Kernel SRU Workflow

focal/linux-gkeop-5.15: 5.15.0-1029.34~20.04.1 -proposed tracker

Bug #2033792 reported by Stefan Bader on 2023-09-01

This bug report is a duplicate of: Bug #2036543: focal/linux-gkeop-5.15: 5.15.0-1030.35~20.04.1 -proposed tracker. Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Ian May
Abi-testing	New	Undecided	Unassigned
Automated-testing	New	Medium	Canonical Kernel Team
Boot-testing	New	Medium	Unassigned
Certification-testing	Invalid	Medium	Unassigned
New-review	New	Medium	Unassigned
Prepare-package	In Progress	Medium	Ian May
Prepare-package-generate	In Progress	Medium	Ian May
Prepare-package-meta	In Progress	Medium	Ian May
Prepare-package-signed	In Progress	Medium	Ian May
Promote-signing-to-proposed	New	Medium	Unassigned
Promote-to-proposed	New	Medium	Ubuntu Stable Release Updates Team
Promote-to-security	New	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	New	Medium	Ubuntu Stable Release Updates Team
Regression-testing	New	Medium	Canonical Kernel Team
Security-signoff	New	Medium	Canonical Security Team
Sru-review	New	Medium	Unassigned
Verification-testing	New	Medium	Canonical Kernel Team
linux-gkeop-5.15 (Ubuntu)
Focal	Fix Released	Medium	Unassigned

Bug Description

This bug will contain status and test results related to a kernel source (or snap) as stated in the title.

For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

-- swm properties --
built:
  route-entry: 1
flag:
  stream-from-cycle: true
issue: KSRU-9579
kernel-stable-master-bug: 2033793
packages:
  generate: linux-generate-gkeop-5.15
  main: linux-gkeop-5.15
  meta: linux-meta-gkeop-5.15
  signed: linux-signed-gkeop-5.15
phase: Packaging
phase-changed: Monday, 18. September 2023 15:30 UTC
reason:
  :prepare-packages: 'Ongoing -b Being cranked by: ian-may'
  prepare-package: Pending -- tag not published and package not
    uploaded
  prepare-package-generate: Pending -- package not uploaded
  prepare-package-meta: Pending -- tag not published and package not
    uploaded
  prepare-package-signed: Pending -- tag not published and package not
    uploaded
variant: debs
~~:
  announce:
    swm-transition-crankable: 2023-09-17 18:50:26.241751
  clamps:
    self: 5.15.0-1029.34~20.04.1

See original description

Tags:

CVE References

Stefan Bader (smb) on 2023-09-01

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2023.09.04-1
description:	updated
tags:	added: kernel-sru-backport-of-2033793
Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-01

Changed in linux-gkeop-5.15 (Ubuntu Focal):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → Triaged

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-01

description:	updated
Changed in kernel-sru-workflow:
status:	Triaged → In Progress
tags:	added: kernel-jira-issue-ksru-9579

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-01

description:

updated

Roxana Nicolescu (roxanan) on 2023-09-15

Changed in kernel-sru-workflow:
assignee:	nobody → Ian May (ian-may)

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-15

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-17

description:

updated

Ian May (ian-may) on 2023-09-18

summary:

- focal/linux-gkeop-5.15: <version to be filled> -proposed tracker
+ focal/linux-gkeop-5.15: 5.15.0-1029.34~20.04.1 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-18

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-09-19

Changed in kernel-sru-workflow:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-04:

Download full text (57.5 KiB)

This bug was fixed in the package linux-gkeop-5.15 - 5.15.0-1030.35~20.04.1

---------------
linux-gkeop-5.15 (5.15.0-1030.35~20.04.1) focal; urgency=medium

* focal/linux-gkeop-5.15: 5.15.0-1030.35~20.04.1 -proposed tracker
(LP: #2036543)

[ Ubuntu: 5.15.0-1030.35 ]

  * jammy/linux-gkeop: 5.15.0-1030.35 -proposed tracker (LP: #2036544)
  * jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
  * 5.15.0-85 live migration regression (LP: #2036675)
    - Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
    - Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
  * Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
    (LP: #2034447)
    - crypto: rsa-pkcs1pad - Use helper to set reqsize

linux-gkeop-5.15 (5.15.0-1029.34~20.04.1) focal; urgency=medium

* focal/linux-gkeop-5.15: 5.15.0-1029.34~20.04.1 -proposed tracker
(LP: #2033792)

[ Ubuntu: 5.15.0-1029.34 ]

This bug was fixed in the package linux-gkeop-5.15 - 5.15.0-1030.35~20.04.1

---------------
linux-gkeop-5.15 (5.15.0-1030.35~20.04.1) focal; urgency=medium

* focal/linux-gkeop-5.15: 5.15.0-1030.35~20.04.1 -proposed tracker
    (LP: #2036543)

[ Ubuntu: 5.15.0-1030.35 ]

linux-gkeop-5.15 (5.15.0-1029.34~20.04.1) focal; urgency=medium

* focal/linux-gkeop-5.15: 5.15.0-1029.34~20.04.1 -proposed tracker
    (LP: #2033792)

[ Ubuntu: 5.15.0-1029.34 ]

* jammy/linux-gkeop: 5.15.0-1029.34 -proposed tracker (LP: #2033793)
  * CVE-2023-20569
    - Ubuntu: [Config] gkeop: enable Speculative Return Stack Overflow mitigation
  * Jammy update: v5.15.118 upstream stable release (LP: #2030239)
    - [Config] gkeop: updateconfigs for DECNET
  * Jammy update: v5.15.117 upstream stable release (LP: #2030107)
    - [Config] gkeop: updateconfigs for BLK_DEV_SX8
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * Request backport of xen timekeeping performance improvements (LP: #2033122)
    - x86/xen/time: prefer tsc as clocksource when it is invariant
  * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
    ARM64 (LP: #2033007)
    - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
    - kexec, KEYS: make the code in bzImage64_verify_sig generic
    - arm64: kexec_file: use more system keyrings to verify kernel image signature
  * ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
    jammy/fips (LP: #2019880)
    - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
  * ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
    (LP: #2019868)
    - selftests/harness: allow tests to be skipped during setup
    - selftests: net: tls: check if FIPS mode is enabled
  * A general-proteciton exception during guest migration to unsupported PKRU
    machine (LP: #2032164, reverted)
    - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
    - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - x86: fix backwards merge of GDS/SRSO bit
    - x86/srso: Fix build breakage with the LLVM linker
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - x86/alternative: Make custom return thunk unconditional
    - objtool: Add frame-pointer-specific function ignore
    - x86/ibt: Add ANNOTATE_NOENDBR
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - x86/static_call: Fix __static_call_fixup()
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigation on unaffected configurations
    - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    - objtool/x86: Fixup frame-pointer vs rethunk
    - x86/srso: Correct the mitigation status when SMT is disabled
    - objtool/x86: Fix SRSO mess
    - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
  * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
    - e1000e: Use PME poll to circumvent unreliable ACPI wake
  * Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
    - ACPI: fan: Separate file for attributes creation
    - ACPI: fan: Optimize struct acpi_fan_fif
    - ACPI: fan: Properly handle fine grain control
    - ACPI: fan: Add additional attributes for fine grain control
  * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
    cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
    - cpufreq: intel_pstate: Fix scaling for hybrid-capable
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()
  * CVE-2023-4155
    - KVM: SEV: Refactor out sev_es_state struct
    - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
    - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
    - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
    - KVM: SEV: snapshot the GHCB before accessing it
    - KVM: SEV: only access GHCB fields once
  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().
  * Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
    5.19.0-46.47-22.04.1 (LP: #2032176)
    - Revert "KVM: x86: enable TDP MMU by default"
  * Jammy update: v5.15.122 upstream stable release (LP: #2032690)
    - Linux 5.15.122
    - Upstream stable to v5.15.122
  * Jammy update: v5.15.121 upstream stable release (LP: #2032689)
    - netfilter: nf_tables: drop map element references from preparation phase
    - fs: pipe: reveal missing function protoypes
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - svcrdma: Prevent page release when nothing was received
    - posix-timers: Prevent RT livelock in itimer_delete()
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - perf/arm-cmn: Fix DTC reset
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - cpufreq: intel_pstate: Fix energy_performance_preference for passive
    - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
    - rcutorture: Correct name of use_softirq module parameter
    - rcuscale: Always log error message
    - rcuscale: Move shutdown from wait_event() to wait_event_idle()
    - rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
    - rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
    - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
      is undefined
    - perf/ibs: Fix interface via core pmu events
    - x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
    - locking/atomic: arm: fix sync ops
    - evm: Complete description of evm_inode_setattr()
    - evm: Fix build warnings
    - ima: Fix build warnings
    - pstore/ram: Add check for kstrdup
    - igc: Enable and fix RX hash usage by netstack
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - libbpf: btf_dump_type_data_check_overflow needs to consider
      BTF_MEMBER_BITFIELD_SIZE
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: wilc1000: fix for absent RSN capabilities WFA testcase
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - sctp: add bpf_bypass_getsockopt proto callback
    - libbpf: fix offsetof() and container_of() to work with CO-RE
    - bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
    - spi: dw: Round of n_bytes to power of 2
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - bpftool: JIT limited misreported as negative value on aarch64
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wl3501_cs: use eth_hw_addr_set()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Utilize strnlen() in parse_addr()
    - wifi: ray_cs: Drop useless status variable in parse_addr()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - selftests/bpf: Fix check_mtu using wrong variable type
    - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives with turbo modes
    - kexec: fix a memory leak in crash_shrink_memory()
    - memstick r592: make memstick_debug_get_tpc_name() static
    - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    - rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    - wifi: iwlwifi: pull from TXQs with softirqs disabled
    - iwlwifi: don't dump_stack() when we get an unexpected interrupt
    - wifi: iwlwifi: pcie: fix NULL pointer dereference in
      iwl_pcie_irq_rx_msix_handler()
    - wifi: cfg80211: rewrite merging of inherited elements
    - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
    - wifi: ath9k: convert msecs to jiffies where needed
    - bpf: Omit superfluous address family check in __bpf_skc_lookup
    - bpf: Factor out socket lookup functions for the TC hookpoint.
    - bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
    - bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
    - can: length: fix bitstuffing count
    - igc: Fix race condition in PTP tx code
    - net: stmmac: fix double serdes powerdown
    - netlink: fix potential deadlock in netlink_set_err()
    - netlink: do not hard code device address lenth in fdb dumps
    - bonding: do not assume skb mac_header is set
    - selftests: rtnetlink: remove netdevsim device after ipsec offload test
    - gtp: Fix use-after-free in __gtp_encap_destroy().
    - net: axienet: Move reset before 64-bit DMA detection
    - sfc: fix crash when reading stats while NIC is resetting
    - lib/ts_bm: reset initial match offset for every block of text
    - netfilter: conntrack: dccp: copy entire header to stack buffer, not just
      basic one
    - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
      value.
    - ipvlan: Fix return value of ipvlan_queue_xmit()
    - netlink: Add __sock_i_ino() for __netlink_diag_dump().
    - drm/amd/display: Add logging for display MALL refresh setting
    - radeon: avoid double free in ci_dpm_init()
    - drm/amd/display: Explicitly specify update type per plane info change
    - Input: drv260x - sleep between polling GO bit
    - drm/bridge: tc358768: always enable HS video mode
    - drm/bridge: tc358768: fix PLL parameters computation
    - drm/bridge: tc358768: fix PLL target frequency
    - drm/bridge: tc358768: fix TCLK_ZEROCNT computation
    - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
    - drm/bridge: tc358768: fix TCLK_TRAILCNT computation
    - drm/bridge: tc358768: fix THS_ZEROCNT computation
    - drm/bridge: tc358768: fix TXTAGOCNT computation
    - drm/bridge: tc358768: fix THS_TRAILCNT computation
    - drm/vram-helper: fix function names in vram helper doc
    - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    - ARM: dts: meson8b: correct uart_B and uart_C clock references
    - Input: adxl34x - do not hardcode interrupt trigger type
    - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    - drm/panel: sharp-ls043t1le01: adjust mode settings
    - ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
    - bus: ti-sysc: Fix dispc quirk masking bool variables
    - arm64: dts: microchip: sparx5: do not use PSCI on reference boards
    - clk: imx: scu: use _safe list iterator to avoid a use after free
    - RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
    - RDMA/bnxt_re: Fix to remove unnecessary return labels
    - RDMA/bnxt_re: Use unique names while registering interrupts
    - RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
    - RDMA/bnxt_re: Fix to remove an unnecessary log
    - drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
    - drm/msm/disp/dpu: get timing engine status from intf status register
    - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
    - ARM: dts: gta04: Move model property out of pinctrl node
    - arm64: dts: qcom: msm8916: correct camss unit address
    - arm64: dts: qcom: msm8994: correct SPMI unit address
    - arm64: dts: qcom: msm8996: correct camss unit address
    - arm64: dts: qcom: sdm630: correct camss unit address
    - arm64: dts: qcom: sdm845: correct camss unit address
    - arm64: dts: qcom: db820c: Move blsp1_uart2 pin states to msm8996.dtsi
    - arm64: dts: qcom: apq8016-sbc: Update modem and WiFi firmware path
    - arm64: dts: qcom: apq8016-sbc: Clarify firmware-names
    - arm64: dts: qcom: apq8016-sbc: fix mpps state names
    - arm64: dts: qcom: Drop unneeded extra device-specific includes
    - arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
    - arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
    - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    - ARM: ep93xx: fix missing-prototype warnings
    - ARM: omap2: fix missing tick_broadcast() prototype
    - arm64: dts: qcom: apq8096: fix fixed regulator name property
    - arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
    - ARM: dts: stm32: Shorten the AV96 HDMI sound card name
    - memory: brcmstb_dpfe: fix testing array offset after use
    - ASoC: es8316: Increment max value for ALC Capture Target Volume control
    - ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    - ARM: dts: meson8: correct uart_B and uart_C clock references
    - soc/fsl/qe: fix usb.c build errors
    - RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
    - IB/hfi1: Use bitmap_zalloc() when applicable
    - IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
    - RDMA/hns: Fix hns_roce_table_get return value
    - ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
    - arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    - arm64: dts: ti: k3-j7200: Fix physical address of pin
    - ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
    - ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
    - hwmon: (gsc-hwmon) fix fan pwm temperature scaling
    - hwmon: (adm1275) Allow setting sample averaging
    - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
    - ARM: dts: BCM5301X: fix duplex-full => full-duplex
    - drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video
      mode
    - drm/radeon: fix possible division-by-zero errors
    - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
    - drm/msm/a5xx: really check for A510 in a5xx_gpu_init
    - RDMA/bnxt_re: wraparound mbox producer index
    - RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
    - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
    - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
    - arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
    - clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
    - clk: tegra: tegra124-emc: Fix potential memory leak
    - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    - drm/msm/dpu: do not enable color-management if DSPPs are not available
    - drm/msm/dp: Free resources after unregistering them
    - arm64: dts: mediatek: Add cpufreq nodes for MT8192
    - arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
    - drm/msm/dpu: correct MERGE_3D length
    - clk: vc5: check memory returned by kasprintf()
    - clk: cdce925: check return value of kasprintf()
    - clk: si5341: return error if one synth clock registration fails
    - clk: si5341: check return value of {devm_}kasprintf()
    - clk: si5341: free unused memory on probe failure
    - clk: keystone: sci-clk: check return value of kasprintf()
    - clk: ti: clkctrl: check return value of kasprintf()
    - drivers: meson: secure-pwrc: always enable DMA domain
    - ovl: update of dentry revalidate flags after copy up
    - ASoC: imx-audmix: check return value of devm_kasprintf()
    - clk: Fix memory leak in devm_clk_notifier_register()
    - PCI: cadence: Fix Gen2 Link Retraining process
    - PCI: vmd: Reset VMD config register between soft reboots
    - scsi: qedf: Fix NULL dereference in error handling
    - pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
    - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    - PCI: pciehp: Cancel bringup sequence if card is not present
    - PCI: ftpci100: Release the clock resources
    - PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    - perf bench: Use unbuffered output when pipe/tee'ing to a file
    - perf bench: Add missing setlocale() call to allow usage of %'d style
      formatting
    - pinctrl: cherryview: Return correct value if pin in push-pull mode
    - kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
    - powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
    - powerpc/signal32: Force inlining of __unsafe_save_user_regs() and
      save_tm_user_regs_unsafe()
    - perf script: Fix allocation of evsel->priv related to per-event dump files
    - perf dwarf-aux: Fix off-by-one in die_get_varname()
    - powerpc/64s: Fix VAS mm use after free
    - pinctrl: microchip-sgpio: check return value of devm_kasprintf()
    - pinctrl: at91-pio4: check return value of devm_kasprintf()
    - powerpc/powernv/sriov: perform null check on iov before dereferencing iov
    - powerpc: simplify ppc_save_regs
    - powerpc: update ppc_save_regs to save current r1 in pt_regs
    - riscv: uprobes: Restore thread.bad_cause
    - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
    - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
      boundary
    - hwrng: virtio - add an internal buffer
    - hwrng: virtio - don't wait on cleanup
    - hwrng: virtio - don't waste entropy
    - hwrng: virtio - always add a pending request
    - hwrng: virtio - Fix race on data_avail and actual data
    - modpost: remove broken calculation of exception_table_entry size
    - crypto: nx - fix build warnings when DEBUG_FS is not enabled
    - modpost: fix section mismatch message for R_ARM_ABS32
    - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    - crypto: marvell/cesa - Fix type mismatch warning
    - modpost: fix off by one in is_executable_section()
    - ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag
    - crypto: qat - replace get_current_node() with numa_node_id()
    - crypto: qat - use reference to structure in dma_map_single()
    - crypto: kpp - Add helper to set reqsize
    - crypto: qat - Use helper to set reqsize
    - crypto: qat - unmap buffer before free for DH
    - crypto: qat - unmap buffers before free for RSA
    - NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    - SMB3: Do not send lease break acknowledgment if all file handles have been
      closed
    - dax: Fix dax_mapping_release() use after free
    - dax: Introduce alloc_dev_dax_id()
    - dax/kmem: Pass valid argument to memory_group_register_static
    - hwrng: st - keep clock enabled while hwrng is registered
    - kbuild: Disable GCOV for *.mod.o
    - efi/libstub: Disable PCI DMA before grabbing the EFI memory map
    - ksmbd: avoid field overflow warning
    - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
    - bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
    - USB: serial: option: add LARA-R6 01B PIDs
    - usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    - phy: tegra: xusb: Clear the driver reference in usb-phy dev
    - iio: adc: ad7192: Fix null ad7192_state pointer access
    - iio: adc: ad7192: Fix internal/external clock selection
    - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
    - iio: accel: fxls8962af: fixup buffer scan element type
    - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
    - ALSA: jack: Fix mutex call in snd_jack_report()
    - block: fix signed int overflow in Amiga partition support
    - block: add overflow checks for Amiga partition support
    - block: change all __u32 annotations to __be32 in affs_hardblocks.h
    - block: increment diskseq on all media change events
    - SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    - w1: w1_therm: fix locking behavior in convert_t
    - w1: fix loop in w1_fini()
    - sh: j2: Use ioremap() to translate device tree address into kernel memory
    - usb: dwc2: platform: Improve error reporting for problems during .remove()
    - usb: dwc2: Fix some error handling paths
    - serial: 8250: omap: Fix freeing of resources on failed register
    - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
    - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
    - media: usb: Check az6007_read() return value
    - media: videodev2.h: Fix struct v4l2_input tuner index comment
    - media: usb: siano: Fix warning due to null work_func_t function pointer
    - media: i2c: Correct format propagation for st-mipid02
    - clk: qcom: reset: Allow specifying custom reset delay
    - clk: qcom: reset: support resetting multiple bits
    - clk: qcom: ipq6018: fix networking resets
    - usb: dwc3: qcom: Fix potential memory leak
    - usb: gadget: u_serial: Add null pointer check in gserial_suspend
    - extcon: Fix kernel doc of property fields to avoid warnings
    - extcon: Fix kernel doc of property capability fields to avoid warnings
    - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    - usb: hide unused usbfs_notify_suspend/resume functions
    - serial: 8250: lock port for stop_rx() in omap8250_irq()
    - serial: 8250: lock port for UART_IER access in omap8250_irq()
    - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
    - coresight: Fix loss of connection info when a module is unloaded
    - mfd: rt5033: Drop rt5033-battery sub-device
    - media: venus: helpers: Fix ALIGN() of non power of two
    - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
    - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
    - usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection
    - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
    - mfd: intel-lpss: Add missing check for platform_get_resource
    - Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection"
    - serial: 8250_omap: Use force_suspend and resume for system suspend
    - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
    - nvmem: rmem: Use NVMEM_DEVID_AUTO
    - mfd: stmfx: Fix error path in stmfx_chip_init
    - mfd: stmfx: Nullify stmfx->vdd in case of error
    - KVM: s390: vsie: fix the length of APCB bitmap
    - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
    - mfd: stmpe: Only disable the regulators if they are enabled
    - phy: tegra: xusb: check return value of devm_kzalloc()
    - pwm: imx-tpm: force 'real_period' to be zero in suspend
    - pwm: sysfs: Do not apply state to already disabled PWMs
    - pwm: ab8500: Fix error code in probe()
    - pwm: mtk_disp: Fix the disable flow of disp_pwm
    - md/raid10: fix the condition to call bio_end_io_acct()
    - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
    - media: cec: i2c: ch7322: also select REGMAP
    - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    - net/sched: act_ipt: add sanity checks on table name and hook locations
    - Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    - ibmvnic: Do not reset dql stats on NON_FATAL err
    - net: dsa: vsc73xx: fix MTU configuration
    - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    - f2fs: fix error path handling in truncate_dnode()
    - octeontx2-af: Fix mapping for NIX block from CGX connection
    - octeontx2-af: Add validation before accessing cgx and lmac
    - ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
    - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    - tcp: annotate data races in __tcp_oow_rate_limited()
    - xsk: Honor SO_BINDTODEVICE on bind
    - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    - riscv: move memblock_allow_resize() after linear mapping is ready
    - pptp: Fix fib lookup calls.
    - net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    - octeontx-af: fix hardware timestamp configuration
    - s390/qeth: Fix vipa deletion
    - sh: dma: Fix DMA channel offset calculation
    - apparmor: fix missing error check for rhashtable_insert_fast
    - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
    - i2c: xiic: Don't try to handle more interrupt events after error
    - extcon: usbc-tusb320: Convert to i2c's .probe_new()
    - btrfs: do not BUG_ON() on tree mod log failure at balance_level()
    - i2c: qup: Add missing unwind goto in qup_i2c_probe()
    - NFSD: add encoding of op_recall flag for write delegation
    - io_uring: wait interruptibly for request completions on exit
    - mmc: core: disable TRIM on Kingston EMMC04G-M627
    - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
    - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
      used.
    - bcache: fixup btree_cache_wait list damage
    - bcache: Remove unnecessary NULL point check in node allocations
    - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
    - um: Use HOST_DIR for mrproper
    - integrity: Fix possible multiple allocation in integrity_inode_get()
    - autofs: use flexible array in ioctl structure
    - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
    - ext4: Remove ext4 locking of moved directory
    - Revert "f2fs: fix potential corruption when moving a directory"
    - fs: Establish locking order for unrelated directories
    - fs: Lock moved directories
    - ipvs: increase ip_vs_conn_tab_bits range for 64BIT
    - jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    - fs: avoid empty option when generating legacy mount string
    - btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
    - btrfs: delete unused BGs while reclaiming BGs
    - btrfs: bail out reclaim process if filesystem is read-only
    - btrfs: reinsert BGs failed to reclaim
    - btrfs: fix race when deleting quota root from the dirty cow roots list
    - btrfs: fix extent buffer leak after tree mod log failure at split_node()
    - btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
    - ASoC: mediatek: mt8173: Fix irq error path
    - ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
    - ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
    - ARM: orion5x: fix d2net gpio initialization
    - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
    - fs: no need to check source
    - ovl: fix null pointer dereference in ovl_get_acl_rcu()
    - fanotify: disallow mount/sb marks on kernel internal pseudo fs
    - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    - wireguard: queueing: use saner cpu selection wrapping
    - wireguard: netlink: send staged packets when setting initial private key
    - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    - block/partition: fix signedness issue for Amiga partitions
    - io_uring: Use io_schedule* in cqring wait
    - io_uring: add reschedule point to handle_tw_list()
    - net: lan743x: Don't sleep in atomic context
    - workqueue: clean up WORK_* constant types, clarify masking
    - ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
    - ksmbd: validate command payload size
    - ksmbd: fix out-of-bound read in smb2_write
    - ksmbd: validate session id and tree id in the compound request
    - drm/panel: simple: Add connector_type for innolux_at043tn24
    - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
    - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
    - igc: Remove delay during TX ring configuration
    - net/mlx5e: fix double free in mlx5e_destroy_flow_table
    - net/mlx5e: fix memory leak in mlx5e_ptp_open
    - net/mlx5e: Check for NOT_READY flag state after locking
    - igc: set TP bit in 'supported' and 'advertising' fields of
      ethtool_link_ksettings
    - igc: Handle PPS start time programming for past time values
    - scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    - bpf: Fix max stack depth check for async callbacks
    - net: mvneta: fix txq_map in case of txq_number==1
    - gve: Set default duplex configuration to full
    - ionic: remove WARN_ON to prevent panic_on_warn
    - net: bgmac: postpone turning IRQs off to avoid SoC hangs
    - net: prevent skb corruption on frag list segmentation
    - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    - udp6: fix udp6_ehashfn() typo
    - ntb: idt: Fix error handling in idt_pci_driver_init()
    - NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    - ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    - NTB: ntb_transport: fix possible memory leak while device_register() fails
    - NTB: ntb_tool: Add check for devm_kcalloc
    - ipv6/addrconf: fix a potential refcount underflow for idev
    - platform/x86: wmi: remove unnecessary argument
    - platform/x86: wmi: use guid_t and guid_equal()
    - platform/x86: wmi: move variables
    - platform/x86: wmi: Break possible infinite loop when parsing GUID
    - kernel/trace: Fix cleanup logic of enable_trace_eprobe
    - igc: Fix launchtime before start of cycle
    - igc: Fix inserting of empty frame for launchtime
    - bpf, riscv: Support riscv jit to provide bpf_line_info
    - riscv, bpf: Fix inconsistent JIT image generation
    - drm/i915: Fix one wrong caching mode enum usage
    - octeontx2-pf: Add additional check for MCAM rules
    - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    - erofs: decouple basic mount options from fs_context
    - erofs: fix fsdax unavailability for chunk-based regular files
    - wifi: airo: avoid uninitialized warning in airo_get_rate()
    - bpf: cpumap: Fix memory leak in cpu_map_update_elem
    - net/sched: flower: Ensure both minimum and maximum ports are specified
    - riscv: mm: fix truncation warning on RV32
    - netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
    - net/sched: make psched_mtu() RTNL-less safe
    - nvme-pci: remove nvme_queue from nvme_iod
    - nvme-pci: fix DMA direction of unmapping integrity data
    - pinctrl: amd: Fix mistake in handling clearing pins at startup
    - pinctrl: amd: Detect internal GPIO0 debounce handling
    - pinctrl: amd: Detect and mask spurious interrupts
    - pinctrl: amd: Only use special debounce behavior for GPIO 0
    - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    - mtd: rawnand: meson: fix unaligned DMA buffers handling
    - net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    - mm/damon/ops-common: atomically test and clear young on ptes and pmds
    - powerpc: Fail build if using recordmcount with binutils v2.37
    - misc: fastrpc: Create fastrpc scalar with correct buffer count
    - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
    - arm64: errata: Add detection for TRBE overwrite in FILL mode
    - erofs: fix compact 4B support for 16k block size
    - MIPS: Loongson: Fix cpu_probe_loongson() again
    - MIPS: KVM: Fix NULL pointer dereference
    - ext4: Fix reusing stale buffer heads from last failed mounting
    - ext4: fix wrong unit use in ext4_mb_clear_bb
    - ext4: get block from bh in ext4_free_blocks for fast commit replay
    - ext4: fix wrong unit use in ext4_mb_new_blocks
    - ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
    - ext4: turn quotas off if mount failed after enabling quotas
    - ext4: only update i_reserved_data_blocks on successful block allocation
    - jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    - hwrng: imx-rngc - fix the timeout for init and self check
    - dm integrity: reduce vmalloc space footprint on 32-bit architectures
    - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    - PCI: qcom: Disable write access to read only registers for IP v2.3.3
    - PCI: rockchip: Assert PCI Configuration Enable bit after probe
    - PCI: rockchip: Write PCI Device ID to correct register
    - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    - PCI: rockchip: Use u32 variable to access 32-bit registers
    - PCI: rockchip: Set address alignment for endpoint mode
    - misc: pci_endpoint_test: Free IRQs before removing the device
    - misc: pci_endpoint_test: Re-init completion for every test
    - mfd: pm8008: Fix module autoloading
    - md/raid0: add discard support for the 'original' layout
    - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
    - fs: dlm: return positive pid value for F_GETLK
    - drm/atomic: Allow vblank-enabled + self-refresh "disable"
    - drm/rockchip: vop: Leave vblank enabled in self-refresh
    - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM
    - drm/amd/display: Correct `DMUB_FW_VERSION` macro
    - drm/amdgpu: avoid restore process run into dead loop.
    - drm/ttm: Don't leak a resource on swapout move error
    - serial: atmel: don't enable IRQs prematurely
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
      case of error
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
      iterating clk
    - tty: serial: imx: fix rs485 rx after tx
    - firmware: stratix10-svc: Fix a potential resource leak in
      svc_create_memory_pool()
    - libceph: harden msgr2.1 frame segment length checks
    - ceph: don't let check_caps skip sending responses for revoke msgs
    - xhci: Fix resume issue of some ZHAOXIN hosts
    - xhci: Fix TRB prefetch issue of ZHAOXIN hosts
    - xhci: Show ZHAOXIN xHCI root hub speed correctly
    - meson saradc: fix clock divider mask length
    - opp: Fix use-after-free in lazy_opp_tables after probe deferral
    - soundwire: qcom: fix storing port config out-of-bounds
    - Revert "8250: add support for ASIX devices with a FIFO bug"
    - bus: ixp4xx: fix IXP4XX_EXP_T1_MASK
    - s390/decompressor: fix misaligned symbol build error
    - tracing/histograms: Add histograms to hist_vars if they have referenced
      variables
    - tracing: Fix memory leak of iter->temp when reading trace_pipe
    - samples: ftrace: Save required argument registers in sample trampolines
    - net: ena: fix shift-out-of-bounds in exponential backoff
    - ring-buffer: Fix deadloop issue on reading trace_pipe
    - ftrace: Fix possible warning on checking all pages used in
      ftrace_process_locs()
    - xtensa: ISS: fix call to split_if_spec
    - tracing: Fix null pointer dereference in tracing_err_log_open()
    - selftests: mptcp: sockopt: return error if wrong mark
    - selftests: mptcp: depend on SYN_COOKIES
    - tracing/probes: Fix not to count error code to total length
    - tracing/probes: Fix to update dynamic data counter if fetcharg uses it
    - scsi: qla2xxx: Wait for io return on terminate rport
    - scsi: qla2xxx: Array index may go out of bound
    - scsi: qla2xxx: Avoid fcport pointer dereference
    - scsi: qla2xxx: Fix buffer overrun
    - scsi: qla2xxx: Fix potential NULL pointer dereference
    - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    - scsi: qla2xxx: Correct the index of array
    - scsi: qla2xxx: Pointer may be dereferenced
    - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    - MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled
    - net/sched: sch_qfq: reintroduce lmax bound check for MTU
    - drm/atomic: Fix potential use-after-free in nonblocking commits
    - Linux 5.15.121
  * Jammy update: v5.15.120 upstream stable release (LP: #2032688)
    - mptcp: fix possible divide by zero in recvmsg()
    - mptcp: consolidate fallback and non fallback state machine
    - mm, hwpoison: try to recover from copy-on write faults
    - mm, hwpoison: when copy-on-write hits poison, take page offline
    - drm/amdgpu: Set vmbo destroy after pt bo is created
    - x86/microcode/AMD: Load late on both threads too
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - can: isotp: isotp_sendmsg(): fix return error fix on TX path
    - bpf: ensure main program has an extable
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
    - Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak
      in mtk_thermal_probe"
    - perf symbols: Symbol lookup with kcore can fail if multiple segments match
      stext
    - scripts/tags.sh: Resolve gtags empty index generation
    - drm/amdgpu: Validate VM ioctl flags.
    - parisc: Delete redundant register definitions in <asm/assembly.h>
    - nubus: Partially revert proc_create_single_data() conversion
    - Linux 5.15.120
  * Jammy update: v5.15.119 upstream stable release (LP: #2032683)
    - drm/amd/display: fix the system hang while disable PSR
    - tracing: Add tracing_reset_all_online_cpus_unlocked() function
    - tpm, tpm_tis: Claim locality in interrupt handler
    - drm/amd/display: Add minimal pipe split transition state
    - drm/amd/display: Use dc_update_planes_and_stream
    - drm/amd/display: Add wrapper to call planes and stream update
    - tick/common: Align tick period during sched_timer setup
    - selftests: mptcp: lib: skip if missing symbol
    - selftests: mptcp: lib: skip if not below kernel version
    - selftests/mount_setattr: fix redefine struct mount_attr build error
    - selftests: mptcp: pm nl: remove hardcoded default limits
    - selftests: mptcp: join: use 'iptables-legacy' if available
    - selftests: mptcp: join: skip check if MIB counter not supported
    - nilfs2: fix buffer corruption due to concurrent device reads
    - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
    - KVM: Avoid illegal stage2 mapping on invalid memory slot
    - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
    - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    - PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    - Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
    - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    - PCI: hv: Add a per-bus mutex state_lock
    - cgroup: Do not corrupt task iteration when rebinding subsystem
    - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
    - mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    - mmc: mmci: stm32: fix max busy timeout calculation
    - ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
    - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
    - regmap: spi-avmm: Fix regmap_bus max_raw_write
    - writeback: fix dereferencing NULL mapping->host on writeback_page_template
    - io_uring/net: save msghdr->msg_control for retries
    - io_uring/net: clear msg_controllen on partial sendmsg retry
    - io_uring/net: disable partial retries for recvmsg with cmsg
    - nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    - x86/mm: Avoid using set_pgd() outside of real PGD pages
    - memfd: check for non-NULL file_seals in memfd_create() syscall
    - mmc: meson-gx: fix deferred probing
    - ieee802154: hwsim: Fix possible memory leaks
    - xfrm: Treat already-verified secpath entries as optional
    - xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
    - xfrm: Ensure policies always checked on XFRM-I input path
    - bpf: track immediate values written to stack by BPF_ST instruction
    - bpf: Fix verifier id tracking of scalars on spill
    - xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
    - selftests: net: fcnal-test: check if FIPS mode is enabled
    - xfrm: Linearize the skb after offloading if needed.
    - net: qca_spi: Avoid high load if QCA7000 is not available
    - mmc: mtk-sd: fix deferred probing
    - mmc: mvsdio: fix deferred probing
    - mmc: omap: fix deferred probing
    - mmc: omap_hsmmc: fix deferred probing
    - mmc: owl: fix deferred probing
    - mmc: sdhci-acpi: fix deferred probing
    - mmc: sh_mmcif: fix deferred probing
    - mmc: usdhi60rol0: fix deferred probing
    - ipvs: align inner_mac_header for encapsulation
    - net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    - net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
    - be2net: Extend xmit workaround to BE3 chip
    - netfilter: nft_set_pipapo: .walk does not deal with generations
    - netfilter: nf_tables: disallow element updates of bound anonymous sets
    - netfilter: nf_tables: reject unbound anonymous set before commit phase
    - netfilter: nf_tables: reject unbound chain set before commit phase
    - netfilter: nf_tables: disallow updates of anonymous sets
    - netfilter: nfnetlink_osf: fix module autoload
    - Revert "net: phy: dp83867: perform soft reset and retain established link"
    - bpf/btf: Accept function names that contain dots
    - selftests: forwarding: Fix race condition in mirror installation
    - sch_netem: acquire qdisc lock in netem_change()
    - gpio: Allow per-parent interrupt data
    - gpiolib: Fix GPIO chip IRQ initialization restriction
    - gpio: sifive: add missing check for platform_get_irq
    - scsi: target: iscsi: Prevent login threads from racing between each other
    - HID: wacom: Add error check to wacom_parse_and_register()
    - arm64: Add missing Set/Way CMO encodings
    - media: cec: core: don't set last_initiator if tx in progress
    - nfcsim.c: Fix error checking for debugfs_create_dir
    - usb: gadget: udc: fix NULL dereference in remove()
    - nvme: double KA polling frequency to avoid KATO with TBKAS on
    - Input: soc_button_array - add invalid acpi_index DMI quirk handling
    - s390/cio: unregister device when the only path is gone
    - spi: lpspi: disable lpspi module irq in DMA mode
    - ASoC: simple-card: Add missing of_node_put() in case of error
    - soundwire: dmi-quirks: add new mapping for HP Spectre x360
    - ASoC: nau8824: Add quirk to active-high jack-detect
    - s390/purgatory: disable branch profiling
    - ARM: dts: Fix erroneous ADS touchscreen polarities
    - drm/exynos: vidi: fix a wrong error return
    - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    - vhost_net: revert upend_idx only on retriable error
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
      cycle
    - act_mirred: remove unneded merge conflict markers
    - Linux 5.15.119
  * Jammy update: v5.15.118 upstream stable release (LP: #2030239)
    - test_firmware: Use kstrtobool() instead of strtobool()
    - test_firmware: prevent race conditions by a correct implementation of
      locking
    - test_firmware: fix a memory leak with reqs buffer
    - ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
    - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
    - of: overlay: rename variables to be consistent
    - of: overlay: rework overlay apply and remove kfree()s
    - of: overlay: Fix missing of_node_put() in error case of
      init_overlay_changeset()
    - power: supply: ab8500: Fix external_power_changed race
    - power: supply: sc27xx: Fix external_power_changed race
    - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
      schedule()
    - ARM: dts: vexpress: add missing cache properties
    - tools: gpio: fix debounce_period_us output of lsgpio
    - power: supply: Ratelimit no data debug output
    - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
    - regulator: Fix error checking for debugfs_create_dir
    - irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
    - power: supply: Fix logic checking if system is running from battery
    - btrfs: scrub: try harder to mark RAID56 block groups read-only
    - btrfs: handle memory allocation failure in btrfs_csum_one_bio
    - ASoC: soc-pcm: test if a BE can be prepared
    - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
    - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
    - MIPS: unhide PATA_PLATFORM
    - MIPS: Alchemy: fix dbdma2
    - mips: Move initrd_start check after initrd address sanitisation.
    - ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
    - xen/blkfront: Only check REQ_FUA for writes
    - drm:amd:amdgpu: Fix missing buffer object unlock in failure path
    - NVMe: Add MAXIO 1602 to bogus nid list.
    - irqchip/gic: Correctly validate OF quirk descriptors
    - wifi: cfg80211: fix locking in regulatory disconnect
    - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
    - epoll: ep_autoremove_wake_function should use list_del_init_careful
    - ocfs2: fix use-after-free when unmounting read-only filesystem
    - ocfs2: check new file size on fallocate call
    - nios2: dts: Fix tse_mac "max-frame-size" property
    - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
    - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
    - kexec: support purgatories with .text.hot sections
    - x86/purgatory: remove PGO flags
    - powerpc/purgatory: remove PGO flags
    - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD
      playback
    - dm thin metadata: check fail_io before using data_sm
    - nouveau: fix client work fence deletion race
    - RDMA/uverbs: Restrict usage of privileged QKEYs
    - net: usb: qmi_wwan: add support for Compal RXM-G1
    - drm/amdgpu: add missing radeon secondary PCI ID
    - ALSA: hda/realtek: Add a quirk for Compaq N14JP6
    - Remove DECnet support from kernel
    - [Config] updateconfigs for DECNET
    - thunderbolt: dma_test: Use correct value for absent rings when creating
      paths
    - thunderbolt: Mask ring interrupt on Intel hardware as well
    - USB: serial: option: add Quectel EM061KGL series
    - serial: lantiq: add missing interrupt ack
    - usb: dwc3: gadget: Reset num TRBs before giving back the request
    - RDMA/rtrs: Fix the last iu->buf leak in err path
    - RDMA/rtrs: Fix rxe_dealloc_pd warning
    - RDMA/rxe: Fix packet length checks
    - spi: fsl-dspi: avoid SCK glitches with continuous transfers
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
    - net: enetc: correct the indexes of highest and 2nd highest TCs
    - ping6: Fix send to link-local addresses with VRF.
    - net/sched: simplify tcf_pedit_act
    - net/sched: act_pedit: remove extra check for key type
    - net/sched: act_pedit: Parse L3 Header for L4 offset
    - RDMA/rxe: Remove the unused variable obj
    - RDMA/rxe: Removed unused name from rxe_task struct
    - RDMA/rxe: Fix the use-before-initialization error of resp_pkts
    - iavf: remove mask from iavf_irq_enable_queues()
    - octeontx2-af: fixed resource availability check
    - octeontx2-af: fix lbk link credits on cn10k
    - RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
    - RDMA/cma: Always set static rate to 0 for RoCE
    - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
    - IB/isert: Fix dead lock in ib_isert
    - IB/isert: Fix possible list corruption in CMA handler
    - IB/isert: Fix incorrect release of isert connection
    - net: ethtool: correct MAX attribute value for stats
    - ipvlan: fix bound dev checking for IPv6 l3s mode
    - sctp: fix an error code in sctp_sf_eat_auth()
    - igc: Clean the TX buffer and TX descriptor ring
    - igb: fix nvm.ops.read() error handling
    - drm/nouveau: don't detect DSM for non-NVIDIA device
    - drm/nouveau/dp: check for NULL nv_connector->native_mode
    - drm/nouveau: add nv_encoder pointer check for NULL
    - cifs: fix lease break oops in xfstest generic/098
    - ext4: drop the call to ext4_error() from ext4_get_group_info()
    - net/sched: cls_api: Fix lockup on flushing explicitly created chain
    - net: lapbether: only support ethernet devices
    - dm: don't lock fs when the map is NULL during suspend or resume
    - net: tipc: resize nlattr array to correct size
    - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
    - afs: Fix vlserver probe RTT handling
    - cgroup: always put cset in cgroup_css_set_put_fork
    - rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period
    - neighbour: Remove unused inline function neigh_key_eq16()
    - net: Remove unused inline function dst_hold_and_use()
    - net: Remove DECnet leftovers from flow.h.
    - neighbour: delete neigh_lookup_nodev as not used
    - of: overlay: add entry to of_overlay_action_name[]
    - mmc: block: ensure error propagation for non-blk
    - nilfs2: reject devices with insufficient block count
    - Linux 5.15.118
  * Jammy update: v5.15.117 upstream stable release (LP: #2030107)
    - ata: ahci: fix enum constants for gcc-13
    - gcc-plugins: Reorganize gimple includes for GCC 13
    - remove the sx8 block driver
    - [Config] updateconfigs for BLK_DEV_SX8
    - sfc (gcc13): synchronize ef100_enqueue_skb()'s return type
    - i40e: Remove string printing for i40e_status
    - i40e: use int for i40e_status
    - i40e: fix build warning in ice_fltr_add_mac_to_list()
    - bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
    - f2fs: fix iostat lock protection
    - blk-iocost: avoid 64-bit division in ioc_timer_fn
    - platform/surface: aggregator: Allow completion work-items to be executed in
      parallel
    - spi: qup: Request DMA before enabling clocks
    - afs: Fix setting of mtime when creating a file/dir/symlink
    - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
    - neighbour: fix unaligned access to pneigh_entry
    - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
    - bpf: Fix UAF in task local storage
    - net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
    - net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
    - net: enetc: correct the statistics of rx bytes
    - net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
    - drm/i915: Explain the magic numbers for AUX SYNC/precharge length
    - drm/i915: Use 18 fast wake AUX sync len
    - Bluetooth: Fix l2cap_disconnect_req deadlock
    - Bluetooth: L2CAP: Add missing checks for invalid DCID
    - qed/qede: Fix scheduling while atomic
    - wifi: cfg80211: fix locking in sched scan stop work
    - selftests/bpf: Verify optval=NULL case
    - selftests/bpf: Fix sockopt_sk selftest
    - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
    - netfilter: ipset: Add schedule point in call_ad().
    - ipv6: rpl: Fix Route of Death.
    - rfs: annotate lockless accesses to sk->sk_rxhash
    - rfs: annotate lockless accesses to RFS sock flow table
    - drm/i915/selftests: Increase timeout for live_parallel_switch
    - drm/i915/selftests: Stop using kthread_stop()
    - drm/i915/selftests: Add some missing error propagation
    - net: sched: move rtm_tca_policy declaration to include file
    - net: sched: act_police: fix sparse errors in tcf_police_dump()
    - net: sched: fix possible refcount leak in tc_chain_tmplt_add()
    - bpf: Add extra path pointer check to d_path helper
    - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
    - bnxt_en: Don't issue AP reset during ethtool's reset operation
    - bnxt_en: Query default VLAN before VNIC setup on a VF
    - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
    - batman-adv: Broken sync while rescheduling delayed work
    - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
    - Input: psmouse - fix OOB access in Elantech protocol
    - Input: fix open count when closing inhibited device
    - ALSA: hda/realtek: Add quirk for Clevo NS50AU
    - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
    - drm/i915/gt: Use the correct error value when kernel_context() fails
    - drm/amd/pm: conditionally disable pcie lane switching for some
      sienna_cichlid SKUs
    - drm/amdgpu: fix xclk freq on CHIP_STONEY
    - drm/amd/pm: Fix power context allocation in SMU13
    - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
      J1939 Socket
    - can: j1939: change j1939_netdev_lock type to mutex
    - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
    - ceph: fix use-after-free bug for inodes when flushing capsnaps
    - s390/dasd: Use correct lock while counting channel queue length
    - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
    - Bluetooth: hci_qca: fix debugfs registration
    - tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
    - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
    - rbd: get snapshot context after exclusive lock is ensured to be held
    - pinctrl: meson-axg: add missing GPIOA_18 gpio group
    - usb: usbfs: Enforce page requirements for mmap
    - usb: usbfs: Use consistent mmap functions
    - ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
    - ASoC: codecs: wsa881x: do not set can_multi_write flag
    - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
      boards
    - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
    - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
    - ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
      returning void
    - ASoC: mediatek: mt8195: fix use-after-free in driver remove path
    - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
    - i2c: mv64xxx: Fix reading invalid status value in atomic mode
    - firmware: arm_ffa: Set handle field to zero in memory descriptor
    - i2c: sprd: Delete i2c adapter in .remove's error path
    - eeprom: at24: also select REGMAP
    - riscv: fix kprobe __user string arg print fault issue
    - vduse: avoid empty string for dev name
    - vhost: support PACKED when setting-getting vring_base
    - vhost_vdpa: support PACKED when setting-getting vring_base
    - ext4: only check dquot_initialize_needed() when debugging
    - Linux 5.15.117
  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free
  * CVE-2023-3863
    - nfc: llcp: simplify llcp_sock_connect() error paths
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Fri, 22 Sep 2023 13:32:39 +0200

Changed in linux-gkeop-5.15 (Ubuntu Focal):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-11-28

Changed in kernel-sru-workflow:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #2036543 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.