaling video overlay
    - clk: HI655X: select REGMAP instead of depending on it
    - docs: Correct missing "d_" prefix for dentry_operations member
      d_weak_revalidate
    - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
    - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
    - netfilter: nft_nat: correct length for loading protocol registers
    - netfilter: nft_masq: correct length for loading protocol registers
    - netfilter: nft_redir: correct length for loading protocol registers
    - netfilter: nft_redir: correct value of inet type `.maxattrs`
    - scsi: core: Fix a procfs host directory removal regression
    - tcp: tcp_make_synack() can be called from process context
    - nfc: pn533: initialize struct pn533_out_arg properly
    - ipvlan: Make skb->skb_iif track skb->dev for l3s mode
    - i40e: Fix kernel crash during reboot when adapter is in recovery mode
    - vdpa_sim: not reset state in vdpasim_queue_ready
    - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
    - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
    - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch
      enabled
    - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area
    - drm/i915/display: clean up comments
    - drm/i915/psr: Use calculated io and fast wake lines
    - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
    - qed/qed_dev: guard against a possible division by zero
    - net: dsa: mt7530: remove now incorrect comment regarding port 5
    - net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
    - loop: Fix use-after-free issues
    - net: tunnels: annotate lockless accesses to dev->needed_headroom
    - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
    - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
    - net/smc: fix deadlock triggered by cancel_delayed_work_syn()
    - net: usb: smsc75xx: Limit packet length to skb->len
    - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
    - block: null_blk: Fix handling of fake timeout request
    - nvme: fix handling single range discard request
    - nvmet: avoid potential UAF in nvmet_req_complete()
    - block: sunvdc: add check for mdesc_grab() returning NULL
    - ice: xsk: disable txq irq before flushing hw
    - net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
    - ravb: avoid PHY being resumed when interface is not up
    - sh_eth: avoid PHY being resumed when interface is not up
    - ipv4: Fix incorrect table ID in IOCTL path
    - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
      skb_pull
    - net/iucv: Fix size of interrupt data
    - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
    - ethernet: sun: add check for the mdesc_grab()
    - bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
    - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
    - hwmon: (adt7475) Display smoothing attributes in correct order
    - hwmon: (adt7475) Fix masking of hysteresis registers
    - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race
      condition
    - hwmon: (ina3221) return prober error code
    - hwmon: (ucd90320) Add minimum delay between bus accesses
    - hwmon: tmp512: drop of_match_ptr for ID table
    - kconfig: Update config changed flag before calling callback
    - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
    - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
    - media: m5mols: fix off-by-one loop termination error
    - mmc: atmel-mci: fix race between stop command and start of next command
    - jffs2: correct logic when creating a hole in jffs2_write_begin
    - ext4: fail ext4_iget if special inode unallocated
    - ext4: update s_journal_inum if it changes after journal replay
    - ext4: fix task hung in ext4_xattr_delete_inode
    - drm/amdkfd: Fix an illegal memory access
    - net/9p: fix bug in client create for .L
    - sh: intc: Avoid spurious sizeof-pointer-div warning
    - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
    - ext4: fix possible double unlock when moving a directory
    - tty: serial: fsl_lpuart: skip waiting for transmission complete when
      UARTCTRL_SBK is asserted
    - serial: 8250_em: Fix UART port type
    - serial: 8250_fsl: fix handle_irq locking
    - firmware: xilinx: don't make a sleepable memory allocation from an atomic
      context
    - s390/ipl: add missing intersection check to ipl_report handling
    - interconnect: fix mem leak when freeing nodes
    - interconnect: exynos: fix node leak in probe PM QoS error path
    - tracing: Make splice_read available again
    - tracing: Check field value in hist_field_name()
    - tracing: Make tracepoint lockdep check actually test something
    - cifs: Fix smb2_set_path_size()
    - ALSA: hda: intel-dsp-config: add MTL PCI id
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
    - Revert "riscv: mm: notify remote harts about mmu cache updates"
    - riscv: asid: Fixup stale TLB entry cause application crash
    - drm/shmem-helper: Remove another errant put in error path
    - drm/sun4i: fix missing component unbind on bind errors
    - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
    - mptcp: fix possible deadlock in subflow_error_report
    - mptcp: add ro_after_init for tcp{,v6}_prot_override
    - mptcp: avoid setting TCP_CLOSE state twice
    - mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
    - ftrace: Fix invalid address access in lookup_rec() when index is 0
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
    - mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
    - mmc: sdhci_am654: lower power-on failed message severity
    - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
    - trace/hwlat: Do not wipe the contents of per-cpu thread data
    - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
    - cpuidle: psci: Iterate backwards over list in psci_pd_remove()
    - x86/mce: Make sure logged MCEs are processed after sysfs update
    - x86/mm: Fix use of uninitialized buffer in sme_enable()
    - x86/resctrl: Clear staged_config[] before and after it is used
    - drm/i915: Don't use stolen memory for ring buffers with LLC
    - drm/i915/active: Fix misuse of non-idle barriers as fence trackers
    - io_uring: avoid null-ptr-deref in io_arm_poll_handler
    - PCI: Unify delay handling for reset and resume
    - PCI/DPC: Await readiness of secondary bus after reset
    - HID: core: Provide new max_buffer_size attribute to over-ride the default
    - HID: uhid: Over-ride the default maximum data buffer value with our own
    - perf: Fix check before add_event_to_groups() in perf_group_detach()
    - Linux 5.15.104

* Jammy update: v5.15.103 upstream stable release (LP: #2023224)
    - fs: prevent out-of-bounds array speculation when closing a file descriptor
    - btrfs: fix percent calculation for bg reclaim message
    - perf inject: Fix --buildid-all not to eat up MMAP2
    - fork: allow CLONE_NEWTIME in clone3 flags
    - x86/CPU/AMD: Disable XSAVES on AMD family 0x17
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
    - drm/connector: print max_requested_bpc in state debugfs
    - staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
    - ext4: fix cgroup writeback accounting with fs-layer encryption
    - ext4: fix RENAME_WHITEOUT handling for inline directories
    - ext4: fix another off-by-one fsmap error on 1k block filesystems
    - ext4: move where set the MAY_INLINE_DATA flag is set
    - ext4: fix WARNING in ext4_update_inline_data
    - ext4: zero i_disksize when initializing the bootloader inode
    - nfc: change order inside nfc_se_io error path
    - KVM: Optimize kvm_make_vcpus_request_mask() a bit
    - KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except()
    - KVM: Register /dev/kvm as the _very_ last thing during initialization
    - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure
    - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
    - fs: dlm: fix log of lowcomms vs midcomms
    - fs: dlm: add midcomms init/start functions
    - fs: dlm: start midcomms before scand
    - udf: Fix off-by-one error when discarding preallocation
    - f2fs: avoid down_write on nat_tree_lock during checkpoint
    - f2fs: do not bother checkpoint by f2fs_get_node_info
    - f2fs: retry to update the inode page given data corruption
    - ipmi:ssif: Increase the message retry time
    - ipmi:ssif: Add a timer between request retries
    - irqdomain: Refactor __irq_domain_alloc_irqs()
    - iommu/vt-d: Fix PASID directory pointer coherency
    - block/brd: add error handling support for add_disk()
    - brd: mark as nowait compatible
    - arm64: efi: Make efi_rt_lock a raw_spinlock
    - RISC-V: Avoid dereferening NULL regs in die()
    - riscv: Avoid enabling interrupts in die()
    - riscv: Add header include guards to insn.h
    - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
    - regulator: Flag uncontrollable regulators as always_on
    - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators
    - regulator: core: Use ktime_get_boottime() to determine how long a regulator
      was off
    - ext4: Fix possible corruption when moving a directory
    - drm/nouveau/kms/nv50-: remove unused functions
    - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
    - drm/msm: Fix potential invalid ptr free
    - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
    - drm/msm/a5xx: fix highest bank bit for a530
    - drm/msm/a5xx: fix the emptyness check in the preempt code
    - drm/msm/a5xx: fix context faults during ring switch
    - bgmac: fix *initial* chip reset to support BCM5358
    - nfc: fdp: add null check of devm_kmalloc_array in
      fdp_nci_i2c_read_device_properties
    - powerpc: dts: t1040rdb: fix compatible string for Rev A boards
    - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
    - selftests: nft_nat: ensuring the listening side is up before starting the
      client
    - perf stat: Fix counting when initial delay configured
    - net: lan78xx: fix accessing the LAN7800's internal phy specific registers
      from the MAC driver
    - net: caif: Fix use-after-free in cfusbl_device_notify()
    - ice: copy last block omitted in ice_get_module_eeprom()
    - bpf, sockmap: Fix an infinite loop error when len is 0 in
      tcp_bpf_recvmsg_parser()
    - drm/msm/dpu: fix len of sc7180 ctl blocks
    - net: stmmac: add to set device wake up flag when stmmac init phy
    - net: phylib: get rid of unnecessary locking
    - bnxt_en: Avoid order-5 memory allocation for TPA data
    - netfilter: tproxy: fix deadlock due to missing BH disable
    - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
    - net: phy: smsc: Cache interrupt mask
    - net: phy: smsc: fix link up detection in forced irq mode
    - net: ethernet: mtk_eth_soc: fix RX data corruption issue
    - scsi: megaraid_sas: Update max supported LD IDs to 240
    - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
    - net/smc: fix fallback failed while sendmsg with fastopen
    - octeontx2-af: Unlock contexts in the queue context cache in case of fault
      detection
    - SUNRPC: Fix a server shutdown leak
    - net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
    - af_unix: Remove unnecessary brackets around CONFIG_AF_UNIX_OOB.
    - af_unix: fix struct pid leaks in OOB support
    - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
    - s390/ftrace: remove dead code
    - RISC-V: Don't check text_mutex during stop_machine
    - ext4: Fix deadlock during directory rename
    - irqdomain: Fix mapping-creation race
    - nbd: use the correct block_device in nbd_bdev_reset
    - iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands
    - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
    - iommu/amd: Add a length limitation for the ivrs_acpihid command-line
      parameter
    - staging: rtl8723bs: clean up comparsions to NULL
    - Staging: rtl8723bs: Placing opening { braces in previous line
    - staging: rtl8723bs: fix placement of braces
    - staging: rtl8723bs: Fix key-store index handling
    - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
    - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
    - xfs: use setattr_copy to set vfs inode attributes
    - xfs: remove XFS_PREALLOC_SYNC
    - xfs: fallocate() should call file_modified()
    - xfs: set prealloc flag in xfs_alloc_file_space()
    - fs: add mode_strip_sgid() helper
    - fs: move S_ISGID stripping into the vfs_*() helpers
    - attr: add in_group_or_capable()
    - fs: move should_remove_suid()
    - attr: add setattr_should_drop_sgid()
    - attr: use consistent sgid stripping checks
    - fs: use consistent setgid checks in is_sxid()
    - MIPS: Fix a compilation issue
    - powerpc/iommu: fix memory leak with using debugfs_lookup()
    - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
    - alpha: fix R_ALPHA_LITERAL reloc for large modules
    - macintosh: windfarm: Use unsigned type for 1-bit bitfields
    - PCI: Add SolidRun vendor ID
    - scripts: handle BrokenPipeError for python scripts
    - media: ov5640: Fix analogue gain control
    - media: rc: gpio-ir-recv: add remove function
    - filelocks: use mount idmapping for setlease permission check
    - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
    - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
    - ext4: add strict range checks while freeing blocks
    - ext4: block range must be validated before use in ext4_mb_clear_bb()
    - arch: fix broken BuildID for arm64 and riscv
    - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
    - powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
    - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
    - sh: define RUNTIME_DISCARD_EXIT
    - tools build: Add feature test for init_disassemble_info API changes
    - tools include: add dis-asm-compat.h to handle version differences
    - tools perf: Fix compilation error with new binutils
    - tools bpf_jit_disasm: Fix compilation error with new binutils
    - tools bpftool: Fix compilation error with new binutils
    - KVM: fix memoryleak in kvm_init()
    - xfs: remove xfs_setattr_time() declaration
    - UML: define RUNTIME_DISCARD_EXIT
    - fs: hold writers when changing mount's idmapping
    - KVM: nVMX: Don't use Enlightened MSR Bitmap for L3
    - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
    - KVM: VMX: Fix crash due to uninitialized current_vmcs
    - Makefile: use -gdwarf-{4|5} for assembler for DEBUG_INFO_DWARF{4|5}
    - Linux 5.15.103

* Jammy update: v5.15.102 upstream stable release (LP: #2020393)
    - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
    - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
    - Linux 5.15.102

* Jammy update: v5.15.101 upstream stable release (LP: #2020391)
    - Linux 5.15.101

* Jammy update: v5.15.100 upstream stable release (LP: #2020387)
    - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
    - fs/jfs: fix shift exponent db_agl2size negative
    - objtool: Fix memory leak in create_static_call_sections()
    - pwm: sifive: Reduce time the controller lock is held
    - pwm: sifive: Always let the first pwm_apply_state succeed
    - pwm: stm32-lp: fix the check on arr and cmp registers update
    - f2fs: use memcpy_{to,from}_page() where possible
    - fs: f2fs: initialize fsdata in pagecache_write()
    - f2fs: allow set compression option of files without blocks
    - um: vector: Fix memory leak in vector_config
    - ubi: ensure that VID header offset + VID header size <= alloc, size
    - ubifs: Fix build errors as symbol undefined
    - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
    - ubifs: Rectify space budget for ubifs_xrename()
    - ubifs: Fix wrong dirty space budget for dirty inode
    - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
    - ubifs: Reserve one leb for each journal head while doing budget
    - ubi: Fix use-after-free when volume resizing failed
    - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
    - ubifs: Fix memory leak in alloc_wbufs()
    - ubi: Fix possible null-ptr-deref in ubi_free_volume()
    - ubifs: Re-statistic cleaned znode count if commit failed
    - ubifs: ubifs_writepage: Mark page dirty after writing inode failed
    - ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling
      fastmap
    - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
    - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
    - f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
    - ext4: use ext4_fc_tl_mem in fast-commit replay path
    - netfilter: nf_tables: allow to fetch set elements when table has an owner
    - x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
    - um: virtio_uml: free command if adding to virtqueue failed
    - um: virtio_uml: mark device as unregistered when breaking it
    - um: virtio_uml: move device breaking into workqueue
    - um: virt-pci: properly remove PCI device from bus
    - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in
      error path
    - watchdog: Fix kmemleak in watchdog_cdev_register
    - watchdog: pcwd_usb: Fix attempting to access uninitialized memory
    - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
    - netfilter: ctnetlink: fix possible refcount leak in
      ctnetlink_create_conntrack()
    - netfilter: ebtables: fix table blob use-after-free
    - netfilter: x_tables: fix percpu counter block leak on error path when
      creating new netns
    - ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
    - sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
    - octeontx2-pf: Use correct struct reference in test condition
    - net: fix __dev_kfree_skb_any() vs drop monitor
    - 9p/xen: fix version parsing
    - 9p/xen: fix connection sequence
    - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
    - net/mlx5e: Verify flow_source cap before using it
    - net/mlx5: Geneve, Fix handling of Geneve object id as error code
    - nfc: fix memory leak of se_io context in nfc_genl_se_io
    - net/sched: transition act_pedit to rcu and percpu stats
    - net/sched: act_pedit: fix action bind logic
    - net/sched: act_mpls: fix action bind logic
    - net/sched: act_sample: fix action bind logic
    - ARM: dts: spear320-hmi: correct STMPE GPIO compatible
    - tcp: tcp_check_req() can be called from process context
    - vc_screen: modify vcs_size() handling in vcs_read()
    - rtc: sun6i: Always export the internal oscillator
    - genirq: Refactor accessors to use irq_data_get_affinity_mask
    - genirq: Add and use an irq_data_update_affinity helper
    - scsi: ipr: Work around fortify-string warning
    - rtc: allow rtc_read_alarm without read_alarm callback
    - loop: loop_set_status_from_info() check before assignment
    - ASoC: adau7118: don't disable regulators on device unbind
    - ASoC: zl38060: Remove spurious gpiolib select
    - ASoC: zl38060 add gpiolib dependency
    - ASoC: mediatek: mt8195: add missing initialization
    - thermal: intel: quark_dts: fix error pointer dereference
    - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
    - tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
    - kernel/printk/index.c: fix memory leak with using debugfs_lookup()
    - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
    - bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC
      support
    - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
    - IB/hfi1: Update RMT size calculation
    - iommu/amd: Fix error handling for pdev_pri_ats_enable()
    - media: uvcvideo: Remove format descriptions
    - media: uvcvideo: Handle cameras with invalid descriptors
    - media: uvcvideo: Handle errors from calls to usb_string
    - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
    - media: uvcvideo: Silence memcpy() run-time false positive warnings
    - USB: fix memory leak with using debugfs_lookup()
    - staging: emxx_udc: Add checks for dma_alloc_coherent()
    - tty: fix out-of-bounds access in tty_driver_lookup_tty()
    - tty: serial: fsl_lpuart: disable the CTS when send break signal
    - serial: sc16is7xx: setup GPIO controller later in probe
    - mei: bus-fixup:upon error print return values of send and receive
    - tools/iio/iio_utils:fix memory leak
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_status_word()
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_config_word()
    - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe()
    - PCI: loongson: Prevent LS7A MRRS increases
    - USB: dwc3: fix memory leak with using debugfs_lookup()
    - USB: chipidea: fix memory leak with using debugfs_lookup()
    - USB: uhci: fix memory leak with using debugfs_lookup()
    - USB: sl811: fix memory leak with using debugfs_lookup()
    - USB: fotg210: fix memory leak with using debugfs_lookup()
    - USB: isp116x: fix memory leak with using debugfs_lookup()
    - USB: isp1362: fix memory leak with using debugfs_lookup()
    - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()
    - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer
      math
    - USB: ene_usb6250: Allocate enough memory for full object
    - usb: uvc: Enumerate valid values for color matching
    - usb: gadget: uvc: Make bSourceID read/write
    - PCI: Align extra resources for hotplug bridges properly
    - PCI: Take other bus devices into account when distributing resources
    - tty: pcn_uart: fix memory leak with using debugfs_lookup()
    - misc: vmw_balloon: fix memory leak with using debugfs_lookup()
    - drivers: base: component: fix memory leak with using debugfs_lookup()
    - drivers: base: dd: fix memory leak with using debugfs_lookup()
    - kernel/fail_function: fix memory leak with using debugfs_lookup()
    - PCI: loongson: Add more devices that need MRRS quirk
    - PCI: Add ACS quirk for Wangxun NICs
    - phy: rockchip-typec: Fix unsigned comparison with less than zero
    - soundwire: cadence: Remove wasted space in response_buf
    - soundwire: cadence: Drain the RX FIFO after an IO timeout
    - net: tls: avoid hanging tasks on the tx_lock
    - x86/resctl: fix scheduler confusion with 'current'
    - drm/display/dp_mst: Fix down/up message handling after sink disconnect
    - drm/display/dp_mst: Fix down message handling after a packet reception error
    - Bluetooth: hci_sock: purge socket queues in the destruct() callback
    - media: uvcvideo: Fix race condition with usb_kill_urb
    - drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
    - Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
    - scsi: mpt3sas: Don't change DMA mask while reallocating pools
    - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
    - scsi: mpt3sas: Remove usage of dma_get_required_mask() API
    - malidp: Fix NULL vs IS_ERR() checking
    - usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
    - Linux 5.15.100

* Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts

-- Stefan Bader <stefan.bader@canonical.com>  Mon, 10 Jul 2023 15:33:56 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package