Ubuntu
linux-nvidia-6.5 package

PCI/MSI: Prevent MSI hardware interrupt number truncation

Bug #2065721 reported by Brad Figg on 2024-05-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-nvidia-6.5 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

    While calculating the hardware interrupt number for a MSI interrupt, the
    higher bits (i.e. from bit-5 onwards a.k.a domain_nr >= 32) of the PCI
    domain number gets truncated because of the shifted value casting to return
    type of pci_domain_nr() which is 'int'. This for example is resulting in
    same hardware interrupt number for devices 0019:00:00.0 and 0039:00:00.0.

To address this cast the PCI domain number to 'irq_hw_number_t' before left
shifting it to calculate the hardware interrupt number.

    Please note that this fixes the issue only on 64-bit systems and doesn't
    change the behavior for 32-bit systems i.e. the 32-bit systems continue to
    have the issue. Since the issue surfaces only if there are too many PCIe
    controllers in the system which usually is the case in modern server
    systems and they don't tend to run 32-bit kernels.

Tags:

CVE References

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-06-03:

This bug is awaiting verification that the linux-nvidia-6.5/6.5.0-1021.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-done-jammy-linux-nvidia-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-failed-jammy-linux-nvidia-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.5-v2 verification-needed-jammy-linux-nvidia-6.5

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-06-13:

Download full text (75.2 KiB)

This bug was fixed in the package linux-nvidia-6.5 - 6.5.0-1021.22

---------------
linux-nvidia-6.5 (6.5.0-1021.22) jammy; urgency=medium

* jammy/linux-nvidia-6.5: 6.5.0-1021.21 -proposed tracker (LP: #2065892)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.nvidia-6.5/dkms-versions -- update from kernel-versions
      (main/2024.04.29)

* Address out-of-bounds issue when using TPM SPI interface (LP: #2067429)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

  * Perf-stat tool does not support ipc and ipc_rate monitoring on NVIDIA Grace
    system (LP: #2063461)
    - perf vendor events arm64: Update stall_slot workaround for N2 r0p3
    - perf vendor events arm64: Update N2 and V2 metrics and events using Arm
      telemetry repo
    - perf jevents: Add a new expression builtin strcmp_cpuid_str()
    - perf jevents metric: Fix type of strcmp_cpuid_str

* PCI/MSI: Prevent MSI hardware interrupt number truncation (LP: #2065721)
- PCI/MSI: Prevent MSI hardware interrupt number truncation

* Apply patch to set CONFIG_EFI_CAPSULE_LOADER=y for arm64 (LP: #2067111)
- NVIDIA: [Config] EFI: set CAPSULE_LOADER=y for arm64

  * pull-request: Fixes: b2b56a163230 ("gpio: tegra186: Check GPIO pin
    permission before access.") (LP: #2064549)
    - Revert "NVIDIA: SAUCE: Revert "gpio: tegra186: Check GPIO pin permission
      before access.""
    - gpio: tegra186: Fix tegra186_gpio_is_accessible() check

[ Ubuntu: 6.5.0-41.41 ]

  * mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
  * CVE-2024-21823
    - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
    - dmaengine: idxd: add a new security check to deal with a hardware erratum
    - dmaengine: idxd: add a write() method for applications to submit work

[ Ubuntu: 6.5.0-40.40 ]

This bug was fixed in the package linux-nvidia-6.5 - 6.5.0-1021.22

---------------
linux-nvidia-6.5 (6.5.0-1021.22) jammy; urgency=medium

* jammy/linux-nvidia-6.5: 6.5.0-1021.21 -proposed tracker (LP: #2065892)

* Packaging resync (LP: #1786013)
    - [Packaging] debian.nvidia-6.5/dkms-versions -- update from kernel-versions
      (main/2024.04.29)

* Address out-of-bounds issue when using TPM SPI interface (LP: #2067429)
    - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

* PCI/MSI: Prevent MSI hardware interrupt number truncation (LP: #2065721)
    - PCI/MSI: Prevent MSI hardware interrupt number truncation

* Apply patch to set CONFIG_EFI_CAPSULE_LOADER=y for arm64 (LP: #2067111)
    - NVIDIA: [Config] EFI: set CAPSULE_LOADER=y for arm64

[ Ubuntu: 6.5.0-41.41 ]

[ Ubuntu: 6.5.0-40.40 ]

* mantic/linux: 6.5.0-40.40 -proposed tracker (LP: #2063709)
  * [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
    - Revert "minmax: relax check to allow comparison between unsigned arguments
      and signed constants"
    - Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
    - Revert "minmax: allow min()/max()/clamp() if the arguments have the same
      signedness."
    - Revert "minmax: add umin(a, b) and umax(a, b)"
  * Drop fips-checks script from trees (LP: #2055083)
    - [Packaging] Remove fips-checks script
  * alsa/realtek: adjust max output valume for headphone on 2 LG machines
    (LP: #2058573)
    - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
  * Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284)
    - asm-generic: make sparse happy with odd-sized put_unaligned_*()
    - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
    - arm64: irq: set the correct node for VMAP stack
    - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
    - powerpc: Fix build error due to is_valid_bugaddr()
    - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
    - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
    - x86/boot: Ignore NMIs during very early boot
    - powerpc: pmd_move_must_withdraw() is only needed for
      CONFIG_TRANSPARENT_HUGEPAGE
    - powerpc/lib: Validate size for vector operations
    - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
    - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
      sysfs file
    - debugobjects: Stop accessing objects after releasing hash bucket lock
    - regulator: core: Only increment use_count when enable_count changes
    - audit: Send netlink ACK before setting connection in auditd_set
    - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
    - PNP: ACPI: fix fortify warning
    - ACPI: extlog: fix NULL pointer dereference check
    - ACPI: NUMA: Fix the logic of getting the fake_pxm value
    - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
    - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
      events
    - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
    - jfs: fix array-index-out-of-bounds in dbAdjTree
    - pstore/ram: Fix crash when setting number of cpus to an odd number
    - crypto: octeontx2 - Fix cptvf driver cleanup
    - erofs: fix ztailpacking for subpage compressed blocks
    - crypto: stm32/crc32 - fix parsing list of devices
    - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
    - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
    - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
    - jfs: fix array-index-out-of-bounds in diNewExt
    - arch: consolidate arch_irq_work_raise prototypes
    - s390/vfio-ap: fix sysfs status attribute for AP queue devices
    - s390/ptrace: handle setting of fpc register correctly
    - KVM: s390: fix setting of fpc register
    - SUNRPC: Fix a suspicious RCU usage warning
    - ecryptfs: Reject casefold directory inodes
    - ext4: fix inconsistent between segment fstrim and full fstrim
    - ext4: unify the type of flexbg_size to unsigned int
    - ext4: remove unnecessary check from alloc_flex_gd()
    - ext4: avoid online resizing failures due to oversized flex bg
    - wifi: rt2x00: restart beacon queue when hardware reset
    - selftests/bpf: satisfy compiler by having explicit return in btf test
    - selftests/bpf: Fix pyperf180 compilation failure with clang18
    - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
    - selftests/bpf: Fix issues in setup_classid_environment()
    - soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
    - soc: xilinx: fix unhandled SGI warning message
    - scsi: lpfc: Fix possible file string name overflow when updating firmware
    - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
    - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
    - net: usb: ax88179_178a: avoid two consecutive device resets
    - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
    - ARM: dts: imx7d: Fix coresight funnel ports
    - ARM: dts: imx7s: Fix lcdif compatible
    - ARM: dts: imx7s: Fix nand-controller #size-cells
    - wifi: ath9k: Fix potential array-index-out-of-bounds read in
      ath9k_htc_txstatus()
    - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
    - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
    - scsi: libfc: Don't schedule abort twice
    - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
    - bpf: Set uattr->batch.count as zero before batched update or deletion
    - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
    - ARM: dts: rockchip: fix rk3036 hdmi ports node
    - ARM: dts: imx25/27-eukrea: Fix RTC node name
    - ARM: dts: imx: Use flash@0,0 pattern
    - ARM: dts: imx27: Fix sram node
    - ARM: dts: imx1: Fix sram node
    - net: phy: at803x: fix passing the wrong reference for config_intr
    - ionic: pass opcode to devcmd_wait
    - ionic: bypass firmware cmds when stuck in reset
    - block/rnbd-srv: Check for unlikely string overflow
    - ARM: dts: imx25: Fix the iim compatible string
    - ARM: dts: imx25/27: Pass timing0
    - ARM: dts: imx27-apf27dev: Fix LED name
    - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
    - ARM: dts: imx23/28: Fix the DMA controller node name
    - scsi: hisi_sas: Set .phy_attached before notifing phyup event
      HISI_PHYE_PHY_UP_PM
    - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
    - net: atlantic: eliminate double free in error handling logic
    - net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
    - block: prevent an integer overflow in bvec_try_merge_hw_page
    - md: Whenassemble the array, consult the superblock of the freshest device
    - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
    - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
    - ice: fix pre-shifted bit usage
    - arm64: dts: amlogic: fix format for s4 uart node
    - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
    - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
    - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
    - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
    - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
    - Bluetooth: hci_sync: fix BR/EDR wakeup bug
    - Bluetooth: L2CAP: Fix possible multiple reject send
    - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
    - bridge: cfm: fix enum typo in br_cc_ccm_tx_parse
    - i40e: Fix VF disable behavior to block all traffic
    - octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry
    - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
    - f2fs: fix to check return value of f2fs_reserve_new_block()
    - ALSA: hda: Refer to correct stream index at loops
    - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
    - fast_dput(): handle underflows gracefully
    - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
    - drm/panel-edp: Add override_edid_mode quirk for generic edp
    - drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms
    - drm/amd/display: Fix tiled display misalignment
    - f2fs: fix write pointers on zoned device after roll forward
    - drm/drm_file: fix use of uninitialized variable
    - drm/framebuffer: Fix use of uninitialized variable
    - drm/mipi-dsi: Fix detach call without attach
    - media: stk1160: Fixed high volume of stk1160_dbg messages
    - media: rockchip: rga: fix swizzling for RGB formats
    - PCI: add INTEL_HDA_ARL to pci_ids.h
    - ALSA: hda: Intel: add HDA_ARL PCI ID support
    - media: rkisp1: Fix IRQ handler return values
    - media: rkisp1: Store IRQ lines
    - media: rkisp1: Fix IRQ disable race issue
    - f2fs: fix to tag gcing flag on page during block migration
    - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
    - IB/ipoib: Fix mcast list locking
    - media: amphion: remove mutext lock in condition of wait_event
    - media: ddbridge: fix an error code problem in ddb_probe
    - media: i2c: imx335: Fix hblank min/max values
    - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
    - drm/msm/dpu: Ratelimit framedone timeout msgs
    - drm/msm/dpu: fix writeback programming for YUV cases
    - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
    - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
    - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
    - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
    - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
    - clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks
    - drm/amdgpu: Fix ecc irq enable/disable unpaired
    - drm/amdgpu: Let KFD sync with VM fences
    - drm/amdgpu: Fix '*fw' from request_firmware() not released in
      'amdgpu_ucode_request()'
    - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
    - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()'
    - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
    - leds: trigger: panic: Don't register panic notifier if creating the trigger
      failed
    - um: Fix naming clash between UML and scheduler
    - um: Don't use vfprintf() for os_info()
    - um: net: Fix return type of uml_net_start_xmit()
    - um: time-travel: fix time corruption
    - i3c: master: cdns: Update maximum prescaler value for i2c clock
    - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
    - mfd: ti_am335x_tscadc: Fix TI SoC dependencies
    - [Config] updateconfigs for MFD_TI_AM335X_TSCADC
    - mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
    - PCI: Only override AMD USB controller if required
    - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
    - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
    - usb: hub: Replace hardcoded quirk value with BIT() macro
    - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
      hub
    - selftests/sgx: Fix linker script asserts
    - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
    - fs/kernfs/dir: obey S_ISGID
    - spmi: mediatek: Fix UAF on device remove
    - PCI: Fix 64GT/s effective data rate calculation
    - PCI/AER: Decode Requester ID when no error info found
    - 9p: Fix initialisation of netfs_inode for 9p
    - misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback
    - libsubcmd: Fix memory leak in uniq()
    - drm/amdkfd: Fix lock dependency warning
    - drm/amdkfd: Fix lock dependency warning with srcu
    - virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region
      of size 10" warnings
    - blk-mq: fix IO hang from sbitmap wakeup race
    - ceph: reinitialize mds feature bit even when session in open
    - ceph: fix deadlock or deadcode of misusing dget()
    - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
    - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
      'get_platform_power_management_table()'
    - drm/amdgpu: Fix with right return code '-EIO' in
      'amdgpu_gmc_vram_checking()'
    - drm/amdgpu: Release 'adev->pm.fw' before return in
      'amdgpu_device_need_post()'
    - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
    - perf: Fix the nr_addr_filters fix
    - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
    - drm: using mul_u32_u32() requires linux/math64.h
    - scsi: isci: Fix an error code problem in isci_io_request_build()
    - regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for
      shared interrupt register
    - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
    - HID: hidraw: fix a problem of memory leak in hidraw_release()
    - selftests: net: give more time for GRO aggregation
    - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
    - ipmr: fix kernel panic when forwarding mcast packets
    - net: lan966x: Fix port configuration when using SGMII interface
    - tcp: add sanity checks to rx zerocopy
    - ixgbe: Refactor returning internal error codes
    - ixgbe: Refactor overtemp event handling
    - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
    - net: dsa: qca8k: fix illegal usage of GPIO
    - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
    - llc: call sock_orphan() at release time
    - bridge: mcast: fix disabled snooping after long uptime
    - selftests: net: add missing config for GENEVE
    - netfilter: conntrack: correct window scaling with retransmitted SYN
    - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
    - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
    - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
      expectations
    - net: ipv4: fix a memleak in ip_setup_cork
    - af_unix: fix lockdep positive in sk_diag_dump_icons()
    - SAUCE: Sync apparmor copy of af_unix.c
    - selftests: net: fix available tunnels detection
    - net: sysfs: Fix /sys/class/net/<iface> path
    - selftests: team: Add missing config options
    - selftests: bonding: Check initial state
    - arm64: irq: set the correct node for shadow call stack
    - mm, kmsan: fix infinite recursion due to RCU critical section
    - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
    - drm/msm/dsi: Enable runtime PM
    - LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init()
    - gve: Fix use-after-free vulnerability
    - bonding: remove print in bond_verify_device_path
    - ASoC: codecs: lpass-wsa-macro: fix compander volume hack
    - ASoC: codecs: wsa883x: fix PA volume control
    - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
    - Documentation/sphinx: fix Python string escapes
    - kunit: tool: fix parsing of test attributes
    - thermal: core: Fix thermal zone suspend-resume synchronization
    - hwrng: starfive - Fix dev_err_probe return error
    - crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings
    - erofs: fix up compacted indexes for block size < 4096
    - crypto: starfive - Fix dev_err_probe return error
    - s390/boot: always align vmalloc area on segment boundary
    - ext4: treat end of range as exclusive in ext4_zero_range()
    - wifi: rtw89: fix timeout calculation in rtw89_roc_end()
    - ARM: dts: qcom: strip prefix from PMIC files
    - ARM: dts: qcom: mdm9615: fix PMIC node labels
    - ARM: dts: qcom: msm8660: fix PMIC node labels
    - ARM: dts: samsung: exynos4: fix camera unit addresses/ranges
    - ARM: dts: samsung: s5pv210: fix camera unit addresses/ranges
    - net: phy: micrel: fix ts_info value in case of no phc
    - bpf: Prevent inlining of bpf_fentry_test7()
    - bpf: Fix a few selftest failures due to llvm18 change
    - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode
    - bpf: Set need_defer as false when clearing fd array during map free
    - wifi: ath12k: fix and enable AP mode for WCN7850
    - minmax: add umin(a, b) and umax(a, b)
    - minmax: allow min()/max()/clamp() if the arguments have the same signedness.
    - minmax: allow comparisons of 'int' against 'unsigned char/short'
    - minmax: relax check to allow comparison between unsigned arguments and
      signed constants
    - net: mvmdio: Avoid excessive sleeps in polled mode
    - arm64: dts: qcom: sm8550: fix soundwire controllers node name
    - arm64: dts: qcom: sm8450: fix soundwire controllers node name
    - arm64: dts: qcom: sm8350: Fix remoteproc interrupt type
    - wifi: mt76: connac: fix EHT phy mode check
    - wifi: mt76: mt7996: add PCI IDs for mt7992
    - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not
      read correctly for WCN7850
    - arm64: zynqmp: Move fixed clock to / for kv260
    - arm64: zynqmp: Fix clock node name in kv260 cards
    - selftests/bpf: fix compiler warnings in RELEASE=1 mode
    - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC
    - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization
      completes
    - arm64: dts: qcom: Fix coresight warnings in in-ports and out-ports
    - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members
    - Bluetooth: ISO: Avoid creating child socket if PA sync is terminating
    - arm64: dts: sprd: Add clock reference for pll2 on UMS512
    - arm64: dts: sprd: Change UMS512 idle-state nodename to match bindings
    - net: kcm: fix direct access to bv_len
    - reiserfs: Avoid touching renamed directory if parent does not change
    - drm/amd/display: Fix MST PBN/X.Y value calculations
    - drm/drm_file: fix use of uninitialized variable
    - drm/msm/dp: Add DisplayPort controller for SM8650
    - media: uvcvideo: Fix power line control for a Chicony camera
    - media: uvcvideo: Fix power line control for SunplusIT camera
    - media: rkisp1: resizer: Stop manual allocation of v4l2_subdev_state
    - hwmon: (hp-wmi-sensors) Fix failure to load on EliteDesk 800 G6
    - drm/amd/display: Force p-state disallow if leaving no plane config
    - drm/amdkfd: fix mes set shader debugger process management
    - drm/msm/dpu: enable writeback on SM8350
    - drm/msm/dpu: enable writeback on SM8450
    - watchdog: starfive: add lock annotations to fix context imbalances
    - accel/habanalabs: add support for Gaudi2C device
    - drm/amd/display: Only clear symclk otg flag for HDMI
    - drm/amd/display: Fix minor issues in BW Allocation Phase2
    - drm/amdgpu: apply the RV2 system aperture fix to RN/CZN as well
    - pinctrl: baytrail: Fix types of config value in byt_pin_config_set()
    - riscv: Make XIP bootable again
    - extcon: fix possible name leak in extcon_dev_register()
    - usb: xhci-plat: fix usb disconnect issue after s4
    - i2c: rk3x: Adjust mask/value offset for i2c2 on rv1126
    - drm/amdkfd: only flush mes process context if mes support is there
    - riscv: Fix build error on rv32 + XIP
    - selftests: net: remove dependency on ebpf tests
    - selftests: net: explicitly wait for listener ready
    - gve: Fix skb truesize underestimation
    - net: phy: phy_device: Call into the PHY driver to set LED offload
    - net: phy: mediatek-ge-soc: support PHY LEDs
    - net: phy: mediatek-ge-soc: sync driver with MediaTek SDK
    - selftests: net: add missing config for big tcp tests
    - selftests: net: add missing required classifier
    - net: dsa: mt7530: fix 10M/100M speed on MT7988 switch
    - e1000e: correct maximum frequency adjustment values
    - selftests: net: Add missing matchall classifier
    - devlink: Fix referring to hw_addr attribute during state validation
    - pds_core: Cancel AQ work on teardown
    - pds_core: Use struct pdsc for the pdsc_adminq_isr private data
    - pds_core: implement pci reset handlers
    - pds_core: Prevent race issues involving the adminq
    - pds_core: Clear BARs on reset
    - pds_core: Rework teardown/setup flow to be more common
    - selftests: net: add missing config for nftables-backed iptables
    - selftests: net: add missing config for pmtu.sh tests
    - selftests: net: don't access /dev/stdout in pmtu.sh
    - octeontx2-pf: Remove xdp queues on program detach
    - selftests: net: add missing config for NF_TARGET_TTL
    - selftests: net: enable some more knobs
    - selftests/bpf: Remove flaky test_btf_id test
    - ASoC: qcom: sc8280xp: limit speaker volumes
    - ASoC: codecs: wcd938x: fix headphones volume controls
    - pds_core: Prevent health thread from running during reset/remove
    - Upstream stable to v6.1.77, v6.6.16
  * Mantic update: upstream stable patchset 2024-03-26 (LP: #2059068)
    - iio: adc: ad7091r: Set alert bit in config register
    - iio: adc: ad7091r: Allow users to configure device events
    - ext4: allow for the last group to be marked as trimmed
    - arm64: properly install vmlinuz.efi
    - OPP: Pass rounded rate to _set_opp()
    - btrfs: sysfs: validate scrub_speed_max value
    - crypto: api - Disallow identical driver names
    - PM: hibernate: Enforce ordering during image compression/decompression
    - crypto: s390/aes - Fix buffer overread in CTR mode
    - s390/vfio-ap: unpin pages on gisc registration failure
    - PM / devfreq: Fix buffer overflow in trans_stat_show
    - media: imx355: Enable runtime PM before registering async sub-device
    - rpmsg: virtio: Free driver_override when rpmsg_remove()
    - media: ov9734: Enable runtime PM before registering async sub-device
    - s390/vfio-ap: always filter entire AP matrix
    - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP
      configuration
    - s390/vfio-ap: let on_scan_complete() callback filter matrix and update
      guest's APCB
    - mips: Fix max_mapnr being uninitialized on early stages
    - bus: mhi: host: Add alignment check for event ring read pointer
    - bus: mhi: host: Drop chan lock before queuing buffers
    - bus: mhi: host: Add spinlock to protect WP access when queueing TREs
    - parisc/firmware: Fix F-extend for PDC addresses
    - parisc/power: Fix power soft-off button emulation on qemu
    - async: Split async_schedule_node_domain()
    - async: Introduce async_schedule_dev_nocall()
    - iio: adc: ad7091r: Enable internal vref if external vref is not supplied
    - dmaengine: fix NULL pointer in channel unregistration function
    - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
    - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
    - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
    - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
    - arm64: dts: qcom: sc7280: fix usb_1 wakeup interrupt types
    - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
    - arm64: dts: qcom: sm8150: fix USB DP/DM HS PHY interrupts
    - lsm: new security_file_ioctl_compat() hook
    - docs: kernel_abi.py: fix command injection
    - scripts/get_abi: fix source path leak
    - media: videobuf2-dma-sg: fix vmap callback
    - mmc: core: Use mrq.sbc in close-ended ffu
    - mmc: mmc_spi: remove custom DMA mapped buffers
    - media: mtk-jpeg: Fix use after free bug due to error path handling in
      mtk_jpeg_dec_device_run
    - arm64: Rename ARM64_WORKAROUND_2966298
    - rtc: cmos: Use ACPI alarm for non-Intel x86 systems too
    - rtc: Adjust failure return code for cmos_set_alarm()
    - rtc: mc146818-lib: Adjust failure return code for mc146818_get_time()
    - rtc: Add support for configuring the UIP timeout for RTC reads
    - rtc: Extend timeout for waiting for UIP to clear to 1s
    - nouveau/vmm: don't set addr on the fail path to avoid warning
    - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
    - mm/rmap: fix misplaced parenthesis of a likely()
    - mm/sparsemem: fix race in accessing memory_section->usage
    - rename(): fix the locking of subdirectories
    - serial: sc16is7xx: improve regmap debugfs by using one regmap per port
    - serial: sc16is7xx: remove wasteful static buffer in sc16is7xx_regmap_name()
    - serial: sc16is7xx: remove global regmap from struct sc16is7xx_port
    - serial: sc16is7xx: remove unused line structure member
    - serial: sc16is7xx: change EFR lock to operate on each channels
    - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
    - serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in case of probe
      error
    - serial: sc16is7xx: remove obsolete loop in sc16is7xx_port_irq()
    - serial: sc16is7xx: improve do/while loop in sc16is7xx_irq()
    - LoongArch/smp: Call rcutree_report_cpu_starting() earlier
    - mm: page_alloc: unreserve highatomic page blocks before oom
    - ksmbd: set v2 lease version on lease upgrade
    - ksmbd: fix potential circular locking issue in smb2_set_ea()
    - ksmbd: don't increment epoch if current state and request state are same
    - ksmbd: send lease break notification on FILE_RENAME_INFORMATION
    - ksmbd: Add missing set_freezable() for freezable kthread
    - Revert "drm/amd: Enable PCIe PME from D3"
    - wifi: mac80211: fix potential sta-link leak
    - net/smc: fix illegal rmb_desc access in SMC-D connection dump
    - bnxt_en: Wait for FLR to complete during probe
    - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
    - llc: make llc_ui_sendmsg() more robust against bonding changes
    - udp: fix busy polling
    - net: fix removing a namespace with conflicting altnames
    - tun: fix missing dropped counter in tun_xdp_act
    - tun: add missing rx stats accounting in tun_xdp_act
    - net: micrel: Fix PTP frame parsing for lan8814
    - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
    - netfs, fscache: Prevent Oops in fscache_put_cache()
    - tracing: Ensure visibility when inserting an element into tracing_map
    - afs: Hide silly-rename files from userspace
    - tcp: Add memory barrier to tcp_push()
    - netlink: fix potential sleeping issue in mqueue_flush_file
    - net/mlx5: DR, Use the right GVMI number for drop action
    - net/mlx5: DR, Can't go to uplink vport on RX rule
    - net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO
    - net/mlx5e: Allow software parsing when IPsec crypto is enabled
    - net/mlx5e: fix a double-free in arfs_create_groups
    - net/mlx5e: fix a potential double-free in fs_any_create_groups
    - rcu: Defer RCU kthreads wakeup when CPU is dying
    - netfilter: nft_limit: reject configurations that cause integer overflow
    - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
    - netfilter: nf_tables: validate NFPROTO_* family
    - net: stmmac: Wait a bit for the reset to take effect
    - net: mvpp2: clear BM pool before initialization
    - selftests: netdevsim: fix the udp_tunnel_nic test
    - fjes: fix memleaks in fjes_hw_setup
    - net: fec: fix the unhandled context fault from smmu
    - nbd: always initialize struct msghdr completely
    - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume
      being deleted
    - btrfs: ref-verify: free ref cache before clearing mount opt
    - btrfs: tree-checker: fix inline ref size in error messages
    - btrfs: don't warn if discard range is not aligned to sector
    - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
    - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
    - rbd: don't move requests to the running list on errors
    - exec: Fix error handling in begin_new_exec()
    - wifi: iwlwifi: fix a memory corruption
    - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes
    - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress
      basechain
    - platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
    - ksmbd: fix global oob in ksmbd_nl_policy
    - firmware: arm_scmi: Check mailbox/SMT channel for consistency
    - xfs: read only mounts with fsopen mount API are busted
    - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
    - cpufreq: intel_pstate: Refine computation of P-state for given frequency
    - drm: Don't unref the same fb many times by mistake due to deadlock handling
    - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
    - drm/tidss: Fix atomic_flush check
    - drm/bridge: nxp-ptn3460: simplify some error checking
    - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A
    - drm/amdgpu/pm: Fix the power source flag error
    - erofs: fix lz4 inplace decompression
    - media: ov13b10: Enable runtime PM before registering async sub-device
    - PM: sleep: Fix possible deadlocks in core system-wide PM code
    - thermal: intel: hfi: Refactor enabling code into helper functions
    - thermal: intel: hfi: Disable an HFI instance when all its CPUs go offline
    - thermal: intel: hfi: Add syscore callbacks for system-wide PM
    - fs/pipe: move check to pipe_has_watch_queue()
    - pipe: wakeup wr_wait after setting max_usage
    - ARM: dts: qcom: sdx55: fix USB wakeup interrupt types
    - ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12
    - ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells'
    - ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts
    - ARM: dts: qcom: sdx55: fix USB SS wakeup
    - dlm: use kernel_connect() and kernel_bind()
    - serial: core: Provide port lock wrappers
    - serial: sc16is7xx: Use port lock wrappers
    - serial: sc16is7xx: fix unconditional activation of THRI interrupt
    - btrfs: zoned: factor out prepare_allocation_zoned()
    - btrfs: zoned: optimize hint byte for zoned allocator
    - drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing
    - Revert "powerpc/64s: Increase default stack size to 32KB"
    - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer
    - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
    - drm/bridge: sii902x: Fix probing race issue
    - drm/bridge: sii902x: Fix audio codec unregistration
    - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable()
    - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case
    - drm/exynos: fix accidental on-stack copy of exynos_drm_plane
    - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
    - gpio: eic-sprd: Clear interrupt after set the interrupt type
    - drm/bridge: anx7625: Ensure bridge is suspended in disable()
    - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
    - spi: fix finalize message on error return
    - MIPS: lantiq: register smp_ops on non-smp platforms
    - cxl/region：Fix overflow issue in alloc_hpa()
    - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
    - tick/sched: Preserve number of idle sleeps across CPU hotplug events
    - x86/entry/ia32: Ensure s32 is sign extended to s64
    - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
    - docs: sparse: move TW sparse.txt to TW dev-tools
    - docs: sparse: add sparse.rst to toctree
    - serial: core: Simplify uart_get_rs485_mode()
    - serial: core: set missing supported flag for RX during TX GPIO
    - soundwire: bus: introduce controller_id
    - soundwire: fix initializing sysfs for same devices on different buses
    - net: stmmac: Tx coe sw fallback
    - net: stmmac: Prevent DSA tags from breaking COE
    - dmaengine: idxd: Move dma_free_coherent() out of spinlocked context
    - riscv: Fix an off-by-one in get_early_cmdline()
    - scsi: core: Kick the requeue list after inserting when flushing
    - sh: ecovec24: Rename missed backlight field from fbdev to dev
    - smb: client: fix parsing of SMB3.1.1 POSIX create context
    - cifs: do not pass cifs_sb when trying to add channels
    - cifs: handle cases where a channel is closed
    - cifs: reconnect work should have reference on server struct
    - cifs: handle when server starts supporting multichannel
    - cifs: handle when server stops supporting multichannel
    - cifs: reconnect worker should take reference on server struct
      unconditionally
    - cifs: handle servers that still advertise multichannel after disabling
    - cifs: update iface_last_update on each query-and-update
    - powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2
    - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
    - mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters
    - mtd: rawnand: Prevent crossing LUN boundaries during sequential reads
    - mtd: rawnand: Fix core interference with sequential reads
    - mtd: rawnand: Prevent sequential reads with on-die ECC engines
    - mtd: rawnand: Clarify conditions to enable continuous reads
    - soc: qcom: pmic_glink_altmode: fix port sanity check
    - media: ov01a10: Enable runtime PM before registering async sub-device
    - soc: fsl: cpm1: tsa: Fix __iomem addresses declaration
    - soc: fsl: cpm1: qmc: Fix __iomem addresses declaration
    - soc: fsl: cpm1: qmc: Fix rx channel reset
    - s390/vfio-ap: reset queues filtered from the guest's AP config
    - s390/vfio-ap: reset queues associated with adapter for queue unbound from
      driver
    - s390/vfio-ap: do not reset queue removed from host config
    - ARM: dts: imx6q-apalis: add can power-up delay on ixora board
    - arm64: dts: qcom: sc8280xp-crd: fix eDP phy compatible
    - arm64: dts: sprd: fix the cpu node for UMS512
    - arm64: dts: rockchip: configure eth pad driver strength for orangepi r1 plus
      lts
    - arm64: dts: rockchip: Fix rk3588 USB power-domain clocks
    - arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely
    - arm64: dts: qcom: msm8939: Make blsp_dma controlled-remotely
    - arm64: dts: qcom: sdm670: fix USB wakeup interrupt types
    - arm64: dts: qcom: sc8180x: fix USB wakeup interrupt types
    - arm64: dts: qcom: Add missing vio-supply for AW2013
    - arm64: dts: qcom: sdm845: fix USB SS wakeup
    - arm64: dts: qcom: sm8150: fix USB SS wakeup
    - arm64: dts: qcom: sc8180x: fix USB DP/DM HS PHY interrupts
    - arm64: dts: qcom: sc8180x: fix USB SS wakeup
    - media: i2c: st-mipid02: correct format propagation
    - media: mtk-jpeg: Fix timeout schedule error in mtk_jpegdec_worker.
    - riscv: mm: Fixup compat mode boot failure
    - arm64: errata: Add Cortex-A510 speculative unprivileged load workaround
    - [Config] update config for ARM64_ERRATUM_3117295
    - arm64/sme: Always exit sme_alloc() early with existing storage
    - arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
    - efi: disable mirror feature during crashkernel
    - kexec: do syscore_shutdown() in kernel_kexec
    - selftests: mm: hugepage-vmemmap fails on 64K page size systems
    - serial: Do not hold the port lock when setting rx-during-tx GPIO
    - dt-bindings: net: snps,dwmac: Tx coe unsupported
    - bpf: move explored_state() closer to the beginning of verifier.c
    - bpf: extract same_callsites() as utility function
    - bpf: exact states comparison for iterator convergence checks
    - selftests/bpf: tests with delayed read/precision makrs in loop body
    - bpf: correct loop detection for iterators convergence
    - selftests/bpf: test if state loops are detected in a tricky case
    - bpf: print full verifier states on infinite loop detection
    - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy
    - selftests/bpf: track string payload offset as scalar in strobemeta
    - bpf: extract __check_reg_arg() utility function
    - bpf: extract setup_func_entry() utility function
    - bpf: verify callbacks as if they are called unknown number of times
    - selftests/bpf: tests for iterating callbacks
    - bpf: widening for callback iterators
    - bpf: keep track of max number of bpf_loop callback iterations
    - cifs: fix lock ordering while disabling multichannel
    - cifs: fix a pending undercount of srv_count
    - cifs: after disabling multichannel, mark tcon for reconnect
    - selftests: bonding: Increase timeout to 1200s
    - bnxt_en: Prevent kernel warning when running offline self test
    - selftest: Don't reuse port for SO_INCOMING_CPU test.
    - selftests: fill in some missing configs for net
    - net/sched: flower: Fix chain template offload
    - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll
      context
    - net/mlx5e: Fix peer flow lists handling
    - net/mlx5: Bridge, Enable mcast in smfs steering mode
    - net/mlx5: Bridge, fix multicast packets sent to uplink
    - net/mlx5e: Ignore IPsec replay window values on sender side
    - selftests: net: fix rps_default_mask with >32 CPUs
    - bpf: Propagate modified uaddrlen from cgroup sockaddr programs
    - bpf: Add bpf_sock_addr_set_sun_path() to allow writing unix sockaddr from
      bpf
    - ice: work on pre-XDP prog frag count
    - i40e: handle multi-buffer packets that are shrunk by xdp prog
    - ice: remove redundant xdp_rxq_info registration
    - ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue
    - i40e: set xdp_rxq_info::frag_size
    - selftests: bonding: do not test arp/ns target with mode balance-alb/tlb
    - tsnep: Remove FCS for XDP data path
    - tsnep: Fix XDP_RING_NEED_WAKEUP for empty fill ring
    - btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned
    - nfsd: fix RELEASE_LOCKOWNER
    - Revert "drivers/firmware: Move sysfb_init() from device_initcall to
      subsys_initcall_sync"
    - drm/amdgpu: Fix the null pointer when load rlc firmware
    - drm: Fix TODO list mentioning non-KMS drivers
    - drm: Disable the cursor plane on atomic contexts with virtualized drivers
    - drm/virtio: Disable damage clipping if FB changed since last page-flip
    - drm: Allow drivers to indicate the damage helpers to ignore damage clips
    - drm/amd/display: fix bandwidth validation failure on DCN 2.1
    - drm/amdgpu: correct the cu count for gfx v11
    - drm/amd/display: Align the returned error code with legacy DP
    - drm/amd/display: Fix late derefrence 'dsc' check in
      'link_set_dsc_pps_packet()'
    - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd()
      & write_dpcd()' functions
    - net/bpf: Avoid unused "sin_addr_len" warning when CONFIG_CGROUP_BPF is not
      set
    - thermal: gov_power_allocator: avoid inability to reset a cdev
    - mm: migrate: record the mlocked page status to remove unnecessary lru drain
    - mm: migrate: fix getting incorrect page mapping during page migration
    - drm/i915/lnl: Remove watchdog timers for PSR
    - drm/i915/psr: Only allow PSR in LPSP mode on HSW non-ULT
    - drm/panel-edp: Add AUO B116XTN02, BOE NT116WHM-N21,836X2, NV116WHM-N49 V8.0
    - drm/panel-edp: drm/panel-edp: Fix AUO B116XTN02 name
    - drm/amdgpu/gfx10: set UNORD_DISPATCH in compute MQDs
    - drm/amdgpu/gfx11: set UNORD_DISPATCH in compute MQDs
    - drm/panel: samsung-s6d7aa0: drop DRM_BUS_FLAG_DE_HIGH for lsl080al02
    - memblock: fix crash when reserved memory is not added to memory
    - firmware: arm_scmi: Use xa_insert() when saving raw queues
    - spi: intel-pci: Remove Meteor Lake-S SoC PCI ID from the list
    - cpufreq/amd-pstate: Fix setting scaling max/min freq values
    - spi: spi-cadence: Reverse the order of interleaved write and read operations
    - cifs: fix stray unlock in cifs_chan_skip_or_disable
    - drm: bridge: samsung-dsim: Don't use FORCE_STOP_STATE
    - genirq: Initialize resend_node hlist for all interrupt descriptors
    - clocksource: Skip watchdog check for large watchdog intervals
    - platform/x86: intel-uncore-freq: Fix types in sysfs callbacks
    - Upstream stable to v6.1.76, v6.6.15
  * CVE-2024-26582
    - net: tls: fix use-after-free with partial reads and async decrypt
    - net: tls: fix returned read length with async decrypt
  * CVE-2024-26584
    - net: tls: handle backlogging of crypto requests
  * CVE-2024-26585
    - tls: fix race between tx work scheduling and socket close
  * CVE-2024-26583
    - tls: extract context alloc/initialization out of tls_set_sw_offload
    - net: tls: factor out tls_*crypt_async_wait()
    - tls: fix race between async notify and socket close
  * Fix headphone mic detection issue on ALC897 (LP: #2056418)
    - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897
      platform
  * The screen brightness is unable to adjust on BOE panel DPN#R6FD8
    (LP: #2057430)
    - drm/amd/display: Re-add aux intercept disable delay generically for 2+
      LTTPRs
    - drm/amd/display: Clear dpcd_sink_ext_caps if not set
    - drm/amd/display: Add monitor patch for specific eDP
    - drm/amd/display: Add monitor patch for specific eDP
  * Dynamically determine acpi_handle_list size (LP: #2049733)
    - ACPI: utils: Dynamically determine acpi_handle_list size
    - ACPI: utils: Fix error path in acpi_evaluate_reference()
    - ACPI: utils: Fix white space in struct acpi_handle_list definition
  * Mantic update: upstream stable patchset 2024-03-07 (LP: #2056403)
    - x86/lib: Fix overflow when counting digits
    - x86/mce/inject: Clear test status value
    - EDAC/thunderx: Fix possible out-of-bounds string access
    - powerpc: add crtsavres.o to always-y instead of extra-y
    - powerpc/44x: select I2C for CURRITUCK
    - powerpc/pseries/memhp: Fix access beyond end of drmem array
    - selftests/powerpc: Fix error handling in FPU/VMX preemption tests
    - powerpc/powernv: Add a null pointer check to scom_debug_init_one()
    - powerpc/powernv: Add a null pointer check in opal_event_init()
    - powerpc/powernv: Add a null pointer check in opal_powercap_init()
    - powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
    - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
    - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
    - ACPI: video: check for error while searching for backlight device parent
    - ACPI: LPIT: Avoid u32 multiplication overflow
    - platform/x86/intel/vsec: Fix xa_alloc memory leak
    - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()
    - calipso: fix memory leak in netlbl_calipso_add_pass()
    - efivarfs: force RO when remounting if SetVariable is not supported
    - spi: sh-msiof: Enforce fixed DTDL for R-Car H3
    - ACPI: LPSS: Fix the fractional clock divider flags
    - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
    - kunit: debugfs: Fix unchecked dereference in debugfs_print_results()
    - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
    - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
    - crypto: virtio - Handle dataq logic with tasklet
    - crypto: sa2ul - Return crypto_aead_setkey to transfer the error
    - crypto: ccp - fix memleak in ccp_init_dm_workarea
    - crypto: af_alg - Disallow multiple in-flight AIO requests
    - crypto: safexcel - Add error handling for dma_map_sg() calls
    - crypto: sahara - remove FLAGS_NEW_KEY logic
    - crypto: sahara - fix cbc selftest failure
    - crypto: sahara - fix ahash selftest failure
    - crypto: sahara - fix processing requests with cryptlen < sg->length
    - crypto: sahara - fix error handling in sahara_hw_descriptor_create()
    - crypto: hisilicon/qm - save capability registers in qm init process
    - crypto: hisilicon/zip - add zip comp high perf mode configuration
    - crypto: hisilicon/qm - add a function to set qm algs
    - crypto: hisilicon/hpre - save capability registers in probe process
    - crypto: hisilicon/sec2 - save capability registers in probe process
    - crypto: hisilicon/zip - save capability registers in probe process
    - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
    - erofs: fix memory leak on short-lived bounced pages
    - fs: indicate request originates from old mount API
    - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
    - crypto: virtio - Wait for tasklet to complete on device remove
    - crypto: sahara - avoid skcipher fallback code duplication
    - crypto: sahara - handle zero-length aes requests
    - crypto: sahara - fix ahash reqsize
    - crypto: sahara - fix wait_for_completion_timeout() error handling
    - crypto: sahara - improve error handling in sahara_sha_process()
    - crypto: sahara - fix processing hash requests with req->nbytes < sg->length
    - crypto: sahara - do not resize req->src when doing hash operations
    - crypto: scomp - fix req->dst buffer overflow
    - csky: fix arch_jump_label_transform_static override
    - blocklayoutdriver: Fix reference leak of pnfs_device_node
    - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
    - SUNRPC: fix _xprt_switch_find_current_entry logic
    - pNFS: Fix the pnfs block driver's calculation of layoutget size
    - wifi: plfxlc: check for allocation failure in plfxlc_usb_wreq_async()
    - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
    - bpf, lpm: Fix check prefixlen before walking trie
    - bpf: Add crosstask check to __bpf_get_stack
    - wifi: ath11k: Defer on rproc_get failure
    - wifi: libertas: stop selecting wext
    - ARM: dts: qcom: apq8064: correct XOADC register address
    - net/ncsi: Fix netlink major/minor version numbers
    - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
    - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
    - arm64: dts: ti: k3-am62a-main: Fix GPIO pin count in DT nodes
    - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type
    - selftests/bpf: Fix erroneous bitmask operation
    - md: synchronize flush io with array reconfiguration
    - bpf: enforce precision of R0 on callback return
    - ARM: dts: qcom: sdx65: correct SPMI node name
    - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sc7280: Mark some nodes as 'reserved'
    - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sc8280xp: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sm6350: Make watchdog bark interrupt edge triggered
    - bpf: add percpu stats for bpf_map elements insertions/deletions
    - bpf: Add map and need_defer parameters to .map_fd_put_ptr()
    - bpf: Defer the free of inner map when necessary
    - selftests/net: specify the interface when do arping
    - bpf: fix check for attempt to corrupt spilled pointer
    - scsi: fnic: Return error if vmalloc() failed
    - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator
    - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
    - arm64: dts: qcom: sm8350: Fix DMA0 address
    - arm64: dts: qcom: sc7280: Fix up GPU SIDs
    - arm64: dts: qcom: sc7280: Mark Adreno SMMU as DMA coherent
    - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types
    - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail
    - bpf: Fix verification of indirect var-off stack access
    - arm64: dts: hisilicon: hikey970-pmic: fix regulator cells properties
    - dt-bindings: media: mediatek: mdp3: correct RDMA and WROT node with generic
      names
    - arm64: dts: mediatek: mt8183: correct MDP3 DMA-related nodes
    - wifi: mt76: mt7921: fix country count limitation for CLC
    - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward
    - block: Set memalloc_noio to false on device_add_disk() error path
    - arm64: dts: renesas: white-hawk-cpu: Fix missing serial console pin control
    - arm64: dts: imx8mm: Reduce GPU to nominal speed
    - scsi: hisi_sas: Replace with standard error code return value
    - scsi: hisi_sas: Correct the number of global debugfs registers
    - ARM: dts: stm32: don't mix SCMI and non-SCMI board compatibles
    - selftests/net: fix grep checking for fib_nexthop_multiprefix
    - ipmr: support IP_PKTINFO on cache report IGMP msg
    - virtio/vsock: fix logic which reduces credit update messages
    - dma-mapping: clear dev->dma_mem to NULL after freeing it
    - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration
    - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators
    - block: add check of 'minors' and 'first_minor' in device_add_disk()
    - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent
    - arm64: dts: qcom: ipq6018: fix clock rates for GCC_USB0_MOCK_UTMI_CLK
    - wifi: rtlwifi: add calculate_bit_shift()
    - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
    - wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
    - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request
    - wifi: iwlwifi: mvm: send TX path flush in rfkill
    - netfilter: nf_tables: mark newset as dead on transaction abort
    - Bluetooth: Fix bogus check for re-auth no supported with non-ssp
    - Bluetooth: btmtkuart: fix recv_buf() return value
    - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS
    - bpf: sockmap, fix proto update hook to avoid dup calls
    - sctp: support MSG_ERRQUEUE flag in recvmsg()
    - sctp: fix busy polling
    - net/sched: act_ct: fix skb leak and crash on ooo frags
    - mlxbf_gige: Fix intermittent no ip issue
    - mlxbf_gige: Enable the GigE port in mlxbf_gige_open
    - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
    - ARM: davinci: always select CONFIG_CPU_ARM926T
    - Revert "drm/tidss: Annotate dma-fence critical section in commit path"
    - Revert "drm/omapdrm: Annotate dma-fence critical section in commit path"
    - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off()
    - RDMA/usnic: Silence uninitialized symbol smatch warnings
    - RDMA/hns: Fix inappropriate err code for unsupported operations
    - drm/panel-elida-kd35t133: hold panel in reset for unprepare
    - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer
    - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
    - drm/tilcdc: Fix irq free on unload
    - media: pvrusb2: fix use after free on context disconnection
    - media: mtk-jpeg: Remove cancel worker in mtk_jpeg_remove to avoid the crash
      of multi-core JPEG devices
    - media: verisilicon: Hook the (TRY_)DECODER_CMD stateless ioctls
    - media: rkvdec: Hook the (TRY_)DECODER_CMD stateless ioctls
    - drm/bridge: Fix typo in post_disable() description
    - f2fs: fix to avoid dirent corruption
    - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
    - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
    - drm/radeon: check return value of radeon_ring_lock()
    - drm/tidss: Move reset to the end of dispc_init()
    - drm/tidss: Return error value from from softreset
    - drm/tidss: Check for K2G in in dispc_softreset()
    - drm/tidss: Fix dss reset
    - ASoC: cs35l33: Fix GPIO name and drop legacy include
    - ASoC: cs35l34: Fix GPIO name and drop legacy include
    - drm/msm/mdp4: flush vblank event on disable
    - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
    - drm/drv: propagate errors from drm_modeset_register_all()
    - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch
    - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq
    - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
    - drm/radeon/dpm: fix a memleak in sumo_parse_power_table
    - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
    - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable
    - drm/bridge: tc358767: Fix return value on error case
    - media: cx231xx: fix a memleak in cx231xx_init_isoc
    - RDMA/hns: Fix memory leak in free_mr_init()
    - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
    - media: imx-mipi-csis: Fix clock handling in remove()
    - media: dt-bindings: media: rkisp1: Fix the port description for the parallel
      interface
    - media: rkisp1: Fix media device memory leak
    - drm/panel: st7701: Fix AVCL calculation
    - f2fs: fix to wait on block writeback for post_read case
    - f2fs: fix to check compress file in f2fs_move_file_range()
    - f2fs: fix to update iostat correctly in f2fs_filemap_fault()
    - media: dvbdev: drop refcount on error path in dvb_device_open()
    - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path
      of m88ds3103_probe()
    - clk: renesas: rzg2l-cpg: Reuse code in rzg2l_cpg_reset()
    - clk: renesas: rzg2l: Check reset monitor registers
    - drm/msm/dpu: Set input_sel bit for INTF
    - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr()
    - drm/mediatek: Return error if MDP RDMA failed to enable the clock
    - drm/mediatek: Fix underrun in VDO1 when switches off the layer
    - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
    - drm/amd/pm: fix a double-free in si_dpm_init
    - drivers/amd/pm: fix a use-after-free in kv_parse_power_table
    - gpu/drm/radeon: fix two memleaks in radeon_vm_init
    - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table
    - f2fs: fix to check return value of f2fs_recover_xattr_data
    - dt-bindings: clock: Update the videocc resets for sm8150
    - clk: qcom: videocc-sm8150: Update the videocc resets
    - clk: qcom: videocc-sm8150: Add missing PLL config property
    - drivers: clk: zynqmp: calculate closest mux rate
    - drivers: clk: zynqmp: update divider round rate logic
    - watchdog: set cdev owner before adding
    - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
    - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
    - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
    - clk: si5341: fix an error code problem in si5341_output_clk_set_rate
    - drm/mediatek: dp: Add phy_mtk_dp module as pre-dependency
    - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw
    - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
    - pwm: stm32: Fix enable count for clk in .probe()
    - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]
    - ALSA: scarlett2: Add missing error check to scarlett2_config_save()
    - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()
    - ALSA: scarlett2: Allow passing any output to line_out_remap()
    - ALSA: scarlett2: Add missing error checks to *_ctl_get()
    - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()
    - mmc: sdhci_am654: Fix TI SoC dependencies
    - [Config] updateconfigs for CONFIG_MMC_SDHCI_AM654
    - mmc: sdhci_omap: Fix TI SoC dependencies
    - [Config] update config for MMC_SDHCI_OMAP changes
    - IB/iser: Prevent invalidating wrong MR
    - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in
      kfd_topology.c
    - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init
    - kselftest/alsa - mixer-test: fix the number of parameters to
      ksft_exit_fail_msg()
    - kselftest/alsa - mixer-test: Fix the print format specifier warning
    - ksmbd: validate the zero field of packet header
    - of: Fix double free in of_parse_phandle_with_args_map
    - fbdev: imxfb: fix left margin setting
    - of: unittest: Fix of_count_phandle_with_args() expected value message
    - selftests/bpf: Add assert for user stacks in test_task_stack
    - keys, dns: Fix size check of V1 server-list header
    - binder: fix async space check for 0-sized buffers
    - binder: fix unused alloc->free_async_space
    - mips/smp: Call rcutree_report_cpu_starting() earlier
    - Input: atkbd - use ab83 as id when skipping the getid command
    - binder: fix race between mmput() and do_exit()
    - clocksource/drivers/timer-ti-dm: Fix make W=n kerneldoc warnings
    - powerpc/64s: Increase default stack size to 32KB
    - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
    - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
    - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
    - Revert "usb: dwc3: Soft reset phy on probe for host"
    - Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-
      only"
    - usb: chipidea: wait controller resume finished for wakeup irq
    - usb: cdns3: fix uvc failure work since sg support enabled
    - usb: cdns3: fix iso transfer error when mult is not zero
    - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled
    - usb: typec: class: fix typec_altmode_put_partner to put plugs
    - usb: mon: Fix atomicity violation in mon_bin_vma_fault
    - serial: core: fix sanitizing check for RTS settings
    - serial: core: make sure RS485 cannot be enabled when it is not supported
    - serial: 8250_bcm2835aux: Restore clock error handling
    - serial: core, imx: do not set RS485 enabled if it is not supported
    - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled
      clock
    - serial: 8250_exar: Set missing rs485_supported flag
    - serial: omap: do not override settings for RS485 support
    - ALSA: oxygen: Fix right channel of capture volume mixer
    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
    - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook
    - ksmbd: validate mech token in session setup
    - ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
    - ksmbd: only v2 leases handle the directory
    - io_uring/rw: ensure io->bytes_done is always initialized
    - fbdev: flush deferred work in fb_deferred_io_fsync()
    - fbdev: flush deferred IO before closing
    - scsi: ufs: core: Simplify power management during async scan
    - scsi: target: core: add missing file_{start,end}_write()
    - drm/amd: Enable PCIe PME from D3
    - block: add check that partition length needs to be aligned with block size
    - block: Fix iterating over an empty bio with bio_for_each_folio_all
    - pwm: jz4740: Don't use dev_err_probe() in .request()
    - md/raid1: Use blk_opf_t for read and write operations
    - rootfs: Fix support for rootfstype= when root= is given
    - Bluetooth: Fix atomicity violation in {min,max}_key_size_set
    - LoongArch: Fix and simplify fcsr initialization on execve()
    - iommu/arm-smmu-qcom: Add missing GMU entry to match table
    - iommu/dma: Trace bounce buffer usage when mapping buffers
    - wifi: mt76: fix broken precal loading from MTD for mt7915
    - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
    - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
    - wifi: mwifiex: configure BSSID consistently when starting AP
    - Revert "net: rtnetlink: Enslave device before bringing it up"
    - cxl/port: Fix decoder initialization when nr_targets > interleave_ways
    - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg()
    - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support
    - PCI: mediatek: Clear interrupt status before dispatching handler
    - x86/kvm: Do not try to disable kvmclock if it was not enabled
    - KVM: arm64: vgic-v4: Restore pending state on host userspace write
    - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
    - iio: adc: ad7091r: Pass iio_dev to event handler
    - HID: wacom: Correct behavior when processing some confidence == false
      touches
    - serial: sc16is7xx: add check for unsupported SPI modes during probe
    - serial: sc16is7xx: set safe default SPI clock frequency
    - ARM: 9330/1: davinci: also select PINCTRL
    - mfd: syscon: Fix null pointer dereference in of_syscon_register()
    - leds: aw2013: Select missing dependency REGMAP_I2C
    - mfd: intel-lpss: Fix the fractional clock divider flags
    - mips: dmi: Fix early remap on MIPS32
    - mips: Fix incorrect max_low_pfn adjustment
    - riscv: Check if the code to patch lies in the exit section
    - riscv: Fix module_alloc() that did not reset the linear mapping permissions
    - riscv: Fix set_memory_XX() and set_direct_map_XX() by splitting huge linear
      mappings
    - riscv: Fix set_direct_map_default_noflush() to reset _PAGE_EXEC
    - riscv: Fixed wrong register in XIP_FIXUP_FLASH_OFFSET macro
    - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
    - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
    - power: supply: cw2015: correct time_to_empty units in sysfs
    - power: supply: bq256xx: fix some problem in bq256xx_hw_init
    - serial: 8250: omap: Don't skip resource freeing if
      pm_runtime_resume_and_get() failed
    - libapi: Add missing linux/types.h header to get the __u64 type on io.h
    - base/node.c: initialize the accessor list before registering
    - acpi: property: Let args be NULL in __acpi_node_get_property_reference
    - software node: Let args be NULL in software_node_get_reference_args
    - serial: imx: fix tx statemachine deadlock
    - selftests/sgx: Fix uninitialized pointer dereference in error path
    - selftests/sgx: Fix uninitialized pointer dereferences in encl_get_entry
    - selftests/sgx: Include memory clobber for inline asm in test enclave
    - selftests/sgx: Skip non X86_64 platform
    - iio: adc: ad9467: fix reset gpio handling
    - iio: adc: ad9467: don't ignore error codes
    - iio: adc: ad9467: fix scale setting
    - perf header: Fix one memory leakage in perf_event__fprintf_event_update()
    - perf hisi-ptt: Fix one memory leakage in hisi_ptt_process_auxtrace_event()
    - perf genelf: Set ELF program header addresses properly
    - tty: change tty_write_lock()'s ndelay parameter to bool
    - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK
    - tty: don't check for signal_pending() in send_break()
    - tty: use 'if' in send_break() instead of 'goto'
    - usb: cdc-acm: return correct error code on unsupported break
    - spmi: mtk-pmif: Serialize PMIF status check and command submission
    - vdpa: Fix an error handling path in eni_vdpa_probe()
    - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
    - nvmet-tcp: fix a crash in nvmet_req_complete()
    - perf env: Avoid recursively taking env->bpf_progs.lock
    - cxl/region: fix x9 interleave typo
    - apparmor: avoid crash when parsed profile name is empty
    - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer
    - serial: imx: Correct clock error message in function probe()
    - nvmet: re-fix tracing strncpy() warning
    - nvme: trace: avoid memcpy overflow warning
    - nvmet-tcp: Fix the H2C expected PDU len calculation
    - PCI: keystone: Fix race condition when initializing PHYs
    - PCI: mediatek-gen3: Fix translation window size calculation
    - ASoC: mediatek: sof-common: Add NULL check for normal_link string
    - s390/pci: fix max size calculation in zpci_memcpy_toio()
    - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames
    - amt: do not use overwrapped cb area
    - net: phy: micrel: populate .soft_reset for KSZ9131
    - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
    - mptcp: strict validation before using mp_opt->hmac
    - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
    - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
    - mptcp: refine opt_mp_capable determination
    - block: ensure we hold a queue reference when using queue limits
    - udp: annotate data-races around up->pending
    - net: ravb: Fix dma_addr_t truncation in error case
    - dt-bindings: gpio: xilinx: Fix node address in gpio
    - drm/amdkfd: fixes for HMM mem allocation
    - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake
      calls
    - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
    - LoongArch: BPF: Prevent out-of-bounds memory access
    - mptcp: relax check on MPC passive fallback
    - netfilter: nf_tables: reject invalid set policy
    - netfilter: nft_limit: do not ignore unsupported flags
    - netfilter: nfnetlink_log: use proper helper for fetching physinif
    - netfilter: nf_queue: remove excess nf_bridge variable
    - netfilter: propagate net to nf_bridge_get_physindev
    - netfilter: bridge: replace physindev with physinif in nf_bridge_info
    - netfilter: nf_tables: do not allow mismatch field size and set key length
    - netfilter: nf_tables: skip dead set elements in netlink dump
    - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length
      description
    - ipvs: avoid stat macros calls from preemptible context
    - kdb: Fix a potential buffer overflow in kdb_local()
    - ethtool: netlink: Add missing ethnl_ops_begin/complete
    - loop: fix the the direct I/O support check when used on top of block devices
    - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
    - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
    - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
    - i2c: s3c24xx: fix read transfers in polling mode
    - i2c: s3c24xx: fix transferring more than one message in polling mode
    - riscv: Fix wrong usage of lm_alias() when splitting a huge linear mapping
    - arm64: dts: armada-3720-turris-mox: set irq type for RTC
    - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram
    - drivers/perf: hisi: Fix some event id for HiSilicon UC pmu
    - KVM: PPC: Book3S HV: Use accessors for VCPU registers
    - KVM: PPC: Book3S HV: Introduce low level MSR accessor
    - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE
    - powerpc/rtas: Avoid warning on invalid token argument to sys_rtas()
    - perf/x86/intel/uncore: Fix NULL pointer dereference issue in
      upi_fill_topology()
    - efivarfs: Free s_fs_info on unmount
    - thermal: core: Fix NULL pointer dereference in zone registration error path
    - cpuidle: haltpoll: Do not enable interrupts when entering idle
    - crypto: rsa - add a check for allocation failure
    - crypto: jh7110 - Correct deferred probe return
    - NFS: Use parent's objective cred in nfs_access_login_time()
    - asm-generic: Fix 32 bit __generic_cmpxchg_local
    - arm64: dts: qcom: qrb4210-rb2: don't force usb peripheral mode
    - arm64: dts: qcom: sc8280xp-x13s: Use the correct DP PHY compatible
    - arm64: dts: qcom: sc8280xp-x13s: add missing camera LED pin config
    - scsi: bfa: Use the proper data type for BLIST flags
    - arm64: dts: ti: iot2050: Re-add aliases
    - wifi: rtw88: sdio: Honor the host max_req_size in the RX path
    - ARM: dts: qcom: sdx65: correct PCIe EP phy-names
    - dt-bindings: arm: qcom: Fix html link
    - arm64: dts: qcom: sc8180x-primus: Fix HALL_INT polarity
    - arm64: dts: qcom: sm8450: correct TX Soundwire clock
    - arm64: dts: qcom: sm8550: correct TX Soundwire clock
    - arm64: dts: qcom: sa8775p: Make watchdog bark interrupt edge triggered
    - arm64: dts: qcom: sm6125: add interrupts to DWC3 USB controller
    - arm64: dts: qcom: sa8775p: fix USB wakeup interrupt types
    - arm64: dts: qcom: sm8550: fix USB wakeup interrupt types
    - wifi: mt76: mt7915: fallback to non-wed mode if platform_get_resource fails
      in mt7915_mmio_wed_init()
    - wifi: mt76: mt7996: fix the size of struct bss_rate_tlv
    - wifi: mt76: mt7996: fix rate usage of inband discovery frames
    - bpf: Guard stack limits against 32bit overflow
    - bpf: Fix accesses to uninit stack slots
    - arm64: dts: mediatek: mt8195: revise VDOSYS RDMA node name
    - arm64: dts: mediatek: mt8186: Fix alias prefix for ovl_2l0
    - arm64: dts: mediatek: mt8186: fix address warning for ADSP mailboxes
    - wifi: iwlwifi: don't support triggered EHT CQI feedback
    - arm64: dts: xilinx: Apply overlays to base dtbs
    - scsi: ufs: qcom: Fix the return value of ufs_qcom_ice_program_key()
    - scsi: ufs: qcom: Fix the return value when platform_get_resource_byname()
      fails
    - scsi: hisi_sas: Check before using pointer variables
    - bpf: Fix a race condition between btf_put() and map_free()
    - virtio/vsock: send credit update during setting SO_RCVLOWAT
    - bpf: Limit the number of uprobes when attaching program to multiple uprobes
    - bpf: Limit the number of kprobes when attaching program to multiple kprobes
    - arm64: dts: qcom: acer-aspire1: Correct audio codec definition
    - arm64: dts: qcom: sm6375: fix USB wakeup interrupt types
    - arm64: dts: qcom: sm6375: Hook up MPM
    - arm64: dts: qcom: sm8150: make dispcc cast minimal vote on MMCX
    - soc: qcom: llcc: Fix LLCC_TRP_ATTR2_CFGn offset
    - arm64: dts: qcom: sm8550: Separate out X3 idle state
    - arm64: dts: qcom: sm8550: Update idle state time requirements
    - arm64: dts: qcom: sc8180x: Mark PCIe hosts cache-coherent
    - arm64: dts: qcom: sc8180x: switch PCIe QMP PHY to new style of bindings
    - arm64: dts: qcom: sc8180x: Fix up PCIe nodes
    - wifi: iwlwifi: fix out of bound copy_from_user
    - wifi: iwlwifi: assign phy_ctxt before eSR activation
    - netfilter: nf_tables: validate chain type update if available
    - Bluetooth: btnxpuart: fix recv_buf() return value
    - arm64: dts: rockchip: Fix led pinctrl of lubancat 1
    - wifi: cfg80211: correct comment about MLD ID
    - wifi: cfg80211: parse all ML elements in an ML probe response
    - blk-cgroup: fix rcu lockdep warning in blkg_lookup()
    - rxrpc: Fix skbuff cleanup of call's recvmsg_queue and rx_oos_queue
    - drm/dp_mst: Fix fractional DSC bpp handling
    - drm/panel: nv3051d: Hold panel in reset for unprepare
    - media: visl: Hook the (TRY_)DECODER_CMD stateless ioctls
    - media: amphion: Fix VPU core alias name
    - drm/imx/lcdc: Fix double-free of driver data
    - drm/msm/dpu: Add missing safe_lut_tbl in sc8180x catalog
    - ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL
    - ASoC: SOF: topology: Use partial match for disconnecting DAI link and DAI
      widget
    - drm/msm/dpu: correct clk bit for WB2 block
    - clk: sp7021: fix return value check in sp7021_clk_probe()
    - clk: rs9: Fix DIF OEn bit placement on 9FGV0241
    - ASoC: tas2781: add support for FW version 0x0503
    - clk: qcom: gcc-sm8550: Add the missing RETAIN_FF_ENABLE GDSC flag
    - clk: qcom: gcc-sm8550: Mark the PCIe GDSCs votable
    - clk: qcom: gcc-sm8550: use collapse-voting for PCIe GDSCs
    - clk: qcom: gcc-sm8550: Mark RCGs shared where applicable
    - clk: qcom: dispcc-sm8550: Update disp PLL settings
    - drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process'
    - gpiolib: make gpio_device_get() and gpio_device_put() public
    - gpiolib: provide gpio_device_find()
    - gpio: sysfs: drop the mention of gpiochip_find() from sysfs code
    - drm/amd/display: avoid stringop-overflow warnings for
      dp_decide_lane_settings()
    - kselftest/alsa - conf: Stringify the printed errno in sysfs_get()
    - class: fix use-after-free in class_register()
    - kernfs: convert kernfs_idr_lock to an irq safe raw spinlock
    - usb: dwc3: gadget: Handle EP0 request dequeuing properly
    - usb: dwc3: gadget: Queue PM runtime idle on disconnect event
    - Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
    - dt-bindings: phy: qcom,sc8280xp-qmp-usb43dp-phy: fix path to header
    - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
    - io_uring: don't check iopoll if request completes
    - io_uring: ensure local task_work is run on wait timeout
    - block: Remove special-casing of compound pages
    - wifi: mwifiex: add extra delay for firmware ready
    - wifi: mwifiex: fix uninitialized firmware_stat
    - Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB"
    - x86/pci: Reserve ECAM if BIOS didn't include it in PNP0C02 _CRS
    - KVM: x86/pmu: Move PMU reset logic to common x86 code
    - KVM: x86/pmu: Reset the PMU, i.e. stop counters, before refreshing
    - mfd: rk8xx: fixup devices registration with PLATFORM_DEVID_AUTO
    - leds: aw200xx: Fix write to DIM parameter
    - mfd: tps6594: Add null pointer check to tps6594_device_init()
    - srcu: Use try-lock lockdep annotation for NMI-safe access.
    - um: virt-pci: fix platform map offset
    - PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()
    - iommu: Map reserved memory as cacheable if device is coherent
    - perf test: Remove atomics from test_loop to avoid test failures
    - perf header: Fix segfault on build_mem_topology() error path
    - perf test record user-regs: Fix mask for vg register
    - perf vendor events arm64 AmpereOne: Rename BPU_FLUSH_MEM_FAULT to
      GPC_FLUSH_MEM_FAULT
    - perf mem: Fix error on hybrid related to availability of mem event in a PMU
    - perf stat: Exit perf stat if parse groups fails
    - iio: adc: ad9467: add mutex to struct ad9467_state
    - perf unwind-libdw: Handle JIT-generated DSOs properly
    - perf unwind-libunwind: Fix base address for .eh_frame
    - bus: mhi: ep: Do not allocate event ring element on stack
    - bus: mhi: ep: Use slab allocator where applicable
    - usb: gadget: webcam: Make g_webcam loadable again
    - iommu: Don't reserve 0-length IOVA region
    - power: supply: Fix null pointer dereference in smb2_probe
    - apparmor: Fix ref count leak in task_kill
    - perf stat: Fix hard coded LL miss units
    - apparmor: fix possible memory leak in unpack_trans_table
    - serial: apbuart: fix console prompt on qemu
    - perf db-export: Fix missing reference count get in call_path_from_sample()
    - cxl/port: Fix missing target list lock
    - spi: coldfire-qspi: Remove an erroneous clk_disable_unprepare() from the
      remove function
    - hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume
    - rxrpc: Fix use of Don't Fragment flag
    - octeontx2-af: CN10KB: Fix FIFO length calculation for RPM2
    - net: micrel: Fix PTP frame parsing for lan8841
    - ALSA: hda: Properly setup HDMI stream
    - net: add more sanity check in virtio_net_hdr_to_skb()
    - net: netdev_queue: netdev_txq_completed_mb(): fix wake condition
    - bpf: iter_udp: Retry with a larger batch size without going back to the
      previous bucket
    - bpf: Avoid iter->offset making backward progress in bpf_iter_udp
    - gpio: mlxbf3: add an error code check in mlxbf3_gpio_probe
    - ASoC: SOF: ipc4-loader: remove the CPC check warnings
    - selftests: bonding: Change script interpreter
    - io_uring: adjust defer tw counting
    - arm64/ptrace: Don't flush ZA/ZT storage when writing ZA via ptrace
    - mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path
    - mlxsw: spectrum_acl_tcam: Fix stack corruption
    - mlxsw: spectrum_router: Register netdevice notifier before nexthop
    - Upstream stable to v6.1.75, v6.6.14
  * Mantic update: upstream stable patchset 2024-03-07 (LP: #2056403) //
    CVE-2024-26583
    - net: tls, fix WARNIING in __sk_msg_free

-- Jacob Martin <jacob.martin@canonical.com>  Wed, 29 May 2024 09:36:40 -0500

Changed in linux-nvidia-6.5 (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-nvidia-6.5 package