Ubuntu
linux-oem-6.1 package

Jammy update: v6.1.34 upstream stable release

Bug #2024166 reported by Timo Aaltonen on 2023-06-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-oem-6.1 (Ubuntu)	Invalid	Undecided	Unassigned
	Jammy	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v6.1.34 upstream stable release
from git://git.kernel.org/

Linux 6.1.34
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
ext4: only check dquot_initialize_needed() when debugging
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
ksmbd: fix out-of-bound read in parse_lease_state()
ksmbd: fix out-of-bound read in deassemble_neg_contexts()
vhost_vdpa: support PACKED when setting-getting vring_base
vhost: support PACKED when setting-getting vring_base
vduse: avoid empty string for dev name
riscv: fix kprobe __user string arg print fault issue
soundwire: stream: Add missing clear of alloc_slave_rt
eeprom: at24: also select REGMAP
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
i2c: sprd: Delete i2c adapter in .remove's error path
gpio: sim: fix memory corruption when adding named lines and unnamed hogs
firmware: arm_ffa: Set handle field to zero in memory descriptor
i2c: mv64xxx: Fix reading invalid status value in atomic mode
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
blk-mq: fix blk_mq_hw_ctx active request accounting
ASoC: simple-card-utils: fix PCM constraint error check
ASoC: mediatek: mt8195: fix use-after-free in driver remove path
ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback returning void
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
ASoC: codecs: wsa881x: do not set can_multi_write flag
ASoC: codecs: wsa883x: do not set can_multi_write flag
ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
ARM: at91: pm: fix imbalanced reference counter for ethernet devices
arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
mm: page_table_check: Ensure user pages are not slab pages
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
usb: usbfs: Use consistent mmap functions
usb: usbfs: Enforce page requirements for mmap
pinctrl: meson-axg: add missing GPIOA_18 gpio group
soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
virtio_net: use control_buf for coalesce params
rbd: get snapshot context after exclusive lock is ensured to be held
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
Bluetooth: hci_qca: fix debugfs registration
Bluetooth: fix debugfs registration
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
s390/dasd: Use correct lock while counting channel queue length
ceph: fix use-after-free bug for inodes when flushing capsnaps
selftests: mptcp: update userspace pm subflow tests
selftests: mptcp: update userspace pm addr tests
mptcp: update userspace pm infos
mptcp: add address into userspace pm list
mptcp: only send RM_ADDR in nl_cmd_remove
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
drm/amd/display: Reduce sdp bw after urgent to 90%
drm/amd/pm: Fix power context allocation in SMU13
drm/amdgpu: change reserved vram info print
drm/amdgpu: fix xclk freq on CHIP_STONEY
drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs
drm/i915/gt: Use the correct error value when kernel_context() fails
ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
ALSA: hda/realtek: Add Lenovo P3 Tower platform
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
ALSA: ice1712,ice1724: fix the kcontrol->id initialization
ALSA: hda/realtek: Add quirk for Clevo NS50AU
ALSA: cmipci: Fix kctl->id initialization
ALSA: gus: Fix kctl->id initialization
ALSA: ymfpci: Fix kctl->id initialization
ALSA: hda: Fix kctl->id initialization
Input: fix open count when closing inhibited device
Input: psmouse - fix OOB access in Elantech protocol
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
batman-adv: Broken sync while rescheduling delayed work
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
bnxt_en: Skip firmware fatal error recovery if chip is not accessible
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Don't issue AP reset during ethtool's reset operation
net: bcmgenet: Fix EEE implementation
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
bpf: Add extra path pointer check to d_path helper
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net: sched: act_police: fix sparse errors in tcf_police_dump()
net: sched: move rtm_tca_policy declaration to include file
drm/i915/selftests: Add some missing error propagation
drm/i915/selftests: Stop using kthread_stop()
net: sched: add rcu annotations around qdisc->qdisc_sleeping
rfs: annotate lockless accesses to RFS sock flow table
rfs: annotate lockless accesses to sk->sk_rxhash
tcp: gso: really support BIG TCP
ipv6: rpl: Fix Route of Death.
netfilter: nf_tables: out-of-bound check in chain blob
netfilter: ipset: Add schedule point in call_ad().
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
netfilter: nft_bitwise: fix register tracking
selftests/bpf: Fix sockopt_sk selftest
selftests/bpf: Verify optval=NULL case
wifi: cfg80211: fix locking in sched scan stop work
qed/qede: Fix scheduling while atomic
wifi: mac80211: don't translate beacon/presp addrs
wifi: mac80211: mlme: fix non-inheritence element
wifi: cfg80211: reject bad AP MLD address
wifi: mac80211: use correct iftype HE cap
Bluetooth: L2CAP: Add missing checks for invalid DCID
Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
Bluetooth: Fix l2cap_disconnect_req deadlock
Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
drm/i915: Use 18 fast wake AUX sync len
drm/i915: Explain the magic numbers for AUX SYNC/precharge length
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
net: enetc: correct rx_bytes statistics of XDP
net: enetc: correct the statistics of rx bytes
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
bpf: Fix elem_size not being set for inner maps
bpf: Fix UAF in task local storage
net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
neighbour: fix unaligned access to pneigh_entry
bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready()
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
afs: Fix setting of mtime when creating a file/dir/symlink
spi: qup: Request DMA before enabling clocks
platform/surface: aggregator_tabletsw: Add support for book mode in KIP subsystem
platform/surface: aggregator: Allow completion work-items to be executed in parallel
spi: mt65xx: make sure operations completed before unloading
net: sfp: fix state loss when updating state_hw_mask
scsi: megaraid_sas: Add flexible array member for SGLs

Tags:

CVE References

2023-31084

Timo Aaltonen (tjaalton) on 2023-06-16

Changed in linux-oem-6.1 (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Timo Aaltonen (tjaalton) on 2023-06-16

Changed in linux-oem-6.1 (Ubuntu):
status:	Confirmed → Invalid
Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	New → In Progress

Timo Aaltonen (tjaalton) on 2023-06-20

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-07-13:

Download full text (55.2 KiB)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1016.16

---------------
linux-oem-6.1 (6.1.0-1016.16) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1016.16 -proposed tracker (LP: #2024462)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1016.16

---------------
linux-oem-6.1 (6.1.0-1016.16) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1016.16 -proposed tracker (LP: #2024462)

* Jammy update: v6.1.34 upstream stable release (LP: #2024166)
    - scsi: megaraid_sas: Add flexible array member for SGLs
    - net: sfp: fix state loss when updating state_hw_mask
    - spi: mt65xx: make sure operations completed before unloading
    - platform/surface: aggregator: Allow completion work-items to be executed in
      parallel
    - platform/surface: aggregator_tabletsw: Add support for book mode in KIP
      subsystem
    - spi: qup: Request DMA before enabling clocks
    - afs: Fix setting of mtime when creating a file/dir/symlink
    - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
    - bpf, sockmap: Avoid potential NULL dereference in
      sk_psock_verdict_data_ready()
    - neighbour: fix unaligned access to pneigh_entry
    - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
    - net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
    - bpf: Fix UAF in task local storage
    - bpf: Fix elem_size not being set for inner maps
    - net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
    - net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
    - net: enetc: correct the statistics of rx bytes
    - net: enetc: correct rx_bytes statistics of XDP
    - net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
    - Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
    - Bluetooth: Fix l2cap_disconnect_req deadlock
    - Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
    - Bluetooth: L2CAP: Add missing checks for invalid DCID
    - wifi: mac80211: use correct iftype HE cap
    - wifi: cfg80211: reject bad AP MLD address
    - wifi: mac80211: mlme: fix non-inheritence element
    - wifi: mac80211: don't translate beacon/presp addrs
    - qed/qede: Fix scheduling while atomic
    - wifi: cfg80211: fix locking in sched scan stop work
    - selftests/bpf: Verify optval=NULL case
    - selftests/bpf: Fix sockopt_sk selftest
    - netfilter: nft_bitwise: fix register tracking
    - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
    - netfilter: ipset: Add schedule point in call_ad().
    - netfilter: nf_tables: out-of-bound check in chain blob
    - ipv6: rpl: Fix Route of Death.
    - tcp: gso: really support BIG TCP
    - rfs: annotate lockless accesses to sk->sk_rxhash
    - rfs: annotate lockless accesses to RFS sock flow table
    - net: sched: add rcu annotations around qdisc->qdisc_sleeping
    - drm/i915/selftests: Stop using kthread_stop()
    - drm/i915/selftests: Add some missing error propagation
    - net: sched: move rtm_tca_policy declaration to include file
    - net: sched: act_police: fix sparse errors in tcf_police_dump()
    - net: sched: fix possible refcount leak in tc_chain_tmplt_add()
    - bpf: Add extra path pointer check to d_path helper
    - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
    - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
    - net: bcmgenet: Fix EEE implementation
    - bnxt_en: Don't issue AP reset during ethtool's reset operation
    - bnxt_en: Query default VLAN before VNIC setup on a VF
    - bnxt_en: Skip firmware fatal error recovery if chip is not accessible
    - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
    - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
    - batman-adv: Broken sync while rescheduling delayed work
    - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
    - Input: psmouse - fix OOB access in Elantech protocol
    - Input: fix open count when closing inhibited device
    - ALSA: hda: Fix kctl->id initialization
    - ALSA: ymfpci: Fix kctl->id initialization
    - ALSA: gus: Fix kctl->id initialization
    - ALSA: cmipci: Fix kctl->id initialization
    - ALSA: hda/realtek: Add quirk for Clevo NS50AU
    - ALSA: ice1712,ice1724: fix the kcontrol->id initialization
    - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
    - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
    - drm/i915/gt: Use the correct error value when kernel_context() fails
    - drm/amd/pm: conditionally disable pcie lane switching for some
      sienna_cichlid SKUs
    - drm/amdgpu: fix xclk freq on CHIP_STONEY
    - drm/amdgpu: change reserved vram info print
    - drm/amd/pm: Fix power context allocation in SMU13
    - drm/amd/display: Reduce sdp bw after urgent to 90%
    - wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
    - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
      J1939 Socket
    - can: j1939: change j1939_netdev_lock type to mutex
    - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
    - mptcp: only send RM_ADDR in nl_cmd_remove
    - mptcp: add address into userspace pm list
    - mptcp: update userspace pm infos
    - selftests: mptcp: update userspace pm addr tests
    - selftests: mptcp: update userspace pm subflow tests
    - ceph: fix use-after-free bug for inodes when flushing capsnaps
    - s390/dasd: Use correct lock while counting channel queue length
    - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
    - Bluetooth: fix debugfs registration
    - Bluetooth: hci_qca: fix debugfs registration
    - tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
    - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
    - rbd: get snapshot context after exclusive lock is ensured to be held
    - virtio_net: use control_buf for coalesce params
    - soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
    - pinctrl: meson-axg: add missing GPIOA_18 gpio group
    - usb: usbfs: Enforce page requirements for mmap
    - usb: usbfs: Use consistent mmap functions
    - mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
    - mm: page_table_check: Ensure user pages are not slab pages
    - arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
    - ARM: at91: pm: fix imbalanced reference counter for ethernet devices
    - ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
    - ASoC: codecs: wsa883x: do not set can_multi_write flag
    - ASoC: codecs: wsa881x: do not set can_multi_write flag
    - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
      boards
    - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
    - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
    - ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
      returning void
    - ASoC: mediatek: mt8195: fix use-after-free in driver remove path
    - ASoC: simple-card-utils: fix PCM constraint error check
    - blk-mq: fix blk_mq_hw_ctx active request accounting
    - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
    - i2c: mv64xxx: Fix reading invalid status value in atomic mode
    - firmware: arm_ffa: Set handle field to zero in memory descriptor
    - gpio: sim: fix memory corruption when adding named lines and unnamed hogs
    - i2c: sprd: Delete i2c adapter in .remove's error path
    - riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
    - eeprom: at24: also select REGMAP
    - soundwire: stream: Add missing clear of alloc_slave_rt
    - riscv: fix kprobe __user string arg print fault issue
    - vduse: avoid empty string for dev name
    - vhost: support PACKED when setting-getting vring_base
    - vhost_vdpa: support PACKED when setting-getting vring_base
    - ksmbd: fix out-of-bound read in deassemble_neg_contexts()
    - ksmbd: fix out-of-bound read in parse_lease_state()
    - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
    - Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-
      enabled"
    - ext4: only check dquot_initialize_needed() when debugging
    - wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
    - wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
    - Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
    - Linux 6.1.34
    - upstream stable to v6.1.34

* Jammy update: v6.1.33 upstream stable release (LP: #2024165)
    - RDMA/bnxt_re: Fix the page_size used during the MR creation
    - phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value
    - RDMA/efa: Fix unsupported page sizes in device
    - RDMA/hns: Fix timeout attr in query qp for HIP08
    - RDMA/hns: Fix base address table allocation
    - RDMA/hns: Modify the value of long message loopback slice
    - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
    - RDMA/bnxt_re: Fix a possible memory leak
    - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
    - iommu/rockchip: Fix unwind goto issue
    - iommu/amd: Don't block updates to GATag if guest mode is on
    - iommu/amd: Handle GALog overflows
    - iommu/amd: Fix up merge conflict resolution
    - nfsd: make a copy of struct iattr before calling notify_change
    - dmaengine: pl330: rename _start to prevent build error
    - riscv: Fix unused variable warning when BUILTIN_DTB is set
    - net/mlx5: Drain health before unregistering devlink
    - net/mlx5: SF, Drain health before removing device
    - net/mlx5: fw_tracer, Fix event handling
    - net/mlx5e: Don't attach netdev profile while handling internal error
    - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
    - netrom: fix info-leak in nr_write_internal()
    - af_packet: Fix data-races of pkt_sk(sk)->num.
    - tls: improve lockless access safety of tls_err_abort()
    - amd-xgbe: fix the false linkup in xgbe_phy_status
    - perf ftrace latency: Remove unnecessary "--" from --use-nsec option
    - mtd: rawnand: ingenic: fix empty stub helper definitions
    - RDMA/irdma: Prevent QP use after free
    - RDMA/irdma: Fix Local Invalidate fencing
    - af_packet: do not use READ_ONCE() in packet_bind()
    - tcp: deny tcp_disconnect() when threads are waiting
    - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
    - net/smc: Scan from current RMB list when no position specified
    - net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
    - net/sched: sch_ingress: Only create under TC_H_INGRESS
    - net/sched: sch_clsact: Only create under TC_H_CLSACT
    - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
    - net/sched: Prohibit regrafting ingress or clsact Qdiscs
    - net: sched: fix NULL pointer dereference in mq_attach
    - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
    - udp6: Fix race condition in udp6_sendmsg & connect
    - nfsd: fix double fget() bug in __write_ports_addfd()
    - nvme: fix the name of Zone Append for verbose logging
    - net/mlx5e: Fix error handling in mlx5e_refresh_tirs
    - net/mlx5: Read embedded cpu after init bit cleared
    - iommu/mediatek: Flush IOTLB completely only if domain has been attached
    - tcp: fix mishandling when the sack compression is deferred.
    - net: dsa: mv88e6xxx: Increase wait after reset deactivation
    - mtd: rawnand: marvell: ensure timing values are written
    - mtd: rawnand: marvell: don't set the NAND frequency select
    - rtnetlink: call validate_linkmsg in rtnl_create_link
    - mptcp: avoid unneeded __mptcp_nmpc_socket() usage
    - mptcp: add annotations around msk->subflow accesses
    - mptcp: avoid unneeded address copy
    - mptcp: simplify subflow_syn_recv_sock()
    - mptcp: consolidate passive msk socket initialization
    - mptcp: fix data race around msk->first access
    - mptcp: add annotations around sk->sk_shutdown accesses
    - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
    - watchdog: menz069_wdt: fix watchdog initialisation
    - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
    - ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
    - drm/amdgpu: Use the default reset when loading or reloading the driver
    - mailbox: mailbox-test: Fix potential double-free in
      mbox_test_message_write()
    - drm/ast: Fix ARM compatibility
    - btrfs: abort transaction when sibling keys check fails for leaves
    - ARM: 9295/1: unwind:fix unwind abort for uleb128 case
    - hwmon: (k10temp) Add PCI ID for family 19, model 78h
    - media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
    - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
    - platform/mellanox: fix potential race in mlxbf-tmfifo driver
    - gfs2: Don't deref jdesc in evict
    - drm/amdgpu: set gfx9 onwards APU atomics support to be true
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - fbdev: modedb: Add 1920x1080 at 60 Hz video mode
    - fbdev: stifb: Fix info entry in sti_struct on error path
    - nbd: Fix debugfs_create_dir error checking
    - block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
    - nvme-pci: add quirk for missing secondary temperature thresholds
    - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
    - ASoC: dwc: limit the number of overrun messages
    - um: harddog: fix modular build
    - xfrm: Check if_id in inbound policy/secpath match
    - ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
    - ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
    - ASoC: ssm2602: Add workaround for playback distortions
    - media: dvb_demux: fix a bug for the continuity counter
    - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
    - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
    - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
    - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
    - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
    - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
    - media: netup_unidvb: fix irq init by register it at the end of probe
    - media: dvb_ca_en50221: fix a size write bug
    - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
    - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
    - media: dvb-core: Fix use-after-free due on race condition at dvb_net
    - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
    - ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
    - ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
    - ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
    - ASoC: SOF: pm: save io region state in case of errors in resume
    - s390/pkey: zeroize key blobs
    - s390/topology: honour nr_cpu_ids when adding CPUs
    - ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
    - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
    - ARM: dts: stm32: add pin map for CAN controller on stm32f7
    - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
    - arm64: vdso: Pass (void *) to virt_to_page()
    - wifi: mac80211: simplify chanctx allocation
    - wifi: mac80211: consider reserved chanctx for mindef
    - wifi: mac80211: recalc chanctx mindef before assigning
    - wifi: iwlwifi: mvm: Add locking to the rate read flow
    - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
    - wifi: b43: fix incorrect __packed annotation
    - netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
      CONFIG_NF_NAT
    - nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
    - nvme: do not let the user delete a ctrl before a complete initialization
    - ALSA: oss: avoid missing-prototype warnings
    - drm/msm: Be more shouty if per-process pgtables aren't working
    - atm: hide unused procfs functions
    - ceph: silence smatch warning in reconnect_caps_cb()
    - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
    - ublk: fix AB-BA lockdep warning
    - nvme-pci: Add quirk for Teamgroup MP33 SSD
    - block: Deny writable memory mapping if block is read-only
    - KVM: arm64: vgic: Fix a circular locking issue
    - KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
    - KVM: arm64: vgic: Fix locking comment
    - media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
    - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
    - drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
    - media: uvcvideo: Don't expose unsupported formats to userspace
    - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
      method
    - iio: adc: mxs-lradc: fix the order of two cleanup operations
    - HID: google: add jewel USB id
    - HID: wacom: avoid integer overflow in wacom_intuos_inout()
    - iio: imu: inv_icm42600: fix timestamp reset
    - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
    - iio: light: vcnl4035: fixed chip ID check
    - iio: adc: stm32-adc: skip adc-channels setup if none is present
    - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
    - iio: dac: mcp4725: Fix i2c_master_send() return value handling
    - iio: addac: ad74413: fix resistance input processing
    - iio: adc: ad7192: Change "shorted" channels to differential
    - iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
    - iio: dac: build ad5758 driver when AD5758 is selected
    - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
    - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
    - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
    - usb: gadget: f_fs: Add unbind event before functionfs_unbind
    - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
    - misc: fastrpc: return -EPIPE to invocations on device removal
    - misc: fastrpc: reject new invocations during device removal
    - scsi: stex: Fix gcc 13 warnings
    - ata: libata-scsi: Use correct device no in ata_find_dev()
    - drm/amdgpu: enable tmz by default for GC 11.0.1
    - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
    - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
    - drm/amd/pm: resolve reboot exception for si oland
    - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
    - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
    - drm/amd/pm: reverse mclk and fclk clocks levels for renoir
    - x86/mtrr: Revert 90b926e68f50 ("x86/pat: Fix pat_x_mtrr_type() for MTRR
      disabled case")
    - mmc: vub300: fix invalid response handling
    - mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
    - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
      UARTCTRL_SBK
    - btrfs: fix csum_tree_block page iteration to avoid tripping on
      -Werror=array-bounds
    - phy: qcom-qmp-combo: fix init-count imbalance
    - phy: qcom-qmp-pcie-msm8996: fix init-count imbalance
    - block: fix revalidate performance regression
    - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
    - iommu/amd: Fix domain flush size when syncing iotlb
    - tpm, tpm_tis: correct tpm_tis_flags enumeration values
    - riscv: perf: Fix callchain parse error with kernel tracepoint events
    - io_uring: undeprecate epoll_ctl support
    - selinux: don't use make's grouped targets feature yet
    - mtdchar: mark bits of ioctl handler noinline
    - tracing/timerlat: Always wakeup the timerlat thread
    - tracing/histograms: Allow variables to have some modifiers
    - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
    - selftests: mptcp: connect: skip if MPTCP is not supported
    - selftests: mptcp: pm nl: skip if MPTCP is not supported
    - selftests: mptcp: join: skip if MPTCP is not supported
    - selftests: mptcp: sockopt: skip if MPTCP is not supported
    - selftests: mptcp: userspace pm: skip if MPTCP is not supported
    - mptcp: fix connect timeout handling
    - mptcp: fix active subflow finalization
    - ext4: add EA_INODE checking to ext4_iget()
    - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
    - ext4: disallow ea_inodes with extended attributes
    - ext4: add lockdep annotations for i_data_sem for ea_inode's
    - fbcon: Fix null-ptr-deref in soft_cursor
    - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
    - serial: cpm_uart: Fix a COMPILE_TEST dependency
    - powerpc/xmon: Use KSYM_NAME_LEN in array size
    - test_firmware: fix a memory leak with reqs buffer
    - test_firmware: fix the memory leak of the allocated firmware buffer
    - KVM: arm64: Populate fault info for watchpoint
    - KVM: x86: Account fastpath-only VM-Exits in vCPU stats
    - ksmbd: fix credit count leakage
    - ksmbd: fix UAF issue from opinfo->conn
    - ksmbd: fix incorrect AllocationSize set in smb2_get_info
    - ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
    - ksmbd: fix multiple out-of-bounds read during context decoding
    - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
    - fs/ntfs3: Validate MFT flags before replaying logs
    - regmap: Account for register length when chunking
    - tpm, tpm_tis: Request threaded interrupt handler
    - iommu/amd/pgtbl_v2: Fix domain max address
    - drm/amd/display: Have Payload Properly Created After Resume
    - xfs: verify buffer contents when we skip log replay
    - tls: rx: strp: don't use GFP_KERNEL in softirq context
    - arm64: efi: Use SMBIOS processor version to key off Ampere quirk
    - selftests: mptcp: diag: skip if MPTCP is not supported
    - selftests: mptcp: simult flows: skip if MPTCP is not supported
    - selftests: mptcp: join: avoid using 'cmp --bytes'
    - ext4: enable the lazy init thread when remounting read/write
    - Linux 6.1.33
    - upstream stable to v6.1.33

* Jammy update: v6.1.33 upstream stable release (LP: #2024165) //
    CVE-2023-31084 was assigned to this bug.
    - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

* Jammy update: v6.1.32 upstream stable release (LP: #2023264)
    - inet: Add IP_LOCAL_PORT_RANGE socket option
    - ipv{4,6}/raw: fix output xfrm lookup wrt protocol
    - firmware: arm_ffa: Fix usage of partition info get count flag
    - selftests/bpf: Fix pkg-config call building sign-file
    - platform/x86/amd/pmf: Fix CnQF and auto-mode after resume
    - tls: rx: device: fix checking decryption status
    - tls: rx: strp: set the skb->len of detached / CoW'ed skbs
    - tls: rx: strp: fix determining record length in copy mode
    - tls: rx: strp: force mixed decrypted records into copy mode
    - tls: rx: strp: factor out copying skb data
    - tls: rx: strp: preserve decryption status of skbs when needed
    - net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register
    - gpio-f7188x: fix chip name and pin count on Nuvoton chip
    - bpf, sockmap: Pass skb ownership through read_skb
    - bpf, sockmap: Convert schedule_work into delayed_work
    - bpf, sockmap: Reschedule is now done through backlog
    - bpf, sockmap: Improved check for empty queue
    - bpf, sockmap: Handle fin correctly
    - bpf, sockmap: TCP data stall on recv before accept
    - bpf, sockmap: Wake up polling after data copy
    - bpf, sockmap: Incorrectly handling copied_seq
    - blk-mq: fix race condition in active queue accounting
    - vfio/type1: check pfn valid before converting to struct page
    - net: page_pool: use in_softirq() instead
    - page_pool: fix inconsistency for page_pool_ring_[un]lock()
    - net: phy: mscc: enable VSC8501/2 RGMII RX clock
    - wifi: rtw89: correct 5 MHz mask setting
    - wifi: iwlwifi: mvm: support wowlan info notification version 2
    - wifi: iwlwifi: mvm: fix potential memory leak
    - RDMA/rxe: Fix the error "trying to register non-static key in
      rxe_cleanup_task"
    - octeontx2-af: Add validation for lmac type
    - drm/amd: Don't allow s0ix on APUs older than Raven
    - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
    - Revert "thermal/drivers/mellanox: Use generic thermal_zone_get_trip()
      function"
    - block: fix bio-cache for passthru IO
    - cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf()
    - cpufreq: amd-pstate: Add ->fast_switch() callback
    - netfilter: ctnetlink: Support offloaded conntrack entry deletion
    - tools headers UAPI: Sync the linux/in.h with the kernel sources
    - Linux 6.1.32
    - upstream stable to v6.1.32

* dGPU cannot resume because system firmware stuck in IPCS method
    (LP: #2021572)
    - drm/i915: Always initialize dpll.lock
    - drm/i915: Nuke intel_get_shared_dpll_id()
    - drm/i915: Fix TypeC mode initialization during system resume
    - drm/i915/display: Use intel_uncore alias if defined
    - drm/i915: make intel_uncore_rmw() write unconditionally
    - drm/i915: use proper helper for register updates
    - drm/i915: fix clear mask in GEN7_MISCCPCTL update
    - drm/i915/tc: switch to intel_de_* register accessors in display code
    - drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
    - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
    - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
    - drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
    - drm/i915/tc: Factor out helpers converting HPD mask to TC mode
    - drm/i915/tc: Fix target TC mode for a disconnected legacy port
    - drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
    - drm/i915/tc: Fix initial TC mode on disabled legacy ports
    - drm/i915/tc: Make the TC mode readout consistent in all PHY states
    - drm/i915: Add encoder hook to get the PLL type used by TC ports
    - drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
    - drm/i915/tc: Factor out a function querying active links on a TC port
    - drm/i915/tc: Check the PLL type used by an enabled TC port
    - drm/i915/tc: Group the TC PHY setup/query functions per platform
    - drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
    - drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
    - drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
    - drm/i915/tc: Move TC port fields to a new intel_tc_port struct
    - drm/i915/tc: Check for TC PHY explicitly in
      intel_tc_port_fia_max_lane_count()
    - drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
    - drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
    - drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
    - drm/i915/tc: Add TC PHY hook to read out the PHY HW state
    - drm/i915/tc: Add generic TC PHY connect/disconnect handlers
    - drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
    - drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
    - drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
    - drm/i915/tc: Check TC mode instead of the VBT legacy flag
    - drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
    - drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
    - drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
    - drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
    - drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
    - drm/i915/tc: Add TC PHY hook to init the PHY
    - drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
    - drm/i915/tc: Get power ref for reading the HPD live status register
    - drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
    - drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
    - drm/i915: Move shared DPLL disabling into CRTC disable hook
    - drm/i915: Disable DPLLs before disconnecting the TC PHY
    - drm/i915: Remove TC PHY disconnect workaround
    - drm/i915: Remove the encoder update_prepare()/complete() hooks
    - drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
    - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
    - drm/i915: Pimp DPLL ref/unref debugs
    - drm/i915: WARN if PLL ref/unref got messed up
    - drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
    - drm/i915: Make the CRTC state consistent during sanitize-disabling
    - drm/i915: Update connector atomic state before crtc sanitize-disabling
    - drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
    - drm/i915: Factor out set_encoder_for_connector()
    - drm/i915: Add support for disabling any CRTCs during HW readout/sanitization
    - drm/i915/dp: Prevent link training fallback on disconnected port
    - drm/i915/dp: Factor out intel_dp_get_active_pipes()
    - drm/i915: Factor out a helper for handling atomic modeset locks/state
    - drm/i915/tc: Call TypeC port flush_work/cleanup without modeset locks held
    - drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink
      disconnects

* Jammy update: v6.1.31 upstream stable release (LP: #2021945)
    - usb: dwc3: fix gadget mode suspend interrupt handler issue
    - tpm, tpm_tis: Avoid cache incoherency in test for interrupts
    - tpm, tpm_tis: Only handle supported interrupts
    - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume
    - tpm, tpm_tis: startup chip before testing for interrupts
    - tpm: Re-enable TPM chip boostrapping non-tpm_tis TPM drivers
    - tpm: Prevent hwrng from activating during resume
    - watchdog: sp5100_tco: Immediately trigger upon starting.
    - drm/amd/amdgpu: update mes11 api def
    - drm/amdgpu/mes11: enable reg active poll
    - skbuff: Proactively round up to kmalloc bucket size
    - platform/x86: hp-wmi: Fix cast to smaller integer type warning
    - net: dsa: mv88e6xxx: Add RGMII delay to 88E6320
    - drm/amd/display: hpd rx irq not working with eDP interface
    - ocfs2: Switch to security_inode_init_security()
    - arm64: Also reset KASAN tag if page is not PG_mte_tagged
    - platform/x86/intel/ifs: Annotate work queue on stack so object debug does
      not complain
    - ALSA: hda/ca0132: add quirk for EVGA X299 DARK
    - ALSA: hda: Fix unhandled register update during auto-suspend period
    - SUNRPC: Don't change task->tk_status after the call to rpc_exit_task
    - mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works
    - mmc: block: ensure error propagation for non-blk
    - power: supply: axp288_fuel_gauge: Fix external_power_changed race
    - power: supply: bq25890: Fix external_power_changed race
    - ASoC: rt5682: Disable jack detection interrupt during suspend
    - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
    - m68k: Move signal frame following exception on 68020/030
    - xtensa: fix signal delivery to FDPIC process
    - xtensa: add __bswap{si,di}2 helpers
    - parisc: Use num_present_cpus() in alternative patching code
    - parisc: Handle kgdb breakpoints only in kernel context
    - parisc: Fix flush_dcache_page() for usage from irq context
    - parisc: Allow to reboot machine after system halt
    - parisc: Enable LOCKDEP support
    - parisc: Handle kprobes breakpoints only in kernel context
    - gpio: mockup: Fix mode of debugfs files
    - btrfs: use nofs when cleaning up aborted transactions
    - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
    - drm/mgag200: Fix gamma lut not initialized.
    - drm/radeon: reintroduce radeon_dp_work_func content
    - drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7
    - drm/amd/pm: Fix output of pp_od_clk_voltage
    - Revert "binder_alloc: add missing mmap_lock calls when using the VMA"
    - Revert "android: binder: stop saving a pointer to the VMA"
    - binder: add lockless binder_alloc_(set|get)_vma()
    - binder: fix UAF caused by faulty buffer cleanup
    - binder: fix UAF of alloc->vma in race with munmap()
    - selftests/memfd: Fix unknown type name build failure
    - drm/amd/amdgpu: limit one queue per gang
    - perf/x86/uncore: Correct the number of CHAs on SPR
    - x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
    - irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
    - irqchip/mips-gic: Use raw spinlock for gic_lock
    - debugobjects: Don't wake up kswapd from fill_pool()
    - fbdev: udlfb: Fix endpoint check
    - net: fix stack overflow when LRO is disabled for virtual interfaces
    - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
    - USB: core: Add routines for endpoint checks in old drivers
    - USB: sisusbvga: Add endpoint checks
    - media: radio-shark: Add endpoint checks
    - ASoC: lpass: Fix for KASAN use_after_free out of bounds
    - net: fix skb leak in __skb_tstamp_tx()
    - drm: fix drmm_mutex_init()
    - selftests: fib_tests: mute cleanup error message
    - octeontx2-pf: Fix TSOv6 offload
    - bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
    - bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps
    - lan966x: Fix unloading/loading of the driver
    - ipv6: Fix out-of-bounds access in ipv6_find_tlv()
    - cifs: mapchars mount option ignored
    - power: supply: leds: Fix blink to LED on transition
    - power: supply: mt6360: add a check of devm_work_autocancel in
      mt6360_charger_probe
    - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
    - power: supply: bq27xxx: Fix I2C IRQ race on remove
    - power: supply: bq27xxx: Fix poll_interval handling and races on remove
    - power: supply: bq27xxx: Add cache parameter to
      bq27xxx_battery_current_and_status()
    - power: supply: bq27xxx: Move bq27xxx_battery_update() down
    - power: supply: bq27xxx: Ensure power_supply_changed() is called on current
      sign changes
    - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to
      stabilize
    - power: supply: bq25890: Call power_supply_changed() after updating input
      current or voltage
    - power: supply: bq24190: Call power_supply_changed() after updating input
      current
    - power: supply: sbs-charger: Fix INHIBITED bit for Status reg
    - optee: fix uninited async notif value
    - firmware: arm_ffa: Check if ffa_driver remove is present before executing
    - firmware: arm_ffa: Fix FFA device names for logical partitions
    - fs: fix undefined behavior in bit shift for SB_NOUSER
    - regulator: pca9450: Fix BUCK2 enable_mask
    - platform/x86: ISST: Remove 8 socket limit
    - coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
    - ARM: dts: imx6qdl-mba6: Add missing pvcie-supply regulator
    - x86/pci/xen: populate MSI sysfs entries
    - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
    - x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
    - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
    - ASoC: Intel: avs: Fix declaration of enum avs_channel_config
    - ASoC: Intel: avs: Access path components under lock
    - cxl: Wait Memory_Info_Valid before access memory related info
    - sctp: fix an issue that plpmtu can never go to complete state
    - forcedeth: Fix an error handling path in nv_probe()
    - platform/mellanox: mlxbf-pmc: fix sscanf() error checking
    - net/mlx5e: Fix SQ wake logic in ptp napi_poll context
    - net/mlx5e: Fix deadlock in tc route query code
    - net/mlx5e: Use correct encap attribute during invalidation
    - net/mlx5e: do as little as possible in napi poll when budget is 0
    - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
    - net/mlx5: Handle pairing of E-switch via uplink un/load APIs
    - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE
    - net/mlx5: Fix error message when failing to allocate device memory
    - net/mlx5: Collect command failures data only for known commands
    - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
    - net/mlx5: Devcom, serialize devcom registration
    - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
    - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors
    - regulator: mt6359: add read check for PMIC MT6359
    - net/smc: Reset connection when trying to use SMCRv2 fails.
    - 3c589_cs: Fix an error handling path in tc589_probe()
    - net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
    - Linux 6.1.31
    - upstream stable to v6.1.31

* Jammy update: v6.1.30 upstream stable release (LP: #2020702)
    - drm/fbdev-generic: prohibit potential out-of-bounds access
    - drm/mipi-dsi: Set the fwnode for mipi_dsi_device
    - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
    - net: skb_partial_csum_set() fix against transport header magic value
    - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
    - scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend
    - tick/broadcast: Make broadcast device replacement work correctly
    - linux/dim: Do nothing if no time delta between samples
    - net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
    - net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
    - net: phy: bcm7xx: Correct read from expansion register
    - netfilter: nf_tables: always release netdev hooks from notifier
    - netfilter: conntrack: fix possible bug_on with enable_hooks=1
    - bonding: fix send_peer_notif overflow
    - netlink: annotate accesses to nlk->cb_running
    - net: annotate sk->sk_err write from do_recvmmsg()
    - net: deal with most data-races in sk_wait_event()
    - net: add vlan_get_protocol_and_depth() helper
    - tcp: add annotations around sk->sk_shutdown accesses
    - gve: Remove the code of clearing PBA bit
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
    - net: mscc: ocelot: fix stat counter register values
    - net: datagram: fix data-races in datagram_poll()
    - af_unix: Fix a data race of sk->sk_receive_queue->qlen.
    - af_unix: Fix data races around sk->sk_shutdown.
    - drm/i915/guc: Don't capture Gen8 regs on Xe devices
    - drm/i915: Fix NULL ptr deref by checking new_crtc_state
    - drm/i915/dp: prevent potential div-by-zero
    - drm/i915: Expand force_probe to block probe of devices as well.
    - drm/i915: taint kernel when force probing unsupported devices
    - fbdev: arcfb: Fix error handling in arcfb_probe()
    - ext4: reflect error codes from ext4_multi_mount_protect() to its callers
    - ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
    - ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
    - ext4: allow ext4_get_group_info() to fail
    - refscale: Move shutdown from wait_event() to wait_event_idle()
    - selftests: cgroup: Add 'malloc' failures checks in test_memcontrol
    - rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
    - open: return EINVAL for O_DIRECTORY | O_CREAT
    - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
    - drm/displayid: add displayid_get_header() and check bounds better
    - drm/amd/display: populate subvp cmd info only for the top pipe
    - drm/amd/display: Correct DML calculation to align HW formula
    - platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750 data
    - drm/amd/display: Enable HostVM based on rIOMMU active
    - drm/amd/display: Use DC_LOG_DC in the trasform pixel function
    - regmap: cache: Return error in cache sync operations for REGCACHE_NONE
    - remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX
      DSP Cores
    - arm64: dts: qcom: msm8996: Add missing DWC3 quirks
    - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and
      buffer_finish()
    - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
    - media: pvrusb2: VIDEO_PVRUSB2 depends on DVB_CORE to use dvb_* symbols
    - ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()
    - drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
    - memstick: r592: Fix UAF bug in r592_remove due to race condition
    - arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from usb_dwc3_0
    - firmware: arm_sdei: Fix sleep from invalid context BUG
    - ACPI: EC: Fix oops when removing custom query handlers
    - drm/amd/display: fixed dcn30+ underflow issue
    - remoteproc: stm32_rproc: Add mutex protection for workqueue
    - drm/tegra: Avoid potential 32-bit integer overflow
    - drm/msm/dp: Clean up handling of DP AUX interrupts
    - ACPICA: Avoid undefined behavior: applying zero offset to null pointer
    - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
      acpi_db_display_objects
    - arm64: dts: qcom: sdm845-polaris: Drop inexistent properties
    - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4
    - ACPI: video: Remove desktops without backlight DMI quirks
    - drm/amd/display: Correct DML calculation to follow HW SPEC
    - drm/amd: Fix an out of bounds error in BIOS parser
    - drm/amdgpu: Fix sdma v4 sw fini error
    - media: Prefer designated initializers over memset for subdev pad ops
    - media: mediatek: vcodec: Fix potential array out-of-bounds in decoder
      queue_setup
    - wifi: ath: Silence memcpy run-time false positive warning
    - bpf: Annotate data races in bpf_local_storage
    - wifi: brcmfmac: pcie: Provide a buffer of random bytes to the device
    - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
    - ext2: Check block size validity during mount
    - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
    - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery
    - bnxt: avoid overflow in bnxt_get_nvram_directory()
    - net: pasemi: Fix return type of pasemi_mac_start_tx()
    - net: Catch invalid index in XPS mapping
    - netdev: Enforce index cap in netdev_get_tx_queue
    - scsi: target: iscsit: Free cmds before session free
    - lib: cpu_rmap: Avoid use after free on rmap->obj array entries
    - scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race
      condition
    - gfs2: Fix inode height consistency check
    - scsi: ufs: ufs-pci: Add support for Intel Lunar Lake
    - ext4: set goal start correctly in ext4_mb_normalize_request
    - ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
    - crypto: jitter - permanent and intermittent health errors
    - f2fs: Fix system crash due to lack of free space in LFS
    - f2fs: fix to drop all dirty pages during umount() if cp_error is set
    - f2fs: fix to check readonly condition correctly
    - samples/bpf: Fix fout leak in hbm's run_bpf_prog
    - bpf: Add preempt_count_{sub,add} into btf id deny list
    - md: fix soft lockup in status_resync
    - wifi: iwlwifi: pcie: fix possible NULL pointer dereference
    - wifi: iwlwifi: add a new PCI device ID for BZ device
    - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
    - wifi: iwlwifi: mvm: fix ptk_pn memory leak
    - block, bfq: Fix division by zero error on zero wsum
    - wifi: ath11k: Ignore frags from uninitialized peer in dp.
    - wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO
    - null_blk: Always check queue mode setting from configfs
    - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
    - wifi: ath11k: Fix SKB corruption in REO destination ring
    - nbd: fix incomplete validation of ioctl arg
    - ipvs: Update width of source for ip_vs_sync_conn_options
    - Bluetooth: btusb: Add new PID/VID 04ca:3801 for MT7663
    - Bluetooth: Add new quirk for broken local ext features page 2
    - Bluetooth: btrtl: add support for the RTL8723CS
    - Bluetooth: Improve support for Actions Semi ATS2851 based devices
    - Bluetooth: btrtl: check for NULL in btrtl_set_quirks()
    - Bluetooth: btintel: Add LE States quirk support
    - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
    - Bluetooth: Add new quirk for broken set random RPA timeout for ATS2851
    - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
    - Bluetooth: btrtl: Add the support for RTL8851B
    - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
    - HID: apple: Set the tilde quirk flag on the Geyser 4 and later
    - staging: axis-fifo: initialize timeouts in init only
    - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42)
    - HID: logitech-hidpp: Don't use the USB serial for USB devices
    - HID: logitech-hidpp: Reconcile USB and Unifying serials
    - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
    - usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
    - ALSA: hda: LNL: add HD Audio PCI ID
    - ASoC: amd: Add Dell G15 5525 to quirks list
    - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
    - HID: apple: Set the tilde quirk flag on the Geyser 3
    - HID: Ignore battery for ELAN touchscreen on ROG Flow X13 GV301RA
    - HID: wacom: generic: Set battery quirk only when we see battery data
    - usb: typec: tcpm: fix multiple times discover svids error
    - serial: 8250: Reinit port->pm on port specific driver unbind
    - mcb-pci: Reallocate memory region to avoid memory overlapping
    - sched: Fix KCSAN noinstr violation
    - lkdtm/stackleak: Fix noinstr violation
    - recordmcount: Fix memory leaks in the uwrite function
    - soundwire: dmi-quirks: add remapping for Intel 'Rooks County' NUC M15
    - phy: st: miphy28lp: use _poll_timeout functions for waits
    - soundwire: qcom: gracefully handle too many ports in DT
    - soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count
      underflow
    - mfd: intel_soc_pmic_chtwc: Add Lenovo Yoga Book X90F to intel_cht_wc_models
    - mfd: dln2: Fix memory leak in dln2_probe()
    - mfd: intel-lpss: Add Intel Meteor Lake PCH-S LPSS PCI IDs
    - parisc: Replace regular spinlock with spin_trylock on panic path
    - platform/x86: Move existing HP drivers to a new hp subdir
    - platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct
    - drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs
    - xfrm: don't check the default policy if the policy allows the packet
    - Revert "Fix XFRM-I support for nested ESP tunnels"
    - drm/msm/dp: unregister audio driver during unbind
    - drm/msm/dpu: Assign missing writeback log_mask
    - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header
    - drm/msm/dpu: Remove duplicate register defines from INTF
    - dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and
      qcom, sync-dual-dsi
    - platform: Provide a remove callback that returns no value
    - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
    - cpupower: Make TSC read per CPU for Mperf monitor
    - xfrm: Reject optional tunnel/BEET mode templates in outbound policies
    - af_key: Reject optional tunnel/BEET mode templates in outbound policies
    - drm/msm: Fix submit error-path leaks
    - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test
    - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test
    - net: fec: Better handle pm_runtime_get() failing in .remove()
    - net: phy: dp83867: add w/a for packet errors seen with short cables
    - ALSA: firewire-digi00x: prevent potential use after free
    - wifi: mt76: connac: fix stats->tx_bytes calculation
    - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
    - sfc: disable RXFCS and RXALL features by default
    - vsock: avoid to close connected socket after the timeout
    - tcp: fix possible sk_priority leak in tcp_v4_send_reset()
    - serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
    - serial: 8250_bcm7271: balance clk_enable calls
    - serial: 8250_bcm7271: fix leak in `brcmuart_probe`
    - erspan: get the proto with the md version for collect_md
    - net: dsa: rzn1-a5psw: enable management frames for CPU port
    - net: dsa: rzn1-a5psw: fix STP states handling
    - net: dsa: rzn1-a5psw: disable learning for standalone ports
    - net: hns3: fix output information incomplete for dumping tx queue info with
      debugfs
    - net: hns3: fix sending pfc frames after reset issue
    - net: hns3: fix reset delay time to avoid configuration timeout
    - net: hns3: fix reset timeout when enable full VF
    - media: netup_unidvb: fix use-after-free at del_timer()
    - SUNRPC: double free xprt_ctxt while still in use
    - SUNRPC: always free ctxt when freeing deferred request
    - SUNRPC: Fix trace_svc_register() call site
    - ASoC: mediatek: mt8186: Fix use-after-free in driver remove path
    - ASoC: SOF: topology: Fix logic for copying tuples
    - drm/exynos: fix g2d_open/close helper function definitions
    - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
    - virtio-net: Maintain reverse cleanup order
    - virtio_net: Fix error unwinding of XDP initialization
    - tipc: add tipc_bearer_min_mtu to calculate min mtu
    - tipc: do not update mtu if msg_max is too small in mtu negotiation
    - tipc: check the bearer min mtu properly when setting it by netlink
    - s390/cio: include subchannels without devices also for evaluation
    - can: dev: fix missing CAN XL support in can_put_echo_skb()
    - net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
    - net: bcmgenet: Restore phy_stop() depending upon suspend/close
    - ice: introduce clear_reset_state operation
    - ice: Fix ice VF reset during iavf initialization
    - wifi: cfg80211: Drop entries with invalid BSSIDs in RNR
    - wifi: mac80211: fortify the spinlock against deadlock by interrupt
    - wifi: mac80211: fix min center freq offset tracing
    - wifi: mac80211: Abort running color change when stopping the AP
    - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
    - wifi: iwlwifi: fw: fix DBGI dump
    - wifi: iwlwifi: fix OEM's name in the ppag approved list
    - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
    - wifi: iwlwifi: mvm: don't trust firmware n_channels
    - scsi: storvsc: Don't pass unused PFNs to Hyper-V host
    - net: tun: rebuild error handling in tun_get_user
    - tun: Fix memory leak for detached NAPI queue.
    - cassini: Fix a memory leak in the error handling path of cas_init_one()
    - net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
    - igb: fix bit_shift to be in [1..8] range
    - vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
    - net: wwan: iosm: fix NULL pointer dereference when removing device
    - net: pcs: xpcs: fix C73 AN not getting enabled
    - net: selftests: Fix optstring
    - netfilter: nf_tables: fix nft_trans type confusion
    - netfilter: nft_set_rbtree: fix null deref on element insertion
    - bridge: always declare tunnel functions
    - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
    - USB: usbtmc: Fix direction for 0-length ioctl control messages
    - usb-storage: fix deadlock when a scsi command timeouts more than once
    - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
    - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()
    - usb: dwc3: debugfs: Resume dwc3 before accessing registers
    - usb: gadget: u_ether: Fix host MAC address case
    - usb: typec: altmodes/displayport: fix pin_assignment_show
    - Revert "usb: gadget: udc: core: Prevent redundant calls to pullup"
    - Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
    - xhci-pci: Only run d3cold avoidance quirk for s2idle
    - xhci: Fix incorrect tracking of free space on transfer rings
    - ALSA: hda: Fix Oops by 9.1 surround channel names
    - ALSA: hda/realtek: Add quirk for Clevo L140AU
    - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
    - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
    - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
    - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
    - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
    - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
    - can: kvaser_pciefd: Call request_irq() before enabling interrupts
    - can: kvaser_pciefd: Empty SRB buffer in probe
    - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
    - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
    - can: kvaser_pciefd: Disable interrupts in probe error path
    - wifi: rtw88: use work to update rate to avoid RCU warning
    - SMB3: Close all deferred handles of inode in case of handle lease break
    - SMB3: drop reference to cfile before sending oplock break
    - ksmbd: smb2: Allow messages padded to 8byte boundary
    - ksmbd: allocate one more byte for implied bcc[0]
    - ksmbd: fix wrong UserName check in session_user
    - ksmbd: fix global-out-of-bounds in smb2_find_context_vals
    - KVM: Fix vcpu_array[0] races
    - statfs: enforce statfs[64] structure initialization
    - maple_tree: make maple state reusable after mas_empty_area()
    - mm: fix zswap writeback race condition
    - serial: Add support for Advantech PCI-1611U card
    - serial: 8250_exar: Add support for USR298x PCI Modems
    - serial: qcom-geni: fix enabling deactivated interrupt
    - thunderbolt: Clear registers properly when auto clear isn't in use
    - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
    - ceph: force updating the msg pointer in non-split case
    - drm/amd/pm: fix possible power mode mismatch between driver and PMFW
    - drm/amdgpu/gmc11: implement get_vbios_fb_size()
    - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
    - drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well
    - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
    - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs
    - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
    - tpm/tpm_tis: Disable interrupts for more Lenovo devices
    - powerpc/64s/radix: Fix soft dirty tracking
    - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
    - s390/dasd: fix command reject error on ESE devices
    - s390/crypto: use vector instructions only if available for ChaCha20
    - s390/qdio: fix do_sqbs() inline assembly constraint
    - arm64: mte: Do not set PG_mte_tagged if tags were not initialized
    - rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler
    - rethook, fprobe: do not trace rethook related functions
    - remoteproc: imx_dsp_rproc: Fix kernel test robot sparse warning
    - crypto: testmgr - fix RNG performance in fuzz tests
    - drm/amdgpu: declare firmware for new MES 11.0.4
    - drm/amd/amdgpu: introduce gc_*_mes_2.bin v2
    - drm/amdgpu: reserve the old gc_11_0_*_mes.bin
    - Linux 6.1.30
    - upstream stable to v6.1.30
    - [Config] Update annotations after merging 6.1.30

* Fix audio white noise while play from HDMI/DP port on AMD W6300 gfx
    (LP: #2024449)
    - SAUCE: drm/amd/pm: revise the ASPM settings for thunderbolt attached
      scenario
    - SAUCE: drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible
      noise issue

* eDP power on flow enhancement to speed up kernel boot time (LP: #2024126)
    - drm/i915/edp: wait power off delay at driver remove to optimize probe

* Fix eDP only displays 3/4 area after switching to mirror mode with external
    HDMI 4K monitor (LP: #2024273)
    - drm/i915: Allow arbitrary refresh rates with VRR eDP panels

* Resync CI Runner Configuration (LP: #2024199)
    - [CI] resync ci configuration

-- Timo Aaltonen <timo.aaltonen@canonical.com>  Wed, 21 Jun 2023 09:10:37 +0300

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-oem-6.1 package