Noble update: upstream stable patchset 2025-02-07

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2025-02-07

                Ported from the following upstream stable releases:
                        v6.6.58, v6.6.59, v6.11.6

       from git://git.kernel.org/

irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
xfs: fix error returns from xfs_bmapi_write
xfs: fix xfs_bmap_add_extent_delay_real for partial conversions
xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent
xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery
xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2
xfs: fix missing check for invalid attr flags
xfs: check shortform attr entry flags specifically
xfs: validate recovered name buffers when recovering xattr items
xfs: enforce one namespace per attribute
xfs: revert commit 44af6c7e59b12
xfs: use dontcache for grabbing inodes during scrub
xfs: match lock mode in xfs_buffered_write_iomap_begin()
xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional
xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset
xfs: convert delayed extents to unwritten when zeroing post eof blocks
xfs: allow symlinks with short remote targets
xfs: make sure sb_fdblocks is non-negative
xfs: fix unlink vs cluster buffer instantiation race
xfs: fix freeing speculative preallocations for preallocated files
xfs: allow unlinked symlinks and dirs with zero size
xfs: restrict when we try to align cow fork delalloc to cowextsz hints
selftests: mptcp: join: change capture/checksum as bool
selftests: mptcp: join: test for prohibited MPC to port-based endp
selftests: mptcp: remove duplicated variables
iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
bpf: devmap: provide rxq after redirect
cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems
lib/Kconfig.debug: fix grammar in RUST_BUILD_ASSERT_ALLOW
bpf: Fix memory leak in bpf_core_apply
RDMA/bnxt_re: Fix a possible memory leak
RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
RDMA/bnxt_re: Add a check for memory allocation
x86/resctrl: Avoid overflow in MB settings in bw_validate()
ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
bpf: Add cookie to perf_event bpf_link_info records
bpf: fix unpopulated name_len field in perf_event link info
selftests/bpf: Add cookies check for perf_event fill_link_info test
selftests/bpf: fix perf_event link info name_len assertion
s390/pci: Handle PCI error codes other than 0x3a
bpf: fix kfunc btf caching for modules
iio: frequency: {admv4420,adrf6780}: format Kconfig entries
iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig
drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
selftests/bpf: Fix cross-compiling urandom_read
task_work: Add TWA_NMI_CURRENT as an additional notify mode.
sched/core: Disable page allocation in task_tick_mm_cid()
ALSA: hda/cs8409: Fix possible NULL dereference
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
RDMA/irdma: Fix misspelling of "accept*"
RDMA/srpt: Make slab cache names unique
ipv4: give an IPv4 dev to blackhole_netdev
RDMA/bnxt_re: Fix the max CQ WQEs for older adapters
RDMA/bnxt_re: Fix out of bound check
RDMA/bnxt_re: Return more meaningful error
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
RDMA/bnxt_re: Fix the GID table length
accel/qaic: Fix the for loop used to walk SG table
drm/msm/dpu: make sure phys resources are properly initialized
drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds()
drm/msm/dsi: improve/fix dsc pclk calculation
drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
drm/msm: Allocate memory for disp snapshot with kvzalloc()
firmware: arm_scmi: Queue in scmi layer for mailbox implementation
net/smc: Fix memory leak when using percpu refs
net: usb: usbnet: fix race in probe failure
net: stmmac: dwmac-tegra: Fix link bring-up sequence
octeontx2-af: Fix potential integer overflows on integer shifts
drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
macsec: don't increment counters for an unrelated SA
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
bpf: Fix truncation bug in coerce_reg_to_size_sx()
irqchip/renesas-rzg2l: Fix missing put_device
drm/msm/dpu: don't always program merge_3d block
net: bcmasp: fix potential memory leak in bcmasp_xmit()
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
net: dsa: mv88e6xxx: Fix the max_vid definition for the MV88E6361
genetlink: hold RCU in genlmsg_mcast()
ravb: Remove setting of RX software timestamp
net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
scsi: target: core: Fix null-ptr-deref in target_alloc_device()
smb: client: fix possible double free in smb2_set_ea()
smb: client: fix OOBs when building SMB2_IOCTL request
usb: typec: altmode should keep reference to parent
s390: Initialize psw mask in perf_arch_fetch_caller_regs()
bpf: Fix link info netfilter flags to populate defrag flag
Bluetooth: bnep: fix wild-memory-access in proto_unregister
vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame
net/mlx5: Check for invalid vector index on EQ creation
net/mlx5: Fix command bitmask initialization
net/mlx5: Unregister notifier on eswitch init failure
bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock
vsock: Update rx_bytes on read_skb()
vsock: Update msg_count on read_skb()
bpf, vsock: Drop static vsock_bpf_prot initialization
riscv, bpf: Make BPF_CMPXCHG fully ordered
nvme-pci: fix race condition between reset and nvme_dev_disable()
bpf: Fix iter/task tid filtering
cdrom: Avoid barrier_nospec() in cdrom_ioctl_media_changed()
khugepaged: inline hpage_collapse_alloc_folio()
khugepaged: convert alloc_charge_hpage to alloc_charge_folio
khugepaged: remove hpage from collapse_file()
mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point
iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
xhci: dbgtty: remove kfifo_out() wrapper
xhci: dbgtty: use kfifo from tty_port struct
xhci: dbc: honor usb transfer size boundaries.
usb: gadget: f_uac2: fix non-newline-terminated function name
usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
XHCI: Separate PORT and CAPs macros into dedicated file
usb: dwc3: core: Fix system suspend on TI AM62 platforms
tracing/fprobe-event: cleanup: Fix a wrong comment in fprobe event
tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init
tracing/probes: Support $argN in return probe (kprobe and fprobe)
uprobes: encapsulate preparation of uprobe args buffer
uprobes: prepare uprobe args buffer lazily
uprobes: prevent mutex_lock() under rcu_read_lock()
uprobe: avoid out-of-bounds memory access of fetching args
exec: don't WARN for racy path_noexec check
ASoC: amd: yc: Add quirk for HP Dragonfly pro one
ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values
ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
arm64: Force position-independent veneers
udf: refactor udf_current_aext() to handle error
udf: refactor udf_next_aext() to handle error
udf: refactor inode_bmap() to handle error
udf: fix uninit-value use in udf_get_fileshortad
ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
cifs: Validate content of NFS reparse point buffer
platform/x86: dell-sysman: add support for alienware products
LoongArch: Don't crash in stack_top() for tasks without vDSO
jfs: Fix sanity check in dbMount
tracing/probes: Fix MAX_TRACE_ARGS limit handling
tracing: Consider the NULL character when validating the event length
xfrm: extract dst lookup parameters into a struct
xfrm: respect ip protocols rules criteria when performing dst lookups
netfilter: bpf: must hold reference on net namespace
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
be2net: fix potential memory leak in be_xmit()
net: plip: fix break; causing plip to never transmit
octeon_ep: Implement helper for iterating packets in Rx queue
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
fsl/fman: Save device references taken in mac_probe()
fsl/fman: Fix refcount handling of fman-related devices
netfilter: xtables: fix typo causing some targets not to load on IPv6
net: wwan: fix global oob in wwan_rtnl_policy
net/sched: adjust device watchdog timer to detect stopped queue at right time
net: fix races in netdev_tx_sent_queue()/dev_watchdog()
net: usb: usbnet: fix name regression
bpf: Add MEM_WRITE attribute
bpf: Fix overloading of MEM_UNINIT's meaning
bpf: Remove MEM_UNINIT from skb/xdp MTU helpers
net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers
net: sched: fix use-after-free in taprio_change()
net: sched: use RCU read-side critical section in taprio_dump()
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
Bluetooth: SCO: Fix UAF on sco_sock_timeout
Bluetooth: ISO: Fix UAF on iso_sock_timeout
bpf,perf: Fix perf_event_detach_bpf_prog error handling
net: dsa: mv88e6xxx: group cycle counter coefficients
net: dsa: mv88e6xxx: read cycle counter period from hardware
net: dsa: mv88e6xxx: support 4000ps cycle counter period
ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
ASoC: loongson: Fix component check failed on FDT systems
ASoC: max98388: Fix missing increment of variable slot_found
ASoC: rsnd: Fix probe failure on HiHope boards due to endpoint parsing
ASoC: fsl_micfil: Add a flag to distinguish with different volume control types
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
ALSA: hda/realtek: Update default depop procedure
smb: client: Handle kstrdup failures for passwords
cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
btrfs: zoned: fix zone unusable accounting for freed reserved extent
drm/amd: Guard against bad data for ATIF ACPI method
ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
KVM: arm64: Fix shift-out-of-bounds bug
KVM: arm64: Don't eagerly teardown the vgic on init error
x86/lam: Disable ADDRESS_MASKING in most cases
UBUNTU: [Config] disable ADDRESS_MASKING
ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
LoongArch: Get correct cores_per_package for SMT systems
LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context
LoongArch: Make KASAN usable for variable cpu_vabits
xfrm: fix one more kernel-infoleak in algo dumping
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
selinux: improve error checking in sel_write_load()
net: phy: dp83822: Fix reset pin definitions
ata: libata: Set DID_TIME_OUT for commands that actually timed out
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
platform/x86: dell-wmi: Ignore suspend notifications
ACPI: PRM: Clean up guid type in struct prm_handler_info
tracing: probes: Fix to zero initialize a local variable
task_work: make TWA_NMI_CURRENT handling conditional on IRQ_WORK
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
bpf: Use raw_spinlock_t in ringbuf
reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
bpf: Fix unpopulated path_size when uprobe_multi fields unset
RDMA/bnxt_re: Fix incorrect dereference of srq in async event
RDMA/bnxt_re: Get the toggle bits from SRQ events
RDMA/bnxt_re: Change the sequence of updating the CQ toggle value
drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check
ring-buffer: Fix reader locking when changing the sub buffer order
drm/msm/dpu: Don't always set merge_3d pending flush
drm/msm/a6xx+: Insert a fence wait before SMMU table update
drm/xe: Take job list lock in xe_sched_add_pending_job
drm/xe: Use bookkeep slots for external BO's in exec IOCTL
net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
net/mlx5e: Don't call cleanup on profile rollback failure
bpf: Fix print_reg_state's constant scalar dump
fsnotify: optimize the case of no parent watcher
fsnotify: Avoid data race between fsnotify_recalc_mask() and fsnotify_object_watched()
drm/xe/mcr: Use Xe2_LPM steering tables for Xe2_HPM
objpool: fix choosing allocation for percpu slots
bnxt_en: replace ptp_lock with irqsave variant
bpf, arm64: Fix address emission with tag-based KASAN enabled
net: dsa: microchip: disable EEE for KSZ879x/KSZ877x/KSZ876x
ASoC: topology: Bump minimal topology ABI version
fbdev: wm8505fb: select CONFIG_FB_IOMEM_FOPS
btrfs: qgroup: set a more sane default value for subtree drop threshold
btrfs: clear force-compress on remount when compress mount option is given
x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h-70h
x86/amd_nb: Add new PCI ID for AMD family 1Ah model 20h
btrfs: reject ro->rw reconfiguration if there are hard ro requirements
xfs: don't fail repairs on metadata files with no attr fork
drm/bridge: Fix assignment of the of_node of the parent to aux bridge
platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses
fgraph: Fix missing unlock in register_ftrace_graph()
fgraph: Change the name of cpuhp state to "fgraph:online"
ASoC: SOF: Intel: hda: Always clean up link DMA during stop
ASoC: dapm: avoid container_of() to get component
ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
ASoC: qcom: sdm845: add missing soundwire runtime stream alloc
soundwire: intel_ace2x: Send PDI stream number during prepare
x86: support user address masking instead of non-speculative conditional
ASoC: qcom: Select missing common Soundwire module code on SDM845
UBUNTU: SAUCE: Revert "iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig"
UBUNTU: Upstream stable to v6.6.58, v6.6.59, v6.11.6