[ubuntu/lunar-security] linux-starfive 6.2.0-1006.7 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Oct 4 08:12:05 UTC 2023
linux-starfive (6.2.0-1006.7) lunar; urgency=medium
* lunar/linux-starfive: 6.2.0-1006.7 -proposed tracker (LP: #2033777)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
[ Ubuntu: 6.2.0-34.34 ]
* lunar/linux: 6.2.0-34.34 -proposed tracker (LP: #2033779)
* CVE-2023-20569
- x86/cpu, kvm: Add support for CPUID_80000021_EAX
- tools headers x86 cpufeatures: Sync with the kernel sources
- x86/alternative: Optimize returns patching
- x86/retbleed: Add __x86_return_thunk alignment checks
- x86/srso: Add a Speculative RAS Overflow mitigation
- x86/srso: Add IBPB_BRTYPE support
- x86/srso: Add SRSO_NO support
- x86/srso: Add IBPB
- x86/srso: Add IBPB on VMEXIT
- x86/srso: Fix return thunks in generated code
- x86/srso: Add a forgotten NOENDBR annotation
- x86/srso: Tie SBPB bit setting to microcode patch detection
- Documentation/hw-vuln: Unify filename specification in index
- Documentation/srso: Document IBPB aspect and fix formatting
- x86/srso: Fix build breakage with the LLVM linker
- x86: Move gds_ucode_mitigated() declaration to header
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
- x86/srso: Disable the mitigation on unaffected configurations
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
retpolines and IBT
- x86/cpu: Fix __x86_return_thunk symbol type
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
- objtool/x86: Fix SRSO mess
- x86/alternative: Make custom return thunk unconditional
- x86/cpu: Clean up SRSO return thunk mess
- x86/cpu: Rename original retbleed methods
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
- x86/cpu: Cleanup the untrain mess
- x86/srso: Explain the untraining sequences a bit more
- objtool/x86: Fixup frame-pointer vs rethunk
- x86/static_call: Fix __static_call_fixup()
- x86/srso: Correct the mitigation status when SMT is disabled
- Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
* Please enable Renesas RZ platform serial installer (LP: #2022361)
- [Config] enable hihope RZ/G2M serial console
- [Config] Mark sh-sci as built-in
* dGPU cannot resume because system firmware stuck in IPCS method
(LP: #2021572)
- drm/i915/tc: Abort DP AUX transfer on a disconnected TC port
- drm/i915/tc: switch to intel_de_* register accessors in display code
- drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
- drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
- drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
- drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
- drm/i915/tc: Factor out helpers converting HPD mask to TC mode
- drm/i915/tc: Fix target TC mode for a disconnected legacy port
- drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
- drm/i915/tc: Fix initial TC mode on disabled legacy ports
- drm/i915/tc: Make the TC mode readout consistent in all PHY states
- drm/i915: Add encoder hook to get the PLL type used by TC ports
- drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
- drm/i915/tc: Factor out a function querying active links on a TC port
- drm/i915/tc: Check the PLL type used by an enabled TC port
- drm/i915/tc: Group the TC PHY setup/query functions per platform
- drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
- drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
- drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
- drm/i915/tc: Move TC port fields to a new intel_tc_port struct
- drm/i915/tc: Check for TC PHY explicitly in
intel_tc_port_fia_max_lane_count()
- drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
- drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
- drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
- drm/i915/tc: Add TC PHY hook to read out the PHY HW state
- drm/i915/tc: Add generic TC PHY connect/disconnect handlers
- drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
- drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
- drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
- drm/i915/tc: Check TC mode instead of the VBT legacy flag
- drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
- drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
- drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
- drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
- drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
- drm/i915/tc: Add TC PHY hook to init the PHY
- drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
- drm/i915/tc: Get power ref for reading the HPD live status register
- drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
- drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
- drm/i915: Move shared DPLL disabling into CRTC disable hook
- drm/i915: Disable DPLLs before disconnecting the TC PHY
- drm/i915: Remove TC PHY disconnect workaround
- drm/i915: Remove the encoder update_prepare()/complete() hooks
- drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
- drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
- drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
- drm/i915: Make the CRTC state consistent during sanitize-disabling
- drm/i915: Update connector atomic state before crtc sanitize-disabling
- drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
- drm/i915: Factor out set_encoder_for_connector()
- drm/i915: Add support for disabling any CRTCs during HW readout/sanitization
- drm/i915/dp: Prevent link training fallback on disconnected port
- drm/i915/dp: Factor out intel_dp_get_active_pipes()
- drm/i915: Factor out a helper for handling atomic modeset locks/state
- drm/i915/tc: Call TypeC port flush_work/cleanup without modeset locks held
- drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink
disconnects
* amdgpu: Fixes for S0i3 resume on Phoenix (LP: #2033654)
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix
- drm/amd: flush any delayed gfxoff on suspend entry
* Fix panel brightness issues on HP laptops (LP: #2032704)
- ACPI: video: Put ACPI video and its child devices into D0 on boot
* Fix ACPI TAD on some Intel based systems (LP: #2032767)
- ACPI: TAD: Install SystemCMOS address space handler for ACPI000E
* kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
ARM64 (LP: #2033007)
- [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
* Request backport of xen timekeeping performance improvements (LP: #2033122)
- x86/xen/time: prefer tsc as clocksource when it is invariant
* Fix numerous AER related issues (LP: #2033025)
- SAUCE: PCI/AER: Disable AER service during suspend, again
- SAUCE: PCI/DPC: Disable DPC service during suspend, again
* Enable D3cold at s2idle for Intel DG2 GPU (LP: #2033452)
- drm/i915/dgfx: Enable d3cold at s2idle
* CVE-2023-4569
- netfilter: nf_tables: deactivate catchall elements in next generation
* Fix non-working MT7921e when pre-boot WiFi is enabled (LP: #2026322)
- wifi: mt76: mt7921e: fix init command fail with enabled device
* Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
- e1000e: Use PME poll to circumvent unreliable ACPI wake
* [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
- cpufreq: intel_pstate: Fix scaling for hybrid-capable
* CVE-2023-40283
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
* CVE-2023-20588
- x86/bugs: Increase the x86 bugs vector size to two u32s
- x86/CPU/AMD: Do not leak quotient data after a division by 0
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt
* CVE-2023-4194
- net: tun_chr_open(): set sk_uid from current_fsuid()
- net: tap_open(): set sk_uid from current_fsuid()
* CVE-2023-4155
- KVM: SEV: snapshot the GHCB before accessing it
- KVM: SEV: only access GHCB fields once
* CVE-2023-1206
- tcp: Reduce chance of collisions in inet6_hashfn().
* Lunar update: upstream stable patchset 2023-08-03 (LP: #2029808)
- RDMA/bnxt_re: Fix the page_size used during the MR creation
- phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value
- RDMA/efa: Fix unsupported page sizes in device
- RDMA/hns: Fix timeout attr in query qp for HIP08
- RDMA/hns: Fix base address table allocation
- RDMA/hns: Modify the value of long message loopback slice
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
- RDMA/bnxt_re: Fix a possible memory leak
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
- iommu/rockchip: Fix unwind goto issue
- iommu/amd: Don't block updates to GATag if guest mode is on
- iommu/amd: Handle GALog overflows
- iommu/amd: Fix up merge conflict resolution
- nfsd: make a copy of struct iattr before calling notify_change
- dmaengine: pl330: rename _start to prevent build error
- riscv: Fix unused variable warning when BUILTIN_DTB is set
- net/mlx5: Drain health before unregistering devlink
- net/mlx5: SF, Drain health before removing device
- net/mlx5: fw_tracer, Fix event handling
- net/mlx5e: Don't attach netdev profile while handling internal error
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
- netrom: fix info-leak in nr_write_internal()
- af_packet: Fix data-races of pkt_sk(sk)->num.
- tls: improve lockless access safety of tls_err_abort()
- amd-xgbe: fix the false linkup in xgbe_phy_status
- perf ftrace latency: Remove unnecessary "--" from --use-nsec option
- mtd: rawnand: ingenic: fix empty stub helper definitions
- RDMA/irdma: Prevent QP use after free
- RDMA/irdma: Fix Local Invalidate fencing
- af_packet: do not use READ_ONCE() in packet_bind()
- tcp: deny tcp_disconnect() when threads are waiting
- tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
- net/smc: Scan from current RMB list when no position specified
- net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
- net/sched: sch_ingress: Only create under TC_H_INGRESS
- net/sched: sch_clsact: Only create under TC_H_CLSACT
- net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
- net/sched: Prohibit regrafting ingress or clsact Qdiscs
- net: sched: fix NULL pointer dereference in mq_attach
- net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
- udp6: Fix race condition in udp6_sendmsg & connect
- nfsd: fix double fget() bug in __write_ports_addfd()
- nvme: fix the name of Zone Append for verbose logging
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
- net/mlx5: Read embedded cpu after init bit cleared
- iommu/mediatek: Flush IOTLB completely only if domain has been attached
- tcp: fix mishandling when the sack compression is deferred.
- net: dsa: mv88e6xxx: Increase wait after reset deactivation
- mtd: rawnand: marvell: ensure timing values are written
- mtd: rawnand: marvell: don't set the NAND frequency select
- rtnetlink: call validate_linkmsg in rtnl_create_link
- mptcp: avoid unneeded __mptcp_nmpc_socket() usage
- mptcp: add annotations around msk->subflow accesses
- mptcp: avoid unneeded address copy
- mptcp: simplify subflow_syn_recv_sock()
- mptcp: consolidate passive msk socket initialization
- mptcp: fix data race around msk->first access
- mptcp: add annotations around sk->sk_shutdown accesses
- drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
- watchdog: menz069_wdt: fix watchdog initialisation
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
- ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
- drm/amdgpu: Use the default reset when loading or reloading the driver
- mailbox: mailbox-test: Fix potential double-free in
mbox_test_message_write()
- btrfs: abort transaction when sibling keys check fails for leaves
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case
- hwmon: (k10temp) Add PCI ID for family 19, model 78h
- media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
- platform/mellanox: fix potential race in mlxbf-tmfifo driver
- drm/amdgpu: set gfx9 onwards APU atomics support to be true
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode
- fbdev: stifb: Fix info entry in sti_struct on error path
- nbd: Fix debugfs_create_dir error checking
- block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
- nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
- nvme-pci: add quirk for missing secondary temperature thresholds
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
- ASoC: dwc: limit the number of overrun messages
- um: harddog: fix modular build
- xfrm: Check if_id in inbound policy/secpath match
- ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
- ASoC: ssm2602: Add workaround for playback distortions
- media: dvb_demux: fix a bug for the continuity counter
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
- media: netup_unidvb: fix irq init by register it at the end of probe
- media: dvb_ca_en50221: fix a size write bug
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
- media: dvb-core: Fix use-after-free due on race condition at dvb_net
- media: dvb-core: Fix use-after-free due to race at dvb_register_device()
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
- ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
- ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
- ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
- ASoC: SOF: pm: save io region state in case of errors in resume
- s390/pkey: zeroize key blobs
- s390/topology: honour nr_cpu_ids when adding CPUs
- ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
- ARM: dts: stm32: add pin map for CAN controller on stm32f7
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
- arm64: vdso: Pass (void *) to virt_to_page()
- wifi: mac80211: simplify chanctx allocation
- wifi: mac80211: consider reserved chanctx for mindef
- wifi: mac80211: recalc chanctx mindef before assigning
- wifi: iwlwifi: mvm: Add locking to the rate read flow
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
- wifi: b43: fix incorrect __packed annotation
- netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
CONFIG_NF_NAT
- nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
- nvme: do not let the user delete a ctrl before a complete initialization
- ALSA: oss: avoid missing-prototype warnings
- drm/msm: Be more shouty if per-process pgtables aren't working
- atm: hide unused procfs functions
- ceph: silence smatch warning in reconnect_caps_cb()
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
- ublk: fix AB-BA lockdep warning
- nvme-pci: Add quirk for Teamgroup MP33 SSD
- block: Deny writable memory mapping if block is read-only
- KVM: arm64: vgic: Fix a circular locking issue
- KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
- KVM: arm64: vgic: Fix locking comment
- media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
- drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
- media: uvcvideo: Don't expose unsupported formats to userspace
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
method
- iio: adc: mxs-lradc: fix the order of two cleanup operations
- HID: google: add jewel USB id
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
- iio: imu: inv_icm42600: fix timestamp reset
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
- iio: light: vcnl4035: fixed chip ID check
- iio: adc: stm32-adc: skip adc-channels setup if none is present
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
- iio: addac: ad74413: fix resistance input processing
- iio: adc: ad7192: Change "shorted" channels to differential
- iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
- iio: dac: build ad5758 driver when AD5758 is selected
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
- dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
- misc: fastrpc: return -EPIPE to invocations on device removal
- misc: fastrpc: reject new invocations during device removal
- scsi: stex: Fix gcc 13 warnings
- ata: libata-scsi: Use correct device no in ata_find_dev()
- drm/amdgpu: enable tmz by default for GC 11.0.1
- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
- drm/amd/pm: resolve reboot exception for si oland
- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
- mmc: vub300: fix invalid response handling
- mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
UARTCTRL_SBK
- btrfs: fix csum_tree_block page iteration to avoid tripping on
-Werror=array-bounds
- phy: qcom-qmp-combo: fix init-count imbalance
- phy: qcom-qmp-pcie-msm8996: fix init-count imbalance
- block: fix revalidate performance regression
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
- iommu/amd: Fix domain flush size when syncing iotlb
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
- riscv: perf: Fix callchain parse error with kernel tracepoint events
- io_uring: undeprecate epoll_ctl support
- selinux: don't use make's grouped targets feature yet
- mtdchar: mark bits of ioctl handler noinline
- tracing/timerlat: Always wakeup the timerlat thread
- tracing/histograms: Allow variables to have some modifiers
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
- selftests: mptcp: connect: skip if MPTCP is not supported
- selftests: mptcp: pm nl: skip if MPTCP is not supported
- selftests: mptcp: join: skip if MPTCP is not supported
- selftests: mptcp: sockopt: skip if MPTCP is not supported
- selftests: mptcp: userspace pm: skip if MPTCP is not supported
- mptcp: fix connect timeout handling
- mptcp: fix active subflow finalization
- ext4: add EA_INODE checking to ext4_iget()
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
- ext4: disallow ea_inodes with extended attributes
- ext4: add lockdep annotations for i_data_sem for ea_inode's
- fbcon: Fix null-ptr-deref in soft_cursor
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
- serial: cpm_uart: Fix a COMPILE_TEST dependency
- powerpc/xmon: Use KSYM_NAME_LEN in array size
- test_firmware: fix a memory leak with reqs buffer
- test_firmware: fix the memory leak of the allocated firmware buffer
- KVM: arm64: Populate fault info for watchpoint
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
- ksmbd: fix credit count leakage
- ksmbd: fix UAF issue from opinfo->conn
- ksmbd: fix incorrect AllocationSize set in smb2_get_info
- ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
- ksmbd: fix multiple out-of-bounds read during context decoding
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
- fs/ntfs3: Validate MFT flags before replaying logs
- regmap: Account for register length when chunking
- tpm, tpm_tis: Request threaded interrupt handler
- iommu/amd/pgtbl_v2: Fix domain max address
- drm/amd/display: Have Payload Properly Created After Resume
- tls: rx: strp: don't use GFP_KERNEL in softirq context
- selftests: mptcp: diag: skip if MPTCP is not supported
- selftests: mptcp: simult flows: skip if MPTCP is not supported
- selftests: mptcp: join: avoid using 'cmp --bytes'
- ext4: enable the lazy init thread when remounting read/write
- iommu: Make IPMMU_VMSA dependencies more strict
- [Config] updateconfigs for IPMMU_VMSA
- iommu/amd: Add missing domain type checks
- efi: Bump stub image version for macOS HVF compatibility
- rxrpc: Truncate UTS_RELEASE for rxrpc version
- net: renesas: rswitch: Fix return value in error path of xmit
- KVM: arm64: Prevent unconditional donation of unmapped regions from the host
- KVM: arm64: Reload PTE after invoking walker callback on preorder traversal
- iio: ad4130: Make sure clock provider gets removed
- iio: adc: mt6370: Fix ibus and ibat scaling value of some specific vendor ID
chips
- iio: accel: kx022a fix irq getting
- misc: fastrpc: Reassign memory ownership only for remote heap
- module/decompress: Fix error checking on zstd decompression
- dmaengine: at_hdmac: Repair bitfield macros for peripheral ID handling
- dmaengine: at_hdmac: Extend the Flow Controller bitfield to three bits
- test_firmware: prevent race conditions by a correct implementation of
locking
- KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
- KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
- Upstream stable to v6.1.33, v6.3.7
- scsi: megaraid_sas: Add flexible array member for SGLs
- net: sfp: fix state loss when updating state_hw_mask
- spi: mt65xx: make sure operations completed before unloading
- platform/surface: aggregator: Allow completion work-items to be executed in
parallel
- platform/surface: aggregator_tabletsw: Add support for book mode in KIP
subsystem
- spi: qup: Request DMA before enabling clocks
- afs: Fix setting of mtime when creating a file/dir/symlink
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
- bpf, sockmap: Avoid potential NULL dereference in
sk_psock_verdict_data_ready()
- neighbour: fix unaligned access to pneigh_entry
- net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
- net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
- bpf: Fix UAF in task local storage
- bpf: Fix elem_size not being set for inner maps
- net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
- net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
- net: enetc: correct the statistics of rx bytes
- net: enetc: correct rx_bytes statistics of XDP
- net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
- Bluetooth: Fix l2cap_disconnect_req deadlock
- Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
- Bluetooth: L2CAP: Add missing checks for invalid DCID
- wifi: mac80211: use correct iftype HE cap
- wifi: cfg80211: reject bad AP MLD address
- wifi: mac80211: mlme: fix non-inheritence element
- wifi: mac80211: don't translate beacon/presp addrs
- qed/qede: Fix scheduling while atomic
- wifi: cfg80211: fix locking in sched scan stop work
- selftests/bpf: Verify optval=NULL case
- selftests/bpf: Fix sockopt_sk selftest
- netfilter: nft_bitwise: fix register tracking
- netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
- netfilter: ipset: Add schedule point in call_ad().
- netfilter: nf_tables: out-of-bound check in chain blob
- ipv6: rpl: Fix Route of Death.
- tcp: gso: really support BIG TCP
- rfs: annotate lockless accesses to sk->sk_rxhash
- rfs: annotate lockless accesses to RFS sock flow table
- net: sched: add rcu annotations around qdisc->qdisc_sleeping
- drm/i915/selftests: Add some missing error propagation
- net: sched: move rtm_tca_policy declaration to include file
- net: sched: act_police: fix sparse errors in tcf_police_dump()
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
- bpf: Add extra path pointer check to d_path helper
- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
- lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
- net: bcmgenet: Fix EEE implementation
- bnxt_en: Don't issue AP reset during ethtool's reset operation
- bnxt_en: Query default VLAN before VNIC setup on a VF
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible
- bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
- batman-adv: Broken sync while rescheduling delayed work
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
- Input: psmouse - fix OOB access in Elantech protocol
- Input: fix open count when closing inhibited device
- ALSA: hda: Fix kctl->id initialization
- ALSA: ymfpci: Fix kctl->id initialization
- ALSA: gus: Fix kctl->id initialization
- ALSA: cmipci: Fix kctl->id initialization
- ALSA: hda/realtek: Add quirk for Clevo NS50AU
- ALSA: ice1712,ice1724: fix the kcontrol->id initialization
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
- drm/i915/gt: Use the correct error value when kernel_context() fails
- drm/amdgpu: fix xclk freq on CHIP_STONEY
- drm/amdgpu: change reserved vram info print
- drm/amd/pm: Fix power context allocation in SMU13
- drm/amd/display: Reduce sdp bw after urgent to 90%
- wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
J1939 Socket
- can: j1939: change j1939_netdev_lock type to mutex
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
- mptcp: only send RM_ADDR in nl_cmd_remove
- mptcp: add address into userspace pm list
- mptcp: update userspace pm infos
- selftests: mptcp: update userspace pm addr tests
- selftests: mptcp: update userspace pm subflow tests
- ceph: fix use-after-free bug for inodes when flushing capsnaps
- s390/dasd: Use correct lock while counting channel queue length
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
- Bluetooth: fix debugfs registration
- Bluetooth: hci_qca: fix debugfs registration
- tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
- rbd: get snapshot context after exclusive lock is ensured to be held
- virtio_net: use control_buf for coalesce params
- soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
- pinctrl: meson-axg: add missing GPIOA_18 gpio group
- usb: usbfs: Enforce page requirements for mmap
- usb: usbfs: Use consistent mmap functions
- mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
- mm: page_table_check: Ensure user pages are not slab pages
- arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
- ARM: at91: pm: fix imbalanced reference counter for ethernet devices
- ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
- ASoC: codecs: wsa883x: do not set can_multi_write flag
- ASoC: codecs: wsa881x: do not set can_multi_write flag
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
boards
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
- ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
returning void
- ASoC: mediatek: mt8195: fix use-after-free in driver remove path
- ASoC: simple-card-utils: fix PCM constraint error check
- blk-mq: fix blk_mq_hw_ctx active request accounting
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
- firmware: arm_ffa: Set handle field to zero in memory descriptor
- gpio: sim: fix memory corruption when adding named lines and unnamed hogs
- i2c: sprd: Delete i2c adapter in .remove's error path
- riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
- eeprom: at24: also select REGMAP
- soundwire: stream: Add missing clear of alloc_slave_rt
- riscv: fix kprobe __user string arg print fault issue
- [Config] updateconfigs for ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- vduse: avoid empty string for dev name
- vhost: support PACKED when setting-getting vring_base
- vhost_vdpa: support PACKED when setting-getting vring_base
- ksmbd: fix out-of-bound read in deassemble_neg_contexts()
- ksmbd: fix out-of-bound read in parse_lease_state()
- ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
- ext4: only check dquot_initialize_needed() when debugging
- wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
- wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
- Bluetooth: Split bt_iso_qos into dedicated structures
- Bluetooth: ISO: consider right CIS when removing CIG at cleanup
- Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG
- netfilter: nf_tables: Add null check for nla_nest_start_noflag() in
nft_dump_basechain_hook()
- drm/lima: fix sched context destroy
- net: openvswitch: fix upcall counter access before allocation
- bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg()
- Input: cyttsp5 - fix array length
- soc: qcom: rpmh-rsc: drop redundant unsigned >=0 comparision
- arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
- vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister
- ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
- Upstream stable to v6.1.34, v6.3.8
* CVE-2023-4273
- exfat: check if filename entries exceeds max filename length
* CVE-2023-4128
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-
after-free
* CVE-2023-3212
- gfs2: Don't deref jdesc in evict
Date: 2023-09-13 11:24:08.454421+00:00
Changed-By: Emil Renner Berthing <emil.renner.berthing+launchpad at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-starfive/6.2.0-1006.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list