[ubuntu/jammy-updates] linux-intel-iotg 5.15.0-1043.49 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Oct 19 12:09:07 UTC 2023
linux-intel-iotg (5.15.0-1043.49) jammy; urgency=medium
* jammy/linux-intel-iotg: 5.15.0-1043.49 -proposed tracker (LP: #2038196)
* CVE-2023-42755
- [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
[ Ubuntu: 5.15.0-87.97 ]
* jammy/linux: 5.15.0-87.97 -proposed tracker (LP: #2038209)
* CVE-2023-4623
- net/sched: sch_hfsc: Ensure inner classes have fsc curve
* CVE-2023-42755
- net/sched: Retire rsvp classifier
- [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
* CVE-2023-34319
- xen/netback: Fix buffer overrun triggered by unusual packet
* CVE-2023-4921
- net: sched: sch_qfq: Fix UAF in qfq_dequeue()
* CVE-2023-42752
- igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
* CVE-2023-4622
- af_unix: Fix null-ptr-deref in unix_stream_sendpage().
* CVE-2023-4244
- netfilter: nft_set_rbtree: fix overlap expiration walk
- netfilter: nf_tables: don't skip expired elements during walk
- netfilter: nf_tables: adapt set backend to use GC transaction API
- netfilter: nft_set_hash: mark set element as dead when deleting from packet
path
- netfilter: nf_tables: GC transaction API to avoid race with control plane
- netfilter: nf_tables: remove busy mark and gc batch API
- netfilter: nf_tables: don't fail inserts if duplicate has expired
- netfilter: nf_tables: fix kdoc warnings after gc rework
- netfilter: nf_tables: fix GC transaction races with netns and netlink event
exit path
- netfilter: nf_tables: GC transaction race with netns dismantle
- netfilter: nf_tables: GC transaction race with abort path
- netfilter: nf_tables: use correct lock to protect gc_list
- netfilter: nf_tables: defer gc run if previous batch is still pending
- netfilter: nft_dynset: disallow object maps
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
* CVE-2023-42756
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
* CVE-2023-42753
- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
ip_set_hash_netportnet.c
* CVE-2023-5197
- netfilter: nf_tables: skip bound chain in netns release path
- netfilter: nf_tables: disallow rule removal from chain binding
* CVE-2023-4881
- netfilter: nftables: exthdr: fix 4-byte stack OOB write
linux-intel-iotg (5.15.0-1042.48) jammy; urgency=medium
* jammy/linux-intel-iotg: 5.15.0-1042.48 -proposed tracker (LP: #2036562)
[ Ubuntu: 5.15.0-86.96 ]
* jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
* 5.15.0-85 live migration regression (LP: #2036675)
- Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
- Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
* Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
- selftests/bpf: fix static assert compilation issue for test_cls_*.c
* `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
(LP: #2034447)
- crypto: rsa-pkcs1pad - Use helper to set reqsize
linux-intel-iotg (5.15.0-1041.47) jammy; urgency=medium
* jammy/linux-intel-iotg: 5.15.0-1041.47 -proposed tracker (LP: #2033808)
* Jammy update: v5.15.117 upstream stable release (LP: #2030107)
- [Config] updateconfigs for BLK_DEV_SX8
* Jammy update: v5.15.118 upstream stable release (LP: #2030239)
- [Config] updateconfigs for DECNET
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* [IOTG][RPL] Integrated TSN controller (stmmac) driver enabling
(LP: #2019222)
- stmmac: intel: Separate ADL-N and RPL-P device ID from TGL
[ Ubuntu: 5.15.0-85.95 ]
* jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
* Please enable Renesas RZ platform serial installer (LP: #2022361)
- [Config] enable hihope RZ/G2M serial console
- [Config] Mark sh-sci as built-in
* Request backport of xen timekeeping performance improvements (LP: #2033122)
- x86/xen/time: prefer tsc as clocksource when it is invariant
* kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
ARM64 (LP: #2033007)
- [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
- kexec, KEYS: make the code in bzImage64_verify_sig generic
- arm64: kexec_file: use more system keyrings to verify kernel image signature
* ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
jammy/fips (LP: #2019880)
- selftests: net: vrf-xfrm-tests: change authentication and encryption algos
* ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
(LP: #2019868)
- selftests/harness: allow tests to be skipped during setup
- selftests: net: tls: check if FIPS mode is enabled
* A general-proteciton exception during guest migration to unsupported PKRU
machine (LP: 2032164, reverted)
- x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
- KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
* CVE-2023-4569
- netfilter: nf_tables: deactivate catchall elements in next generation
* CVE-2023-20569
- x86/cpu, kvm: Add support for CPUID_80000021_EAX
- x86/srso: Add a Speculative RAS Overflow mitigation
- x86/srso: Add IBPB_BRTYPE support
- x86/srso: Add SRSO_NO support
- x86/srso: Add IBPB
- x86/srso: Add IBPB on VMEXIT
- x86/srso: Fix return thunks in generated code
- x86/srso: Tie SBPB bit setting to microcode patch detection
- x86: fix backwards merge of GDS/SRSO bit
- x86/srso: Fix build breakage with the LLVM linker
- x86/cpu: Fix __x86_return_thunk symbol type
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
- x86/alternative: Make custom return thunk unconditional
- objtool: Add frame-pointer-specific function ignore
- x86/ibt: Add ANNOTATE_NOENDBR
- x86/cpu: Clean up SRSO return thunk mess
- x86/cpu: Rename original retbleed methods
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
- x86/cpu: Cleanup the untrain mess
- x86/srso: Explain the untraining sequences a bit more
- x86/static_call: Fix __static_call_fixup()
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
- x86/srso: Disable the mitigation on unaffected configurations
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
- objtool/x86: Fixup frame-pointer vs rethunk
- x86/srso: Correct the mitigation status when SMT is disabled
- objtool/x86: Fix SRSO mess
- Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
* Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
- e1000e: Use PME poll to circumvent unreliable ACPI wake
* Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
- ACPI: fan: Separate file for attributes creation
- ACPI: fan: Optimize struct acpi_fan_fif
- ACPI: fan: Properly handle fine grain control
- ACPI: fan: Add additional attributes for fine grain control
* [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
- cpufreq: intel_pstate: Fix scaling for hybrid-capable
* CVE-2023-40283
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
* CVE-2023-20588
- x86/bugs: Increase the x86 bugs vector size to two u32s
- x86/CPU/AMD: Do not leak quotient data after a division by 0
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt
* CVE-2023-4194
- net: tun_chr_open(): set sk_uid from current_fsuid()
- net: tap_open(): set sk_uid from current_fsuid()
* CVE-2023-4155
- KVM: SEV: Refactor out sev_es_state struct
- KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
- KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
- KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
- KVM: SEV: snapshot the GHCB before accessing it
- KVM: SEV: only access GHCB fields once
* CVE-2023-1206
- tcp: Reduce chance of collisions in inet6_hashfn().
* Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
5.19.0-46.47-22.04.1 (LP: #2032176)
- Revert "KVM: x86: enable TDP MMU by default"
* Jammy update: v5.15.122 upstream stable release (LP: #2032690)
- Linux 5.15.122
- Upstream stable to v5.15.122
* Jammy update: v5.15.121 upstream stable release (LP: #2032689)
- netfilter: nf_tables: drop map element references from preparation phase
- fs: pipe: reveal missing function protoypes
- x86/resctrl: Only show tasks' pid in current pid namespace
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
- md/raid10: fix overflow of md/safe_mode_delay
- md/raid10: fix wrong setting of max_corr_read_errors
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
- md/raid10: fix io loss while replacement replace rdev
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
- svcrdma: Prevent page release when nothing was received
- posix-timers: Prevent RT livelock in itimer_delete()
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
- PM: domains: fix integer overflow issues in genpd_parse_state()
- perf/arm-cmn: Fix DTC reset
- powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
- ARM: 9303/1: kprobes: avoid missing-declaration warnings
- cpufreq: intel_pstate: Fix energy_performance_preference for passive
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
- rcutorture: Correct name of use_softirq module parameter
- rcuscale: Always log error message
- rcuscale: Move shutdown from wait_event() to wait_event_idle()
- rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
- rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
is undefined
- perf/ibs: Fix interface via core pmu events
- x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
- locking/atomic: arm: fix sync ops
- evm: Complete description of evm_inode_setattr()
- evm: Fix build warnings
- ima: Fix build warnings
- pstore/ram: Add check for kstrdup
- igc: Enable and fix RX hash usage by netstack
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
- libbpf: btf_dump_type_data_check_overflow needs to consider
BTF_MEMBER_BITFIELD_SIZE
- samples/bpf: Fix buffer overflow in tcp_basertt
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase
- wifi: mwifiex: Fix the size of a memory allocation in
mwifiex_ret_802_11_scan()
- sctp: add bpf_bypass_getsockopt proto callback
- libbpf: fix offsetof() and container_of() to work with CO-RE
- bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
- spi: dw: Round of n_bytes to power of 2
- nfc: llcp: fix possible use of uninitialized variable in
nfc_llcp_send_connect()
- bpftool: JIT limited misreported as negative value on aarch64
- regulator: core: Fix more error checking for debugfs_create_dir()
- regulator: core: Streamline debugfs operations
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
- wifi: atmel: Fix an error handling path in atmel_probe()
- wl3501_cs: use eth_hw_addr_set()
- wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
- wifi: ray_cs: Utilize strnlen() in parse_addr()
- wifi: ray_cs: Drop useless status variable in parse_addr()
- wifi: ray_cs: Fix an error handling path in ray_probe()
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
- selftests/bpf: Fix check_mtu using wrong variable type
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
- watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
config
- watchdog/perf: more properly prevent false positives with turbo modes
- kexec: fix a memory leak in crash_shrink_memory()
- memstick r592: make memstick_debug_get_tpc_name() static
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
- rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
- wifi: iwlwifi: pull from TXQs with softirqs disabled
- iwlwifi: don't dump_stack() when we get an unexpected interrupt
- wifi: iwlwifi: pcie: fix NULL pointer dereference in
iwl_pcie_irq_rx_msix_handler()
- wifi: cfg80211: rewrite merging of inherited elements
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
- wifi: ath9k: convert msecs to jiffies where needed
- bpf: Omit superfluous address family check in __bpf_skc_lookup
- bpf: Factor out socket lookup functions for the TC hookpoint.
- bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
- bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
- can: length: fix bitstuffing count
- igc: Fix race condition in PTP tx code
- net: stmmac: fix double serdes powerdown
- netlink: fix potential deadlock in netlink_set_err()
- netlink: do not hard code device address lenth in fdb dumps
- bonding: do not assume skb mac_header is set
- selftests: rtnetlink: remove netdevsim device after ipsec offload test
- gtp: Fix use-after-free in __gtp_encap_destroy().
- net: axienet: Move reset before 64-bit DMA detection
- sfc: fix crash when reading stats while NIC is resetting
- lib/ts_bm: reset initial match offset for every block of text
- netfilter: conntrack: dccp: copy entire header to stack buffer, not just
basic one
- netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
value.
- ipvlan: Fix return value of ipvlan_queue_xmit()
- netlink: Add __sock_i_ino() for __netlink_diag_dump().
- drm/amd/display: Add logging for display MALL refresh setting
- radeon: avoid double free in ci_dpm_init()
- drm/amd/display: Explicitly specify update type per plane info change
- Input: drv260x - sleep between polling GO bit
- drm/bridge: tc358768: always enable HS video mode
- drm/bridge: tc358768: fix PLL parameters computation
- drm/bridge: tc358768: fix PLL target frequency
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation
- drm/bridge: tc358768: fix THS_ZEROCNT computation
- drm/bridge: tc358768: fix TXTAGOCNT computation
- drm/bridge: tc358768: fix THS_TRAILCNT computation
- drm/vram-helper: fix function names in vram helper doc
- ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
- ARM: dts: meson8b: correct uart_B and uart_C clock references
- Input: adxl34x - do not hardcode interrupt trigger type
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
- drm/panel: sharp-ls043t1le01: adjust mode settings
- ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
- bus: ti-sysc: Fix dispc quirk masking bool variables
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards
- clk: imx: scu: use _safe list iterator to avoid a use after free
- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
- RDMA/bnxt_re: Fix to remove unnecessary return labels
- RDMA/bnxt_re: Use unique names while registering interrupts
- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
- RDMA/bnxt_re: Fix to remove an unnecessary log
- drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
- drm/msm/disp/dpu: get timing engine status from intf status register
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
- ARM: dts: gta04: Move model property out of pinctrl node
- arm64: dts: qcom: msm8916: correct camss unit address
- arm64: dts: qcom: msm8994: correct SPMI unit address
- arm64: dts: qcom: msm8996: correct camss unit address
- arm64: dts: qcom: sdm630: correct camss unit address
- arm64: dts: qcom: sdm845: correct camss unit address
- arm64: dts: qcom: db820c: Move blsp1_uart2 pin states to msm8996.dtsi
- arm64: dts: qcom: apq8016-sbc: Update modem and WiFi firmware path
- arm64: dts: qcom: apq8016-sbc: Clarify firmware-names
- arm64: dts: qcom: apq8016-sbc: fix mpps state names
- arm64: dts: qcom: Drop unneeded extra device-specific includes
- arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
- arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
- ARM: ep93xx: fix missing-prototype warnings
- ARM: omap2: fix missing tick_broadcast() prototype
- arm64: dts: qcom: apq8096: fix fixed regulator name property
- arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
- ARM: dts: stm32: Shorten the AV96 HDMI sound card name
- memory: brcmstb_dpfe: fix testing array offset after use
- ASoC: es8316: Increment max value for ALC Capture Target Volume control
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs
- ARM: dts: meson8: correct uart_B and uart_C clock references
- soc/fsl/qe: fix usb.c build errors
- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
- IB/hfi1: Use bitmap_zalloc() when applicable
- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
- RDMA/hns: Fix hns_roce_table_get return value
- ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
- arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
- arm64: dts: ti: k3-j7200: Fix physical address of pin
- ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
- ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling
- hwmon: (adm1275) Allow setting sample averaging
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
- ARM: dts: BCM5301X: fix duplex-full => full-duplex
- drm/amdkfd: Fix potential deallocation of previously deallocated memory.
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video
mode
- drm/radeon: fix possible division-by-zero errors
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
- drm/msm/a5xx: really check for A510 in a5xx_gpu_init
- RDMA/bnxt_re: wraparound mbox producer index
- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
- arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
- clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
- clk: tegra: tegra124-emc: Fix potential memory leak
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
- drm/msm/dpu: do not enable color-management if DSPPs are not available
- drm/msm/dp: Free resources after unregistering them
- arm64: dts: mediatek: Add cpufreq nodes for MT8192
- arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
- drm/msm/dpu: correct MERGE_3D length
- clk: vc5: check memory returned by kasprintf()
- clk: cdce925: check return value of kasprintf()
- clk: si5341: return error if one synth clock registration fails
- clk: si5341: check return value of {devm_}kasprintf()
- clk: si5341: free unused memory on probe failure
- clk: keystone: sci-clk: check return value of kasprintf()
- clk: ti: clkctrl: check return value of kasprintf()
- drivers: meson: secure-pwrc: always enable DMA domain
- ovl: update of dentry revalidate flags after copy up
- ASoC: imx-audmix: check return value of devm_kasprintf()
- clk: Fix memory leak in devm_clk_notifier_register()
- PCI: cadence: Fix Gen2 Link Retraining process
- PCI: vmd: Reset VMD config register between soft reboots
- scsi: qedf: Fix NULL dereference in error handling
- pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
- PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
- PCI: pciehp: Cancel bringup sequence if card is not present
- PCI: ftpci100: Release the clock resources
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI
- perf bench: Use unbuffered output when pipe/tee'ing to a file
- perf bench: Add missing setlocale() call to allow usage of %'d style
formatting
- pinctrl: cherryview: Return correct value if pin in push-pull mode
- kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
- powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
- powerpc/signal32: Force inlining of __unsafe_save_user_regs() and
save_tm_user_regs_unsafe()
- perf script: Fix allocation of evsel->priv related to per-event dump files
- perf dwarf-aux: Fix off-by-one in die_get_varname()
- powerpc/64s: Fix VAS mm use after free
- pinctrl: microchip-sgpio: check return value of devm_kasprintf()
- pinctrl: at91-pio4: check return value of devm_kasprintf()
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov
- powerpc: simplify ppc_save_regs
- powerpc: update ppc_save_regs to save current r1 in pt_regs
- riscv: uprobes: Restore thread.bad_cause
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
boundary
- hwrng: virtio - add an internal buffer
- hwrng: virtio - don't wait on cleanup
- hwrng: virtio - don't waste entropy
- hwrng: virtio - always add a pending request
- hwrng: virtio - Fix race on data_avail and actual data
- modpost: remove broken calculation of exception_table_entry size
- crypto: nx - fix build warnings when DEBUG_FS is not enabled
- modpost: fix section mismatch message for R_ARM_ABS32
- modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
- crypto: marvell/cesa - Fix type mismatch warning
- modpost: fix off by one in is_executable_section()
- ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag
- crypto: qat - replace get_current_node() with numa_node_id()
- crypto: qat - use reference to structure in dma_map_single()
- crypto: kpp - Add helper to set reqsize
- crypto: qat - Use helper to set reqsize
- crypto: qat - unmap buffer before free for DH
- crypto: qat - unmap buffers before free for RSA
- NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
- SMB3: Do not send lease break acknowledgment if all file handles have been
closed
- dax: Fix dax_mapping_release() use after free
- dax: Introduce alloc_dev_dax_id()
- dax/kmem: Pass valid argument to memory_group_register_static
- hwrng: st - keep clock enabled while hwrng is registered
- kbuild: Disable GCOV for *.mod.o
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map
- ksmbd: avoid field overflow warning
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
- bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
- USB: serial: option: add LARA-R6 01B PIDs
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
- iio: adc: ad7192: Fix null ad7192_state pointer access
- iio: adc: ad7192: Fix internal/external clock selection
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
- iio: accel: fxls8962af: fixup buffer scan element type
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
- ALSA: jack: Fix mutex call in snd_jack_report()
- block: fix signed int overflow in Amiga partition support
- block: add overflow checks for Amiga partition support
- block: change all __u32 annotations to __be32 in affs_hardblocks.h
- block: increment diskseq on all media change events
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
- w1: w1_therm: fix locking behavior in convert_t
- w1: fix loop in w1_fini()
- sh: j2: Use ioremap() to translate device tree address into kernel memory
- usb: dwc2: platform: Improve error reporting for problems during .remove()
- usb: dwc2: Fix some error handling paths
- serial: 8250: omap: Fix freeing of resources on failed register
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
- media: usb: Check az6007_read() return value
- media: videodev2.h: Fix struct v4l2_input tuner index comment
- media: usb: siano: Fix warning due to null work_func_t function pointer
- media: i2c: Correct format propagation for st-mipid02
- clk: qcom: reset: Allow specifying custom reset delay
- clk: qcom: reset: support resetting multiple bits
- clk: qcom: ipq6018: fix networking resets
- usb: dwc3: qcom: Fix potential memory leak
- usb: gadget: u_serial: Add null pointer check in gserial_suspend
- extcon: Fix kernel doc of property fields to avoid warnings
- extcon: Fix kernel doc of property capability fields to avoid warnings
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
- usb: hide unused usbfs_notify_suspend/resume functions
- serial: 8250: lock port for stop_rx() in omap8250_irq()
- serial: 8250: lock port for UART_IER access in omap8250_irq()
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
- coresight: Fix loss of connection info when a module is unloaded
- mfd: rt5033: Drop rt5033-battery sub-device
- media: venus: helpers: Fix ALIGN() of non power of two
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
- usb: common: usb-conn-gpio: Set last role to unknown before initial
detection
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
- mfd: intel-lpss: Add missing check for platform_get_resource
- Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial
detection"
- serial: 8250_omap: Use force_suspend and resume for system suspend
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
- nvmem: rmem: Use NVMEM_DEVID_AUTO
- mfd: stmfx: Fix error path in stmfx_chip_init
- mfd: stmfx: Nullify stmfx->vdd in case of error
- KVM: s390: vsie: fix the length of APCB bitmap
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
- mfd: stmpe: Only disable the regulators if they are enabled
- phy: tegra: xusb: check return value of devm_kzalloc()
- pwm: imx-tpm: force 'real_period' to be zero in suspend
- pwm: sysfs: Do not apply state to already disabled PWMs
- pwm: ab8500: Fix error code in probe()
- pwm: mtk_disp: Fix the disable flow of disp_pwm
- md/raid10: fix the condition to call bio_end_io_acct()
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
- media: cec: i2c: ch7322: also select REGMAP
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
- net/sched: act_ipt: add sanity checks on table name and hook locations
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
- ibmvnic: Do not reset dql stats on NON_FATAL err
- net: dsa: vsc73xx: fix MTU configuration
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
- f2fs: fix error path handling in truncate_dnode()
- octeontx2-af: Fix mapping for NIX block from CGX connection
- octeontx2-af: Add validation before accessing cgx and lmac
- ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
- powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
- net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
- tcp: annotate data races in __tcp_oow_rate_limited()
- xsk: Honor SO_BINDTODEVICE on bind
- net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
- riscv: move memblock_allow_resize() after linear mapping is ready
- pptp: Fix fib lookup calls.
- net: dsa: tag_sja1105: fix MAC DA patching from meta frames
- octeontx-af: fix hardware timestamp configuration
- s390/qeth: Fix vipa deletion
- sh: dma: Fix DMA channel offset calculation
- apparmor: fix missing error check for rhashtable_insert_fast
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
- i2c: xiic: Don't try to handle more interrupt events after error
- extcon: usbc-tusb320: Convert to i2c's .probe_new()
- btrfs: do not BUG_ON() on tree mod log failure at balance_level()
- i2c: qup: Add missing unwind goto in qup_i2c_probe()
- NFSD: add encoding of op_recall flag for write delegation
- io_uring: wait interruptibly for request completions on exit
- mmc: core: disable TRIM on Kingston EMMC04G-M627
- mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
used.
- bcache: fixup btree_cache_wait list damage
- bcache: Remove unnecessary NULL point check in node allocations
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
- um: Use HOST_DIR for mrproper
- integrity: Fix possible multiple allocation in integrity_inode_get()
- autofs: use flexible array in ioctl structure
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
- ext4: Remove ext4 locking of moved directory
- Revert "f2fs: fix potential corruption when moving a directory"
- fs: Establish locking order for unrelated directories
- fs: Lock moved directories
- ipvs: increase ip_vs_conn_tab_bits range for 64BIT
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
- fs: avoid empty option when generating legacy mount string
- btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
- btrfs: delete unused BGs while reclaiming BGs
- btrfs: bail out reclaim process if filesystem is read-only
- btrfs: reinsert BGs failed to reclaim
- btrfs: fix race when deleting quota root from the dirty cow roots list
- btrfs: fix extent buffer leak after tree mod log failure at split_node()
- btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
- ASoC: mediatek: mt8173: Fix irq error path
- ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
- ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
- ARM: orion5x: fix d2net gpio initialization
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
- fs: no need to check source
- ovl: fix null pointer dereference in ovl_get_acl_rcu()
- fanotify: disallow mount/sb marks on kernel internal pseudo fs
- netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
- wireguard: queueing: use saner cpu selection wrapping
- wireguard: netlink: send staged packets when setting initial private key
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
- block/partition: fix signedness issue for Amiga partitions
- io_uring: Use io_schedule* in cqring wait
- io_uring: add reschedule point to handle_tw_list()
- net: lan743x: Don't sleep in atomic context
- workqueue: clean up WORK_* constant types, clarify masking
- ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()
- ksmbd: validate command payload size
- ksmbd: fix out-of-bound read in smb2_write
- ksmbd: validate session id and tree id in the compound request
- drm/panel: simple: Add connector_type for innolux_at043tn24
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
- igc: Remove delay during TX ring configuration
- net/mlx5e: fix double free in mlx5e_destroy_flow_table
- net/mlx5e: fix memory leak in mlx5e_ptp_open
- net/mlx5e: Check for NOT_READY flag state after locking
- igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings
- igc: Handle PPS start time programming for past time values
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
- bpf: Fix max stack depth check for async callbacks
- net: mvneta: fix txq_map in case of txq_number==1
- gve: Set default duplex configuration to full
- ionic: remove WARN_ON to prevent panic_on_warn
- net: bgmac: postpone turning IRQs off to avoid SoC hangs
- net: prevent skb corruption on frag list segmentation
- icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
- udp6: fix udp6_ehashfn() typo
- ntb: idt: Fix error handling in idt_pci_driver_init()
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
- NTB: ntb_transport: fix possible memory leak while device_register() fails
- NTB: ntb_tool: Add check for devm_kcalloc
- ipv6/addrconf: fix a potential refcount underflow for idev
- platform/x86: wmi: remove unnecessary argument
- platform/x86: wmi: use guid_t and guid_equal()
- platform/x86: wmi: move variables
- platform/x86: wmi: Break possible infinite loop when parsing GUID
- kernel/trace: Fix cleanup logic of enable_trace_eprobe
- igc: Fix launchtime before start of cycle
- igc: Fix inserting of empty frame for launchtime
- bpf, riscv: Support riscv jit to provide bpf_line_info
- riscv, bpf: Fix inconsistent JIT image generation
- drm/i915: Fix one wrong caching mode enum usage
- octeontx2-pf: Add additional check for MCAM rules
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
- erofs: decouple basic mount options from fs_context
- erofs: fix fsdax unavailability for chunk-based regular files
- wifi: airo: avoid uninitialized warning in airo_get_rate()
- bpf: cpumap: Fix memory leak in cpu_map_update_elem
- net/sched: flower: Ensure both minimum and maximum ports are specified
- riscv: mm: fix truncation warning on RV32
- netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
- net/sched: make psched_mtu() RTNL-less safe
- nvme-pci: remove nvme_queue from nvme_iod
- nvme-pci: fix DMA direction of unmapping integrity data
- pinctrl: amd: Fix mistake in handling clearing pins at startup
- pinctrl: amd: Detect internal GPIO0 debounce handling
- pinctrl: amd: Detect and mask spurious interrupts
- pinctrl: amd: Only use special debounce behavior for GPIO 0
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
- mtd: rawnand: meson: fix unaligned DMA buffers handling
- net: bcmgenet: Ensure MDIO unregistration has clocks enabled
- mm/damon/ops-common: atomically test and clear young on ptes and pmds
- powerpc: Fail build if using recordmcount with binutils v2.37
- misc: fastrpc: Create fastrpc scalar with correct buffer count
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
- arm64: errata: Add detection for TRBE overwrite in FILL mode
- erofs: fix compact 4B support for 16k block size
- MIPS: Loongson: Fix cpu_probe_loongson() again
- MIPS: KVM: Fix NULL pointer dereference
- ext4: Fix reusing stale buffer heads from last failed mounting
- ext4: fix wrong unit use in ext4_mb_clear_bb
- ext4: get block from bh in ext4_free_blocks for fast commit replay
- ext4: fix wrong unit use in ext4_mb_new_blocks
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
- ext4: turn quotas off if mount failed after enabling quotas
- ext4: only update i_reserved_data_blocks on successful block allocation
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
- hwrng: imx-rngc - fix the timeout for init and self check
- dm integrity: reduce vmalloc space footprint on 32-bit architectures
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
- PCI: qcom: Disable write access to read only registers for IP v2.3.3
- PCI: rockchip: Assert PCI Configuration Enable bit after probe
- PCI: rockchip: Write PCI Device ID to correct register
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
- PCI: rockchip: Use u32 variable to access 32-bit registers
- PCI: rockchip: Set address alignment for endpoint mode
- misc: pci_endpoint_test: Free IRQs before removing the device
- misc: pci_endpoint_test: Re-init completion for every test
- mfd: pm8008: Fix module autoloading
- md/raid0: add discard support for the 'original' layout
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
- fs: dlm: return positive pid value for F_GETLK
- drm/atomic: Allow vblank-enabled + self-refresh "disable"
- drm/rockchip: vop: Leave vblank enabled in self-refresh
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM
- drm/amd/display: Correct `DMUB_FW_VERSION` macro
- drm/amdgpu: avoid restore process run into dead loop.
- drm/ttm: Don't leak a resource on swapout move error
- serial: atmel: don't enable IRQs prematurely
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
case of error
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
iterating clk
- tty: serial: imx: fix rs485 rx after tx
- firmware: stratix10-svc: Fix a potential resource leak in
svc_create_memory_pool()
- libceph: harden msgr2.1 frame segment length checks
- ceph: don't let check_caps skip sending responses for revoke msgs
- xhci: Fix resume issue of some ZHAOXIN hosts
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts
- xhci: Show ZHAOXIN xHCI root hub speed correctly
- meson saradc: fix clock divider mask length
- opp: Fix use-after-free in lazy_opp_tables after probe deferral
- soundwire: qcom: fix storing port config out-of-bounds
- Revert "8250: add support for ASIX devices with a FIFO bug"
- bus: ixp4xx: fix IXP4XX_EXP_T1_MASK
- s390/decompressor: fix misaligned symbol build error
- tracing/histograms: Add histograms to hist_vars if they have referenced
variables
- tracing: Fix memory leak of iter->temp when reading trace_pipe
- samples: ftrace: Save required argument registers in sample trampolines
- net: ena: fix shift-out-of-bounds in exponential backoff
- ring-buffer: Fix deadloop issue on reading trace_pipe
- ftrace: Fix possible warning on checking all pages used in
ftrace_process_locs()
- xtensa: ISS: fix call to split_if_spec
- tracing: Fix null pointer dereference in tracing_err_log_open()
- selftests: mptcp: sockopt: return error if wrong mark
- selftests: mptcp: depend on SYN_COOKIES
- tracing/probes: Fix not to count error code to total length
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it
- scsi: qla2xxx: Wait for io return on terminate rport
- scsi: qla2xxx: Array index may go out of bound
- scsi: qla2xxx: Avoid fcport pointer dereference
- scsi: qla2xxx: Fix buffer overrun
- scsi: qla2xxx: Fix potential NULL pointer dereference
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
- scsi: qla2xxx: Correct the index of array
- scsi: qla2xxx: Pointer may be dereferenced
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
- MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled
- net/sched: sch_qfq: reintroduce lmax bound check for MTU
- drm/atomic: Fix potential use-after-free in nonblocking commits
- Linux 5.15.121
* Jammy update: v5.15.120 upstream stable release (LP: #2032688)
- mptcp: fix possible divide by zero in recvmsg()
- mptcp: consolidate fallback and non fallback state machine
- mm, hwpoison: try to recover from copy-on write faults
- mm, hwpoison: when copy-on-write hits poison, take page offline
- drm/amdgpu: Set vmbo destroy after pt bo is created
- x86/microcode/AMD: Load late on both threads too
- x86/smp: Use dedicated cache-line for mwait_play_dead()
- can: isotp: isotp_sendmsg(): fix return error fix on TX path
- bpf: ensure main program has an extable
- HID: wacom: Use ktime_t rather than int when dealing with timestamps
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
- Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak
in mtk_thermal_probe"
- perf symbols: Symbol lookup with kcore can fail if multiple segments match
stext
- scripts/tags.sh: Resolve gtags empty index generation
- drm/amdgpu: Validate VM ioctl flags.
- parisc: Delete redundant register definitions in <asm/assembly.h>
- nubus: Partially revert proc_create_single_data() conversion
- Linux 5.15.120
* Jammy update: v5.15.119 upstream stable release (LP: #2032683)
- drm/amd/display: fix the system hang while disable PSR
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
- tpm, tpm_tis: Claim locality in interrupt handler
- drm/amd/display: Add minimal pipe split transition state
- drm/amd/display: Use dc_update_planes_and_stream
- drm/amd/display: Add wrapper to call planes and stream update
- tick/common: Align tick period during sched_timer setup
- selftests: mptcp: lib: skip if missing symbol
- selftests: mptcp: lib: skip if not below kernel version
- selftests/mount_setattr: fix redefine struct mount_attr build error
- selftests: mptcp: pm nl: remove hardcoded default limits
- selftests: mptcp: join: use 'iptables-legacy' if available
- selftests: mptcp: join: skip check if MIB counter not supported
- nilfs2: fix buffer corruption due to concurrent device reads
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
- KVM: Avoid illegal stage2 mapping on invalid memory slot
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
- PCI: hv: Fix a race condition bug in hv_pci_query_relations()
- Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
- PCI: hv: Add a per-bus mutex state_lock
- cgroup: Do not corrupt task iteration when rebinding subsystem
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context
- mmc: mmci: stm32: fix max busy timeout calculation
- ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
- regmap: spi-avmm: Fix regmap_bus max_raw_write
- writeback: fix dereferencing NULL mapping->host on writeback_page_template
- io_uring/net: save msghdr->msg_control for retries
- io_uring/net: clear msg_controllen on partial sendmsg retry
- io_uring/net: disable partial retries for recvmsg with cmsg
- nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
- x86/mm: Avoid using set_pgd() outside of real PGD pages
- memfd: check for non-NULL file_seals in memfd_create() syscall
- mmc: meson-gx: fix deferred probing
- ieee802154: hwsim: Fix possible memory leaks
- xfrm: Treat already-verified secpath entries as optional
- xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
- xfrm: Ensure policies always checked on XFRM-I input path
- bpf: track immediate values written to stack by BPF_ST instruction
- bpf: Fix verifier id tracking of scalars on spill
- xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
- selftests: net: fcnal-test: check if FIPS mode is enabled
- xfrm: Linearize the skb after offloading if needed.
- net: qca_spi: Avoid high load if QCA7000 is not available
- mmc: mtk-sd: fix deferred probing
- mmc: mvsdio: fix deferred probing
- mmc: omap: fix deferred probing
- mmc: omap_hsmmc: fix deferred probing
- mmc: owl: fix deferred probing
- mmc: sdhci-acpi: fix deferred probing
- mmc: sh_mmcif: fix deferred probing
- mmc: usdhi60rol0: fix deferred probing
- ipvs: align inner_mac_header for encapsulation
- net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
- net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
- be2net: Extend xmit workaround to BE3 chip
- netfilter: nft_set_pipapo: .walk does not deal with generations
- netfilter: nf_tables: disallow element updates of bound anonymous sets
- netfilter: nf_tables: reject unbound anonymous set before commit phase
- netfilter: nf_tables: reject unbound chain set before commit phase
- netfilter: nf_tables: disallow updates of anonymous sets
- netfilter: nfnetlink_osf: fix module autoload
- Revert "net: phy: dp83867: perform soft reset and retain established link"
- bpf/btf: Accept function names that contain dots
- selftests: forwarding: Fix race condition in mirror installation
- sch_netem: acquire qdisc lock in netem_change()
- gpio: Allow per-parent interrupt data
- gpiolib: Fix GPIO chip IRQ initialization restriction
- gpio: sifive: add missing check for platform_get_irq
- scsi: target: iscsi: Prevent login threads from racing between each other
- HID: wacom: Add error check to wacom_parse_and_register()
- arm64: Add missing Set/Way CMO encodings
- media: cec: core: don't set last_initiator if tx in progress
- nfcsim.c: Fix error checking for debugfs_create_dir
- usb: gadget: udc: fix NULL dereference in remove()
- nvme: double KA polling frequency to avoid KATO with TBKAS on
- Input: soc_button_array - add invalid acpi_index DMI quirk handling
- s390/cio: unregister device when the only path is gone
- spi: lpspi: disable lpspi module irq in DMA mode
- ASoC: simple-card: Add missing of_node_put() in case of error
- soundwire: dmi-quirks: add new mapping for HP Spectre x360
- ASoC: nau8824: Add quirk to active-high jack-detect
- s390/purgatory: disable branch profiling
- ARM: dts: Fix erroneous ADS touchscreen polarities
- drm/exynos: vidi: fix a wrong error return
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
- vhost_net: revert upend_idx only on retriable error
- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
cycle
- act_mirred: remove unneded merge conflict markers
- Linux 5.15.119
* Jammy update: v5.15.118 upstream stable release (LP: #2030239)
- test_firmware: Use kstrtobool() instead of strtobool()
- test_firmware: prevent race conditions by a correct implementation of
locking
- test_firmware: fix a memory leak with reqs buffer
- ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
- of: overlay: rename variables to be consistent
- of: overlay: rework overlay apply and remove kfree()s
- of: overlay: Fix missing of_node_put() in error case of
init_overlay_changeset()
- power: supply: ab8500: Fix external_power_changed race
- power: supply: sc27xx: Fix external_power_changed race
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
schedule()
- ARM: dts: vexpress: add missing cache properties
- tools: gpio: fix debounce_period_us output of lsgpio
- power: supply: Ratelimit no data debug output
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
- regulator: Fix error checking for debugfs_create_dir
- irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
- power: supply: Fix logic checking if system is running from battery
- btrfs: scrub: try harder to mark RAID56 block groups read-only
- btrfs: handle memory allocation failure in btrfs_csum_one_bio
- ASoC: soc-pcm: test if a BE can be prepared
- parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
- parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
- MIPS: unhide PATA_PLATFORM
- MIPS: Alchemy: fix dbdma2
- mips: Move initrd_start check after initrd address sanitisation.
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
- xen/blkfront: Only check REQ_FUA for writes
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
- NVMe: Add MAXIO 1602 to bogus nid list.
- irqchip/gic: Correctly validate OF quirk descriptors
- wifi: cfg80211: fix locking in regulatory disconnect
- wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
- epoll: ep_autoremove_wake_function should use list_del_init_careful
- ocfs2: fix use-after-free when unmounting read-only filesystem
- ocfs2: check new file size on fallocate call
- nios2: dts: Fix tse_mac "max-frame-size" property
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
- kexec: support purgatories with .text.hot sections
- x86/purgatory: remove PGO flags
- powerpc/purgatory: remove PGO flags
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD
playback
- dm thin metadata: check fail_io before using data_sm
- nouveau: fix client work fence deletion race
- RDMA/uverbs: Restrict usage of privileged QKEYs
- net: usb: qmi_wwan: add support for Compal RXM-G1
- drm/amdgpu: add missing radeon secondary PCI ID
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6
- Remove DECnet support from kernel
- [Config] updateconfigs for DECNET
- thunderbolt: dma_test: Use correct value for absent rings when creating
paths
- thunderbolt: Mask ring interrupt on Intel hardware as well
- USB: serial: option: add Quectel EM061KGL series
- serial: lantiq: add missing interrupt ack
- usb: dwc3: gadget: Reset num TRBs before giving back the request
- RDMA/rtrs: Fix the last iu->buf leak in err path
- RDMA/rtrs: Fix rxe_dealloc_pd warning
- RDMA/rxe: Fix packet length checks
- spi: fsl-dspi: avoid SCK glitches with continuous transfers
- netfilter: nf_tables: integrate pipapo into commit protocol
- netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
- net: enetc: correct the indexes of highest and 2nd highest TCs
- ping6: Fix send to link-local addresses with VRF.
- net/sched: simplify tcf_pedit_act
- net/sched: act_pedit: remove extra check for key type
- net/sched: act_pedit: Parse L3 Header for L4 offset
- RDMA/rxe: Remove the unused variable obj
- RDMA/rxe: Removed unused name from rxe_task struct
- RDMA/rxe: Fix the use-before-initialization error of resp_pkts
- iavf: remove mask from iavf_irq_enable_queues()
- octeontx2-af: fixed resource availability check
- octeontx2-af: fix lbk link credits on cn10k
- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
- RDMA/cma: Always set static rate to 0 for RoCE
- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
- IB/isert: Fix dead lock in ib_isert
- IB/isert: Fix possible list corruption in CMA handler
- IB/isert: Fix incorrect release of isert connection
- net: ethtool: correct MAX attribute value for stats
- ipvlan: fix bound dev checking for IPv6 l3s mode
- sctp: fix an error code in sctp_sf_eat_auth()
- igc: Clean the TX buffer and TX descriptor ring
- igb: fix nvm.ops.read() error handling
- drm/nouveau: don't detect DSM for non-NVIDIA device
- drm/nouveau/dp: check for NULL nv_connector->native_mode
- drm/nouveau: add nv_encoder pointer check for NULL
- cifs: fix lease break oops in xfstest generic/098
- ext4: drop the call to ext4_error() from ext4_get_group_info()
- net/sched: cls_api: Fix lockup on flushing explicitly created chain
- net: lapbether: only support ethernet devices
- dm: don't lock fs when the map is NULL during suspend or resume
- net: tipc: resize nlattr array to correct size
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
- afs: Fix vlserver probe RTT handling
- cgroup: always put cset in cgroup_css_set_put_fork
- rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period
- neighbour: Remove unused inline function neigh_key_eq16()
- net: Remove unused inline function dst_hold_and_use()
- net: Remove DECnet leftovers from flow.h.
- neighbour: delete neigh_lookup_nodev as not used
- of: overlay: add entry to of_overlay_action_name[]
- mmc: block: ensure error propagation for non-blk
- nilfs2: reject devices with insufficient block count
- Linux 5.15.118
* Jammy update: v5.15.117 upstream stable release (LP: #2030107)
- ata: ahci: fix enum constants for gcc-13
- gcc-plugins: Reorganize gimple includes for GCC 13
- remove the sx8 block driver
- [Config] updateconfigs for BLK_DEV_SX8
- sfc (gcc13): synchronize ef100_enqueue_skb()'s return type
- i40e: Remove string printing for i40e_status
- i40e: use int for i40e_status
- i40e: fix build warning in ice_fltr_add_mac_to_list()
- bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
- f2fs: fix iostat lock protection
- blk-iocost: avoid 64-bit division in ioc_timer_fn
- platform/surface: aggregator: Allow completion work-items to be executed in
parallel
- spi: qup: Request DMA before enabling clocks
- afs: Fix setting of mtime when creating a file/dir/symlink
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
- neighbour: fix unaligned access to pneigh_entry
- net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
- bpf: Fix UAF in task local storage
- net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
- net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
- net: enetc: correct the statistics of rx bytes
- net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length
- drm/i915: Use 18 fast wake AUX sync len
- Bluetooth: Fix l2cap_disconnect_req deadlock
- Bluetooth: L2CAP: Add missing checks for invalid DCID
- qed/qede: Fix scheduling while atomic
- wifi: cfg80211: fix locking in sched scan stop work
- selftests/bpf: Verify optval=NULL case
- selftests/bpf: Fix sockopt_sk selftest
- netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
- netfilter: ipset: Add schedule point in call_ad().
- ipv6: rpl: Fix Route of Death.
- rfs: annotate lockless accesses to sk->sk_rxhash
- rfs: annotate lockless accesses to RFS sock flow table
- drm/i915/selftests: Increase timeout for live_parallel_switch
- drm/i915/selftests: Stop using kthread_stop()
- drm/i915/selftests: Add some missing error propagation
- net: sched: move rtm_tca_policy declaration to include file
- net: sched: act_police: fix sparse errors in tcf_police_dump()
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
- bpf: Add extra path pointer check to d_path helper
- lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
- bnxt_en: Don't issue AP reset during ethtool's reset operation
- bnxt_en: Query default VLAN before VNIC setup on a VF
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
- batman-adv: Broken sync while rescheduling delayed work
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
- Input: psmouse - fix OOB access in Elantech protocol
- Input: fix open count when closing inhibited device
- ALSA: hda/realtek: Add quirk for Clevo NS50AU
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
- drm/i915/gt: Use the correct error value when kernel_context() fails
- drm/amd/pm: conditionally disable pcie lane switching for some
sienna_cichlid SKUs
- drm/amdgpu: fix xclk freq on CHIP_STONEY
- drm/amd/pm: Fix power context allocation in SMU13
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
J1939 Socket
- can: j1939: change j1939_netdev_lock type to mutex
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
- ceph: fix use-after-free bug for inodes when flushing capsnaps
- s390/dasd: Use correct lock while counting channel queue length
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
- Bluetooth: hci_qca: fix debugfs registration
- tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
- rbd: get snapshot context after exclusive lock is ensured to be held
- pinctrl: meson-axg: add missing GPIOA_18 gpio group
- usb: usbfs: Enforce page requirements for mmap
- usb: usbfs: Use consistent mmap functions
- ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
- ASoC: codecs: wsa881x: do not set can_multi_write flag
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
boards
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
- ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
returning void
- ASoC: mediatek: mt8195: fix use-after-free in driver remove path
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
- firmware: arm_ffa: Set handle field to zero in memory descriptor
- i2c: sprd: Delete i2c adapter in .remove's error path
- eeprom: at24: also select REGMAP
- riscv: fix kprobe __user string arg print fault issue
- vduse: avoid empty string for dev name
- vhost: support PACKED when setting-getting vring_base
- vhost_vdpa: support PACKED when setting-getting vring_base
- ext4: only check dquot_initialize_needed() when debugging
- Linux 5.15.117
* CVE-2023-4273
- exfat: check if filename entries exceeds max filename length
* CVE-2023-4128
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-
after-free
* CVE-2023-3863
- nfc: llcp: simplify llcp_sock_connect() error paths
- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
Date: 2023-10-11 17:38:08.704385+00:00
Changed-By: Philip Cox <philip.cox at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1043.49
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list