Bug #1959735 “[22.04 FEAT] KVM: Improve SIGP architectural compl...” : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2022-02-02

tags:	added: architecture-s39064 bugnameltc-196128 severity-high targetmilestone-inin2204
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-02: Comment bridged from LTC Bugzilla

#1

------- Comment From <email address hidden> 2022-02-01 21:31 EDT-------
The following three patches are needed:

[1] 812de04661c4 KVM: s390: Clarify SIGP orders versus STOP/RESTART

This one was added to linux-stable, and exists beginning with 5.4.173
eric:linux-stable$ git log --oneline --max-count=1 origin/linux-5.4.y -- arch/s390/kvm/sigp.c
70ae85ca124e KVM: s390: Clarify SIGP orders versus STOP/RESTART
eric:linux-stable$ git tag --contains=70ae85ca124e
v5.4.173
v5.4.174

[2] 67cf68b6a5cc KVM: s390: Add a routine for setting userspace CPU state

[3] 8eeba194a32e KVM: s390: Simplify SIGP Set Arch handling

Frank Heimes (fheimes) on 2022-02-02

Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in ubuntu-z-systems:
importance:	Undecided → High

Frank Heimes (fheimes) on 2022-02-02

Changed in linux (Ubuntu):
assignee:	Skipper Bug Screeners (skipper-screen-team) → Frank Heimes (fheimes)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-02:

#2

A build of a patched jammy kernel 5.15.0-19.19 is currently ongoing at PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1959735/+packages
and is soon available for additional testing.

Changed in linux (Ubuntu):
status:	New → In Progress
Changed in ubuntu-z-systems:
status:	New → In Progress

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-02:

#3

Patch request submitted:
https://lists.ubuntu.com/archives/kernel-team/2022-February/thread.html#127657
Updating status to 'In Progress'.

Changed in linux (Ubuntu):
assignee:	Frank Heimes (fheimes) → Canonical Kernel Team (canonical-kernel-team)

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-04 (last edit on 2022-02-09):

#4

submitted a
v2: fixed hash, cherry picked from linux (instead of linux-next), based on 5.15.0-20.20
v3: reordered
https://lists.ubuntu.com/archives/kernel-team/2022-February/thread.html#127691

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-11:

#5

------- Comment From <email address hidden> 2022-02-11 09:52 EDT-------
(In reply to comment #12)
> submitted a
> v2: fixed hash, cherry picked from linux (instead of linux-next), based on
> 5.15.0-20.20
> https://lists.ubuntu.com/archives/kernel-team/2022-February/thread.
> html#127691

@Frank, sorry about my ignorance. In the link above I see patches [2] and [3], but not [1] (although I see it's part of your PPA build). Is this because [1] is in stable or an oversight?

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-11:

#6

Hi Viktor, well, the views on this ticket from BZ and LP are different which can be sometimes confusing - especially the numbering of the comments is different.
And especially in this case I had to re-send the patch request to the kernel teams mailing list.
So let me summarize again:

This is the patch request (v3) as it got accepted and included:
https://lists.ubuntu.com/archives/kernel-team/2022-February/thread.html#127697
(The above link is to the thread view and consists of:
cover-letter:
https://lists.ubuntu.com/archives/kernel-team/2022-February/127697.html
patch/commit 1/2:
https://lists.ubuntu.com/archives/kernel-team/2022-February/127698.html
patch/commit 2/2:
https://lists.ubuntu.com/archives/kernel-team/2022-February/127699.html
)

And this is the PPA where the test kernel can be found:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1959735

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-11:

#7

I should have added that it is for now accepted by the kernel team and got applied to jammy's master-next tree.
It's not yet available via the common archive until the kernel SRU cycle is fully completed (hence the PPA).

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-11:

#8

------- Comment From <email address hidden> 2022-02-11 10:43 EDT-------
(In reply to comment #16)
> Hi Viktor, well, the views on this ticket from BZ and LP are different which
> can be sometimes confusing - especially the numbering of the comments is
> different.
> And especially in this case I had to re-send the patch request to the kernel
> teams mailing list.
> So let me summarize again:
>
> This is the patch request (v3) as it got accepted and included:
> https://lists.ubuntu.com/archives/kernel-team/2022-February/thread.
> html#127697
> (The above link is to the thread view and consists of:
> cover-letter:
> https://lists.ubuntu.com/archives/kernel-team/2022-February/127697.html
> patch/commit 1/2:
> https://lists.ubuntu.com/archives/kernel-team/2022-February/127698.html
> patch/commit 2/2:
> https://lists.ubuntu.com/archives/kernel-team/2022-February/127699.html
> )
>
> And this is the PPA where the test kernel can be found:
> https://launchpad.net/~fheimes/+archive/ubuntu/lp1959735

Hi Frank, I was referring to
[1] 812de04661c4 KVM: s390: Clarify SIGP orders versus STOP/RESTART
which was not contained in the series you posted. But I can see it is contained in the PPA's diff and that is what's puzzling me.

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-11:

#9

Hi Viktor,
that is because 812de04661c4 "KVM: s390: Clarify SIGP orders versus STOP/RESTART" was already included jammy's master-next tree - it obviously came in with a different ticket.
I just looked it up it came in via this upstream stable ticket LP#1958977, with that this particular patch is included since kernel Ubuntu-5.15.0-19.19.
(Hence IBM must have that marked as upstream stable, and we picked it from there.)
Hence I only needed to pick and sent the remaining two:
435d17955519 "KVM: s390: Add a routine for setting userspace CPU state"
and
4563bcad46bf "KVM: s390: Simplify SIGP Set Arch handling"

Revision history for this message

bugproxy (bugproxy) wrote on 2022-02-14:

#10

------- Comment From <email address hidden> 2022-02-14 03:14 EDT-------
Perfect, thanks for clarifying, Frank.

Frank Heimes (fheimes) on 2022-03-17

information type:

Private → Public

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-03-18:

#11

Download full text (67.6 KiB)

This bug was fixed in the package linux - 5.15.0-23.23

---------------
linux (5.15.0-23.23) jammy; urgency=medium

* jammy/linux: 5.15.0-23.23 -proposed tracker (LP: #1964573)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build{,--nvidia-N} from LRMv5
    - debian/dkms-versions -- update from kernel-versions (main/master)

  * [22.04 FEAT] KVM: Enable GISA support for Secure Execution guests
    (LP: #1959977)
    - KVM: s390: pv: make use of ultravisor AIV support

  * intel_iommu breaks Intel IPU6 camera: isys port open ready failed -16
    (LP: #1958004)
    - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs

  * CVE-2022-23960
    - ARM: report Spectre v2 status through sysfs
    - ARM: early traps initialisation
    - ARM: use LOADADDR() to get load address of sections
    - ARM: Spectre-BHB workaround
    - ARM: include unprivileged BPF status in Spectre V2 reporting
    - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
    - arm64: Add HWCAP for self-synchronising virtual counter
    - arm64: Add Cortex-X2 CPU part definition
    - arm64: add ID_AA64ISAR2_EL1 sys register
    - arm64: cpufeature: add HWCAP for FEAT_AFP
    - arm64: cpufeature: add HWCAP for FEAT_RPRES
    - arm64: entry.S: Add ventry overflow sanity checks
    - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
    - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
    - arm64: entry: Make the trampoline cleanup optional
    - arm64: entry: Free up another register on kpti's tramp_exit path
    - arm64: entry: Move the trampoline data page before the text page
    - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
    - arm64: entry: Don't assume tramp_vectors is the start of the vectors
    - arm64: entry: Move trampoline macros out of ifdef'd section
    - arm64: entry: Make the kpti trampoline's kpti sequence optional
    - arm64: entry: Allow the trampoline text to occupy multiple pages
    - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
    - arm64: entry: Add vectors that have the bhb mitigation sequences
    - arm64: entry: Add macro for reading symbol addresses from the trampoline
    - arm64: Add percpu vectors for EL1
    - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
    - arm64: Mitigate spectre style branch history side channels
    - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
    - arm64: Use the clearbhb instruction in mitigations
    - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2
      mitigation reporting
    - ARM: fix build error when BPF_SYSCALL is disabled

  * CVE-2021-26401
    - x86/speculation: Use generic retpoline by default on AMD
    - x86/speculation: Update link to AMD speculation whitepaper
    - x86/speculation: Warn about Spectre v2 LFENCE mitigation
    - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT

  * CVE-2022-0001
    - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
    - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
    - x86/speculation: Add eIBRS + Retpoline options
    - Document...

This bug was fixed in the package linux - 5.15.0-23.23

---------------
linux (5.15.0-23.23) jammy; urgency=medium

* jammy/linux: 5.15.0-23.23 -proposed tracker (LP: #1964573)

* Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build{,--nvidia-N} from LRMv5
    - debian/dkms-versions -- update from kernel-versions (main/master)

* [22.04 FEAT] KVM: Enable GISA support for Secure Execution guests
    (LP: #1959977)
    - KVM: s390: pv: make use of ultravisor AIV support

* intel_iommu breaks Intel IPU6 camera: isys port open ready failed -16
    (LP: #1958004)
    - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs

* CVE-2022-23960
    - ARM: report Spectre v2 status through sysfs
    - ARM: early traps initialisation
    - ARM: use LOADADDR() to get load address of sections
    - ARM: Spectre-BHB workaround
    - ARM: include unprivileged BPF status in Spectre V2 reporting
    - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
    - arm64: Add HWCAP for self-synchronising virtual counter
    - arm64: Add Cortex-X2 CPU part definition
    - arm64: add ID_AA64ISAR2_EL1 sys register
    - arm64: cpufeature: add HWCAP for FEAT_AFP
    - arm64: cpufeature: add HWCAP for FEAT_RPRES
    - arm64: entry.S: Add ventry overflow sanity checks
    - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
    - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
    - arm64: entry: Make the trampoline cleanup optional
    - arm64: entry: Free up another register on kpti's tramp_exit path
    - arm64: entry: Move the trampoline data page before the text page
    - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
    - arm64: entry: Don't assume tramp_vectors is the start of the vectors
    - arm64: entry: Move trampoline macros out of ifdef'd section
    - arm64: entry: Make the kpti trampoline's kpti sequence optional
    - arm64: entry: Allow the trampoline text to occupy multiple pages
    - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
    - arm64: entry: Add vectors that have the bhb mitigation sequences
    - arm64: entry: Add macro for reading symbol addresses from the trampoline
    - arm64: Add percpu vectors for EL1
    - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
    - arm64: Mitigate spectre style branch history side channels
    - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
    - arm64: Use the clearbhb instruction in mitigations
    - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2
      mitigation reporting
    - ARM: fix build error when BPF_SYSCALL is disabled

* CVE-2021-26401
    - x86/speculation: Use generic retpoline by default on AMD
    - x86/speculation: Update link to AMD speculation whitepaper
    - x86/speculation: Warn about Spectre v2 LFENCE mitigation
    - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT

* CVE-2022-0001
    - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
    - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
    - x86/speculation: Add eIBRS + Retpoline options
    - Documentation/hw-vuln: Update spectre doc
    - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
      reporting

* Jammy update: v5.15.27 upstream stable release (LP: #1964361)
    - mac80211_hwsim: report NOACK frames in tx_status
    - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
    - i2c: bcm2835: Avoid clock stretching timeouts
    - ASoC: rt5668: do not block workqueue if card is unbound
    - ASoC: rt5682: do not block workqueue if card is unbound
    - regulator: core: fix false positive in regulator_late_cleanup()
    - Input: clear BTN_RIGHT/MIDDLE on buttonpads
    - btrfs: get rid of warning on transaction commit when using flushoncommit
    - KVM: arm64: vgic: Read HW interrupt pending state from the HW
    - block: loop:use kstatfs.f_bsize of backing file to set discard granularity
    - tipc: fix a bit overflow in tipc_crypto_key_rcv()
    - cifs: do not use uninitialized data in the owner/group sid
    - cifs: fix double free race when mount fails in cifs_get_root()
    - cifs: modefromsids must add an ACE for authenticated users
    - selftests/seccomp: Fix seccomp failure by adding missing headers
    - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby
    - dmaengine: shdma: Fix runtime PM imbalance on error
    - i2c: cadence: allow COMPILE_TEST
    - i2c: imx: allow COMPILE_TEST
    - i2c: qup: allow COMPILE_TEST
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
    - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
    - usb: gadget: don't release an existing dev->buf
    - usb: gadget: clear related members when goto fail
    - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
    - exfat: fix i_blocks for files truncated over 4 GiB
    - tracing: Add test for user space strings when filtering on string pointers
    - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
    - serial: stm32: prevent TDR register overwrite when sending x_char
    - ext4: drop ineligible txn start stop APIs
    - ext4: simplify updating of fast commit stats
    - ext4: fast commit may not fallback for ineligible commit
    - ext4: fast commit may miss file actions
    - sched/fair: Fix fault in reweight_entity
    - ata: pata_hpt37x: fix PCI clock detection
    - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
    - tracing: Add ustring operation to filtering string pointers
    - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
    - NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment()
    - NFSD: Fix zero-length NFSv3 WRITEs
    - io_uring: fix no lock protection for ctx->cq_extra
    - tools/resolve_btf_ids: Close ELF file on error
    - mtd: spi-nor: Fix mtd size for s3an flashes
    - MIPS: fix local_{add,sub}_return on MIPS64
    - signal: In get_signal test for signal_group_exit every time through the loop
    - PCI: mediatek-gen3: Disable DVFSRC voltage request
    - PCI: rcar: Check if device is runtime suspended instead of
      __clk_is_enabled()
    - PCI: dwc: Do not remap invalid res
    - PCI: aardvark: Fix checking for MEM resource type
    - KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest
    - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU
    - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration
    - KVM: X86: Ensure that dirty PDPTRs are loaded
    - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg
    - KVM: x86: Exit to userspace if emulation prepared a completion callback
    - i3c: fix incorrect address slot lookup on 64-bit
    - i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in
      'hci_dat_v1_get_index()'
    - tracing: Do not let synth_events block other dyn_event systems during create
    - Input: ti_am335x_tsc - set ADCREFM for X configuration
    - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
    - PCI: mvebu: Check for errors from pci_bridge_emul_init() call
    - PCI: mvebu: Do not modify PCI IO type bits in conf_write
    - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge
    - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated
      bridge
    - PCI: mvebu: Setup PCIe controller to Root Complex mode
    - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
    - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
    - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge
    - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on
      emulated bridge
    - NFSD: Fix verifier returned in stable WRITEs
    - Revert "nfsd: skip some unnecessary stats in the v4 case"
    - nfsd: fix crash on COPY_NOTIFY with special stateid
    - x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi()
    - drm/i915: don't call free_mmap_offset when purging
    - SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point
    - SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points
    - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get
    - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable
      in self refresh mode
    - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
    - ntb_hw_switchtec: Fix bug with more than 32 partitions
    - drm/amdkfd: Check for null pointer after calling kmemdup
    - drm/amdgpu: use spin_lock_irqsave to avoid deadlock by local interrupt
    - i3c: master: dw: check return of dw_i3c_master_get_free_pos()
    - dma-buf: cma_heap: Fix mutex locking section
    - tracing/uprobes: Check the return value of kstrdup() for tu->filename
    - tracing/probes: check the return value of kstrndup() for pbuf
    - mm: defer kmemleak object creation of module_alloc()
    - kasan: fix quarantine conflicting with init_on_free
    - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
      setting
    - hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
    - drm/amdgpu/display: Only set vblank_disable_immediate when PSR is not
      enabled
    - drm/amdgpu: filter out radeon PCI device IDs
    - drm/amdgpu: filter out radeon secondary ids as well
    - drm/amd/display: Use adjusted DCN301 watermarks
    - drm/amd/display: move FPU associated DSC code to DML folder
    - ethtool: Fix link extended state for big endian
    - octeontx2-af: Optimize KPU1 processing for variable-length headers
    - octeontx2-af: Reset PTP config in FLR handler
    - octeontx2-af: cn10k: RPM hardware timestamp configuration
    - octeontx2-af: cn10k: Use appropriate register for LMAC enable
    - octeontx2-af: Adjust LA pointer for cpt parse header
    - octeontx2-af: Add KPU changes to parse NGIO as separate layer
    - net/mlx5e: IPsec: Refactor checksum code in tx data path
    - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic
    - bpf: Use u64_stats_t in struct bpf_prog_stats
    - bpf: Fix possible race in inc_misses_counter
    - drm/amd/display: Update watermark values for DCN301
    - drm: mxsfb: Set fallback bus format when the bridge doesn't provide one
    - drm: mxsfb: Fix NULL pointer dereference
    - riscv/mm: Add XIP_FIXUP for phys_ram_base
    - drm/i915/display: split out dpt out of intel_display.c
    - drm/i915/display: Move DRRS code its own file
    - drm/i915: Disable DRRS on IVB/HSW port != A
    - gve: Recording rx queue before sending to napi
    - net: dsa: ocelot: seville: utilize of_mdiobus_register
    - net: dsa: seville: register the mdiobus under devres
    - ibmvnic: don't release napi in __ibmvnic_open()
    - of: net: move of_net under net/
    - net: ethernet: litex: Add the dependency on HAS_IOMEM
    - drm/mediatek: mtk_dsi: Reset the dsi0 hardware
    - cifs: protect session channel fields with chan_lock
    - cifs: fix confusing unneeded warning message on smb2.1 and earlier
    - drm/amd/display: Fix stream->link_enc unassigned during stream removal
    - bnxt_en: Fix occasional ethtool -t loopback test failures
    - drm/amd/display: For vblank_disable_immediate, check PSR is really used
    - PCI: mvebu: Fix device enumeration regression
    - net: of: fix stub of_net helpers for CONFIG_NET=n
    - ALSA: intel_hdmi: Fix reference to PCM buffer address
    - ucounts: Fix systemd LimitNPROC with private users regression
    - riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
    - riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
    - riscv: Fix config KASAN && DEBUG_VIRTUAL
    - iwlwifi: mvm: check debugfs_dir ptr before use
    - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
    - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode
    - iommu/amd: Recover from event log overflow
    - drm/i915: s/JSP2/ICP2/ PCH
    - drm/amd/display: Reduce dmesg error to a debug print
    - xen/netfront: destroy queues before real_num_tx_queues is zeroed
    - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
    - mac80211: fix EAPoL rekey fail in 802.3 rx path
    - blktrace: fix use after free for struct blk_trace
    - ntb: intel: fix port config status offset for SPR
    - mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
    - xfrm: fix MTU regression
    - netfilter: fix use-after-free in __nf_register_net_hook()
    - bpf, sockmap: Do not ignore orig_len parameter
    - xfrm: fix the if_id check in changelink
    - xfrm: enforce validity of offload input flags
    - e1000e: Correct NVM checksum verification flow
    - net: fix up skbs delta_truesize in UDP GRO frag_list
    - netfilter: nf_queue: don't assume sk is full socket
    - netfilter: nf_queue: fix possible use-after-free
    - netfilter: nf_queue: handle socket prefetch
    - batman-adv: Request iflink once in batadv-on-batadv check
    - batman-adv: Request iflink once in batadv_get_real_netdevice
    - batman-adv: Don't expect inter-netns unique iflink indices
    - net: ipv6: ensure we call ipv6_mc_down() at most once
    - net: dcb: flush lingering app table entries for unregistered devices
    - net: ipa: add an interconnect dependency
    - net/smc: fix connection leak
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
    - btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range
    - mac80211: fix forwarded mesh frames AC & queue selection
    - net: stmmac: fix return value of __setup handler
    - mac80211: treat some SAE auth steps as final
    - iavf: Fix missing check for running netdev
    - net: sxgbe: fix return value of __setup handler
    - ibmvnic: register netdev after init of adapter
    - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
    - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
    - iavf: Fix deadlock in iavf_reset_task
    - efivars: Respect "block" flag in efivar_entry_set_safe()
    - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
    - firmware: arm_scmi: Remove space in MODULE_ALIAS name
    - ASoC: cs4265: Fix the duplicated control name
    - auxdisplay: lcd2s: Fix memory leak in ->remove()
    - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object
    - can: gs_usb: change active_channels's type from atomic_t to u8
    - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
    - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
    - igc: igc_read_phy_reg_gpy: drop premature return
    - ARM: Fix kgdb breakpoint for Thumb2
    - mips: setup: fix setnocoherentio() boolean setting
    - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
    - mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
    - selftests: mlxsw: tc_police_scale: Make test more robust
    - pinctrl: sunxi: Use unique lockdep classes for IRQs
    - igc: igc_write_phy_reg_gpy: drop premature return
    - ibmvnic: free reset-work-item when flushing
    - memfd: fix F_SEAL_WRITE after shmem huge page allocated
    - s390/extable: fix exception table sorting
    - sched: Fix yet more sched_fork() races
    - arm64: dts: juno: Remove GICv2m dma-range
    - iommu/amd: Fix I/O page table memory leak
    - MIPS: ralink: mt7621: do memory detection on KSEG1
    - ARM: dts: switch timer config to common devkit8000 devicetree
    - ARM: dts: Use 32KiHz oscillator on devkit8000
    - soc: fsl: guts: Revert commit 3c0d64e867ed
    - soc: fsl: guts: Add a missing memory allocation failure check
    - soc: fsl: qe: Check of ioremap return value
    - netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
    - ARM: tegra: Move panels to AUX bus
    - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8
    - net: stmmac: enhance XDP ZC driver level switching performance
    - net: stmmac: only enable DMA interrupts when ready
    - ibmvnic: initialize rc before completing wait
    - ibmvnic: define flush_reset_queue helper
    - ibmvnic: complete init_done on transport events
    - net: chelsio: cxgb3: check the return value of pci_find_capability()
    - net: sparx5: Fix add vlan when invalid operation
    - iavf: Refactor iavf state machine tracking
    - iavf: Add __IAVF_INIT_FAILED state
    - iavf: Combine init and watchdog state machines
    - iavf: Add trace while removing device
    - iavf: Rework mutexes for better synchronisation
    - iavf: Add helper function to go from pci_dev to adapter
    - iavf: Fix kernel BUG in free_msi_irqs
    - iavf: Add waiting so the port is initialized in remove
    - iavf: Fix init state closure on remove
    - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS
    - iavf: Fix race in init state
    - iavf: Fix __IAVF_RESETTING state usage
    - drm/i915/guc/slpc: Correct the param count for unset param
    - drm/bridge: ti-sn65dsi86: Properly undo autosuspend
    - e1000e: Fix possible HW unit hang after an s0ix exit
    - MIPS: ralink: mt7621: use bitwise NOT instead of logical
    - nl80211: Handle nla_memdup failures in handle_nan_filter
    - drm/amdgpu: fix suspend/resume hang regression
    - net: dcb: disable softirqs in dcbnl_flush_dev()
    - selftests: mlxsw: resource_scale: Fix return value
    - net: stmmac: perserve TX and RX coalesce value during XDP setup
    - iavf: do not override the adapter state in the watchdog task (again)
    - iavf: missing unlocks in iavf_watchdog_task()
    - MAINTAINERS: adjust file entry for of_net.c after movement
    - Input: elan_i2c - move regulator_[en|dis]able() out of
      elan_[en|dis]able_power()
    - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
    - Input: samsung-keypad - properly state IOMEM dependency
    - HID: add mapping for KEY_DICTATE
    - HID: add mapping for KEY_ALL_APPLICATIONS
    - tracing/histogram: Fix sorting on old "cpu" value
    - tracing: Fix return value of __setup handlers
    - btrfs: fix lost prealloc extents beyond eof after full fsync
    - btrfs: fix relocation crash due to premature return from
      btrfs_commit_transaction()
    - btrfs: do not WARN_ON() if we have PageError set
    - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
    - btrfs: add missing run of delayed items after unlink during log replay
    - btrfs: do not start relocation until in progress drops are done
    - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
    - proc: fix documentation and description of pagemap
    - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots()
    - hamradio: fix macro redefine warning
    - Linux 5.15.27
    - [Config] updateconfigs

* devices on thunderbolt dock are not recognized on adl-p platform
    (LP: #1955016)
    - thunderbolt: Tear down existing tunnels when resuming from hibernate
    - thunderbolt: Runtime resume USB4 port when retimers are scanned
    - thunderbolt: Do not allow subtracting more NFC credits than configured
    - thunderbolt: Do not program path HopIDs for USB4 routers
    - thunderbolt: Add debug logging of DisplayPort resource allocation

* MT7921[14c3:7961] ASPM is disabled and it affects power consumption
    (LP: #1955882)
    - mt76: mt7921: enable aspm by default

* Add proper runtime PM support to Realtek PCIe cardreader (LP: #1963615)
    - mmc: rtsx: Use pm_runtime_{get, put}() to handle runtime PM
    - misc: rtsx: Rework runtime power management flow
    - misc: rtsx: Cleanup power management ops
    - misc: rtsx: Quiesce rts5249 on system suspend
    - mmc: rtsx: Let MMC core handle runtime PM
    - misc: rtsx: conditionally build rtsx_pm_power_saving()
    - misc: rtsx: rts522a rts5228 rts5261 support Runtime PM
    - mmc: rtsx: Fix build errors/warnings for unused variable
    - mmc: rtsx: add 74 Clocks in power on flow

* [22.04 FEAT] In-kernel crypto: SIMD implementation of chacha20
    (LP: #1853152)
    - s390/crypto: add SIMD implementation for ChaCha20
    - s390/crypto: fix compile error for ChaCha20 module

* Add ConnectX7 support and bug fixes  to Jammy (LP: #1962185)
    - IB/mlx5: Expose NDR speed through MAD

* INVALID or PRIVATE BUG (LP: #1959890)
    - [Config] Deactivate CONFIG_QETH_OSX kernel config option

* Move virtual graphics drivers from linux-modules-extra to linux-modules
    (LP: #1960633)
    - [Packaging] Move VM DRM drivers into modules

* Not able to enter s2idle state on AMD platforms (LP: #1961121)
    - HID: amd_sfh: Handle amd_sfh work buffer in PM ops
    - HID: amd_sfh: Disable the interrupt for all command
    - HID: amd_sfh: Add functionality to clear interrupts
    - HID: amd_sfh: Add interrupt handler to process interrupts

* INVALID or PRIVATE BUG (LP: #1960580)
    - s390/kexec_file: move kernel image size check
    - s390: support command lines longer than 896 bytes

* [UBUNTU 20.04] kernel: Add support for CPU-MF counter second version 7
    (LP: #1960182)
    - s390/cpumf: Support for CPU Measurement Facility CSVN 7
    - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit

* [SRU]PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is
    enabled by IOMMU (LP: #1937295)
    - PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled
      by IOMMU

* Jammy update: v5.15.26 upstream stable release (LP: #1963891)
    - mm/filemap: Fix handling of THPs in generic_file_buffered_read()
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - cgroup-v1: Correct privileges check in release_agent writes
    - x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing
    - btrfs: tree-checker: check item_size for inode_item
    - btrfs: tree-checker: check item_size for dev_item
    - clk: jz4725b: fix mmc0 clock gating
    - io_uring: don't convert to jiffies for waiting on timeouts
    - io_uring: disallow modification of rsrc_data during quiesce
    - selinux: fix misuse of mutex_is_locked()
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - KVM: x86/mmu: make apf token non-zero to fix bug
    - drm/amd/display: Protect update_bw_bounding_box FPU code.
    - drm/amd/pm: fix some OEM SKU specific stability issues
    - drm/amd: Check if ASPM is enabled from PCIe subsystem
    - drm/amdgpu: disable MMHUB PG for Picasso
    - drm/amdgpu: do not enable asic reset for raven2
    - drm/i915: Widen the QGV point mask
    - drm/i915: Correctly populate use_sagv_wm for all pipes
    - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - CDC-NCM: avoid overflow in sanity checking
    - netfilter: xt_socket: fix a typo in socket_mt_destroy()
    - netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES dependency
    - tee: export teedev_open() and teedev_close_context()
    - optee: use driver internal tee_context for some rpc
    - ping: remove pr_err from ping_lookup
    - Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
    - gpu: host1x: Always return syncpoint value when waiting
    - perf evlist: Fix failed to use cpu list for uncore events
    - perf data: Fix double free in perf_session__delete()
    - mptcp: fix race in incoming ADD_ADDR option processing
    - mptcp: add mibs counter for ignored incoming options
    - selftests: mptcp: fix diag instability
    - selftests: mptcp: be more conservative with cookie MPJ limits
    - bnx2x: fix driver load from initrd
    - bnxt_en: Fix active FEC reporting to ethtool
    - bnxt_en: Fix offline ethtool selftest with RDMA enabled
    - bnxt_en: Fix incorrect multicast rx mask setting when not requested
    - hwmon: Handle failure to register sensor with thermal zone correctly
    - net/mlx5: Fix tc max supported prio for nic mode
    - ice: check the return of ice_ptp_gettimex64
    - ice: initialize local variable 'tlv'
    - net/mlx5: Update the list of the PCI supported devices
    - bpf: Fix crash due to incorrect copy_map_value
    - bpf: Do not try bpf_msg_push_data with len 0
    - selftests: bpf: Check bpf_msg_push_data return value
    - bpf: Fix a bpf_timer initialization issue
    - bpf: Add schedule points in batch ops
    - io_uring: add a schedule point in io_add_buffers()
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
    - tipc: Fix end of loop tests for list_for_each_entry()
    - gso: do not skip outer ip header in case of ipip and net_failover
    - net: mv643xx_eth: process retval from of_get_mac_address
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
    - drm/edid: Always set RGB444
    - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    - drm/vc4: crtc: Fix runtime_pm reference counting
    - drm/i915/dg2: Print PHY name properly on calibration error
    - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
    - net: ll_temac: check the return value of devm_kmalloc()
    - net: Force inlining of checksum functions in net/checksum.h
    - netfilter: nf_tables: unregister flowtable hooks on netns exit
    - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
    - net: mdio-ipq4019: add delay after clock enable
    - netfilter: nf_tables: fix memory leak during stateful obj update
    - net/smc: Use a mutex for locking "struct smc_pnettable"
    - surface: surface3_power: Fix battery readings on batteries without a serial
      number
    - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
    - net/mlx5: DR, Cache STE shadow memory
    - ibmvnic: schedule failover only if vioctl fails
    - net/mlx5: DR, Don't allow match on IP w/o matching on full
      ethertype/ip_version
    - net/mlx5: Fix possible deadlock on rule deletion
    - net/mlx5: Fix wrong limitation of metadata match on ecpf
    - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated
    - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
    - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
    - net/mlx5: Update log_max_qp value to be 17 at most
    - spi: spi-zynq-qspi: Fix a NULL pointer dereference in
      zynq_qspi_exec_mem_op()
    - gpio: rockchip: Reset int_bothedge when changing trigger
    - regmap-irq: Update interrupt clear register for proper reset
    - net-timestamp: convert sk->sk_tskey to atomic_t
    - RDMA/rtrs-clt: Fix possible double free in error case
    - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
    - bnxt_en: Increase firmware message response DMA wait time
    - configfs: fix a race in configfs_{,un}register_subsystem()
    - RDMA/ib_srp: Fix a deadlock
    - tracing: Dump stacktrace trigger to the corresponding instance
    - tracing: Have traceon and traceoff trigger honor the instance
    - iio:imu:adis16480: fix buffering for devices with no burst mode
    - iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    - iio: adc: tsc2046: fix memory corruption by preventing array overflow
    - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
    - iio: accel: fxls8962af: add padding to regmap for SPI
    - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
    - iio: Fix error handling for PM
    - sc16is7xx: Fix for incorrect data being transmitted
    - ata: pata_hpt37x: disable primary channel on HPT371
    - Revert "USB: serial: ch341: add new Product ID for CH341A"
    - usb: gadget: rndis: add spinlock for rndis response list
    - USB: gadget: validate endpoint index for xilinx udc
    - tracefs: Set the group ownership in apply_options() not parse_options()
    - USB: serial: option: add support for DW5829e
    - USB: serial: option: add Telit LE910R1 compositions
    - usb: dwc2: drd: fix soft connect when gadget is unconfigured
    - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail
    - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
    - usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    - xhci: re-initialize the HC during resume if HCE was set
    - xhci: Prevent futile URB re-submissions due to incorrect return value.
    - nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property
    - mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios property
    - driver core: Free DMA range map when device is released
    - btrfs: prevent copying too big compressed lzo segment
    - RDMA/cma: Do not change route.addr.src_addr outside state checks
    - thermal: int340x: fix memory leak in int3400_notify()
    - staging: fbtft: fb_st7789v: reset display before initialization
    - tps6598x: clear int mask on probe failure
    - IB/qib: Fix duplicate sysfs directory name
    - riscv: fix nommu_k210_sdcard_defconfig
    - riscv: fix oops caused by irqsoff latency tracer
    - tty: n_gsm: fix encoding of control signal octet bit DV
    - tty: n_gsm: fix proper link termination after failed open
    - tty: n_gsm: fix NULL pointer access due to DLCI release
    - tty: n_gsm: fix wrong tty control line for flow control
    - tty: n_gsm: fix wrong modem processing in convergence layer type 2
    - tty: n_gsm: fix deadlock in gsmtty_open()
    - pinctrl: fix loop in k210_pinconf_get_drive()
    - pinctrl: k210: Fix bias-pull-up
    - gpio: tegra186: Fix chip_data type confusion
    - memblock: use kfree() to release kmalloced memblock regions
    - ice: Fix race conditions between virtchnl handling and VF ndo ops
    - ice: fix concurrent reset and removal of VFs
    - Linux 5.15.26

* Jammy update: v5.15.25 upstream stable release (LP: #1963890)
    - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
    - fs/proc: task_mmu.c: don't read mapcount for migration entry
    - btrfs: zoned: cache reported zone during mount
    - HID:Add support for UGTABLET WP5540
    - Revert "svm: Add warning message for AVIC IPI invalid target"
    - parisc: Show error if wrong 32/64-bit compiler is being used
    - serial: parisc: GSC: fix build when IOSAPIC is not set
    - parisc: Drop __init from map_pages declaration
    - parisc: Fix data TLB miss in sba_unmap_sg
    - parisc: Fix sglist access in ccio-dma.c
    - mmc: block: fix read single on recovery logic
    - mm: don't try to NUMA-migrate COW pages that have other uses
    - HID: amd_sfh: Add illuminance mask to limit ALS max value
    - HID: i2c-hid: goodix: Fix a lockdep splat
    - HID: amd_sfh: Increase sensor command timeout
    - HID: amd_sfh: Correct the structure field name
    - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
      topology
    - parisc: Add ioread64_lo_hi() and iowrite64_lo_hi()
    - btrfs: send: in case of IO error log it
    - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1
    - platform/x86: ISST: Fix possible circular locking dependency detected
    - kunit: tool: Import missing importlib.abc
    - selftests: rtc: Increase test timeout so that all tests run
    - kselftest: signal all child processes
    - net: ieee802154: at86rf230: Stop leaking skb's
    - selftests/zram: Skip max_comp_streams interface on newer kernel
    - selftests/zram01.sh: Fix compression ratio calculation
    - selftests/zram: Adapt the situation that /dev/zram0 is being used
    - selftests: openat2: Print also errno in failure messages
    - selftests: openat2: Add missing dependency in Makefile
    - selftests: openat2: Skip testcases that fail with EOPNOTSUPP
    - selftests: skip mincore.check_file_mmap when fs lacks needed support
    - ax25: improve the incomplete fix to avoid UAF and NPD bugs
    - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP
    - vfs: make freeze_super abort when sync_filesystem returns error
    - quota: make dquot_quota_sync return errors from ->sync_fs
    - scsi: pm80xx: Fix double completion for SATA devices
    - kselftest: Fix vdso_test_abi return status
    - scsi: core: Reallocate device's budget map on queue depth change
    - scsi: pm8001: Fix use-after-free for aborted TMF sas_task
    - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
    - drm/amd: Warn users about potential s0ix problems
    - nvme: fix a possible use-after-free in controller reset during load
    - nvme-tcp: fix possible use-after-free in transport error_recovery work
    - nvme-rdma: fix possible use-after-free in transport error_recovery work
    - net: sparx5: do not refer to skb after passing it on
    - drm/amd: add support to check whether the system is set to s3
    - drm/amd: Only run s3 or s0ix if system is configured properly
    - drm/amdgpu: fix logic inversion in check
    - x86/Xen: streamline (and fix) PV CPU enumeration
    - Revert "module, async: async_synchronize_full() on module init iff async is
      used"
    - gcc-plugins/stackleak: Use noinstr in favor of notrace
    - random: wake up /dev/random writers after zap
    - KVM: x86/xen: Fix runstate updates to be atomic when preempting vCPU
    - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of
      RSM
    - KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case
    - KVM: x86: nSVM: fix potential NULL derefernce on nested migration
    - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state
    - iwlwifi: fix use-after-free
    - drm/radeon: Fix backlight control on iMac 12,1
    - drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
    - drm/amd/pm: correct the sequence of sending gpu reset msg
    - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix.
    - drm/i915/opregion: check port number bounds for SWSCI display power state
    - drm/i915: Fix dbuf slice config lookup
    - drm/i915: Fix mbus join config lookup
    - vsock: remove vsock from connected table when connect is interrupted by a
      signal
    - drm/cma-helper: Set VM_DONTEXPAND for mmap
    - drm/i915/gvt: Make DRM_I915_GVT depend on X86
    - drm/i915/ttm: tweak priority hint selection
    - iwlwifi: pcie: fix locking when "HW not ready"
    - iwlwifi: pcie: gen2: fix locking when "HW not ready"
    - iwlwifi: mvm: don't send SAR GEO command for 3160 devices
    - selftests: netfilter: fix exit value for nft_concat_range
    - netfilter: nft_synproxy: unregister hooks on init error path
    - selftests: netfilter: disable rp_filter on router
    - ipv4: fix data races in fib_alias_hw_flags_set
    - ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
    - ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
    - ipv6: per-netns exclusive flowlabel checks
    - Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname"
    - mac80211: mlme: check for null after calling kmemdup
    - brcmfmac: firmware: Fix crash in brcm_alt_fw_path
    - cfg80211: fix race in netlink owner interface destruction
    - net: dsa: lan9303: fix reset on probe
    - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN
    - net: dsa: lantiq_gswip: fix use after free in gswip_remove()
    - net: dsa: lan9303: handle hwaccel VLAN tags
    - net: dsa: lan9303: add VLAN IDs to master device
    - net: ieee802154: ca8210: Fix lifs/sifs periods
    - ping: fix the dif and sdif check in ping_lookup
    - bonding: force carrier update when releasing slave
    - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
    - net_sched: add __rcu annotation to netdev->qdisc
    - bonding: fix data-races around agg_select_timer
    - libsubcmd: Fix use-after-free for realloc(..., 0)
    - net/smc: Avoid overwriting the copies of clcsock callback functions
    - net: phy: mediatek: remove PHY mode check on MT7531
    - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC
    - tipc: fix wrong publisher node address in link publications
    - dpaa2-switch: fix default return of dpaa2_switch_flower_parse_mirror_key
    - dpaa2-eth: Initialize mutex used in one step timestamping path
    - net: bridge: multicast: notify switchdev driver whenever MC processing gets
      disabled
    - perf bpf: Defer freeing string after possible strlen() on it
    - selftests/exec: Add non-regular to TEST_GEN_PROGS
    - arm64: Correct wrong label in macro __init_el2_gicv3
    - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra
    - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
    - ALSA: hda/realtek: Fix deadlock by COEF mutex
    - ALSA: hda: Fix regression on forced probe mask option
    - ALSA: hda: Fix missing codec probe on Shenker Dock 15
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx()
    - cifs: fix set of group SID via NTSD xattrs
    - powerpc/603: Fix boot failure with DEBUG_PAGEALLOC and KFENCE
    - powerpc/lib/sstep: fix 'ptesync' build error
    - mtd: rawnand: gpmi: don't leak PM reference in error path
    - smb3: fix snapshot mount option
    - tipc: fix wrong notification node addresses
    - scsi: ufs: Remove dead code
    - scsi: ufs: Fix a deadlock in the error handler
    - ASoC: tas2770: Insert post reset delay
    - ASoC: qcom: Actually clear DMA interrupt register for HDMI
    - block/wbt: fix negative inflight counter when remove scsi device
    - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked()
    - NFS: LOOKUP_DIRECTORY is also ok with symlinks
    - NFS: Do not report writeback errors in nfs_getattr()
    - tty: n_tty: do not look ahead for EOL character past the end of the buffer
    - block: fix surprise removal for drivers calling blk_set_queue_dying
    - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
    - mtd: parsers: qcom: Fix kernel panic on skipped partition
    - mtd: parsers: qcom: Fix missing free for pparts in cleanup
    - mtd: phram: Prevent divide by zero bug in phram_setup()
    - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
    - HID: elo: fix memory leak in elo_probe
    - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get
    - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
    - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    - KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event
    - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
    - ARM: OMAP2+: hwmod: Add of_node_put() before break
    - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
    - phy: usb: Leave some clocks running during suspend
    - staging: vc04_services: Fix RCU dereference check
    - phy: phy-mtk-tphy: Fix duplicated argument in phy-mtk-tphy
    - irqchip/sifive-plic: Add missing thead,c900-plic match string
    - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
    - netfilter: conntrack: don't refresh sctp entries in closed state
    - ksmbd: fix same UniqueId for dot and dotdot entries
    - ksmbd: don't align last entry offset in smb2 query directory
    - arm64: dts: meson-gx: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
    - pidfd: fix test failure due to stack overflow on some arches
    - selftests: fixup build warnings in pidfd / clone3 tests
    - mm: io_uring: allow oom-killer from io_uring_setup
    - kconfig: let 'shell' return enough output for deep path names
    - ata: libata-core: Disable TRIM on M88V29
    - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
    - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
    - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
    - tracing: Fix tp_printk option related with tp_printk_stop_on_boot
    - display/amd: decrease message verbosity about watermarks table failure
    - drm/amd/display: Cap pflip irqs per max otg number
    - drm/amd/display: fix yellow carp wm clamping
    - net: usb: qmi_wwan: Add support for Dell DW5829e
    - net: macb: Align the dma and coherent dma masks
    - kconfig: fix failing to generate auto.conf
    - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
    - EDAC: Fix calculation of returned address and next offset in
      edac_align_ptr()
    - ucounts: Handle wrapping in is_ucounts_overlimit
    - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL
    - ucounts: Base set_cred_ucounts changes on the real user
    - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1
    - lib/iov_iter: initialize "flags" in new pipe_buffer
    - rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in
      set_user
    - ucounts: Move RLIMIT_NPROC handling after set_user
    - net: sched: limit TC_ACT_REPEAT loops
    - dmaengine: sh: rcar-dmac: Check for error num after setting mask
    - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in
      stm32_dmamux_probe
    - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
    - tests: fix idmapped mount_setattr test
    - i2c: qcom-cci: don't delete an unregistered adapter
    - i2c: qcom-cci: don't put a device tree node before i2c_add_adapter()
    - dmaengine: ptdma: Fix the error handling path in pt_core_init()
    - copy_process(): Move fd_install() out of sighand->siglock critical section
    - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and
      qedi_process_cmd_cleanup_resp()
    - ice: enable parsing IPSEC SPI headers for RSS
    - i2c: brcmstb: fix support for DSL and CM variants
    - lockdep: Correct lock_classes index mapping
    - Linux 5.15.25

* Jammy update: v5.15.24 upstream stable release (LP: #1963889)
    - integrity: check the return value of audit_log_start()
    - ima: fix reference leak in asymmetric_verify()
    - ima: Remove ima_policy file before directory
    - ima: Allow template selection with ima_template[_fmt]= after ima_hash=
    - ima: Do not print policy rule with inactive LSM labels
    - mmc: sdhci-of-esdhc: Check for error num after setting mask
    - mmc: core: Wait for command setting 'Power Off Notification' bit to complete
    - can: isotp: fix potential CAN frame reception race in isotp_rcv()
    - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
    - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
    - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
    - NFS: Fix initialisation of nfs_client cl_flags field
    - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
    - NFSD: Fix ia_size underflow
    - NFSD: Clamp WRITE offsets
    - NFSD: Fix offset type in I/O trace points
    - NFSD: Fix the behavior of READ near OFFSET_MAX
    - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume
    - thermal/drivers/int340x: processor_thermal: Suppot 64 bit RFIM responses
    - thermal: int340x: Limit Kconfig to 64-bit
    - thermal/drivers/int340x: Fix RFIM mailbox write commands
    - tracing: Propagate is_signed to expression
    - NFS: change nfs_access_get_cached to only report the mask
    - NFSv4 only print the label when its queried
    - nfs: nfs4clinet: check the return value of kstrdup()
    - NFSv4.1: Fix uninitialised variable in devicenotify
    - NFSv4 remove zero number of fs_locations entries error check
    - NFSv4 store server support for fs_location attribute
    - NFSv4.1 query for fs_location attr on a new file system
    - NFSv4 expose nfs_parse_server_name function
    - NFSv4 handle port presence in fs_location server string
    - SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
    - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change
    - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change()
    - irqchip/realtek-rtl: Service all pending interrupts
    - perf/x86/rapl: fix AMD event handling
    - x86/perf: Avoid warning for Arch LBR without XSAVE
    - sched: Avoid double preemption in __cond_resched_*lock*()
    - drm/vc4: Fix deadlock on DSI device attach error
    - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
    - net: sched: Clarify error message when qdisc kind is unknown
    - powerpc/fixmap: Fix VM debug warning on unmap
    - scsi: target: iscsi: Make sure the np under each tpg is unique
    - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
    - scsi: qedf: Add stag_work to all the vports
    - scsi: qedf: Fix refcount issue when LOGO is received during TMF
    - scsi: qedf: Change context reset messages to ratelimited
    - scsi: pm8001: Fix bogus FW crash for maxcpus=1
    - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode()
    - scsi: ufs: Treat link loss as fatal error
    - scsi: myrs: Fix crash in error case
    - net: stmmac: reduce unnecessary wakeups from eee sw timer
    - PM: hibernate: Remove register_nosave_region_late()
    - drm/amd/display: Correct MPC split policy for DCN301
    - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
    - perf: Always wake the parent event
    - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
    - MIPS: Fix build error due to PTR used in more places
    - net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
    - KVM: eventfd: Fix false positive RCU usage warning
    - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
    - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
    - KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
    - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow
    - KVM: x86: Report deprecated x87 features in supported CPUID
    - riscv: fix build with binutils 2.38
    - riscv: cpu-hotplug: clear cpu from numa map when teardown
    - riscv: eliminate unreliable __builtin_frame_address(1)
    - gfs2: Fix gfs2_release for non-writers regression
    - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
    - ARM: dts: Fix boot regression on Skomer
    - ARM: socfpga: fix missing RESET_CONTROLLER
    - nvme-tcp: fix bogus request completion when failing to send AER
    - ACPI/IORT: Check node revision for PMCG resources
    - PM: s2idle: ACPI: Fix wakeup interrupts handling
    - drm/amdgpu/display: change pipe policy for DCN 2.0
    - drm/rockchip: vop: Correct RK3399 VOP register fields
    - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration
    - drm/i915: Populate pipe dbuf slices more accurately during readout
    - ARM: dts: Fix timer regression for beagleboard revision c
    - ARM: dts: meson: Fix the UART compatible strings
    - ARM: dts: meson8: Fix the UART device-tree schema validation
    - ARM: dts: meson8b: Fix the UART device-tree schema validation
    - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option
    - staging: fbtft: Fix error path in fbtft_driver_module_init()
    - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
    - phy: xilinx: zynqmp: Fix bus width setting for SGMII
    - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()
    - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
    - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers
    - usb: f_fs: Fix use-after-free for epfile
    - phy: dphy: Correct clk_pre parameter
    - gpio: aggregator: Fix calling into sleeping GPIO controllers
    - NFS: Don't overfill uncached readdir pages
    - NFS: Don't skip directory entries when doing uncached readdir
    - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
    - misc: fastrpc: avoid double fput() on failed usercopy
    - net: sparx5: Fix get_stat64 crash in tcpdump
    - netfilter: ctnetlink: disable helper autoassign
    - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
    - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io
      regulator
    - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2
    - arm64: dts: meson-sm1-odroid: fix boot loop after reboot
    - ixgbevf: Require large buffers for build_skb on 82599VF
    - drm/panel: simple: Assign data from panel_dpi_probe() correctly
    - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
    - gpiolib: Never return internal error codes to user space
    - gpio: sifive: use the correct register to read output values
    - fbcon: Avoid 'cap' set but not used warning
    - bonding: pair enable_port with slave_arr_updates
    - net: dsa: mv88e6xxx: don't use devres for mdiobus
    - net: dsa: ar9331: register the mdiobus under devres
    - net: dsa: bcm_sf2: don't use devres for mdiobus
    - net: dsa: felix: don't use devres for mdiobus
    - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding
    - net: dsa: lantiq_gswip: don't use devres for mdiobus
    - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
    - nfp: flower: fix ida_idx not being released
    - net: do not keep the dst cache when uncloning an skb dst and its metadata
    - net: fix a memleak when uncloning an skb dst and its metadata
    - veth: fix races around rq->rx_notify_masked
    - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
    - tipc: rate limit warning for received illegal binding update
    - net: amd-xgbe: disable interrupts during pci removal
    - drm/amd/pm: fix hwmon node of power1_label create issue
    - mptcp: netlink: process IPv6 addrs in creating listening sockets
    - dpaa2-eth: unregister the netdev before disconnecting from the PHY
    - ice: fix an error code in ice_cfg_phy_fec()
    - ice: fix IPIP and SIT TSO offload
    - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
    - ice: Avoid RTNL lock when re-creating auxiliary device
    - net: mscc: ocelot: fix mutex lock error during ethtool stats read
    - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
    - vt_ioctl: fix array_index_nospec in vt_setactivate
    - vt_ioctl: add array_index_nospec to VT_ACTIVATE
    - n_tty: wake up poll(POLLRDNORM) on receiving data
    - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
    - usb: dwc2: drd: fix soft connect when gadget is unconfigured
    - Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured"
    - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
    - usb: ulpi: Move of_node_put to ulpi_dev_release
    - usb: ulpi: Call of_node_put correctly
    - usb: dwc3: gadget: Prevent core from processing stale TRBs
    - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
    - USB: gadget: validate interface OS descriptor requests
    - usb: gadget: rndis: check size of RNDIS_MSG_SET command
    - usb: gadget: f_uac2: Define specific wTerminalType
    - usb: raw-gadget: fix handling of dual-direction-capable endpoints
    - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
    - USB: serial: option: add ZTE MF286D modem
    - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
    - USB: serial: cp210x: add NCR Retail IO box id
    - USB: serial: cp210x: add CPI Bulk Coin Recycler id
    - speakup-dectlk: Restore pitch setting
    - phy: ti: Fix missing sentinel for clk_div_table
    - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL
    - mm: memcg: synchronize objcg lists with a dedicated spinlock
    - seccomp: Invalidate seccomp mode to catch death failures
    - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
    - s390/cio: verify the driver availability for path_event call
    - bus: mhi: pci_generic: Add mru_default for Foxconn SDX55
    - bus: mhi: pci_generic: Add mru_default for Cinterion MV31-W
    - hwmon: (dell-smm) Speed up setting of fan speed
    - x86/sgx: Silence softlockup detection when releasing large enclaves
    - Makefile.extrawarn: Move -Wunaligned-access to W=1
    - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
    - scsi: lpfc: Reduce log messages seen after firmware download
    - MIPS: octeon: Fix missed PTR->PTR_WD conversion
    - arm64: dts: imx8mq: fix lcdif port node
    - perf: Fix list corruption in perf_cgroup_switch()
    - iommu: Fix potential use-after-free during probe
    - Linux 5.15.24

* Jammy update: v5.15.23 upstream stable release (LP: #1963888)
    - moxart: fix potential use-after-free on remove path
    - arm64: Add Cortex-A510 CPU part definition
    - ksmbd: fix SMB 3.11 posix extension mount failure
    - crypto: api - Move cryptomgr soft dependency into algapi
    - Linux 5.15.23

* [22.04 FEAT] KVM: Enable storage key checking for intercepted instruction
    handled by userspace (LP: #1933179)
    - KVM: s390: gaccess: Refactor gpa and length calculation
    - KVM: s390: gaccess: Refactor access address range check
    - KVM: s390: gaccess: Cleanup access to guest pages
    - s390/uaccess: introduce bit field for OAC specifier
    - s390/uaccess: fix compile error
    - s390/uaccess: Add copy_from/to_user_key functions
    - KVM: s390: Honor storage keys when accessing guest memory
    - KVM: s390: handle_tprot: Honor storage keys
    - KVM: s390: selftests: Test TEST PROTECTION emulation
    - KVM: s390: Add optional storage key checking to MEMOP IOCTL
    - KVM: s390: Add vm IOCTL for key checked guest absolute memory access
    - KVM: s390: Rename existing vcpu memop functions
    - KVM: s390: Add capability for storage key extension of MEM_OP IOCTL
    - KVM: s390: Update api documentation for memop ioctl
    - KVM: s390: Clarify key argument for MEM_OP in api docs
    - KVM: s390: Add missing vm MEM_OP size check

* CVE-2022-25636
    - netfilter: nf_tables_offload: incorrect flow offload action array size

* ubuntu_kernel_selftests / ftrace:ftracetest do_softirq failure on Jammy
    realtime (LP: #1959610)
    - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT

* CVE-2022-0435
    - tipc: improve size validations for received domain records

* CVE-2022-0516
    - KVM: s390: Return error on SIDA memop on normal guest

* EDAC update for AMD Genoa support in 22.04 (LP: #1960362)
    - EDAC: Add RDDR5 and LRDDR5 memory types
    - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh

* hwmon: k10temp updates for AMD Genoa in 22.04 (LP: #1960361)
    - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs
    - hwmon: (k10temp) Remove unused definitions
    - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors
    - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh

* [SRU][I/J/OEM-5.13/OEM-5.14] Add basic support of MT7922 (LP: #1958151)
    - mt76: mt7921: Add mt7922 support
    - mt76: mt7921: add support for PCIe ID 0x0608/0x0616
    - mt76: mt7921: introduce 160 MHz channel bandwidth support

* Use EC GPE for s2idle wakeup on AMD platforms (LP: #1960771)
    - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems"

* Update Broadcom Emulex FC HBA lpfc driver to 14.0.0.4 for Ubuntu 22.04
    (LP: #1956982)
    - scsi: lpfc: Change return code on I/Os received during link bounce
    - scsi: lpfc: Fix NPIV port deletion crash
    - scsi: lpfc: Adjust CMF total bytes and rxmonitor
    - scsi: lpfc: Cap CMF read bytes to MBPI
    - scsi: lpfc: Add additional debugfs support for CMF
    - scsi: lpfc: Update lpfc version to 14.0.0.4

* Forward-port drm/i915 commits from oem-5.14 for Alder Lake S & P
    (LP: #1960298)
    - drm/i915/dmc: Update to DMC v2.12
    - drm/i915/adlp/tc: Fix PHY connected check for Thunderbolt mode
    - drm/i915/tc: Remove waiting for PHY complete during releasing ownership
    - drm/i915/tc: Check for DP-alt, legacy sinks before taking PHY ownership
    - drm/i915/tc: Add/use helpers to retrieve TypeC port properties
    - drm/i915/tc: Don't keep legacy TypeC ports in connected state w/o a sink
    - drm/i915/tc: Add a mode for the TypeC PHY's disconnected state
    - drm/i915/tc: Refactor TC-cold block/unblock helpers
    - drm/i915/tc: Avoid using legacy AUX PW in TBT mode
    - drm/i915/icl/tc: Remove the ICL special casing during TC-cold blocking
    - drm/i915/tc: Fix TypeC PHY connect/disconnect logic on ADL-P
    - drm/i915/tc: Drop extra TC cold blocking from intel_tc_port_connected()
    - drm/i915/tc: Fix system hang on ADL-P during TypeC PHY disconnect
    - drm/i915/display/adlp: Disable underrun recovery
    - drm/i915/adl_s: Remove require_force_probe protection
    - drm/i915/adlp: Remove require_force_probe protection

* INVALID or PRIVATE BUG (LP: #1959735)
    - KVM: s390: Simplify SIGP Set Arch handling
    - KVM: s390: Add a routine for setting userspace CPU state

* Include the QCA WCN 6856 v2.1 support (LP: #1954938)
    - SAUCE: ath11k: shrink TCSR read mask for WCN6855 hw2.1

* Jammy update: v5.15.22 upstream stable release (LP: #1960516)
    - drm/i915: Disable DSB usage for now
    - selinux: fix double free of cond_list on error paths
    - audit: improve audit queue handling when "audit=1" on cmdline
    - ipc/sem: do not sleep with a spin lock held
    - spi: stm32-qspi: Update spi registering
    - ASoC: hdmi-codec: Fix OOB memory accesses
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
    - ALSA: usb-audio: Correct quirk for VF0770
    - ALSA: hda: Fix UAF of leds class devs at unbinding
    - ALSA: hda: realtek: Fix race at concurrent COEF updates
    - ALSA: hda/realtek: Add quirk for ASUS GU603
    - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
      quirks
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
      chipset)
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
      reboot from Windows
    - btrfs: don't start transaction for scrub if the fs is mounted read-only
    - btrfs: fix deadlock between quota disable and qgroup rescan worker
    - btrfs: fix use-after-free after failure to create a snapshot
    - Revert "fs/9p: search open fids first"
    - drm/nouveau: fix off by one in BIOS boundary checking
    - drm/i915/adlp: Fix TypeC PHY-ready status readout
    - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby
    - drm/amd/display: watermark latencies is not enough on DCN31
    - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina
      panels
    - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
    - mm/debug_vm_pgtable: remove pte entry from the page table
    - mm/pgtable: define pte_index so that preprocessor could recognize it
    - mm/kmemleak: avoid scanning potential huge holes
    - block: bio-integrity: Advance seed correctly for larger interval sizes
    - dma-buf: heaps: Fix potential spectre v1 gadget
    - IB/hfi1: Fix AIP early init panic
    - Revert "fbcon: Disable accelerated scrolling"
    - fbcon: Add option to enable legacy hardware acceleration
    - mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()
    - Revert "ASoC: mediatek: Check for error clk pointer"
    - KVM: arm64: Avoid consuming a stale esr value when SError occur
    - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError occurs
    - RDMA/cma: Use correct address when leaving multicast group
    - RDMA/ucma: Protect mc during concurrent multicast leaves
    - RDMA/siw: Fix refcounting leak in siw_create_qp()
    - IB/rdmavt: Validate remote_addr during loopback atomic tests
    - RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
    - RDMA/mlx4: Don't continue event handler after memory allocation failure
    - ALSA: usb-audio: initialize variables that could ignore errors
    - ALSA: hda: Fix signedness of sscanf() arguments
    - ALSA: hda: Skip codec shutdown in case the codec is not registered
    - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
    - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
    - spi: bcm-qspi: check for valid cs before applying chip select
    - spi: mediatek: Avoid NULL pointer crash in interrupt
    - spi: meson-spicc: add IRQ check in meson_spicc_probe
    - spi: uniphier: fix reference count leak in uniphier_spi_probe()
    - IB/hfi1: Fix tstats alloc and dealloc
    - IB/cm: Release previously acquired reference counter in the cm_id_priv
    - net: ieee802154: hwsim: Ensure proper channel selection at probe time
    - net: ieee802154: mcr20a: Fix lifs/sifs periods
    - net: ieee802154: ca8210: Stop leaking skb's
    - netfilter: nft_reject_bridge: Fix for missing reply from prerouting
    - net: ieee802154: Return meaningful error codes from the netlink helpers
    - net/smc: Forward wakeup to smc socket waitqueue after fallback
    - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
      speed request.
    - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
    - net: macsec: Fix offload support for NETDEV_UNREGISTER event
    - net: macsec: Verify that send_sci is on when setting Tx sci explicitly
    - net: stmmac: dump gmac4 DMA registers correctly
    - net: stmmac: ensure PTP time register reads are consistent
    - drm/kmb: Fix for build errors with Warray-bounds
    - drm/i915/overlay: Prevent divide by zero bugs in scaling
    - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled
    - ASoC: fsl: Add missing error handling in pcm030_fabric_probe
    - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
    - ASoC: simple-card: fix probe failure on platform component
    - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
    - ASoC: max9759: fix underflow in speaker_gain_control_put()
    - ASoC: codecs: wcd938x: fix incorrect used of portid
    - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets
    - ASoC: codecs: wcd938x: fix return value of mixer put function
    - pinctrl: sunxi: Fix H616 I2S3 pin data
    - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line
    - pinctrl: intel: fix unexpected interrupt
    - pinctrl: bcm2835: Fix a few error paths
    - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
    - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
    - gve: fix the wrong AdminQ buffer queue index check
    - bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
    - selftests/exec: Remove pipe from TEST_GEN_FILES
    - selftests: futex: Use variable MAKE instead of make
    - tools/resolve_btfids: Do not print any commands when building silently
    - e1000e: Separate ADP board type from TGP
    - rtc: cmos: Evaluate century appropriate
    - kvm: add guest_state_{enter,exit}_irqoff()
    - kvm/arm64: rework guest entry logic
    - perf: Copy perf_event_attr::sig_data on modification
    - perf stat: Fix display of grouped aliased events
    - perf/x86/intel/pt: Fix crash with stop filters in single-range mode
    - x86/perf: Default set FREEZE_ON_SMI for all
    - EDAC/altera: Fix deferred probing
    - EDAC/xgene: Fix deferred probing
    - ext4: prevent used blocks from being allocated during fast commit replay
    - ext4: modify the logic of ext4_mb_new_blocks_simple
    - ext4: fix error handling in ext4_restore_inline_data()
    - ext4: fix error handling in ext4_fc_record_modified_inode()
    - ext4: fix incorrect type issue during replay_del_range
    - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
    - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
    - tools include UAPI: Sync sound/asound.h copy with the kernel sources
    - gpio: idt3243x: Fix an ignored error return from platform_get_irq()
    - gpio: mpc8xxx: Fix an ignored error return from platform_get_irq()
    - selftests: nft_concat_range: add test for reload with no element add/del
    - selftests: netfilter: check stateless nat udp checksum fixup
    - Linux 5.15.22
    - [Config] disable FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION

* Jammy update: v5.15.21 upstream stable release (LP: #1960515)
    - Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
    - Revert "drm/vc4: hdmi: Make sure the device is powered with CEC" again
    - Linux 5.15.21

* Jammy update: v5.15.20 upstream stable release (LP: #1960509)
    - Revert "UBUNTU: SAUCE: Revert "e1000e: Add handshake with the CSME to
      support S0ix""
    - Revert "UBUNTU: SAUCE: Revert "e1000e: Add polling mechanism to indicate
      CSME DPG exit""
    - Revert "UBUNTU: SAUCE: Revert "e1000e: Additional PHY power saving in S0ix""
    - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
    - selftests: mptcp: fix ipv6 routing setup
    - net: ipa: use a bitmap for endpoint replenish_enabled
    - net: ipa: prevent concurrent replenish
    - drm/vc4: hdmi: Make sure the device is powered with CEC
    - cgroup-v1: Require capabilities to set release_agent
    - Revert "mm/gup: small refactoring: simplify try_grab_page()"
    - ovl: don't fail copy up if no fileattr support on upper
    - lockd: fix server crash on reboot of client holding lock
    - lockd: fix failure to cleanup client locks
    - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic
    - net/mlx5: Bridge, take rtnl lock in init error handler
    - net/mlx5: Bridge, ensure dev_name is null-terminated
    - net/mlx5e: Fix handling of wrong devices during bond netevent
    - net/mlx5: Use del_timer_sync in fw reset flow of halting poll
    - net/mlx5e: Fix module EEPROM query
    - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
    - net/mlx5e: Don't treat small ceil values as unlimited in HTB offload
    - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion
    - net/mlx5: E-Switch, Fix uninitialized variable modact
    - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
    - i40e: Fix reset bw limit when DCB enabled with 1 TC
    - i40e: Fix reset path while removing the driver
    - net: amd-xgbe: ensure to reset the tx_timer_active flag
    - net: amd-xgbe: Fix skb data length underflow
    - fanotify: Fix stale file descriptor in copy_event_to_user()
    - net: sched: fix use-after-free in tc_new_tfilter()
    - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
    - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
    - e1000e: Handshake with CSME starts from ADL platforms
    - af_packet: fix data-race in packet_setsockopt / packet_setsockopt
    - tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
    - ovl: fix NULL pointer dereference in copy up warning
    - Linux 5.15.20

* Miscellaneous Ubuntu changes
    - [Packaging] use default zstd compression
    - [Packaging] do not use compression for image packages
    - [Packaging] use xz compression for ddebs
    - [Config] upgrade debug symbols from DWARF4 to DWARF5
    - SAUCE: Makefile: Remove inclusion of lbm header files
    - SAUCE: Makefile: Fix compiler warnings
    - SAUCE: AUFS
    - SAUCE: aufs: switch to 64-bit ino_t for s390x
    - [Config] set AUFS as disabled
    - SAUCE: mt76: mt7921e: fix possible probe failure after reboot
    - Remove ubuntu/hio driver
    - SAUCE: ima_policy: fix test for empty rule set
    - SAUCE: sfc: The size of the RX recycle ring should be more flexible
    - [Config] MITIGATE_SPECTRE_BRANCH_HISTORY=y && HARDEN_BRANCH_HISTORY=y

* Miscellaneous upstream changes
    - kbuild: Unify options for BTF generation for vmlinux and modules
    - MAINTAINERS: Add scripts/pahole-flags.sh to BPF section
    - kbuild: Add CONFIG_PAHOLE_VERSION
    - scripts/pahole-flags.sh: Use pahole-version.sh
    - lib/Kconfig.debug: Use CONFIG_PAHOLE_VERSION
    - lib/Kconfig.debug: Allow BTF + DWARF5 with pahole 1.21+
    - x86/sched: Decrease further the priorities of SMT siblings
    - sched/topology: Introduce sched_group::flags
    - sched/fair: Optimize checking for group_asym_packing
    - sched/fair: Provide update_sg_lb_stats() with sched domain statistics
    - sched/fair: Carve out logic to mark a group for asymmetric packing
    - sched/fair: Consider SMT in ASYM_PACKING load balance
    - Revert "UBUNTU: [Config] x86-64: SYSFB_SIMPLEFB=y"

-- Paolo Pisati <paolo.pisati@canonical.com>  Fri, 11 Mar 2022 11:24:13 +0100

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Frank Heimes (fheimes) on 2022-03-18

Changed in ubuntu-z-systems:
status:	In Progress → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-05-28:

#12

This bug is awaiting verification that the linux-oracle-5.15/5.15.0-1006.8~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-05-28:

#13

This bug is already Fix Released and closed and was requested for jammy only.
So it wasn't requested for focal, hence updating the tags to 'verification-done-focal' to unblock any processes.

tags:

added: verification-done-focal
removed: verification-needed-focal

Ubuntu
linux package

[22.04 FEAT] KVM: Improve SIGP architectural compliance

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
	linux (Ubuntu)	Fix Released	High	Canonical Kernel Team

Ubuntulinux package

[22.04 FEAT] KVM: Improve SIGP architectural compliance

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package