This bug was fixed in the package linux-raspi - 5.19.0-1004.10 --------------- linux-raspi (5.19.0-1004.10) kinetic; urgency=medium * kinetic/linux-raspi: 5.19.0-1004.10 -proposed tracker (LP: #1993133) * armhf kernel compiled with gcc-12 fails to boot on pi 3/2 (LP: #1993120) - [Packaging] raspi: Use gcc-11 for armhf - [Config] raspi: updateconfigs for gcc-11 for armhf [ Ubuntu: 5.19.0-21.21 ] * kinetic/linux: 5.19.0-21.21 -proposed tracker (LP: #1992639) * cannot change mount namespace (LP: #1991691) - SAUCE: apparmor: Fix getaatr mediation causing snap failures * Kernel regresses openjdk on riscv64 (LP: #1992484) - SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid" [ Ubuntu: 5.19.0-20.20 ] * kinetic/linux: 5.19.0-20.20 -proposed tracker (LP: #1992408) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/master) * Kinetic kernels 5.19.0-18/19-generic won't boot on Intel 11th/12th gen (LP: #1991704) - drm/i915: fix null pointer dereference * rcu_sched detected stalls on CPUs/tasks (LP: #1967130) - [Config] Disable VMAP_STACK on riscv64 * Disable sv57 as the userspace is not ready (LP: #1991790) - SAUCE: riscv: mm: Force disable sv57 * earlyconsole prints question marks on 5.19.0-1002-generic (LP: #1988984) - [Config] Set CONFIG_PWM_SIFIVE=m for riscv64 * RCU stalls (LP: #1991951) - [Config] Harmonize RCU_CPU_STALL_TIMEOUT * backport dkms fixes to build modules correctly for hwe-5.19+ kernels with custom compiler (LP: #1991664) - [Packaging] use versioned gcc-12 - [Packaging] Update configs with versioned compiler version * FTBFS on kinetic (LP: #1990964) - SAUCE: uapi: Fixup strace compile error * CVE-2022-40768 - scsi: stex: Properly zero out the passthrough command structure * [22.10 FEAT] zKVM: Crypto Passthrough Hotplug - kernel part (LP: #1852741) - s390/vfio-ap: use new AP bus interface to search for queue devices - s390/vfio-ap: move probe and remove callbacks to vfio_ap_ops.c - s390/vfio-ap: manage link between queue struct and matrix mdev - s390/vfio-ap: introduce shadow APCB - s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to mdev - s390/vfio-ap: allow assignment of unavailable AP queues to mdev device - s390/vfio-ap: rename matrix_dev->lock mutex to matrix_dev->mdevs_lock - s390/vfio-ap: introduce new mutex to control access to the KVM pointer - s390/vfio-ap: use proper locking order when setting/clearing KVM pointer - s390/vfio-ap: prepare for dynamic update of guest's APCB on assign/unassign - s390/vfio-ap: prepare for dynamic update of guest's APCB on queue probe/remove - s390/vfio-ap: allow hot plug/unplug of AP devices when assigned/unassigned - s390/vfio-ap: hot plug/unplug of AP devices when probed/removed - s390/vfio-ap: reset queues after adapter/domain unassignment - s390/vfio-ap: implement in-use callback for vfio_ap driver - s390/vfio-ap: sysfs attribute to display the guest's matrix - s390/vfio-ap: handle config changed and scan complete notification - s390/vfio-ap: update docs to include dynamic config support - s390/Docs: new doc describing lock usage by the vfio_ap device driver - MAINTAINERS: pick up all vfio_ap docs for VFIO AP maintainers linux-raspi (5.19.0-1003.7) kinetic; urgency=medium * kinetic/linux-raspi: 5.19.0-1003.7 -proposed tracker (LP: #1991799) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/master) * Please enable CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU (LP: #1980861) - [Config] raspi: Switch from DECOMP_SINGLE to DECOMP_MULTI_PERCPU * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) - [Config] raspi: update configs after apply new apparmor patch set * No HDMI sound output from alsa in server (no KMS) (LP: #1991254) - staging: bcm2835-audio: Find compatible firmware node - staging: bcm2835-audio: Fix firmware node refcounting - staging: bcm2835-audio: Log errors in case of firmware query failures - staging: bcm2835-audio: Fix unused enable_hdmi module parameter - staging: bcm2835-audio: Fix unused enable_headphones module parameter * Essential staging modules are unsigned (LP: #1968834) - [Packaging] raspi: Add signature-inclusion list * Miscellaneous upstream changes - ARM: dts: Don't enable the 8250 UART on CM4S [ Ubuntu: 5.19.0-19.19 ] * kinetic/linux: 5.19.0-19.19 -proposed tracker (LP: #1990960) * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check""" - Revert "Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration.""" - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes""" - Revert "Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display""" - Revert "Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid""" - Revert "Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure.""" - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx""" - Revert "Revert "Revert "apparmor: fix absroot causing audited secids to begin with =""" - Revert "Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules""" - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value""" - SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin with = - SAUCE: upstream v6.0: apparmor: Fix kernel-doc - SAUCE: upstream v6.0: lsm: Fix kernel-doc - SAUCE: upstream v6.0: apparmor: Update help description of policy hash for introspection - SAUCE: upstream v6.0: apparmor: make export of raw binary profile to userspace optional - SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for embedded systems - SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled - SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c - SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable - SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc() - SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix undefined reference to `zlib_deflate_workspacesize' - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer required - SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects - SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of IDR - SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid to secctx - SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: allow label to carry debug flags - SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use of the xbits - SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical task.{h,c} - SAUCE: upstream v6.0: apparmor: correct config reference to intended one - SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file op - SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook - SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd - SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new() - SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a namespace - SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes - SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data - SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs - SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: move fperm computation into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure - SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile load - SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into a single shared struct - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared policydb struct - SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct - SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just an integer - SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi - SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs unix sockets - SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making use of the xbits - SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: extend xindex size - SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility to its own file - SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label and tag string - SAUCE: apparmor-next 6.1: apparmor: add mediation class information to auditing - SAUCE: apparmor-next 6.1: apparmor: add user mode flag - SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so it can be reused - SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking - SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary value - SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a permission table - SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes - SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated - SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into perms.h - SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks don't overlap - SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments - SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list - SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved classes - SAUCE: apparmor-next 6.1: apparmor: Fix regression in stacking due to label flags - SAUCE: apparmor-next 6.1: apparmor: Simplify obtain the newest label on a cred - SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static - SAUCE: apparmor-next 6.1: apparmor: Fix doc comment for compute_fperms - SAUCE: apparmor-next 6.1: apparmor: Remove unnecessary size check when unpacking trans_table - SAUCE: apparmor-next 6.1: apparmor: make sure the decompression ctx is promperly initialized - SAUCE: apparmor: add/use fns to print hash string hex value - SAUCE: apparmor: patch to provide compatibility with v2.x net rules - SAUCE: Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static" - SAUCE: apparmor: af_unix mediation - SAUCE: fix shutdown unix socket owner conditional check - SAUCE: apparmor: rename aa_sock() to aa_unix_sk() - SAUCE: apparmor: Add fine grained mediation of posix mqueues - SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock() - SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security - SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure. - SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings - SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid - SAUCE: lsm stacking v37: LSM: Specify which LSM to display - SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display - SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob - SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection - SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names - SAUCE: lsm stacking v37: Audit: Create audit_stamp structure - SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs - SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer - SAUCE: lsm stacking v37: Audit: Add record for multiple task security contexts - SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel - SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts - SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data - SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init - SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context - SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag - SAUCE: security, lsm: Introduce security_create_user_ns() - SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable - SAUCE: selinux: Implement userns_create hook - SAUCE: apparmor: add user namespace creation mediation - [Config] update configs after apply new apparmor patch set * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) // 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084 (LP: #1990236) - SAUCE: apparmor: fix oops in unix owner conditional setup * Miscellaneous Ubuntu changes - [Config] make sure CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is enforced [ Ubuntu: 5.19.0-18.18 ] * kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366) * 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084 (LP: #1990236) - Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label flags" - Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS" - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer"" - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup"" - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy"" - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending request"" - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before reset"" - Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making request"" - Revert "UBUNTU: [Config] update configs after apply new apparmor patch set" - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" - Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook" - Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable" - Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()" - Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init" - Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data" - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts" - Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel" - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple task security contexts" - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs" - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp structure" - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection" - Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation" - Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_dentry_init_security" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser" - Revert "UBUNTU: SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Specify which LSM to display" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match" - Revert "UBUNTU: SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings" - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure." - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security" - Revert "UBUNTU: SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from security_audit_rule" - Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" - Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" - Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" - Revert "UBUNTU: SAUCE: fix shutdown unix socket owner conditional check" - Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" - Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" - Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved classes" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks don't overlap" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into perms.h" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a permission table" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary value" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so it can be reused" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add user mode flag" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add mediation class information to auditing" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label and tag string" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility to its own file" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend xindex size" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making use of the xbits" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs unix sockets" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just an integer" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as an index" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as an index" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an index" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared policydb struct" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into a single shared struct" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile load" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move fperm computation into policy_unpack" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile load" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a namespace" - Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new()" - Revert "UBUNTU: SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd" - Revert "UBUNTU: SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook" - Revert "UBUNTU: SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file op" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: correct config reference to intended one" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical task.{h,c}" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use of the xbits" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: allow label to carry debug flags" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid to secctx" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of IDR" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer required" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix undefined reference to `zlib_deflate_workspacesize'" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc()" - Revert "UBUNTU: SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for embedded systems" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: make export of raw binary profile to userspace optional" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Update help description of policy hash for introspection" - Revert "UBUNTU: SAUCE: upstream v6.0: lsm: Fix kernel-doc" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix kernel-doc" - Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin with =" - Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"" - Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules"" - Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"" - Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label"" - Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non- fs, unix sockets"" - Revert "Revert "apparmor: fix absroot causing audited secids to begin with ="" - Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx"" - Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"" - Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()"" - Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security"" - Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure."" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"" - Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"" - Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs"" - Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"" - Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx"" - Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter"" - Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"" - Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes"" - Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration."" - Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes"" - Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context"" - Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"" - Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"" - Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()"" - Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"" - Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"" - Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const"" - Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)"" * [22.04 FEAT] Enhanced Interpretation for PCI Functions on s390x - kernel part (LP: #1853306) - s390/sclp: detect the zPCI load/store interpretation facility - s390/sclp: detect the AISII facility - s390/sclp: detect the AENI facility - s390/sclp: detect the AISI facility - s390/airq: pass more TPI info to airq handlers - s390/airq: allow for airq structure that uses an input vector - s390/pci: externalize the SIC operation controls and routine - s390/pci: stash associated GISA designation - s390/pci: stash dtsm and maxstbl - vfio/pci: introduce CONFIG_VFIO_PCI_ZDEV_KVM - KVM: s390: pci: add basic kvm_zdev structure - KVM: s390: pci: do initial setup for AEN interpretation - KVM: s390: pci: enable host forwarding of Adapter Event Notifications - KVM: s390: mechanism to enable guest zPCI Interpretation - KVM: s390: pci: provide routines for enabling/disabling interrupt forwarding - KVM: s390: pci: add routines to start/stop interpretive execution - vfio-pci/zdev: add open/close device hooks - vfio-pci/zdev: add function handle to clp base capability - vfio-pci/zdev: different maxstbl for interpreted devices - KVM: s390: add KVM_S390_ZPCI_OP to manage guest zPCI devices - MAINTAINERS: additional files related kvm s390 pci passthrough - Documentation: kvm: extend KVM_S390_ZPCI_OP subheading underline - KVM: s390: pci: Hook to access KVM lowlevel from VFIO * [22.10 FEAT] [IO2201] Independent Usage of Secondary Physical Function (LP: #1959542) - PCI: Clean up pci_scan_slot() - PCI: Split out next_ari_fn() from next_fn() - PCI: Move jailhouse's isolated function handling to pci_scan_slot() - PCI: Extend isolated function probing to s390 - s390/pci: allow zPCI zbus without a function zero * AMD ACP 6.2 DMIC support (LP: #1989518) - ASoC: amd: add Pink Sardine platform ACP IP register header - ASoC: amd: add Pink Sardine ACP PCI driver - ASoC: amd: add acp6.2 init/de-init functions - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver - ASoC: amd: add acp6.2 pdm platform driver - ASoC: amd: add acp6.2 irq handler - ASoC: amd: add acp6.2 pdm driver dma ops - ASoC: amd: add acp6.2 pci driver pm ops - ASoC: amd: add acp6.2 pdm driver pm ops - ASoC: amd: enable Pink Sardine acp6.2 drivers build - ASoC: amd: create platform device for acp6.2 machine driver - ASoC: amd: add Pink Sardine machine driver using dmic - ASoC: amd: enable Pink sardine platform machine driver build. - [Config] Enable audio for AMD PinkSardine * support independent clock and LED GPIOs for Intel IPU6 platforms (LP: #1989046) - SAUCE: platform/x86: int3472: support independent clock and LED GPIOs * CVE-2022-2978 - SAUCE: fs: fix UAF/GPF bug in nilfs_mdt_destroy * Miscellaneous Ubuntu changes - [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS - SAUCE: Add mdev_set_iommu_device() kABI. - SAUCE: apparmor: Fix regression in stacking due to label flags - [Config] update toolchain version * Miscellaneous upstream changes - Revert "drm/i915/opregion: check port number bounds for SWSCI display power state" [ Ubuntu: 5.19.0-17.17 ] * kinetic/linux: 5.19.0-17.17 -proposed tracker (LP: #1989987) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/master) - debian/dkms-versions -- update from kernel-versions (main/master) * multiple kernel oops regarding hung tasks delaying boot (LP: #1989258) - SAUCE: Revert "virtio-rng: make device ready before making request" - SAUCE: Revert "hwrng: virtio - unregister device before reset" - SAUCE: Revert "hwrng: virtio - always add a pending request" - SAUCE: Revert "hwrng: virtio - don't waste entropy" - SAUCE: Revert "hwrng: virtio - don't wait on cleanup" - SAUCE: Revert "hwrng: virtio - add an internal buffer" * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" - Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" - Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" - Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" - Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" - Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" - Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" - Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" - Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." - Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" - Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" - Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" - Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" - Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" - Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." - Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" - Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" - Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" - Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" - Revert "apparmor: fix absroot causing audited secids to begin with =" - Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets" - Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" - Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" - Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" - Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" - SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin with = - SAUCE: upstream v6.0: apparmor: Fix kernel-doc - SAUCE: upstream v6.0: lsm: Fix kernel-doc - SAUCE: upstream v6.0: apparmor: Update help description of policy hash for introspection - SAUCE: upstream v6.0: apparmor: make export of raw binary profile to userspace optional - SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for embedded systems - SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled - SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in policy_unpack_test.c - SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable - SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc() - SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt() kernel-doc comment - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: Fix undefined reference to `zlib_deflate_workspacesize' - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer required - SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects - SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of IDR - SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid to secctx - SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments - SAUCE: upstream v6.0: apparmor: allow label to carry debug flags - SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use of the xbits - SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical task.{h,c} - SAUCE: upstream v6.0: apparmor: correct config reference to intended one - SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file op - SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook - SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd - SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new() - SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a namespace - SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes - SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data - SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs - SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile load - SAUCE: apparmor-next 6.1: apparmor: move fperm computation into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure - SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile load - SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into a single shared struct - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared policydb struct - SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct - SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as an index - SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just an integer - SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi - SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs unix sockets - SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making use of the xbits - SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack - SAUCE: apparmor-next 6.1: apparmor: extend xindex size - SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility to its own file - SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label and tag string - SAUCE: apparmor-next 6.1: apparmor: add mediation class information to auditing - SAUCE: apparmor-next 6.1: apparmor: add user mode flag - SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so it can be reused - SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking - SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary value - SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a permission table - SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes - SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated - SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into perms.h - SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks don't overlap - SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments - SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list - SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved classes - SAUCE: apparmor: add/use fns to print hash string hex value - SAUCE: apparmor: patch to provide compatibility with v2.x net rules - SAUCE: apparmor: af_unix mediation - SAUCE: fix shutdown unix socket owner conditional check - SAUCE: apparmor: rename aa_sock() to aa_unix_sk() - SAUCE: apparmor: Add fine grained mediation of posix mqueues - SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock() - SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security - SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure. - SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings - SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid - SAUCE: lsm stacking v37: LSM: Specify which LSM to display - SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display - SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob - SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection - SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names - SAUCE: lsm stacking v37: Audit: Create audit_stamp structure - SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs - SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer - SAUCE: lsm stacking v37: Audit: Add record for multiple task security contexts - SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel - SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts - SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data - SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init - SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context - SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag - SAUCE: security, lsm: Introduce security_create_user_ns() - SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable - SAUCE: selinux: Implement userns_create hook - SAUCE: apparmor: add user namespace creation mediation - [Config] update configs after apply new apparmor patch set * [22.10 FEAT] KVM: Secure Execution guest dump encryption with customer keys - kernel part (LP: #1959940) - s390/uv: Add SE hdr query information - s390/uv: Add dump fields to query - KVM: s390: pv: Add query interface - KVM: s390: pv: Add dump support definitions - KVM: s390: pv: Add query dump information - KVM: s390: Add configuration dump functionality - KVM: s390: Add CPU dump functionality - KVM: s390: Add KVM_CAP_S390_PROTECTED_DUMP - Documentation: virt: Protected virtual machine dumps - Documentation/virt/kvm/api.rst: Add protvirt dump/info api descriptions - Documentation/virt/kvm/api.rst: Explain rc/rrc delivery * [SRU][OEM-5.14/Jammy/OEM-5.17][PATCH 0/1] Fix blank screen on Thinkpad ADL 4K+ panel (LP: #1980621) - SAUCE: drm/i915: Implement WaEdpLinkRateDataReload - SAUCE: Revert "drm/i915/display: Re-add check for low voltage sku for max dp source rate" * [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103) - s390/qeth: cache link_info for ethtool * Kernel livepatch support for for s390x (LP: #1639924) - [Config] Enable EXPOLINE_EXTERN on s390x * IWLMEI may cause device down at resuming from s2idle (LP: #1987312) - [Config] Disable IWLMEI * Raise CONFIG_NR_CPUS (LP: #1967889) - [Config] Raise riscv64 CONFIG_NR_CPUS to 32 * PolarFire Icicle Kit: missing USB support (LP: #1986970) - usb: musb: Add support for PolarFire SoC's musb controller - usb: musb: mpfs: Fix error codes in probe() - usb: musb: mpfs: add missing clk_disable_unprepare() in mpfs_remove() - [Config] Enable CONFIG_USB_MUSB_POLARFIRE_SOC on riscv64 * System freeze after resuming from suspend due to PCI ASPM settings (LP: #1980829) - SAUCE: PCI/ASPM: Save/restore L1SS Capability for suspend/resume - SAUCE: whitelist platforms that needs save/restore ASPM L1SS for suspend/resume * Please enable CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU (LP: #1980861) - [Config] Switch from DECOMP_SINGLE to DECOMP_MULTI_PERCPU * Miscellaneous Ubuntu changes - [Config] enable security-related configs - [Packaging] Make stamp-install- target reentrant - [Packaging] Pass kernel build_arch to dkms - [Packaging] Enable building zfs during cross-compile - [Packaging] temporarily disable signing for ppc64el -- Juerg Haefliger