[ubuntu/jammy-security] linux-nvidia-tegra 5.15.0-1017.17 (Accepted)

Andy Whitcroft apw at canonical.com
Thu Sep 21 11:30:52 UTC 2023


linux-nvidia-tegra (5.15.0-1017.17) jammy; urgency=medium

  * jammy/linux-nvidia-tegra: 5.15.0-1017.17 -proposed tracker (LP: #2033697)

  * Re-enable CONFIG_MEMCG on the Tegra kernels (LP: #2032954)
    - [Config] linux-nvidia-tegra: Re-enable CONFIG_MEMCG

  * NVIDIA pull requests 2023-08-07, 2023-08-11, 2023-08-22 (LP: #2031567)
    - SAUCE: memory: tegra: add nvlink clients for NVGPU
    - SAUCE: arm64: configs: Disable BRCMFMAC driver
    - SAUCE: arm64: config: Enable ZRAM config as module
    - SAUCE: soc/tegra: cbb: set ERD bit during resume for error interrupt
    - SAUCE: tty/serial: tegra-tcu: skip esc and ccplex_id
    - SAUCE: arm64: configs: Set USB_CONFIGFS_F_ACC to y
    - SAUCE: arm64: configs: Sanitize arm64 defconfig
    - SAUCE: arm64: config: Enable configs for nf_tables
    - SAUCE: ina3221: add support for summation channel control
    - NVIDIA: SAUCE: arm64: defconfig: Enable CONFIG_DEVFREQ_THERMAL
    - NVIDIA: SAUCE: configs: Sync defconfigs using make defconfig
    - NVIDIA: SAUCE: configs: Enable nvme target, tcp driver
    - NVIDIA: SAUCE: driver: cpufreq: use refclk delta based loop instead of
      udelay
    - NVIDIA: SAUCE: arm64: configs: disable inbuilt IMX219 driver
    - [Config] linux-nvidia-tegra: integrate defconfig changes

  [ Ubuntu: 5.15.0-1045.50 ]

  * jammy/linux-realtime: 5.15.0-1045.50 -proposed tracker (LP: #2030402)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
  * Jammy real-time patch set update: v5.15.125-rt66 (LP: #2031687)
    - rcu/tree: Protect rcu_rdp_is_offloaded() invocations on RT
    - sched: Introduce migratable()
    - arm64: mm: Make arch_faults_on_old_pte() check for migratability
    - printk: rename printk cpulock API and always disable interrupts
    - console: add write_atomic interface
    - kdb: only use atomic consoles for output mirroring
    - serial: 8250: implement write_atomic
    - printk: relocate printk_delay()
    - printk: call boot_delay_msec() in printk_delay()
    - printk: use seqcount_latch for console_seq
    - printk: introduce kernel sync mode
    - printk: move console printing to kthreads
    - printk: add console handover
    - printk: add pr_flush()
    - printk: Enhance the condition check of msleep in pr_flush()
    - sched: Switch wait_task_inactive to HRTIMER_MODE_REL_HARD
    - kthread: Move prio/affinite change into the newly created thread
    - genirq: Move prio assignment into the newly created thread
    - genirq: Disable irqfixup/poll on PREEMPT_RT.
    - efi: Allow efi=runtime
    - mm: Disable zsmalloc on PREEMPT_RT
    - net/core: disable NET_RX_BUSY_POLL on PREEMPT_RT
    - samples/kfifo: Rename read_lock/write_lock
    - crypto: testmgr - Only disable migration in crypto_disable_simd_for_test()
    - mm: Allow only SLUB on PREEMPT_RT
    - mm: page_alloc: Use migrate_disable() in drain_local_pages_wq()
    - mm/scatterlist: Replace the !preemptible warning in sg_miter_stop()
    - mm: Disable NUMA_BALANCING_DEFAULT_ENABLED and TRANSPARENT_HUGEPAGE on
      PREEMPT_RT
    - x86/softirq: Disable softirq stacks on PREEMPT_RT
    - Documentation/kcov: Include types.h in the example.
    - Documentation/kcov: Define `ip' in the example.
    - kcov: Allocate per-CPU memory on the relevant node.
    - kcov: Avoid enable+disable interrupts if !in_task().
    - kcov: Replace local_irq_save() with a local_lock_t.
    - net/sched: sch_ets: properly init all active DRR list handles
    - gen_stats: Add instead Set the value in __gnet_stats_copy_basic().
    - gen_stats: Add gnet_stats_add_queue().
    - mq, mqprio: Use gnet_stats_add_queue().
    - gen_stats: Move remaining users to gnet_stats_add_queue().
    - u64_stats: Introduce u64_stats_set()
    - net: sched: Protect Qdisc::bstats with u64_stats
    - net: sched: Use _bstats_update/set() instead of raw writes
    - net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types
    - net: sched: Remove Qdisc::running sequence counter
    - net: sched: Allow statistics reads from softirq.
    - net: sched: fix logic error in qdisc_run_begin()
    - net: sched: remove one pair of atomic operations
    - net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of
      adding.
    - net: sched: gred: dynamically allocate tc_gred_qopt_offload
    - sched/rt: Annotate the RT balancing logic irqwork as IRQ_WORK_HARD_IRQ
    - irq_work: Allow irq_work_sync() to sleep if irq_work() no IRQ support.
    - irq_work: Handle some irq_work in a per-CPU thread on PREEMPT_RT
    - irq_work: Also rcuwait for !IRQ_WORK_HARD_IRQ on PREEMPT_RT
    - irq_poll: Use raise_softirq_irqoff() in cpu_dead notifier
    - smp: Wake ksoftirqd on PREEMPT_RT instead do_softirq().
    - fs/namespace: Boost the mount_lock.lock owner instead of spinning on
      PREEMPT_RT.
    - fscache: Use only one fscache_object_cong_wait.
    - sched: Clean up the might_sleep() underscore zoo
    - sched: Make cond_resched_*lock() variants consistent vs. might_sleep()
    - sched: Remove preempt_offset argument from __might_sleep()
    - sched: Cleanup might_sleep() printks
    - sched: Make might_sleep() output less confusing
    - sched: Make RCU nest depth distinct in __might_resched()
    - sched: Make cond_resched_lock() variants RT aware
    - locking/rt: Take RCU nesting into account for __might_resched()
    - sched: Limit the number of task migrations per batch on RT
    - sched: Disable TTWU_QUEUE on RT
    - sched: Move kprobes cleanup out of finish_task_switch()
    - sched: Delay task stack freeing on RT
    - sched: Move mmdrop to RCU on RT
    - cgroup: use irqsave in cgroup_rstat_flush_locked()
    - mm: workingset: replace IRQ-off check with a lockdep assert.
    - jump-label: disable if stop_machine() is used
    - locking: Remove rt_rwlock_is_contended()
    - lockdep/selftests: Avoid using local_lock_{acquire|release}().
    - sched: Trigger warning if ->migration_disabled counter underflows.
    - rtmutex: Add a special case for ww-mutex handling.
    - rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable().
    - lockdep: Make it RT aware
    - lockdep/selftests: Add rtmutex to the last column
    - lockdep/selftests: Unbalanced migrate_disable() & rcu_read_lock()
    - lockdep/selftests: Skip the softirq related tests on PREEMPT_RT
    - lockdep/selftests: Adapt ww-tests for PREEMPT_RT
    - locking: Allow to include asm/spinlock_types.h from
      linux/spinlock_types_raw.h
    - sched: Make preempt_enable_no_resched() behave like preempt_enable() on
      PREEMPT_RT
    - kernel/sched: add {put|get}_cpu_light()
    - block/mq: do not invoke preempt_disable()
    - md: raid5: Make raid5_percpu handling RT aware
    - scsi/fcoe: Make RT aware.
    - mm/vmalloc: Another preempt disable region which sucks
    - net: Remove preemption disabling in netif_rx()
    - sunrpc: Make svc_xprt_do_enqueue() use get_cpu_light()
    - softirq: Check preemption after reenabling interrupts
    - u64_stats: Disable preemption on 32bit-UP/SMP with RT during updates
    - mm/memcontrol: Disable on PREEMPT_RT
    - signal: Revert ptrace preempt magic
    - ptrace: fix ptrace vs tasklist_lock race
    - fs/dcache: use swait_queue instead of waitqueue
    - fs/dcache: disable preemption on i_dir_seq's write side
    - rcu: Delay RCU-selftests
    - net/core: use local_bh_disable() in netif_rx_ni()
    - net: Use skbufhead with raw lock
    - net: Dequeue in dev_cpu_dead() without the lock
    - net: dev: always take qdisc's busylock in __dev_xmit_skb()
    - panic: skip get_random_bytes for RT_FULL in init_oops_id
    - x86: stackprotector: Avoid random pool on rt
    - drm/i915: Don't disable interrupts and pretend a lock as been acquired in
      __timeline_mark_lock().
    - drm/i915: Use preempt_disable/enable_rt() where recommended
    - drm/i915: Don't disable interrupts on PREEMPT_RT during atomic updates
    - drm/i915: Don't check for atomic context on PREEMPT_RT
    - drm/i915: Disable tracing points on PREEMPT_RT
    - drm/i915: skip DRM_I915_LOW_LEVEL_TRACEPOINTS with NOTRACE
    - drm/i915/gt: Queue and wait for the irq_work item.
    - drm/i915/gt: Use spin_lock_irq() instead of local_irq_disable() +
      spin_lock()
    - drm/i915: Drop the irqs_disabled() check
    - signal/x86: Delay calling signals in atomic
    - x86: kvm Require const tsc for RT
    - x86: Allow to enable RT
    - x86: Enable RT also on 32bit
    - genirq: update irq_set_irqchip_state documentation
    - ASoC: mediatek: mt8195: Remove unsued irqs_lock.
    - smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING
      block
    - virt: acrn: Remove unsued acrn_irqfds_mutex.
    - tpm_tis: fix stall after iowrite*()s
    - mm/zsmalloc: Replace bit spinlock and get_cpu_var() usage.
    - drivers/block/zram: Replace bit spinlocks with rtmutex for -rt
    - leds: trigger: Disable CPU trigger on PREEMPT_RT
    - generic/softirq: Disable softirq stacks on PREEMPT_RT
    - */softirq: Disable softirq stacks on PREEMPT_RT
    - sched: Add support for lazy preemption
    - x86/entry: Use should_resched() in idtentry_exit_cond_resched()
    - x86: Support for lazy preemption
    - entry: Fix the preempt lazy fallout
    - arm: Add support for lazy preemption
    - powerpc: Add support for lazy preemption
    - arch/arm64: Add lazy preempt support
    - ARM: enable irq in translation/section permission fault handlers
    - KVM: arm/arm64: downgrade preempt_disable()d region to migrate_disable()
    - arm64/sve: Delay freeing memory in fpsimd_flush_thread()
    - arm64/sve: Make kernel FPU protection RT friendly
    - arm64: signal: Use ARCH_RT_DELAYS_SIGNAL_SEND.
    - tty/serial/omap: Make the locking RT aware
    - tty/serial/pl011: Make the locking work on RT
    - ARM: Allow to enable RT
    - ARM64: Allow to enable RT
    - powerpc: traps: Use PREEMPT_RT
    - powerpc/pseries/iommu: Use a locallock instead local_irq_save()
    - powerpc/kvm: Disable in-kernel MPIC emulation for PREEMPT_RT
    - powerpc/stackprotector: work around stack-guard init from atomic
    - POWERPC: Allow to enable RT
    - sysfs: Add /sys/kernel/realtime entry
    - genirq: Provide generic_handle_irq_safe().
    - i2c: core: Use generic_handle_irq_safe() in i2c_handle_smbus_host_notify().
    - i2c: cht-wc: Use generic_handle_irq_safe().
    - misc: hi6421-spmi-pmic: Use generic_handle_irq_safe().
    - mfd: ezx-pcap: Use generic_handle_irq_safe().
    - net: usb: lan78xx: Use generic_handle_irq_safe().
    - staging: greybus: gpio: Use generic_handle_irq_safe().
    - mm/memcg: Revert ("mm/memcg: optimize user context object stock access")
    - mm/memcg: Disable threshold event handlers on PREEMPT_RT
    - mm/memcg: Protect per-CPU counter by disabling preemption on PREEMPT_RT
      where needed.
    - mm/memcg: Opencode the inner part of obj_cgroup_uncharge_pages() in
      drain_obj_stock()
    - mm/memcg: Protect memcg_stock with a local_lock_t
    - mm/memcg: Disable migration instead of preemption in drain_all_stock().
    - mm/memcg: Add missing counter index which are not update in interrupt.
    - mm/memcg: Add a comment regarding the release `obj'.
    - mm/memcg: Only perform the debug checks on !PREEMPT_RT
  * Miscellaneous upstream changes
    - Realtime patchset v5.15-rt66
  * jammy/linux: 5.15.0-83.92 -proposed tracker (LP: #2031132)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * jammy/linux: 5.15.0-81.90 -proposed tracker (LP: #2030422)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis
    - debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * losetup with mknod fails on jammy with kernel 5.15.0-69-generic
    (LP: #2015400)
    - loop: do not enforce max_loop hard limit by (new) default
  * Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
    - r8152: add USB device driver for config selection
  * Jammy update: v5.15.116 upstream stable release (LP: #2029401)
    - RDMA/bnxt_re: Fix the page_size used during the MR creation
    - RDMA/efa: Fix unsupported page sizes in device
    - RDMA/hns: Fix base address table allocation
    - RDMA/hns: Modify the value of long message loopback slice
    - dmaengine: at_xdmac: Move the free desc to the tail of the desc list
    - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
    - RDMA/bnxt_re: Fix a possible memory leak
    - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
    - iommu/rockchip: Fix unwind goto issue
    - iommu/amd: Don't block updates to GATag if guest mode is on
    - dmaengine: pl330: rename _start to prevent build error
    - riscv: Fix unused variable warning when BUILTIN_DTB is set
    - net/mlx5: fw_tracer, Fix event handling
    - net/mlx5e: Don't attach netdev profile while handling internal error
    - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
    - netrom: fix info-leak in nr_write_internal()
    - af_packet: Fix data-races of pkt_sk(sk)->num.
    - amd-xgbe: fix the false linkup in xgbe_phy_status
    - mtd: rawnand: ingenic: fix empty stub helper definitions
    - RDMA/irdma: Add SW mechanism to generate completions on error
    - RDMA/irdma: Prevent QP use after free
    - RDMA/irdma: Fix Local Invalidate fencing
    - af_packet: do not use READ_ONCE() in packet_bind()
    - tcp: deny tcp_disconnect() when threads are waiting
    - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
    - net/sched: sch_ingress: Only create under TC_H_INGRESS
    - net/sched: sch_clsact: Only create under TC_H_CLSACT
    - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
    - net/sched: Prohibit regrafting ingress or clsact Qdiscs
    - net: sched: fix NULL pointer dereference in mq_attach
    - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
    - udp6: Fix race condition in udp6_sendmsg & connect
    - net/mlx5e: Fix error handling in mlx5e_refresh_tirs
    - net/mlx5: Read embedded cpu after init bit cleared
    - net: dsa: mv88e6xxx: Increase wait after reset deactivation
    - mtd: rawnand: marvell: ensure timing values are written
    - mtd: rawnand: marvell: don't set the NAND frequency select
    - rtnetlink: call validate_linkmsg in rtnl_create_link
    - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
    - watchdog: menz069_wdt: fix watchdog initialisation
    - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
    - drm/amdgpu: Use the default reset when loading or reloading the driver
    - mailbox: mailbox-test: Fix potential double-free in
      mbox_test_message_write()
    - drm/ast: Fix ARM compatibility
    - btrfs: abort transaction when sibling keys check fails for leaves
    - ARM: 9295/1: unwind:fix unwind abort for uleb128 case
    - media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
    - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
    - gfs2: Don't deref jdesc in evict
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - fbdev: modedb: Add 1920x1080 at 60 Hz video mode
    - fbdev: stifb: Fix info entry in sti_struct on error path
    - nbd: Fix debugfs_create_dir error checking
    - block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
    - nvme-pci: add quirk for missing secondary temperature thresholds
    - ASoC: dwc: limit the number of overrun messages
    - um: harddog: fix modular build
    - xfrm: Check if_id in inbound policy/secpath match
    - ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
    - ASoC: ssm2602: Add workaround for playback distortions
    - media: dvb_demux: fix a bug for the continuity counter
    - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
    - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
    - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
    - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
    - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
    - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
    - media: netup_unidvb: fix irq init by register it at the end of probe
    - media: dvb_ca_en50221: fix a size write bug
    - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
    - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
    - media: dvb-core: Fix use-after-free due on race condition at dvb_net
    - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
    - s390/pkey: zeroize key blobs
    - s390/topology: honour nr_cpu_ids when adding CPUs
    - ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
    - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
    - ARM: dts: stm32: add pin map for CAN controller on stm32f7
    - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
    - arm64: vdso: Pass (void *) to virt_to_page()
    - wifi: mac80211: simplify chanctx allocation
    - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
    - wifi: b43: fix incorrect __packed annotation
    - netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
      CONFIG_NF_NAT
    - nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
    - ALSA: oss: avoid missing-prototype warnings
    - drm/msm: Be more shouty if per-process pgtables aren't working
    - atm: hide unused procfs functions
    - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
    - nvme-pci: Add quirk for Teamgroup MP33 SSD
    - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
    - media: uvcvideo: Don't expose unsupported formats to userspace
    - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
      method
    - iio: adc: mxs-lradc: fix the order of two cleanup operations
    - HID: google: add jewel USB id
    - HID: wacom: avoid integer overflow in wacom_intuos_inout()
    - iio: imu: inv_icm42600: fix timestamp reset
    - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
    - iio: light: vcnl4035: fixed chip ID check
    - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
    - iio: dac: mcp4725: Fix i2c_master_send() return value handling
    - iio: adc: ad7192: Change "shorted" channels to differential
    - iio: dac: build ad5758 driver when AD5758 is selected
    - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
    - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
    - usb: gadget: f_fs: Add unbind event before functionfs_unbind
    - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
    - misc: fastrpc: return -EPIPE to invocations on device removal
    - misc: fastrpc: reject new invocations during device removal
    - scsi: stex: Fix gcc 13 warnings
    - ata: libata-scsi: Use correct device no in ata_find_dev()
    - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
    - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
    - drm/amd/pm: reverse mclk and fclk clocks levels for renoir
    - x86/boot: Wrap literal addresses in absolute_pointer()
    - ath6kl: Use struct_group() to avoid size-mismatched casting
    - block/blk-iocost (gcc13): keep large values in a new enum
    - mmc: vub300: fix invalid response handling
    - mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
    - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
      UARTCTRL_SBK
    - btrfs: fix csum_tree_block page iteration to avoid tripping on
      -Werror=array-bounds
    - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
    - iommu/amd: Fix domain flush size when syncing iotlb
    - usb: cdns3: allocate TX FIFO size according to composite EP number
    - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
    - block: fix revalidate performance regression
    - selinux: don't use make's grouped targets feature yet
    - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
    - selftests: mptcp: connect: skip if MPTCP is not supported
    - selftests: mptcp: pm nl: skip if MPTCP is not supported
    - selftests: mptcp: sockopt: skip if MPTCP is not supported
    - ext4: add EA_INODE checking to ext4_iget()
    - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
    - ext4: disallow ea_inodes with extended attributes
    - ext4: add lockdep annotations for i_data_sem for ea_inode's
    - fbcon: Fix null-ptr-deref in soft_cursor
    - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
    - test_firmware: fix the memory leak of the allocated firmware buffer
    - KVM: x86: Account fastpath-only VM-Exits in vCPU stats
    - ksmbd: fix credit count leakage
    - ksmbd: fix incorrect AllocationSize set in smb2_get_info
    - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
    - regmap: Account for register length when chunking
    - tpm, tpm_tis: Request threaded interrupt handler
    - drm/rcar: stop using 'imply' for dependencies
    - [Config] updateconfigs for DRM_RCAR_LVDS
    - scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
    - scsi: dpt_i2o: Do not process completions with invalid addresses
    - [Config] updateconfigs for SCSI_DPT_I2O
    - drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
    - selftests: mptcp: diag: skip if MPTCP is not supported
    - selftests: mptcp: simult flows: skip if MPTCP is not supported
    - selftests: mptcp: join: skip if MPTCP is not supported
    - ext4: enable the lazy init thread when remounting read/write
    - ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS
    - RDMA/irdma: Fix drain SQ hang with no completion
    - RDMA/irdma: Do not generate SW completions for NOPs
    - Linux 5.15.116
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-2898
    - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
  * Backport support to tolerate ZSTD compressed firmware files (LP: #2028550)
    - firmware_loader: EXTRA_FIRMWARE does not support compressed files
    - firmware: Add the support for ZSTD-compressed firmware files
    - [Config] Enable FW_LOADER_COMPRESS_ZSTD by default
  * stacked overlay file system mounts that have chroot() called against them
    appear to be getting locked (by the kernel most likely?) (LP: #2016398)
    - SAUCE: overlayfs: fix reference count mismatch
  * kdump fails on big arm64 systems when offset is not specified (LP: #2024479)
    - arm64: mm: use IS_ENABLED(CONFIG_KEXEC_CORE) instead of #ifdef
    - arm64: kdump: Reimplement crashkernel=X
    - docs: kdump: Update the crashkernel description for arm64
    - arm64: kdump: Do not allocate crash low memory if not needed
    - arm64/mm: Define defer_reserve_crashkernel()
    - arm64: kdump: Provide default size when crashkernel=Y, low is not specified
    - arm64: kdump: Support crashkernel=X fall back to reserve region above DMA
      zones
  * usbrtl sometimes doesn't reload firmware (LP: #2026028)
    - Bluetooth: btrtl: Ask ic_info to drop firmware
  * cifs: fix mid leak during reconnection after timeout threshold
    (LP: #2029138)
    - cifs: fix mid leak during reconnection after timeout threshold
  * Jammy update: v5.15.115 upstream stable release (LP: #2028799)
    - power: supply: bq27xxx: expose battery data when CI=1
    - power: supply: bq27xxx: Move bq27xxx_battery_update() down
    - power: supply: bq27xxx: Ensure power_supply_changed() is called on current
      sign changes
    - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to
      stabilize
    - power: supply: core: Refactor
      power_supply_set_input_current_limit_from_supplier()
    - power: supply: bq24190: Call power_supply_changed() after updating input
      current
    - bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps
    - net/mlx5: devcom only supports 2 ports
    - net/mlx5e: Fix deadlock in tc route query code
    - net/mlx5: Devcom, serialize devcom registration
    - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering
    - platform/x86: ISST: Remove 8 socket limit
    - net: phy: mscc: enable VSC8501/2 RGMII RX clock
    - net: dsa: introduce helpers for iterating through ports using dp
    - net: dsa: mt7530: rework mt753[01]_setup
    - net: dsa: mt7530: split-off common parts from mt7531_setup
    - net: dsa: mt7530: fix network connectivity with multiple CPU ports
    - Bonding: add arp_missed_max option
    - bonding: fix send_peer_notif overflow
    - binder: fix UAF caused by faulty buffer cleanup
    - irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
    - irqchip/mips-gic: Use raw spinlock for gic_lock
    - net/mlx5e: Fix SQ wake logic in ptp napi_poll context
    - xdp: Allow registering memory model without rxq reference
    - net: page_pool: use in_softirq() instead
    - page_pool: fix inconsistency for page_pool_ring_[un]lock()
    - irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
    - xdp: xdp_mem_allocator can be NULL in trace_mem_connect().
    - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
    - Revert "binder_alloc: add missing mmap_lock calls when using the VMA"
    - Revert "android: binder: stop saving a pointer to the VMA"
    - binder: add lockless binder_alloc_(set|get)_vma()
    - binder: fix UAF of alloc->vma in race with munmap()
    - ipv{4,6}/raw: fix output xfrm lookup wrt protocol
    - netfilter: ctnetlink: Support offloaded conntrack entry deletion
    - Linux 5.15.115
  * Jammy update: v5.15.114 upstream stable release (LP: #2028701)
    - usb: gadget: Properly configure the device for remote wakeup
    - usb: dwc3: fix gadget mode suspend interrupt handler issue
    - dt-bindings: ata: ahci-ceva: convert to yaml
    - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
    - watchdog: sp5100_tco: Immediately trigger upon starting.
    - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
    - spi: fsl-spi: Re-organise transfer bits_per_word adaptation
    - spi: fsl-cpm: Use 16 bit mode for large transfers with even size
    - ocfs2: Switch to security_inode_init_security()
    - arm64: Also reset KASAN tag if page is not PG_mte_tagged
    - ALSA: hda/ca0132: add quirk for EVGA X299 DARK
    - ALSA: hda: Fix unhandled register update during auto-suspend period
    - ALSA: hda/realtek: Enable headset onLenovo M70/M90
    - mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works
    - ASoC: rt5682: Disable jack detection interrupt during suspend
    - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
    - m68k: Move signal frame following exception on 68020/030
    - parisc: Handle kgdb breakpoints only in kernel context
    - parisc: Allow to reboot machine after system halt
    - gpio: mockup: Fix mode of debugfs files
    - btrfs: use nofs when cleaning up aborted transactions
    - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
    - selftests/memfd: Fix unknown type name build failure
    - parisc: Fix flush_dcache_page() for usage from irq context
    - perf/x86/uncore: Correct the number of CHAs on SPR
    - x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
    - debugobjects: Don't wake up kswapd from fill_pool()
    - fbdev: udlfb: Fix endpoint check
    - net: fix stack overflow when LRO is disabled for virtual interfaces
    - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
    - USB: core: Add routines for endpoint checks in old drivers
    - USB: sisusbvga: Add endpoint checks
    - media: radio-shark: Add endpoint checks
    - ASoC: lpass: Fix for KASAN use_after_free out of bounds
    - net: fix skb leak in __skb_tstamp_tx()
    - selftests: fib_tests: mute cleanup error message
    - octeontx2-pf: Fix TSOv6 offload
    - bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
    - ipv6: Fix out-of-bounds access in ipv6_find_tlv()
    - cifs: mapchars mount option ignored
    - power: supply: leds: Fix blink to LED on transition
    - power: supply: mt6360: add a check of devm_work_autocancel in
      mt6360_charger_probe
    - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
    - power: supply: bq27xxx: Fix I2C IRQ race on remove
    - power: supply: bq27xxx: Fix poll_interval handling and races on remove
    - power: supply: bq27xxx: Add cache parameter to
      bq27xxx_battery_current_and_status()
    - power: supply: sbs-charger: Fix INHIBITED bit for Status reg
    - firmware: arm_ffa: Check if ffa_driver remove is present before executing
    - firmware: arm_ffa: Fix FFA device names for logical partitions
    - fs: fix undefined behavior in bit shift for SB_NOUSER
    - regulator: pca9450: Fix BUCK2 enable_mask
    - coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
    - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
    - x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
    - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
    - sctp: fix an issue that plpmtu can never go to complete state
    - forcedeth: Fix an error handling path in nv_probe()
    - platform/mellanox: mlxbf-pmc: fix sscanf() error checking
    - net/mlx5e: do as little as possible in napi poll when budget is 0
    - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
    - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE
    - net/mlx5: Fix error message when failing to allocate device memory
    - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
    - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
    - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors
    - regulator: mt6359: add read check for PMIC MT6359
    - 3c589_cs: Fix an error handling path in tc589_probe()
    - net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
    - Linux 5.15.114
  * Jammy update: v5.15.113 upstream stable release (LP: #2028408)
    - drm/mipi-dsi: Set the fwnode for mipi_dsi_device
    - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
    - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
    - scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend
    - tick/broadcast: Make broadcast device replacement work correctly
    - linux/dim: Do nothing if no time delta between samples
    - net: stmmac: switch to use interrupt for hw crosstimestamping
    - net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
    - net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
    - netfilter: nf_tables: always release netdev hooks from notifier
    - netfilter: conntrack: fix possible bug_on with enable_hooks=1
    - netlink: annotate accesses to nlk->cb_running
    - net: annotate sk->sk_err write from do_recvmmsg()
    - net: deal with most data-races in sk_wait_event()
    - net: add vlan_get_protocol_and_depth() helper
    - tcp: add annotations around sk->sk_shutdown accesses
    - gve: Remove the code of clearing PBA bit
    - net: datagram: fix data-races in datagram_poll()
    - af_unix: Fix a data race of sk->sk_receive_queue->qlen.
    - af_unix: Fix data races around sk->sk_shutdown.
    - drm/i915/dp: prevent potential div-by-zero
    - fbdev: arcfb: Fix error handling in arcfb_probe()
    - ext4: remove an unused variable warning with CONFIG_QUOTA=n
    - ext4: reflect error codes from ext4_multi_mount_protect() to its callers
    - ext4: fix lockdep warning when enabling MMP
    - ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
    - ext4: allow ext4_get_group_info() to fail
    - refscale: Move shutdown from wait_event() to wait_event_idle()
    - rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
    - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
    - drm/displayid: add displayid_get_header() and check bounds better
    - drm/amd/display: Use DC_LOG_DC in the trasform pixel function
    - regmap: cache: Return error in cache sync operations for REGCACHE_NONE
    - arm64: dts: qcom: msm8996: Add missing DWC3 quirks
    - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and
      buffer_finish()
    - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
    - firmware: arm_sdei: Fix sleep from invalid context BUG
    - ACPI: EC: Fix oops when removing custom query handlers
    - remoteproc: stm32_rproc: Add mutex protection for workqueue
    - drm/tegra: Avoid potential 32-bit integer overflow
    - drm/msm/dp: Clean up handling of DP AUX interrupts
    - ACPICA: Avoid undefined behavior: applying zero offset to null pointer
    - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
      acpi_db_display_objects
    - drm/amd: Fix an out of bounds error in BIOS parser
    - media: Prefer designated initializers over memset for subdev pad ops
    - wifi: ath: Silence memcpy run-time false positive warning
    - bpf: Annotate data races in bpf_local_storage
    - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
    - ext2: Check block size validity during mount
    - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
    - bnxt: avoid overflow in bnxt_get_nvram_directory()
    - net: pasemi: Fix return type of pasemi_mac_start_tx()
    - net: Catch invalid index in XPS mapping
    - scsi: target: iscsit: Free cmds before session free
    - lib: cpu_rmap: Avoid use after free on rmap->obj array entries
    - scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race
      condition
    - gfs2: Fix inode height consistency check
    - scsi: ufs: ufs-pci: Add support for Intel Lunar Lake
    - ext4: set goal start correctly in ext4_mb_normalize_request
    - ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
    - f2fs: fix to drop all dirty pages during umount() if cp_error is set
    - f2fs: fix to check readonly condition correctly
    - samples/bpf: Fix fout leak in hbm's run_bpf_prog
    - bpf: Add preempt_count_{sub,add} into btf id deny list
    - wifi: iwlwifi: pcie: fix possible NULL pointer dereference
    - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
    - null_blk: Always check queue mode setting from configfs
    - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
    - wifi: ath11k: Fix SKB corruption in REO destination ring
    - nbd: fix incomplete validation of ioctl arg
    - ipvs: Update width of source for ip_vs_sync_conn_options
    - Bluetooth: btintel: Add LE States quirk support
    - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
    - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
    - HID: logitech-hidpp: Don't use the USB serial for USB devices
    - HID: logitech-hidpp: Reconcile USB and Unifying serials
    - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
    - HID: wacom: generic: Set battery quirk only when we see battery data
    - usb: typec: tcpm: fix multiple times discover svids error
    - serial: 8250: Reinit port->pm on port specific driver unbind
    - mcb-pci: Reallocate memory region to avoid memory overlapping
    - sched: Fix KCSAN noinstr violation
    - recordmcount: Fix memory leaks in the uwrite function
    - RDMA/core: Fix multiple -Warray-bounds warnings
    - iommu/arm-smmu-qcom: Limit the SMR groups to 128
    - fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode'
    - fs/ntfs3: Enhance the attribute size check
    - fs/ntfs3: Fix NULL dereference in ni_write_inode
    - fs/ntfs3: Validate MFT flags before replaying logs
    - fs/ntfs3: Add length check in indx_get_root
    - fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
    - clk: tegra20: fix gcc-7 constant overflow warning
    - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
    - iommu/sprd: Release dma buffer to avoid memory leak
    - Input: xpad - add constants for GIP interface numbers
    - phy: st: miphy28lp: use _poll_timeout functions for waits
    - soundwire: qcom: gracefully handle too many ports in DT
    - mfd: dln2: Fix memory leak in dln2_probe()
    - parisc: Replace regular spinlock with spin_trylock on panic path
    - platform/x86: hp-wmi: Support touchpad on/off
    - [Config] updateconfigs for X86_PLATFORM_DRIVERS_HP
    - platform/x86: Move existing HP drivers to a new hp subdir
    - platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct
    - xfrm: don't check the default policy if the policy allows the packet
    - Revert "Fix XFRM-I support for nested ESP tunnels"
    - drm/msm/dp: unregister audio driver during unbind
    - drm/msm/dpu: Add INTF_5 interrupts
    - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header
    - drm/msm/dpu: Remove duplicate register defines from INTF
    - dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and
      qcom, sync-dual-dsi
    - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
    - cpupower: Make TSC read per CPU for Mperf monitor
    - af_key: Reject optional tunnel/BEET mode templates in outbound policies
    - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test
    - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test
    - net: fec: Better handle pm_runtime_get() failing in .remove()
    - net: phy: dp83867: add w/a for packet errors seen with short cables
    - ALSA: firewire-digi00x: prevent potential use after free
    - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
    - vsock: avoid to close connected socket after the timeout
    - tcp: fix possible sk_priority leak in tcp_v4_send_reset()
    - serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
    - serial: 8250_bcm7271: balance clk_enable calls
    - serial: 8250_bcm7271: fix leak in `brcmuart_probe`
    - erspan: get the proto with the md version for collect_md
    - net: hns3: fix output information incomplete for dumping tx queue info with
      debugfs
    - net: hns3: fix sending pfc frames after reset issue
    - net: hns3: fix reset delay time to avoid configuration timeout
    - media: netup_unidvb: fix use-after-free at del_timer()
    - SUNRPC: double free xprt_ctxt while still in use
    - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs
    - SUNRPC: Clean up svc_deferred_class trace events
    - SUNRPC: Remove dead code in svc_tcp_release_rqst()
    - SUNRPC: Remove svc_rqst::rq_xprt_hlen
    - SUNRPC: always free ctxt when freeing deferred request
    - SUNRPC: Fix trace_svc_register() call site
    - drm/exynos: fix g2d_open/close helper function definitions
    - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
    - virtio-net: Maintain reverse cleanup order
    - virtio_net: Fix error unwinding of XDP initialization
    - tipc: add tipc_bearer_min_mtu to calculate min mtu
    - tipc: do not update mtu if msg_max is too small in mtu negotiation
    - tipc: check the bearer min mtu properly when setting it by netlink
    - s390/cio: include subchannels without devices also for evaluation
    - net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
    - net: bcmgenet: Restore phy_stop() depending upon suspend/close
    - wifi: mac80211: fix min center freq offset tracing
    - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
    - wifi: iwlwifi: mvm: don't trust firmware n_channels
    - scsi: storvsc: Don't pass unused PFNs to Hyper-V host
    - cassini: Fix a memory leak in the error handling path of cas_init_one()
    - net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
    - igb: fix bit_shift to be in [1..8] range
    - vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
    - netfilter: nf_tables: fix nft_trans type confusion
    - netfilter: nft_set_rbtree: fix null deref on element insertion
    - bridge: always declare tunnel functions
    - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
    - USB: usbtmc: Fix direction for 0-length ioctl control messages
    - usb-storage: fix deadlock when a scsi command timeouts more than once
    - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
    - usb: dwc3: debugfs: Resume dwc3 before accessing registers
    - usb: gadget: u_ether: Fix host MAC address case
    - usb: typec: altmodes/displayport: fix pin_assignment_show
    - xhci-pci: Only run d3cold avoidance quirk for s2idle
    - xhci: Fix incorrect tracking of free space on transfer rings
    - ALSA: hda: Fix Oops by 9.1 surround channel names
    - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
    - ALSA: hda/realtek: Add quirk for Clevo L140AU
    - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
    - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
    - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
    - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
    - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
    - can: kvaser_pciefd: Call request_irq() before enabling interrupts
    - can: kvaser_pciefd: Empty SRB buffer in probe
    - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
    - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
    - can: kvaser_pciefd: Disable interrupts in probe error path
    - SMB3: Close all deferred handles of inode in case of handle lease break
    - SMB3: drop reference to cfile before sending oplock break
    - ksmbd: smb2: Allow messages padded to 8byte boundary
    - ksmbd: allocate one more byte for implied bcc[0]
    - ksmbd: fix wrong UserName check in session_user
    - ksmbd: fix global-out-of-bounds in smb2_find_context_vals
    - statfs: enforce statfs[64] structure initialization
    - serial: Add support for Advantech PCI-1611U card
    - serial: 8250_exar: Add support for USR298x PCI Modems
    - serial: qcom-geni: fix enabling deactivated interrupt
    - thunderbolt: Clear registers properly when auto clear isn't in use
    - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
    - ceph: force updating the msg pointer in non-split case
    - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
    - tpm/tpm_tis: Disable interrupts for more Lenovo devices
    - powerpc/64s/radix: Fix soft dirty tracking
    - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
    - s390/qdio: fix do_sqbs() inline assembly constraint
    - HID: wacom: Force pen out of prox if no events have been received in a while
    - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
    - HID: wacom: add three styli to wacom_intuos_get_tool_type
    - Linux 5.15.113
  * Jammy update: v5.15.112 upstream stable release (LP: #2026607)
    - ring-buffer: Ensure proper resetting of atomic variables in
      ring_buffer_reset_online_cpus
    - crypto: ccp - Clear PSP interrupt status register before calling handler
    - ubifs: Fix AA deadlock when setting xattr for encrypted file
    - ubifs: Fix memory leak in do_rename
    - bus: mhi: Move host MHI code to "host" directory
    - bus: mhi: host: Remove duplicate ee check for syserr
    - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state
    - bus: mhi: host: Range check CHDBOFF and ERDBOFF
    - mailbox: zynq: Switch to flexible array to simplify code
    - mailbox: zynqmp: Fix counts of child nodes
    - ASoC: soc-pcm: use GFP_ATOMIC for dpcm structure
    - ASoC: soc-pcm: align BE 'atomicity' with that of the FE
    - ASoC: soc-pcm: Fix and cleanup DPCM locking
    - ASoC: soc-pcm: serialize BE triggers
    - ASoC: soc-pcm: test refcount before triggering
    - ASoC: soc-pcm: fix BE handling of PAUSE_RELEASE
    - fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
    - drm/hyperv: Don't overwrite dirt_needed value set by host
    - scsi: qedi: Fix use after free bug in qedi_remove()
    - net/ncsi: clear Tx enable mode when handling a Config required AEN
    - net/sched: cls_api: remove block_cb from driver_list before freeing
    - sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
    - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
    - net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
    - writeback: fix call of incorrect macro
    - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe()
    - RISC-V: mm: Enable huge page support to kernel_page_present() function
    - net/sched: act_mirred: Add carrier check
    - r8152: fix flow control issue of RTL8156A
    - r8152: fix the poor throughput for 2.5G devices
    - r8152: move setting r8153b_rx_agg_chg_indicate()
    - sfc: Fix module EEPROM reporting for QSFP modules
    - rxrpc: Fix hard call timeout units
    - octeontx2-af: Secure APR table update with the lock
    - octeontx2-af: Skip PFs if not enabled
    - octeontx2-pf: Disable packet I/O for graceful exit
    - octeontx2-vf: Detach LF resources on probe cleanup
    - ionic: remove noise from ethtool rxnfc error msg
    - ethtool: Fix uninitialized number of lanes
    - ionic: catch failure from devlink_alloc
    - af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
    - drm/amdgpu: add a missing lock for AMDGPU_SCHED
    - ALSA: caiaq: input: Add error handling for unsupported input methods in
      `snd_usb_caiaq_input_init`
    - net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
    - virtio_net: split free_unused_bufs()
    - virtio_net: suppress cpu stall when free_unused_bufs
    - net: enetc: check the index of the SFI rather than the handle
    - perf scripts intel-pt-events.py: Fix IPC output for Python 2
    - perf vendor events power9: Remove UTF-8 characters from JSON files
    - perf pmu: zfree() expects a pointer to a pointer to zero it after freeing
      its contents
    - perf map: Delete two variable initialisations before null pointer checks in
      sort__sym_from_cmp()
    - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
    - crypto: engine - check if BH is disabled during completion
    - crypto: api - Add scaffolding to change completion function signature
    - crypto: engine - Use crypto_request_complete
    - crypto: engine - fix crypto_queue backlog handling
    - perf symbols: Fix return incorrect build_id size in elf_read_build_id()
    - perf evlist: Refactor evlist__for_each_cpu()
    - perf stat: Separate bperf from bpf_profiler
    - btrfs: fix btrfs_prev_leaf() to not return the same key twice
    - btrfs: zoned: fix wrong use of bitops API in btrfs_ensure_empty_zones
    - btrfs: fix encoded write i_size corruption with no-holes
    - btrfs: don't free qgroup space unless specified
    - btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add
    - btrfs: print-tree: parent bytenr must be aligned to sector size
    - btrfs: fix space cache inconsistency after error loading it from disk
    - cifs: fix pcchunk length type in smb2_copychunk_range
    - cifs: release leases for deferred close handles when freezing
    - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the
      Juno Tablet
    - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
    - inotify: Avoid reporting event with invalid wd
    - smb3: fix problem remounting a share after shutdown
    - SMB3: force unmount was failing to close deferred close files
    - sh: math-emu: fix macro redefined warning
    - sh: mcount.S: fix build error when PRINTK is not enabled
    - sh: init: use OF_EARLY_FLATTREE for early init
    - sh: nmi_debug: fix return value of __setup handler
    - remoteproc: stm32: Call of_node_put() on iteration error
    - remoteproc: st: Call of_node_put() on iteration error
    - remoteproc: imx_rproc: Call of_node_put() on iteration error
    - ARM: dts: exynos: fix WM8960 clock name in Itop Elite
    - ARM: dts: s5pv210: correct MIPI CSIS clock name
    - drm/bridge: lt8912b: Fix DSI Video Mode
    - drm/msm: fix NULL-deref on snapshot tear down
    - drm/msm: fix NULL-deref on irq uninstall
    - f2fs: fix potential corruption when moving a directory
    - drm/panel: otm8009a: Set backlight parent to panel device
    - drm/amd/display: fix flickering caused by S/G mode
    - drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
    - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx
      ras
    - drm/amdgpu: Fix vram recover doesn't work after whole GPU reset (v2)
    - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
    - HID: wacom: Set a default resolution for older tablets
    - HID: wacom: insert timestamp to packed Bluetooth (BT) events
    - fs/ntfs3: Refactoring of various minor issues
    - ASoC: soc-pcm: Fix DPCM lockdep warning due to nested stream locks
    - ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE
    - ASoC: soc-pcm: Move debugfs removal out of spinlock
    - ASoC: DPCM: Don't pick up BE without substream
    - ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
    - drm/i915/dg2: Support 4k at 30 on HDMI
    - drm/i915/dg2: Add additional HDMI pixel clock frequencies
    - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
    - drm/msm: Remove struct_mutex usage
    - drm/msm/adreno: fix runtime PM imbalance at gpu load
    - drm/amd/display: Refine condition of cursor visibility for pipe-split
    - drm/amd/display: Add NULL plane_state check for cursor disable logic
    - wifi: rtw88: rtw8821c: Fix rfe_option field width
    - ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO
    - ksmbd: fix multi session connection failure
    - ksmbd: replace sessions list in connection with xarray
    - ksmbd: add channel rwlock
    - ksmbd: fix kernel oops from idr_remove()
    - ksmbd: fix racy issue while destroying session on multichannel
    - ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
    - ksmbd: not allow guest user on multichannel
    - locking/rwsem: Add __always_inline annotation to __down_read_common() and
      inlined callers
    - ext4: fix WARNING in mb_find_extent
    - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
    - ext4: fix data races when using cached status extents
    - ext4: check iomap type only if ext4_iomap_begin() does not fail
    - ext4: improve error recovery code paths in __ext4_remount()
    - ext4: improve error handling from ext4_dirhash()
    - ext4: fix deadlock when converting an inline directory in nojournal mode
    - ext4: add bounds checking in get_max_inline_xattr_value_size()
    - ext4: bail out of ext4_xattr_ibody_get() fails for any reason
    - ext4: remove a BUG_ON in ext4_mb_release_group_pa()
    - ext4: fix invalid free tracking in ext4_xattr_move_to_block()
    - drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error
    - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
    - drbd: correctly submit flush bio on barrier
    - RISC-V: Fix up a cherry-pick warning in setup_vm_final()
    - drm/amd/display: Fix hang when skipping modeset
    - Linux 5.15.112
  * CVE-2023-31084 // CVE-2023-31084 was assigned to this bug.
    - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free

  [ Ubuntu: 5.15.0-1044.49 ]

  * jammy/linux-realtime: 5.15.0-1044.49 -proposed tracker (LP: #2030568)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis
  * jammy/linux: 5.15.0-82.91 -proposed tracker (LP: #2031147)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * jammy/linux: 5.15.0-80.87 -proposed tracker (LP: #2030588)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

Date: 2023-09-01 22:43:08.101542+00:00
Changed-By: Jacob Martin <jacob.martin at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1017.17
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list