Ubuntu
linux package

Focal update: v5.4.197 upstream stable release

Focal (20.04)
Bug #1981758

Bug #1981758 reported by Kamal Mostafa on 2022-07-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.197 upstream stable release
from git://git.kernel.org/

x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
Input: goodix - fix spurious key release events
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
ACPI: sysfs: Make sparse happy about address space in use
ACPI: sysfs: Fix BERT error region memory mapping
pinctrl: sunxi: fix f1c100s uart2 function
net: af_key: check encryption module availability consistency
net: ftgmac100: Disable hardware checksum on AST2600
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
assoc_array: Fix BUG_ON during garbage collect
cfg80211: set custom regdomain after wiphy registration
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
exec: Force single empty string when argv is empty
netfilter: conntrack: re-fetch conntrack after insertion
crypto: ecrdsa - Fix incorrect use of vli_cmp
zsmalloc: fix races between asynchronous zspage free and page migration
dm integrity: fix error code in dm_integrity_ctr()
dm crypt: make printing of the key constant-time
dm stats: add cond_resched when looping over entries
dm verity: set DM_TARGET_IMMUTABLE feature flag
raid5: introduce MD_BROKEN
HID: multitouch: Add support for Google Whiskers Touchpad
tpm: Fix buffer access in tpm2_get_tpm_pt()
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
NFS: Memory allocation failures are not server fatal errors
NFSD: Fix possible sleep during nfsd4_release_lockowner()
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
Linux 5.4.197
UBUNTU: Upstream stable to v5.4.197

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2022-07-14

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → In Progress
status:	In Progress → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → High
importance:	High → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2022-08-23

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-09-20:

Download full text (51.9 KiB)

This bug was fixed in the package linux - 5.4.0-126.142

---------------
linux (5.4.0-126.142) focal; urgency=medium

* focal/linux: 5.4.0-126.142 -proposed tracker (LP: #1987819)

  * [SRU] fnic driver on needs to be updated to 1.6.0.53 on Focal (LP: #1984011)
    - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG()
    - scsi: fnic: Avoid looping in TRANS ETH on unload
    - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG()
    - scsi: fnic: Set scsi_set_resid() only for underflow
    - scsi: fnic: Validate io_req before others

  * Focal update: v5.4.203 upstream stable release (LP: #1986999)
    - drm: remove drm_fb_helper_modinit
    - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
    - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
    - net: mscc: ocelot: allow unregistered IP multicast flooding
    - ARM: 8989/1: use .fpu assembler directives instead of assembler arguments
    - ARM: 8990/1: use VFP assembler mnemonics in register load/store macros
    - ARM: 8971/1: replace the sole use of a symbol with its definition
    - crypto: arm/sha256-neon - avoid ADRL pseudo instruction
    - crypto: arm/sha512-neon - avoid ADRL pseudo instruction
    - ARM: 8933/1: replace Sun/Solaris style flag on section directive
    - ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand
    - ARM: OMAP2+: drop unnecessary adrl
    - ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler
    - crypto: arm - use Kconfig based compiler checks for crypto opcodes
    - crypto: arm/ghash-ce - define fpu before fpu registers are referenced
    - Linux 5.4.203

This bug was fixed in the package linux - 5.4.0-126.142

---------------
linux (5.4.0-126.142) focal; urgency=medium

* focal/linux: 5.4.0-126.142 -proposed tracker (LP: #1987819)

* Focal update: v5.4.202 upstream stable release (LP: #1986995)
    - random: schedule mix_interrupt_randomness() less often
    - ALSA: hda/via: Fix missing beep setup
    - ALSA: hda/conexant: Fix missing beep setup
    - ALSA: hda/realtek - ALC897 headset MIC no sound
    - ALSA: hda/realtek: Add quirk for Clevo PD70PNT
    - net: openvswitch: fix parsing of nw_proto for IPv6 fragments
    - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing
    - ata: libata: add qc->flags in ata_qc_complete_template tracepoint
    - dm era: commit metadata in postsuspend after worker stops
    - dm mirror log: clear log bits up to BITS_PER_LONG boundary
    - random: quiet urandom warning ratelimit suppression message
    - USB: serial: option: add Telit LE910Cx 0x1250 composition
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: option: add Quectel RM500K module support
    - bpf: Fix request_sock leak in sk lookup helpers
    - phy: aquantia: Fix AN when higher speeds than 1G are not advertised
    - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
    - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
    - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
    - erspan: do not assume transport header is always set
    - net/tls: fix tls_sk_proto_close executed repeatedly
    - udmabuf: add back sanity check
    - x86/xen: Remove undefined behavior in setup_features()
    - MIPS: Remove repetitive increase irq_err_count
    - afs: Fix dynamic root getattr
    - ice: ethtool: advertise 1000M speeds properly
    - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
    - igb: Make DMA faster when CPU is active on the PCIe link
    - virtio_net: fix xdp_rxq_info bug after suspend/resume
    - Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
    - gpio: winbond: Fix error code in winbond_gpio_get()
    - s390/cpumf: Handle events cycles and instructions identical
    - iio: adc: vf610: fix conversion mode sysfs node name
    - xhci: turn off port power in shutdown
    - usb: chipidea: udc: check request status before setting device address
    - iio:chemical:ccs811: rearrange iio trigger get and register
    - iio:accel:bma180: rearrange iio trigger get and register
    - iio:accel:mxc4005: rearrange iio trigger get and register
    - iio: accel: mma8452: ignore the return value of reset operation
    - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
    - iio: trigger: sysfs: fix use-after-free on remove
    - iio: adc: stm32: fix maximum clock rate for stm32mp15x
    - iio: adc: axp288: Override TS pin bias current for some models
    - xtensa: xtfpga: Fix refcount leak bug in setup
    - xtensa: Fix refcount leak bug in time.c
    - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX
    - powerpc: Enable execve syscall exit tracepoint
    - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
    - powerpc/powernv: wire up rng during setup_arch
    - ARM: dts: imx6qdl: correct PU regulator ramp delay
    - ARM: exynos: Fix refcount leak in exynos_map_pmu
    - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
    - ARM: Fix refcount leak in axxia_boot_secondary
    - ARM: cns3xxx: Fix refcount leak in cns3xxx_init
    - modpost: fix section mismatch check for exported init/exit sections
    - random: update comment from copy_to_user() -> copy_to_iter()
    - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
    - powerpc/pseries: wire up rng during setup_arch()
    - Linux 5.4.202

* Focal update: v5.4.201 upstream stable release (LP: #1986993)
    - dm: remove special-casing of bio-based immutable singleton target on NVMe
    - usb: gadget: u_ether: fix regression in setting fixed MAC address
    - tcp: add some entropy in __inet_hash_connect()
    - tcp: use different parts of the port_offset for index and offset
    - tcp: add small random increments to the source port
    - tcp: dynamically allocate the perturb table used by source ports
    - tcp: increase source port perturb table to 2^16
    - tcp: drop the hash_32() part from the index calculation
    - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
    - Linux 5.4.201

* Focal update: v5.4.200 upstream stable release (LP: #1983152)
    - Revert "UBUNTU: SAUCE: random: Make getrandom() ready earlier"
    - 9p: missing chunk of "fs/9p: Don't update file type when updating file
      attributes"
    - bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
    - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
    - crypto: blake2s - generic C library implementation and selftest
    - lib/crypto: blake2s: move hmac construction into wireguard
    - lib/crypto: sha1: re-roll loops to reduce code size
    - compat_ioctl: remove /dev/random commands
    - random: don't forget compat_ioctl on urandom
    - random: Don't wake crng_init_wait when crng_init == 1
    - random: Add a urandom_read_nowait() for random APIs that don't warn
    - random: add GRND_INSECURE to return best-effort non-cryptographic bytes
    - random: ignore GRND_RANDOM in getentropy(2)
    - random: make /dev/random be almost like /dev/urandom
    - random: remove the blocking pool
    - random: delete code to pull data into pools
    - random: remove kernel.random.read_wakeup_threshold
    - random: remove unnecessary unlikely()
    - random: convert to ENTROPY_BITS for better code readability
    - random: Add and use pr_fmt()
    - random: fix typo in add_timer_randomness()
    - random: remove some dead code of poolinfo
    - random: split primary/secondary crng init paths
    - random: avoid warnings for !CONFIG_NUMA builds
    - x86: Remove arch_has_random, arch_has_random_seed
    - powerpc: Remove arch_has_random, arch_has_random_seed
    - s390: Remove arch_has_random, arch_has_random_seed
    - linux/random.h: Remove arch_has_random, arch_has_random_seed
    - linux/random.h: Use false with bool
    - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
    - powerpc: Use bool in archrandom.h
    - random: add arch_get_random_*long_early()
    - random: avoid arch_get_random_seed_long() when collecting IRQ randomness
    - random: remove dead code left over from blocking pool
    - MAINTAINERS: co-maintain random.c
    - crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
    - crypto: blake2s - adjust include guard naming
    - random: document add_hwgenerator_randomness() with other input functions
    - random: remove unused irq_flags argument from add_interrupt_randomness()
    - random: use BLAKE2s instead of SHA1 in extraction
    - random: do not sign extend bytes for rotation when mixing
    - random: do not re-init if crng_reseed completes before primary init
    - random: mix bootloader randomness into pool
    - random: harmonize "crng init done" messages
    - random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
    - random: initialize ChaCha20 constants with correct endianness
    - random: early initialization of ChaCha constants
    - random: avoid superfluous call to RDRAND in CRNG extraction
    - random: don't reset crng_init_cnt on urandom_read()
    - random: fix typo in comments
    - random: cleanup poolinfo abstraction
    - random: cleanup integer types
    - random: remove incomplete last_data logic
    - random: remove unused extract_entropy() reserved argument
    - random: rather than entropy_store abstraction, use global
    - random: remove unused OUTPUT_POOL constants
    - random: de-duplicate INPUT_POOL constants
    - random: prepend remaining pool constants with POOL_
    - random: cleanup fractional entropy shift constants
    - random: access input_pool_data directly rather than through pointer
    - random: selectively clang-format where it makes sense
    - random: simplify arithmetic function flow in account()
    - random: continually use hwgenerator randomness
    - random: access primary_pool directly rather than through pointer
    - random: only call crng_finalize_init() for primary_crng
    - random: use computational hash for entropy extraction
    - random: simplify entropy debiting
    - random: use linear min-entropy accumulation crediting
    - random: always wake up entropy writers after extraction
    - random: make credit_entropy_bits() always safe
    - random: remove use_input_pool parameter from crng_reseed()
    - random: remove batched entropy locking
    - random: fix locking in crng_fast_load()
    - random: use RDSEED instead of RDRAND in entropy extraction
    - random: get rid of secondary crngs
    - random: inline leaves of rand_initialize()
    - random: ensure early RDSEED goes through mixer on init
    - random: do not xor RDRAND when writing into /dev/random
    - random: absorb fast pool into input pool after fast load
    - random: use simpler fast key erasure flow on per-cpu keys
    - random: use hash function for crng_slow_load()
    - random: make more consistent use of integer types
    - random: remove outdated INT_MAX >> 6 check in urandom_read()
    - random: zero buffer after reading entropy from userspace
    - random: fix locking for crng_init in crng_reseed()
    - random: tie batched entropy generation to base_crng generation
    - random: remove ifdef'd out interrupt bench
    - random: remove unused tracepoints
    - random: add proper SPDX header
    - random: deobfuscate irq u32/u64 contributions
    - random: introduce drain_entropy() helper to declutter crng_reseed()
    - random: remove useless header comment
    - random: remove whitespace and reorder includes
    - random: group initialization wait functions
    - random: group crng functions
    - random: group entropy extraction functions
    - random: group entropy collection functions
    - random: group userspace read/write functions
    - random: group sysctl functions
    - random: rewrite header introductory comment
    - random: defer fast pool mixing to worker
    - random: do not take pool spinlock at boot
    - random: unify early init crng load accounting
    - random: check for crng_init == 0 in add_device_randomness()
    - random: pull add_hwgenerator_randomness() declaration into random.h
    - random: clear fast pool, crng, and batches in cpuhp bring up
    - random: round-robin registers as ulong, not u32
    - random: only wake up writers after zap if threshold was passed
    - random: cleanup UUID handling
    - random: unify cycles_t and jiffies usage and types
    - random: do crng pre-init loading in worker rather than irq
    - random: give sysctl_random_min_urandom_seed a more sensible value
    - random: don't let 644 read-only sysctls be written to
    - random: replace custom notifier chain with standard one
    - random: use SipHash as interrupt entropy accumulator
    - random: make consistent usage of crng_ready()
    - random: reseed more often immediately after booting
    - random: check for signal and try earlier when generating entropy
    - random: skip fast_init if hwrng provides large chunk of entropy
    - random: treat bootloader trust toggle the same way as cpu trust toggle
    - random: re-add removed comment about get_random_{u32,u64} reseeding
    - random: mix build-time latent entropy into pool at init
    - random: do not split fast init input in add_hwgenerator_randomness()
    - random: do not allow user to keep crng key around on stack
    - random: check for signal_pending() outside of need_resched() check
    - random: check for signals every PAGE_SIZE chunk of /dev/[u]random
    - random: allow partial reads if later user copies fail
    - random: make random_get_entropy() return an unsigned long
    - random: document crng_fast_key_erasure() destination possibility
    - random: fix sysctl documentation nits
    - init: call time_init() before rand_initialize()
    - ia64: define get_cycles macro for arch-override
    - s390: define get_cycles macro for arch-override
    - parisc: define get_cycles macro for arch-override
    - alpha: define get_cycles macro for arch-override
    - powerpc: define get_cycles macro for arch-override
    - timekeeping: Add raw clock fallback for random_get_entropy()
    - m68k: use fallback for random_get_entropy() instead of zero
    - mips: use fallback for random_get_entropy() instead of just c0 random
    - arm: use fallback for random_get_entropy() instead of zero
    - nios2: use fallback for random_get_entropy() instead of zero
    - x86/tsc: Use fallback for random_get_entropy() instead of zero
    - um: use fallback for random_get_entropy() instead of zero
    - sparc: use fallback for random_get_entropy() instead of zero
    - xtensa: use fallback for random_get_entropy() instead of zero
    - random: insist on random_get_entropy() existing in order to simplify
    - random: do not use batches when !crng_ready()
    - random: use first 128 bits of input as fast init
    - random: do not pretend to handle premature next security model
    - random: order timer entropy functions below interrupt functions
    - random: do not use input pool from hard IRQs
    - random: help compiler out with fast_mix() by using simpler arguments
    - siphash: use one source of truth for siphash permutations
    - random: use symbolic constants for crng_init states
    - random: avoid initializing twice in credit race
    - random: move initialization out of reseeding hot path
    - random: remove ratelimiting for in-kernel unseeded randomness
    - random: use proper jiffies comparison macro
    - random: handle latent entropy and command line from random_init()
    - random: credit architectural init the exact amount
    - random: use static branch for crng_ready()
    - random: remove extern from functions in header
    - random: use proper return types on get_random_{int,long}_wait()
    - random: make consistent use of buf and len
    - random: move initialization functions out of hot pages
    - random: move randomize_page() into mm where it belongs
    - random: unify batched entropy implementations
    - random: convert to using fops->read_iter()
    - random: convert to using fops->write_iter()
    - random: wire up fops->splice_{read,write}_iter()
    - random: check for signals after page of pool writes
    - Revert "random: use static branch for crng_ready()"
    - crypto: drbg - always seeded with SP800-90B compliant noise source
    - crypto: drbg - prepare for more fine-grained tracking of seeding state
    - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
    - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
    - crypto: drbg - always try to free Jitter RNG instance
    - crypto: drbg - make reseeding from get_random_bytes() synchronous
    - random: avoid checking crng_ready() twice in random_init()
    - random: mark bootloader randomness code as __init
    - random: account for arch randomness in bits
    - powerpc/kasan: Silence KASAN warnings in __get_wchan()
    - ASoC: nau8822: Add operation for internal PLL off and on
    - dma-debug: make things less spammy under memory pressure
    - ASoC: cs42l52: Fix TLV scales for mixer controls
    - ASoC: cs35l36: Update digital volume TLV
    - ASoC: cs53l30: Correct number of volume levels on SX controls
    - ASoC: cs42l52: Correct TLV for Bypass Volume
    - ASoC: cs42l56: Correct typo in minimum level for SX volume controls
    - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
    - ASoC: wm8962: Fix suspend while playing music
    - ASoC: es8328: Fix event generation for deemphasis control
    - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
    - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
    - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
    - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd
      completion
    - scsi: ipr: Fix missing/incorrect resource cleanup in error case
    - scsi: pmcraid: Fix missing resource cleanup in error case
    - ALSA: hda/realtek - Add HW8326 support
    - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration
      failed
    - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
    - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
    - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface
      netdev[napi]_alloc_frag
    - random: credit cpu and bootloader seeds by default
    - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
    - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
    - i40e: Fix adding ADQ filter to TC0
    - i40e: Fix calculating the number of queue pairs
    - i40e: Fix call trace in setup_tx_descriptors
    - tty: goldfish: Fix free_irq() on remove
    - misc: atmel-ssc: Fix IRQ check in ssc_probe
    - mlxsw: spectrum_cnt: Reorder counter pools
    - net: bgmac: Fix an erroneous kfree() in bgmac_remove()
    - arm64: ftrace: fix branch range checks
    - certs/blacklist_hashes.c: fix const confusion in certs blacklist
    - faddr2line: Fix overlapping text section failures, the sequel
    - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
    - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
    - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
    - i2c: designware: Use standard optional ref clock implementation
    - comedi: vmk80xx: fix expression for tx buffer size
    - USB: serial: option: add support for Cinterion MV31 with new baseline
    - USB: serial: io_ti: add Agilent E5805A support
    - usb: dwc2: Fix memory leak in dwc2_hcd_init
    - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
    - serial: 8250: Store to lsr_save_flags after lsr read
    - dm mirror log: round up region bitmap size to BITS_PER_LONG
    - ext4: fix bug_on ext4_mb_use_inode_pa
    - ext4: make variable "count" signed
    - ext4: add reserved GDT blocks check
    - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
    - virtio-pci: Remove wrong address verification in vp_del_vqs()
    - net/sched: act_police: more accurate MTU policing
    - net: openvswitch: fix leak of nested actions
    - arm64: kprobes: Use BRK instead of single-step when executing instructions
      out-of-line
    - RISC-V: fix barrier() use in <vdso/processor.h>
    - riscv: Less inefficient gcc tishift helpers (and export their symbols)
    - powerpc/mm: Switch obsolete dssall to .long
    - Linux 5.4.200

* Focal update: v5.4.199 upstream stable release (LP: #1983150)
    - Linux 5.4.199

* Focal update: v5.4.198 upstream stable release (LP: #1982409)
    - binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
    - USB: serial: option: add Quectel BG95 modem
    - USB: new quirk for Dell Gen 2 devices
    - perf/x86/intel: Fix event constraints for ICL
    - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
    - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
    - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
    - btrfs: add "0x" prefix for unsupported optional features
    - btrfs: repair super block num_devices automatically
    - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
    - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
    - b43legacy: Fix assigning negative value to unsigned variable
    - b43: Fix assigning negative value to unsigned variable
    - ipw2x00: Fix potential NULL dereference in libipw_xmit()
    - ipv6: fix locking issues with loops over idev->addr_list
    - fbcon: Consistently protect deferred_takeover with console_lock()
    - ACPICA: Avoid cache flush inside virtual machines
    - drm/komeda: return early if drm_universal_plane_init() fails.
    - ALSA: jack: Access input_dev under mutex
    - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA
      direction
    - tools/power turbostat: fix ICX DRAM power numbers
    - drm/amd/pm: fix double free in si_parse_power_table()
    - ath9k: fix QCA9561 PA bias level
    - media: venus: hfi: avoid null dereference in deinit
    - media: pci: cx23885: Fix the error handling in cx23885_initdev()
    - media: cx25821: Fix the warning when removing the module
    - md/bitmap: don't set sb values if can't pass sanity check
    - mmc: jz4740: Apply DMA engine limits to maximum segment size
    - scsi: megaraid: Fix error check return value of register_chrdev()
    - drm/plane: Move range check for format_count earlier
    - drm/amd/pm: fix the compile warning
    - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
    - drm: msm: fix error check return value of irq_of_parse_and_map()
    - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
    - net/mlx5: fs, delete the FTE when there are no rules attached to it
    - ASoC: dapm: Don't fold register value changes into notifications
    - mlxsw: spectrum_dcb: Do not warn about priority changes
    - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
    - HID: bigben: fix slab-out-of-bounds Write in bigben_probe
    - ASoC: tscs454: Add endianness flag in snd_soc_component_driver
    - s390/preempt: disable __preempt_count_add() optimization for
      PROFILE_ALL_BRANCHES
    - spi: stm32-qspi: Fix wait_cmd timeout in APM mode
    - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
    - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
    - ipmi:ssif: Check for NULL msg when handling events and messages
    - ipmi: Fix pr_fmt to avoid compilation issues
    - rtlwifi: Use pr_warn instead of WARN_ONCE
    - media: coda: limit frame interval enumeration to supported encoder frame
      sizes
    - media: cec-adap.c: fix is_configuring state
    - openrisc: start CPU timer early in boot
    - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
    - ASoC: rt5645: Fix errorenous cleanup order
    - nbd: Fix hung on disconnect request if socket is closed before
    - net: phy: micrel: Allow probing without .driver_data
    - media: exynos4-is: Fix compile warning
    - ASoC: max98357a: remove dependency on GPIOLIB
    - rxrpc: Return an error to sendmsg if call failed
    - eth: tg3: silence the GCC 12 array-bounds warning
    - selftests/bpf: fix btf_dump/btf_dump due to recent clang change
    - IB/rdmavt: add missing locks in rvt_ruc_loopback
    - ARM: dts: ox820: align interrupt controller node name with dtschema
    - PM / devfreq: rk3399_dmc: Disable edev on remove()
    - fs: jfs: fix possible NULL pointer dereference in dbFree()
    - ARM: OMAP1: clock: Fix UART rate reporting algorithm
    - powerpc/fadump: Fix fadump to work with a different endian capture kernel
    - fat: add ratelimit to fat*_ent_bread()
    - ARM: versatile: Add missing of_node_put in dcscb_init
    - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
    - ARM: hisi: Add missing of_node_put after of_find_compatible_node
    - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
    - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
    - powerpc/xics: fix refcount leak in icp_opal_init()
    - powerpc/powernv: fix missing of_node_put in uv_init()
    - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
    - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
    - RDMA/hfi1: Prevent panic when SDMA is disabled
    - drm: fix EDID struct for old ARM OABI format
    - ath9k: fix ar9003_get_eepmisc
    - drm/edid: fix invalid EDID extension block filtering
    - drm/bridge: adv7511: clean up CEC adapter when probe fails
    - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
    - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
    - x86/delay: Fix the wrong asm constraint in delay_loop()
    - drm/mediatek: Fix mtk_cec_mask()
    - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
    - drm/vc4: txp: Force alpha to be 0xff if it's disabled
    - bpf: Fix excessive memory allocation in stack_map_alloc()
    - nl80211: show SSID for P2P_GO interfaces
    - drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
    - drm: mali-dp: potential dereference of null pointer
    - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
    - NFC: NULL out the dev->rfkill to prevent UAF
    - efi: Add missing prototype for efi_capsule_setup_info
    - drbd: fix duplicate array initializer
    - HID: hid-led: fix maximum brightness for Dream Cheeky
    - HID: elan: Fix potential double free in elan_input_configured
    - drm/bridge: Fix error handling in analogix_dp_probe
    - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
    - spi: img-spfi: Fix pm_runtime_get_sync() error checking
    - cpufreq: Fix possible race in cpufreq online error path
    - ath9k_htc: fix potential out of bounds access with invalid
      rxstatus->rs_keyix
    - inotify: show inotify mask flags in proc fdinfo
    - fsnotify: fix wrong lockdep annotations
    - of: overlay: do not break notify on NOTIFY_{OK|STOP}
    - scsi: ufs: core: Exclude UECxx from SFR dump list
    - x86/pm: Fix false positive kmemleak report in msr_build_context()
    - x86/speculation: Add missing prototype for unpriv_ebpf_notify()
    - ASoC: rk3328: fix disabling mclk on pclk probe failure
    - perf tools: Add missing headers needed by util/data.h
    - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free
      during pm runtime resume
    - drm/msm/dsi: fix error checks and return values for DSI xmit functions
    - drm/msm/hdmi: check return value after calling
      platform_get_resource_byname()
    - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
    - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
    - virtio_blk: fix the discard_granularity and discard_alignment queue limits
    - x86: Fix return value of __setup handlers
    - irqchip/exiu: Fix acknowledgment of edge triggered interrupts
    - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
    - x86/mm: Cleanup the control_va_addr_alignment() __setup handler
    - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
    - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is
      detected
    - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is
      detected
    - drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
    - media: uvcvideo: Fix missing check to determine if element is found in list
    - iomap: iomap_write_failed fix
    - Revert "cpufreq: Fix possible race in cpufreq online error path"
    - perf/amd/ibs: Use interrupt regs ip for stack unwinding
    - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
    - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
    - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
    - scripts/faddr2line: Fix overlapping text section failures
    - media: aspeed: Fix an error handling path in aspeed_video_probe()
    - media: st-delta: Fix PM disable depth imbalance in delta_probe
    - media: exynos4-is: Change clk_disable to clk_disable_unprepare
    - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
    - media: vsp1: Fix offset calculation for plane cropping
    - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
    - m68k: math-emu: Fix dependencies of math emulation support
    - sctp: read sk->sk_bound_dev_if once in sctp_rcv()
    - media: ov7670: remove ov7670_power_off from ov7670_remove
    - ext4: reject the 'commit' option on ext2 filesystems
    - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
    - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
    - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
    - ASoC: wm2000: fix missing clk_disable_unprepare() on error in
      wm2000_anc_transition()
    - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
    - rxrpc: Fix listen() setting the bar too high for the prealloc rings
    - rxrpc: Don't try to resend the request if we're receiving the reply
    - rxrpc: Fix overlapping ACK accounting
    - rxrpc: Don't let ack.previousPacket regress
    - rxrpc: Fix decision on when to generate an IDLE ACK
    - net/smc: postpone sk_refcnt increment in connect()
    - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
    - ARM: dts: suniv: F1C100: fix watchdog compatible
    - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
    - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
    - PCI: cadence: Fix find_first_zero_bit() limit
    - PCI: rockchip: Fix find_first_zero_bit() limit
    - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
    - can: xilinx_can: mark bit timing constants as const
    - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
    - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
    - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
    - ARM: dts: bcm2835-rpi-b: Fix GPIO line names
    - misc: ocxl: fix possible double free in ocxl_file_register_afu
    - crypto: marvell/cesa - ECB does not IV
    - arm: mediatek: select arch timer for mt7629
    - powerpc/fadump: fix PT_LOAD segment for boot memory area
    - mfd: ipaq-micro: Fix error check return value of platform_get_irq()
    - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
    - firmware: arm_scmi: Fix list protocols enumeration in the base protocol
    - nvdimm: Allow overwrite in the presence of disabled dimms
    - pinctrl: mvebu: Fix irq_of_parse_and_map() return value
    - drivers/base/node.c: fix compaction sysfs file leak
    - dax: fix cache flush on PMD-mapped pages
    - powerpc/8xx: export 'cpm_setbrg' for modules
    - powerpc/idle: Fix return value of __setup() handler
    - powerpc/4xx/cpm: Fix return value of __setup() handler
    - proc: fix dentry/inode overinstantiating under /proc/${pid}/net
    - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
    - PCI: imx6: Fix PERST# start-up sequence
    - tty: fix deadlock caused by calling printk() under tty_port->lock
    - crypto: cryptd - Protect per-CPU resource by disabling BH.
    - Input: sparcspkr - fix refcount leak in bbc_beep_probe
    - powerpc/64: Only WARN if __pa()/__va() called with bad addresses
    - powerpc/perf: Fix the threshold compare group constraint for power9
    - macintosh: via-pmu and via-cuda need RTC_LIB
    - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
    - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
    - mailbox: forward the hrtimer if not queued and under a lock
    - RDMA/hfi1: Prevent use of lock before it is initialized
    - Input: stmfts - do not leave device disabled in stmfts_input_open
    - f2fs: fix dereference of stale list iterator after loop body
    - iommu/mediatek: Add list_del in mtk_iommu_remove
    - i2c: at91: use dma safe buffers
    - i2c: at91: Initialize dma_buf in at91_twi_xfer()
    - NFS: Do not report EINTR/ERESTARTSYS as mapping errors
    - NFS: Do not report flush errors in nfs_write_end()
    - NFS: Don't report errors from nfs_pageio_complete() more than once
    - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
    - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
    - dmaengine: stm32-mdma: remove GISR1 register
    - iommu/amd: Increase timeout waiting for GA log enablement
    - perf c2c: Use stdio interface if slang is not supported
    - perf jevents: Fix event syntax error caused by ExtSel
    - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
    - f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
    - f2fs: fix to clear dirty inode in f2fs_evict_inode()
    - f2fs: fix deadloop in foreground GC
    - f2fs: don't need inode lock for system hidden quota
    - f2fs: fix fallocate to use file_modified to update permissions consistently
    - wifi: mac80211: fix use-after-free in chanctx code
    - iwlwifi: mvm: fix assert 1F04 upon reconfig
    - fs-writeback: writeback_sb_inodes：Recalculate 'wrote' according skipped
      pages
    - efi: Do not import certificates from UEFI Secure Boot for T2 Macs
    - bfq: Split shared queues on move between cgroups
    - bfq: Update cgroup information before merging bio
    - bfq: Track whether bfq_group is still online
    - ext4: fix use-after-free in ext4_rename_dir_prepare
    - ext4: fix warning in ext4_handle_inode_extension
    - ext4: fix bug_on in ext4_writepages
    - ext4: verify dir block before splitting it
    - ext4: avoid cycles in directory h-tree
    - ACPI: property: Release subnode properties with data nodes
    - tracing: Fix potential double free in create_var_ref()
    - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
    - PCI: qcom: Fix runtime PM imbalance on probe errors
    - PCI: qcom: Fix unbalanced PHY init on probe errors
    - mm, compaction: fast_find_migrateblock() should return pfn in the target
      zone
    - dlm: fix plock invalid read
    - dlm: fix missing lkb refcount handling
    - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
    - scsi: dc395x: Fix a missing check on list iterator
    - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
    - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
    - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
    - drm/nouveau/clk: Fix an incorrect NULL check on list iterator
    - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
    - md: fix an incorrect NULL check in does_sb_need_changing
    - md: fix an incorrect NULL check in md_reload_sb
    - mtd: cfi_cmdset_0002: Move and rename
      chip_check/chip_ready/chip_good_for_write
    - media: coda: Fix reported H264 profile
    - media: coda: Add more H264 levels for CODA960
    - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
    - RDMA/hfi1: Fix potential integer multiplication overflow errors
    - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375,
      A38x, A39x
    - irqchip: irq-xtensa-mx: fix initial IRQ affinity
    - mac80211: upgrade passive scan to active scan on DFS channels after beacon
      rx
    - um: chan_user: Fix winch_tramp() return value
    - um: Fix out-of-bounds read in LDT setup
    - iommu/msm: Fix an incorrect NULL check on list iterator
    - nodemask.h: fix compilation error with GCC12
    - hugetlb: fix huge_pmd_unshare address update
    - rtl818x: Prevent using not initialized queues
    - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
    - carl9170: tx: fix an incorrect use of list iterator
    - serial: pch: don't overwrite xmit->buf[0] by x_char
    - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
    - gma500: fix an incorrect NULL check on list iterator
    - arm64: dts: qcom: ipq8074: fix the sleep clock frequency
    - phy: qcom-qmp: fix struct clk leak on probe errors
    - ARM: pxa: maybe fix gpio lookup tables
    - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
    - dt-bindings: gpio: altera: correct interrupt-cells
    - blk-iolatency: Fix inflight count imbalances and IO hangs on offline
    - phy: qcom-qmp: fix reset-controller leak on probe errors
    - Kconfig: add config option for asm goto w/ outputs
    - RDMA/rxe: Generate a completion for unsupported/invalid opcode
    - MIPS: IP27: Remove incorrect `cpu_has_fpu' override
    - bfq: Avoid merging queues with different parents
    - bfq: Drop pointless unlock-lock pair
    - bfq: Remove pointless bfq_init_rq() calls
    - bfq: Get rid of __bio_blkcg() usage
    - bfq: Make sure bfqg for which we are queueing requests is online
    - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
    - md: bcache: check the return value of kzalloc() in detached_dev_do_request()
    - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
    - staging: greybus: codecs: fix type confusion of list iterator variable
    - iio: adc: ad7124: Remove shift from scan_type
    - tty: goldfish: Use tty_port_destroy() to destroy port
    - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
    - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id
      and ida_simple_get
    - usb: usbip: fix a refcount leak in stub_probe()
    - usb: usbip: add missing device lock on tweak configuration cmd
    - USB: storage: karma: fix rio_karma_init return
    - usb: musb: Fix missing of_node_put() in omap2430_probe
    - staging: fieldbus: Fix the error handling path in
      anybuss_host_common_probe()
    - pwm: lp3943: Fix duty calculation in case period was clamped
    - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
    - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
    - firmware: stratix10-svc: fix a missing check on list iterator
    - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
    - iio: adc: sc27xx: fix read big scale voltage not right
    - iio: adc: sc27xx: Fine tune the scale calibration values
    - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
    - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
    - serial: sifive: Report actual baud base rather than fixed 115200
    - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
    - soc: rockchip: Fix refcount leak in rockchip_grf_init
    - clocksource/drivers/riscv: Events are stopped during CPU suspend
    - rtc: mt6397: check return value after calling platform_get_resource()
    - serial: meson: acquire port->lock in startup()
    - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
    - serial: digicolor-usart: Don't allow CS5-6
    - serial: rda-uart: Don't allow CS5-6
    - serial: txx9: Don't allow CS5-6
    - serial: sh-sci: Don't allow CS5-6
    - serial: sifive: Sanitize CSIZE and c_iflag
    - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
    - serial: stm32-usart: Correct CSIZE, bits, and parity
    - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
    - bus: ti-sysc: Fix warnings for unbind for serial
    - driver: base: fix UAF when driver_attach failed
    - driver core: fix deadlock in __device_attach
    - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
    - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
    - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
    - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
    - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
    - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
    - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
    - modpost: fix removing numeric suffixes
    - jffs2: fix memory leak in jffs2_do_fill_super
    - ubi: ubi_create_volume: Fix use-after-free when volume creation failed
    - nfp: only report pause frame configuration for physical device
    - net/mlx5: Don't use already freed action pointer
    - net/mlx5e: Update netdev features after changing XDP state
    - net: sched: add barrier to fix packet stuck problem for lockless qdisc
    - tcp: tcp_rtx_synack() can be called from process context
    - afs: Fix infinite loop found by xfstest generic/676
    - tipc: check attribute length for bearer name
    - perf c2c: Fix sorting in percent_rmt_hitm_cmp()
    - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
    - tracing: Fix sleeping function called from invalid context on RT kernel
    - tracing: Avoid adding tracer option before update_tracer_options
    - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
    - i2c: cadence: Increase timeout per message if necessary
    - m68knommu: set ZERO_PAGE() to the allocated zeroed page
    - m68knommu: fix undefined reference to `_init_sp'
    - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
    - NFSv4: Don't hold the layoutget locks across multiple RPC calls
    - video: fbdev: pxa3xx-gcu: release the resources correctly in
      pxa3xx_gcu_probe/remove()
    - xprtrdma: treat all calls not a bcall when bc_serv is NULL
    - netfilter: nat: really support inet nat without l3 address
    - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
    - netfilter: nf_tables: memleak flow rule from commit path
    - xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
    - af_unix: Fix a data-race in unix_dgram_peer_wake_me().
    - bpf, arm64: Clear prog->jited_len along prog->jited
    - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
    - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
    - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
    - net: mdio: unexport __init-annotated mdio_bus_init()
    - net: xfrm: unexport __init-annotated xfrm4_protocol_init()
    - net: ipv6: unexport __init-annotated seg6_hmac_init()
    - net/mlx5: Rearm the FW tracer after each tracer event
    - net/mlx5: fs, fail conflicting actions
    - ip_gre: test csum_start instead of transport header
    - net: altera: Fix refcount leak in altera_tse_mdio_create
    - drm: imx: fix compiler warning with gcc-12
    - iio: dummy: iio_simple_dummy: check the return value of kstrdup()
    - iio: st_sensors: Add a local lock for protecting odr
    - lkdtm/usercopy: Expand size of "out of frame" object
    - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
    - tty: Fix a possible resource leak in icom_probe
    - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
    - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
    - USB: host: isp116x: check return value after calling platform_get_resource()
    - drivers: tty: serial: Fix deadlock in sa1100_set_termios()
    - drivers: usb: host: Fix deadlock in oxu_bus_suspend()
    - USB: hcd-pci: Fully suspend across freeze/thaw cycle
    - usb: dwc2: gadget: don't reset gadget's driver->bus
    - misc: rtsx: set NULL intfdata when probe fails
    - extcon: Modify extcon device to be created after driver data is set
    - clocksource/drivers/sp804: Avoid error on multiple instances
    - staging: rtl8712: fix uninit-value in usb_read8() and friends
    - staging: rtl8712: fix uninit-value in r871xu_drv_init()
    - serial: msm_serial: disable interrupts in __msm_console_write()
    - kernfs: Separate kernfs_pr_cont_buf and rename_lock.
    - watchdog: wdat_wdt: Stop watchdog when rebooting the system
    - md: protect md_unregister_thread from reentrancy
    - scsi: myrb: Fix up null pointer access on myrb_cleanup()
    - ceph: allow ceph.dir.rctime xattr to be updatable
    - drm/radeon: fix a possible null pointer dereference
    - modpost: fix undefined behavior of is_arm_mapping_symbol()
    - x86/cpu: Elide KCSAN for cpu_has() and friends
    - nbd: call genl_unregister_family() first in nbd_cleanup()
    - nbd: fix race between nbd_alloc_config() and module removal
    - cifs: version operations for smb20 unneeded when legacy support disabled
    - nodemask: Fix return values to be unsigned
    - vringh: Fix loop descriptors check in the indirect cases
    - scripts/gdb: change kernel config dumping method
    - ALSA: hda/conexant - Fix loopback issue with CX20632
    - cifs: return errors during session setup during reconnects
    - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
    - mmc: block: Fix CQE recovery reset success
    - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
    - ixgbe: fix bcast packets Rx on VF after promisc removal
    - ixgbe: fix unexpected VLAN Rx in promisc mode on VF
    - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
    - powerpc/32: Fix overread/overwrite of thread_struct via ptrace
    - md/raid0: Ignore RAID0 layout if the second zone has only one device
    - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
    - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
    - Linux 5.4.198

* Focal update: v5.4.197 upstream stable release (LP: #1981758)
    - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
    - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
    - Input: goodix - fix spurious key release events
    - tcp: change source port randomizarion at connect() time
    - secure_seq: use the 64 bits of the siphash for port offset calculation
    - media: vim2m: Register video device after setting up internals
    - media: vim2m: initialize the media device earlier
    - ACPI: sysfs: Make sparse happy about address space in use
    - ACPI: sysfs: Fix BERT error region memory mapping
    - pinctrl: sunxi: fix f1c100s uart2 function
    - net: af_key: check encryption module availability consistency
    - net: ftgmac100: Disable hardware checksum on AST2600
    - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
    - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
      controllers
    - assoc_array: Fix BUG_ON during garbage collect
    - cfg80211: set custom regdomain after wiphy registration
    - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
    - exec: Force single empty string when argv is empty
    - netfilter: conntrack: re-fetch conntrack after insertion
    - crypto: ecrdsa - Fix incorrect use of vli_cmp
    - zsmalloc: fix races between asynchronous zspage free and page migration
    - dm integrity: fix error code in dm_integrity_ctr()
    - dm crypt: make printing of the key constant-time
    - dm stats: add cond_resched when looping over entries
    - dm verity: set DM_TARGET_IMMUTABLE feature flag
    - raid5: introduce MD_BROKEN
    - HID: multitouch: Add support for Google Whiskers Touchpad
    - tpm: Fix buffer access in tpm2_get_tpm_pt()
    - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
    - docs: submitting-patches: Fix crossref to 'The canonical patch format'
    - NFS: Memory allocation failures are not server fatal errors
    - NFSD: Fix possible sleep during nfsd4_release_lockowner()
    - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
    - Linux 5.4.197

* Focal update: v5.4.196 upstream stable release (LP: #1981111)
    - x86/xen: Make the boot CPU idle task reliable
    - x86/xen: Make the secondary CPU idle tasks reliable
    - rtc: fix use-after-free on device removal
    - um: Cleanup syscall_handler_t definition/cast, fix warning
    - Input: add bounds checking to input_set_capability()
    - Input: stmfts - fix reference leak in stmfts_input_open
    - crypto: stm32 - fix reference leak in stm32_crc_remove
    - crypto: x86/chacha20 - Avoid spurious jumps to other functions
    - ALSA: hda/realtek: Enable headset mic on Lenovo P360
    - nvme-multipath: fix hang when disk goes live over reconnect
    - rtc: mc146818-lib: Fix the AltCentury for AMD platforms
    - MIPS: lantiq: check the return value of kzalloc()
    - drbd: remove usage of list iterator variable after loop
    - platform/chrome: cros_ec_debugfs: detach log reader wq from devm
    - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
    - nilfs2: fix lockdep warnings in page operations for btree nodes
    - nilfs2: fix lockdep warnings during disk space reclamation
    - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
    - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
    - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
    - SUNRPC: Clean up scheduling of autoclose
    - SUNRPC: Prevent immediate close+reconnect
    - SUNRPC: Don't call connect() more than once on a TCP socket
    - ALSA: wavefront: Proper check of get_user() error
    - perf: Fix sys_perf_event_open() race against self
    - Fix double fget() in vhost_net_set_backend()
    - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
    - KVM: x86/mmu: Update number of zapped pages even if page list is stable
    - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
    - drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
    - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
    - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
    - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
    - net: macb: Increment rx bd head after allocating skb and buffer
    - net/sched: act_pedit: sanitize shift argument before usage
    - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
    - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
    - ice: fix possible under reporting of ethtool Tx and Rx statistics
    - clk: at91: generated: consider range when calculating best rate
    - net/qla3xxx: Fix a test in ql_reset_work()
    - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
    - net/mlx5e: Properly block LRO when XDP is enabled
    - ARM: 9196/1: spectre-bhb: enable for Cortex-A15
    - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
    - igb: skip phy status check where unavailable
    - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
    - gpio: gpio-vf610: do not touch other bits when set the target bit
    - gpio: mvebu/pwm: Refuse requests with inverted polarity
    - perf bench numa: Address compiler error on s390
    - scsi: qla2xxx: Fix missed DMA unmap for aborted commands
    - mac80211: fix rx reordering with non explicit / psmp ack policy
    - selftests: add ping test with ping_group_range tuned
    - ethernet: tulip: fix missing pci_disable_device() on error in
      tulip_init_one()
    - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
    - net: atlantic: verify hw_head_ lies within TX buffer ring
    - Input: ili210x - fix reset timing
    - block: return ELEVATOR_DISCARD_MERGE if possible
    - net: stmmac: disable Split Header (SPH) for Intel platforms
    - firmware_loader: use kernel credentials when reading firmware
    - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
    - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    - x86/xen: fix booting 32-bit pv guest
    - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
    - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
    - afs: Fix afs_getattr() to refetch file status if callback break occurred
    - Linux 5.4.196

* CVE-2022-36946
    - netfilter: nf_queue: do not allow packet truncation below transport header
      offset

* CVE-2021-33655
    - fbcon: Disallow setting font bigger than screen size
    - fbcon: Prevent that screen size is smaller than font size
    - fbmem: Check virtual screen sizes in fb_set_var()

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 26 Aug 2022 11:39:48 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2022-12-15

tags:

removed: verification-needed-focal

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package