Ubuntu
linux-oem-6.1 package

Jammy update: v6.1.57 upstream stable release

Bug #2039174 reported by Timo Aaltonen on 2023-10-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-oem-6.1 (Ubuntu)	Fix Released	Undecided	Unassigned
	Jammy	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v6.1.57 upstream stable release
from git://git.kernel.org/

Linux 6.1.57
xen/events: replace evtchn_rwlock with RCU
ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh()
btrfs: file_remove_privs needs an exclusive lock in direct io write
netlink: remove the flex array from struct nlmsghdr
btrfs: fix fscrypt name leak after failure to join log transaction
btrfs: fix an error handling path in btrfs_rename()
vrf: Fix lockdep splat in output path
ipv6: remove nexthop_fib6_nh_bh()
parisc: Restore __ldcw_align for PA-RISC 2.0 processors
ksmbd: fix uaf in smb20_oplock_break_ack
ksmbd: fix race condition between session lookup and expire
x86/sev: Use the GHCB protocol when available for SNP CPUID requests
RDMA/mlx5: Fix NULL string error
RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
RDMA/siw: Fix connection failure handling
RDMA/srp: Do not call scsi_done() from srp_abort()
RDMA/uverbs: Fix typo of sizeof argument
RDMA/cma: Fix truncation compilation warning in make_cma_ports
RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
gpio: pxa: disable pinctrl calls for MMP_GPIO
gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
IB/mlx4: Fix the size of a buffer in add_port_entries()
of: dynamic: Fix potential memory leak in of_changeset_action()
RDMA/core: Require admin capabilities to set system parameters
dm zoned: free dmz->ddev array in dmz_put_zoned_devices
parisc: Fix crash with nr_cpus=1 option
smb: use kernel_connect() and kernel_bind()
intel_idle: add Emerald Rapids Xeon support
HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
HID: sony: remove duplicate NULL check before calling usb_free_urb()
netlink: annotate data-races around sk->sk_err
netlink: Fix potential skb memleak in netlink_ack
netlink: split up copies in the ack construction
sctp: update hb timer immediately after users change hb_interval
sctp: update transport state when processing a dupcook packet
tcp: fix delayed ACKs for MSS boundary condition
tcp: fix quick-ack counting to count actual ACKs of new data
tipc: fix a potential deadlock on &tx->lock
net: stmmac: dwmac-stm32: fix resume on STM32 MCU
ipv4: Set offload_failed flag in fibmatch results
netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
netfilter: nf_tables: Deduplicate nft_register_obj audit logs
selftests: netfilter: Extend nft_audit.sh
selftests: netfilter: Test nf_tables audit logging
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
ibmveth: Remove condition to recompute TCP header checksum.
net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
net: nfc: llcp: Add lock when modifying device list
net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
ptp: ocp: Fix error handling in ptp_ocp_device_init
ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
neighbour: fix data-races around n->output
neighbour: switch to standard rcu, instead of rcu_bh
neighbour: annotate lockless accesses to n->nud_state
bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
net: fix possible store tearing in neigh_periodic_work()
modpost: add missing else to the "of" check
bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
bpf, sockmap: Do not inc copied_seq when PEEK flag set
bpf: tcp_read_skb needs to pop skb regardless of seq
NFSv4: Fix a nfs4_state_manager() race
ima: rework CONFIG_IMA dependency block
scsi: target: core: Fix deadlock due to recursive locking
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
regulator/core: regulator_register: set device->class earlier
iommu/mediatek: Fix share pgtable for iova over 4GB
perf/x86/amd: Do not WARN() on every IRQ
wifi: mac80211: fix potential key use-after-free
regmap: rbtree: Fix wrong register marked as in-cache when creating new node
perf/x86/amd/core: Fix overflow reset on hotplug
wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
Bluetooth: ISO: Fix handling of listen for unicast
Bluetooth: Delete unused hci_req_prepare_suspend() declaration
regulator: mt6358: split ops for buck and linear range LDO regulators
regulator: mt6358: Use linear voltage helpers for single range regulators
regulator: mt6358: Drop *_SSHUB regulators
bpf: Fix tr dereferencing
leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
wifi: cfg80211: fix cqm_config access race
wifi: cfg80211: add a work abstraction with special semantics
wifi: cfg80211: move wowlan disable under locks
wifi: cfg80211: hold wiphy lock in auto-disconnect
wifi: iwlwifi: mvm: Fix a memory corruption issue
wifi: iwlwifi: dbg_ini: fix structure packing
erofs: fix memory leak of LZMA global compressed deduplication
ubi: Refuse attaching if mtd's erasesize is 0
HID: sony: Fix a potential memory leak in sony_probe()
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
arm64: Add Cortex-A520 CPU part definition
drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
drm/amd: Fix detection of _PR3 on the PCIe root port
net: prevent rewrite of msg_name in sock_sendmsg()
net: replace calls to sock->ops->connect() with kernel_connect()
PCI: qcom: Fix IPQ8074 enumeration
md/raid5: release batch_last before waiting for another stripe_head
wifi: mwifiex: Fix tlv_buf_left calculation
Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
Bluetooth: hci_codec: Fix leaking content of local_codecs
qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
mptcp: userspace pm allow creating id 0 subflow
net: ethernet: mediatek: disable irq before schedule napi
vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
iommu/vt-d: Avoid memory allocation in iommu_suspend()
scsi: zfcp: Fix a double put in zfcp_port_enqueue()
i40e: fix the wrong PTP frequency calculation
hwmon: (nzxt-smart2) add another USB ID
hwmon: (nzxt-smart2) Add device id
block: fix use-after-free of q->q_usage_counter
rbd: take header_rwsem in rbd_dev_refresh() only when updating
rbd: decouple parent info read-in from updating rbd_dev
rbd: decouple header read-in from updating rbd_dev->header
rbd: move rbd_dev_refresh() definition
iommu/arm-smmu-v3: Avoid constructing invalid range commands
iommu/arm-smmu-v3: Set TTL invalidation hint better
drm/amd/display: Adjust the MST resume flow
arm64: cpufeature: Fix CLRBHB and BC detection
net: release reference to inet6_dev pointer
net: change accept_ra_min_rtr_lft to affect all RA lifetimes
net: add sysctl accept_ra_min_rtr_lft
arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
btrfs: use struct fscrypt_str instead of struct qstr
btrfs: setup qstr from dentrys using fscrypt helper
btrfs: use struct qstr instead of name and namelen pairs
ring-buffer: Fix bytes info in per_cpu buffer stats
ring-buffer: remove obsolete comment for free_buffer_page()
mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
mm/page_alloc: leave IRQs enabled for per-cpu page allocations
mm/page_alloc: always remove pages from temporary list
mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are specified
mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
mm/memory: add vm_normal_folio()
NFSv4: Fix a state manager thread deadlock regression
NFS: rename nfs_client_kset to nfs_kset
NFS: Cleanup unused rpc_clnt variable
ata: libata-scsi: Fix delayed scsi_rescan_device() execution
scsi: Do not attempt to rescan suspended devices
scsi: core: Improve type safety of scsi_rescan_device()
scsi: sd: Do not issue commands to suspended disks on shutdown
scsi: sd: Differentiate system and runtime start/stop management
ata,scsi: do not issue START STOP UNIT on resume
mptcp: process pending subflow error on close
mptcp: move __mptcp_error_report in protocol.c
mptcp: annotate lockless accesses to sk->sk_err
mptcp: fix dangling connection hang-up
mptcp: rename timer related helper to less confusing names
ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
spi: zynqmp-gqspi: fix clock imbalance on probe failure

Tags:

CVE References

2023-4921

Timo Aaltonen (tjaalton) on 2023-10-12

Changed in linux-oem-6.1 (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

Download full text (49.7 KiB)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1025.25

---------------
linux-oem-6.1 (6.1.0-1025.25) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1025.25 -proposed tracker (LP: #2038056)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1025.25

---------------
linux-oem-6.1 (6.1.0-1025.25) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1025.25 -proposed tracker (LP: #2038056)

* Jammy update: v6.1.57 upstream stable release (LP: #2039174)
    - spi: zynqmp-gqspi: fix clock imbalance on probe failure
    - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
    - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
    - mptcp: rename timer related helper to less confusing names
    - mptcp: fix dangling connection hang-up
    - mptcp: annotate lockless accesses to sk->sk_err
    - mptcp: move __mptcp_error_report in protocol.c
    - mptcp: process pending subflow error on close
    - ata,scsi: do not issue START STOP UNIT on resume
    - scsi: sd: Differentiate system and runtime start/stop management
    - scsi: sd: Do not issue commands to suspended disks on shutdown
    - scsi: core: Improve type safety of scsi_rescan_device()
    - scsi: Do not attempt to rescan suspended devices
    - ata: libata-scsi: Fix delayed scsi_rescan_device() execution
    - NFS: Cleanup unused rpc_clnt variable
    - NFS: rename nfs_client_kset to nfs_kset
    - NFSv4: Fix a state manager thread deadlock regression
    - mm/memory: add vm_normal_folio()
    - mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
    - mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
    - mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
    - mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are
      specified
    - mm/page_alloc: always remove pages from temporary list
    - mm/page_alloc: leave IRQs enabled for per-cpu page allocations
    - mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
    - ring-buffer: remove obsolete comment for free_buffer_page()
    - ring-buffer: Fix bytes info in per_cpu buffer stats
    - btrfs: use struct qstr instead of name and namelen pairs
    - btrfs: setup qstr from dentrys using fscrypt helper
    - btrfs: use struct fscrypt_str instead of struct qstr
    - Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
    - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
    - net: add sysctl accept_ra_min_rtr_lft
    - net: change accept_ra_min_rtr_lft to affect all RA lifetimes
    - net: release reference to inet6_dev pointer
    - arm64: cpufeature: Fix CLRBHB and BC detection
    - drm/amd/display: Adjust the MST resume flow
    - iommu/arm-smmu-v3: Set TTL invalidation hint better
    - iommu/arm-smmu-v3: Avoid constructing invalid range commands
    - rbd: move rbd_dev_refresh() definition
    - rbd: decouple header read-in from updating rbd_dev->header
    - rbd: decouple parent info read-in from updating rbd_dev
    - rbd: take header_rwsem in rbd_dev_refresh() only when updating
    - block: fix use-after-free of q->q_usage_counter
    - hwmon: (nzxt-smart2) Add device id
    - hwmon: (nzxt-smart2) add another USB ID
    - i40e: fix the wrong PTP frequency calculation
    - scsi: zfcp: Fix a double put in zfcp_port_enqueue()
    - iommu/vt-d: Avoid memory allocation in iommu_suspend()
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
    - net: ethernet: mediatek: disable irq before schedule napi
    - mptcp: userspace pm allow creating id 0 subflow
    - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
    - Bluetooth: hci_codec: Fix leaking content of local_codecs
    - Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
    - wifi: mwifiex: Fix tlv_buf_left calculation
    - md/raid5: release batch_last before waiting for another stripe_head
    - PCI: qcom: Fix IPQ8074 enumeration
    - net: replace calls to sock->ops->connect() with kernel_connect()
    - net: prevent rewrite of msg_name in sock_sendmsg()
    - drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
    - arm64: Add Cortex-A520 CPU part definition
    - arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
    - HID: sony: Fix a potential memory leak in sony_probe()
    - ubi: Refuse attaching if mtd's erasesize is 0
    - erofs: fix memory leak of LZMA global compressed deduplication
    - wifi: iwlwifi: dbg_ini: fix structure packing
    - wifi: iwlwifi: mvm: Fix a memory corruption issue
    - wifi: cfg80211: hold wiphy lock in auto-disconnect
    - wifi: cfg80211: move wowlan disable under locks
    - wifi: cfg80211: add a work abstraction with special semantics
    - wifi: cfg80211: fix cqm_config access race
    - wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
    - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
    - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
    - bpf: Fix tr dereferencing
    - regulator: mt6358: Drop *_SSHUB regulators
    - regulator: mt6358: Use linear voltage helpers for single range regulators
    - regulator: mt6358: split ops for buck and linear range LDO regulators
    - Bluetooth: Delete unused hci_req_prepare_suspend() declaration
    - Bluetooth: ISO: Fix handling of listen for unicast
    - drivers/net: process the result of hdlc_open() and add call of hdlc_close()
      in uhdlc_close()
    - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
    - perf/x86/amd/core: Fix overflow reset on hotplug
    - regmap: rbtree: Fix wrong register marked as in-cache when creating new node
    - wifi: mac80211: fix potential key use-after-free
    - perf/x86/amd: Do not WARN() on every IRQ
    - iommu/mediatek: Fix share pgtable for iova over 4GB
    - regulator/core: regulator_register: set device->class earlier
    - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
    - scsi: target: core: Fix deadlock due to recursive locking
    - ima: rework CONFIG_IMA dependency block
    - NFSv4: Fix a nfs4_state_manager() race
    - bpf: tcp_read_skb needs to pop skb regardless of seq
    - bpf, sockmap: Do not inc copied_seq when PEEK flag set
    - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
    - modpost: add missing else to the "of" check
    - net: fix possible store tearing in neigh_periodic_work()
    - bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
    - neighbour: annotate lockless accesses to n->nud_state
    - neighbour: switch to standard rcu, instead of rcu_bh
    - neighbour: fix data-races around n->output
    - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
    - ptp: ocp: Fix error handling in ptp_ocp_device_init
    - net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
    - ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
    - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
    - net: nfc: llcp: Add lock when modifying device list
    - net: ethernet: ti: am65-cpsw: Fix error code in
      am65_cpsw_nuss_init_tx_chns()
    - ibmveth: Remove condition to recompute TCP header checksum.
    - netfilter: handle the connecting collision properly in
      nf_conntrack_proto_sctp
    - selftests: netfilter: Test nf_tables audit logging
    - selftests: netfilter: Extend nft_audit.sh
    - netfilter: nf_tables: Deduplicate nft_register_obj audit logs
    - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
    - ipv4: Set offload_failed flag in fibmatch results
    - net: stmmac: dwmac-stm32: fix resume on STM32 MCU
    - tipc: fix a potential deadlock on &tx->lock
    - tcp: fix quick-ack counting to count actual ACKs of new data
    - tcp: fix delayed ACKs for MSS boundary condition
    - sctp: update transport state when processing a dupcook packet
    - sctp: update hb timer immediately after users change hb_interval
    - netlink: split up copies in the ack construction
    - netlink: Fix potential skb memleak in netlink_ack
    - netlink: annotate data-races around sk->sk_err
    - HID: sony: remove duplicate NULL check before calling usb_free_urb()
    - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
    - intel_idle: add Emerald Rapids Xeon support
    - smb: use kernel_connect() and kernel_bind()
    - parisc: Fix crash with nr_cpus=1 option
    - dm zoned: free dmz->ddev array in dmz_put_zoned_devices
    - RDMA/core: Require admin capabilities to set system parameters
    - of: dynamic: Fix potential memory leak in of_changeset_action()
    - IB/mlx4: Fix the size of a buffer in add_port_entries()
    - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
    - gpio: pxa: disable pinctrl calls for MMP_GPIO
    - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
    - RDMA/cma: Fix truncation compilation warning in make_cma_ports
    - RDMA/uverbs: Fix typo of sizeof argument
    - RDMA/srp: Do not call scsi_done() from srp_abort()
    - RDMA/siw: Fix connection failure handling
    - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
    - RDMA/mlx5: Fix NULL string error
    - x86/sev: Use the GHCB protocol when available for SNP CPUID requests
    - ksmbd: fix race condition between session lookup and expire
    - ksmbd: fix uaf in smb20_oplock_break_ack
    - parisc: Restore __ldcw_align for PA-RISC 2.0 processors
    - ipv6: remove nexthop_fib6_nh_bh()
    - vrf: Fix lockdep splat in output path
    - btrfs: fix an error handling path in btrfs_rename()
    - btrfs: fix fscrypt name leak after failure to join log transaction
    - netlink: remove the flex array from struct nlmsghdr
    - btrfs: file_remove_privs needs an exclusive lock in direct io write
    - ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh()
    - xen/events: replace evtchn_rwlock with RCU
    - Linux 6.1.57
    - upstream stable to v6.1.57
    - [Config] Update annotations after merging 6.1.57

* Jammy update: v6.1.56 upstream stable release (LP: #2038832)
    - NFS: Fix error handling for O_DIRECT write scheduling
    - NFS: Fix O_DIRECT locking issues
    - NFS: More O_DIRECT accounting fixes for error paths
    - NFS: Use the correct commit info in nfs_join_page_group()
    - NFS: More fixes for nfs_direct_write_reschedule_io()
    - NFS/pNFS: Report EINVAL errors from connect() to the server
    - SUNRPC: Mark the cred for revalidation if the server rejects it
    - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
    - NFSv4.1: fix pnfs MDS=DS session trunking
    - media: v4l: Use correct dependency for camera sensor drivers
    - media: via: Use correct dependency for camera sensor drivers
    - netfs: Only call folio_start_fscache() one time for each folio
    - dm: fix a race condition in retrieve_deps
    - btrfs: improve error message after failure to add delayed dir index item
    - btrfs: remove BUG() after failure to insert delayed dir index item
    - ext4: replace the traditional ternary conditional operator with with
      max()/min()
    - ext4: move setting of trimmed bit into ext4_try_to_trim_range()
    - ext4: do not let fstrim block system suspend
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
    - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
    - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
    - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation
      fails
    - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
    - netfilter: nf_tables: fix memleak when more than 255 elements expired
    - ASoC: meson: spdifin: start hw on dai probe
    - netfilter: nf_tables: disallow element removal on anonymous sets
    - bpf: Avoid deadlock when using queue and stack maps from NMI
    - ASoC: rt5640: Revert "Fix sleep in atomic context"
    - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
    - ALSA: hda/realtek: Splitting the UX3402 into two separate models
    - netfilter: conntrack: fix extension size table
    - selftests: tls: swap the TX and RX sockets in some tests
    - net/core: Fix ETH_P_1588 flow dissector
    - ASoC: hdaudio.c: Add missing check for devm_kstrdup
    - ASoC: imx-audmix: Fix return error with devm_clk_get()
    - octeon_ep: fix tx dma unmap len values in SG
    - iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set
    - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was
      successful
    - iavf: add iavf_schedule_aq_request() helper
    - iavf: schedule a request immediately after add/delete vlan
    - i40e: Fix VF VLAN offloading when port VLAN is configured
    - netfilter, bpf: Adjust timeouts of non-confirmed CTs in
      bpf_ct_insert_entry()
    - ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
    - igc: Fix infinite initialization loop with early XDP redirect
    - ipv4: fix null-deref in ipv4_link_failure
    - scsi: iscsi_tcp: restrict to TCP sockets
    - powerpc/perf/hv-24x7: Update domain value check
    - dccp: fix dccp_v4_err()/dccp_v6_err() again
    - x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
    - net: hsr: Properly parse HSRv1 supervisor frames.
    - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
    - platform/x86: intel_scu_ipc: Check status upon timeout in
      ipc_wait_for_interrupt()
    - platform/x86: intel_scu_ipc: Don't override scu in
      intel_scu_ipc_dev_simple_command()
    - platform/x86: intel_scu_ipc: Fail IPC send if still busy
    - x86/srso: Fix srso_show_state() side effect
    - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
    - net: hns3: add cmdq check for vf periodic service task
    - net: hns3: fix GRE checksum offload issue
    - net: hns3: only enable unicast promisc when mac table full
    - net: hns3: fix fail to delete tc flower rules during reset issue
    - net: hns3: add 5ms delay before clear firmware reset irq source
    - net: bridge: use DEV_STATS_INC()
    - team: fix null-ptr-deref when team device type is changed
    - net: rds: Fix possible NULL-pointer dereference
    - netfilter: nf_tables: disable toggling dormant table state more than once
    - i915/pmu: Move execlist stats initialization to execlist specific setup
    - locking/seqlock: Do the lockdep annotation before locking in
      do_write_seqcount_begin_nested()
    - net: ena: Flush XDP packets on error.
    - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
    - octeontx2-pf: Do xdp_do_flush() after redirects.
    - igc: Expose tx-usecs coalesce setting to user
    - proc: nommu: /proc/<pid>/maps: release mmap read lock
    - proc: nommu: fix empty /proc/<pid>/maps
    - cifs: Fix UAF in cifs_demultiplex_thread()
    - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
    - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
    - i2c: mux: gpio: Add missing fwnode_handle_put()
    - i2c: xiic: Correct return value check for xiic_reinit()
    - ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
    - ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
    - ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen
    - ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names
    - ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode
    - f2fs: optimize iteration over sparse directories
    - f2fs: get out of a repeat loop when getting a locked data page
    - s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL
    - arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
    - wifi: ath11k: fix tx status reporting in encap offload mode
    - wifi: ath11k: Cleanup mac80211 references on failure during tx_complete
    - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called
    - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
    - drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
    - drm/amdkfd: Insert missing TLB flush on GFX10 and later
    - btrfs: reset destination buffer when read_extent_buffer() gets invalid range
    - vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
    - MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
    - spi: spi-gxp: BUG: Correct spi write return value
    - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet
    - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
    - bus: ti-sysc: Fix missing AM35xx SoC matching
    - firmware: arm_scmi: Harden perf domain info access
    - firmware: arm_scmi: Fixup perf power-cost/microwatt support
    - power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo()
    - clk: sprd: Fix thm_parents incorrect configuration
    - clk: tegra: fix error return case for recalc_rate
    - ARM: dts: omap: correct indentation
    - ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
    - ARM: dts: Unify pwm-omap-dmtimer node names
    - ARM: dts: Unify pinctrl-single pin group nodes for omap4
    - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
    - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
    - power: supply: ucs1002: fix error code in ucs1002_get_property()
    - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
    - xtensa: add default definition for XCHAL_HAVE_DIV32
    - xtensa: iss/network: make functions static
    - xtensa: boot: don't add include-dirs
    - xtensa: umulsidi3: fix conditional expression
    - xtensa: boot/lib: fix function prototypes
    - power: supply: rk817: Fix node refcount leak
    - selftests/powerpc: Use CLEAN macro to fix make warning
    - selftests/powerpc: Pass make context to children
    - selftests/powerpc: Fix emit_tests to work with run_kselftest.sh
    - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers
    - arm64: dts: imx: Add imx8mm-prt8mm.dtb to build
    - firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND
    - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
    - i2c: npcm7xx: Fix callback completion ordering
    - x86/reboot: VMCLEAR active VMCSes before emergency reboot
    - ceph: drop messages from MDS when unmounting
    - dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
    - bpf: Annotate bpf_long_memcpy with data_race
    - spi: sun6i: reduce DMA RX transfer width to single byte
    - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
    - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
    - parisc: sba: Fix compile warning wrt list of SBA devices
    - parisc: iosapic.c: Fix sparse warnings
    - parisc: drivers: Fix sparse warning
    - parisc: irq: Make irq_stack_union static to avoid sparse warning
    - scsi: qedf: Add synchronization between I/O completions and abort
    - scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock
    - scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command
    - selftests/ftrace: Correctly enable event in instance-event.tc
    - ring-buffer: Avoid softlockup in ring_buffer_resize()
    - btrfs: assert delayed node locked when removing delayed item
    - selftests: fix dependency checker script
    - ring-buffer: Do not attempt to read past "commit"
    - net/smc: bugfix for smcr v2 server connect success statistic
    - ata: sata_mv: Fix incorrect string length computation in mv_dump_mem()
    - platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
    - platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode
    - thermal/of: add missing of_node_put()
    - drm/amd/display: Don't check registers, if using AUX BL control
    - drm/amdgpu/soc21: don't remap HDP registers for SR-IOV
    - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
    - drm/amdgpu: Handle null atom context in VBIOS info ioctl
    - riscv: errata: fix T-Head dcache.cva encoding
    - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
    - scsi: pm80xx: Avoid leaking tags when processing
      OPC_INB_SET_CONTROLLER_CONFIG command
    - smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP
    - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
    - spi: nxp-fspi: reset the FLSHxCR1 registers
    - spi: stm32: add a delay before SPI disable
    - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
    - spi: intel-pci: Add support for Granite Rapids SPI serial flash
    - bpf: Clarify error expectations from bpf_clone_redirect
    - ALSA: hda: intel-sdw-acpi: Use u8 type for link index
    - ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width.
    - ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low
    - firmware: cirrus: cs_dsp: Only log list of algorithms in debug build
    - memblock tests: fix warning: "__ALIGN_KERNEL" redefined
    - memblock tests: fix warning ‘struct seq_file’ declared inside parameter list
    - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
    - media: vb2: frame_vector.c: replace WARN_ONCE with a comment
    - NFSv4.1: fix zero value filehandle in post open getattr
    - ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
    - powerpc/watchpoints: Disable preemption in thread_change_pc()
    - powerpc/watchpoint: Disable pagefaults when getting user instruction
    - powerpc/watchpoints: Annotate atomic context in more places
    - ncsi: Propagate carrier gain/loss events to the NCSI controller
    - net: hsr: Add __packed to struct hsr_sup_tlv.
    - tsnep: Fix NAPI scheduling
    - tsnep: Fix NAPI polling with budget 0
    - LoongArch: Set all reserved memblocks on Node#0 at initialization
    - fbdev/sh7760fb: Depend on FB=y
    - perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
    - nvme-pci: factor the iod mempool creation into a helper
    - nvme-pci: factor out a nvme_pci_alloc_dev helper
    - nvme-pci: do not set the NUMA node of device if it has none
    - wifi: ath11k: Don't drop tx_status when peer cannot be found
    - scsi: qla2xxx: Fix NULL pointer dereference in target mode
    - nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
    - smack: Record transmuting in smk_transmuted
    - smack: Retrieve transmuting information in smack_inode_getsecurity()
    - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
    - x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
    - x86/srso: Add SRSO mitigation for Hygon processors
    - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway
    - KVM: SVM: Fix TSC_AUX virtualization setup
    - KVM: x86/mmu: Open code leaf invalidation from mmu_notifier
    - KVM: x86/mmu: Do not filter address spaces in
      for_each_tdp_mmu_root_yield_safe()
    - mptcp: fix bogus receive window shrinkage with multiple subflows
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe
    - Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
    - serial: 8250_port: Check IRQ data before use
    - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
    - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
      M70q
    - LoongArch: Define relocation types for ABI v2.10
    - LoongArch: numa: Fix high_memory calculation
    - ata: libata-scsi: link ata port and scsi device
    - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
    - io_uring/fs: remove sqe->rw_flags checking from LINKAT
    - i2c: i801: unregister tco_pdev in i801_probe() error path
    - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
    - kernel/sched: Modify initial boot task idle setup
    - sched/rt: Fix live lock between select_fallback_rq() and RT push
    - Revert "SUNRPC dont update timeout value on connection reset"
    - timers: Tag (hr)timer softirq as hotplug safe
    - drm/tests: Fix incorrect argument in drm_test_mm_insert_range
    - arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y
    - mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
    - mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
    - mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
    - ring-buffer: Update "shortest_full" in polling
    - btrfs: properly report 0 avail for very full file systems
    - media: uvcvideo: Fix OOB read
    - bpf: Add override check to kprobe multi link attach
    - bpf: Fix BTF_ID symbol generation collision
    - bpf: Fix BTF_ID symbol generation collision in tools/
    - net: thunderbolt: Fix TCPv6 GSO checksum calculation
    - fs/smb/client: Reset password pointer to NULL
    - ata: libata-core: Fix ata_port_request_pm() locking
    - ata: libata-core: Fix port and device removal
    - ata: libata-core: Do not register PM operations for SAS ports
    - ata: libata-sata: increase PMP SRST timeout to 10s
    - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
    - power: supply: rk817: Add missing module alias
    - power: supply: ab8500: Set typing and props
    - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
    - drm/amdkfd: Use gpu_offset for user queue's wptr
    - drm/meson: fix memory leak on ->hpd_notify callback
    - memcg: drop kmem.limit_in_bytes
    - mm, memcg: reconsider kmem.limit_in_bytes deprecation
    - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
    - Linux 6.1.56
    - upstream stable to v6.1.56

* Jammy update: v6.1.55 upstream stable release (LP: #2038831)
    - autofs: fix memory leak of waitqueues in autofs_catatonic_mode
    - btrfs: output extra debug info if we failed to find an inline backref
    - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
    - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
    - kernel/fork: beware of __put_task_struct() calling context
    - rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to
      _idle()
    - scftorture: Forgive memory-allocation failure if KASAN
    - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
    - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
    - perf/imx_ddr: speed up overflow frequency of cycle
    - hw_breakpoint: fix single-stepping when using bpf_overflow_handler
    - ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
    - selftests/nolibc: fix up kernel parameters support
    - devlink: remove reload failed checks in params get/set callbacks
    - crypto: lrw,xts - Replace strlcpy with strscpy
    - ice: Don't tx before switchdev is fully configured
    - wifi: ath9k: fix fortify warnings
    - wifi: ath9k: fix printk specifier
    - wifi: mwifiex: fix fortify warning
    - mt76: mt7921: don't assume adequate headroom for SDIO headers
    - wifi: wil6210: fix fortify warnings
    - can: sun4i_can: Add acceptance register quirk
    - can: sun4i_can: Add support for the Allwinner D1
    - net: Use sockaddr_storage for getsockopt(SO_PEERNAME).
    - net/ipv4: return the real errno instead of -EINVAL
    - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
    - Bluetooth: Fix hci_suspend_sync crash
    - netlink: convert nlk->flags to atomic flags
    - tpm_tis: Resend command to recover from data transfer errors
    - mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
    - alx: fix OOB-read compiler warning
    - wifi: mac80211: check S1G action frame size
    - netfilter: ebtables: fix fortify warnings in size_entry_mwt()
    - wifi: cfg80211: reject auth/assoc to AP with our address
    - wifi: cfg80211: ocb: don't leave if not joined
    - wifi: mac80211: check for station first in client probe
    - wifi: mac80211_hwsim: drop short frames
    - libbpf: Free btf_vmlinux when closing bpf_object
    - drm/bridge: tc358762: Instruct DSI host to generate HSE packets
    - drm/edid: Add quirk for OSVR HDK 2.0
    - arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size
    - arm64: dts: qcom: sm6350: correct ramoops pmsg-size
    - arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size
    - arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size
    - samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000'
    - drm/amd/display: Fix underflow issue on 175hz timing
    - ASoC: SOF: topology: simplify code to prevent static analysis warnings
    - ASoC: Intel: sof_sdw: Update BT offload config for soundwire config
    - ALSA: hda: intel-dsp-cfg: add LunarLake support
    - drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
    - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31
    - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN314
    - drm/exynos: fix a possible null-pointer dereference due to data race in
      exynos_drm_crtc_atomic_disable()
    - drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()
    - bus: ti-sysc: Configure uart quirks for k3 SoC
    - md: raid1: fix potential OOB in raid1_remove_disk()
    - ext2: fix datatype of block number in ext2_xattr_set2()
    - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
    - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
    - PCI: dwc: Provide deinit callback for i.MX
    - ARM: 9317/1: kexec: Make smp stop calls asynchronous
    - powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
    - PCI: vmd: Disable bridge window for domain reset
    - PCI: fu740: Set the number of MSI vectors
    - media: mdp3: Fix resource leaks in of_find_device_by_node
    - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
    - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
    - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
    - media: anysee: fix null-ptr-deref in anysee_master_xfer
    - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
    - media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
    - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
      detected
    - media: tuners: qt1010: replace BUG_ON with a regular error
    - media: pci: cx23885: replace BUG with error return
    - usb: cdns3: Put the cdns set active part outside the spin lock
    - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
    - tools: iio: iio_generic_buffer: Fix some integer type and calculation
    - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
    - serial: cpm_uart: Avoid suspicious locking
    - misc: open-dice: make OPEN_DICE depend on HAS_IOMEM
    - usb: ehci: add workaround for chipidea PORTSC.PEC bug
    - usb: chipidea: add workaround for chipidea PEC bug
    - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
    - kobject: Add sanity check for kset->kobj.ktype in kset_register()
    - interconnect: Fix locking for runpm vs reclaim
    - printk: Keep non-panic-CPUs out of console lock
    - printk: Consolidate console deferred printing
    - dma-buf: Add unlocked variant of attachment-mapping functions
    - misc: fastrpc: Prepare to dynamic dma-buf locking specification
    - misc: fastrpc: Fix incorrect DMA mapping unmap request
    - MIPS: Use "grep -E" instead of "egrep"
    - btrfs: add a helper to read the superblock metadata_uuid
    - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
    - block: factor out a bvec_set_page helper
    - nvmet: use bvec_set_page to initialize bvecs
    - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
    - drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
    - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
    - selftests: tracing: Fix to unmount tracefs for recovering environment
    - x86/ibt: Suppress spurious ENDBR
    - riscv: kexec: Align the kexeced kernel entry
    - scsi: target: core: Fix target_cmd_counter leak
    - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    - panic: Reenable preemption in WARN slowpath
    - x86/boot/compressed: Reserve more memory for page tables
    - x86/purgatory: Remove LTO flags
    - samples/hw_breakpoint: fix building without module unloading
    - md/raid1: fix error: ISO C90 forbids mixed declarations
    - Revert "SUNRPC: Fail faster on bad verifier"
    - attr: block mode changes of symlinks
    - ovl: fix failed copyup of fileattr on a symlink
    - ovl: fix incorrect fdput() on aio completion
    - io_uring/net: fix iter retargeting for selected buf
    - nvme: avoid bogus CRTO values
    - Revert "drm/amd: Disable S/G for APUs when 64GB or more host memory"
    - dm: don't attempt to queue IO under RCU protection
    - btrfs: fix lockdep splat and potential deadlock after failure running
      delayed items
    - btrfs: fix a compilation error if DEBUG is defined in btree_dirty_folio
    - btrfs: release path before inode lookup during the ino lookup ioctl
    - btrfs: check for BTRFS_FS_ERROR in pending ordered assert
    - tracing: Have tracing_max_latency inc the trace array ref count
    - tracing: Have event inject files inc the trace array ref count
    - tracing: Increase trace array ref count on enable and filter files
    - tracing: Have current_trace inc the trace array ref count
    - tracing: Have option files inc the trace array ref count
    - selinux: fix handling of empty opts in selinux_fs_context_submount()
    - nfsd: fix change_info in NFSv4 RENAME replies
    - tracefs: Add missing lockdown check to tracefs_create_dir()
    - i2c: aspeed: Reset the i2c controller when timeout occurs
    - ata: libata: disallow dev-initiated LPM transitions to unsupported states
    - ata: libahci: clear pending interrupt status
    - scsi: megaraid_sas: Fix deadlock on firmware crashdump
    - scsi: pm8001: Setup IRQs on resume
    - ext4: fix rec_len verify error
    - drm/amd/display: fix the white screen issue when >= 64GB DRAM
    - Revert "memcg: drop kmem.limit_in_bytes"
    - drm/amdgpu: fix amdgpu_cs_p1_user_fence
    - interconnect: Teach lockdep about icc_bw_lock order
    - Linux 6.1.55
    - upstream stable to v6.1.55

* Jammy update: v6.1.54 upstream stable release (LP: #2038830)
    - net/ipv6: SKB symmetric hash should incorporate transport ports
    - mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
    - Multi-gen LRU: fix per-zone reclaim
    - io_uring: always lock in io_apoll_task_func
    - io_uring: revert "io_uring fix multishot accept ordering"
    - io_uring/net: don't overflow multishot accept
    - io_uring: break out of iowq iopoll on teardown
    - io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used
    - io_uring: Don't set affinity on a dying sqpoll thread
    - drm/virtio: Conditionally allocate virtio_gpu_fence
    - scsi: qla2xxx: Adjust IOCB resource on qpair create
    - scsi: qla2xxx: Limit TMF to 8 per function
    - scsi: qla2xxx: Fix deletion race condition
    - scsi: qla2xxx: fix inconsistent TMF timeout
    - scsi: qla2xxx: Fix command flush during TMF
    - scsi: qla2xxx: Fix erroneous link up failure
    - scsi: qla2xxx: Turn off noisy message log
    - scsi: qla2xxx: Fix session hang in gnl
    - scsi: qla2xxx: Fix TMF leak through
    - scsi: qla2xxx: Remove unsupported ql2xenabledif option
    - scsi: qla2xxx: Flush mailbox commands on chip reset
    - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
    - scsi: qla2xxx: Error code did not return to upper layer
    - scsi: qla2xxx: Fix firmware resource tracking
    - null_blk: fix poll request timeout handling
    - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
    - clk: qcom: camcc-sc7180: fix async resume during probe
    - drm/ast: Fix DRAM init on AST2200
    - ASoC: tegra: Fix SFC conversion for few rates
    - clk: qcom: turingcc-qcs404: fix missing resume during probe
    - arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
    - send channel sequence number in SMB3 requests after reconnects
    - memcg: drop kmem.limit_in_bytes
    - mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
    - lib/test_meminit: allocate pages up to order MAX_ORDER
    - parisc: led: Fix LAN receive and transmit LEDs
    - parisc: led: Reduce CPU overhead for disk & lan LED computation
    - cifs: update desired access while requesting for directory lease
    - pinctrl: cherryview: fix address_space_handler() argument
    - dt-bindings: clock: xlnx,versal-clk: drop select:false
    - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
    - clk: imx: pll14xx: align pdiv with reference manual
    - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
    - soc: qcom: qmi_encdec: Restrict string length in decode
    - clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
    - clk: qcom: lpasscc-sc7280: fix missing resume during probe
    - clk: qcom: q6sstop-qcs404: fix missing resume during probe
    - clk: qcom: mss-sc7180: fix missing resume during probe
    - NFS: Fix a potential data corruption
    - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
    - bus: mhi: host: Skip MHI reset if device is in RDDM
    - kbuild: rpm-pkg: define _arch conditionally
    - kbuild: do not run depmod for 'make modules_sign'
    - tpm_crb: Fix an error handling path in crb_acpi_add()
    - gfs2: Switch to wait_event in gfs2_logd
    - gfs2: low-memory forced flush fixes
    - mailbox: qcom-ipcc: fix incorrect num_chans counting
    - kconfig: fix possible buffer overflow
    - Input: iqs7222 - configure power mode before triggering ATI
    - perf trace: Use zfree() to reduce chances of use after free
    - perf trace: Really free the evsel->priv area
    - pwm: atmel-tcb: Convert to platform remove callback returning void
    - pwm: atmel-tcb: Harmonize resource allocation order
    - pwm: atmel-tcb: Fix resource freeing in error path and remove
    - backlight: gpio_backlight: Drop output GPIO direction check for initial
      power state
    - Input: tca6416-keypad - always expect proper IRQ number in i2c client
    - Input: tca6416-keypad - fix interrupt enable disbalance
    - perf annotate bpf: Don't enclose non-debug code with an assert()
    - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
    - perf vendor events: Update the JSON/events descriptions for power10 platform
    - perf vendor events: Drop some of the JSON/events for power10 platform
    - perf vendor events: Drop STORES_PER_INST metric event for power10 platform
    - perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
    - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
    - pwm: lpc32xx: Remove handling of PWM channels
    - perf test stat_bpf_counters_cgrp: Fix shellcheck issue about logical
      operators
    - perf test stat_bpf_counters_cgrp: Enhance perf stat cgroup BPF counter test
    - drm/i915: mark requests for GuC virtual engines to avoid use-after-free
    - blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()
    - blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()
    - cifs: use fs_context for automounts
    - smb: propagate error code of extract_sharename()
    - net/sched: fq_pie: avoid stalls in fq_pie_timer()
    - sctp: annotate data-races around sk->sk_wmem_queued
    - ipv4: annotate data-races around fi->fib_dead
    - net: read sk->sk_family once in sk_mc_loop()
    - net: fib: avoid warn splat in flow dissector
    - xsk: Fix xsk_diag use-after-free error during socket cleanup
    - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
    - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
    - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
    - net: use sk_forward_alloc_get() in sk_get_meminfo()
    - net: annotate data-races around sk->sk_forward_alloc
    - mptcp: annotate data-races around msk->rmem_fwd_alloc
    - ipv4: ignore dst hint for multipath routes
    - ipv6: ignore dst hint for multipath routes
    - igb: disable virtualization features on 82580
    - gve: fix frag_list chaining
    - veth: Fixing transmit return status for dropped packets
    - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
    - net: phy: micrel: Correct bit assignments for phy_device flags
    - bpf, sockmap: Fix skb refcnt race after locking changes
    - af_unix: Fix data-races around user->unix_inflight.
    - af_unix: Fix data-race around unix_tot_inflight.
    - af_unix: Fix data-races around sk->sk_shutdown.
    - af_unix: Fix data race around sk->sk_err.
    - kcm: Destroy mutex in kcm_exit_net()
    - octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
    - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
    - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
    - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
    - s390/zcrypt: don't leak memory if dev_set_name() fails
    - idr: fix param name in idr_alloc_cyclic() doc
    - ip_tunnels: use DEV_STATS_INC()
    - net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and
      offload
    - net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
    - net: dsa: sja1105: complete tc-cbs offload support on SJA1110
    - bpf: Remove prog->active check for bpf_lsm and bpf_iter
    - bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in
      kern_sys_bpf().
    - bpf: Assign bpf_tramp_run_ctx::saved_run_ctx before recursion check.
    - netfilter: nfnetlink_osf: avoid OOB read
    - net: hns3: fix tx timeout issue
    - net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read()
    - net: hns3: fix debugfs concurrency issue between kfree buffer and read
    - net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
    - net: hns3: fix the port information display when sfp is absent
    - net: hns3: remove GSO partial feature bit
    - sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
    - Multi-gen LRU: avoid race in inc_min_seq()
    - net/mlx5: Free IRQ rmap and notifier on kernel shutdown
    - ARC: atomics: Add compiler barrier to atomic operations...
    - clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL
    - dmaengine: sh: rz-dmac: Fix destination and source data size setting
    - jbd2: fix checkpoint cleanup performance regression
    - jbd2: check 'jh->b_transaction' before removing it from checkpoint
    - jbd2: correct the end of the journal recovery scan range
    - ext4: add correct group descriptors and reserved GDT blocks to system zone
    - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
    - f2fs: flush inode if atomic file is aborted
    - f2fs: avoid false alarm of circular locking
    - lib: test_scanf: Add explicit type cast to result initialization in
      test_number_prefix()
    - hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
    - ata: ahci: Add Elkhart Lake AHCI controller
    - ata: pata_falcon: fix IO base selection for Q40
    - ata: sata_gemini: Add missing MODULE_DESCRIPTION
    - ata: pata_ftide010: Add missing MODULE_DESCRIPTION
    - fuse: nlookup missing decrement in fuse_direntplus_link
    - btrfs: zoned: do not zone finish data relocation block group
    - btrfs: fix start transaction qgroup rsv double free
    - btrfs: free qgroup rsv on io failure
    - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
    - btrfs: set page extent mapped after read_folio in relocate_one_page
    - btrfs: zoned: re-enable metadata over-commit for zoned mode
    - btrfs: use the correct superblock to compare fsid in btrfs_validate_super
    - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
    - mtd: rawnand: brcmnand: Fix crash during the panic_write
    - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
    - mtd: spi-nor: Correct flags for Winbond w25q128
    - mtd: rawnand: brcmnand: Fix potential false time out warning
    - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
    - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
    - drm/amd/display: prevent potential division by zero errors
    - KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
    - KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
    - KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
    - KVM: nSVM: Check instead of asserting on nested TSC scaling support
    - KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
    - KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
    - KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
    - MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression
    - perf hists browser: Fix hierarchy mode header
    - perf test shell stat_bpf_counters: Fix test on Intel
    - perf tools: Handle old data in PERF_RECORD_ATTR
    - perf hists browser: Fix the number of entries for 'e' key
    - drm/amd/display: always switch off ODM before committing more streams
    - drm/amd/display: Remove wait while locked
    - drm/amdgpu: register a dirty framebuffer callback for fbcon
    - kunit: Fix wild-memory-access bug in kunit_free_suite_set()
    - net: ipv4: fix one memleak in __inet_del_ifa()
    - kselftest/runner.sh: Propagate SIGTERM to runner child
    - selftests: Keep symlinks, when possible
    - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in
      smcr_port_add
    - net: stmmac: fix handling of zero coalescing tx-usecs
    - net: ethernet: mvpp2_main: fix possible OOB write in
      mvpp2_ethtool_get_rxnfc()
    - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in
      mtk_hwlro_get_fdir_all()
    - hsr: Fix uninit-value access in fill_frame_info()
    - net: ethernet: adi: adin1110: use eth_broadcast_addr() to assign broadcast
      address
    - net:ethernet:adi:adin1110: Fix forwarding offload
    - net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
    - net: dsa: sja1105: propagate exact error code from
      sja1105_dynamic_config_poll_valid()
    - net: dsa: sja1105: fix multicast forwarding working only for last added mdb
      entry
    - net: dsa: sja1105: serialize sja1105_port_mcast_flood() with other FDB
      accesses
    - net: dsa: sja1105: block FDB accesses that are concurrent with a switch
      reset
    - r8152: check budget for r8152_poll()
    - kcm: Fix memory leak in error path of kcm_sendmsg()
    - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
    - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
    - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
    - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
    - platform/mellanox: NVSW_SN2201 should depend on ACPI
    - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
    - net: macb: Enable PTP unicast
    - net: macb: fix sleep inside spinlock
    - ipv6: fix ip6_sock_set_addr_preferences() typo
    - ipv6: Remove in6addr_any alternatives.
    - tcp: Factorise sk_family-independent comparison in
      inet_bind2_bucket_match(_addr_any).
    - tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
    - tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
    - ixgbe: fix timestamp configuration code
    - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
    - MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
    - drm/amd/display: Fix a bug when searching for insert_above_mpcc
    - Linux 6.1.54
    - upstream stable to v6.1.54

* No external output when hotplugging to a DP monitor after the monitor went
    to sleep for AMD 6300 GPU (LP: #2038981)
    - drm/amd: Fix detection of _PR3 on the PCIe root port
    - SAUCE: usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power
      supply scope

* Fix system boot hang caused by devlink (LP: #2036515)
    - net: devlink: convert devlink port type-specific pointers to union
    - net: devlink: move port_type_warn_schedule() call to
      __devlink_port_type_set()
    - net: devlink: move port_type_netdev_checks() call to
      __devlink_port_type_set()
    - net: devlink: take RTNL in port_fill() function only if it is not held
    - net: devlink: track netdev with devlink_port assigned
    - net: make drivers to use SET_NETDEV_DEVLINK_PORT to set devlink_port
    - net: devlink: remove netdev arg from devlink_port_type_eth_set()
    - net: devlink: remove net namespace check from devlink_nl_port_fill()
    - net: devlink: store copy netdevice ifindex and ifname to allow port_fill()
      without RTNL held
    - net: devlink: add not cleared type warning to port unregister
    - net: devlink: use devlink_port pointer instead of ndo_get_devlink_port
    - net: expose devlink port over rtnetlink
    - net: devlink: convert port_list into xarray
    - devlink: rename devlink_netdevice_event -> devlink_port_netdevice_event
    - devlink: split out core code
    - netlink: add macro for checking dump ctx size
    - devlink: use an explicit structure for dump context
    - net: devlink: make the devlink_ops::info_get() callback optional
    - devlink: remove start variables from dumps
    - devlink: drop the filter argument from devlinks_xa_find_get
    - devlink: health: combine loops in dump
    - devlink: restart dump based on devlink instance ids (simple)
    - devlink: restart dump based on devlink instance ids (nested)
    - devlink: restart dump based on devlink instance ids (function)
    - devlink: uniformly take the devlink instance lock in the dump loop
    - devlink: bump the instance index directly when iterating
    - devlink: update the code in netns move to latest helpers
    - devlink: protect devlink->dev by the instance lock
    - devlink: always check if the devlink instance is registered
    - devlink: remove the registration guarantee of references
    - devlink: don't require setting features before registration
    - devlink: allow registering parameters after the instance
    - netdevsim: rename a label
    - netdevsim: move devlink registration under the instance lock
    - devlink: keep the instance mutex alive until references are gone

* Add SoF topology support on Intel RaptorLake DELL SKU 0C11 (LP: #2038263)
    - SAUCE: ASoC: Intel: soc-acpi-intel-rpl-match: add rt711-l0-rt1316-l12
      support

* CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

-- Timo Aaltonen <timo.aaltonen@canonical.com>  Fri, 13 Oct 2023 14:51:39 +0300

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	New → Fix Released

Timo Aaltonen (tjaalton) on 2024-03-18

Changed in linux-oem-6.1 (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-oem-6.1 package