Ubuntu
linux package

L2 Guest migration: continuously dumping while running NFS guest migration

Bug #2076406 reported by bugproxy on 2024-08-09

This bug affects 1 person

	Status	Importance	Assigned to
The Ubuntu-power-systems project	Fix Released	Critical	Ubuntu on IBM Power Systems Bug Triage
linux (Ubuntu)	Fix Released	High	Unassigned
Noble	Fix Released	High	Canonical Kernel Team
Oracular	Fix Released	High	Unassigned

Bug Description

SRU Justification:

[ Impact ]

* While doing ISST testing it turned out that a 2nd level (KVM)
guest (aka VM) continuously dumped when running an NFS
guest migration.

[ Test Plan ]

* Setup two IBM Power 10 system (with firmware 1060, that offers
support for KVM) with Ubuntu Server 24.04 for ppc64el.

* Setup qemu/KVM on both on these system to allow guest migration.

* Setup a KVM guest and place its disk on an NFS volume.

* Now initiate a guest migration.

* Without the two patches the initiator system will start to dump.

* Since this setup requires a special firmware level,
the verification will be done by the IBM Power team.

[ Where problems could occur ]

* Although the patch set looks huge,
the patches themselves are relatively small and less invasive
and I would consider them mainly as fixes.

* kvmppc_set_one_reg_hv() wrongly get() the value instead of
set() for MMCR3.

* And The kvmppc_get_one_reg_hv() for SDAR is wrongly getting
the SIAR instead of SDAR - which is quite traceable.

* Then a one-reg interface for DEXCR register KVM_REG_PPC_DEXCR
   is introduced. Here issues can happen if the initialization
   is done wrong or in the case statement.
   A fix was added to keep nested guest DEXCR in sync.
   The guest state element defined for DEXCR was already there,
   but not really considered - this is fixed now (DEXCR GSID).
   If initialization was done wrong or code in case stmt,
   this can harm the guest state.
   Guest state may get out of sync.

* Another one-reg register identifier was introduced
   that is used to read and set the virtual HASHKEYR
   for the guest during enter/exit with KVM_REG_PPC_HASHKEYR.
   Again initialization and the case code are critical.
   Code was added to keep nested guest HASHKEYR in sync.
   Again the state element defined for HASHKEYR was there,
   but not considered, what is fixed now (HASHKEYR GSID)
   If initialization was done wrong or code in case stmt,
   this can harm the guest state.
   This can harm the L2 guest during enter or exit.

* Again another one-reg identifier was introduced
   that is used to read and set the virtual HASHPKEYR
   for the guest during enter/exit with KVM_REG_PPC_HASHPKEYR.
   And again the guest state element defined for HASHPKEYR
   was there but ignored which is now fixed (HASHPKEYR GSID).
   If initialization was done wrong or code in case stmt,
   this can harm the guest state.
   This can harm the L2 guest during enter or exit.

[ Other Info ]

* Since (nested) KVM support is new on P10,
   this does not affect older Power generation
   (P9 is the only other hw generation that is supported by 24.04,
   but it only supports native virtualization).

* Both patches are upstream accepted since v6.11(-rc1),
hence will be in oracular
and are also upstream tagged as stable updates.

* Since the required firmware FW1060 is relatively new,
we can assume that not many user ran into this issue yet.
__________

== Comment: #0 - SEETEENA THOUFEEK <email address hidden> - 2024-08-09 03:50:24 ==
+++ This bug was initially created as a clone of Bug #206737 +++

---Problem Description---
L2 Guest migration: evelp2g4[L2]: while running NFS guest migration continuously dumping smp_call_function_many_cond+0x500/0x738 (unreliable) and watchdog: BUG: soft lockup - CPU#14 stuck for 223s! [systemd-homed}

---uname output---
NA

Machine Type = NA

Contact Information = NA

[79205.163691] Hardware name: IBM pSeries (emulated by qemu) POWER10 (raw) 0x800200 0xf000006 of:SLOF,HEAD hv:linux,kvm pSeries
[79205.163834] NIP: c0000000002bb7a4 LR: c0000000002bb750 CTR: c0000000000d192c
[79205.163929] REGS: c0000003871cf1b0 TRAP: 0900 Tainted: G L
[79205.165041] MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 44042222 XER: 20040004
[79205.165266] CFAR: 0000000000000000 IRQMASK: 0
               GPR00: c0000000002bbc58 c0000003871cf450 c0000000020ded00 0000000000000009
               GPR04: 0000000000000009 0000000000000009 0000000000000080 0000000000000200
               GPR08: 00000000000001ff 0000000000000001 c000000740f57ee0 0000000044048222
               GPR12: c0000000000d192c c000000743ddc980 0000000000000000 0000000000000000
               GPR16: 0000000000000000 c00000000d86e200 0000000000000001 0000000000000001
               GPR20: 000000000000000c c000000003d06188 c0000000000ac4d0 c00000000a374e00
               GPR24: c000000003d06840 0000000000000000 c000000741193188 c000000741193188
               GPR28: c000000741193180 c000000003d06840 0000000000000048 0000000000000009
[79205.171660] NIP [c0000000002bb7a4] smp_call_function_many_cond+0x1e0/0x738
[79205.171752] LR [c0000000002bb750] smp_call_function_many_cond+0x18c/0x738
[79205.171835] Call Trace:
[79205.171869] [c0000003871cf450] [c0000000002bbc58] smp_call_function_many_cond+0x694/0x738 (unreliable)
[79205.171986] [c0000003871cf520] [c0000000000ac4d0] radix__tlb_flush+0x4c/0x140
[79205.173636] [c0000003871cf560] [c00000000052e900] tlb_finish_mmu+0x130/0x1f0
[79205.173754] [c0000003871cf590] [c00000000052a280] exit_mmap+0x1cc/0x574
[79205.173848] [c0000003871cf6c0] [c00000000016ec9c] __mmput+0x54/0x1d4
[79205.173939] [c0000003871cf6f0] [c0000000006385c4] begin_new_exec+0x6dc/0xefc
[79205.174037] [c0000003871cf780] [c0000000006edea8] load_elf_binary+0x4c8/0x1a50
[79205.174136] [c0000003871cf880] [c0000000006361c8] bprm_execve+0x2b4/0x7a0
[79205.174219] [c0000003871cf950] [c000000000637988] do_execveat_common+0x1c0/0x2d8
[79205.174316] [c0000003871cf9f0] [c000000000638e38] sys_execve+0x54/0x6c
[79205.174399] [c0000003871cfa20] [c00000000002fec8] system_call_exception+0x168/0x310
[79205.174497] [c0000003871cfe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec
[79205.176245] --- interrupt: 3000 at 0x7fff95b10b08
[79205.176326] NIP: 00007fff95b10b08 LR: 00007fff95b10b08 CTR: 0000000000000000
[79205.176438] REGS: c0000003871cfe80 TRAP: 3000 Tainted: G L (
[79205.176558] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 48044424 XER: 00000000
[79205.176686] IRQMASK: 0
               GPR00: 000000000000000b 00007fffe6919aa0 00007fff95c47c00 0000000152598c80
               GPR04: 00007fffe6919bf8 00000001525db6e0 ffffffffffffffff 00007fffe6919a20
               GPR08: 0000000152598c88 0000000000000000 0000000000000000 0000000000000000
               GPR12: 0000000000000000 00007fff969a4220 0000000152585570 0000000000000000
               GPR16: 00007fffe6919c48 0000000000000570 0000000152598c80 0000000000000000
               GPR20: 0000000000000000 0000000000009998 000000015259a450 0000000152586460
               GPR24: 00000001525bca90 00007fffe6919e48 0000000000000000 00000001525db6e0
               GPR28: 0000000117e98448 00000001525d0b00 0000000000000000 0000000000100000
[79205.177505] NIP [00007fff95b10b08] 0x7fff95b10b08
[79205.177578] LR [00007fff95b10b08] 0x7fff95b10b08
[79205.177649] --- interrupt: 3000

Steps to reproduce: Install the build on NFS storage guest kernel 6.8.10-300

Start the HTX workload - mdt.less

Start the NFS guest migration between the L2 hosts.

Sourece L2 host : evelp2
Target L2 host : rinlp1

migration command : virsh migrate --live --domain $vm_name qemu+ssh://$target_host/system --verbose --undefinesource --persistent --timeout 120

Share the same NFS storage between two hosts [here /kvm_pool]
10.33.4.52:/kvm_pool nfs4 650G 304G 347G 47% /kvm_pool

Test running : HTX

Guest state : up

------------------------------------------------------------------------------------- --------------------------------------

L2 guest Config:

(1) Problem on Guest: evelp2g4

(2) PHYP/ Processor Type: KVM/P10/Everest

(3) Rootvg Filesystem: EXT4

(5) Network Bridge: Macvtap

(6) IO Disk Type/Driver: qemu-img/ qcow2

(7) Install Disk Type: Single

------------------------------------------------------------------------------------- --------------------------------------

L1 host details :

MDC mode : off

(1) PHYP/ Processor Type: KVM/P10/Everest

(2) CEC Name: evelp2

(3) Rootvg Filesystem: xfs

(5) Network Interface: Dedicated Network

(6) IO Type: NVME

(8) Multipath Enabled: no

(9) Install Disk Type: Single

(10) MMU: RPT

The kernel patches are at
https://<email address hidden>/T/#t

Qemu patches are at
https://lore.kernel.org/qemu-devel/171760304518.1127.12881297254648658843.stgit@ad1b393f0e09/

powerpc/topic/ppc-kvm.

See original description

Tags:

CVE References

bugproxy (bugproxy) on 2024-08-09

tags:	added: architecture-ppc64le bugnameltc-208511 severity-critical targetmilestone-inin2404
Changed in ubuntu:
assignee:	nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
affects:	ubuntu → kernel-package (Ubuntu)

Frank Heimes (fheimes) on 2024-08-28

affects:	kernel-package (Ubuntu) → linux (Ubuntu)
Changed in ubuntu-power-systems:
assignee:	nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
importance:	Undecided → Critical
Changed in linux (Ubuntu):
importance:	Undecided → High
Changed in linux (Ubuntu Noble):
importance:	Undecided → High
status:	New → Triaged
Changed in ubuntu-power-systems:
status:	New → Triaged
Changed in linux (Ubuntu Oracular):
assignee:	Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) → nobody

Frank Heimes (fheimes) on 2024-08-28

Changed in linux (Ubuntu Oracular):
status:	New → Fix Committed

Frank Heimes (fheimes) on 2024-08-30

summary:

- ISST-LTE:KOP:1060FW:evelp2 :L2 Guest migration: evelp2g4[L2]: while
- running NFS guest migration continuously dumping
- smp_call_function_many_cond+0x500/0x738 (unreliable) and watchdog: BUG:
- soft lockup - CPU#14 stuck for 223s! [systemd-homed} (Fedora)
+ L2 Guest migration: continuously dumping while running NFS guest
+ migration

Frank Heimes (fheimes) on 2024-08-30

description:

updated

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-09-02:

A test kernel was build in this PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/lp2076406

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-09-02:

Pull request submitted to kernel team's mailing list:
https://lists.ubuntu.com/archives/kernel-team/2024-September/thread.html#153261
changing status to 'In Progress', assigning kernel team.

Changed in linux (Ubuntu Noble):
status:	Triaged → In Progress
Changed in ubuntu-power-systems:
status:	Triaged → In Progress
Changed in linux (Ubuntu Noble):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)

Timo Aaltonen (tjaalton) on 2024-09-24

Changed in linux (Ubuntu Oracular):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-09-26:

Stefan Bader (smb) on 2024-09-26

Changed in linux (Ubuntu Noble):
status:	In Progress → Fix Committed

Frank Heimes (fheimes) on 2024-09-26

Changed in ubuntu-power-systems:
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-10-01:

This bug is awaiting verification that the linux/6.8.0-48.48 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux

Revision history for this message

bugproxy (bugproxy) wrote on 2024-10-04: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-10-04 01:43 EDT-------
informed test team. will update the test results.

Revision history for this message

bugproxy (bugproxy) wrote on 2024-10-10:

------- Comment From <email address hidden> 2024-10-09 02:40 EDT-------
This issue is fixed.

Ref https://bugzilla.linux.ibm.com/show_bug.cgi?id=206737#c35

Thanks

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-10-12:

This bug is awaiting verification that the linux-aws-6.8/6.8.0-1018.19~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.8' to 'verification-done-jammy-linux-aws-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.8' to 'verification-failed-jammy-linux-aws-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws-6.8-v2 verification-needed-jammy-linux-aws-6.8

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-10-12:

This bug is awaiting verification that the linux-oracle-6.8/6.8.0-1015.15~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-oracle-6.8' to 'verification-done-jammy-linux-oracle-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-oracle-6.8' to 'verification-failed-jammy-linux-oracle-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oracle-6.8-v2 verification-needed-jammy-linux-oracle-6.8

Revision history for this message

bugproxy (bugproxy) wrote on 2024-10-16:

------- Comment From <email address hidden> 2024-10-16 02:18 EDT-------
Test team will be able to conclude and validate the bug soon as possible. will update the bug.

Revision history for this message

bugproxy (bugproxy) wrote on 2024-10-16:

#10

------- Comment From <email address hidden> 2024-10-16 16:44 EDT-------
HOST[SOURCE](non-MDC):
OS : ubuntu
Kernel: 6.8.0-48-generic
qemu : QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.2)
libvirt : libvirtd (libvirt) 10.0.0

HOST[DESTINATION](NON-MDC)
OS: ubuntu
Kernel: 6.8.0-48-generic
qemu : QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.2)
libvirt : libvirtd (libvirt) 10.0.0

GUEST:
OS : ubuntu
kernel: 6.8.0-47-generic

It is working fine with default bridge.I need to try it once with macvtap network too, updating the results for default bridge network!

Steps i tried:
1) Start the NFS backed guest[default bridge]
2) Start htx mdt.less on the guest

root@ubuntu:~/HTX htxcmdline -sut localhost -run -mdt mdt.less

######################## Result Starts Here ################################
ECG (/usr/lpp/htx/mdt/mdt.less) Activated.
######################### Result Ends Here #################################
root@ubuntu:~/HTX

3) Let this HTX run for 2-3 hours
4) Started migration and it worked fine, the guest is up and running!

date;virsh migrate --live --domain ubuntu qemu+ssh:/dest/system --verbose --undefinesource --persistent --timeout 120;date
Wed Oct 16 08:35:18 PM UTC 2024
Migration: [100.00 %]
Wed Oct 16 08:37:39 PM UTC 2024

5) Check the guest on destination host
root@ubuntu:~/HTX htxcmdline -query -mdt mdt.*

######################## Result Starts Here ################################
Currently running ECG/MDT : /usr/lpp/htx/mdt/mdt.less
===========================
Specified ECG/MDT</usr/lpp/htx/mdt/mdt.*> is not currently running
######################### Result Ends Here #################################

Conclusion: Working fine with default bridge network

Thanks,
Anushree Mathur

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-10-17:

#11

Thanks Anushree for the successful verification!
(I'll update the tags accordingly ...)

tags:

added: verification-done-noble-linux
removed: verification-needed-noble-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-10-17:

#12

This bug is awaiting verification that the linux-xilinx/6.8.0-1009.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-done-noble-linux-xilinx'. If the problem still exists, change the tag 'verification-needed-noble-linux-xilinx' to 'verification-failed-noble-linux-xilinx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-xilinx-v2 verification-needed-noble-linux-xilinx

Revision history for this message

bugproxy (bugproxy) wrote on 2024-10-17:

#13

------- Comment From <email address hidden> 2024-10-17 11:13 EDT-------
Hi fheimes,
I have tried with macvtap network and it is working fine in this scenario too!

ANALYSIS
HOST[SOURCE](Non-MDC):
OS : ubuntu
Kernel: 6.8.0-48-generic
qemu : QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.2)
libvirt : libvirtd (libvirt) 10.0.0

HOST[DESTINATION](NON-MDC)
OS: ubuntu
Kernel: 6.8.0-48-generic
qemu : QEMU emulator version 8.2.2 (Debian 1:8.2.2+ds-0ubuntu1.2)
libvirt : libvirtd (libvirt) 10.0.0

GUEST:
OS : ubuntu
kernel: 6.8.0-47-generic

Steps i tried:
1) Started the guest with macvtap network
2) Started HTX mdt.less

root@ubuntu:~/HTX htxcmdline -sut localhost -run -mdt mdt.less

3) Started the migration, it got completed fine

virsh migrate --live --domain ubuntu qemu+ssh://dest/system --verbose --undefinesource --persistent --timeout 120
Migration: [100.00 %]

4) After 1 hour also guest was up and running.

virsh console ubuntu
Connected to domain 'ubuntu'
Escape character is ^] (Ctrl + ])

root@ubuntu:~/HTX
root@ubuntu:~/HTX
root@ubuntu:~/HTX
root@ubuntu:~/HTX
root@ubuntu:~/HTX
root@ubuntu:~/HTX
root@ubuntu:~/HTX

5) I tried the migration back to the source host and that also worked fine

virsh migrate --live --domain ubuntu qemu+ssh://dest/system --verbose --undefinesource --persistent --timeout 120

Migration: [100.00 %]

Conclusion:
All the scenarios are working fine!

Thanks,
Anushree Mathur

Revision history for this message

Frank Heimes (fheimes) wrote on 2024-10-17:

#14

Many thanks Anushree for this double verification, now also with macvtap - that's great and gives confidence.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-10-30:

#15

Download full text (49.8 KiB)

This bug was fixed in the package linux - 6.8.0-48.48

---------------
linux (6.8.0-48.48) noble; urgency=medium

* noble/linux: 6.8.0-48.48 -proposed tracker (LP: #2082437)

  * [SRU][Noble] Bad EPP defaults cause performance regressions on select Intel
    CPUs (LP: #2077470)
    - x86/cpu/vfm: Update arch/x86/include/asm/intel-family.h
    - cpufreq: intel_pstate: Allow model specific EPPs
    - cpufreq: intel_pstate: Update default EPPs for Meteor Lake
    - cpufreq: intel_pstate: Switch to new Intel CPU model defines
    - cpufreq: intel_pstate: Update Meteor Lake EPPs
    - cpufreq: intel_pstate: Use Meteor Lake EPPs for Arrow Lake
    - cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids

* power: Enable intel_rapl driver (LP: #2078834)
- powercap: intel_rapl: Add support for ArrowLake-H platform

  * x86/vmware: Add TDX hypercall support (LP: #2077729)
    - x86/vmware: Introduce VMware hypercall API
    - x86/vmware: Add TDX hypercall support

  * Guest crashes post migration with migrate_misplaced_folio+0x4cc/0x5d0
    (LP: #2076866)
    - mm/mempolicy: use numa_node_id() instead of cpu_to_node()
    - mm/numa_balancing: allow migrate on protnone reference with
      MPOL_PREFERRED_MANY policy
    - mm: convert folio_estimated_sharers() to folio_likely_mapped_shared()
    - mm: factor out the numa mapping rebuilding into a new helper
    - mm: support multi-size THP numa balancing
    - mm/migrate: make migrate_misplaced_folio() return 0 on success
    - mm/migrate: move NUMA hinting fault folio isolation + checks under PTL
    - mm: fix possible OOB in numa_rebuild_large_mapping()

  * Add 'mm: hold PTL from the first PTE while reclaiming a large folio' to fix
    L2 Guest hang during LTP Test (LP: #2076147)
    - mm: hold PTL from the first PTE while reclaiming a large folio

  * KOP L2 guest fails to boot with 1 core - SMT8 topology (LP: #2070329)
    - KVM: PPC: Book3S HV nestedv2: Add DPDES support in helper library for Guest
      state buffer
    - KVM: PPC: Book3S HV nestedv2: Fix doorbell emulation

  * L2 Guest migration: continuously dumping while running NFS guest migration
    (LP: #2076406)
    - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
    - KVM: PPC: Book3S HV: Fix the get_one_reg of SDAR
    - KVM: PPC: Book3S HV: Add one-reg interface for DEXCR register
    - KVM: PPC: Book3S HV nestedv2: Keep nested guest DEXCR in sync
    - KVM: PPC: Book3S HV: Add one-reg interface for HASHKEYR register
    - KVM: PPC: Book3S HV nestedv2: Keep nested guest HASHKEYR in sync
    - KVM: PPC: Book3S HV: Add one-reg interface for HASHPKEYR register
    - KVM: PPC: Book3S HV nestedv2: Keep nested guest HASHPKEYR in sync

* perf build disables tracepoint support (LP: #2076190)
- [Packaging] perf: reenable libtraceevent

  * Please backport the more restrictive XSAVES deactivation for Zen1/2 arch
    (LP: #2077321)
    - x86/CPU/AMD: Improve the erratum 1386 workaround

  * Fix alsa scarlett2 driver in 6.8 (LP: #2076402)
    - ALSA: scarlett2: Move initialisation code lower in the source
    - ALSA: scarlett2: Implement handling of the ACK notification

* rtw89: reset IDMEM mode to preven...

This bug was fixed in the package linux - 6.8.0-48.48

---------------
linux (6.8.0-48.48) noble; urgency=medium

* noble/linux: 6.8.0-48.48 -proposed tracker (LP: #2082437)

* power: Enable intel_rapl driver (LP: #2078834)
    - powercap: intel_rapl: Add support for ArrowLake-H platform

* x86/vmware: Add TDX hypercall support (LP: #2077729)
    - x86/vmware: Introduce VMware hypercall API
    - x86/vmware: Add TDX hypercall support

* Add 'mm: hold PTL from the first PTE while reclaiming a large folio' to fix
    L2 Guest hang during LTP Test (LP: #2076147)
    - mm: hold PTL from the first PTE while reclaiming a large folio

* perf build disables tracepoint support (LP: #2076190)
    - [Packaging] perf: reenable libtraceevent

* Please backport the more restrictive XSAVES deactivation for  Zen1/2 arch
    (LP: #2077321)
    - x86/CPU/AMD: Improve the erratum 1386 workaround

* Fix alsa scarlett2 driver in 6.8  (LP: #2076402)
    - ALSA: scarlett2: Move initialisation code lower in the source
    - ALSA: scarlett2: Implement handling of the ACK notification

* rtw89: reset IDMEM mode to prevent download firmware failure (LP: #2077396)
    - wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure

* CVE-2024-43858
    - jfs: Fix array-index-out-of-bounds in diFree

* CVE-2024-42280
    - mISDN: Fix a use after free in hfcmulti_tx()

* CVE-2024-42271
    - net/iucv: fix use after free in iucv_sock_close()

* [Ubuntu-24.04] FADump with recommended crash size is making the L1 hang
    (LP: #2060039)
    - powerpc/64s/radix/kfence: map __kfence_pool at page granularity

* Noble update: upstream stable patchset 2024-09-09 (LP: #2079945)
    - ocfs2: add bounds checking to ocfs2_check_dir_entry()
    - jfs: don't walk off the end of ealist
    - fs/ntfs3: Add a check for attr_names and oatbl
    - fs/ntfs3: Validate ff offset
    - usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup
    - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
    - arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio
    - arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB
    - arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB
    - arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB
    - arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB
    - ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused
    - ALSA: seq: ump: Skip useless ports for static blocks
    - filelock: Fix fcntl/close race recovery compat path
    - tun: add missing verification for short frame
    - tap: add missing verification for short frame
    - s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()
    - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop
    - arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode
    - arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode
    - arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio
    - arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB
    - arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB
    - arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB
    - Upstream stable to v6.6.43, v6.9.12

* Noble update: upstream stable patchset 2024-09-02 (LP: #2078304)
    - filelock: Remove locks reliably when fcntl/close race is detected
    - scsi: core: alua: I/O errors for ALUA state transitions
    - scsi: sr: Fix unintentional arithmetic wraparound
    - scsi: qedf: Don't process stag work during unload and recovery
    - scsi: qedf: Wait for stag work during unload
    - scsi: qedf: Set qed_slowpath_params to zero before use
    - efi/libstub: zboot.lds: Discard .discard sections
    - ACPI: EC: Abort address space access upon error
    - ACPI: EC: Avoid returning AE_OK on errors in address space handler
    - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs
    - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
    - wifi: mac80211: apply mcast rate only if interface is up
    - wifi: mac80211: handle tasklet frames before stopping
    - wifi: cfg80211: fix 6 GHz scan request building
    - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
    - wifi: iwlwifi: mvm: remove stale STA link data during restart
    - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
    - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill
    - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option
    - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill
    - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
    - selftests: cachestat: Fix build warnings on ppc64
    - selftests/openat2: Fix build warnings on ppc64
    - selftests/futex: pass _GNU_SOURCE without a value to the compiler
    - of/irq: Factor out parsing of interrupt-map parent phandle+args from
      of_irq_parse_raw()
    - Input: silead - Always support 10 fingers
    - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
    - ila: block BH in ila_output()
    - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process
    - null_blk: fix validation of block size
    - kconfig: gconf: give a proper initial state to the Save button
    - kconfig: remove wrong expr_trans_bool()
    - input: Add event code for accessibility key
    - input: Add support for "Do Not Disturb"
    - HID: Ignore battery for ELAN touchscreens 2F2C and 4116
    - NFSv4: Fix memory leak in nfs4_set_security_label
    - nfs: propagate readlink errors in nfs_symlink_filler
    - nfs: Avoid flushing many pages with NFS_FILE_SYNC
    - nfs: don't invalidate dentries on transient errors
    - cachefiles: add consistency check for copen/cread
    - cachefiles: Set object to close if ondemand_id < 0 in copen
    - cachefiles: make on-demand read killable
    - fs/file: fix the check in find_next_fd()
    - mei: demote client disconnect warning on suspend to debug
    - iomap: Fix iomap_adjust_read_range for plen calculation
    - drm/exynos: dp: drop driver owner initialization
    - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN
    - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time
    - nvme: avoid double free special payload
    - nvmet: always initialize cqe.result
    - ALSA: hda: cs35l56: Fix lifecycle of codec pointer
    - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
    - ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5
    - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
    - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
    - ALSA: hda/realtek: Add more codec ID to no shutup pins list
    - spi: Fix OCTAL mode support
    - cpumask: limit FORCE_NR_CPUS to just the UP case
    - [Config] Remove FORCE_NR_CPUS
    - selftests: openvswitch: Set value to nla flags.
    - drm/amdgpu: Indicate CU havest info to CP
    - ALSA: hda: cs35l56: Select SERIAL_MULTI_INSTANTIATE
    - mips: fix compat_sys_lseek syscall
    - Input: elantech - fix touchpad state on resume for Lenovo N24
    - Input: i8042 - add Ayaneo Kun to i8042 quirk table
    - ASoC: rt722-sdca-sdw: add silence detection register as volatile
    - Input: xpad - add support for ASUS ROG RAIKIRI PRO
    - ASoC: topology: Fix references to freed memory
    - ASoC: topology: Do not assign fields that are already set
    - bytcr_rt5640 : inverse jack detect for Archos 101 cesium
    - ALSA: dmaengine: Synchronize dma channel after drop()
    - ASoC: ti: davinci-mcasp: Set min period size using FIFO config
    - ASoC: ti: omap-hdmi: Fix too long driver name
    - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback
    - ASoC: rt722-sdca-sdw: add debounce time for type detection
    - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA.
    - Input: ads7846 - use spi_device_id table
    - can: kvaser_usb: fix return value for hif_usb_send_regout
    - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
    - octeontx2-pf: Fix coverity and klockwork issues in octeon PF driver
    - s390/sclp: Fix sclp_init() cleanup on failure
    - platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources
    - platform/x86: wireless-hotkey: Add support for LG Airplane Button
    - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
    - platform/x86: lg-laptop: Change ACPI device id
    - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB
    - btrfs: qgroup: fix quota root leak after quota disable failure
    - ibmvnic: Add tx check to prevent skb leak
    - ALSA: PCM: Allow resume only for suspended streams
    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
    - ALSA: dmaengine_pcm: terminate dmaengine before synchronize
    - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA
    - net: usb: qmi_wwan: add Telit FN912 compositions
    - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and
      DEV_STATS_ADD()
    - powerpc/pseries: Whitelist dtl slub object for copying to userspace
    - powerpc/eeh: avoid possible crash when edev->pdev changes
    - scsi: libsas: Fix exp-attached device scan after probe failure scanned in
      again after probe failed
    - tee: optee: ffa: Fix missing-field-initializers warning
    - Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
    - Bluetooth: btnxpuart: Enable Power Save feature on startup
    - bluetooth/l2cap: sync sock recv cb and release
    - erofs: ensure m_llen is reset to 0 if metadata is invalid
    - drm/amd/display: Add refresh rate range check
    - drm/amd/display: Account for cursor prefetch BW in DML1 mode support
    - drm/amd/display: Fix refresh rate range for some panel
    - drm/radeon: check bo_va->bo is non-NULL before using it
    - fs: better handle deep ancestor chains in is_subdir()
    - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK
    - drivers/perf: riscv: Reset the counter to hpmevent mapping while starting
      cpus
    - riscv: stacktrace: fix usage of ftrace_graph_ret_addr()
    - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
    - ksmbd: return FILE_DEVICE_DISK instead of super magic
    - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by
      MAX_BDL_ENTRIES
    - selftest/timerns: fix clang build failures for abs() calls
    - selftests/vDSO: fix clang build errors and warnings
    - hfsplus: fix uninit-value in copy_name
    - selftests/bpf: Extend tcx tests to cover late tcx_entry release
    - spi: mux: set ctlr->bits_per_word_mask
    - ALSA: hda: Use imply for suggesting CONFIG_SERIAL_MULTI_INSTANTIATE
    - [Config] Update CONFIG_SERIAL_MULTI_INSTANTIATE
    - cifs: fix noisy message on copy_file_range
    - Bluetooth: L2CAP: Fix deadlock
    - of/irq: Disable "interrupt-map" parsing for PASEMI Nemo
    - wifi: cfg80211: wext: set ssids=NULL for passive scans
    - wifi: mac80211: disable softirqs for queued frame handling
    - wifi: iwlwifi: mvm: don't wake up rx_sync_waitq upon RFKILL
    - cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
    - cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()
    - btrfs: ensure fast fsync waits for ordered extents after a write failure
    - PNP: Hide pnp_bus_type from the non-PNP code
    - ACPI: AC: Properly notify powermanagement core about changes
    - selftests/overlayfs: Fix build error on ppc64
    - nvme-fabrics: use reserved tag for reg read/write command
    - LoongArch: Fix GMAC's phy-mode definitions in dts
    - io_uring: fix possible deadlock in io_register_iowq_max_workers()
    - vfio: Create vfio_fs_type with inode per device
    - vfio/pci: Use unmap_mapping_range()
    - parport: amiga: Mark driver struct with __refdata to prevent section
      mismatch
    - drm: renesas: shmobile: Call drm_atomic_helper_shutdown() at shutdown time
    - vfio/pci: Insert full vma on mmap'd MMIO fault
    - ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5
    - ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4
    - ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4
    - wifi: mac80211: Avoid address calculations via out of bounds array indexing
    - drm/amd/display: change dram_clock_latency to 34us for dcn35
    - closures: Change BUG_ON() to WARN_ON()
    - ASoC: codecs: ES8326: Solve headphone detection issue
    - ASoC: Intel: avs: Fix route override
    - net: mvpp2: fill-in dev_port attribute
    - btrfs: scrub: handle RST lookup error correctly
    - clk: qcom: apss-ipq-pll: remove 'config_ctl_hi_val' from Stromer pll configs
    - drm/amd/display: Update efficiency bandwidth for dcn351
    - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport
    - btrfs: fix uninitialized return value in the ref-verify tool
    - spi: davinci: Unset POWERDOWN bit when releasing resources
    - mm: page_ref: remove folio_try_get_rcu()
    - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x
      Gen4
    - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume()
    - Upstream stable to v6.6.42, v6.9.11

* CVE-2024-27022
    - Revert "Revert "fork: defer linking file vma until vma is fully
      initialized""

* UBSAN: array-index-out-of-bounds in /build/linux-Z1RxaK/linux-
    6.8.0/drivers/gpu/drm/amd/amdgpu/../pm/powerplay/hwmgr/processpptables.c:124
    9:61 (LP: #2078041)
    - drm/amdgpu/pptable: convert some variable sized arrays to [] style
    - drm/amdgpu: convert some variable sized arrays to [] style
    - drm/amdgpu/pptable: Fix UBSAN array-index-out-of-bounds

* alsa: Headphone and Speaker couldn't output sound intermittently
    (LP: #2077690)
    - ALSA: hda/realtek - Fixed ALC256 headphone no sound
    - ALSA: hda/realtek - FIxed ALC285 headphone no sound

* Fix ethernet performance on JSL and EHL (LP: #2077858)
    - intel_idle: Disable promotion to C1E on Jasper Lake and Elkhart Lake

* Noble update: upstream stable patchset 2024-08-29 (LP: #2078289)
    - Revert "usb: xhci: prevent potential failure in handle_tx_event() for
      Transfer events without TRB"
    - Compiler Attributes: Add __uninitialized macro
    - mm: prevent derefencing NULL ptr in pfn_section_valid()
    - scsi: ufs: core: Fix ufshcd_clear_cmd racing issue
    - scsi: ufs: core: Fix ufshcd_abort_one racing issue
    - vfio/pci: Init the count variable in collecting hot-reset devices
    - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop
    - cachefiles: stop sending new request when dropping object
    - cachefiles: cancel all requests for the object that is being dropped
    - cachefiles: wait for ondemand_object_worker to finish when dropping object
    - cachefiles: cyclic allocation of msg_id to avoid reuse
    - cachefiles: add missing lock protection when polling
    - dsa: lan9303: Fix mapping between DSA port number and PHY address
    - filelock: fix potential use-after-free in posix_lock_inode
    - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
    - vfs: don't mod negative dentry count when on shrinker list
    - net: bcmasp: Fix error code in probe()
    - tcp: fix incorrect undo caused by DSACK of TLP retransmit
    - bpf: Fix too early release of tcx_entry
    - net: phy: microchip: lan87xx: reinit PHY after cable test
    - skmsg: Skip zero length skb in sk_msg_recvmsg
    - octeontx2-af: Fix incorrect value output on error path in
      rvu_check_rsrc_availability()
    - net: fix rc7's __skb_datagram_iter()
    - i40e: Fix XDP program unloading while removing the driver
    - net: ethernet: lantiq_etop: fix double free in detach
    - bpf: fix order of args in call to bpf_map_kvcalloc
    - bpf: make timer data struct more generic
    - bpf: replace bpf_timer_init with a generic helper
    - bpf: Fail bpf_timer_cancel when callback is being cancelled
    - net: ethernet: mtk-star-emac: set mac_managed_pm when probing
    - ppp: reject claimed-as-LCP but actually malformed packets
    - ethtool: netlink: do not return SQI value if link is down
    - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
    - net, sunrpc: Remap EPERM in case of connection failure in
      xs_tcp_setup_socket
    - s390: Mark psw in __load_psw_mask() as __unitialized
    - arm64: dts: qcom: sc8180x: Fix LLCC reg property again
    - firmware: cs_dsp: Fix overflow checking of wmfw header
    - firmware: cs_dsp: Return error if block header overflows file
    - firmware: cs_dsp: Validate payload length before processing block
    - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
    - ASoC: SOF: Intel: hda: fix null deref on system suspend entry
    - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
    - ARM: davinci: Convert comma to semicolon
    - octeontx2-af: replace cpt slot with lf id on reg write
    - octeontx2-af: fix a issue with cpt_lf_alloc mailbox
    - octeontx2-af: fix detection of IP layer
    - octeontx2-af: fix issue with IPv6 ext match for RSS
    - octeontx2-af: fix issue with IPv4 match for RSS
    - cifs: fix setting SecurityFlags to true
    - Revert "sched/fair: Make sure to try to detach at least one movable task"
    - tcp: avoid too many retransmit packets
    - net: ks8851: Fix deadlock with the SPI chip variant
    - net: ks8851: Fix potential TX stall after interface reopen
    - USB: serial: option: add Telit generic core-dump composition
    - USB: serial: option: add Telit FN912 rmnet compositions
    - USB: serial: option: add Fibocom FM350-GL
    - USB: serial: option: add support for Foxconn T99W651
    - USB: serial: option: add Netprisma LCUK54 series modules
    - USB: serial: option: add Rolling RW350-GL variants
    - USB: serial: mos7840: fix crash on resume
    - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
    - usb: dwc3: pci: add support for the Intel Panther Lake
    - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
    - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
      descriptor
    - misc: microchip: pci1xxxx: Fix return value of nvmem callbacks
    - hpet: Support 32-bit userspace
    - xhci: always resume roothubs if xHC was reset during resume
    - s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()
    - mm: vmalloc: check if a hash-index is in cpu_possible_mask
    - mm/filemap: skip to create PMD-sized page cache if needed
    - mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
    - ksmbd: discard write access to the directory open
    - iio: trigger: Fix condition for own trigger
    - arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical
      timer
    - arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on
    - nvmem: rmem: Fix return value of rmem_read()
    - nvmem: meson-efuse: Fix return value of nvmem callbacks
    - nvmem: core: only change name to fram for current attribute
    - platform/x86: toshiba_acpi: Fix array out-of-bounds access
    - tty: serial: ma35d1: Add a NULL check for of_node
    - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU
    - ALSA: hda/realtek: Enable Mute LED on HP 250 G7
    - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
    - Fix userfaultfd_api to return EINVAL as expected
    - pmdomain: qcom: rpmhpd: Skip retention level for Power Domains
    - libceph: fix race between delayed_work() and ceph_monc_stop()
    - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency
    - cpufreq: ACPI: Mark boost policy as enabled when setting boost
    - cpufreq: Allow drivers to advertise boost enabled
    - wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
    - wireguard: allowedips: avoid unaligned 64-bit memory accesses
    - wireguard: queueing: annotate intentional data race in cpu round robin
    - wireguard: send: annotate intentional data race in checking empty queue
    - misc: fastrpc: Fix DSP capabilities request
    - misc: fastrpc: Avoid updating PD type for capability request
    - misc: fastrpc: Copy the complete capability structure to user
    - misc: fastrpc: Fix memory leak in audio daemon attach operation
    - misc: fastrpc: Fix ownership reassignment of remote heap
    - misc: fastrpc: Restrict untrusted app to attach to privileged PD
    - mm/shmem: disable PMD-sized page cache if needed
    - mm/damon/core: merge regions aggressively when max_nr_regions is unmet
    - selftests/net: fix gro.c compilation failure due to non-existent
      opt_ipproto_off
    - ext4: avoid ptr null pointer dereference
    - sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath
    - i2c: rcar: bring hardware to known state when probing
    - i2c: mark HostNotify target address as used
    - i2c: rcar: ensure Gen3+ reset does not disturb local targets
    - i2c: testunit: avoid re-issued work after read message
    - i2c: rcar: clear NO_RXDMA flag after resetting
    - x86/bhi: Avoid warning in #DB handler due to BHI mitigation
    - kbuild: Make ld-version.sh more robust against version string changes
    - spi: axi-spi-engine: fix sleep calculation
    - minixfs: Fix minixfs_rename with HIGHMEM
    - bpf: Defer work in bpf_timer_cancel_and_free
    - netfilter: nf_tables: prefer nft_chain_validate
    - arm64: dts: qcom: x1e80100-*: Allocate some CMA buffers
    - arm64: dts: qcom: sm6115: add iommu for sdhc_1
    - arm64: dts: qcom: qdu1000: Fix LLCC reg property
    - net: ethtool: Fix RSS setting
    - nilfs2: fix kernel bug on rename operation of broken directory
    - cachestat: do not flush stats in recency check
    - mm: fix crashes from deferred split racing folio migration
    - nvmem: core: limit cell sysfs permissions to main attribute ones
    - serial: imx: ensure RTS signal is not left active after shutdown
    - mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE
    - mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
    - mm/readahead: limit page cache size in page_cache_ra_order()
    - Revert "dt-bindings: cache: qcom,llcc: correct QDU1000 reg entries"
    - sched/deadline: Fix task_struct reference leak
    - Upstream stable to v6.6.40, v6.6.41, v6.9.10

* [SRU][HPE 24.04] Intel FVL NIC FW flash fails with inbox driver, causing
    driver not detected (LP: #2076675) // Noble update: upstream stable patchset
    2024-08-29 (LP: #2078289)
    - i40e: fix: remove needless retries of NVM update

* CVE-2024-41022
    - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

*  Deadlock occurs while suspending md raid  (LP: #2073695)
    - md: change the return value type of md_write_start to void
    - md: fix deadlock between mddev_suspend and flush bio

* Lenovo X12 Detachable Gen 2 unresponsive under light load (LP: #2076361)
    - drm/i915: Enable Wa_16019325821
    - drm/i915/guc: Add support for w/a KLVs
    - drm/i915/guc: Enable Wa_14019159160

* Regression: unable to reach low idle states on Tiger Lake (LP: #2072679)
    - SAUCE: PCI: ASPM: Allow OS to configure ASPM where BIOS is incapable of
    - SAUCE: PCI: vmd: Let OS control ASPM for devices under VMD domain

* Noble update: upstream stable patchset 2024-08-22 (LP: #2077600)
    - locking/mutex: Introduce devm_mutex_init()
    - leds: an30259a: Use devm_mutex_init() for mutex initialization
    - crypto: hisilicon/debugfs - Fix debugfs uninit process issue
    - drm/lima: fix shared irq handling on driver remove
    - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - selftests/bpf: adjust dummy_st_ops_success to detect additional error
    - selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops
    - selftests/bpf: dummy_st_ops should reject 0 for non-nullable params
    - RISC-V: KVM: Fix the initial sample period value
    - crypto: aead,cipher - zeroize key buffer after use
    - media: mediatek: vcodec: Only free buffer VA that is not NULL
    - drm/amdgpu: Fix uninitialized variable warnings
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Check index msg_id before read or write
    - drm/amd/display: Check pipe offset before setting vblank
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - drm/amd/display: Fix uninitialized variables in DM
    - drm/amdgpu: fix uninitialized scalar variable warning
    - drm/amdgpu: fix the warning about the expression (int)size - len
    - media: dw2102: Don't translate i2c read into write
    - riscv: Apply SiFive CIP-1200 workaround to single-ASID sfence.vma
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - wifi: mt76: replace skb_put with skb_put_zero
    - wifi: mt76: mt7996: add sanity checks for background radar trigger
    - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - kunit: Fix timeout message
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - selftests/net: fix uninitialized variables
    - igc: fix a log entry using uninitialized netdev
    - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
    - serial: imx: Raise TX trigger level to 8
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - btrfs: scrub: initialize ret in scrub_simple_mirror() to fix compilation
      warning
    - cdrom: rearrange last_media_change check to avoid unintentional overflow
    - tools/power turbostat: Remember global max_die_id
    - vhost: Use virtqueue mutex for swapping worker
    - vhost: Release worker mutex during flushes
    - vhost_task: Handle SIGKILL by flushing work and exiting
    - mac802154: fix time calculation in ieee802154_configure_durations()
    - net: phy: phy_device: Fix PHY LED blinking code comment
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - net/mlx5: E-switch, Create ingress ACL when needed
    - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup()
    - Bluetooth: hci_event: Fix setting of unicast qos interval
    - Bluetooth: Ignore too large handle values in BIG
    - Bluetooth: ISO: Check socket flag instead of hcon
    - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
    - KVM: s390: fix LPSWEY handling
    - e1000e: Fix S0ix residency on corporate systems
    - gpiolib: of: fix lookup quirk for MIPS Lantiq
    - net: allow skb_datagram_iter to be called from any context
    - net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
    - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from
      __netif_rx()
    - gpio: mmio: do not calculate bgpio_bits via "ngpios"
    - wifi: wilc1000: fix ies_len type in connect path
    - riscv: kexec: Avoid deadlock in kexec crash path
    - netfilter: nf_tables: unconditionally flush pending work before notifier
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI
      file
    - gpiolib: of: add polarity quirk for TSC2005
    - cpu: Fix broken cmdline "nosmp" and "maxcpus=0"
    - platform/x86: toshiba_acpi: Fix quickstart quirk handling
    - Revert "igc: fix a log entry using uninitialized netdev"
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - mm: avoid overflows in dirty throttling logic
    - btrfs: fix adding block group to a reclaim list and the unused list during
      reclaim
    - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
    - Bluetooth: hci_bcm4377: Fix msgid release
    - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - drm: panel-orientation-quirks: Add quirk for Valve Galileo
    - clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag
    - clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
    - powerpc/pseries: Fix scv instruction crash with kexec
    - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0
    - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
    - mtd: rawnand: Fix the nand_read_data_op() early check
    - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
    - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
    - net: stmmac: dwmac-qcom-ethqos: fix error array size
    - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B
    - media: dw2102: fix a potential buffer overflow
    - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
    - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs
    - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - fs/ntfs3: Mark volume as dirty if xattr is broken
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - vhost-scsi: Handle vhost_vq_work_queue failures for events
    - nvme-multipath: find NUMA path only for online numa-node
    - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
    - connector: Fix invalid conversion in cn_proc.h
    - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
    - regmap-i2c: Subtract reg size from max_write
    - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6"
      tablet
    - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
    - nvmet: fix a possible leak when destroy a ctrl during qp establishment
    - kbuild: fix short log for AS in link-vmlinux.sh
    - nfc/nci: Add the inconsistency check between the input data length and count
    - spi: cadence: Ensure data lines set to low during dummy-cycle period
    - ALSA: ump: Set default protocol when not given explicitly
    - drm/amdgpu: silence UBSAN warning
    - null_blk: Do not allow runt zone with zone capacity smaller then zone size
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - leds: mlxreg: Use devm_mutex_init() for mutex initialization
    - net: dql: Avoid calling BUG() when WARN() is enough
    - drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf
    - bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
    - drm/amdgpu: fix double free err_addr pointer warnings
    - drm/amd/display: Fix overlapping copy within dml_core_mode_programming
    - drm/amd/display: update pipe topology log to support subvp
    - drm/amd/display: Do not return negative stream id for array
    - drm/amd/display: ASSERT when failing to find index by plane/stream id
    - usb: xhci: prevent potential failure in handle_tx_event() for Transfer
      events without TRB
    - media: i2c: st-mipid02: Use the correct div function
    - media: tc358746: Use the correct div_ function
    - crypto: hisilicon/sec2 - fix for register offset
    - s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
    - s390/pkey: Wipe copies of clear-key structures on failure
    - s390/pkey: Wipe copies of protected- and secure-keys
    - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
    - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP
    - net: txgbe: remove separate irq request for MSI and INTx
    - net: txgbe: add extra handle for MSI/INTx into thread irq handle
    - net: txgbe: free isb resources at the right time
    - btrfs: always do the basic checks for btrfs_qgroup_inherit structure
    - net: phy: aquantia: add missing include guards
    - drm/fbdev-generic: Fix framebuffer on big endian devices
    - net: stmmac: enable HW-accelerated VLAN stripping for gmac4 only
    - net: rswitch: Avoid use-after-free in rswitch_poll()
    - ice: use proper macro for testing bit
    - drm/xe/mcr: Avoid clobbering DSS steering
    - tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO.
    - btrfs: zoned: fix calc_available_free_space() for zoned mode
    - btrfs: fix folio refcount in __alloc_dummy_extent_buffer()
    - Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report
    - drm/xe: fix error handling in xe_migrate_update_pgtables
    - drm/ttm: Always take the bo delayed cleanup path for imported bos
    - fs: don't misleadingly warn during thaw operations
    - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs
    - drm/amdgpu: correct hbm field in boot status
    - Upstream stable to v6.6.38, v6.6.39, v6.9.9

* Panels show garbage or flickering when i915.psr2 enabled (LP: #2069993)
    - SAUCE: drm/i915/display/psr: add a psr2 disable quirk table
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x4d_0x10_0x93_0x15
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x30_0xe4_0x8b_0x07
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x30_0xe4_0x78_0x07
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x30_0xe4_0x8c_0x07
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x06_0xaf_0x9a_0xf9
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x4d_0x10_0x8f_0x15
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x06_0xaf_0xa3_0xc3

* Random flickering with Intel i915 (Gen9 GPUs in 6th-8th gen CPUs) on Linux
    6.8 (LP: #2062951)
    - SAUCE: iommu/intel: disable DMAR for SKL integrated gfx

* [SRU][22.04.5]: mpi3mr driver update (LP: #2073583)
    - scsi: mpi3mr: HDB allocation and posting for hardware and firmware buffers
    - scsi: mpi3mr: Trigger support
    - scsi: mpi3mr: Add ioctl support for HDB
    - scsi: mpi3mr: Support PCI Error Recovery callback handlers
    - scsi: mpi3mr: Prevent PCI writes from driver during PCI error recovery
    - scsi: mpi3mr: Driver version update

* Fix power consumption while using HW accelerated video decode on AMD
    platforms (LP: #2073282)
    - drm/amdgpu/vcn: identify unified queue in sw init
    - drm/amdgpu/vcn: not pause dpg for unified queue

* Noble update: upstream stable patchset 2024-08-09 (LP: #2076435)
    - usb: typec: ucsi: Never send a lone connector change ack
    - usb: typec: ucsi: Ack also failed Get Error commands
    - Input: ili210x - fix ili251x_read_touch_data() return value
    - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
    - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
    - pinctrl: rockchip: use dedicated pinctrl type for RK3328
    - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
    - MIPS: pci: lantiq: restore reset gpio polarity
    - ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk
    - ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision
    - ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init
    - workqueue: Increase worker desc's length to 32
    - ASoC: q6apm-lpass-dai: close graph on prepare errors
    - bpf: Add missed var_off setting in set_sext32_default_val()
    - bpf: Add missed var_off setting in coerce_subreg_to_size_sx()
    - s390/pci: Add missing virt_to_phys() for directed DIBV
    - ASoC: amd: acp: add a null check for chip_pdev structure
    - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe()
    - ASoC: fsl-asoc-card: set priv->pdev before using it
    - net: dsa: microchip: fix initial port flush problem
    - openvswitch: get related ct labels from its master if it is not confirmed
    - mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
    - ibmvnic: Free any outstanding tx skbs during scrq reset
    - net: phy: micrel: add Microchip KSZ 9477 to the device table
    - net: dsa: microchip: use collision based back pressure mode
    - ice: Rebuild TC queues on VSI queue reconfiguration
    - xdp: Remove WARN() from __xdp_reg_mem_model()
    - netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when
      CONFIG_SYSCTL=n
    - btrfs: use NOFS context when getting inodes during logging and log replay
    - Fix race for duplicate reqsk on identical SYN
    - ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages
    - net: dsa: microchip: fix wrong register write when masking interrupt
    - sparc: fix old compat_sys_select()
    - sparc: fix compat recv/recvfrom syscalls
    - parisc: use correct compat recv/recvfrom syscalls
    - powerpc: restore some missing spu syscalls
    - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO
    - ALSA: seq: Fix missing MSB in MIDI2 SPP conversion
    - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
      registers
    - net: mana: Fix possible double free in error handling path
    - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
    - vduse: validate block features only with block devices
    - vduse: Temporarily fail if control queue feature requested
    - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
    - mtd: partitions: redboot: Added conversion of operands to a larger type
    - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok()
    - bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
    - RDMA/restrack: Fix potential invalid address access
    - net/iucv: Avoid explicit cpumask var allocation on stack
    - net/dpaa2: Avoid explicit cpumask var allocation on stack
    - crypto: ecdh - explicitly zeroize private_key
    - ALSA: emux: improve patch ioctl data validation
    - media: dvbdev: Initialize sbuf
    - irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for
      IRQ_LOONGARCH_CPU
    - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
    - gfs2: Fix NULL pointer dereference in gfs2_log_flush
    - drm/radeon/radeon_display: Decrease the size of allocated memory
    - nvme: fixup comment for nvme RDMA Provider Type
    - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
    - gpio: davinci: Validate the obtained number of IRQs
    - RISC-V: fix vector insn load/store width mask
    - drm/amdgpu: Fix pci state save during mode-1 reset
    - riscv: stacktrace: convert arch_stack_walk() to noinstr
    - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
    - randomize_kstack: Remove non-functional per-arch entropy filtering
    - x86: stop playing stack games in profile_pc()
    - parisc: use generic sys_fanotify_mark implementation
    - Revert "MIPS: pci: lantiq: restore reset gpio polarity"
    - pinctrl: qcom: spmi-gpio: drop broken pm8008 support
    - ocfs2: fix DIO failure due to insufficient transaction credits
    - nfs: drop the incorrect assertion in nfs_swap_rw()
    - mm: fix incorrect vbq reference in purge_fragmented_block
    - mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos
    - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard
    - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
    - mmc: sdhci: Do not invert write-protect twice
    - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
    - iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask
    - counter: ti-eqep: enable clock at probe
    - kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates
    - kbuild: Fix build target deb-pkg: ln: failed to create hard link
    - i2c: testunit: don't erase registers after STOP
    - i2c: testunit: discard write requests while old command is running
    - ata: libata-core: Fix null pointer dereference on error
    - ata,scsi: libata-core: Do not leak memory for ata_port struct members
    - iio: adc: ad7266: Fix variable checking bug
    - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
    - iio: chemical: bme680: Fix pressure value output
    - iio: chemical: bme680: Fix calibration data variable
    - iio: chemical: bme680: Fix overflows in compensate() functions
    - iio: chemical: bme680: Fix sensor data read operation
    - net: usb: ax88179_178a: improve link status logs
    - usb: gadget: printer: SS+ support
    - usb: gadget: printer: fix races against disable
    - usb: musb: da8xx: fix a resource leak in probe()
    - usb: atm: cxacru: fix endpoint checking in cxacru_bind()
    - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to
      avoid deadlock
    - usb: gadget: aspeed_udc: fix device address configuration
    - usb: typec: ucsi: glink: fix child node release in probe function
    - usb: ucsi: stm32: fix command completion handling
    - usb: dwc3: core: Add DWC31 version 2.00a controller
    - usb: dwc3: core: Workaround for CSR read timeout
    - Revert "serial: core: only stop transmit when HW fifo is empty"
    - serial: 8250_omap: Implementation of Errata i2310
    - serial: imx: set receiver level before starting uart
    - serial: core: introduce uart_port_tx_limited_flags()
    - serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited()
    - tty: mcf: MCF54418 has 10 UARTS
    - net: can: j1939: Initialize unused data in j1939_send_one()
    - net: can: j1939: recover socket queue on CAN bus error during BAM
      transmission
    - net: can: j1939: enhanced error handling for tightly received RTS messages
      in xtp_rx_rts_session_new
    - PCI/MSI: Fix UAF in msi_capability_init
    - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing
    - irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node()
    - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked()
    - irqchip/loongson-liointc: Set different ISRs for different cores
    - kbuild: Install dtb files as 0644 in Makefile.dtbinst
    - sh: rework sync_file_range ABI
    - btrfs: zoned: fix initial free space detection
    - csky, hexagon: fix broken sys_sync_file_range
    - hexagon: fix fadvise64_64 calling conventions
    - drm/drm_file: Fix pid refcounting race
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
    - drm/fbdev-dma: Only set smem_start is enable per module option
    - drm/amdgpu: avoid using null object of framebuffer
    - drm/i915/gt: Fix potential UAF by revoke of fence registers
    - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
    - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is
      present
    - drm/amdgpu/atomfirmware: fix parsing of vram_info
    - batman-adv: Don't accept TT entries for out-of-spec VIDs
    - can: mcp251xfd: fix infinite loop when xmit fails
    - ata: ahci: Clean up sysfs file on error
    - ata: libata-core: Fix double free on error
    - ftruncate: pass a signed offset
    - syscalls: fix compat_sys_io_pgetevents_time64 usage
    - syscalls: fix sys_fanotify_mark prototype
    - Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units"
    - mm/page_alloc: Separate THP PCP into movable and non-movable categories
    - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s
    - arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s
    - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on
      rk3399-gru
    - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
    - arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A
    - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
    - arm64: dts: rockchip: Add sound-dai-cells for RK3368
    - cxl/region: Move cxl_dpa_to_region() work to the region driver
    - cxl/region: Avoid null pointer dereference in region lookup
    - cxl/region: check interleave capability
    - serial: imx: only set receiver level if it is zero
    - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
    - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
    - pwm: stm32: Improve precision of calculation in .apply()
    - pwm: stm32: Fix for settings using period > UINT32_MAX
    - pwm: stm32: Calculate prescaler with a division instead of a loop
    - pwm: stm32: Refuse too small period requests
    - ASoC: cs42l43: Increase default type detect time and button delay
    - ASoC: amd: acp: move chip->flag variable assignment
    - bonding: fix incorrect software timestamping report
    - mlxsw: pci: Fix driver initialization with Spectrum-4
    - vxlan: Pull inner IP header in vxlan_xmit_one().
    - ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link
    - af_unix: Stop recv(MSG_PEEK) at consumed OOB skb.
    - af_unix: Don't stop recv(MSG_DONTWAIT) if consumed OOB skb is at the head.
    - af_unix: Don't stop recv() at consumed ex-OOB skb.
    - af_unix: Fix wrong ioctl(SIOCATMARK) when consumed OOB skb is at the head.
    - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
    - bpf: Take return from set_memory_rox() into account with
      bpf_jit_binary_lock_ro()
    - drm/xe: Fix potential integer overflow in page size calculation
    - drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
    - drm/amd/display: correct hostvm flag
    - drm/amd/display: Skip pipe if the pipe idx not set properly
    - bpf: Add a check for struct bpf_fib_lookup size
    - drm/xe/xe_devcoredump: Check NULL before assignments
    - iommu/arm-smmu-v3: Do not allow a SVA domain to be set on the wrong PASID
    - evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509
    - drm/xe: Check pat.ops before dumping PAT settings
    - nvmet: do not return 'reserved' for empty TSAS values
    - nvmet: make 'tsas' attribute idempotent for RDMA
    - iommu/amd: Fix GT feature enablement again
    - gpiolib: cdev: Ignore reconfiguration without direction
    - kasan: fix bad call to unpoison_slab_object
    - mm/memory: don't require head page for do_set_pmd()
    - SUNRPC: Fix backchannel reply, again
    - Revert "usb: gadget: u_ether: Re-attach netif device to mirror detachment"
    - Revert "usb: gadget: u_ether: Replace netif_stop_queue with
      netif_device_detach"
    - tty: serial: 8250: Fix port count mismatch with the device
    - tty: mxser: Remove __counted_by from mxser_board.ports[]
    - nvmet-fc: Remove __counted_by from nvmet_fc_tgt_queue.fod[]
    - ata: libata-core: Add ATA_HORKAGE_NOLPM for all Crucial BX SSD1 models
    - bcachefs: Fix sb_field_downgrade validation
    - bcachefs: Fix sb-downgrade validation
    - bcachefs: Fix bch2_sb_downgrade_update()
    - bcachefs: Fix setting of downgrade recovery passes/errors
    - bcachefs: btree_gc can now handle unknown btrees
    - pwm: stm32: Fix calculation of prescaler
    - pwm: stm32: Fix error message to not describe the previous error path
    - cxl/region: Convert cxl_pmem_region_alloc to scope-based resource management
    - cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
    - arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B
    - netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid
    - netfs: Fix netfs_page_mkwrite() to flush conflicting data, not wait
    - Upstream stable to v6.6.37, v6.9.8

* [UBUNTU 22.04] s390/cpum_cf: make crypto counters upward compatible
    (LP: #2074380)
    - s390/cpum_cf: make crypto counters upward compatible across machine types

* CVE-2024-45016
    - netem: fix return value if duplicate enqueue fails

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 27 Sep 2024 14:22:35 +0200

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Frank Heimes (fheimes) on 2024-10-30

Changed in ubuntu-power-systems:
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-11-25:

#16

This bug is awaiting verification that the linux-gkeop/6.8.0-1002.4 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-gkeop' to 'verification-done-noble-linux-gkeop'. If the problem still exists, change the tag 'verification-needed-noble-linux-gkeop' to 'verification-failed-noble-linux-gkeop'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-gkeop-v2 verification-needed-noble-linux-gkeop

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-11-29:

#17

This bug is awaiting verification that the linux-gcp-tcpx/6.8.0-1002.3 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gcp-tcpx' to 'verification-done-jammy-linux-gcp-tcpx'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gcp-tcpx' to 'verification-failed-jammy-linux-gcp-tcpx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-gcp-tcpx-v2 verification-needed-jammy-linux-gcp-tcpx

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-bugzilla.linux.ibm.com #206737 Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

L2 Guest migration: continuously dumping while running NFS guest migration

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package