Bug #2074215 “[SRU] UBSAN warnings in bnx2x kernel driver” : Bugs : linux package : Ubuntu

Ghadi Rahme (ghadi-rahme) on 2024-07-26

Changed in linux (Ubuntu):
importance:	Undecided → High
assignee:	nobody → Ghadi Rahme (ghadi-rahme)

Ghadi Rahme (ghadi-rahme) on 2024-07-26

description:

updated

Ghadi Rahme (ghadi-rahme) on 2024-07-26

description:

updated

AaronMa (mapengyu) on 2024-07-29

summary:

- UBSAN warnings in bnx2x kernel driver
+ [SRU] UBSAN warnings in bnx2x kernel driver

Stefan Bader (smb) on 2024-07-31

Changed in linux (Ubuntu Oracular):
status:	New → Triaged
Changed in linux (Ubuntu Noble):
status:	New → Triaged
Changed in linux (Ubuntu Jammy):
status:	New → Triaged
Changed in linux (Ubuntu Focal):
status:	New → Triaged
Changed in linux (Ubuntu Noble):
importance:	Undecided → High
Changed in linux (Ubuntu Jammy):
importance:	Undecided → High
Changed in linux (Ubuntu Focal):
importance:	Undecided → High

Stefan Bader (smb) on 2024-07-31

Changed in linux (Ubuntu Focal):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Jammy):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Oracular):
status:	Triaged → Fix Released
Changed in linux (Ubuntu Noble):
status:	Triaged → Fix Committed

Ghadi Rahme (ghadi-rahme) on 2024-07-31

Changed in linux (Ubuntu Focal):
assignee:	nobody → Ghadi Rahme (ghadi-rahme)
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Ghadi Rahme (ghadi-rahme)
Changed in linux (Ubuntu Noble):
assignee:	nobody → Ghadi Rahme (ghadi-rahme)

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-08-09:

#1

This bug is awaiting verification that the linux/5.15.0-120.130 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-08-09:

#2

This bug is awaiting verification that the linux/5.4.0-195.215 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux' to 'verification-done-focal-linux'. If the problem still exists, change the tag 'verification-needed-focal-linux' to 'verification-failed-focal-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux

Revision history for this message

Ghadi Rahme (ghadi-rahme) wrote on 2024-08-09:

#3

Download full text (5.7 KiB)

verification for focal:
$ nproc: 24

Current machine settings before using -proposed:

1. $uname -r: 5.4.0-192-generic

2. sudo dmesg | grep bnx2x :

[ 5.636662] bnx2x: QLogic 5771x/578xx 10/20-Gigabit Ethernet Driver bnx2x 1.713.36-0 (2014/02/10)
[ 5.735751] bnx2x 0000:04:00.0: msix capability found
[ 5.750740] bnx2x 0000:04:00.0: part number 0-0-0-0
[ 6.135089] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 6.160661] bnx2x 0000:04:00.1: msix capability found
[ 6.199296] bnx2x 0000:04:00.1: part number 0-0-0-0
[ 6.872498] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 7.002297] bnx2x 0000:04:00.1 eno50: renamed from eth0
[ 7.045651] bnx2x 0000:04:00.0 eno49: renamed from eth3

3. We can see that there are two interfaces on this machine utilizing the bnx2x driver. As noted in the description increasing the num_queue variable value will not result in any UBSAN warnings since 5.4 has them disabled:
$ sudo modprobe -r bnx2x # remove the driver
$ sudo modprobe bnx2x num_queues=20 # reload the driver while exceeding the 15 queue size limit
$ sudo dmesg | grep bnx2x
...<cut output>...
[ 1916.385403] bnx2x: QLogic 5771x/578xx 10/20-Gigabit Ethernet Driver bnx2x 1.713.36-0 (2014/02/10)
[ 1916.385657] bnx2x 0000:04:00.0: msix capability found
[ 1916.405826] bnx2x 0000:04:00.0: part number 0-0-0-0
[ 1916.571785] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 1916.571889] bnx2x 0000:04:00.1: msix capability found
[ 1916.576504] bnx2x 0000:04:00.0 eno49: renamed from eth0
[ 1916.589777] bnx2x 0000:04:00.1: part number 0-0-0-0
[ 1917.291516] bnx2x 0000:04:00.0 eno49: using MSI-X IRQs: sp 67 fp[0] 69 ... fp[19] 118
[ 1918.062391] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 1918.064708] bnx2x 0000:04:00.1 eno50: renamed from eth0
[ 1918.711960] bnx2x 0000:04:00.1 eno50: using MSI-X IRQs: sp 119 fp[0] 121 ... fp[19] 140
[ 1925.737490] bnx2x 0000:04:00.0 eno49: NIC Link is Up, 10000 Mbps full duplex, Flow control: none
[ 1926.017458] bnx2x 0000:04:00.1 eno50: NIC Link is Up, 10000 Mbps full duplex, Flow control: none

$ sudo dmesg | grep UBSAN
<no result>
4. We know that the machine is accessing data out of bounds but the kernel is not reporting it. Let's upgrade to -proposed and see if the machine remains stable.

After upgrading to -proposed:

1. $uname -r: 5.4.0-195-generic

2. sudo dmesg | grep bnx2x :

[ 5.506585] bnx2x: QLogic 5771x/578xx 10/20-Gigabit Ethernet Driver bnx2x 1.713.36-0 (2014/02/10)
[ 5.558991] bnx2x 0000:04:00.0: msix capability found
[ 5.574191] bnx2x 0000:04:00.0: part number 0-0-0-0
[ 5.987916] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 6.009746] bnx2x 0000:04:00.1: msix capability found
[ 6.056350] bnx2x 0000:04:00.1: part number 0-0-0-0
[ 6.751651] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[ 6.885873] bnx2x 0000:04:00.0 eno49: renamed from eth2
[ 6.929575] bnx2x 0000:04:00.1 eno50: renamed from eth0
[ 19.510740] bnx2x 0000:04:00.1 eno50: using MSI-X ...

verification Jammy:
nproc: 24

Before using -proposed:
1. $ uname -r: 5.15.0-118-generic
2. $ sudo dmesg | grep bnx2x: 
 
[    2.656536] bnx2x 0000:04:00.0: msix capability found
[    2.669166] bnx2x 0000:04:00.0: part number 0-0-0-0
[    3.133782] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[    3.201230] bnx2x 0000:04:00.1: msix capability found
[    3.201815] bnx2x 0000:04:00.1: part number 0-0-0-0
[    3.402127] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[    3.407664] bnx2x 0000:04:00.0 eno49: renamed from eth0
[    3.492325] bnx2x 0000:04:00.1 eno50: renamed from eth1
[   56.145698] bnx2x 0000:04:00.1 eno50: using MSI-X  IRQs: sp 78  fp[0] 80 ... fp[7] 87
[   57.381769] bnx2x 0000:04:00.0 eno49: using MSI-X  IRQs: sp 68  fp[0] 70 ... fp[7] 77
[   64.772106] bnx2x 0000:04:00.0 eno49: NIC Link is Up, 10000 Mbps full duplex, Flow control: none
[   65.732116] bnx2x 0000:04:00.1 eno50: NIC Link is Up, 10000 Mbps full duplex, Flow control: none

3. We can see that there are two interfaces on this machine utilizing the bnx2x driver. As noted in the description increasing the num_queue variable value will not result in any UBSAN warnings since 5.15 has them disabled:

$ sudo modprobe -r bnx2x
$ sudo modprobe bnx2x num_queues=20
$ sduo dmesg | grep bnx2x
...<cut output>...
[  621.562054] bnx2x 0000:04:00.0: msix capability found
[  621.581949] bnx2x 0000:04:00.0: part number 0-0-0-0
[  621.754136] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[  621.754254] bnx2x 0000:04:00.1: msix capability found
[  621.758926] bnx2x 0000:04:00.0 eno49: renamed from eth0
[  621.773993] bnx2x 0000:04:00.1: part number 0-0-0-0
[  622.513115] bnx2x 0000:04:00.0 eno49: using MSI-X  IRQs: sp 68  fp[0] 70 ... fp[19] 119
[  623.282738] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[  623.284540] bnx2x 0000:04:00.1 eno50: renamed from eth0

$ sudo dmesg | grep UBSAN
<no result>

4. We know that the machine is accessing data out of bounds but the kernel is not reporting it. Let's upgrade to -proposed and see if the machine remains stable.

After upgrading to -proposed:

1. $ uname -r: 5.15.0-120-generic

2. sudo dmesg | grep bnx2x

[    4.303867] bnx2x 0000:04:00.0: msix capability found
[    4.317050] bnx2x 0000:04:00.0: part number 0-0-0-0
[    4.883254] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[    4.951123] bnx2x 0000:04:00.1: msix capability found
[    4.951779] bnx2x 0000:04:00.1: part number 0-0-0-0
[    5.200782] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[    5.206714] bnx2x 0000:04:00.0 eno49: renamed from eth0
[    5.293926] bnx2x 0000:04:00.1 eno50: renamed from eth1
[   19.194753] bnx2x 0000:04:00.1 eno50: using MSI-X  IRQs: sp 78  fp[0] 80 ... fp[7] 87
[   20.430462] bnx2x 0000:04:00.0 eno49: using MSI-X  IRQs: sp 68  fp[0] 70 ... fp[7] 77
[   27.457468] bnx2x 0000:04:00.1 eno50: NIC Link is Up, 10000 Mbps full duplex, Flow control: none
[   27.637478] bnx2x 0000:04:00.0 eno49: NIC Link is Up, 10000 Mbps full duplex, Flow control: none

3. $ sudo modprobe -r bnx2x
4. $ sudo modrpobe bnx2x num_queues=20
...<cut output>...
[  414.537575] bnx2x 0000:04:00.0: msix capability found
[  414.556346] bnx2x 0000:04:00.0: part number 0-0-0-0
[  414.722808] bnx2x 0000:04:00.0: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[  414.722901] bnx2x 0000:04:00.1: msix capability found
[  414.725755] bnx2x 0000:04:00.0 eno49: renamed from eth0
[  414.740419] bnx2x 0000:04:00.1: part number 0-0-0-0
[  415.452007] bnx2x 0000:04:00.0 eno49: using MSI-X  IRQs: sp 68  fp[0] 70 ... fp[19] 119
[  416.220670] bnx2x 0000:04:00.1: 32.000 Gb/s available PCIe bandwidth (5.0 GT/s PCIe x8 link)
[  416.223125] bnx2x 0000:04:00.1 eno50: renamed from eth0
[  422.644115] bnx2x 0000:04:00.0 eno49: NIC Link is Up, 10000 Mbps full duplex, Flow control: none

5. We can see that the network driver still loads correctly even after the patch is applied.

6. Running iperf3 -s on the server with my machine as the client we can see that the driver is also working as expected (The low upload speed in this test is unrelated to the driver and is due to limitations with my connection to the server):

[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   268 KBytes  2.19 Mbits/sec                  
[  5]   1.00-2.00   sec   589 KBytes  4.83 Mbits/sec                  
[  5]   2.00-3.00   sec   849 KBytes  6.95 Mbits/sec                  
[  5]   3.00-4.00   sec   490 KBytes  4.01 Mbits/sec                  
[  5]   4.00-5.00   sec   609 KBytes  4.99 Mbits/sec                  
[  5]   5.00-6.00   sec   648 KBytes  5.31 Mbits/sec                  
[  5]   6.00-7.00   sec   648 KBytes  5.31 Mbits/sec                  
[  5]   7.00-8.00   sec   692 KBytes  5.67 Mbits/sec                  
[  5]   8.00-9.00   sec   631 KBytes  5.17 Mbits/sec                  
[  5]   9.00-10.00  sec   653 KBytes  5.35 Mbits/sec                  
[  5]  10.00-10.13  sec   105 KBytes  6.78 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.13  sec  6.04 MBytes  5.00 Mbits/sec                  receiver

tags:

added: verification-done-jammy-linux
removed: verification-needed-jammy-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-08-26:

#5

This bug is awaiting verification that the linux-nvidia-tegra/5.15.0-1028.28 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-done-jammy-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-failed-jammy-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-tegra-v2 verification-needed-jammy-linux-nvidia-tegra

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-08-27:

#6

This bug is awaiting verification that the linux-nvidia-tegra-igx/5.15.0-1016.16 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-done-jammy-linux-nvidia-tegra-igx'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-failed-jammy-linux-nvidia-tegra-igx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 verification-needed-jammy-linux-nvidia-tegra-igx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-09-04:

#7

This bug is awaiting verification that the linux-hwe-6.8/6.8.0-44.44~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-done-jammy-linux-hwe-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-failed-jammy-linux-hwe-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-hwe-6.8-v2 verification-needed-jammy-linux-hwe-6.8

Revision history for this message

Ghadi Rahme (ghadi-rahme) wrote on 2024-09-06 (last edit on 2024-09-06):

#8

After internal discussions it was decided to set the status of jammy-HWE to verification done due to the inability to access the hardware

tags:

added: verification-done-jammy-linux-hwe-6.8
removed: verification-needed-jammy-linux-hwe-6.8

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-09-10:

#9

Download full text (17.6 KiB)

This bug was fixed in the package linux - 5.4.0-195.215

---------------
linux (5.4.0-195.215) focal; urgency=medium

* focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954)

  * Focal update: v5.4.280 upstream stable release (LP: #2075175)
    - Compiler Attributes: Add __uninitialized macro
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tcp: tcp_mark_head_lost is only valid for sack-tcp
    - tcp: add ece_ack flag to reno sack functions
    - net: tcp better handling of reordering then loss cases
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - wifi: wilc1000: fix ies_len type in connect path
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - media: dw2102: fix a potential buffer overflow
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - nvme-multipath: find NUMA path only for online numa-node
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - filelock: fix potential use-after-free in posix_lock_inode
    - fs/dcache: Re-use value stored to dentry->d_f...

This bug was fixed in the package linux - 5.4.0-195.215

---------------
linux (5.4.0-195.215) focal; urgency=medium

* focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954)

* Focal update: v5.4.280 upstream stable release (LP: #2075175)
    - Compiler Attributes: Add __uninitialized macro
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tcp: tcp_mark_head_lost is only valid for sack-tcp
    - tcp: add ece_ack flag to reno sack functions
    - net: tcp better handling of reordering then loss cases
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - wifi: wilc1000: fix ies_len type in connect path
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - media: dw2102: fix a potential buffer overflow
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - nvme-multipath: find NUMA path only for online numa-node
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - filelock: fix potential use-after-free in posix_lock_inode
    - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
    - vfs: don't mod negative dentry count when on shrinker list
    - tcp: add TCP_INFO status for failed client TFO
    - tcp: fix incorrect undo caused by DSACK of TLP retransmit
    - octeontx2-af: Fix incorrect value output on error path in
      rvu_check_rsrc_availability()
    - net: lantiq_etop: add blank line after declaration
    - net: ethernet: lantiq_etop: fix double free in detach
    - ppp: reject claimed-as-LCP but actually malformed packets
    - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
    - s390: Mark psw in __load_psw_mask() as __unitialized
    - ARM: davinci: Convert comma to semicolon
    - octeontx2-af: fix detection of IP layer
    - USB: serial: option: add Telit generic core-dump composition
    - USB: serial: option: add Telit FN912 rmnet compositions
    - USB: serial: option: add Fibocom FM350-GL
    - USB: serial: option: add support for Foxconn T99W651
    - USB: serial: option: add Netprisma LCUK54 series modules
    - USB: serial: option: add Rolling RW350-GL variants
    - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
    - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
    - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
      descriptor
    - hpet: Support 32-bit userspace
    - nvmem: meson-efuse: Fix return value of nvmem callbacks
    - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
    - libceph: fix race between delayed_work() and ceph_monc_stop()
    - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
    - tcp: refactor tcp_retransmit_timer()
    - net: tcp: fix unexcepted socket die when snd_wnd is 0
    - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
    - tcp: avoid too many retransmit packets
    - nilfs2: fix kernel bug on rename operation of broken directory
    - i2c: rcar: bring hardware to known state when probing
    - Linux 5.4.280

* [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Focal update:
    v5.4.280 upstream stable release (LP: #2075175)
    - bnx2x: Fix multiple UBSAN array-index-out-of-bounds

* Focal update: v5.4.279 upstream stable release (LP: #2073621)
    - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
    - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
    - wifi: cfg80211: pmsr: use correct nla_get_uX functions
    - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
    - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
    - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
    - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
    - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
    - vxlan: Fix regression when dropping packets due to invalid src addresses
    - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
    - net/mlx5: Stop waiting for PCI if pci channel is offline
    - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
    - ptp: Fix error message on failed pin verification
    - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
    - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
      poll().
    - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
    - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
    - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
    - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
    - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
    - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
    - ipv6: fix possible race in __fib6_drop_pcpu_from()
    - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
    - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret
    - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params
    - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional
    - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing
    - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling
    - ASoC: ti: davinci-mcasp: Handle missing required DT properties
    - ASoC: ti: davinci-mcasp: Fix race condition during probe
    - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
    - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
    - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
    - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
    - selftests/mm: conform test to TAP format output
    - selftests/mm: compaction_test: fix bogus test success on Aarch64
    - nilfs2: Remove check for PageError
    - nilfs2: return the mapped address from nilfs_get_page()
    - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
    - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
    - mei: me: release irq in mei_me_pci_resume error path
    - jfs: xattr: fix buffer overflow for invalid xattr
    - xhci: Set correct transferred length for cancelled bulk transfers
    - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
    - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
    - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
    - Input: try trimming too long modalias strings
    - SUNRPC: return proper error from gss_wrap_req_priv
    - gpio: tqmx86: fix typo in Kconfig label
    - HID: core: remove unnecessary WARN_ON() in implement()
    - iommu/amd: Fix sysfs leak in iommu init
    - iommu: Return right value in iommu_sva_bind_device()
    - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
    - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
    - drm/komeda: check for error-valued pointer
    - drm/bridge/panel: Fix runtime warning on panel bridge release
    - tcp: fix race in tcp_v6_syn_recv_sock()
    - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
      packets
    - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set
      type
    - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
    - ionic: fix use after netif_napi_del()
    - drivers: core: synchronize really_probe() and dev_uevent()
    - drm/exynos/vidi: fix memory leak in .get_modes()
    - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
    - tracing/selftests: Fix kprobe event name test for .isra. functions
    - vmci: prevent speculation leaks by sanitizing event in event_deliver()
    - fs/proc: fix softlockup in __read_vmcore
    - ocfs2: use coarse time for new created files
    - ocfs2: fix races between hole punching and AIO+DIO
    - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
    - dmaengine: axi-dmac: fix possible race in remove()
    - intel_th: pci: Add Granite Rapids support
    - intel_th: pci: Add Granite Rapids SOC support
    - intel_th: pci: Add Sapphire Rapids SOC support
    - intel_th: pci: Add Meteor Lake-S support
    - intel_th: pci: Add Lunar Lake support
    - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
    - tick/nohz_full: Don't abuse smp_call_function_single() in
      tick_setup_device()
    - hv_utils: drain the timesync packets on onchannelcallback
    - hugetlb_encode.h: fix undefined behaviour (34 << 26)
    - greybus: Fix use-after-free bug in gb_interface_release due to race
      condition.
    - usb-storage: alauda: Check whether the media is initialized
    - i2c: at91: Fix the functionality flags of the slave-only interface
    - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
    - selftests/bpf: Prevent client connect before server bind in
      test_tc_tunnel.sh
    - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
    - drop_monitor: replace spin_lock by raw_spin_lock
    - scsi: qedi: Fix crash while reading debugfs attribute
    - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
    - powerpc/pseries: Enforce hcall result buffer validity and size
    - powerpc/io: Avoid clang null pointer arithmetic warnings
    - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
    - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
    - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
    - MIPS: Octeon: Add PCIe link status check
    - MIPS: Routerboard 532: Fix vendor retry check code
    - mips: bmips: BCM6358: make sure CBR is correctly set
    - cipso: fix total option length computation
    - netrom: Fix a memory leak in nr_heartbeat_expiry()
    - ipv6: prevent possible NULL deref in fib6_nh_init()
    - ipv6: prevent possible NULL dereference in rt6_probe()
    - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
    - netns: Make get_net_ns() handle zero refcount net
    - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
    - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
    - virtio_net: checksum offloading handling fix
    - netfilter: ipset: Fix suspicious rcu_dereference_protected()
    - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
    - regulator: core: Fix modpost error "regulator_get_regmap" undefined
    - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
    - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
      fine."
    - drm/radeon: fix UBSAN warning in kv_dpm.c
    - gcov: add support for GCC 14
    - i2c: ocores: set IACK bit after core is enabled
    - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
    - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
    - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
    - arm64: dts: qcom: qcs404: fix bluetooth device address
    - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
    - Revert "kheaders: substituting --sort in archive creation"
    - kheaders: explicitly define file modes for archived headers
    - perf/core: Fix missing wakeup when waiting for context reference
    - PCI: Add PCI_ERROR_RESPONSE and related definitions
    - x86/amd_nb: Check for invalid SMN reads
    - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock
    - iio: dac: ad5592r: un-indent code-block for scale read
    - iio: dac: ad5592r: fix temperature channel scaling value
    - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
    - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
    - drm/amdgpu: fix UBSAN warning in kv_dpm.c
    - netfilter: nf_tables: validate family when identifying table via handle
    - ASoC: fsl-asoc-card: set priv->pdev before using it
    - net: dsa: microchip: fix initial port flush problem
    - net: phy: mchp: Add support for LAN8814 QUAD PHY
    - net: phy: micrel: add Microchip KSZ 9477 to the device table
    - sparc: fix old compat_sys_select()
    - parisc: use correct compat recv/recvfrom syscalls
    - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
      registers
    - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
    - mtd: partitions: redboot: Added conversion of operands to a larger type
    - net/iucv: Avoid explicit cpumask var allocation on stack
    - net/dpaa2: Avoid explicit cpumask var allocation on stack
    - ALSA: emux: improve patch ioctl data validation
    - media: dvbdev: Initialize sbuf
    - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
    - nvme: fixup comment for nvme RDMA Provider Type
    - gpio: davinci: Validate the obtained number of IRQs
    - x86: stop playing stack games in profile_pc()
    - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
    - mmc: sdhci: Do not invert write-protect twice
    - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
    - iio: adc: ad7266: Fix variable checking bug
    - iio: chemical: bme680: Fix pressure value output
    - iio: chemical: bme680: Fix calibration data variable
    - iio: chemical: bme680: Fix overflows in compensate() functions
    - iio: chemical: bme680: Fix sensor data read operation
    - net: usb: ax88179_178a: improve link status logs
    - usb: gadget: printer: SS+ support
    - usb: musb: da8xx: fix a resource leak in probe()
    - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
    - tty: mcf: MCF54418 has 10 UARTS
    - net: can: j1939: Initialize unused data in j1939_send_one()
    - net: can: j1939: recover socket queue on CAN bus error during BAM
      transmission
    - net: can: j1939: enhanced error handling for tightly received RTS messages
      in xtp_rx_rts_session_new
    - csky, hexagon: fix broken sys_sync_file_range
    - hexagon: fix fadvise64_64 calling conventions
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
    - batman-adv: Don't accept TT entries for out-of-spec VIDs
    - ata: libata-core: Fix double free on error
    - ftruncate: pass a signed offset
    - mtd: spinand: macronix: Add support for serial NAND flash
    - pwm: stm32: Refuse too small period requests
    - nfs: Leave pages in the pagecache if readpage failed
    - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
    - arm64: dts: rockchip: Add sound-dai-cells for RK3368
    - Linux 5.4.279

* CVE-2024-26921
    - skbuff: introduce skb_expand_head()
    - skb_expand_head() adjust skb->truesize incorrectly
    - inet: inet_defrag: prevent sk release while still in use

* CVE-2024-26929
    - scsi: qla2xxx: Fix double free of fcport

* CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin

* CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()

* CVE-2024-26830
    - i40e: Refactoring VF MAC filters counting to make more reliable
    - i40e: Fix MAC address setting for a VF via Host/VM
    - i40e: Do not allow untrusted VF to remove administratively set MAC

* CVE-2024-24860
    - Bluetooth: Fix atomicity violation in {min, max}_key_size_set

* CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

* CVE-2024-2201
    - [Config] Set SPECTRE_BHI_ON=y

* CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

* CVE-2021-46926
    - ALSA: hda: intel-sdw-acpi: harden detection of controller

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Fri, 02 Aug 2024 20:11:01 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-09-10:

#10

This bug is awaiting verification that the linux-raspi/5.4.0-1116.128 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-raspi' to 'verification-done-focal-linux-raspi'. If the problem still exists, change the tag 'verification-needed-focal-linux-raspi' to 'verification-failed-focal-linux-raspi'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-raspi-v2 verification-needed-focal-linux-raspi

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-09-10:

#11

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1051.55 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-xilinx-zynqmp' to 'verification-done-focal-linux-xilinx-zynqmp'. If the problem still exists, change the tag 'verification-needed-focal-linux-xilinx-zynqmp' to 'verification-failed-focal-linux-xilinx-zynqmp'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-xilinx-zynqmp-v2 verification-needed-focal-linux-xilinx-zynqmp

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-09-10:

#12

This bug is awaiting verification that the linux-hwe-5.4/5.4.0-195.215~18.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic-linux-hwe-5.4' to 'verification-done-bionic-linux-hwe-5.4'. If the problem still exists, change the tag 'verification-needed-bionic-linux-hwe-5.4' to 'verification-failed-bionic-linux-hwe-5.4'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-bionic-linux-hwe-5.4-v2 verification-needed-bionic-linux-hwe-5.4

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-09-12:

#13

Download full text (55.9 KiB)

This bug was fixed in the package linux - 5.15.0-121.131

---------------
linux (5.15.0-121.131) jammy; urgency=medium

* jammy/linux: 5.15.0-121.131 -proposed tracker (LP: #2076347)

* jammy:linux bpf selftest do not build (LP: #2076334)
- SAUCE: Revert "bpf: Allow reads from uninit stack"

linux (5.15.0-120.130) jammy; urgency=medium

* jammy/linux: 5.15.0-120.130 -proposed tracker (LP: #2075903)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.08.05)

  * Jammy update: v5.15.163 upstream stable release (LP: #2075170)
    - Compiler Attributes: Add __uninitialized macro
    - locking/mutex: Introduce devm_mutex_init()
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - crypto: aead,cipher - zeroize key buffer after use
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Check index msg_id before read or write
    - drm/amd/display: Check pipe offset before setting vblank
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - wifi: mt76: replace skb_put with skb_put_zero
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - kunit: Fix timeout message
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - igc: fix a log entry using uninitialized netdev
    - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tools/power turbostat: Remember global max_die_id
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - KVM: s390: fix LPSWEY handling
    - e1000e: Fix S0ix residency on corporate systems
    - net: allow skb_datagram_iter to be called from any context
    - wifi: wilc1000: fix ies_len type in connect path
    - riscv: kexec: Avoid deadlock in kexec crash path
    - netfilter: nf_tables: unconditionally flush pending work before notifier
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - gpiolib: of: factor...

This bug was fixed in the package linux - 5.15.0-121.131

---------------
linux (5.15.0-121.131) jammy; urgency=medium

* jammy/linux: 5.15.0-121.131 -proposed tracker (LP: #2076347)

* jammy:linux bpf selftest do not build (LP: #2076334)
    - SAUCE: Revert "bpf: Allow reads from uninit stack"

linux (5.15.0-120.130) jammy; urgency=medium

* jammy/linux: 5.15.0-120.130 -proposed tracker (LP: #2075903)

* Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.08.05)

* Jammy update: v5.15.163 upstream stable release (LP: #2075170)
    - Compiler Attributes: Add __uninitialized macro
    - locking/mutex: Introduce devm_mutex_init()
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - crypto: aead,cipher - zeroize key buffer after use
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Check index msg_id before read or write
    - drm/amd/display: Check pipe offset before setting vblank
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - wifi: mt76: replace skb_put with skb_put_zero
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - kunit: Fix timeout message
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - igc: fix a log entry using uninitialized netdev
    - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tools/power turbostat: Remember global max_die_id
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - KVM: s390: fix LPSWEY handling
    - e1000e: Fix S0ix residency on corporate systems
    - net: allow skb_datagram_iter to be called from any context
    - wifi: wilc1000: fix ies_len type in connect path
    - riscv: kexec: Avoid deadlock in kexec crash path
    - netfilter: nf_tables: unconditionally flush pending work before notifier
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - gpiolib: of: factor out code overriding gpio line polarity
    - gpiolib: of: add a quirk for reset line polarity for Himax LCDs
    - gpiolib: of: add polarity quirk for TSC2005
    - Revert "igc: fix a log entry using uninitialized netdev"
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - mm: avoid overflows in dirty throttling logic
    - btrfs: fix adding block group to a reclaim list and the unused list during
      reclaim
    - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
    - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
    - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
    - ima: Avoid blocking in RCU read-side critical section
    - media: dw2102: fix a potential buffer overflow
    - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - fs/ntfs3: Mark volume as dirty if xattr is broken
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - nvme-multipath: find NUMA path only for online numa-node
    - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
    - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
    - regmap-i2c: Subtract reg size from max_write
    - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6"
      tablet
    - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
    - nvmet: fix a possible leak when destroy a ctrl during qp establishment
    - kbuild: fix short log for AS in link-vmlinux.sh
    - nfc/nci: Add the inconsistency check between the input data length and count
    - null_blk: Do not allow runt zone with zone capacity smaller then zone size
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - mm: prevent derefencing NULL ptr in pfn_section_valid()
    - filelock: fix potential use-after-free in posix_lock_inode
    - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
    - vfs: don't mod negative dentry count when on shrinker list
    - tcp: fix incorrect undo caused by DSACK of TLP retransmit
    - skmsg: Skip zero length skb in sk_msg_recvmsg
    - octeontx2-af: Fix incorrect value output on error path in
      rvu_check_rsrc_availability()
    - net: fix rc7's __skb_datagram_iter()
    - i40e: Fix XDP program unloading while removing the driver
    - net: lantiq_etop: add blank line after declaration
    - net: ethernet: lantiq_etop: fix double free in detach
    - net: ethernet: mtk-star-emac: set mac_managed_pm when probing
    - ppp: reject claimed-as-LCP but actually malformed packets
    - ethtool: netlink: do not return SQI value if link is down
    - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
    - s390: Mark psw in __load_psw_mask() as __unitialized
    - ARM: davinci: Convert comma to semicolon
    - octeontx2-af: replace cpt slot with lf id on reg write
    - octeontx2-af: update cpt lf alloc mailbox
    - octeontx2-af: fix a issue with cpt_lf_alloc mailbox
    - octeontx2-af: fix detection of IP layer
    - octeontx2-af: extend RSS supported offload types
    - octeontx2-af: fix issue with IPv6 ext match for RSS
    - octeontx2-af: fix issue with IPv4 match for RSS
    - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
    - tcp: avoid too many retransmit packets
    - net: ks8851: Fix potential TX stall after interface reopen
    - USB: serial: option: add Telit generic core-dump composition
    - USB: serial: option: add Telit FN912 rmnet compositions
    - USB: serial: option: add Fibocom FM350-GL
    - USB: serial: option: add support for Foxconn T99W651
    - USB: serial: option: add Netprisma LCUK54 series modules
    - USB: serial: option: add Rolling RW350-GL variants
    - USB: serial: mos7840: fix crash on resume
    - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
    - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
    - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
      descriptor
    - hpet: Support 32-bit userspace
    - nvmem: rmem: Fix return value of rmem_read()
    - nvmem: meson-efuse: Fix return value of nvmem callbacks
    - nvmem: core: only change name to fram for current attribute
    - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU
    - ALSA: hda/realtek: Enable Mute LED on HP 250 G7
    - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
    - Fix userfaultfd_api to return EINVAL as expected
    - libceph: fix race between delayed_work() and ceph_monc_stop()
    - wireguard: allowedips: avoid unaligned 64-bit memory accesses
    - wireguard: queueing: annotate intentional data race in cpu round robin
    - wireguard: send: annotate intentional data race in checking empty queue
    - ipv6: annotate data-races around cnf.disable_ipv6
    - bpf: Allow reads from uninit stack
    - nilfs2: fix kernel bug on rename operation of broken directory
    - i2c: rcar: bring hardware to known state when probing
    - i2c: mark HostNotify target address as used
    - i2c: rcar: Add R-Car Gen4 support
    - i2c: rcar: reset controller is mandatory for Gen3+
    - i2c: rcar: introduce Gen4 devices
    - i2c: rcar: ensure Gen3+ reset does not disturb local targets
    - i2c: testunit: avoid re-issued work after read message
    - i2c: rcar: clear NO_RXDMA flag after resetting
    - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET
    - x86/bhi: Avoid warning in #DB handler due to BHI mitigation
    - kbuild: Make ld-version.sh more robust against version string changes
    - i2c: rcar: fix error code in probe()
    - Linux 5.15.163

* [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Jammy update:
    v5.15.163 upstream stable release (LP: #2075170)
    - bnx2x: Fix multiple UBSAN array-index-out-of-bounds

* Jammy update: v5.15.162 upstream stable release (LP: #2073765)
    - mmc: davinci_mmc: Convert to platform remove callback returning void
    - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
    - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
    - wifi: cfg80211: Lock wiphy in cfg80211_get_station
    - wifi: cfg80211: pmsr: use correct nla_get_uX functions
    - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
    - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
    - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
    - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
    - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
    - net/ncsi: Simplify Kconfig/dts control flow
    - net/ncsi: Fix the multi thread manner of NCSI driver
    - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
    - bpf: Set run context for rawtp test_run callback
    - octeontx2-af: Always allocate PF entries from low prioriy zone
    - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
    - vxlan: Fix regression when dropping packets due to invalid src addresses
    - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
    - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
    - ptp: Fix error message on failed pin verification
    - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted
      peer.
    - af_unix: Annodate data-races around sk->sk_state for writers.
    - af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
    - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
      poll().
    - net: inline sock_prot_inuse_add()
    - net: drop nopreempt requirement on sock_prot_inuse_add()
    - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().
    - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
    - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb().
    - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
    - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
    - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
    - af_unix: annotate lockless accesses to sk->sk_err
    - af_unix: Use skb_queue_empty_lockless() in unix_release_sock().
    - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
    - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
    - ipv6: fix possible race in __fib6_drop_pcpu_from()
    - usb: gadget: f_fs: use io_data->status consistently
    - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
    - iio: accel: mxc4005: Reset chip on probe() and resume()
    - drm/amd/display: Handle Y carry-over in VCP X.Y calculation
    - drm/amd/display: Clean up some inconsistent indenting
    - drm/amd/display: drop unnecessary NULL checks in debugfs
    - drm/amd/display: Fix incorrect DSC instance for MST
    - pvpanic: Keep single style across modules
    - pvpanic: Indentation fixes here and there
    - misc/pvpanic: deduplicate common code
    - misc/pvpanic-pci: register attributes via pci_driver
    - skbuff: introduce skb_pull_data
    - Bluetooth: hci_qca: mark OF related data as maybe unused
    - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
    - Bluetooth: btqca: Add WCN3988 support
    - Bluetooth: qca: use switch case for soc type behavior
    - Bluetooth: qca: add support for QCA2066
    - Bluetooth: qca: fix info leak when fetching fw build id
    - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
    - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
    - x86/ibt,ftrace: Search for __fentry__ location
    - ftrace: Fix possible use-after-free issue in ftrace_location()
    - i2c: add fwnode APIs
    - i2c: acpi: Unbind mux adapters before delete
    - cma: factor out minimum alignment requirement
    - mm/cma: drop incorrect alignment check in cma_init_reserved_mem
    - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
    - selftests/mm: conform test to TAP format output
    - selftests/mm: compaction_test: fix bogus test success on Aarch64
    - wifi: ath10k: fix QCOM_RPROC_COMMON dependency
    - btrfs: fix leak of qgroup extent records after transaction abort
    - nilfs2: Remove check for PageError
    - nilfs2: return the mapped address from nilfs_get_page()
    - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
    - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
    - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
    - mei: me: release irq in mei_me_pci_resume error path
    - jfs: xattr: fix buffer overflow for invalid xattr
    - xhci: Set correct transferred length for cancelled bulk transfers
    - xhci: Apply reset resume quirk to Etron EJ188 xHCI host
    - xhci: Handle TD clearing for multiple streams case
    - xhci: Apply broken streams quirk to Etron EJ188 xHCI host
    - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
    - powerpc/uaccess: Fix build errors seen with GCC 13/14
    - Input: try trimming too long modalias strings
    - clk: sifive: Do not register clkdevs for PRCI clocks
    - SUNRPC: return proper error from gss_wrap_req_priv
    - platform/x86: dell-smbios-base: Use sysfs_emit()
    - platform/x86: dell-smbios: Fix wrong token data in sysfs
    - gpio: tqmx86: fix typo in Kconfig label
    - gpio: tqmx86: store IRQ trigger type and unmask status separately
    - HID: core: remove unnecessary WARN_ON() in implement()
    - iommu/amd: Introduce pci segment structure
    - iommu/amd: Fix sysfs leak in iommu init
    - iommu: Return right value in iommu_sva_bind_device()
    - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
    - drm/vmwgfx: 3D disabled should not effect STDU memory limits
    - net: sfp: Always call `sfp_sm_mod_remove()` on remove
    - net: hns3: fix kernel crash problem in concurrent scenario
    - net: hns3: add cond_resched() to hns3 ring buffer init process
    - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
    - drm/komeda: check for error-valued pointer
    - drm/bridge/panel: Fix runtime warning on panel bridge release
    - tcp: fix race in tcp_v6_syn_recv_sock()
    - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
      packets
    - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set
      type
    - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs
      parameters
    - net/ipv6: Fix the RT cache flush via sysctl using a previous delay
    - ionic: fix use after netif_napi_del()
    - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
    - iio: adc: ad9467: fix scan type sign
    - iio: dac: ad5592r: fix temperature channel scaling value
    - iio: imu: inv_icm42600: delete unneeded update watermark call
    - drivers: core: synchronize really_probe() and dev_uevent()
    - drm/exynos/vidi: fix memory leak in .get_modes()
    - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
    - mptcp: ensure snd_una is properly initialized on connect
    - tracing/selftests: Fix kprobe event name test for .isra. functions
    - null_blk: Print correct max open zones limit in null_init_zoned_dev()
    - sock_map: avoid race between sock_map_close and sk_psock_put
    - vmci: prevent speculation leaks by sanitizing event in event_deliver()
    - spmi: hisi-spmi-controller: Do not override device identifier
    - knfsd: LOOKUP can return an illegal error value
    - fs/proc: fix softlockup in __read_vmcore
    - ocfs2: use coarse time for new created files
    - ocfs2: fix races between hole punching and AIO+DIO
    - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
    - dmaengine: axi-dmac: fix possible race in remove()
    - intel_th: pci: Add Granite Rapids support
    - intel_th: pci: Add Granite Rapids SOC support
    - intel_th: pci: Add Sapphire Rapids SOC support
    - intel_th: pci: Add Meteor Lake-S support
    - intel_th: pci: Add Lunar Lake support
    - nilfs2: fix potential kernel bug due to lack of writeback flag waiting
    - tick/nohz_full: Don't abuse smp_call_function_single() in
      tick_setup_device()
    - scsi: mpi3mr: Fix ATA NCQ priority support
    - mm/huge_memory: don't unpoison huge_zero_folio
    - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
    - hugetlb_encode.h: fix undefined behaviour (34 << 26)
    - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
    - mptcp: pm: update add_addr counters after connect
    - kbuild: Remove support for Clang's ThinLTO caching
    - greybus: Fix use-after-free bug in gb_interface_release due to race
      condition.
    - usb-storage: alauda: Check whether the media is initialized
    - i2c: at91: Fix the functionality flags of the slave-only interface
    - i2c: designware: Fix the functionality flags of the slave-only interface
    - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
    - Bluetooth: qca: Fix error code in qca_read_fw_build_info()
    - Bluetooth: qca: fix info leak when fetching board id
    - padata: Disable BH when taking works lock on MT path
    - crypto: hisilicon/sec - Fix memory leak for sec resource release
    - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
    - rcutorture: Make stall-tasks directly exit when rcutorture tests end
    - rcutorture: Fix invalid context warning when enable srcu barrier testing
    - block/ioctl: prefer different overflow check
    - selftests/bpf: Prevent client connect before server bind in
      test_tc_tunnel.sh
    - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update
    - batman-adv: bypass empty buckets in batadv_purge_orig_ref()
    - wifi: ath9k: work around memset overflow warning
    - af_packet: avoid a false positive warning in packet_setsockopt()
    - drop_monitor: replace spin_lock by raw_spin_lock
    - scsi: qedi: Fix crash while reading debugfs attribute
    - kselftest: arm64: Add a null pointer check
    - netpoll: Fix race condition in netpoll_owner_active
    - HID: Add quirk for Logitech Casa touchpad
    - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
    - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
    - drm/amd/display: Exit idle optimizations before HDCP execution
    - drm/lima: add mask irq callback to gp and pp
    - drm/lima: mask irqs in timeout path before hard reset
    - powerpc/pseries: Enforce hcall result buffer validity and size
    - powerpc/io: Avoid clang null pointer arithmetic warnings
    - power: supply: cros_usbpd: provide ID table for avoiding fallback match
    - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
    - f2fs: remove clear SB_INLINECRYPT flag in default_options
    - usb: misc: uss720: check for incompatible versions of the Belkin F5U002
    - Avoid hw_desc array overrun in dw-axi-dmac
    - udf: udftime: prevent overflow in udf_disk_stamp_to_time()
    - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
    - MIPS: Octeon: Add PCIe link status check
    - serial: imx: Introduce timeout when waiting on transmitter empty
    - serial: exar: adding missing CTI and Exar PCI ids
    - MIPS: Routerboard 532: Fix vendor retry check code
    - mips: bmips: BCM6358: make sure CBR is correctly set
    - tracing: Build event generation tests only as modules
    - cipso: fix total option length computation
    - netrom: Fix a memory leak in nr_heartbeat_expiry()
    - ipv6: prevent possible NULL deref in fib6_nh_init()
    - ipv6: prevent possible NULL dereference in rt6_probe()
    - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
    - netns: Make get_net_ns() handle zero refcount net
    - qca_spi: Make interrupt remembering atomic
    - net/sched: act_api: rely on rcu in tcf_idr_check_alloc
    - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
    - tipc: force a dst refcount before doing decryption
    - net/sched: act_ct: set 'net' pointer when creating new nf_flow_table
    - sched: act_ct: add netns into the key of tcf_ct_flow_table
    - ptp: fix integer overflow in max_vclocks_store
    - net: stmmac: No need to calculate speed divider when offload is disabled
    - virtio_net: checksum offloading handling fix
    - octeontx2-pf: Add error handling to VLAN unoffload handling
    - netfilter: ipset: Fix suspicious rcu_dereference_protected()
    - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6
      behaviors
    - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
    - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
    - regulator: core: Fix modpost error "regulator_get_regmap" undefined
    - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
    - dmaengine: ioat: switch from 'pci_' to 'dma_' API
    - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting()
    - dmaengine: ioatdma: Fix leaking on version mismatch
    - dmaengine: ioat: use PCI core macros for PCIe Capability
    - dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
    - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
    - dmaengine: ioatdma: Fix missing kmem_cache_destroy()
    - regulator: bd71815: fix ramp values
    - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
      fine."
    - RDMA/mlx5: Add check for srq max_sge attribute
    - serial: stm32: rework RX over DMA
    - net: do not leave a dangling sk pointer, when socket creation fails
    - btrfs: retry block group reclaim without infinite loop
    - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
    - ALSA: hda/realtek: Limit mic boost on N14AP7
    - drm/i915/mso: using joiner is not possible with eDP MSO
    - drm/radeon: fix UBSAN warning in kv_dpm.c
    - gcov: add support for GCC 14
    - kcov: don't lose track of remote references during softirqs
    - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
    - i2c: ocores: set IACK bit after core is enabled
    - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller
      schema
    - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
    - drm/amd/display: revert Exit idle optimizations before HDCP execution
    - perf: script: add raw|disasm arguments to --insn-trace option
    - perf script: Show also errors for --insn-trace option
    - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
    - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
    - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
    - rtlwifi: rtl8192de: Style clean-ups
    - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
    - pmdomain: ti-sci: Fix duplicate PD referrals
    - bcache: fix variable length array abuse in btree_iter
    - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
    - x86/cpu/vfm: Add new macros to work with (vendor/family/model) values
    - x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
    - ksmbd: ignore trailing slashes in share paths
    - drm/i915/gt: Only kick the signal worker if there's been an update
    - drm/i915/gt: Disarm breadcrumbs if engines are already idle
    - Revert "kheaders: substituting --sort in archive creation"
    - kheaders: explicitly define file modes for archived headers
    - riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef
    - riscv: fix overlap of allocated page and PTR_ERR
    - perf/core: Fix missing wakeup when waiting for context reference
    - PCI: Add PCI_ERROR_RESPONSE and related definitions
    - x86/amd_nb: Check for invalid SMN reads
    - smb: client: fix deadlock in smb2_find_smb_tcon()
    - ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable
    - ACPI: x86: Force StorageD3Enable on more products
    - gve: Add RX context.
    - gve: Clear napi->skb before dev_kfree_skb_any()
    - Input: ili210x - fix ili251x_read_touch_data() return value
    - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
    - pinctrl: rockchip: use dedicated pinctrl type for RK3328
    - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
    - cifs: fix typo in module parameter enable_gcm_256
    - drm/amdgpu: fix UBSAN warning in kv_dpm.c
    - net: mdio: add helpers to extract clause 45 regad and devad fields
    - net: stmmac: Assign configured channel value to EXTTS event
    - ASoC: fsl-asoc-card: set priv->pdev before using it
    - net: dsa: microchip: fix initial port flush problem
    - ibmvnic: Free any outstanding tx skbs during scrq reset
    - net: phy: micrel: add Microchip KSZ 9477 to the device table
    - xdp: Remove WARN() from __xdp_reg_mem_model()
    - tcp: Use BPF timeout setting for SYN ACK RTO
    - Fix race for duplicate reqsk on identical SYN
    - sparc: fix old compat_sys_select()
    - sparc: fix compat recv/recvfrom syscalls
    - parisc: use correct compat recv/recvfrom syscalls
    - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
    - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
      registers
    - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
    - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
    - vduse: validate block features only with block devices
    - vduse: Temporarily fail if control queue feature requested
    - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
    - mtd: partitions: redboot: Added conversion of operands to a larger type
    - bpf: Add a check for struct bpf_fib_lookup size
    - RDMA/restrack: Fix potential invalid address access
    - net/iucv: Avoid explicit cpumask var allocation on stack
    - net/dpaa2: Avoid explicit cpumask var allocation on stack
    - crypto: ecdh - explicitly zeroize private_key
    - ALSA: emux: improve patch ioctl data validation
    - media: dvbdev: Initialize sbuf
    - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
    - drm/radeon/radeon_display: Decrease the size of allocated memory
    - nvme: fixup comment for nvme RDMA Provider Type
    - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
    - gpio: davinci: Validate the obtained number of IRQs
    - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
    - x86: stop playing stack games in profile_pc()
    - parisc: use generic sys_fanotify_mark implementation
    - ocfs2: fix DIO failure due to insufficient transaction credits
    - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
    - mmc: sdhci: Do not invert write-protect twice
    - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
    - i2c: testunit: don't erase registers after STOP
    - i2c: testunit: discard write requests while old command is running
    - iio: adc: ad7266: Fix variable checking bug
    - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
    - iio: chemical: bme680: Fix pressure value output
    - iio: chemical: bme680: Fix calibration data variable
    - iio: chemical: bme680: Fix overflows in compensate() functions
    - iio: chemical: bme680: Fix sensor data read operation
    - net: usb: ax88179_178a: improve link status logs
    - usb: gadget: printer: SS+ support
    - usb: gadget: printer: fix races against disable
    - usb: musb: da8xx: fix a resource leak in probe()
    - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
    - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
      avoid deadlock
    - serial: 8250_omap: Implementation of Errata i2310
    - tty: mcf: MCF54418 has 10 UARTS
    - net: can: j1939: Initialize unused data in j1939_send_one()
    - net: can: j1939: recover socket queue on CAN bus error during BAM
      transmission
    - net: can: j1939: enhanced error handling for tightly received RTS messages
      in xtp_rx_rts_session_new
    - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
    - kbuild: Install dtb files as 0644 in Makefile.dtbinst
    - sh: rework sync_file_range ABI
    - csky, hexagon: fix broken sys_sync_file_range
    - hexagon: fix fadvise64_64 calling conventions
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
    - drm/amdgpu: avoid using null object of framebuffer
    - drm/i915/gt: Fix potential UAF by revoke of fence registers
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
    - batman-adv: Don't accept TT entries for out-of-spec VIDs
    - ata: ahci: Clean up sysfs file on error
    - ata: libata-core: Fix double free on error
    - ftruncate: pass a signed offset
    - syscalls: fix compat_sys_io_pgetevents_time64 usage
    - syscalls: fix sys_fanotify_mark prototype
    - pwm: stm32: Refuse too small period requests
    - nfs: Leave pages in the pagecache if readpage failed
    - drivers: fix typo in firmware/efi/memmap.c
    - efi: Correct comment on efi_memmap_alloc
    - efi: memmap: Move manipulation routines into x86 arch tree
    - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
    - efi/x86: Free EFI memory map only when installing a new one.
    - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
    - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
    - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
    - arm64: dts: rockchip: Add sound-dai-cells for RK3368
    - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
    - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
    - Linux 5.15.162

* Fix L2CAP/LE/CPU/BI-02-C bluetooth certification failure  (LP: #2072858) //
    Jammy update: v5.15.162 upstream stable release (LP: #2073765)
    - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ

* net/sched: Fix conntrack use-after-free (LP: #2073092)
    - net/sched: Fix UAF when resolving a clash

* Jammy update: v5.15.161 upstream stable release (LP: #2072617)
    - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
    - tty: n_gsm: fix missing receive state reset after mode switch
    - speakup: Fix sizeof() vs ARRAY_SIZE() bug
    - serial: 8250_bcm7271: use default_mux_rate if possible
    - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
      already"
    - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
    - ring-buffer: Fix a race between readers and resize checks
    - tools/latency-collector: Fix -Wformat-security compile warns
    - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
    - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
    - nilfs2: fix potential hang in nilfs_detach_log_writer()
    - fs/ntfs3: Remove max link count info display during driver init
    - fs/ntfs3: Taking DOS names into account during link counting
    - fs/ntfs3: Fix case when index is reused during tree transformation
    - fs/ntfs3: Break dir enumeration if directory contents error
    - ALSA: core: Fix NULL module pointer assignment at card init
    - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt
      class
    - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
    - net: usb: qmi_wwan: add Telit FN920C04 compositions
    - drm/amd/display: Set color_mgmt_changed to true on unsuspend
    - selftests: sud_test: return correct emulated syscall value on RISC-V
    - regulator: irq_helpers: duplicate IRQ name
    - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
    - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
    - regulator: vqmmc-ipq4019: fix module autoloading
    - ASoC: rt715: add vendor clear control register
    - ASoC: rt715-sdca: volume step modification
    - softirq: Fix suspicious RCU usage in __do_softirq()
    - ASoC: da7219-aad: fix usage of device_get_named_child_node()
    - drm/amdkfd: Flush the process wq before creating a kfd_process
    - x86/mm: Remove broken vsyscall emulation code from the page fault code
    - nvme: find numa distance only if controller has valid numa id
    - epoll: be better about file lifetimes
    - openpromfs: finish conversion to the new mount API
    - crypto: bcm - Fix pointer arithmetic
    - mm/slub, kunit: Use inverted data to corrupt kmem cache
    - firmware: raspberrypi: Use correct device for DMA mappings
    - ecryptfs: Fix buffer size for tag 66 packet
    - nilfs2: fix out-of-range warning
    - parisc: add missing export of __cmpxchg_u8()
    - crypto: ccp - drop platform ifdef checks
    - crypto: x86/nh-avx2 - add missing vzeroupper
    - crypto: x86/sha256-avx2 - add missing vzeroupper
    - crypto: x86/sha512-avx2 - add missing vzeroupper
    - s390/cio: fix tracepoint subchannel type field
    - jffs2: prevent xattr node from overflowing the eraseblock
    - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
    - null_blk: Fix missing mutex_destroy() at module removal
    - md: fix resync softlockup when bitmap size is less than array size
    - wifi: ath10k: poll service ready message before failing
    - x86/boot: Ignore relocations in .notes sections in walk_relocs() too
    - sched/fair: Add EAS checks before updating root_domain::overutilized
    - qed: avoid truncating work queue length
    - bpf: Pack struct bpf_fib_lookup
    - scsi: ufs: qcom: Perform read back after writing reset bit
    - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
    - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
    - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
    - scsi: ufs: qcom: Perform read back after writing unipro mode
    - scsi: ufs: qcom: Perform read back after writing CGC enable
    - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
    - scsi: ufs: core: Perform read back after disabling interrupts
    - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
    - irqchip/alpine-msi: Fix off-by-one in allocation error path
    - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
    - ACPI: disable -Wstringop-truncation
    - gfs2: Don't forget to complete delayed withdraw
    - gfs2: Fix "ignore unlock failures after withdraw"
    - selftests/bpf: Fix umount cgroup2 error in test_sockmap
    - cpufreq: Reorganize checks in cpufreq_offline()
    - cpufreq: Split cpufreq_offline()
    - cpufreq: Rearrange locking in cpufreq_remove_dev()
    - cpufreq: exit() callback is optional
    - net: export inet_lookup_reuseport and inet6_lookup_reuseport
    - net: remove duplicate reuseport_lookup functions
    - udp: Avoid call to compute_score on multiple sites
    - cppc_cpufreq: Fix possible null pointer dereference
    - scsi: libsas: Fix the failure of adding phy with zero-address to port
    - scsi: hpsa: Fix allocation size for Scsi_Host private data
    - x86/purgatory: Switch to the position-independent small code model
    - thermal/drivers/tsens: Fix null pointer dereference
    - wifi: ath10k: Fix an error code problem in
      ath10k_dbg_sta_write_peer_debug_trigger()
    - wifi: ath10k: populate board data for WCN3990
    - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset
      handlers
    - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family
      switches
    - tcp: avoid premature drops in tcp_add_backlog()
    - pwm: sti: Convert to platform remove callback returning void
    - pwm: sti: Prepare removing pwm_chip from driver data
    - pwm: sti: Simplify probe function using devm functions
    - net: give more chances to rcu in netdev_wait_allrefs_any()
    - macintosh/via-macii: Fix "BUG: sleeping function called from invalid
      context"
    - wifi: carl9170: add a proper sanity check for endpoints
    - wifi: ar5523: enable proper endpoint verification
    - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
    - Revert "sh: Handle calling csum_partial with misaligned data"
    - selftests/binderfs: use the Makefile's rules, not Make's implicit rules
    - selftests/resctrl: fix clang build failure: use LOCAL_HDRS
    - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
    - scsi: bfa: Ensure the copied buf is NUL terminated
    - scsi: qedf: Ensure the copied buf is NUL terminated
    - scsi: qla2xxx: Fix debugfs output for fw_resource_count
    - wifi: mwl8k: initialize cmd->addr[] properly
    - usb: aqc111: stop lying about skb->truesize
    - net: usb: sr9700: stop lying about skb->truesize
    - m68k: Fix spinlock race in kernel thread creation
    - m68k: mac: Fix reboot hang on Mac IIci
    - net: ipv6: fix wrong start position when receive hop-by-hop fragment
    - eth: sungem: remove .ndo_poll_controller to avoid deadlocks
    - net: ethernet: cortina: Locking fixes
    - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
    - net: usb: smsc95xx: stop lying about skb->truesize
    - net: openvswitch: fix overwriting ct original tuple for ICMPv6
    - ipv6: sr: add missing seg6_local_exit
    - ipv6: sr: fix incorrect unregister order
    - ipv6: sr: fix invalid unregister error path
    - net/mlx5: Discard command completions in internal error
    - s390/bpf: Emit a barrier for BPF_FETCH instructions
    - mptcp: SO_KEEPALIVE: fix getsockopt support
    - printk: Let no_printk() use _printk()
    - dev_printk: Add and use dev_no_printk()
    - drm/amd/display: Fix potential index out of bounds in color transformation
      function
    - ASoC: Intel: Disable route checks for Skylake boards
    - mtd: core: Report error if first mtd_otp_size() call fails in
      mtd_otp_nvmem_add()
    - mtd: rawnand: hynix: fixed typo
    - fbdev: shmobile: fix snprintf truncation
    - ASoC: kirkwood: Fix potential NULL dereference
    - drm/meson: vclk: fix calculation of 59.94 fractional rates
    - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
    - powerpc/fsl-soc: hide unused const variable
    - fbdev: sisfb: hide unused variables
    - media: ngene: Add dvb_ca_en50221_init return value check
    - media: radio-shark2: Avoid led_names truncations
    - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
    - media: ipu3-cio2: Use temporary storage for struct device pointer
    - media: ipu3-cio2: Request IRQ earlier
    - media: dt-bindings: ovti,ov2680: Fix the power supply names
    - fbdev: sh7760fb: allow modular build
    - media: atomisp: ssh_css: Fix a null-pointer dereference in
      load_video_binaries
    - drm/arm/malidp: fix a possible null pointer dereference
    - drm: vc4: Fix possible null pointer dereference
    - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
    - drm/bridge: lt8912b: Don't log an error when DSI host can't be found
    - drm/bridge: lt9611: Don't log an error when DSI host can't be found
    - drm/bridge: tc358775: Don't log an error when DSI host can't be found
    - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
    - drm/mipi-dsi: use correct return type for the DSC functions
    - RDMA/mlx5: Adding remote atomic access flag to updatable flags
    - RDMA/hns: Fix return value in hns_roce_map_mr_sg
    - RDMA/hns: Fix deadlock on SRQ async events.
    - RDMA/hns: Fix GMV table pagesize
    - RDMA/hns: Use complete parentheses in macros
    - RDMA/hns: Modify the print level of CQE error
    - clk: qcom: mmcc-msm8998: fix venus clock issue
    - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
    - ext4: avoid excessive credit estimate in ext4_tmpfile()
    - virt: acrn: Prefer array_size and struct_size over open coded arithmetic
    - virt: acrn: stop using follow_pfn
    - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
    - sunrpc: removed redundant procp check
    - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
    - ext4: fix unit mismatch in ext4_mb_new_blocks_simple
    - ext4: try all groups in ext4_mb_new_blocks_simple
    - ext4: remove unused parameter from ext4_mb_new_blocks_simple()
    - ext4: fix potential unnitialized variable
    - SUNRPC: Fix gss_free_in_token_pages()
    - selftests/kcmp: Make the test output consistent and clear
    - selftests/kcmp: remove unused open mode
    - RDMA/IPoIB: Fix format truncation compilation errors
    - selftests: net: bridge: increase IGMP/MLD exclude timeout membership
      interval
    - net: qrtr: ns: Fix module refcnt
    - netrom: fix possible dead-lock in nr_rt_ioctl()
    - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
    - sched/fair: Allow disabling sched_balance_newidle with
      sched_relax_domain_level
    - sched/core: Fix incorrect initialization of the 'burst' parameter in
      cpu_max_write()
    - greybus: lights: check return of get_channel_from_mode
    - f2fs: Delete f2fs_copy_page() and replace with memcpy_page()
    - f2fs: fix to wait on page writeback in __clone_blkaddrs()
    - soundwire: cadence: fix invalid PDI offset
    - dmaengine: idma64: Add check for dma_set_max_seg_size
    - firmware: dmi-id: add a release callback function
    - serial: max3100: Lock port->lock when calling uart_handle_cts_change()
    - serial: max3100: Update uart_driver_registered on driver removal
    - serial: max3100: Fix bitwise types
    - greybus: arche-ctrl: move device table to its right location
    - PCI: tegra194: Fix probe path for Endpoint mode
    - serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
    - dt-bindings: PCI: rcar-pci-host: Add optional regulators
    - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
    - f2fs: compress: fix to relocate check condition in
      f2fs_{release,reserve}_compress_blocks()
    - f2fs: convert to use sbi directly
    - f2fs: compress: fix to relocate check condition in
      f2fs_ioc_{,de}compress_file()
    - f2fs: do not allow partial truncation on pinned file
    - f2fs: fix typos in comments
    - f2fs: fix to relocate check condition in f2fs_fallocate()
    - f2fs: fix to check pinfile flag in f2fs_move_file_range()
    - coresight: etm4x: Fix unbalanced pm_runtime_enable()
    - iio: pressure: dps310: support negative temperature values
    - coresight: etm4x: Do not hardcode IOMEM access for register restore
    - coresight: etm4x: Do not save/restore Data trace control registers
    - coresight: no-op refactor to make INSTP0 check more idiomatic
    - coresight: etm4x: Cleanup TRCIDR0 register accesses
    - coresight: etm4x: Safe access for TRCQCLTR
    - coresight: etm4x: Fix access to resource selector registers
    - fpga: region: Use standard dev_release for class driver
    - fpga: region: add owner module and take its refcount
    - microblaze: Remove gcc flag for non existing early_printk.c file
    - microblaze: Remove early printk call from cpuinfo-static.c
    - dt-bindings: pinctrl: mediatek: mt7622: fix array properties
    - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
    - watchdog: bd9576: Drop "always-running" property
    - usb: gadget: u_audio: Clear uac pointer when freed.
    - stm class: Fix a double free in stm_register_device()
    - ppdev: Remove usage of the deprecated ida_simple_xx() API
    - ppdev: Add an error check in register_device
    - extcon: max8997: select IRQ_DOMAIN instead of depending on it
    - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
    - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
    - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem
      lock
    - f2fs: fix to release node block count in error path of f2fs_new_node_page()
    - f2fs: compress: don't allow unaligned truncation on released compress inode
    - serial: sh-sci: protect invalidating RXDMA on shutdown
    - libsubcmd: Fix parse-options memory leak
    - s390/vdso: filter out mno-pic-data-is-text-relative cflag
    - s390/vdso64: filter out munaligned-symbols flag for vdso
    - s390/vdso: Generate unwind information for C modules
    - s390/vdso: Use standard stack frame layout
    - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
    - s390/ipl: Fix incorrect initialization of nvme dump block
    - s390/boot: Remove alt_stfle_fac_list from decompressor
    - Input: ims-pcu - fix printf string overflow
    - Input: ioc3kbd - convert to platform remove callback returning void
    - Input: ioc3kbd - add device table
    - mmc: sdhci_am654: Add tuning algorithm for delay chain
    - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
    - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
    - mmc: sdhci_am654: Add OTAP/ITAP delay enable
    - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
    - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
    - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
    - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk
    - drm/msm/dpu: Always flush the slave INTF on the CTL
    - um: Fix return value in ubd_init()
    - um: vector: fix bpfflash parameter evaluation
    - fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
    - fs/ntfs3: Use variable length array instead of fixed size
    - drm/bridge: tc358775: fix support for jeida-18 and jeida-24
    - media: stk1160: fix bounds checking in stk1160_copy_video()
    - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
    - Input: cyapa - add missing input core locking to suspend/resume functions
    - media: flexcop-usb: clean up endpoint sanity checks
    - media: flexcop-usb: fix sanity check of bNumEndpoints
    - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
    - um: Fix the -Wmissing-prototypes warning for __switch_mm
    - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
    - media: cec: cec-api: add locking in cec_release()
    - media: cec: call enable_adap on s_log_addrs
    - media: cec: abort if the current transmit was canceled
    - media: cec: correctly pass on reply results
    - media: cec: use call_op and check for !unregistered
    - media: cec-adap.c: drop activate_cnt, use state info instead
    - media: cec: core: avoid recursive cec_claim_log_addrs
    - media: cec: core: avoid confusing "transmit timed out" message
    - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
    - ASoC: mediatek: mt8192: fix register configuration for tdm
    - regulator: bd71828: Don't overwrite runtime voltages
    - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when
      UNWINDER_FRAME_POINTER=y
    - [Config] Update CONFIG_ARCH_WANT_FRAME_POINTERS
    - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
    - ipv6: sr: fix missing sk_buff release in seg6_input_core
    - nfc: nci: Fix uninit-value in nci_rx_work
    - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
    - NFSv4: Fixup smatch warning for ambiguous return
    - sunrpc: fix NFSACL RPC retry on soft mount
    - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
    - af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
    - ipv6: sr: fix memleak in seg6_hmac_init_algo
    - tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
    - openvswitch: Set the skbuff pkt_type for proper pmtud support.
    - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
    - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
    - riscv: stacktrace: Make walk_stackframe cross pt_regs frame
    - riscv: stacktrace: fixed walk_stackframe()
    - net: fec: avoid lock evasion when reading pps_enable
    - tls: fix missing memory barrier in tls_init
    - nfc: nci: Fix kcov check in nci_rx_work()
    - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
    - ice: Interpret .set_channels() input differently
    - netfilter: nfnetlink_queue: acquire rcu_read_lock() in
      instance_destroy_rcu()
    - netfilter: nft_payload: restore vlan q-in-q match support
    - spi: Don't mark message DMA mapped when no transfer in it is
    - dma-mapping: benchmark: fix node id validation
    - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
    - nvmet: fix ns enable/disable possible hang
    - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
    - net/mlx5e: Fix IPsec tunnel mode offload feature check
    - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
      exhaustion
    - dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
    - bpf: Fix potential integer overflow in resolve_btfids
    - enic: Validate length of nl attributes in enic_set_vf_port
    - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
    - bpf: Allow delete from sockmap/sockhash only if update is allowed
    - net:fec: Add fec_enet_deinit()
    - netfilter: nft_payload: move struct nft_payload_set definition where it
      belongs
    - netfilter: nft_payload: rebuild vlan header when needed
    - netfilter: nft_payload: rebuild vlan header on h_proto access
    - netfilter: nft_payload: skbuff vlan metadata mangle support
    - netfilter: tproxy: bail out if IP has been disabled on the device
    - kconfig: fix comparison to constant symbols, 'm', 'n'
    - spi: stm32: Don't warn about spurious interrupts
    - net: ena: Add capabilities field with support for ENI stats capability
    - net: ena: Extract recurring driver reset code into a function
    - net: ena: Do not waste napi skb cache
    - net: ena: Add dynamic recycling mechanism for rx buffers
    - net: ena: Reduce lines with longer column width boundary
    - net: ena: Fix redundant device NUMA node override
    - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
    - hwmon: (shtc1) Fix property misspelling
    - ALSA: timer: Set lower bound of start tick time
    - KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID
    - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
    - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
    - media: cec: core: add adap_nb_transmit_canceled() callback
    - SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
    - drm: Check output polling initialized before disabling
    - drm: Check polling initialized before enabling in
      drm_helper_probe_single_connector_modes
    - mmc: core: Do not force a retune before RPMB switch
    - io_uring: fail NOP if non-zero op flags is passed in
    - afs: Don't cross .backup mountpoint from backup volume
    - nilfs2: fix use-after-free of timer for log writer thread
    - mptcp: fix full TCP keep-alive support
    - vxlan: Fix regression when dropping packets due to invalid src addresses
    - net: dsa: sja1105: always enable the INCL_SRCPT option
    - net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT
    - scripts/gdb: fix SB_* constants parsing
    - sunrpc: exclude from freezer when waiting for requests:
    - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
    - media: lgdt3306a: Add a check against null-pointer-def
    - drm/amdgpu: add error handle to avoid out-of-bounds
    - ata: pata_legacy: make legacy_exit() work again
    - thermal/drivers/qcom/lmh: Check for SCM availability at probe
    - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request
    - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
    - arm64: tegra: Correct Tegra132 I2C alias
    - arm64: dts: qcom: qcs404: fix bluetooth device address
    - md/raid5: fix deadlock that raid5d() wait for itself to clear
      MD_SB_CHANGE_PENDING
    - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
    - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
    - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
    - arm64: dts: hi3798cv200: fix the size of GICR
    - media: mc: mark the media devnode as registered from the, start
    - media: mxl5xx: Move xpt structures off stack
    - media: v4l2-core: hold videodev_lock until dev reg, finishes
    - mmc: core: Add mmc_gpiod_set_cd_config() function
    - mmc: sdhci-acpi: Sort DMI quirks alphabetically
    - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
    - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
    - fbdev: savage: Handle err return when savagefb_check_var failed
    - drm/amdgpu/atomfirmware: add intergrated info v2.3 table
    - KVM: arm64: Fix AArch32 register narrowing on userspace write
    - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
    - crypto: ecdsa - Fix module auto-load on add-key
    - crypto: ecrdsa - Fix module auto-load on add_key
    - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
    - net/ipv6: Fix route deleting failure when metric equals 0
    - net/9p: fix uninit-value in p9_client_rpc()
    - intel_th: pci: Add Meteor Lake-S CPU support
    - sparc64: Fix number of online CPUs
    - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
    - kdb: Fix buffer overflow during tab-complete
    - kdb: Use format-strings rather than '\0' injection in kdb_read()
    - kdb: Fix console handling when editing and tab-completing commands
    - kdb: Merge identical case statements in kdb_read()
    - kdb: Use format-specifiers rather than memset() for padding in kdb_read()
    - net: fix __dst_negative_advice() race
    - sparc: move struct termio to asm/termios.h
    - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
    - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
    - s390/ap: Fix crash in AP internal function modify_bitmap()
    - s390/cpacf: Split and rework cpacf query functions
    - s390/cpacf: Make use of invalid opcode produce a link error
    - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
    - EDAC/igen6: Convert PCIBIOS_* return codes to errnos
    - nfs: fix undefined behavior in nfs_block_bits()
    - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
    - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
    - Linux 5.15.161

* Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
    (LP: #2073267)
    - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"

* CVE-2024-26921
    - inet: inet_defrag: prevent sk release while still in use

* Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
    CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin

* CVE-2024-39292
    - um: Add winch to winch_handlers before registering winch IRQ

* CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()

* CVE-2024-26830
    - i40e: Do not allow untrusted VF to remove administratively set MAC

* CVE-2024-26680
    - net: atlantic: Fix DMA mapping for PTP hwts ring

* CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

* CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Fri, 09 Aug 2024 10:15:16 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Ubuntu
linux package

[SRU] UBSAN warnings in bnx2x kernel driver

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Status tracked in Oracular
Focal	Fix Released	High	Ghadi Rahme
Jammy	Fix Released	High	Ghadi Rahme
Noble	Fix Committed	High	Ghadi Rahme
Oracular	Fix Released	High	Ghadi Rahme

Ubuntulinux package

[SRU] UBSAN warnings in bnx2x kernel driver

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package