This bug was fixed in the package linux-starfive - 5.19.0-1003.4 --------------- linux-starfive (5.19.0-1003.4) kinetic; urgency=medium * kinetic/linux-starfive: 5.19.0-1003.4 -proposed tracker (LP: #1992792) * Excessive size of kernel modules on RISC-V - modules unstripped (LP: #1964335) - SAUCE: scripts/Makefile.modinst discard-locals from modules linux-starfive (5.19.0-1002.3) kinetic; urgency=medium * kinetic/linux-starfive: 5.19.0-1002.3 -proposed tracker (LP: #1992645) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/master) * Miscellaneous Ubuntu changes - [Config] update configs after rebase [ Ubuntu: 5.19.0-21.21 ] * kinetic/linux: 5.19.0-21.21 -proposed tracker (LP: #1992639) * cannot change mount namespace (LP: #1991691) - SAUCE: apparmor: Fix getaatr mediation causing snap failures * Kernel regresses openjdk on riscv64 (LP: #1992484) - SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid" [ Ubuntu: 5.19.0-20.20 ] * kinetic/linux: 5.19.0-20.20 -proposed tracker (LP: #1992408) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/master) * Kinetic kernels 5.19.0-18/19-generic won't boot on Intel 11th/12th gen (LP: #1991704) - drm/i915: fix null pointer dereference * rcu_sched detected stalls on CPUs/tasks (LP: #1967130) - [Config] Disable VMAP_STACK on riscv64 * Disable sv57 as the userspace is not ready (LP: #1991790) - SAUCE: riscv: mm: Force disable sv57 * earlyconsole prints question marks on 5.19.0-1002-generic (LP: #1988984) - [Config] Set CONFIG_PWM_SIFIVE=m for riscv64 * RCU stalls (LP: #1991951) - [Config] Harmonize RCU_CPU_STALL_TIMEOUT * backport dkms fixes to build modules correctly for hwe-5.19+ kernels with custom compiler (LP: #1991664) - [Packaging] use versioned gcc-12 - [Packaging] Update configs with versioned compiler version * FTBFS on kinetic (LP: #1990964) - SAUCE: uapi: Fixup strace compile error * CVE-2022-40768 - scsi: stex: Properly zero out the passthrough command structure * [22.10 FEAT] zKVM: Crypto Passthrough Hotplug - kernel part (LP: #1852741) - s390/vfio-ap: use new AP bus interface to search for queue devices - s390/vfio-ap: move probe and remove callbacks to vfio_ap_ops.c - s390/vfio-ap: manage link between queue struct and matrix mdev - s390/vfio-ap: introduce shadow APCB - s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev - s390/vfio-ap: allow assignment of unavailable AP queues to mdev device - s390/vfio-ap: rename matrix_dev->lock mutex to matrix_dev->mdevs_lock - s390/vfio-ap: introduce new mutex to control access to the KVM pointer - s390/vfio-ap: use proper locking order when setting/clearing KVM pointer - s390/vfio-ap: prepare for dynamic update of guest's APCB on assign/unassign - s390/vfio-ap: prepare for dynamic update of guest's APCB on queue probe/remove - s390/vfio-ap: allow hot plug/unplug of AP devices when assigned/unassigned - s390/vfio-ap: hot plug/unplug of AP devices when probed/removed - s390/vfio-ap: reset queues after adapter/domain unassignment - s390/vfio-ap: implement in-use callback for vfio_ap driver - s390/vfio-ap: sysfs attribute to display the guest's matrix - s390/vfio-ap: handle config changed and scan complete notification - s390/vfio-ap: update docs to include dynamic config support - s390/Docs: new doc describing lock usage by the vfio_ap device driver - MAINTAINERS: pick up all vfio_ap docs for VFIO AP maintainers [ Ubuntu: 5.19.0-19.19 ] * kinetic/linux: 5.19.0-19.19 -proposed tracker (LP: #1990960) * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check""" - Revert "Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration.""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes""" - Revert "Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display""" - Revert "Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid""" - Revert "Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure.""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx""" - Revert "Revert "Revert "apparmor: fix absroot causing audited secids to begin with =""" - Revert "Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value""" - SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin with = - SAUCE: upstream v6.0: apparmor: Fix kernel-doc - SAUCE: upstream v6.0: lsm: Fix kernel-doc - SAUCE: upstream v6.0: apparmor: Update help description of policy hash for introspection - SAUCE: upstream v6.0: apparmor: make export of raw binary profile to userspace optional - SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for embedded systems - SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled - SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c - SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable - SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc() - SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix undefined reference to `zlib_deflate_workspacesize' - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer required - SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects - SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of IDR - SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid to secctx - SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: allow label to carry debug flags - SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use of the xbits - SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical task.{h,c} - SAUCE: upstream v6.0: apparmor: correct config reference to intended one - SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file op - SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook - SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd - SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new() - SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a namespace - SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes - SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data - SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs - SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: move fperm computation into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure - SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile load - SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into a single shared struct - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared policydb struct - SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct - SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just an integer - SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi - SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs unix sockets - SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making use of the xbits - SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: extend xindex size - SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility to its own file - SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label and tag string - SAUCE: apparmor-next 6.1: apparmor: add mediation class information to auditing - SAUCE: apparmor-next 6.1: apparmor: add user mode flag - SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so it can be reused - SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking - SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary value - SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a permission table - SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes - SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated - SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into perms.h - SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks don't overlap - SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments - SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list - SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved classes - SAUCE: apparmor-next 6.1: apparmor: Fix regression in stacking due to label flags - SAUCE: apparmor-next 6.1: apparmor: Simplify obtain the newest label on a cred - SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static - SAUCE: apparmor-next 6.1: apparmor: Fix doc comment for compute_fperms - SAUCE: apparmor-next 6.1: apparmor: Remove unnecessary size check when unpacking trans_table - SAUCE: apparmor-next 6.1: apparmor: make sure the decompression ctx is promperly initialized - SAUCE: apparmor: add/use fns to print hash string hex value - SAUCE: apparmor: patch to provide compatibility with v2.x net rules - SAUCE: Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static" - SAUCE: apparmor: af_unix mediation - SAUCE: fix shutdown unix socket owner conditional check - SAUCE: apparmor: rename aa_sock() to aa_unix_sk() - SAUCE: apparmor: Add fine grained mediation of posix mqueues - SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock() - SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security - SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure. - SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings - SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid - SAUCE: lsm stacking v37: LSM: Specify which LSM to display - SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display - SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob - SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection - SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names - SAUCE: lsm stacking v37: Audit: Create audit_stamp structure - SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs - SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer - SAUCE: lsm stacking v37: Audit: Add record for multiple task security contexts - SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel - SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts - SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data - SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init - SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context - SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag - SAUCE: security, lsm: Introduce security_create_user_ns() - SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable - SAUCE: selinux: Implement userns_create hook - SAUCE: apparmor: add user namespace creation mediation - [Config] update configs after apply new apparmor patch set * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) // 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084 (LP: #1990236) - SAUCE: apparmor: fix oops in unix owner conditional setup * Miscellaneous Ubuntu changes - [Config] make sure CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is enforced -- Dimitri John Ledkov