Mantic update: upstream stable patchset 2024-03-27

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2024-03-27

                Ported from the following upstream stable releases:
                        v6.1.77, v6.6.16

       from git://git.kernel.org/

asm-generic: make sparse happy with odd-sized put_unaligned_*()
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
arm64: irq: set the correct node for VMAP stack
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
ACPI: NUMA: Fix the logic of getting the fake_pxm value
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: octeontx2 - Fix cptvf driver cleanup
erofs: fix ztailpacking for subpage compressed blocks
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
arch: consolidate arch_irq_work_raise prototypes
s390/vfio-ap: fix sysfs status attribute for AP queue devices
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
selftests/bpf: Fix issues in setup_classid_environment()
soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
soc: xilinx: fix unhandled SGI warning message
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
net: usb: ax88179_178a: avoid two consecutive device resets
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
net: phy: at803x: fix passing the wrong reference for config_intr
ionic: pass opcode to devcmd_wait
ionic: bypass firmware cmds when stuck in reset
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM
ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
net: atlantic: eliminate double free in error handling logic
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
ice: fix pre-shifted bit usage
arm64: dts: amlogic: fix format for s4 uart node
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: hci_sync: fix BR/EDR wakeup bug
Bluetooth: L2CAP: Fix possible multiple reject send
net/smc: disable SEID on non-s390 archs where virtual ISM may be used
bridge: cfm: fix enum typo in br_cc_ccm_tx_parse
i40e: Fix VF disable behavior to block all traffic
octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry
net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/panel-edp: Add override_edid_mode quirk for generic edp
drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
media: rkisp1: Fix IRQ handler return values
media: rkisp1: Store IRQ lines
media: rkisp1: Fix IRQ disable race issue
f2fs: fix to tag gcing flag on page during block migration
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: amphion: remove mutext lock in condition of wait_event
media: ddbridge: fix an error code problem in ddb_probe
media: i2c: imx335: Fix hblank min/max values
drm/amd/display: For prefetch mode > 0, extend prefetch if possible
drm/msm/dpu: Ratelimit framedone timeout msgs
drm/msm/dpu: fix writeback programming for YUV cases
drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
drm/amd/display: make flip_timestamp_in_us a 64-bit variable
clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks
drm/amdgpu: Fix ecc irq enable/disable unpaired
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()'
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()'
ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
um: time-travel: fix time corruption
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
UBUNTU: [Config] updateconfigs for MFD_TI_AM335X_TSCADC
mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
usb: hub: Replace hardcoded quirk value with BIT() macro
usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub
selftests/sgx: Fix linker script asserts
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
spmi: mediatek: Fix UAF on device remove
PCI: Fix 64GT/s effective data rate calculation
PCI/AER: Decode Requester ID when no error info found
9p: Fix initialisation of netfs_inode for 9p
misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback
libsubcmd: Fix memory leak in uniq()
drm/amdkfd: Fix lock dependency warning
drm/amdkfd: Fix lock dependency warning with srcu
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: reinitialize mds feature bit even when session in open
ceph: fix deadlock or deadcode of misusing dget()
ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
HID: hidraw: fix a problem of memory leak in hidraw_release()
selftests: net: give more time for GRO aggregation
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
ipmr: fix kernel panic when forwarding mcast packets
net: lan966x: Fix port configuration when using SGMII interface
tcp: add sanity checks to rx zerocopy
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
net: dsa: qca8k: fix illegal usage of GPIO
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
bridge: mcast: fix disabled snooping after long uptime
selftests: net: add missing config for GENEVE
netfilter: conntrack: correct window scaling with retransmitted SYN
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
UBUNTU: SAUCE: apparmor: update unix_state_double_lock implementation
selftests: net: fix available tunnels detection
net: sysfs: Fix /sys/class/net/<iface> path
selftests: team: Add missing config options
selftests: bonding: Check initial state
arm64: irq: set the correct node for shadow call stack
mm, kmsan: fix infinite recursion due to RCU critical section
Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
drm/msm/dsi: Enable runtime PM
LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init()
gve: Fix use-after-free vulnerability
bonding: remove print in bond_verify_device_path
ASoC: codecs: lpass-wsa-macro: fix compander volume hack
ASoC: codecs: wsa883x: fix PA volume control
drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
Documentation/sphinx: fix Python string escapes
kunit: tool: fix parsing of test attributes
thermal: core: Fix thermal zone suspend-resume synchronization
hwrng: starfive - Fix dev_err_probe return error
crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings
erofs: fix up compacted indexes for block size < 4096
crypto: starfive - Fix dev_err_probe return error
s390/boot: always align vmalloc area on segment boundary
ext4: treat end of range as exclusive in ext4_zero_range()
wifi: rtw89: fix timeout calculation in rtw89_roc_end()
ARM: dts: qcom: strip prefix from PMIC files
ARM: dts: qcom: mdm9615: fix PMIC node labels
ARM: dts: qcom: msm8660: fix PMIC node labels
ARM: dts: samsung: exynos4: fix camera unit addresses/ranges
ARM: dts: samsung: s5pv210: fix camera unit addresses/ranges
net: phy: micrel: fix ts_info value in case of no phc
bpf: Prevent inlining of bpf_fentry_test7()
bpf: Fix a few selftest failures due to llvm18 change
wifi: rtw89: fix misbehavior of TX beacon in concurrent mode
bpf: Set need_defer as false when clearing fd array during map free
wifi: ath12k: fix and enable AP mode for WCN7850
minmax: add umin(a, b) and umax(a, b)
minmax: allow min()/max()/clamp() if the arguments have the same signedness.
minmax: allow comparisons of 'int' against 'unsigned char/short'
minmax: relax check to allow comparison between unsigned arguments and signed constants
net: mvmdio: Avoid excessive sleeps in polled mode
arm64: dts: qcom: sm8550: fix soundwire controllers node name
arm64: dts: qcom: sm8450: fix soundwire controllers node name
arm64: dts: qcom: sm8350: Fix remoteproc interrupt type
wifi: mt76: connac: fix EHT phy mode check
wifi: mt76: mt7996: add PCI IDs for mt7992
wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850
arm64: zynqmp: Move fixed clock to / for kv260
arm64: zynqmp: Fix clock node name in kv260 cards
selftests/bpf: fix compiler warnings in RELEASE=1 mode
scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC
scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes
arm64: dts: qcom: Fix coresight warnings in in-ports and out-ports
wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members
Bluetooth: ISO: Avoid creating child socket if PA sync is terminating
arm64: dts: sprd: Add clock reference for pll2 on UMS512
arm64: dts: sprd: Change UMS512 idle-state nodename to match bindings
net: kcm: fix direct access to bv_len
reiserfs: Avoid touching renamed directory if parent does not change
drm/amd/display: Fix MST PBN/X.Y value calculations
drm/drm_file: fix use of uninitialized variable
drm/msm/dp: Add DisplayPort controller for SM8650
media: uvcvideo: Fix power line control for a Chicony camera
media: uvcvideo: Fix power line control for SunplusIT camera
media: rkisp1: resizer: Stop manual allocation of v4l2_subdev_state
hwmon: (hp-wmi-sensors) Fix failure to load on EliteDesk 800 G6
drm/amd/display: Force p-state disallow if leaving no plane config
drm/amdkfd: fix mes set shader debugger process management
drm/msm/dpu: enable writeback on SM8350
drm/msm/dpu: enable writeback on SM8450
watchdog: starfive: add lock annotations to fix context imbalances
accel/habanalabs: add support for Gaudi2C device
drm/amd/display: Only clear symclk otg flag for HDMI
drm/amd/display: Fix minor issues in BW Allocation Phase2
drm/amdgpu: apply the RV2 system aperture fix to RN/CZN as well
pinctrl: baytrail: Fix types of config value in byt_pin_config_set()
riscv: Make XIP bootable again
extcon: fix possible name leak in extcon_dev_register()
usb: xhci-plat: fix usb disconnect issue after s4
i2c: rk3x: Adjust mask/value offset for i2c2 on rv1126
drm/amdkfd: only flush mes process context if mes support is there
riscv: Fix build error on rv32 + XIP
selftests: net: remove dependency on ebpf tests
selftests: net: explicitly wait for listener ready
gve: Fix skb truesize underestimation
net: phy: phy_device: Call into the PHY driver to set LED offload
net: phy: mediatek-ge-soc: support PHY LEDs
net: phy: mediatek-ge-soc: sync driver with MediaTek SDK
selftests: net: add missing config for big tcp tests
selftests: net: add missing required classifier
net: dsa: mt7530: fix 10M/100M speed on MT7988 switch
e1000e: correct maximum frequency adjustment values
selftests: net: Add missing matchall classifier
devlink: Fix referring to hw_addr attribute during state validation
pds_core: Cancel AQ work on teardown
pds_core: Use struct pdsc for the pdsc_adminq_isr private data
pds_core: implement pci reset handlers
pds_core: Prevent race issues involving the adminq
pds_core: Clear BARs on reset
pds_core: Rework teardown/setup flow to be more common
selftests: net: add missing config for nftables-backed iptables
selftests: net: add missing config for pmtu.sh tests
selftests: net: don't access /dev/stdout in pmtu.sh
octeontx2-pf: Remove xdp queues on program detach
selftests: net: add missing config for NF_TARGET_TTL
selftests: net: enable some more knobs
selftests/bpf: Remove flaky test_btf_id test
ASoC: qcom: sc8280xp: limit speaker volumes
ASoC: codecs: wcd938x: fix headphones volume controls
pds_core: Prevent health thread from running during reset/remove
UBUNTU: Upstream stable to v6.1.77, v6.6.16