Bug #2037688 “Pull-request to address TPM bypass issue” : Noble (24.04) : Bugs : linux package : Ubuntu

Ian May (ian-may) on 2023-10-10

Changed in linux-nvidia-6.2 (Ubuntu):
status:	New → Fix Committed

Ian May (ian-may) on 2023-10-10

Changed in linux-nvidia-6.2 (Ubuntu Jammy):
status:	New → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-17:

#1

This bug is awaiting verification that the linux-nvidia-6.2/6.2.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.2' to 'verification-done-jammy-linux-nvidia-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.2' to 'verification-failed-jammy-linux-nvidia-6.2'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.2-v2 verification-needed-jammy-linux-nvidia-6.2

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#2

Download full text (139.8 KiB)

This bug was fixed in the package linux-nvidia-6.2 - 6.2.0-1011.11

---------------
linux-nvidia-6.2 (6.2.0-1011.11) jammy; urgency=medium

* jammy/linux-nvidia-6.2: 6.2.0-1011.11 -proposed tracker (LP: #2038074)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis

  * Enable building and signing of the nvidia-fs out-of-tree kernel module.
    (LP: #2038099)
    - NVIDIA: [Packaging] debian/dkms-versions: add in nvidia-fs to dkms-versions
      and add nvidia build depends for nvidia-fs-dkms

* Pull-request to address TPM bypass issue (LP: #2037688)
- NVIDIA: [Config]: Ensure the TPM is available before IMA initializes

  * Pull-request to address ARM CoreSoght PMU issues (LP: #2033685)
    - perf: arm_cspmu: Fix variable dereference warning
    - ACPI/APMT: Don't register invalid resource
    - perf/arm_cspmu: Clean up ACPI dependency
    - perf/arm_cspmu: Decouple APMT dependency
    - perf: arm_cspmu: Add missing MODULE_DEVICE_TABLE

[ Ubuntu: 6.2.0-36.37~22.04.1 ]

  * jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1 -proposed tracker (LP: #2038075)
  * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)
  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
...

This bug was fixed in the package linux-nvidia-6.2 - 6.2.0-1011.11

---------------
linux-nvidia-6.2 (6.2.0-1011.11) jammy; urgency=medium

* jammy/linux-nvidia-6.2: 6.2.0-1011.11 -proposed tracker (LP: #2038074)

* Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis

* Enable building and signing of the nvidia-fs out-of-tree kernel module.
    (LP: #2038099)
    - NVIDIA: [Packaging] debian/dkms-versions: add in nvidia-fs to dkms-versions
      and add nvidia build depends for nvidia-fs-dkms

* Pull-request to address TPM bypass issue (LP: #2037688)
    - NVIDIA: [Config]: Ensure the TPM is available before IMA initializes

* Pull-request to address ARM CoreSoght PMU issues (LP: #2033685)
    - perf: arm_cspmu: Fix variable dereference warning
    - ACPI/APMT: Don't register invalid resource
    - perf/arm_cspmu: Clean up ACPI dependency
    - perf/arm_cspmu: Decouple APMT dependency
    - perf: arm_cspmu: Add missing MODULE_DEVICE_TABLE

[ Ubuntu: 6.2.0-36.37~22.04.1 ]

* jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1 -proposed tracker (LP: #2038075)
  * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)
  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout
    - can: bcm: Fix UAF in bcm_proc_show()
    - can: gs_usb: gs_can_open(): improve error handling
    - selftests: tc: add ConnTrack procfs kconfig
    - dma-buf/dma-resv: Stop leaking on krealloc() failure
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
    - drm/amdgpu/pm: make mclk consistent for smu 13.0.7
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: only accept async flips for fast updates
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: check TG is non-null before checking if enabled
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master
      mode"
    - ASoC: tegra: Fix ADX byte map
    - ASoC: rt5640: Fix sleep in atomic context
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: qdsp6: audioreach: fix topology probe deferral
    - ASoC: tegra: Fix AMX byte map
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - HID: add quirk for 03f0:464a HP Elite Presenter Mouse
    - ovl: check type and offset of struct vfsmount in ovl_entry
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569
    - rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()
    - rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp
    - sched/fair: Don't balance task to its current running CPU
    - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel
      range
    - bpf: Print a warning only if writing to unprivileged_bpf_disabled.
    - bpf: Address KCSAN report on bpf_lru_list
    - bpf: tcp: Avoid taking fast sock lock in iterator
    - wifi: ath11k: add support default regdb while searching board-2.bin for
      WCN6855
    - wifi: mac80211_hwsim: Fix possible NULL dereference
    - spi: dw: Add compatible for Intel Mount Evans SoC
    - wifi: ath11k: fix memory leak in WMI firmware stats
    - net: ethernet: litex: add support for 64 bit stats
    - devlink: report devlink_port_type_warn source device
    - wifi: wext-core: Fix -Wstringop-overflow warning in
      ioctl_standard_iw_point()
    - wifi: iwlwifi: Add support for new PCI Id
    - wifi: iwlwifi: mvm: avoid baid size integer overflow
    - wifi: iwlwifi: pcie: add device id 51F1 for killer 1675
    - net: hns3: fix strncpy() not using dest-buf length as length issue
    - ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count()
    - ASoC: codecs: wcd938x: fix mbhc impedance loglevel
    - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
    - ASoC: qcom: q6apm: do not close GPR port before closing graph
    - sched/fair: Use recent_used_cpu to test p->cpus_ptr
    - sched/psi: Rearrange polling code in preparation
    - sched/psi: Rename existing poll members in preparation
    - sched/psi: Extract update_triggers side effect
    - sched/psi: Allow unprivileged polling of N*2s period
    - sched/psi: use kernfs polling functions for PSI trigger polling
    - pinctrl: renesas: rzv2m: Handle non-unique subnode names
    - pinctrl: renesas: rzg2l: Handle non-unique subnode names
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - fbdev: imxfb: Removed unneeded release_mem_region
    - perf build: Fix library not found error when using CSLIBS
    - btrfs: be a bit more careful when setting mirror_num_ret in btrfs_map_block
    - spi: s3c64xx: clear loopback bit after loopback test
    - kallsyms: strip LTO-only suffixes from promoted global functions
    - dsa: mv88e6xxx: Do a final check before timing out
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - net: ethernet: mtk_eth_soc: handle probe deferral
    - ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write()
    - net: sched: cls_matchall: Undo tcf_bind_filter in case of failure after
      mall_set_parms
    - net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode
    - net: sched: cls_u32: Undo refcount decrement in case update failed
    - net: sched: cls_bpf: Undo tcf_bind_filter in case of an error
    - net: dsa: microchip: ksz8: Separate static MAC table operations for code
      reuse
    - net: dsa: microchip: ksz8: Make ksz8_r_sta_mac_table() static
    - net: dsa: microchip: ksz8_r_sta_mac_table(): Avoid using error code for
      empty entries
    - net: dsa: microchip: correct KSZ8795 static MAC table access
    - iavf: Fix use-after-free in free_netdev
    - iavf: Fix out-of-bounds when setting channels on remove
    - iavf: use internal state to free traffic IRQs
    - iavf: make functions static where possible
    - iavf: Wait for reset in callbacks which trigger it
    - iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies
    - iavf: fix reset task race with iavf_remove()
    - security: keys: Modify mismatched function name
    - octeontx2-pf: Dont allocate BPIDs for LBK interfaces
    - bpf: Fix subprog idx logic in check_max_stack_depth
    - bpf: Repeat check_max_stack_depth for async callbacks
    - bpf, arm64: Fix BTI type used for freplace attached functions
    - igc: Avoid transmit queue timeout for XDP
    - igc: Prevent garbled TX queue with XDP ZEROCOPY
    - net: ipv4: use consistent txhash in TIME_WAIT and SYN_RECV
    - tcp: annotate data-races around tcp_rsk(req)->txhash
    - tcp: annotate data-races around tcp_rsk(req)->ts_recent
    - net: ipv4: Use kfree_sensitive instead of kfree
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: can't schedule in nft_chain_validate
    - Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync
    - Bluetooth: hci_event: call disconnect callback before deleting conn
    - Bluetooth: ISO: fix iso_conn related locking and validity issues
    - Bluetooth: hci_sync: Avoid use-after-free in dbg for
      hci_remove_adv_monitor()
    - tcp: annotate data-races around tp->tcp_tx_delay
    - tcp: annotate data-races around tp->tsoffset
    - tcp: annotate data-races around tp->keepalive_time
    - tcp: annotate data-races around tp->keepalive_intvl
    - tcp: annotate data-races around tp->keepalive_probes
    - tcp: annotate data-races around icsk->icsk_syn_retries
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around icsk->icsk_user_timeout
    - tcp: annotate data-races around fastopenq.max_qlen
    - net: phy: prevent stale pointer dereference in phy_init()
    - jbd2: recheck chechpointing non-dirty buffer
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - drm/ttm: fix bulk_move corruption when adding a entry
    - spi: dw: Remove misleading comment for Mount Evans SoC
    - kallsyms: add kallsyms_seqs_of_names to list of special symbols
    - scripts/kallsyms: update the usage in the comment block
    - selftests/bpf: Workaround verification failure for
      fexit_bpf2bpf/func_replace_return_code
    - selftests/bpf: Fix sk_assign on s390x
    - drm/amd/display: fix some coding style issues
    - drm/dp_mst: Clear MSG_RDY flag before sending new message
    - drm/amd/display: force connector state when bpc changes during compliance
    - drm/amd/display: Clean up errors & warnings in amdgpu_dm.c
    - drm/amd/display: fix linux dp link lost handled only one time
    - drm/amd/display: Add polling method to handle MST reply packet
    - perf probe: Read DWARF files from the correct CU
    - btrfs: raid56: always verify the P/Q contents for scrub
    - can: gs_usb: fix time stamp counter initialization
    - KVM: arm64: Correctly handle page aging notifiers for unaligned memslot
    - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
    - gso: fix dodgy bit handling for GSO_UDP_L4
    - drm/i915/perf: add sentinel to xehp_oa_b_counters
    - net: ethernet: mtk_eth_soc: always mtk_get_ib1_pkt_type
    - Upstream stable to v6.1.42, v6.4.7
    - netfilter: nf_tables: fix underflow in object reference counter
    - netfilter: nf_tables: fix underflow in chain reference counter
    - platform/x86/amd/pmf: Notify OS power slider update
    - platform/x86/amd/pmf: reduce verbosity of apmf_get_system_params
    - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    - blk-mq: Fix stall due to recursive flush plug
    - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
    - KVM: s390: pv: fix index value of replaced ASCE
    - io_uring: don't audit the capability check in io_uring_create()
    - gpio: tps68470: Make tps68470_gpio_output() always set the initial value
    - pwm: Add a stub for devm_pwmchip_add()
    - gpio: mvebu: Make use of devm_pwmchip_add
    - gpio: mvebu: fix irq domain leak
    - btrfs: fix race between quota disable and relocation
    - i2c: Delete error messages for failed memory allocations
    - i2c: Improve size determinations
    - i2c: nomadik: Remove unnecessary goto label
    - i2c: nomadik: Use devm_clk_get_enabled()
    - i2c: nomadik: Remove a useless call in the remove function
    - MIPS: Loongson: Move arch cflags to MIPS top level Makefile
    - MIPS: Loongson: Fix build error when make modules_install
    - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
    - PCI/ASPM: Factor out pcie_wait_for_retrain()
    - PCI/ASPM: Avoid link retraining race
    - PCI: rockchip: Remove writes to unused registers
    - PCI: rockchip: Fix window mapping and address translation for endpoint
    - PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
    - drm/amd/display: add ODM case when looking for first split pipe
    - drm/amd/display: add pixel rate based CRB allocation support
    - drm/amd/display: fix dcn315 single stream crb allocation
    - drm/amd/display: Update correct DCN314 register header
    - drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt
    - drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix
    - drm/ttm: Don't print error message if eviction was interrupted
    - drm/ttm: Don't leak a resource on eviction error
    - drm/ttm: never consider pinned BOs for eviction&swap
    - KVM: arm64: Condition HW AF updates on config option
    - [Config] updateconfigs for AMPERE_ERRATUM_AC03_CPU_38
    - arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2
    - mptcp: introduce 'sk' to replace 'sock->sk' in mptcp_listen()
    - tracing: Allow synthetic events to pass around stacktraces
    - Revert "tracing: Add "(fault)" name injection to kernel probes"
    - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if
      fails
    - test_maple_tree: test modifications while iterating
    - maple_tree: add __init and __exit to test module
    - maple_tree: fix 32 bit mas_next testing
    - drm/amd/display: fix dc/core/dc.c kernel-doc
    - drm/amd/display: Add FAMS validation before trying to use it
    - drm/amd/display: update extended blank for dcn314 onwards
    - drm/amd/display: Fix possible underflow for displays with large vblank
    - drm/amd/display: Prevent vtotal from being set to 0
    - phy: phy-mtk-dp: Fix an error code in probe()
    - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
    - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
    - phy: qcom-snps-femto-v2: properly enable ref clock
    - soundwire: qcom: update status correctly with mask
    - media: staging: atomisp: select V4L2_FWNODE
    - media: amphion: Fix firmware path to match linux-firmware
    - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
    - iavf: fix potential deadlock on allocation failure
    - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
    - net: phy: marvell10g: fix 88x3310 power up
    - net: hns3: fix the imp capability bit cannot exceed 32 bits issue
    - net: hns3: fix wrong tc bandwidth weight data issue
    - net: hns3: fix wrong bw weight of disabled tc issue
    - vxlan: calculate correct header length for GPE
    - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
    - vxlan: fix GRO with VXLAN-GPE
    - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
    - atheros: fix return value check in atl1_tso()
    - ethernet: atheros: fix return value check in atl1e_tso_csum()
    - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new
      temporary address
    - ice: Fix memory management in ice_ethtool_fdir.c
    - bonding: reset bond's flags when down link is P2P device
    - team: reset team's flags when down link is P2P device
    - octeontx2-af: Removed unnecessary debug messages.
    - octeontx2-af: Fix hash extraction enable configuration
    - net: stmmac: Apply redundant write work around on 4.xx too
    - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
    - x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory
    - igc: Fix Kernel Panic during ndo_tx_timeout callback
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - mm: suppress mm fault logging if fatal signal already pending
    - net/sched: mqprio: refactor nlattr parsing to a separate function
    - net/sched: mqprio: add extack to mqprio_parse_nlattr()
    - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
    - benet: fix return value check in be_lancer_xmit_workarounds()
    - tipc: check return value of pskb_trim()
    - tipc: stop tipc crypto on failure in tipc_node_create
    - RDMA/mlx4: Make check for invalid flags stricter
    - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
    - drm/msm/adreno: Fix snapshot BINDLESS_DATA size
    - RDMA/irdma: Add missing read barriers
    - RDMA/irdma: Fix data race on CQP completion stats
    - RDMA/irdma: Fix data race on CQP request done
    - RDMA/mthca: Fix crash when polling CQ for shared QPs
    - RDMA/bnxt_re: Prevent handling any completions after qp destroy
    - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
    - cxl/acpi: Fix a use-after-free in cxl_parse_cfmws()
    - cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws()
    - ASoC: fsl_spdif: Silence output on stop
    - block: Fix a source code comment in include/uapi/linux/blkzoned.h
    - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
    - drm/i915: Fix an error handling path in igt_write_huge()
    - xenbus: check xen_domain in xenbus_probe_initcall
    - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
    - dm raid: clean up four equivalent goto tags in raid_ctr()
    - dm raid: protect md_stop() with 'reconfig_mutex'
    - drm/amd: Fix an error handling mistake in psp_sw_init()
    - drm/amd/display: Unlock on error path in
      dm_handle_mst_sideband_msg_ready_event()
    - RDMA/irdma: Fix op_type reporting in CQEs
    - RDMA/irdma: Report correct WC error
    - drm/msm: Switch idr_lock to spinlock
    - drm/msm: Disallow submit with fence id 0
    - ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd
    - ublk: fail to start device if queue setup is interrupted
    - ublk: fail to recover device if queue setup is interrupted
    - ata: pata_ns87415: mark ns87560_tf_read static
    - ring-buffer: Fix wrong stat of cpu_buffer->read
    - tracing: Fix warning in trace_buffered_event_disable()
    - Revert "usb: gadget: tegra-xudc: Fix error check in
      tegra_xudc_powerdomain_init()"
    - usb: gadget: call usb_gadget_check_config() to verify UDC capability
    - USB: gadget: Fix the memory leak in raw_gadget driver
    - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
    - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
    - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
    - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
    - serial: qcom-geni: drop bogus runtime pm state update
    - serial: 8250_dw: Preserve original value of DLF register
    - serial: sifive: Fix sifive_serial_console_setup() section
    - USB: serial: option: support Quectel EM060K_128
    - USB: serial: option: add Quectel EC200A module support
    - USB: serial: simple: add Kaufmann RKS+CAN VCP
    - USB: serial: simple: sort driver entries
    - can: gs_usb: gs_can_close(): add missing set of CAN state to
      CAN_STATE_STOPPED
    - usb: typec: Set port->pd before adding device for typec_port
    - usb: typec: Iterate pds array when showing the pd list
    - usb: typec: Use sysfs_emit_at when concatenating the string
    - Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
    - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
    - usb: dwc3: don't reset device side if dwc3 was configured as host-only
    - usb: misc: ehset: fix wrong if condition
    - usb: ohci-at91: Fix the unhandle interrupt when resume
    - USB: quirks: add quirk for Focusrite Scarlett
    - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one
      config
    - usb: xhci-mtk: set the dma max_seg_size
    - Revert "usb: xhci: tegra: Fix error check"
    - Documentation: security-bugs.rst: update preferences when dealing with the
      linux-distros group
    - Documentation: security-bugs.rst: clarify CVE handling
    - staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
    - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
    - tty: n_gsm: fix UAF in gsm_cleanup_mux
    - Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
    - ALSA: hda/realtek: Support ASUS G713PV laptop
    - ALSA: hda/relatek: Enable Mute LED on HP 250 G8
    - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature
    - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
    - btrfs: account block group tree when calculating global reserve size
    - btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
    - btrfs: check for commit error at btrfs_attach_transaction_barrier()
    - x86/MCE/AMD: Decrement threshold_bank refcount when removing threshold
      blocks
    - file: always lock position for FMODE_ATOMIC_POS
    - nfsd: Remove incorrect check in nfsd4_validate_stateid
    - ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info()
    - tpm_tis: Explicitly check for error code
    - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
    - irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
    - locking/rtmutex: Fix task->pi_waiters integrity
    - proc/vmcore: fix signedness bug in read_from_oldmem()
    - xen: speed up grant-table reclaim
    - virtio-net: fix race between set queues and probe
    - net: dsa: qca8k: fix search_and_insert wrong handling of new rule
    - net: dsa: qca8k: fix broken search_and_del
    - net: dsa: qca8k: fix mdb add/del case with 0 VID
    - selftests: mptcp: join: only check for ip6tables if needed
    - soundwire: fix enumeration completion
    - Revert "um: Use swap() to make code cleaner"
    - LoongArch: BPF: Fix check condition to call lu32id in move_imm()
    - LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArch
    - s390/dasd: fix hanging device after quiesce/resume
    - s390/dasd: print copy pair message only for the correct error
    - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
    - arm64/sme: Set new vector length before reallocating
    - PM: sleep: wakeirq: fix wake irq arming
    - ceph: never send metrics if disable_send_metrics is set
    - drm/i915/dpt: Use shmem for dpt objects
    - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
    - rbd: make get_lock_owner_info() return a single locker or NULL
    - rbd: harden get_lock_owner_info() a bit
    - rbd: retrieve and check lock owner twice before blocklisting
    - tracing: Fix trace_event_raw_event_synth() if else statement
    - ACPI: processor: perflib: Use the "no limit" frequency QoS
    - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
    - cpufreq: intel_pstate: Drop ACPI _PSS states table patching
    - dma-buf: keep the signaling time of merged fences v3
    - dma-buf: fix an error pointer vs NULL bug
    - KVM: s390: pv: simplify shutdown and fix race
    - media: tc358746: Address compiler warnings
    - net: fec: avoid tx queue timeout when XDP is enabled
    - drm/msm/dsi: Drop unused regulators from QCM2290 14nm DSI PHY config
    - RDMA/core: Update CMA destination address on rdma_resolve_addr
    - RDMA/bnxt_re: Fix hang during driver unload
    - iommufd: IOMMUFD_DESTROY should not increase the refcount
    - TIOCSTI: always enable for CAP_SYS_ADMIN
    - hwmon: (aquacomputer_d5next) Fix incorrect PWM value readout
    - btrfs: zoned: do not enable async discard
    - net: ipa: only reset hashed tables when supported
    - iommufd: Set end correctly when doing batch carry
    - mptcp: more accurate NL event generation
    - Upstream stable to v6.1.43, v6.4.8
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-5197
    - netfilter: nf_tables: skip bound chain in netns release path
    - netfilter: nf_tables: disallow rule removal from chain binding
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()
  * CVE-2023-42572
    - net: add SKB_HEAD_ALIGN() helper
  * Fix RCU warning on AMD laptops (LP: #2036377)
    - power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint
  * Fix non-working I219 after system sleep (LP: #2035313)
    - mei: mei-me: resume device in prepare
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * Ethernet not stable 23.04 (RTL8168/8169) (LP: #2031537)
    - r8169: fix ASPM-related problem for chip version 42 and 43
    - r8169: revert 2ab19de62d67 ("r8169: remove ASPM restrictions now that ASPM
      is disabled during NAPI poll")
    - Revert "r8169: disable ASPM during NAPI poll"
    - r8169: fix ASPM-related issues on a number of systems with NIC version from
      RTL8168h
  * Enable ASPM for NVMe behind VMD (LP: #2034504)
    - Revert "UBUNTU: SAUCE: vmd: fixup bridge ASPM by driver name instead"
    - Revert "UBUNTU: SAUCE: PCI/ASPM: Enable LTR for endpoints behind VMD"
    - Revert "UBUNTU: SAUCE: PCI/ASPM: Enable ASPM for links under VMD domain"
    - PCI/ASPM: Add pci_enable_link_state()
    - PCI: vmd: Use PCI_VDEVICE in device list
    - PCI: vmd: Create feature grouping for client products
    - PCI: vmd: Add quirk to configure PCIe ASPM and LTR
    - SAUCE: PCI/ASPM: Allow ASPM override over FADT default
    - SAUCE: PCI: vmd: Mark ASPM override for device behind VMD bridge
  * Fix suspend hang on Lenovo workstation (LP: #2034479)
    - igb: Fix igb_down hung on surprise removal
  * Fix blank display when Thunderbolt monitor is plugged second time
    (LP: #2034491)
    - drm/amd: Disable S/G for APUs when 64GB or more host memory
    - thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug
      onwards
    - thunderbolt: Fix a backport error for display flickering issue
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Lunar update: upstream stable patchset 2023-09-14 (LP: #2036075)
    - net: lan743x: Don't sleep in atomic context
    - workqueue: clean up WORK_* constant types, clarify masking
    - ksmbd: add missing compound request handing in some commands
    - ksmbd: fix out of bounds read in smb2_sess_setup
    - drm/panel: simple: Add connector_type for innolux_at043tn24
    - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
    - swiotlb: always set the number of areas before allocating the pool
    - swiotlb: reduce the number of areas to match actual memory pool size
    - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
    - ice: Fix max_rate check while configuring TX rate limits
    - igc: Remove delay during TX ring configuration
    - net/mlx5e: fix double free in mlx5e_destroy_flow_table
    - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
    - net/mlx5e: fix memory leak in mlx5e_ptp_open
    - net/mlx5e: Check for NOT_READY flag state after locking
    - igc: set TP bit in 'supported' and 'advertising' fields of
      ethtool_link_ksettings
    - igc: Handle PPS start time programming for past time values
    - blk-crypto: use dynamic lock class for blk_crypto_profile::lock
    - scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    - scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER
    - bpf: Fix max stack depth check for async callbacks
    - net: mvneta: fix txq_map in case of txq_number==1
    - gve: Set default duplex configuration to full
    - octeontx2-af: Promisc enable/disable through mbox
    - octeontx2-af: Move validation of ptp pointer before its usage
    - ionic: remove WARN_ON to prevent panic_on_warn
    - net: bgmac: postpone turning IRQs off to avoid SoC hangs
    - net: prevent skb corruption on frag list segmentation
    - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    - udp6: fix udp6_ehashfn() typo
    - ntb: idt: Fix error handling in idt_pci_driver_init()
    - NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    - ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    - NTB: ntb_transport: fix possible memory leak while device_register() fails
    - NTB: ntb_tool: Add check for devm_kcalloc
    - ipv6/addrconf: fix a potential refcount underflow for idev
    - net: dsa: qca8k: Add check for skb_copy
    - platform/x86: wmi: Break possible infinite loop when parsing GUID
    - kernel/trace: Fix cleanup logic of enable_trace_eprobe
    - igc: Fix launchtime before start of cycle
    - igc: Fix inserting of empty frame for launchtime
    - nvme: fix the NVME_ID_NS_NVM_STS_MASK definition
    - riscv, bpf: Fix inconsistent JIT image generation
    - drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner
    - drm/i915: Fix one wrong caching mode enum usage
    - octeontx2-pf: Add additional check for MCAM rules
    - erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading
      beyond EOF
    - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    - erofs: fix fsdax unavailability for chunk-based regular files
    - wifi: airo: avoid uninitialized warning in airo_get_rate()
    - bpf: cpumap: Fix memory leak in cpu_map_update_elem
    - net/sched: flower: Ensure both minimum and maximum ports are specified
    - riscv: mm: fix truncation warning on RV32
    - netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
    - net/sched: make psched_mtu() RTNL-less safe
    - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set()
    - nvme-pci: fix DMA direction of unmapping integrity data
    - cifs: fix session state check in smb2_find_smb_ses
    - drm/client: Send hotplug event after registering a client
    - drm/amdgpu/sdma4: set align mask to 255
    - drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario
    - drm/amd/pm: add abnormal fan detection for smu 13.0.0
    - f2fs: fix deadlock in i_xattr_sem and inode page lock
    - pinctrl: amd: Add Z-state wake control bits
    - pinctrl: amd: Adjust debugfs output
    - pinctrl: amd: Add fields for interrupt status and wake status
    - pinctrl: amd: Detect internal GPIO0 debounce handling
    - pinctrl: amd: Fix mistake in handling clearing pins at startup
    - pinctrl: amd: Detect and mask spurious interrupts
    - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe"
    - pinctrl: amd: Only use special debounce behavior for GPIO 0
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - pinctrl: amd: Drop pull up select configuration
    - pinctrl: amd: Unify debounce handling into amd_pinconf_set()
    - tpm: Do not remap from ACPI resources again for Pluton TPM
    - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    - tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
    - tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
    - tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms
    - mtd: rawnand: meson: fix unaligned DMA buffers handling
    - net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    - net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY
      driver
    - kasan: add kasan_tag_mismatch prototype
    - tracing/user_events: Fix incorrect return value for writing operation when
      events are disabled
    - powerpc: Fail build if using recordmcount with binutils v2.37
    - misc: fastrpc: Create fastrpc scalar with correct buffer count
    - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
    - powerpc/64s: Fix native_hpte_remove() to be irq-safe
    - MIPS: Loongson: Fix cpu_probe_loongson() again
    - MIPS: KVM: Fix NULL pointer dereference
    - ext4: Fix reusing stale buffer heads from last failed mounting
    - ext4: fix wrong unit use in ext4_mb_clear_bb
    - ext4: get block from bh in ext4_free_blocks for fast commit replay
    - ext4: fix wrong unit use in ext4_mb_new_blocks
    - ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
    - ext4: turn quotas off if mount failed after enabling quotas
    - ext4: only update i_reserved_data_blocks on successful block allocation
    - fs: dlm: revert check required context while close
    - soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup
    - ext2/dax: Fix ext2_setsize when len is page aligned
    - jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    - hwrng: imx-rngc - fix the timeout for init and self check
    - dm integrity: reduce vmalloc space footprint on 32-bit architectures
    - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O
    - s390/zcrypt: do not retry administrative requests
    - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    - PCI: Release resource invalidated by coalescing
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    - PCI: qcom: Disable write access to read only registers for IP v2.3.3
    - PCI: epf-test: Fix DMA transfer completion initialization
    - PCI: epf-test: Fix DMA transfer completion detection
    - PCI: rockchip: Assert PCI Configuration Enable bit after probe
    - PCI: rockchip: Write PCI Device ID to correct register
    - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    - PCI: rockchip: Use u32 variable to access 32-bit registers
    - PCI: rockchip: Set address alignment for endpoint mode
    - misc: pci_endpoint_test: Free IRQs before removing the device
    - misc: pci_endpoint_test: Re-init completion for every test
    - mfd: pm8008: Fix module autoloading
    - md/raid0: add discard support for the 'original' layout
    - fs: dlm: return positive pid value for F_GETLK
    - fs: dlm: fix cleanup pending ops when interrupted
    - fs: dlm: interrupt posix locks only when process is killed
    - fs: dlm: make F_SETLK use unkillable wait_event
    - fs: dlm: fix mismatch of plock results from userspace
    - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by
      lpfc_nlp_not_used()
    - drm/atomic: Allow vblank-enabled + self-refresh "disable"
    - drm/rockchip: vop: Leave vblank enabled in self-refresh
    - drm/amd/display: fix seamless odm transitions
    - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2
    - drm/amd/display: disable seamless boot if force_odm_combine is enabled
    - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM
    - drm/amd: Disable PSR-SU on Parade 0803 TCON
    - drm/amd/display: add a NULL pointer check
    - drm/amd/display: Correct `DMUB_FW_VERSION` macro
    - drm/amd/display: Add monitor specific edid quirk
    - drm/amdgpu: avoid restore process run into dead loop.
    - drm/ttm: Don't leak a resource on swapout move error
    - serial: atmel: don't enable IRQs prematurely
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
      case of error
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
      iterating clk
    - tty: serial: imx: fix rs485 rx after tx
    - firmware: stratix10-svc: Fix a potential resource leak in
      svc_create_memory_pool()
    - libceph: harden msgr2.1 frame segment length checks
    - ceph: add a dedicated private data for netfs rreq
    - ceph: fix blindly expanding the readahead windows
    - ceph: don't let check_caps skip sending responses for revoke msgs
    - xhci: Fix resume issue of some ZHAOXIN hosts
    - xhci: Fix TRB prefetch issue of ZHAOXIN hosts
    - xhci: Show ZHAOXIN xHCI root hub speed correctly
    - meson saradc: fix clock divider mask length
    - opp: Fix use-after-free in lazy_opp_tables after probe deferral
    - soundwire: qcom: fix storing port config out-of-bounds
    - Revert "8250: add support for ASIX devices with a FIFO bug"
    - bus: ixp4xx: fix IXP4XX_EXP_T1_MASK
    - s390/decompressor: fix misaligned symbol build error
    - dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter
    - tracing/histograms: Add histograms to hist_vars if they have referenced
      variables
    - tracing: Fix memory leak of iter->temp when reading trace_pipe
    - nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices
    - samples: ftrace: Save required argument registers in sample trampolines
    - perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()
    - regmap-irq: Fix out-of-bounds access when allocating config buffers
    - net: ena: fix shift-out-of-bounds in exponential backoff
    - ring-buffer: Fix deadloop issue on reading trace_pipe
    - ftrace: Fix possible warning on checking all pages used in
      ftrace_process_locs()
    - cifs: if deferred close is disabled then close files immediately
    - xtensa: ISS: fix call to split_if_spec
    - perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR
    - PM: QoS: Restore support for default value on frequency QoS
    - pwm: meson: modify and simplify calculation in meson_pwm_get_state
    - pwm: meson: fix handling of period/duty if greater than UINT_MAX
    - fprobe: Release rethook after the ftrace_ops is unregistered
    - fprobe: Ensure running fprobe_exit_handler() finished before calling
      rethook_free()
    - tracing: Fix null pointer dereference in tracing_err_log_open()
    - selftests: mptcp: connect: fail if nft supposed to work
    - selftests: mptcp: sockopt: return error if wrong mark
    - selftests: mptcp: userspace_pm: use correct server port
    - selftests: mptcp: userspace_pm: report errors with 'remove' tests
    - selftests: mptcp: depend on SYN_COOKIES
    - selftests: mptcp: pm_nl_ctl: fix 32-bit support
    - tracing/probes: Fix not to count error code to total length
    - tracing/probes: Fix to update dynamic data counter if fetcharg uses it
    - tracing/user_events: Fix struct arg size match check
    - scsi: qla2xxx: Multi-que support for TMF
    - scsi: qla2xxx: Fix task management cmd failure
    - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    - scsi: qla2xxx: Fix hang in task management
    - scsi: qla2xxx: Wait for io return on terminate rport
    - scsi: qla2xxx: Fix mem access after free
    - scsi: qla2xxx: Array index may go out of bound
    - scsi: qla2xxx: Avoid fcport pointer dereference
    - scsi: qla2xxx: Fix potential NULL pointer dereference
    - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    - scsi: qla2xxx: Correct the index of array
    - scsi: qla2xxx: Pointer may be dereferenced
    - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    - scsi: qla2xxx: Fix end of loop test
    - MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled
    - Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON"
    - net/sched: sch_qfq: reintroduce lmax bound check for MTU
    - drm/atomic: Fix potential use-after-free in nonblocking commits
    - net/ncsi: make one oem_gma function for all mfr id
    - net/ncsi: change from ndo_set_mac_address to dev_set_mac_address
    - HID: input: fix mapping for camera access keys
    - xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent
    - netfilter: conntrack: don't fold port numbers into addresses before hashing
    - net/mlx5: Query hca_cap_2 only when supported
    - udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint
    - HID: hyperv: avoid struct memcpy overrun warning
    - igc: Rename qbv_enable to taprio_offload_enable
    - igc: No strict mode in pure launchtime/CBS offload
    - net: fec: increase the size of tx ring and update tx_wake_threshold
    - drm/nouveau/disp: fix HDMI on gt215+
    - drm/nouveau/disp/g94: enable HDMI
    - drm/nouveau: bring back blit subchannel for pre nv50 GPUs
    - net: txgbe: fix eeprom calculation error
    - kasan, slub: fix HW_TAGS zeroing with slub_debug
    - drm/amd/display: perform a bounds check before filling dirty rectangles
    - fs: dlm: clear pending bit when queue was empty
    - fs: dlm: fix missing pending to false
    - tty: fix hang on tty device with no_room set
    - nfp: clean mc addresses in application firmware when closing port
    - mptcp: do not rely on implicit state check in mptcp_listen()
    - mptcp: ensure subflow is unhashed before cleaning the backlog
    - selftests: mptcp: sockopt: use 'iptables-legacy' if available
    - smb: client: Fix -Wstringop-overflow issues
    - tracing/probes: Fix to avoid double count of the string length on the array
    - Upstream stable to v6.1.40, v6.4.5
  * Nouveau driver crash - Ubuntu 22.04.3 LTS stuck on power-off/reboot screen
    (LP: #2031352) // Lunar update: upstream stable patchset 2023-09-14
    (LP: #2036075)
    - drm/nouveau/acr: Abort loading ACR if no firmware was found
  * Lunar update: upstream stable patchset 2023-09-05 (LP: #2034469)
    - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
    - fs: pipe: reveal missing function protoypes
    - block: Fix the type of the second bdev_op_is_zoned_write() argument
    - erofs: avoid tagged pointers to mark sync decompression
    - erofs: remove tagged pointer helpers
    - erofs: move zdata.h into zdata.c
    - erofs: kill hooked chains to avoid loops on deduplicated compressed images
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    - x86/sev: Fix calculation of end address based on number of pages
    - virt: sevguest: Add CONFIG_CRYPTO dependency
    - blk-mq: fix potential io hang by wrong 'wake_batch'
    - lockd: drop inappropriate svc_get() from locked_get()
    - nvme-core: fix memory leak in dhchap_secret_store
    - nvme-core: fix memory leak in dhchap_ctrl_secret
    - nvme-core: add missing fault-injection cleanup
    - nvme-core: fix dev_pm_qos memleak
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - md/raid1-10: factor out a helper to add bio to plug
    - md/raid1-10: factor out a helper to submit normal write
    - md/raid1-10: submit write io directly if bitmap is not enabled
    - block: fix blktrace debugfs entries leakage
    - irqchip/stm32-exti: Fix warning on initialized field overwritten
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - svcrdma: Prevent page release when nothing was received
    - erofs: simplify iloc()
    - erofs: fix compact 4B support for 16k block size
    - posix-timers: Prevent RT livelock in itimer_delete()
    - tick/rcu: Fix bogus ratelimit condition
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - perf/arm-cmn: Fix DTC reset
    - x86/mm: Allow guest.enc_status_change_prepare() to fail
    - x86/tdx: Fix race between set_memory_encrypted() and
      load_unaligned_zeropad()
    - drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - PM: domains: Move the verification of in-params from genpd_add_device()
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - cpufreq: intel_pstate: Fix energy_performance_preference for passive
    - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
    - rcu: Make rcu_cpu_starting() rely on interrupts being disabled
    - rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs
    - rcutorture: Correct name of use_softirq module parameter
    - rcuscale: Move shutdown from wait_event() to wait_event_idle()
    - rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
    - rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
    - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
      is undefined
    - perf/ibs: Fix interface via core pmu events
    - x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
    - locking/atomic: arm: fix sync ops
    - evm: Complete description of evm_inode_setattr()
    - evm: Fix build warnings
    - ima: Fix build warnings
    - pstore/ram: Add check for kstrdup
    - igc: Enable and fix RX hash usage by netstack
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - libbpf: btf_dump_type_data_check_overflow needs to consider
      BTF_MEMBER_BITFIELD_SIZE
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: wilc1000: fix for absent RSN capabilities WFA testcase
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - sctp: add bpf_bypass_getsockopt proto callback
    - libbpf: fix offsetof() and container_of() to work with CO-RE
    - bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
    - spi: dw: Round of n_bytes to power of 2
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - bpftool: JIT limited misreported as negative value on aarch64
    - bpf: Remove bpf trampoline selector
    - bpf: Fix memleak due to fentry attach failure
    - selftests/bpf: Do not use sign-file as testcase
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60
    - wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware
      restart
    - wifi: mac80211: recalc min chandef for new STA links
    - selftests/bpf: Fix check_mtu using wrong variable type
    - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - ice: handle extts in the miscellaneous interrupt thread
    - selftests: cgroup: fix unexpected failure on test_memcg_low
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives with turbo modes
    - kexec: fix a memory leak in crash_shrink_memory()
    - mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used
    - memstick r592: make memstick_debug_get_tpc_name() static
    - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    - wifi: mac80211: Fix permissions for valid_links debugfs entry
    - rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    - wifi: ath11k: Add missing check for ioremap
    - wifi: iwlwifi: pull from TXQs with softirqs disabled
    - wifi: iwlwifi: pcie: fix NULL pointer dereference in
      iwl_pcie_irq_rx_msix_handler()
    - wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam
    - wifi: cfg80211: rewrite merging of inherited elements
    - wifi: cfg80211: drop incorrect nontransmitted BSS update code
    - wifi: cfg80211: fix regulatory disconnect with OCB/NAN
    - wifi: ieee80211: Fix the common size calculation for reconfiguration ML
    - mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019
    - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
    - wifi: ath9k: convert msecs to jiffies where needed
    - bpf: Factor out socket lookup functions for the TC hookpoint.
    - bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
    - bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
    - can: length: fix bitstuffing count
    - can: kvaser_pciefd: Add function to set skb hwtstamps
    - can: kvaser_pciefd: Set hardware timestamp on transmitted packets
    - net: stmmac: fix double serdes powerdown
    - netlink: fix potential deadlock in netlink_set_err()
    - netlink: do not hard code device address lenth in fdb dumps
    - bonding: do not assume skb mac_header is set
    - selftests: rtnetlink: remove netdevsim device after ipsec offload test
    - gtp: Fix use-after-free in __gtp_encap_destroy().
    - net: axienet: Move reset before 64-bit DMA detection
    - ocfs2: Fix use of slab data with sendpage
    - sfc: fix crash when reading stats while NIC is resetting
    - lib/ts_bm: reset initial match offset for every block of text
    - netfilter: conntrack: dccp: copy entire header to stack buffer, not just
      basic one
    - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
      value.
    - ipvlan: Fix return value of ipvlan_queue_xmit()
    - netlink: Add __sock_i_ino() for __netlink_diag_dump().
    - drm/amd/display: Add logging for display MALL refresh setting
    - radeon: avoid double free in ci_dpm_init()
    - drm/amd/display: Explicitly specify update type per plane info change
    - drm/bridge: it6505: Move a variable assignment behind a null pointer check
      in receive_timing_debugfs_show()
    - Input: drv260x - sleep between polling GO bit
    - drm/bridge: ti-sn65dsi83: Fix enable error path
    - drm/bridge: tc358768: always enable HS video mode
    - drm/bridge: tc358768: fix PLL parameters computation
    - drm/bridge: tc358768: fix PLL target frequency
    - drm/bridge: tc358768: fix TCLK_ZEROCNT computation
    - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
    - drm/bridge: tc358768: fix TCLK_TRAILCNT computation
    - drm/bridge: tc358768: fix THS_ZEROCNT computation
    - drm/bridge: tc358768: fix TXTAGOCNT computation
    - drm/bridge: tc358768: fix THS_TRAILCNT computation
    - drm/vram-helper: fix function names in vram helper doc
    - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    - ARM: dts: meson8b: correct uart_B and uart_C clock references
    - mm: call arch_swap_restore() from do_swap_page()
    - clk: vc5: Use `clamp()` to restrict PLL range
    - bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
    - clk: vc5: Fix .driver_data content in i2c_device_id
    - clk: vc7: Fix .driver_data content in i2c_device_id
    - clk: rs9: Fix .driver_data content in i2c_device_id
    - Input: adxl34x - do not hardcode interrupt trigger type
    - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    - drm/panel: sharp-ls043t1le01: adjust mode settings
    - driver: soc: xilinx: use _safe loop iterator to avoid a use after free
    - ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices
    - drm/vkms: isolate pixel conversion functionality
    - drm: Add fixed-point helper to get rounded integer values
    - drm/vkms: Fix RGB565 pixel conversion
    - ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
    - bus: ti-sysc: Fix dispc quirk masking bool variables
    - arm64: dts: microchip: sparx5: do not use PSCI on reference boards
    - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers
    - clk: imx: scu: use _safe list iterator to avoid a use after free
    - hwmon: (f71882fg) prevent possible division by zero
    - RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
    - RDMA/bnxt_re: Fix to remove unnecessary return labels
    - RDMA/bnxt_re: Use unique names while registering interrupts
    - RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
    - RDMA/bnxt_re: Fix to remove an unnecessary log
    - drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
    - drm/msm/disp/dpu: get timing engine status from intf status register
    - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
    - iommu/virtio: Detach domain on endpoint release
    - iommu/virtio: Return size mapped for a detached domain
    - clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write
    - ARM: dts: gta04: Move model property out of pinctrl node
    - drm/bridge: anx7625: Convert to i2c's .probe_new()
    - drm/bridge: anx7625: Prevent endless probe loop
    - ARM: dts: qcom: msm8974: do not use underscore in node name (again)
    - arm64: dts: qcom: msm8916: correct camss unit address
    - arm64: dts: qcom: msm8916: correct MMC unit address
    - arm64: dts: qcom: msm8994: correct SPMI unit address
    - arm64: dts: qcom: msm8996: correct camss unit address
    - arm64: dts: qcom: sdm630: correct camss unit address
    - arm64: dts: qcom: sdm845: correct camss unit address
    - arm64: dts: qcom: sm8350: correct DMA controller unit address
    - arm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg
    - arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
    - arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
    - drm/bridge: Introduce pre_enable_prev_first to alter bridge init order
    - drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec
    - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    - ARM: ep93xx: fix missing-prototype warnings
    - ARM: omap2: fix missing tick_broadcast() prototype
    - arm64: dts: qcom: pm7250b: add missing spmi-vadc include
    - arm64: dts: qcom: apq8096: fix fixed regulator name property
    - arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
    - ARM: dts: stm32: Shorten the AV96 HDMI sound card name
    - memory: brcmstb_dpfe: fix testing array offset after use
    - ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled
    - ASoC: es8316: Increment max value for ALC Capture Target Volume control
    - ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    - ARM: dts: meson8: correct uart_B and uart_C clock references
    - soc/fsl/qe: fix usb.c build errors
    - RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
    - IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
    - RDMA/hns: Fix hns_roce_table_get return value
    - ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
    - arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    - drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register
    - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    - arm64: dts: ti: k3-j7200: Fix physical address of pin
    - Input: pm8941-powerkey - fix debounce on gen2+ PMICs
    - ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
    - ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
    - hwmon: (gsc-hwmon) fix fan pwm temperature scaling
    - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
    - ARM: dts: BCM5301X: fix duplex-full => full-duplex
    - clk: Export clk_hw_forward_rate_request()
    - drm/amd/display: Fix a test CalculatePrefetchSchedule()
    - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
    - drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    - soc: mediatek: SVS: Fix MT8192 GPU node name
    - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video
      mode
    - drm/radeon: fix possible division-by-zero errors
    - HID: uclogic: Modular KUnit tests should not depend on KUNIT=y
    - RDMA/rxe: Fix access checks in rxe_check_bind_mw
    - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
    - drm/msm/a5xx: really check for A510 in a5xx_gpu_init
    - RDMA/bnxt_re: wraparound mbox producer index
    - RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
    - clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
    - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
    - clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe
    - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
    - arm64: dts: qcom: sdm845: Flush RSC sleep & wake votes
    - arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
    - clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks()
    - clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
    - clk: tegra: tegra124-emc: Fix potential memory leak
    - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    - drm/msm/dpu: do not enable color-management if DSPPs are not available
    - drm/msm/dpu: Fix slice_last_group_size calculation
    - drm/msm/dsi: Use DSC slice(s) packet size to compute word count
    - drm/msm/dsi: Flip greater-than check for slice_count and slice_per_intf
    - drm/msm/dsi: Remove incorrect references to slice_count
    - drm/msm/dp: Free resources after unregistering them
    - arm64: dts: mediatek: Add cpufreq nodes for MT8192
    - arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
    - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function.
    - drm/amdgpu: Fix usage of UMC fill record in RAS
    - drm/msm/dpu: correct MERGE_3D length
    - clk: vc5: check memory returned by kasprintf()
    - clk: cdce925: check return value of kasprintf()
    - clk: si5341: return error if one synth clock registration fails
    - clk: si5341: check return value of {devm_}kasprintf()
    - clk: si5341: free unused memory on probe failure
    - clk: keystone: sci-clk: check return value of kasprintf()
    - clk: ti: clkctrl: check return value of kasprintf()
    - drivers: meson: secure-pwrc: always enable DMA domain
    - ovl: update of dentry revalidate flags after copy up
    - ASoC: imx-audmix: check return value of devm_kasprintf()
    - clk: Fix memory leak in devm_clk_notifier_register()
    - ARM: dts: lan966x: kontron-d10: fix board reset
    - ARM: dts: lan966x: kontron-d10: fix SPI CS
    - ASoC: amd: acp: clear pdm dma interrupt mask
    - PCI: cadence: Fix Gen2 Link Retraining process
    - PCI: vmd: Reset VMD config register between soft reboots
    - scsi: qedf: Fix NULL dereference in error handling
    - pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
    - platform/x86: lenovo-yogabook: Fix work race on remove()
    - platform/x86: lenovo-yogabook: Reprobe devices on remove()
    - platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on
      probe()
    - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    - PCI: pciehp: Cancel bringup sequence if card is not present
    - PCI: ftpci100: Release the clock resources
    - pinctrl: sunplus: Add check for kmalloc
    - PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    - scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on
      nlp_state
    - perf bench: Add missing setlocale() call to allow usage of %'d style
      formatting
    - pinctrl: cherryview: Return correct value if pin in push-pull mode
    - platform/x86: think-lmi: mutex protection around multiple WMI calls
    - platform/x86: think-lmi: Correct System password interface
    - platform/x86: think-lmi: Correct NVME password handling
    - pinctrl:sunplus: Add check for kmalloc
    - pinctrl: npcm7xx: Add missing check for ioremap
    - kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
    - powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
    - powerpc/signal32: Force inlining of __unsafe_save_user_regs() and
      save_tm_user_regs_unsafe()
    - perf script: Fix allocation of evsel->priv related to per-event dump files
    - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles
    - perf dwarf-aux: Fix off-by-one in die_get_varname()
    - platform/x86/dell/dell-rbtn: Fix resources leaking on error path
    - perf tool x86: Consolidate is_amd check into single function
    - perf tool x86: Fix perf_env memory leak
    - powerpc/64s: Fix VAS mm use after free
    - pinctrl: microchip-sgpio: check return value of devm_kasprintf()
    - pinctrl: at91-pio4: check return value of devm_kasprintf()
    - powerpc/powernv/sriov: perform null check on iov before dereferencing iov
    - powerpc: update ppc_save_regs to save current r1 in pt_regs
    - PCI: qcom: Remove PCIE20_ prefix from register definitions
    - PCI: qcom: Sort and group registers and bitfield definitions
    - PCI: qcom: Use lower case for hex
    - PCI: qcom: Use DWC helpers for modifying the read-only DBI registers
    - PCI: qcom: Disable write access to read only registers for IP v2.9.0
    - riscv: uprobes: Restore thread.bad_cause
    - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
    - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
      boundary
    - PCI: endpoint: Fix a Kconfig prompt of vNTB driver
    - PCI: endpoint: functions/pci-epf-test: Fix dma_chan direction
    - PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain()
    - vfio/mdev: Move the compat_class initialization to module init
    - hwrng: virtio - Fix race on data_avail and actual data
    - modpost: remove broken calculation of exception_table_entry size
    - crypto: nx - fix build warnings when DEBUG_FS is not enabled
    - modpost: fix section mismatch message for R_ARM_ABS32
    - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    - crypto: marvell/cesa - Fix type mismatch warning
    - crypto: jitter - correct health test during initialization
    - modpost: fix off by one in is_executable_section()
    - ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    - crypto: qat - unmap buffer before free for DH
    - crypto: qat - unmap buffers before free for RSA
    - NFSv4.2: fix wrong shrinker_id
    - NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    - SMB3: Do not send lease break acknowledgment if all file handles have been
      closed
    - dax: Fix dax_mapping_release() use after free
    - dax: Introduce alloc_dev_dax_id()
    - dax/kmem: Pass valid argument to memory_group_register_static
    - hwrng: st - keep clock enabled while hwrng is registered
    - kbuild: Disable GCOV for *.mod.o
    - efi/libstub: Disable PCI DMA before grabbing the EFI memory map
    - cifs: prevent use-after-free by freeing the cfile later
    - cifs: do all necessary checks for credits within or before locking
    - smb: client: fix broken file attrs with nodfs mounts
    - ksmbd: avoid field overflow warning
    - arm64: sme: Use STR P to clear FFR context field in streaming SVE mode
    - x86/efi: Make efi_set_virtual_address_map IBT safe
    - md/raid1-10: fix casting from randomized structure in raid1_submit_write()
    - USB: serial: option: add LARA-R6 01B PIDs
    - usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    - phy: tegra: xusb: Clear the driver reference in usb-phy dev
    - iio: adc: ad7192: Fix null ad7192_state pointer access
    - iio: adc: ad7192: Fix internal/external clock selection
    - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
    - iio: accel: fxls8962af: fixup buffer scan element type
    - mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap()
    - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
    - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
    - ALSA: jack: Fix mutex call in snd_jack_report()
    - ALSA: pcm: Fix potential data race at PCM memory allocation helpers
    - block: fix signed int overflow in Amiga partition support
    - block: add overflow checks for Amiga partition support
    - block: change all __u32 annotations to __be32 in affs_hardblocks.h
    - block: increment diskseq on all media change events
    - btrfs: fix race when deleting free space root from the dirty cow roots list
    - SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    - w1: w1_therm: fix locking behavior in convert_t
    - w1: fix loop in w1_fini()
    - dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350
    - f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED
    - sh: j2: Use ioremap() to translate device tree address into kernel memory
    - usb: dwc2: Fix some error handling paths
    - serial: 8250: omap: Fix freeing of resources on failed register
    - clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk
    - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
    - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
    - clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable
    - media: usb: Check az6007_read() return value
    - media: amphion: drop repeated codec data for vc1l format
    - media: amphion: drop repeated codec data for vc1g format
    - media: amphion: initiate a drain of the capture queue in dynamic resolution
      change
    - media: videodev2.h: Fix struct v4l2_input tuner index comment
    - media: i2c: Correct format propagation for st-mipid02
    - media: hi846: fix usage of pm_runtime_get_if_in_use()
    - media: mediatek: vcodec: using decoder status instead of core work count
    - clk: qcom: ipq6018: fix networking resets
    - clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling
    - clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling
    - clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock
    - staging: vchiq_arm: mark vchiq_platform_init() static
    - usb: dwc3: qcom: Fix potential memory leak
    - usb: gadget: u_serial: Add null pointer check in gserial_suspend
    - extcon: Fix kernel doc of property fields to avoid warnings
    - extcon: Fix kernel doc of property capability fields to avoid warnings
    - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    - usb: hide unused usbfs_notify_suspend/resume functions
    - usb: misc: eud: Fix eud sysfs path (use 'qcom_eud')
    - serial: core: lock port for stop_rx() in uart_suspend_port()
    - serial: 8250: lock port for stop_rx() in omap8250_irq()
    - serial: core: lock port for start_rx() in uart_resume_port()
    - serial: 8250: lock port for UART_IER access in omap8250_irq()
    - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
    - lkdtm: replace ll_rw_block with submit_bh
    - i3c: master: svc: fix cpu schedule in spin lock
    - coresight: Fix loss of connection info when a module is unloaded
    - mfd: rt5033: Drop rt5033-battery sub-device
    - media: venus: helpers: Fix ALIGN() of non power of two
    - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
    - sh: Avoid using IRQ0 on SH3 and SH4
    - gfs2: Fix duplicate should_fault_in_pages() call
    - f2fs: fix potential deadlock due to unpaired node_write lock use
    - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
    - usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection
    - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
    - mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe()
    - mfd: intel-lpss: Add missing check for platform_get_resource
    - Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection"
    - serial: 8250_omap: Use force_suspend and resume for system suspend
    - device property: Clarify description of returned value in some functions
    - drivers: fwnode: fix fwnode_irq_get[_byname]()
    - nvmem: sunplus-ocotp: release otp->clk before return
    - nvmem: rmem: Use NVMEM_DEVID_AUTO
    - bus: fsl-mc: don't assume child devices are all fsl-mc devices
    - mfd: stmfx: Fix error path in stmfx_chip_init
    - mfd: stmfx: Nullify stmfx->vdd in case of error
    - KVM: s390: vsie: fix the length of APCB bitmap
    - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
    - cpufreq: mediatek: correct voltages for MT7622 and MT7623
    - misc: fastrpc: check return value of devm_kasprintf()
    - clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags
    - hwtracing: hisi_ptt: Fix potential sleep in atomic context
    - mfd: stmpe: Only disable the regulators if they are enabled
    - phy: tegra: xusb: check return value of devm_kzalloc()
    - lib/bitmap: drop optimization of bitmap_{from,to}_arr64
    - pwm: imx-tpm: force 'real_period' to be zero in suspend
    - pwm: sysfs: Do not apply state to already disabled PWMs
    - pwm: ab8500: Fix error code in probe()
    - pwm: mtk_disp: Fix the disable flow of disp_pwm
    - md/raid10: fix the condition to call bio_end_io_acct()
    - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
    - drm/i915/guc/slpc: Apply min softlimit correctly
    - f2fs: check return value of freeze_super()
    - media: cec: i2c: ch7322: also select REGMAP
    - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    - net/sched: act_ipt: add sanity checks on table name and hook locations
    - net: add a couple of helpers for iph tot_len
    - net/sched: act_ipt: add sanity checks on skb before calling target
    - spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode
    - net: mscc: ocelot: don't report that RX timestamping is enabled by default
    - net: mscc: ocelot: don't keep PTP configuration of all ports in single
      structure
    - net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping
      is disabled
    - net: dsa: sja1105: always enable the INCL_SRCPT option
    - net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT
    - Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    - Bluetooth: fix invalid-bdaddr quirk for non-persistent setup
    - Bluetooth: ISO: use hci_sync for setting CIG parameters
    - Bluetooth: MGMT: add CIS feature bits to controller information
    - Bluetooth: MGMT: Use BIT macro when defining bitfields
    - Bluetooth: MGMT: Fix marking SCAN_RSP as not connectable
    - ibmvnic: Do not reset dql stats on NON_FATAL err
    - net: dsa: vsc73xx: fix MTU configuration
    - mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
    - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    - drm/amdgpu: fix number of fence calculations
    - drm/amd: Don't try to enable secure display TA multiple times
    - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    - f2fs: fix error path handling in truncate_dnode()
    - octeontx2-af: Fix mapping for NIX block from CGX connection
    - octeontx2-af: Add validation before accessing cgx and lmac
    - ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
    - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    - powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node
    - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    - net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge
      mode
    - net: fix net_dev_start_xmit trace event vs skb_transport_offset()
    - tcp: annotate data races in __tcp_oow_rate_limited()
    - bpf, btf: Warn but return no error for NULL btf from
      __register_btf_kfunc_id_set()
    - xsk: Honor SO_BINDTODEVICE on bind
    - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    - fanotify: disallow mount/sb marks on kernel internal pseudo fs
    - riscv: move memblock_allow_resize() after linear mapping is ready
    - pptp: Fix fib lookup calls.
    - net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    - net: dsa: sja1105: always enable the send_meta options
    - octeontx-af: fix hardware timestamp configuration
    - afs: Fix accidental truncation when storing data
    - s390/qeth: Fix vipa deletion
    - sh: dma: Fix DMA channel offset calculation
    - apparmor: fix missing error check for rhashtable_insert_fast
    - i2c: xiic: Don't try to handle more interrupt events after error
    - dm: fix undue/missing spaces
    - dm: avoid split of quoted strings where possible
    - dm ioctl: have constant on the right side of the test
    - dm ioctl: Avoid double-fetch of version
    - extcon: usbc-tusb320: Unregister typec port on driver removal
    - btrfs: do not BUG_ON() on tree mod log failure at balance_level()
    - i2c: qup: Add missing unwind goto in qup_i2c_probe()
    - irqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment
    - NFSD: add encoding of op_recall flag for write delegation
    - irqchip/loongson-pch-pic: Fix initialization of HT vector register
    - io_uring: wait interruptibly for request completions on exit
    - mmc: core: disable TRIM on Kingston EMMC04G-M627
    - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
    - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
      used.
    - wifi: cfg80211: fix regulatory disconnect for non-MLO
    - wifi: ath10k: Serialize wake_tx_queue ops
    - bcache: fixup btree_cache_wait list damage
    - bcache: Remove unnecessary NULL point check in node allocations
    - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
    - watch_queue: prevent dangling pipe pointer
    - um: Use HOST_DIR for mrproper
    - integrity: Fix possible multiple allocation in integrity_inode_get()
    - autofs: use flexible array in ioctl structure
    - mm/damon/ops-common: atomically test and clear young on ptes and pmds
    - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
    - jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    - fs: avoid empty option when generating legacy mount string
    - ext4: Remove ext4 locking of moved directory
    - Revert "f2fs: fix potential corruption when moving a directory"
    - fs: Establish locking order for unrelated directories
    - fs: Lock moved directories
    - i2c: nvidia-gpu: Add ACPI property to align with device-tree
    - i2c: nvidia-gpu: Remove ccgx,firmware-build property
    - usb: typec: ucsi: Mark dGPUs as DEVICE scope
    - ipvs: increase ip_vs_conn_tab_bits range for 64BIT
    - btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
    - btrfs: delete unused BGs while reclaiming BGs
    - btrfs: bail out reclaim process if filesystem is read-only
    - btrfs: add block-group tree to lockdep classes
    - btrfs: reinsert BGs failed to reclaim
    - btrfs: fix race when deleting quota root from the dirty cow roots list
    - btrfs: fix extent buffer leak after tree mod log failure at split_node()
    - btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
    - ASoC: mediatek: mt8173: Fix irq error path
    - ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
    - regulator: tps65219: Fix matching interrupts for their regulators
    - ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
    - ARM: orion5x: fix d2net gpio initialization
    - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
    - blktrace: use inline function for blk_trace_remove() while blktrace is
      disabled
    - fs: no need to check source
    - xfs: explicitly specify cpu when forcing inodegc delayed work to run
      immediately
    - xfs: check that per-cpu inodegc workers actually run on that cpu
    - xfs: disable reaping in fscounters scrub
    - xfs: fix xfs_inodegc_stop racing with mod_delayed_work
    - mm/mmap: Fix extra maple tree write
    - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    - wireguard: queueing: use saner cpu selection wrapping
    - wireguard: netlink: send staged packets when setting initial private key
    - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    - block/partition: fix signedness issue for Amiga partitions
    - sh: mach-r2d: Handle virq offset in cascaded IRL demux
    - sh: mach-highlander: Handle virq offset in cascaded IRL demux
    - sh: mach-dreamcast: Handle virq offset in cascaded IRQ demux
    - sh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ
    - blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
    - irqchip/loongson-eiointc: Fix irq affinity setting during resume
    - perf: arm_cspmu: Set irq affinitiy only if overflow interrupt is used
    - perf/arm_cspmu: Fix event attribute type
    - APEI: GHES: correctly return NULL for ghes_get_devices()
    - wifi: rtw88: usb: silence log flooding error message
    - net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses
    - drm/amd/display: fix is_timing_changed() prototype
    - Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()
    - drm/nouveau: dispnv50: fix missing-prototypes warning
    - arm64: dts: qcom: pm8998: don't use GIC_SPI for SPMI interrupts
    - arm64: dts: qcom: ipq6018: correct qrng unit address
    - arm64: dts: qcom: msm8953: correct IOMMU unit address
    - arm64: dts: qcom: msm8976: correct MMC unit address
    - arm64: dts: qcom: sm6115: correct thermal-sensor unit address
    - drm/msm/dpu: always clear every individual pending flush mask
    - MIPS: DTS: CI20: Fix ACT8600 regulator node names
    - arm64: dts: qcom: sdm670: Flush RSC sleep & wake votes
    - arm64: dts: ti: k3-j721e-beagleboneai64: Fix mailbox node status
    - drm/msm/dp: Drop aux devices together with DP controller
    - iommufd: Do not access the area pointer after unlocking
    - iommufd: Call iopt_area_contig_done() under the lock
    - perf evsel: Don't let for_each_group() treat the head of the list as one of
      its nodes
    - pinctrl: tegra: Duplicate pinmux functions table
    - platform/x86:intel/pmc: Remove Meteor Lake S platform support
    - perf tests task_analyzer: Fix bad substitution ${$1}
    - perf tests task_analyzer: Skip tests if no libtraceevent support
    - pinctrl: freescale: Fix a memory out of bounds when num_configs is 1
    - perf stat: Reset aggr stats for each run
    - platform/x86:intel/pmc: Update maps for Meteor Lake P/M platforms
    - perf test: Set PERF_EXEC_PATH for script execution
    - kbuild: Fix CFI failures with GCOV
    - btrfs: fix range_end calculation in extent_write_locked_range
    - igc: Fix race condition in PTP tx code
    - igc: Check if hardware TX timestamping is enabled earlier
    - igc: Work around HW bug causing missing timestamps
    - sch_netem: fix issues in netem_change() vs get_dist_table()
    - interconnect: qcom: rpm: Don't use clk_get_optional for bus clocks anymore
    - media: videodev2.h: Fix p_s32 and p_s64 pointer types
    - f2fs: fix the wrong condition to determine atomic context
    - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
    - media: tc358746: select CONFIG_GENERIC_PHY
    - net/sched: act_ipt: zero skb->cb before calling target
    - octeontx2-af: cn10kb: fix interrupt csr addresses
    - octeontx2-af: Reset MAC features in FLR
    - drm/i915/psr: Fix BDW PSR AUX CH data register offsets
    - irqchip/loongson-liointc: Fix IRQ trigger polarity
    - btrfs: fix dirty_metadata_bytes for redirtied buffers
    - btrfs: add missing error handling when logging operation while COWing extent
      buffer
    - ARM: dts: qcom: msm8660: Fix regulator node names
    - ovl: fix null pointer dereference in ovl_permission()
    - ovl: let helper ovl_i_path_real() return the realinode
    - ovl: fix null pointer dereference in ovl_get_acl_rcu()
    - Upstream stable to v6.1.39, v6.3.13, v6.4.4
  * Lunar update: upstream stable patchset 2023-09-01 (LP: #2033931)
    - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
    - test_firmware: Use kstrtobool() instead of strtobool()
    - cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
    - cgroup: always put cset in cgroup_css_set_put_fork
    - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
    - qcom: llcc/edac: Fix the base address used for accessing LLCC banks
    - EDAC/qcom: Get rid of hardcoded register offsets
    - ksmbd: validate smb request protocol id
    - of: overlay: Fix missing of_node_put() in error case of
      init_overlay_changeset()
    - power: supply: ab8500: Fix external_power_changed race
    - power: supply: sc27xx: Fix external_power_changed race
    - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
      schedule()
    - ARM: dts: vexpress: add missing cache properties
    - tools: gpio: fix debounce_period_us output of lsgpio
    - selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change
    - power: supply: Ratelimit no data debug output
    - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
    - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
    - regulator: Fix error checking for debugfs_create_dir
    - irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
    - irqchip/meson-gpio: Mark OF related data as maybe unused
    - power: supply: Fix logic checking if system is running from battery
    - drm: panel-orientation-quirks: Change Air's quirk to support Air Plus
    - btrfs: scrub: try harder to mark RAID56 block groups read-only
    - btrfs: handle memory allocation failure in btrfs_csum_one_bio
    - ASoC: soc-pcm: test if a BE can be prepared
    - ASoC: Intel: avs: Account for UID of ACPI device
    - ASoC: Intel: avs: Add missing checks on FE startup
    - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
    - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
    - MIPS: unhide PATA_PLATFORM
    - MIPS: Restore Au1300 support
    - MIPS: Alchemy: fix dbdma2
    - mips: Move initrd_start check after initrd address sanitisation.
    - ASoC: cs35l41: Fix default regmap values for some registers
    - ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
    - xen/blkfront: Only check REQ_FUA for writes
    - drm:amd:amdgpu: Fix missing buffer object unlock in failure path
    - io_uring: unlock sqd->lock before sq thread release CPU
    - NVMe: Add MAXIO 1602 to bogus nid list.
    - irqchip/gic: Correctly validate OF quirk descriptors
    - wifi: cfg80211: fix locking in regulatory disconnect
    - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
    - epoll: ep_autoremove_wake_function should use list_del_init_careful
    - ocfs2: fix use-after-free when unmounting read-only filesystem
    - ocfs2: check new file size on fallocate call
    - zswap: do not shrink if cgroup may not zswap
    - nios2: dts: Fix tse_mac "max-frame-size" property
    - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
    - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
    - nilfs2: reject devices with insufficient block count
    - LoongArch: Fix perf event id calculation
    - io_uring/net: save msghdr->msg_control for retries
    - kexec: support purgatories with .text.hot sections
    - x86/purgatory: remove PGO flags
    - riscv/purgatory: remove PGO flags
    - powerpc/purgatory: remove PGO flags
    - btrfs: do not ASSERT() on duplicated global roots
    - btrfs: fix iomap_begin length for nocow writes
    - btrfs: can_nocow_file_extent should pass down args->strict from callers
    - ALSA: usb-audio: Fix broken resume due to UAC3 power state
    - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD
      playback
    - dm thin metadata: check fail_io before using data_sm
    - dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard
    - net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open
    - nouveau: fix client work fence deletion race
    - RDMA/uverbs: Restrict usage of privileged QKEYs
    - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
    - net: usb: qmi_wwan: add support for Compal RXM-G1
    - drm/amd: Make sure image is written to trigger VBIOS image update flow
    - drm/amd: Tighten permissions on VBIOS flashing attributes
    - drm/amd/pm: workaround for compute workload type on some skus
    - drm/amdgpu: add missing radeon secondary PCI ID
    - ALSA: hda/realtek: Add a quirk for Compaq N14JP6
    - thunderbolt: dma_test: Use correct value for absent rings when creating
      paths
    - thunderbolt: Mask ring interrupt on Intel hardware as well
    - clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr
    - USB: serial: option: add Quectel EM061KGL series
    - serial: lantiq: add missing interrupt ack
    - usb: typec: ucsi: Fix command cancellation
    - usb: typec: Fix fast_role_swap_current show function
    - usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
    - usb: gadget: udc: core: Prevent soft_connect_store() race
    - USB: dwc3: qcom: fix NULL-deref on suspend
    - USB: dwc3: fix use-after-free on core driver unbind
    - usb: dwc3: gadget: Reset num TRBs before giving back the request
    - RDMA/rtrs: Fix the last iu->buf leak in err path
    - RDMA/rtrs: Fix rxe_dealloc_pd warning
    - RDMA/rxe: Fix packet length checks
    - RDMA/rxe: Fix ref count error in check_rkey()
    - spi: cadence-quadspi: Add missing check for dma_set_mask
    - spi: fsl-dspi: avoid SCK glitches with continuous transfers
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
    - ice: Fix XDP memory leak when NIC is brought up and down
    - net: enetc: correct the indexes of highest and 2nd highest TCs
    - ping6: Fix send to link-local addresses with VRF.
    - igb: Fix extts capture value format for 82580/i354/i350
    - net/sched: simplify tcf_pedit_act
    - net/sched: act_pedit: remove extra check for key type
    - net/sched: act_pedit: Parse L3 Header for L4 offset
    - octeontx2-af: Fix promiscuous mode
    - wifi: mac80211: fix link activation settings order
    - wifi: cfg80211: fix link del callback to call correct handler
    - wifi: mac80211: take lock before setting vif links
    - RDMA/rxe: Fix the use-before-initialization error of resp_pkts
    - iavf: remove mask from iavf_irq_enable_queues()
    - octeontx2-af: fixed resource availability check
    - octeontx2-af: fix lbk link credits on cn10k
    - RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
    - RDMA/mlx5: Create an indirect flow table for steering anchor
    - RDMA/cma: Always set static rate to 0 for RoCE
    - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
    - RDMA/mlx5: Fix affinity assignment
    - IB/isert: Fix dead lock in ib_isert
    - IB/isert: Fix possible list corruption in CMA handler
    - IB/isert: Fix incorrect release of isert connection
    - net: ethtool: correct MAX attribute value for stats
    - ipvlan: fix bound dev checking for IPv6 l3s mode
    - sctp: fix an error code in sctp_sf_eat_auth()
    - igc: Clean the TX buffer and TX descriptor ring
    - igc: Fix possible system crash when loading module
    - igb: fix nvm.ops.read() error handling
    - net: phylink: report correct max speed for QUSGMII
    - net: phylink: use a dedicated helper to parse usgmii control word
    - drm/nouveau: don't detect DSM for non-NVIDIA device
    - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow
    - drm/nouveau/dp: check for NULL nv_connector->native_mode
    - drm/nouveau: add nv_encoder pointer check for NULL
    - selftests/tc-testing: Fix Error: Specified qdisc kind is unknown.
    - selftests/tc-testing: Fix Error: failed to find target LOG
    - selftests/tc-testing: Fix SFB db test
    - sched: add new attr TCA_EXT_WARN_MSG to report tc extact message
    - net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
    - net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
    - selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step
    - cifs: fix lease break oops in xfstest generic/098
    - ext4: drop the call to ext4_error() from ext4_get_group_info()
    - net/sched: cls_api: Fix lockup on flushing explicitly created chain
    - net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames
    - net: lapbether: only support ethernet devices
    - net: macsec: fix double free of percpu stats
    - sfc: fix XDP queues mode with legacy IRQ
    - dm: don't lock fs when the map is NULL during suspend or resume
    - net: tipc: resize nlattr array to correct size
    - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
    - octeon_ep: Add missing check for ioremap
    - afs: Fix vlserver probe RTT handling
    - parisc: Delete redundant register definitions in <asm/assembly.h>
    - net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy
    - Revert "net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy"
    - net/sched: act_api: add specific EXT_WARN_MSG for tc action
    - neighbour: delete neigh_lookup_nodev as not used
    - scsi: target: core: Fix error path in target_setup_session()
    - x86/boot/compressed: prefer cc-option for CFLAGS additions
    - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
    - MIPS: Prefer cc-option for additions to cflags
    - kbuild: Update assembler calls to use proper flags and language target
    - btrfs: properly enable async discard when switching from RO->RW
    - wifi: mac80211: fragment per STA profile correctly
    - RDMA/rxe: Fix rxe_cq_post
    - blk-cgroup: Flush stats before releasing blkcg_gq
    - Upstream stable to v6.1.35, v6.3.9
    - drm/amd/display: Use dc_update_planes_and_stream
    - drm/amd/display: Add wrapper to call planes and stream update
    - drm/amd/display: fix the system hang while disable PSR
    - tty: serial: fsl_lpuart: make rx_watermark configurable for different
      platforms
    - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
    - mm: Fix copy_from_user_nofault().
    - tpm, tpm_tis: Claim locality in interrupt handler
    - tpm_crb: Add support for CRB devices based on Pluton
    - ksmbd: validate command payload size
    - ksmbd: fix out-of-bound read in smb2_write
    - ksmbd: validate session id and tree id in the compound request
    - tick/common: Align tick period during sched_timer setup
    - selftests: mptcp: remove duplicated entries in usage
    - selftests: mptcp: join: fix ShellCheck warnings
    - selftests: mptcp: lib: skip if missing symbol
    - selftests: mptcp: connect: skip transp tests if not supported
    - selftests: mptcp: connect: skip disconnect tests if not supported
    - selftests: mptcp: pm nl: remove hardcoded default limits
    - selftests: mptcp: pm nl: skip fullmesh flag checks if not supported
    - selftests: mptcp: sockopt: relax expected returned size
    - selftests: mptcp: sockopt: skip getsockopt checks if not supported
    - selftests: mptcp: userspace pm: skip if 'ip' tool is unavailable
    - selftests: mptcp: userspace pm: skip if not supported
    - selftests: mptcp: lib: skip if not below kernel version
    - selftests: mptcp: join: use 'iptables-legacy' if available
    - selftests: mptcp: join: helpers to skip tests
    - selftests: mptcp: join: skip check if MIB counter not supported
    - selftests: mptcp: join: support local endpoint being tracked or not
    - selftests: mptcp: join: skip Fastclose tests if not supported
    - selftests: mptcp: join: support RM_ADDR for used endpoints or not
    - selftests: mptcp: join: skip implicit tests if not supported
    - selftests: mptcp: join: skip backup if set flag on ID not supported
    - selftests: mptcp: join: skip fullmesh flag tests if not supported
    - selftests: mptcp: join: skip MPC backups tests if not supported
    - selftests/mount_setattr: fix redefine struct mount_attr build error
    - selftests: mptcp: diag: skip listen tests if not supported
    - selftests: mptcp: sockopt: skip TCP_INQ checks if not supported
    - selftests: mptcp: join: skip test if iptables/tc cmds fail
    - selftests: mptcp: join: skip userspace PM tests if not supported
    - selftests: mptcp: join: skip fail tests if not supported
    - selftests: mptcp: join: fix "userspace pm add & remove address"
    - writeback: fix dereferencing NULL mapping->host on writeback_page_template
    - scripts: fix the gfp flags header path in gfp-translate
    - nilfs2: fix buffer corruption due to concurrent device reads
    - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
    - KVM: Avoid illegal stage2 mapping on invalid memory slot
    - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
    - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    - PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    - Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
    - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    - PCI: hv: Add a per-bus mutex state_lock
    - io_uring/net: clear msg_controllen on partial sendmsg retry
    - io_uring/net: disable partial retries for recvmsg with cmsg
    - mptcp: handle correctly disconnect() failures
    - mptcp: fix possible divide by zero in recvmsg()
    - mptcp: fix possible list corruption on passive MPJ
    - mptcp: consolidate fallback and non fallback state machine
    - cgroup: Do not corrupt task iteration when rebinding subsystem
    - cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in
      freezer_css_{online,offline}()
    - mmc: litex_mmc: set PROBE_PREFER_ASYNCHRONOUS
    - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
    - mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    - mmc: mmci: stm32: fix max busy timeout calculation
    - mmc: sdhci-spear: fix deferred probing
    - mmc: bcm2835: fix deferred probing
    - mmc: sunxi: fix deferred probing
    - bpf: ensure main program has an extable
    - wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0
    - spi: spi-geni-qcom: correctly handle -EPROBE_DEFER from dma_request_chan()
    - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
    - regmap: spi-avmm: Fix regmap_bus max_raw_write
    - arm64: dts: rockchip: Fix rk356x PCIe register and range mappings
    - nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    - x86/mm: Avoid using set_pgd() outside of real PGD pages
    - memfd: check for non-NULL file_seals in memfd_create() syscall
    - mmc: meson-gx: fix deferred probing
    - ieee802154: hwsim: Fix possible memory leaks
    - xfrm: Treat already-verified secpath entries as optional
    - xfrm: Ensure policies always checked on XFRM-I input path
    - KVM: arm64: PMU: Restore the host's PMUSERENR_EL0
    - bpf: track immediate values written to stack by BPF_ST instruction
    - bpf: Fix verifier id tracking of scalars on spill
    - xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
    - bpf: Fix a bpf_jit_dump issue for x86_64 with sysctl bpf_jit_enable.
    - selftests: net: tls: check if FIPS mode is enabled
    - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
    - selftests: net: fcnal-test: check if FIPS mode is enabled
    - xfrm: Linearize the skb after offloading if needed.
    - net/mlx5: DR, Fix wrong action data allocation in decap action
    - sfc: use budget for TX completions
    - net: qca_spi: Avoid high load if QCA7000 is not available
    - mmc: mtk-sd: fix deferred probing
    - mmc: mvsdio: fix deferred probing
    - mmc: omap: fix deferred probing
    - mmc: omap_hsmmc: fix deferred probing
    - mmc: owl: fix deferred probing
    - mmc: sdhci-acpi: fix deferred probing
    - mmc: sh_mmcif: fix deferred probing
    - mmc: usdhi60rol0: fix deferred probing
    - ipvs: align inner_mac_header for encapsulation
    - net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    - net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
    - net: dsa: mt7530: fix handling of LLDP frames
    - be2net: Extend xmit workaround to BE3 chip
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nft_set_pipapo: .walk does not deal with generations
    - netfilter: nf_tables: disallow element updates of bound anonymous sets
    - netfilter: nf_tables: reject unbound anonymous set before commit phase
    - netfilter: nf_tables: reject unbound chain set before commit phase
    - netfilter: nf_tables: disallow updates of anonymous sets
    - netfilter: nfnetlink_osf: fix module autoload
    - Revert "net: phy: dp83867: perform soft reset and retain established link"
    - bpf/btf: Accept function names that contain dots
    - bpf: Force kprobe multi expected_attach_type for kprobe_multi link
    - io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr
    - selftests: forwarding: Fix race condition in mirror installation
    - platform/x86/amd/pmf: Register notify handler only if SPS is enabled
    - sch_netem: acquire qdisc lock in netem_change()
    - revert "net: align SO_RCVMARK required privileges with SO_MARK"
    - arm64: dts: rockchip: fix nEXTRST on SOQuartz
    - gpiolib: Fix GPIO chip IRQ initialization restriction
    - gpio: sifive: add missing check for platform_get_irq
    - gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain()
    - scsi: target: iscsi: Prevent login threads from racing between each other
    - HID: wacom: Add error check to wacom_parse_and_register()
    - arm64: Add missing Set/Way CMO encodings
    - smb3: missing null check in SMB2_change_notify
    - media: cec: core: disable adapter in cec_devnode_unregister
    - media: cec: core: don't set last_initiator if tx in progress
    - nfcsim.c: Fix error checking for debugfs_create_dir
    - btrfs: fix an uninitialized variable warning in btrfs_log_inode
    - usb: gadget: udc: fix NULL dereference in remove()
    - nvme: double KA polling frequency to avoid KATO with TBKAS on
    - nvme: check IO start time when deciding to defer KA
    - nvme: improve handling of long keep alives
    - Input: soc_button_array - add invalid acpi_index DMI quirk handling
    - arm64: dts: qcom: sc7280-idp: drop incorrect dai-cells from WCD938x SDW
    - arm64: dts: qcom: sc7280-qcard: drop incorrect dai-cells from WCD938x SDW
    - s390/cio: unregister device when the only path is gone
    - spi: lpspi: disable lpspi module irq in DMA mode
    - ASoC: codecs: wcd938x-sdw: do not set can_multi_write flag
    - ASoC: simple-card: Add missing of_node_put() in case of error
    - soundwire: dmi-quirks: add new mapping for HP Spectre x360
    - soundwire: qcom: add proper error paths in qcom_swrm_startup()
    - ASoC: nau8824: Add quirk to active-high jack-detect
    - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
    - gfs2: Don't get stuck writing page onto itself under direct I/O
    - s390/purgatory: disable branch profiling
    - ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP
      asserted
    - ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the
      ALC256
    - i2c: mchp-pci1xxxx: Avoid cast to incompatible function type
    - ARM: dts: Fix erroneous ADS touchscreen polarities
    - null_blk: Fix: memory release when memory_backed=1
    - drm/exynos: vidi: fix a wrong error return
    - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    - vhost_vdpa: tell vqs about the negotiated
    - vhost_net: revert upend_idx only on retriable error
    - KVM: arm64: Restore GICv2-on-GICv3 functionality
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
      cycle
    - smb: move client and server files to common directory fs/smb
    - [Config] updateconfigs for SMBFS_COMMON
    - cifs: fix status checks in cifs_tree_connect
    - udmabuf: revert 'Add support for mapping hugepages (v4)'
    - selftests: mptcp: connect: skip TFO tests if not supported
    - selftests: mptcp: join: skip PM listener tests if not supported
    - selftests: mptcp: join: uniform listener tests
    - block: make sure local irq is disabled when calling __blkcg_rstat_flush
    - xfrm: add missed call to delete offloaded policies
    - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
    - iommu/amd: Fix possible memory leak of 'domain'
    - Upstream stable to v6.1.36, v6.3.10
    - mm/mmap: Fix error path in do_vmi_align_munmap()
    - mm/mmap: Fix error return in do_vmi_align_munmap()
    - mptcp: ensure listener is unhashed before updating the sk status
    - x86/microcode/AMD: Load late on both threads too
    - x86/smp: Remove pointless wmb()s from native_stop_other_cpus()
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - x86/smp: Cure kexec() vs. mwait_play_dead() breakage
    - can: isotp: isotp_sendmsg(): fix return error fix on TX path
    - maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()
    - fbdev: fix potential OOB read in fast_imageblit()
    - HID: hidraw: fix data race on device refcount
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
    - Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak
      in mtk_thermal_probe"
    - sparc32: fix lock_mm_and_find_vma() conversion
    - parisc: fix expand_stack() conversion
    - csky: fix up lock_mm_and_find_vma() conversion
    - xtensa: fix NOMMU build with lock_mm_and_find_vma() conversion
    - Upstream stable to v6.1.37, v6.3.11
    - xtensa: fix lock_mm_and_find_vma in case VMA not found
    - drm/amd/display: Do not update DRR while BW optimizations pending
    - PCI/ACPI: Validate acpi_pci_set_power_state() parameter
    - PCI/ACPI: Call _REG when transitioning D-states
    - execve: always mark stack as growing down during early stack setup
    - nubus: Partially revert proc_create_single_data() conversion
    - perf symbols: Symbol lookup with kcore can fail if multiple segments match
      stext
    - scripts/tags.sh: Resolve gtags empty index generation
    - docs: Set minimal gtags / GNU GLOBAL version to 6.6.5
    - drm/amdgpu: Validate VM ioctl flags.
    - drm/amd/display: Ensure vmin and vmax adjust for DCE
    - Upstream stable to v6.1.38, v6.3.12
  * allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide
  * CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
  * CVE-2023-4132
    - media: usb: siano: Fix warning due to null work_func_t function pointer
  * CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  * CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

[ Ubuntu: 6.2.0-35.35~22.04.1 ]

* jammy/linux-hwe-6.2: 6.2.0-35.35~22.04.1 -proposed tracker (LP: #2038228)
  * CVE-2023-42755
    - [Config] hwe-6.2: Mark cls_rsv[p,p6] gone
  * lunar/linux: 6.2.0-35.35 -proposed tracker (LP: #2038229)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-5197
    - netfilter: nf_tables: skip bound chain in netns release path
    - netfilter: nf_tables: disallow rule removal from chain binding
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
    - net: add SKB_HEAD_ALIGN() helper
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

[ Ubuntu: 6.2.0-34.34~22.04.1 ]

* jammy/linux-hwe-6.2: 6.2.0-34.34~22.04.1 -proposed tracker (LP: #2033778)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * lunar/linux: 6.2.0-34.34 -proposed tracker (LP: #2033779)
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - tools headers x86 cpufeatures: Sync with the kernel sources
    - x86/alternative: Optimize returns patching
    - x86/retbleed: Add __x86_return_thunk alignment checks
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Add a forgotten NOENDBR annotation
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - Documentation/hw-vuln: Unify filename specification in index
    - Documentation/srso: Document IBPB aspect and fix formatting
    - x86/srso: Fix build breakage with the LLVM linker
    - x86: Move gds_ucode_mitigated() declaration to header
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigation on unaffected configurations
    - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
      retpolines and IBT
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - objtool/x86: Fix SRSO mess
    - x86/alternative: Make custom return thunk unconditional
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - objtool/x86: Fixup frame-pointer vs rethunk
    - x86/static_call: Fix __static_call_fixup()
    - x86/srso: Correct the mitigation status when SMT is disabled
    - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * dGPU cannot resume because system firmware stuck in IPCS method
    (LP: #2021572)
    - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port
    - drm/i915/tc: switch to intel_de_* register accessors in display code
    - drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
    - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
    - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
    - drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
    - drm/i915/tc: Factor out helpers converting HPD mask to TC mode
    - drm/i915/tc: Fix target TC mode for a disconnected legacy port
    - drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
    - drm/i915/tc: Fix initial TC mode on disabled legacy ports
    - drm/i915/tc: Make the TC mode readout consistent in all PHY states
    - drm/i915: Add encoder hook to get the PLL type used by TC ports
    - drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
    - drm/i915/tc: Factor out a function querying active links on a TC port
    - drm/i915/tc: Check the PLL type used by an enabled TC port
    - drm/i915/tc: Group the TC PHY setup/query functions per platform
    - drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
    - drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
    - drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
    - drm/i915/tc: Move TC port fields to a new intel_tc_port struct
    - drm/i915/tc: Check for TC PHY explicitly in
      intel_tc_port_fia_max_lane_count()
    - drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
    - drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
    - drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
    - drm/i915/tc: Add TC PHY hook to read out the PHY HW state
    - drm/i915/tc: Add generic TC PHY connect/disconnect handlers
    - drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
    - drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
    - drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
    - drm/i915/tc: Check TC mode instead of the VBT legacy flag
    - drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
    - drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
    - drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
    - drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
    - drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
    - drm/i915/tc: Add TC PHY hook to init the PHY
    - drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
    - drm/i915/tc: Get power ref for reading the HPD live status register
    - drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
    - drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
    - drm/i915: Move shared DPLL disabling into CRTC disable hook
    - drm/i915: Disable DPLLs before disconnecting the TC PHY
    - drm/i915: Remove TC PHY disconnect workaround
    - drm/i915: Remove the encoder update_prepare()/complete() hooks
    - drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
    - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
    - drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
    - drm/i915: Make the CRTC state consistent during sanitize-disabling
    - drm/i915: Update connector atomic state before crtc sanitize-disabling
    - drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
    - drm/i915: Factor out set_encoder_for_connector()
    - drm/i915: Add support for disabling any CRTCs during HW readout/sanitization
    - drm/i915/dp: Prevent link training fallback on disconnected port
    - drm/i915/dp: Factor out intel_dp_get_active_pipes()
    - drm/i915: Factor out a helper for handling atomic modeset locks/state
    - drm/i915/tc: Call TypeC port flush_work/cleanup without modeset locks held
    - drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink
      disconnects
  * amdgpu: Fixes for S0i3 resume on Phoenix (LP: #2033654)
    - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11
    - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix
    - drm/amd: flush any delayed gfxoff on suspend entry
  * Fix panel brightness issues on HP laptops (LP: #2032704)
    - ACPI: video: Put ACPI video and its child devices into D0 on boot
  * Fix ACPI TAD  on some Intel based systems (LP: #2032767)
    - ACPI: TAD: Install SystemCMOS address space handler for ACPI000E
  * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
    ARM64 (LP: #2033007)
    - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
  * Request backport of xen timekeeping performance improvements (LP: #2033122)
    - x86/xen/time: prefer tsc as clocksource when it is invariant
  * Fix numerous AER related issues (LP: #2033025)
    - SAUCE: PCI/AER: Disable AER service during suspend, again
    - SAUCE: PCI/DPC: Disable DPC service during suspend, again
  * Enable D3cold at s2idle for Intel DG2 GPU (LP: #2033452)
    - drm/i915/dgfx: Enable d3cold at s2idle
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * Fix non-working MT7921e when pre-boot WiFi is enabled (LP: #2026322)
    - wifi: mt76: mt7921e: fix init command fail with enabled device
  * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
    - e1000e: Use PME poll to circumvent unreliable ACPI wake
  * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
    cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
    - cpufreq: intel_pstate: Fix scaling for hybrid-capable
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()
  * CVE-2023-4155
    - KVM: SEV: snapshot the GHCB before accessing it
    - KVM: SEV: only access GHCB fields once
  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().
  * Lunar update: upstream stable patchset 2023-08-03 (LP: #2029808)
    - RDMA/bnxt_re: Fix the page_size used during the MR creation
    - phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value
    - RDMA/efa: Fix unsupported page sizes in device
    - RDMA/hns: Fix timeout attr in query qp for HIP08
    - RDMA/hns: Fix base address table allocation
    - RDMA/hns: Modify the value of long message loopback slice
    - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
    - RDMA/bnxt_re: Fix a possible memory leak
    - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
    - iommu/rockchip: Fix unwind goto issue
    - iommu/amd: Don't block updates to GATag if guest mode is on
    - iommu/amd: Handle GALog overflows
    - iommu/amd: Fix up merge conflict resolution
    - nfsd: make a copy of struct iattr before calling notify_change
    - dmaengine: pl330: rename _start to prevent build error
    - riscv: Fix unused variable warning when BUILTIN_DTB is set
    - net/mlx5: Drain health before unregistering devlink
    - net/mlx5: SF, Drain health before removing device
    - net/mlx5: fw_tracer, Fix event handling
    - net/mlx5e: Don't attach netdev profile while handling internal error
    - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
    - netrom: fix info-leak in nr_write_internal()
    - af_packet: Fix data-races of pkt_sk(sk)->num.
    - tls: improve lockless access safety of tls_err_abort()
    - amd-xgbe: fix the false linkup in xgbe_phy_status
    - perf ftrace latency: Remove unnecessary "--" from --use-nsec option
    - mtd: rawnand: ingenic: fix empty stub helper definitions
    - RDMA/irdma: Prevent QP use after free
    - RDMA/irdma: Fix Local Invalidate fencing
    - af_packet: do not use READ_ONCE() in packet_bind()
    - tcp: deny tcp_disconnect() when threads are waiting
    - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
    - net/smc: Scan from current RMB list when no position specified
    - net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
    - net/sched: sch_ingress: Only create under TC_H_INGRESS
    - net/sched: sch_clsact: Only create under TC_H_CLSACT
    - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
    - net/sched: Prohibit regrafting ingress or clsact Qdiscs
    - net: sched: fix NULL pointer dereference in mq_attach
    - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
    - udp6: Fix race condition in udp6_sendmsg & connect
    - nfsd: fix double fget() bug in __write_ports_addfd()
    - nvme: fix the name of Zone Append for verbose logging
    - net/mlx5e: Fix error handling in mlx5e_refresh_tirs
    - net/mlx5: Read embedded cpu after init bit cleared
    - iommu/mediatek: Flush IOTLB completely only if domain has been attached
    - tcp: fix mishandling when the sack compression is deferred.
    - net: dsa: mv88e6xxx: Increase wait after reset deactivation
    - mtd: rawnand: marvell: ensure timing values are written
    - mtd: rawnand: marvell: don't set the NAND frequency select
    - rtnetlink: call validate_linkmsg in rtnl_create_link
    - mptcp: avoid unneeded __mptcp_nmpc_socket() usage
    - mptcp: add annotations around msk->subflow accesses
    - mptcp: avoid unneeded address copy
    - mptcp: simplify subflow_syn_recv_sock()
    - mptcp: consolidate passive msk socket initialization
    - mptcp: fix data race around msk->first access
    - mptcp: add annotations around sk->sk_shutdown accesses
    - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
    - watchdog: menz069_wdt: fix watchdog initialisation
    - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
    - ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
    - drm/amdgpu: Use the default reset when loading or reloading the driver
    - mailbox: mailbox-test: Fix potential double-free in
      mbox_test_message_write()
    - btrfs: abort transaction when sibling keys check fails for leaves
    - ARM: 9295/1: unwind:fix unwind abort for uleb128 case
    - hwmon: (k10temp) Add PCI ID for family 19, model 78h
    - media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
    - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
    - platform/mellanox: fix potential race in mlxbf-tmfifo driver
    - drm/amdgpu: set gfx9 onwards APU atomics support to be true
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - fbdev: modedb: Add 1920x1080 at 60 Hz video mode
    - fbdev: stifb: Fix info entry in sti_struct on error path
    - nbd: Fix debugfs_create_dir error checking
    - block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
    - nvme-pci: add quirk for missing secondary temperature thresholds
    - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
    - ASoC: dwc: limit the number of overrun messages
    - um: harddog: fix modular build
    - xfrm: Check if_id in inbound policy/secpath match
    - ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
    - ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
    - ASoC: ssm2602: Add workaround for playback distortions
    - media: dvb_demux: fix a bug for the continuity counter
    - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
    - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
    - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
    - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
    - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
    - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
    - media: netup_unidvb: fix irq init by register it at the end of probe
    - media: dvb_ca_en50221: fix a size write bug
    - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
    - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
    - media: dvb-core: Fix use-after-free due on race condition at dvb_net
    - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
    - ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
    - ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
    - ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
    - ASoC: SOF: pm: save io region state in case of errors in resume
    - s390/pkey: zeroize key blobs
    - s390/topology: honour nr_cpu_ids when adding CPUs
    - ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
    - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
    - ARM: dts: stm32: add pin map for CAN controller on stm32f7
    - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
    - arm64: vdso: Pass (void *) to virt_to_page()
    - wifi: mac80211: simplify chanctx allocation
    - wifi: mac80211: consider reserved chanctx for mindef
    - wifi: mac80211: recalc chanctx mindef before assigning
    - wifi: iwlwifi: mvm: Add locking to the rate read flow
    - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
    - wifi: b43: fix incorrect __packed annotation
    - netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
      CONFIG_NF_NAT
    - nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
    - nvme: do not let the user delete a ctrl before a complete initialization
    - ALSA: oss: avoid missing-prototype warnings
    - drm/msm: Be more shouty if per-process pgtables aren't working
    - atm: hide unused procfs functions
    - ceph: silence smatch warning in reconnect_caps_cb()
    - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
    - ublk: fix AB-BA lockdep warning
    - nvme-pci: Add quirk for Teamgroup MP33 SSD
    - block: Deny writable memory mapping if block is read-only
    - KVM: arm64: vgic: Fix a circular locking issue
    - KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
    - KVM: arm64: vgic: Fix locking comment
    - media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
    - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
    - drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
    - media: uvcvideo: Don't expose unsupported formats to userspace
    - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
      method
    - iio: adc: mxs-lradc: fix the order of two cleanup operations
    - HID: google: add jewel USB id
    - HID: wacom: avoid integer overflow in wacom_intuos_inout()
    - iio: imu: inv_icm42600: fix timestamp reset
    - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
    - iio: light: vcnl4035: fixed chip ID check
    - iio: adc: stm32-adc: skip adc-channels setup if none is present
    - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
    - iio: dac: mcp4725: Fix i2c_master_send() return value handling
    - iio: addac: ad74413: fix resistance input processing
    - iio: adc: ad7192: Change "shorted" channels to differential
    - iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
    - iio: dac: build ad5758 driver when AD5758 is selected
    - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
    - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
    - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
    - usb: gadget: f_fs: Add unbind event before functionfs_unbind
    - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
    - misc: fastrpc: return -EPIPE to invocations on device removal
    - misc: fastrpc: reject new invocations during device removal
    - scsi: stex: Fix gcc 13 warnings
    - ata: libata-scsi: Use correct device no in ata_find_dev()
    - drm/amdgpu: enable tmz by default for GC 11.0.1
    - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
    - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
    - drm/amd/pm: resolve reboot exception for si oland
    - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
    - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
    - drm/amd/pm: reverse mclk and fclk clocks levels for renoir
    - mmc: vub300: fix invalid response handling
    - mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
    - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
      UARTCTRL_SBK
    - btrfs: fix csum_tree_block page iteration to avoid tripping on
      -Werror=array-bounds
    - phy: qcom-qmp-combo: fix init-count imbalance
    - phy: qcom-qmp-pcie-msm8996: fix init-count imbalance
    - block: fix revalidate performance regression
    - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
    - iommu/amd: Fix domain flush size when syncing iotlb
    - tpm, tpm_tis: correct tpm_tis_flags enumeration values
    - riscv: perf: Fix callchain parse error with kernel tracepoint events
    - io_uring: undeprecate epoll_ctl support
    - selinux: don't use make's grouped targets feature yet
    - mtdchar: mark bits of ioctl handler noinline
    - tracing/timerlat: Always wakeup the timerlat thread
    - tracing/histograms: Allow variables to have some modifiers
    - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
    - selftests: mptcp: connect: skip if MPTCP is not supported
    - selftests: mptcp: pm nl: skip if MPTCP is not supported
    - selftests: mptcp: join: skip if MPTCP is not supported
    - selftests: mptcp: sockopt: skip if MPTCP is not supported
    - selftests: mptcp: userspace pm: skip if MPTCP is not supported
    - mptcp: fix connect timeout handling
    - mptcp: fix active subflow finalization
    - ext4: add EA_INODE checking to ext4_iget()
    - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
    - ext4: disallow ea_inodes with extended attributes
    - ext4: add lockdep annotations for i_data_sem for ea_inode's
    - fbcon: Fix null-ptr-deref in soft_cursor
    - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
    - serial: cpm_uart: Fix a COMPILE_TEST dependency
    - powerpc/xmon: Use KSYM_NAME_LEN in array size
    - test_firmware: fix a memory leak with reqs buffer
    - test_firmware: fix the memory leak of the allocated firmware buffer
    - KVM: arm64: Populate fault info for watchpoint
    - KVM: x86: Account fastpath-only VM-Exits in vCPU stats
    - ksmbd: fix credit count leakage
    - ksmbd: fix UAF issue from opinfo->conn
    - ksmbd: fix incorrect AllocationSize set in smb2_get_info
    - ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
    - ksmbd: fix multiple out-of-bounds read during context decoding
    - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
    - fs/ntfs3: Validate MFT flags before replaying logs
    - regmap: Account for register length when chunking
    - tpm, tpm_tis: Request threaded interrupt handler
    - iommu/amd/pgtbl_v2: Fix domain max address
    - drm/amd/display: Have Payload Properly Created After Resume
    - tls: rx: strp: don't use GFP_KERNEL in softirq context
    - selftests: mptcp: diag: skip if MPTCP is not supported
    - selftests: mptcp: simult flows: skip if MPTCP is not supported
    - selftests: mptcp: join: avoid using 'cmp --bytes'
    - ext4: enable the lazy init thread when remounting read/write
    - iommu: Make IPMMU_VMSA dependencies more strict
    - [Config] updateconfigs for IPMMU_VMSA
    - iommu/amd: Add missing domain type checks
    - efi: Bump stub image version for macOS HVF compatibility
    - rxrpc: Truncate UTS_RELEASE for rxrpc version
    - net: renesas: rswitch: Fix return value in error path of xmit
    - KVM: arm64: Prevent unconditional donation of unmapped regions from the host
    - KVM: arm64: Reload PTE after invoking walker callback on preorder traversal
    - iio: ad4130: Make sure clock provider gets removed
    - iio: adc: mt6370: Fix ibus and ibat scaling value of some specific vendor ID
      chips
    - iio: accel: kx022a fix irq getting
    - misc: fastrpc: Reassign memory ownership only for remote heap
    - module/decompress: Fix error checking on zstd decompression
    - dmaengine: at_hdmac: Repair bitfield macros for peripheral ID handling
    - dmaengine: at_hdmac: Extend the Flow Controller bitfield to three bits
    - test_firmware: prevent race conditions by a correct implementation of
      locking
    - KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
    - KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
    - Upstream stable to v6.1.33, v6.3.7
    - scsi: megaraid_sas: Add flexible array member for SGLs
    - net: sfp: fix state loss when updating state_hw_mask
    - spi: mt65xx: make sure operations completed before unloading
    - platform/surface: aggregator: Allow completion work-items to be executed in
      parallel
    - platform/surface: aggregator_tabletsw: Add support for book mode in KIP
      subsystem
    - spi: qup: Request DMA before enabling clocks
    - afs: Fix setting of mtime when creating a file/dir/symlink
    - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
    - bpf, sockmap: Avoid potential NULL dereference in
      sk_psock_verdict_data_ready()
    - neighbour: fix unaligned access to pneigh_entry
    - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
    - net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
    - bpf: Fix UAF in task local storage
    - bpf: Fix elem_size not being set for inner maps
    - net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
    - net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
    - net: enetc: correct the statistics of rx bytes
    - net: enetc: correct rx_bytes statistics of XDP
    - net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
    - Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
    - Bluetooth: Fix l2cap_disconnect_req deadlock
    - Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
    - Bluetooth: L2CAP: Add missing checks for invalid DCID
    - wifi: mac80211: use correct iftype HE cap
    - wifi: cfg80211: reject bad AP MLD address
    - wifi: mac80211: mlme: fix non-inheritence element
    - wifi: mac80211: don't translate beacon/presp addrs
    - qed/qede: Fix scheduling while atomic
    - wifi: cfg80211: fix locking in sched scan stop work
    - selftests/bpf: Verify optval=NULL case
    - selftests/bpf: Fix sockopt_sk selftest
    - netfilter: nft_bitwise: fix register tracking
    - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
    - netfilter: ipset: Add schedule point in call_ad().
    - netfilter: nf_tables: out-of-bound check in chain blob
    - ipv6: rpl: Fix Route of Death.
    - tcp: gso: really support BIG TCP
    - rfs: annotate lockless accesses to sk->sk_rxhash
    - rfs: annotate lockless accesses to RFS sock flow table
    - net: sched: add rcu annotations around qdisc->qdisc_sleeping
    - drm/i915/selftests: Add some missing error propagation
    - net: sched: move rtm_tca_policy declaration to include file
    - net: sched: act_police: fix sparse errors in tcf_police_dump()
    - net: sched: fix possible refcount leak in tc_chain_tmplt_add()
    - bpf: Add extra path pointer check to d_path helper
    - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
    - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
    - net: bcmgenet: Fix EEE implementation
    - bnxt_en: Don't issue AP reset during ethtool's reset operation
    - bnxt_en: Query default VLAN before VNIC setup on a VF
    - bnxt_en: Skip firmware fatal error recovery if chip is not accessible
    - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
    - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
    - batman-adv: Broken sync while rescheduling delayed work
    - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
    - Input: psmouse - fix OOB access in Elantech protocol
    - Input: fix open count when closing inhibited device
    - ALSA: hda: Fix kctl->id initialization
    - ALSA: ymfpci: Fix kctl->id initialization
    - ALSA: gus: Fix kctl->id initialization
    - ALSA: cmipci: Fix kctl->id initialization
    - ALSA: hda/realtek: Add quirk for Clevo NS50AU
    - ALSA: ice1712,ice1724: fix the kcontrol->id initialization
    - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
    - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
    - drm/i915/gt: Use the correct error value when kernel_context() fails
    - drm/amdgpu: fix xclk freq on CHIP_STONEY
    - drm/amdgpu: change reserved vram info print
    - drm/amd/pm: Fix power context allocation in SMU13
    - drm/amd/display: Reduce sdp bw after urgent to 90%
    - wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
    - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
      J1939 Socket
    - can: j1939: change j1939_netdev_lock type to mutex
    - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
    - mptcp: only send RM_ADDR in nl_cmd_remove
    - mptcp: add address into userspace pm list
    - mptcp: update userspace pm infos
    - selftests: mptcp: update userspace pm addr tests
    - selftests: mptcp: update userspace pm subflow tests
    - ceph: fix use-after-free bug for inodes when flushing capsnaps
    - s390/dasd: Use correct lock while counting channel queue length
    - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
    - Bluetooth: fix debugfs registration
    - Bluetooth: hci_qca: fix debugfs registration
    - tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
    - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
    - rbd: get snapshot context after exclusive lock is ensured to be held
    - virtio_net: use control_buf for coalesce params
    - soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
    - pinctrl: meson-axg: add missing GPIOA_18 gpio group
    - usb: usbfs: Enforce page requirements for mmap
    - usb: usbfs: Use consistent mmap functions
    - mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
    - mm: page_table_check: Ensure user pages are not slab pages
    - arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
    - ARM: at91: pm: fix imbalanced reference counter for ethernet devices
    - ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
    - ASoC: codecs: wsa883x: do not set can_multi_write flag
    - ASoC: codecs: wsa881x: do not set can_multi_write flag
    - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
      boards
    - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
    - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
    - ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
      returning void
    - ASoC: mediatek: mt8195: fix use-after-free in driver remove path
    - ASoC: simple-card-utils: fix PCM constraint error check
    - blk-mq: fix blk_mq_hw_ctx active request accounting
    - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
    - i2c: mv64xxx: Fix reading invalid status value in atomic mode
    - firmware: arm_ffa: Set handle field to zero in memory descriptor
    - gpio: sim: fix memory corruption when adding named lines and unnamed hogs
    - i2c: sprd: Delete i2c adapter in .remove's error path
    - riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
    - eeprom: at24: also select REGMAP
    - soundwire: stream: Add missing clear of alloc_slave_rt
    - riscv: fix kprobe __user string arg print fault issue
    - [Config] updateconfigs for ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
    - vduse: avoid empty string for dev name
    - vhost: support PACKED when setting-getting vring_base
    - vhost_vdpa: support PACKED when setting-getting vring_base
    - ksmbd: fix out-of-bound read in deassemble_neg_contexts()
    - ksmbd: fix out-of-bound read in parse_lease_state()
    - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
    - ext4: only check dquot_initialize_needed() when debugging
    - wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
    - wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
    - Bluetooth: Split bt_iso_qos into dedicated structures
    - Bluetooth: ISO: consider right CIS when removing CIG at cleanup
    - Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG
    - netfilter: nf_tables: Add null check for nla_nest_start_noflag() in
      nft_dump_basechain_hook()
    - drm/lima: fix sched context destroy
    - net: openvswitch: fix upcall counter access before allocation
    - bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg()
    - Input: cyttsp5 - fix array length
    - soc: qcom: rpmh-rsc: drop redundant unsigned >=0 comparision
    - arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
    - vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister
    - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
    - Upstream stable to v6.1.34, v6.3.8
  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free
  * CVE-2023-3212
    - gfs2: Don't deref jdesc in evict

-- Ian May <ian.may@canonical.com>  Tue, 10 Oct 2023 17:48:14 -0500

Changed in linux-nvidia-6.2 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Jacob Martin (jacobmartin) on 2024-05-28

no longer affects:	linux (Ubuntu Jammy)
no longer affects:	linux-nvidia-6.2 (Ubuntu Noble)

Stefan Bader (smb) on 2024-05-31

Changed in linux (Ubuntu Noble):
importance:	Undecided → Medium
Changed in linux (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged
Changed in linux (Ubuntu Noble):
status:	New → In Progress
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-06-10:

#3

This bug is awaiting verification that the linux/6.8.0-38.38 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-04:

#4

This bug is awaiting verification that the linux-nvidia-lowlatency/6.8.0-1009.9.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-lowlatency' to 'verification-done-noble-linux-nvidia-lowlatency'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-lowlatency' to 'verification-failed-noble-linux-nvidia-lowlatency'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-lowlatency-v2 verification-needed-noble-linux-nvidia-lowlatency

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-07-10:

#5

Download full text (50.5 KiB)

This bug was fixed in the package linux - 6.8.0-38.38

---------------
linux (6.8.0-38.38) noble; urgency=medium

* noble/linux: 6.8.0-38.38 -proposed tracker (LP: #2068318)

  * race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with
    Azure Standard_A2_v2 instance (LP: #2068024)
    - sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()

* Noble: btrfs: re-introduce 'norecovery' mount option (LP: #2068591)
- btrfs: re-introduce 'norecovery' mount option

  * Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu/mes: fix use-after-free issue

  * Noble update: v6.8.8 upstream stable release (LP: #2068087)
    - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
      failure
    - drm/i915/cdclk: Fix voltage_level programming edge case
    - Revert "vmgenid: emit uevent when VMGENID updates"
    - SUNRPC: Fix rpcgss_context trace event acceptor field
    - selftests/ftrace: Limit length in subsystem-enable tests
    - random: handle creditable entropy from atomic process context
    - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING
    - net: usb: ax88179_178a: avoid writing the mac address before first reading
    - btrfs: do not wait for short bulk allocation
    - btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
    - r8169: fix LED-related deadlock on module removal
    - r8169: add missing conditional compiling for call to r8169_remove_leds
    - scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
    - netfilter: br_netfilter: skip conntrack input hook for promisc packets
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: flowtable: validate pppoe header
    - netfilter: flowtable: incorrect pppoe tuple
    - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
    - af_unix: Don't peek OOB data without MSG_OOB.
    - net: sparx5: flower: fix fragment flags handling
    - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation
    - net/mlx5: Restore mistakenly dropped parts in register devlink flow
    - net/mlx5e: Prevent deadlock while disabling aRFS
    - net: change maximum number of UDP segments to 128
    - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
    - selftests/tcp_ao: Make RST tests less flaky
    - selftests/tcp_ao: Zero-init tcp_ao_info_opt
    - selftests/tcp_ao: Fix fscanf() call for format-security
    - selftests/tcp_ao: Printing fixes to confirm with format-security
    - net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only
    - net: stmmac: Fix max-speed being ignored on queue re-init
    - net: stmmac: Fix IP-cores specific MAC capabilities
    - ice: tc: check src_vsi in case of traffic from VF
    - ice: tc: allow zero flags in parsing tc flower
    - ice: Fix checking for unsupported keys on non-tunnel device
    - tun: limit printing rate whe...

This bug was fixed in the package linux - 6.8.0-38.38

---------------
linux (6.8.0-38.38) noble; urgency=medium

* noble/linux: 6.8.0-38.38 -proposed tracker (LP: #2068318)

* race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with
    Azure Standard_A2_v2 instance (LP: #2068024)
    - sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()

* Noble: btrfs: re-introduce 'norecovery' mount option (LP: #2068591)
    - btrfs: re-introduce 'norecovery' mount option

* Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu/mes: fix use-after-free issue

* Noble update: v6.8.8 upstream stable release (LP: #2068087)
    - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
      failure
    - drm/i915/cdclk: Fix voltage_level programming edge case
    - Revert "vmgenid: emit uevent when VMGENID updates"
    - SUNRPC: Fix rpcgss_context trace event acceptor field
    - selftests/ftrace: Limit length in subsystem-enable tests
    - random: handle creditable entropy from atomic process context
    - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING
    - net: usb: ax88179_178a: avoid writing the mac address before first reading
    - btrfs: do not wait for short bulk allocation
    - btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
    - r8169: fix LED-related deadlock on module removal
    - r8169: add missing conditional compiling for call to r8169_remove_leds
    - scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
    - netfilter: br_netfilter: skip conntrack input hook for promisc packets
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: flowtable: validate pppoe header
    - netfilter: flowtable: incorrect pppoe tuple
    - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
    - af_unix: Don't peek OOB data without MSG_OOB.
    - net: sparx5: flower: fix fragment flags handling
    - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation
    - net/mlx5: Restore mistakenly dropped parts in register devlink flow
    - net/mlx5e: Prevent deadlock while disabling aRFS
    - net: change maximum number of UDP segments to 128
    - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
    - selftests/tcp_ao: Make RST tests less flaky
    - selftests/tcp_ao: Zero-init tcp_ao_info_opt
    - selftests/tcp_ao: Fix fscanf() call for format-security
    - selftests/tcp_ao: Printing fixes to confirm with format-security
    - net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only
    - net: stmmac: Fix max-speed being ignored on queue re-init
    - net: stmmac: Fix IP-cores specific MAC capabilities
    - ice: tc: check src_vsi in case of traffic from VF
    - ice: tc: allow zero flags in parsing tc flower
    - ice: Fix checking for unsupported keys on non-tunnel device
    - tun: limit printing rate when illegal packet received by tun dev
    - net: dsa: mt7530: fix mirroring frames received on local port
    - net: dsa: mt7530: fix port mirroring for MT7988 SoC switch
    - s390/ism: Properly fix receive message buffer allocation
    - netfilter: nf_tables: missing iterator type in lookup walk
    - netfilter: nf_tables: restore set elements when delete set fails
    - gpiolib: swnode: Remove wrong header inclusion
    - netfilter: nf_tables: fix memleak in map from abort path
    - net/sched: Fix mirred deadlock on device recursion
    - net: ethernet: mtk_eth_soc: fix WED + wifi reset
    - ravb: Group descriptor types used in Rx ring
    - net: ravb: Count packets instead of descriptors in R-Car RX path
    - net: ravb: Allow RX loop to move past DMA mapping errors
    - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them
    - NFSD: fix endianness issue in nfsd4_encode_fattr4
    - RDMA/rxe: Fix the problem "mutex_destroy missing"
    - RDMA/cm: Print the old state when cm_destroy_id gets timeout
    - RDMA/mlx5: Fix port number for counter query in multi-port configuration
    - perf annotate: Make sure to call symbol__annotate2() in TUI
    - perf lock contention: Add a missing NULL check
    - s390/qdio: handle deferred cc1
    - s390/cio: fix race condition during online processing
    - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest
    - iommufd: Add config needed for iommufd_fail_nth
    - drm: nv04: Fix out of bounds access
    - drm/v3d: Don't increment `enabled_ns` twice
    - userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
    - thunderbolt: Introduce tb_port_reset()
    - thunderbolt: Introduce tb_path_deactivate_hop()
    - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4
      routers
    - thunderbolt: Reset topology created by the boot firmware
    - drm/panel: visionox-rm69299: don't unregister DSI device
    - drm/radeon: make -fstrict-flex-arrays=3 happy
    - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4
    - thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
    - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes
    - interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM
    - interconnect: Don't access req_list while it's being manipulated
    - clk: Remove prepare_lock hold assertion in __clk_release()
    - clk: Initialize struct clk_core kref earlier
    - clk: Get runtime PM before walking tree during disable_unused
    - clk: Get runtime PM before walking tree for clk_summary
    - clk: mediatek: Do a runtime PM get on controllers during probe
    - clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port
    - selftests/powerpc/papr-vpd: Fix missing variable initialization
    - x86/bugs: Fix BHI retpoline check
    - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
    - block: propagate partition scanning errors to the BLKRRPART ioctl
    - net/mlx5: E-switch, store eswitch pointer before registering devlink_param
    - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages
    - ALSA: hda/tas2781: correct the register for pow calibrated data
    - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N
    - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC
    - usb: misc: onboard_usb_hub: Disable the USB hub clock on failure
    - misc: rtsx: Fix rts5264 driver status incorrect when card removed
    - thunderbolt: Avoid notify PM core about runtime PM resume
    - thunderbolt: Fix wake configurations after device unplug
    - thunderbolt: Do not create DisplayPort tunnels on adapters of the same
      router
    - comedi: vmk80xx: fix incomplete endpoint checking
    - serial: mxs-auart: add spinlock around changing cts state
    - serial/pmac_zilog: Remove flawed mitigation for rx irq flood
    - serial: 8250_dw: Revert: Do not reclock if already at correct rate
    - serial: stm32: Return IRQ_NONE in the ISR if no handling happend
    - serial: stm32: Reset .throttled state in .startup()
    - serial: core: Fix regression when runtime PM is not enabled
    - serial: core: Clearing the circular buffer before NULLifying it
    - serial: core: Fix missing shutdown and startup for serial base port
    - USB: serial: option: add Fibocom FM135-GL variants
    - USB: serial: option: add support for Fibocom FM650/FG650
    - USB: serial: option: add Lonsung U8300/U9300 product
    - USB: serial: option: support Quectel EM060K sub-models
    - USB: serial: option: add Rolling RW101-GL and RW135-GL support
    - USB: serial: option: add Telit FN920C04 rmnet compositions
    - Revert "usb: cdc-wdm: close race between read and workqueue"
    - usb: dwc2: host: Fix dereference issue in DDMA completion flow.
    - usb: Disable USB3 LPM at shutdown
    - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
      error
    - usb: typec: tcpm: Correct the PDO counting in pd_set
    - mei: me: disable RPL-S on SPS and IGN firmwares
    - speakup: Avoid crash on very long word
    - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
    - sched: Add missing memory barrier in switch_mm_cid
    - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible
    - KVM: x86/pmu: Disable support for adaptive PEBS
    - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms
    - KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
    - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
    - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H
    - arm64: hibernate: Fix level3 translation fault in swsusp_save()
    - init/main.c: Fix potential static_command_line memory overflow
    - mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly
    - mm/userfaultfd: allow hugetlb change protection upon poison entry
    - mm,swapops: update check in is_pfn_swap_entry for hwpoison entries
    - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
    - mm/shmem: inline shmem_is_huge() for disabled transparent hugepages
    - fuse: fix leaked ENOSYS error on first statx call
    - drm/amdkfd: Fix memory leak in create_process failure
    - drm/amdgpu: remove invalid resource->start check v2
    - drm/ttm: stop pooling cached NUMA pages v2
    - drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init
    - drm/vmwgfx: Fix prime import/export
    - drm/vmwgfx: Sort primary plane formats by order of preference
    - drm/vmwgfx: Fix crtc's atomic check conditional
    - nouveau: fix instmem race condition around ptr stores
    - bootconfig: use memblock_free_late to free xbc memory to buddy
    - Squashfs: check the inode number is not the invalid value of zero
    - nilfs2: fix OOB in nilfs_set_de_type
    - fork: defer linking file vma until vma is fully initialized
    - net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530
    - net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards
    - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
    - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
    - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
    - ksmbd: common: use struct_group_attr instead of struct_group for
      network_open_info
    - thunderbolt: Reset only non-USB4 host routers in resume
    - Linux 6.8.8

* Fix inaudible HDMI/DP audio on USB-C MST dock (LP: #2064689)
    - drm/i915/audio: Fix audio time stamp programming for DP

* Add Cirrus Logic CS35L56 amplifier support (LP: #2062135)
    - ALSA: hda: realtek: Re-work CS35L41 fixups to re-use for other amps
    - ALSA: hda/realtek: Add quirks for HP G11 Laptops using CS35L56

* net:fib_rule_tests.sh in ubuntu_kselftests_net fails on Noble (LP: #2066332)
    - Revert "UBUNTU: SAUCE: selftests: net: fix "from" match test in
      fib_rule_tests.sh"

* mtk_t7xx WWAN module fails to probe with: Invalid device status 0x1
    (LP: #2049358)
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: PCIe reset rescan"
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: Add AP CLDMA"
    - net: wwan: t7xx: Add AP CLDMA
    - wwan: core: Add WWAN fastboot port type
    - net: wwan: t7xx: Add sysfs attribute for device state machine
    - net: wwan: t7xx: Infrastructure for early port configuration
    - net: wwan: t7xx: Add fastboot WWAN port

* Pull-request to address TPM bypass issue (LP: #2037688)
    - [Config]: Configure TPM drivers as builtins for arm64 in annotations

* re-enable Ubuntu FAN in the Noble kernel (LP: #2064508)
    - SAUCE: fan: add VXLAN implementation
    - SAUCE: fan: Fix NULL pointer dereference
    - SAUCE: fan: support vxlan strict length validation

* update for V3 kernel bits and improved multiple fan slice support
    (LP: #1470091) // re-enable Ubuntu FAN in the Noble kernel (LP: #2064508)
    - SAUCE: fan: tunnel multiple mapping mode (v3)

* TCP memory  leak, slow network (arm64) (LP: #2045560)
    - net: make SK_MEMORY_PCPU_RESERV tunable
    - net: fix sk_memory_allocated_{add|sub} vs softirqs

* panel flickering after the i915.psr2 is enabled (LP: #2046315)
    - drm/i915/alpm: Add ALPM register definitions
    - drm/i915/psr: Add alpm_parameters struct
    - drm/i915/alpm: Calculate ALPM Entry check
    - drm/i915/alpm: Alpm aux wake configuration for lnl
    - drm/i915/display: Make intel_dp_aux_fw_sync_len available for PSR code
    - drm/i915/psr: Improve fast and IO wake lines calculation
    - drm/i915/psr: Calculate IO wake and fast wake lines for DISPLAY_VER < 12
    - drm/i915/display: Increase number of fast wake precharge pulses

* I2C HID device sometimes fails to initialize causing touchpad to not work
    (LP: #2061040)
    - HID: i2c-hid: Revert to await reset ACK before reading report descriptor

* Fix the RTL8852CE BT FW Crash based on SER false alarm (LP: #2060904)
    - wifi: rtw89: disable txptctrl IMR to avoid flase alarm
    - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
      firmware command

* [X13s] Fingerprint reader is not working (LP: #2065376)
    - SAUCE: arm64: dts: qcom: sc8280xp: Add USB DWC3 Multiport controller
    - SAUCE: arm64: dts: qcom: sc8280xp-x13s: enable USB MP and fingerprint reader

* Fix random HuC/GuC initialization failure of Intel i915 driver
    (LP: #2061049)
    - drm/i915/huc: Allow for very slow HuC loading

* Add support of TAS2781 amp of audio (LP: #2064064)
    - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad
      ICE-1

* Noble update: v6.8.7 upstream stable release (LP: #2065912)
    - smb3: fix Open files on server counter going negative
    - ata: libata-core: Allow command duration limits detection for ACS-4 drives
    - ata: libata-scsi: Fix ata_scsi_dev_rescan() error path
    - drm/amdgpu/vpe: power on vpe when hw_init
    - batman-adv: Avoid infinite loop trying to resize local TT
    - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE
    - ceph: switch to use cap_delay_lock for the unlink delay list
    - virtio_net: Do not send RSS key if it is not supported
    - arm64: tlb: Fix TLBI RANGE operand
    - ARM: dts: imx7s-warp: Pass OV2680 link-frequencies
    - raid1: fix use-after-free for original bio in raid1_write_request()
    - ring-buffer: Only update pages_touched when a new page is touched
    - Bluetooth: Fix memory leak in hci_req_sync_complete()
    - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
    - platform/chrome: cros_ec_uart: properly fix race condition
    - ACPI: scan: Do not increase dep_unmet for already met dependencies
    - PM: s2idle: Make sure CPUs will wakeup directly on resume
    - media: cec: core: remove length check of Timer Status
    - btrfs: tests: allocate dummy fs_info and root in test_find_delalloc()
    - ARM: OMAP2+: fix bogus MMC GPIO labels on Nokia N8x0
    - ARM: OMAP2+: fix N810 MMC gpiod table
    - mmc: omap: fix broken slot switch lookup
    - mmc: omap: fix deferred probe
    - mmc: omap: restore original power up/down steps
    - ARM: OMAP2+: fix USB regression on Nokia N8x0
    - firmware: arm_ffa: Fix the partition ID check in ffa_notification_info_get()
    - firmware: arm_scmi: Make raw debugfs entries non-seekable
    - cxl/mem: Fix for the index of Clear Event Record Handle
    - cxl/core/regs: Fix usage of map->reg_type in cxl_decode_regblock() before
      assigned
    - arm64: dts: freescale: imx8mp-venice-gw72xx-2x: fix USB vbus regulator
    - arm64: dts: freescale: imx8mp-venice-gw73xx-2x: fix USB vbus regulator
    - drm/msm: Add newlines to some debug prints
    - drm/msm/dpu: don't allow overriding data from catalog
    - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more
      sensible
    - dt-bindings: display/msm: sm8150-mdss: add DP node
    - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order
    - cxl/core: Fix initialization of mbox_cmd.size_out in get event
    - Revert "drm/qxl: simplify qxl_fence_wait"
    - nouveau: fix function cast warning
    - drm/msm/adreno: Set highest_bank_bit for A619
    - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset()
    - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
    - net: openvswitch: fix unwanted error log on timeout policy probing
    - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
    - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
    - octeontx2-pf: Fix transmit scheduler resource leak
    - block: fix q->blkg_list corruption during disk rebind
    - lib: checksum: hide unused expected_csum_ipv6_magic[]
    - geneve: fix header validation in geneve[6]_xmit_skb
    - s390/ism: fix receive message buffer allocation
    - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()
    - bnxt_en: Fix error recovery for RoCE ulp client
    - bnxt_en: Reset PTP tx_avail after possible firmware reset
    - ACPI: bus: allow _UID matching for integer zero
    - base/node / ACPI: Enumerate node access class for 'struct access_coordinate'
    - ACPI: HMAT: Introduce 2 levels of generic port access class
    - ACPI: HMAT / cxl: Add retrieval of generic port coordinates for both access
      classes
    - cxl: Split out combine_coordinates() for common shared usage
    - cxl: Split out host bridge access coordinates
    - cxl: Remove checking of iter in cxl_endpoint_get_perf_coordinates()
    - cxl: Fix retrieving of access_coordinates in PCIe path
    - net: ks8851: Inline ks8851_rx_skb()
    - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang
    - af_unix: Clear stale u->oob_skb.
    - octeontx2-af: Fix NIX SQ mode and BP config
    - ipv6: fib: hide unused 'pn' variable
    - ipv4/route: avoid unused-but-set-variable warning
    - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
    - pds_core: use pci_reset_function for health reset
    - pds_core: Fix pdsc_check_pci_health function to use work thread
    - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout
    - Bluetooth: ISO: Don't reject BT_ISO_QOS if parameters are unset
    - Bluetooth: hci_sync: Use QoS to determine which PHY to scan
    - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY
    - Bluetooth: SCO: Fix not validating setsockopt user input
    - Bluetooth: RFCOMM: Fix not validating setsockopt user input
    - Bluetooth: L2CAP: Fix not validating setsockopt user input
    - Bluetooth: ISO: Fix not validating setsockopt user input
    - Bluetooth: hci_sock: Fix not validating setsockopt user input
    - Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit
    - netfilter: complete validation of user input
    - net/mlx5: SF, Stop waiting for FW as teardown was called
    - net/mlx5: Register devlink first under devlink lock
    - net/mlx5: offset comp irq index in name by one
    - net/mlx5: Properly link new fs rules into the tree
    - net/mlx5: Correctly compare pkt reformat ids
    - net/mlx5e: RSS, Block changing channels number when RXFH is configured
    - net/mlx5e: Fix mlx5e_priv_init() cleanup flow
    - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
    - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit
    - net: sparx5: fix wrong config being used when reconfiguring PCS
    - Revert "s390/ism: fix receive message buffer allocation"
    - net: dsa: mt7530: trap link-local frames regardless of ST Port State
    - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
    - af_unix: Fix garbage collector racing against connect()
    - net: ena: Fix potential sign extension issue
    - net: ena: Wrong missing IO completions check order
    - net: ena: Fix incorrect descriptor free behavior
    - net: ena: Set tx_info->xdpf value to NULL
    - drm/xe/display: Fix double mutex initialization
    - drm/xe/hwmon: Cast result to output precision on left shift of operand
    - tracing: hide unused ftrace_event_id_fops
    - iommu/vt-d: Fix wrong use of pasid config
    - iommu/vt-d: Allocate local memory for page request queue
    - iommu/vt-d: Fix WARN_ON in iommu probe path
    - io_uring: refactor DEFER_TASKRUN multishot checks
    - io_uring: disable io-wq execution of multishot NOWAIT requests
    - btrfs: qgroup: correctly model root qgroup rsv in convert
    - btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
    - btrfs: record delayed inode root in transaction
    - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans
    - io_uring/net: restore msg_control on sendzc retry
    - kprobes: Fix possible use-after-free issue on kprobe registration
    - fs/proc: remove redundant comments from /proc/bootconfig
    - fs/proc: Skip bootloader comment if no embedded kernel parameters
    - scsi: sg: Avoid sg device teardown race
    - scsi: sg: Avoid race in error handling & drop bogus warn
    - accel/ivpu: Check return code of ipc->lock init
    - accel/ivpu: Fix PCI D0 state entry in resume
    - accel/ivpu: Put NPU back to D3hot after failed resume
    - accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE
    - accel/ivpu: Fix deadlock in context_xa
    - drm/vmwgfx: Enable DMA mappings with SEV
    - drm/i915/vrr: Disable VRR when using bigjoiner
    - drm/amdkfd: Reset GPU on queue preemption failure
    - drm/ast: Fix soft lockup
    - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
    - drm/client: Fully protect modes[] with dev->mode_config.mutex
    - drm/msm/dp: fix runtime PM leak on disconnect
    - drm/msm/dp: fix runtime PM leak on connect failure
    - drm/amdgpu/umsch: reinitialize write pointer in hw init
    - arm64: dts: imx8qm-ss-dma: fix can lpcg indices
    - arm64: dts: imx8-ss-dma: fix can lpcg indices
    - arm64: dts: imx8-ss-dma: fix adc lpcg indices
    - arm64: dts: imx8-ss-conn: fix usb lpcg indices
    - arm64: dts: imx8-ss-dma: fix pwm lpcg indices
    - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices
    - arm64: dts: imx8-ss-dma: fix spi lpcg indices
    - vhost: Add smp_rmb() in vhost_vq_avail_empty()
    - vhost: Add smp_rmb() in vhost_enable_notify()
    - perf/x86: Fix out of range data
    - x86/cpu: Actually turn off mitigations by default for
      SPECULATION_MITIGATIONS=n
    - selftests/timers/posix_timers: Reimplement check_timer_distribution()
    - selftests: timers: Fix posix_timers ksft_print_msg() warning
    - selftests: timers: Fix abs() warning in posix_timers test
    - selftests: kselftest: Mark functions that unconditionally call exit() as
      __noreturn
    - x86/apic: Force native_apic_mem_read() to use the MOV instruction
    - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
    - selftests: kselftest: Fix build failure with NOLIBC
    - kernfs: annotate different lockdep class for of->mutex of writable files
    - x86/bugs: Fix return type of spectre_bhi_state()
    - x86/bugs: Fix BHI documentation
    - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
    - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
    - x86/bugs: Fix BHI handling of RRSBA
    - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
    - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
    - [Config] updateconfigs to remove obsolete SPECTRE_BHI_AUTO
    - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
      CONFIG_MITIGATION_SPECTRE_BHI
    - [Config] updateconfigs to enable new MITIGATION_SPECTRE_BHI
    - drm/i915/cdclk: Fix CDCLK programming order when pipes are active
    - drm/i915/psr: Disable PSR when bigjoiner is used
    - drm/i915: Disable port sync when bigjoiner is used
    - drm/i915: Disable live M/N updates when using bigjoiner
    - drm/amdgpu: Reset dGPU if suspend got aborted
    - drm/amdgpu: always force full reset for SOC21
    - drm/amdgpu: fix incorrect number of active RBs for gfx11
    - drm/amdgpu: differentiate external rev id for gfx 11.5.0
    - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4
    - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST
    - drm/amd/display: Do not recursively call manual trigger programming
    - drm/amd/display: Return max resolution supported by DWB
    - drm/amd/display: always reset ODM mode in context when adding first plane
    - drm/amd/display: fix disable otg wa logic in DCN316
    - Linux 6.8.7

* Noble update: v6.8.6 upstream stable release (LP: #2065899)
    - amdkfd: use calloc instead of kzalloc to avoid integer overflow
    - wifi: ath9k: fix LNA selection in ath_ant_try_scan()
    - wifi: rtw89: fix null pointer access when abort scan
    - bnx2x: Fix firmware version string character counts
    - net: stmmac: dwmac-starfive: Add support for JH7100 SoC
    - net: phy: phy_device: Prevent nullptr exceptions on ISR
    - wifi: rtw89: pci: validate RX tag for RXQ and RPQ
    - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
    - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
    - wifi: iwlwifi: pcie: Add the PCI device id for new hardware
    - arm64: dts: qcom: qcm6490-idp: Add definition for three LEDs
    - net: dsa: qca8k: put MDIO controller OF node if unavailable
    - arm64: dts: qcom: qrb2210-rb1: disable cluster power domains
    - printk: For @suppress_panic_printk check for other CPU in panic
    - panic: Flush kernel log buffer at the end
    - dump_stack: Do not get cpu_sync for panic CPU
    - wifi: iwlwifi: pcie: Add new PCI device id and CNVI
    - cpuidle: Avoid potential overflow in integer multiplication
    - ARM: dts: rockchip: fix rk3288 hdmi ports node
    - ARM: dts: rockchip: fix rk322x hdmi ports node
    - arm64: dts: rockchip: fix rk3328 hdmi ports node
    - arm64: dts: rockchip: fix rk3399 hdmi ports node
    - net: add netdev_lockdep_set_classes() to virtual drivers
    - arm64: dts: qcom: qcs6490-rb3gen2: Declare GCC clocks protected
    - pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
    - pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
    - ACPI: resource: Add IRQ override quirk for ASUS ExpertBook B2502FBA
    - ionic: set adminq irq affinity
    - net: skbuff: add overflow debug check to pull/push helpers
    - firmware: tegra: bpmp: Return directly after a failed kzalloc() in
      get_filename()
    - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
    - wifi: mt76: mt7915: add locking for accessing mapped registers
    - wifi: mt76: mt7996: disable AMSDU for non-data frames
    - wifi: mt76: mt7996: add locking for accessing mapped registers
    - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of
      CONFIG_X86_ANDROID_TABLETS
    - ACPI: x86: Add DELL0501 handling to acpi_quirk_skip_serdev_enumeration()
    - pstore/zone: Add a null pointer check to the psz_kmsg_read
    - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
    - net: pcs: xpcs: Return EINVAL in the internal methods
    - dma-direct: Leak pages on dma_set_decrypted() failure
    - wifi: ath11k: decrease MHI channel buffer length to 8KB
    - iommu/arm-smmu-v3: Hold arm_smmu_asid_lock during all of attach_dev
    - cpufreq: Don't unregister cpufreq cooling on CPU hotplug
    - overflow: Allow non-type arg to type_max() and type_min()
    - wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
    - wifi: cfg80211: check A-MSDU format more carefully
    - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
    - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
    - btrfs: send: handle path ref underflow in header iterate_inode_ref()
    - ice: use relative VSI index for VFs instead of PF VSI number
    - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
    - netdev: let netlink core handle -EMSGSIZE errors
    - Bluetooth: btintel: Fix null ptr deref in btintel_read_version
    - Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
    - Bluetooth: Add new quirk for broken read key length on ATS2851
    - drm/vc4: don't check if plane->state->fb == state->fb
    - drm/ci: uprev mesa version: fix kdl commit fetch
    - drm/amdgpu: Skip do PCI error slot reset during RAS recovery
    - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
    - drm: panel-orientation-quirks: Add quirk for GPD Win Mini
    - ASoC: SOF: amd: Optimize quirk for Valve Galileo
    - drm/ttm: return ENOSPC from ttm_bo_mem_space v3
    - scsi: ufs: qcom: Avoid re-init quirk when gears match
    - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
    - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
    - sysv: don't call sb_bread() with pointers_lock held
    - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
    - drm/amd/display: Disable idle reallow as part of command/gpint execution
    - isofs: handle CDs with bad root inode but good Joliet root directory
    - ASoC: Intel: sof_rt5682: dmi quirk cleanup for mtl boards
    - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710)
      laptops
    - rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
    - rcu-tasks: Repair RCU Tasks Trace quiescence check
    - Julia Lawall reported this null pointer dereference, this should fix it.
    - media: sta2x11: fix irq handler cast
    - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block
      counter
    - drm/panel: simple: Add BOE BP082WX1-100 8.2" panel
    - x86/vdso: Fix rethunk patching for vdso-image-{32,64}.o
    - ASoC: Intel: avs: Populate board selection with new I2S entries
    - ext4: add a hint for block bitmap corrupt state in mb_groups
    - ext4: forbid commit inconsistent quota data when errors=remount-ro
    - drm/amd/display: Fix nanosec stat overflow
    - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
    - i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
    - HID: input: avoid polling stylus battery on Chromebook Pompom
    - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
    - drm: Check output polling initialized before disabling
    - drm: Check polling initialized before enabling in
      drm_helper_probe_single_connector_modes
    - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned
      int
    - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
    - Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
    - libperf evlist: Avoid out-of-bounds access
    - crypto: iaa - Fix async_disable descriptor leak
    - input/touchscreen: imagis: Correct the maximum touch area value
    - drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
    - block: prevent division by zero in blk_rq_stat_sum()
    - RDMA/cm: add timeout to cm_destroy_id wait
    - Input: imagis - use FIELD_GET where applicable
    - Input: allocate keycode for Display refresh rate toggle
    - platform/x86: acer-wmi: Add support for Acer PH16-71
    - platform/x86: acer-wmi: Add predator_v4 module parameter
    - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi
      Vi8 tablet
    - perf/x86/amd/lbr: Discard erroneous branch entries
    - ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
    - ktest: force $buildonly = 1 for 'make_warnings_file' test type
    - Input: xpad - add support for Snakebyte GAMEPADs
    - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
      environment
    - tools: iio: replace seekdir() in iio_generic_buffer
    - bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
    - kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in
      kernfs_find_and_get_node_by_id()
    - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk
    - thunderbolt: Calculate DisplayPort tunnel bandwidth after DPRX capabilities
      read
    - usb: gadget: uvc: refactor the check for a valid buffer in the pump worker
    - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
    - usb: typec: ucsi: Limit read size on v1.2
    - serial: 8250_of: Drop quirk fot NPCM from 8250_port
    - thunderbolt: Keep the domain powered when USB4 port is in redrive mode
    - usb: typec: tcpci: add generic tcpci fallback compatible
    - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
    - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
    - thermal/of: Assume polling-delay(-passive) 0 when absent
    - ASoC: soc-core.c: Skip dummy codec when adding platforms
    - x86/xen: attempt to inflate the memory balloon on PVH
    - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
    - io_uring: clear opcode specific data for an early failure
    - modpost: fix null pointer dereference
    - drivers/nvme: Add quirks for device 126f:2262
    - fbmon: prevent division by zero in fb_videomode_from_videomode()
    - ALSA: hda/realtek: Add quirks for some Clevo laptops
    - drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
    - gcc-plugins/stackleak: Avoid .head.text section
    - media: mediatek: vcodec: Fix oops when HEVC init fails
    - media: mediatek: vcodec: adding lock to protect decoder context list
    - media: mediatek: vcodec: adding lock to protect encoder context list
    - randomize_kstack: Improve entropy diffusion
    - platform/x86/intel/hid: Don't wake on 5-button releases
    - platform/x86: intel-vbtn: Update tablet mode switch at end of probe
    - nouveau: fix devinit paths to only handle display on GSP.
    - Bluetooth: btintel: Fixe build regression
    - net: mpls: error out if inner headers are not set
    - VMCI: Fix possible memcpy() run-time warning in
      vmci_datagram_invoke_guest_handler()
    - x86/vdso: Fix rethunk patching for vdso-image-x32.o too
    - Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in
      amdgpu_device_init()"
    - Linux 6.8.6

* Noble update: v6.8.5 upstream stable release (LP: #2065400)
    - scripts/bpf_doc: Use silent mode when exec make cmd
    - xsk: Don't assume metadata is always requested in TX completion
    - s390/bpf: Fix bpf_plt pointer arithmetic
    - bpf, arm64: fix bug in BPF_LDX_MEMSX
    - dma-buf: Fix NULL pointer dereference in sanitycheck()
    - arm64: bpf: fix 32bit unconditional bswap
    - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
    - nfsd: Fix error cleanup path in nfsd_rename()
    - tools: ynl: fix setting presence bits in simple nests
    - mlxbf_gige: stop PHY during open() error paths
    - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF
    - wifi: iwlwifi: mvm: rfi: fix potential response leaks
    - wifi: iwlwifi: mvm: include link ID when releasing frames
    - ALSA: hda: cs35l56: Set the init_done flag before component_add()
    - ice: Refactor FW data type and fix bitmap casting issue
    - ice: fix memory corruption bug with suspend and rebuild
    - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
    - igc: Remove stale comment about Tx timestamping
    - drm/xe: Remove unused xe_bo->props struct
    - drm/xe: Add exec_queue.sched_props.job_timeout_ms
    - drm/xe/guc_submit: use jiffies for job timeout
    - drm/xe/queue: fix engine_class bounds check
    - drm/xe/device: fix XE_MAX_GT_PER_TILE check
    - drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check
    - dpll: indent DPLL option type by a tab
    - s390/qeth: handle deferred cc1
    - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
    - tcp: properly terminate timers for kernel sockets
    - net: wwan: t7xx: Split 64bit accesses to fix alignment issues
    - drm/rockchip: vop2: Remove AR30 and AB30 format support
    - selftests: vxlan_mdb: Fix failures with old libnet
    - gpiolib: Fix debug messaging in gpiod_find_and_request()
    - ACPICA: debugger: check status of acpi_evaluate_object() in
      acpi_db_walk_for_fields()
    - net: hns3: fix index limit to support all queue stats
    - net: hns3: fix kernel crash when devlink reload during pf initialization
    - net: hns3: mark unexcuted loopback test result as UNEXECUTED
    - tls: recv: process_rx_list shouldn't use an offset with kvec
    - tls: adjust recv return with async crypto and failed copy to userspace
    - tls: get psock ref after taking rxlock to avoid leak
    - mlxbf_gige: call request_irq() after NAPI initialized
    - drm/amd/display: Update P010 scaling cap
    - drm/amd/display: Send DTBCLK disable message on first commit
    - bpf: Protect against int overflow for stack access size
    - cifs: Fix duplicate fscache cookie warnings
    - netfilter: nf_tables: reject destroy command to remove basechain hooks
    - netfilter: nf_tables: reject table flag and netdev basechain updates
    - netfilter: nf_tables: skip netdev hook unregistration if table is dormant
    - iommu: Validate the PASID in iommu_attach_device_pasid()
    - net: bcmasp: Bring up unimac after PHY link up
    - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
    - Octeontx2-af: fix pause frame configuration in GMP mode
    - inet: inet_defrag: prevent sk release while still in use
    - drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP
    - drm/i915/display: Disable AuxCCS framebuffers if built for Xe
    - drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74
    - drm/i915/mtl: Update workaround 14018575942
    - drm/i915: Do not print 'pxp init failed with 0' when it succeed
    - dm integrity: fix out-of-range warning
    - modpost: do not make find_tosym() return NULL
    - kbuild: make -Woverride-init warnings more consistent
    - mm/treewide: replace pud_large() with pud_leaf()
    - Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
      mapped."
    - gpio: cdev: sanitize the label before requesting the interrupt
    - RISC-V: KVM: Fix APLIC setipnum_le/be write emulation
    - RISC-V: KVM: Fix APLIC in_clrip[x] read emulation
    - KVM: arm64: Fix host-programmed guest events in nVHE
    - KVM: arm64: Fix out-of-IPA space translation fault handling
    - selinux: avoid dereference of garbage after mount failure
    - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
    - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
    - x86/bpf: Fix IP after emitting call depth accounting
    - Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
    - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
    - Bluetooth: qca: fix device-address endianness
    - Bluetooth: add quirk for broken address properties
    - Bluetooth: hci_event: set the conn encrypted before conn establishes
    - Bluetooth: Fix TOCTOU in HCI debugfs implementation
    - netfilter: nf_tables: release batch on table validation from abort path
    - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
    - selftests: mptcp: join: fix dev in check_endpoint
    - net/rds: fix possible cp null dereference
    - net: usb: ax88179_178a: avoid the interface always configured as random
      address
    - net: mana: Fix Rx DMA datasize and skb_over_panic
    - vsock/virtio: fix packet delivery to tap device
    - netfilter: nf_tables: reject new basechain after table flag update
    - netfilter: nf_tables: flush pending destroy work before exit_net release
    - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
    - netfilter: nf_tables: discard table flag update with pending basechain
      deletion
    - netfilter: validate user input for expected length
    - vboxsf: Avoid an spurious warning if load_nls_xxx() fails
    - bpf, sockmap: Prevent lock inversion deadlock in map delete elem
    - mptcp: prevent BPF accessing lowat from a subflow socket.
    - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for
      !SRSO
    - KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range()
    - KVM: arm64: Ensure target address is granule-aligned for range TLBI
    - net/sched: act_skbmod: prevent kernel-infoleak
    - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45()
    - net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
    - net: stmmac: fix rx queue priority assignment
    - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
    - net: txgbe: fix i2c dev name cannot match clkdev
    - net: fec: Set mac_managed_pm during probe
    - net: phy: micrel: Fix potential null pointer dereference
    - net: dsa: mv88e6xxx: fix usable ports on 88e6020
    - selftests: net: gro fwd: update vxlan GRO test expectations
    - gro: fix ownership transfer
    - idpf: fix kernel panic on unknown packet types
    - ice: fix enabling RX VLAN filtering
    - i40e: Fix VF MAC filter removal
    - tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-
      wildcard addresses.
    - erspan: make sure erspan_base_hdr is present in skb->head
    - selftests: reuseaddr_conflict: add missing new line at the end of the output
    - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-
      wildcard addresses.
    - ax25: fix use-after-free bugs caused by ax25_ds_del_timer
    - e1000e: Workaround for sporadic MDI error on Meteor Lake systems
    - ipv6: Fix infinite recursion in fib6_dump_done().
    - mlxbf_gige: stop interface during shutdown
    - r8169: skip DASH fw status checks when DASH is disabled
    - udp: do not accept non-tunnel GSO skbs landing in a tunnel
    - udp: do not transition UDP GRO fraglist partial checksums to unnecessary
    - udp: prevent local UDP tunnel packets from being GROed
    - octeontx2-af: Fix issue with loading coalesced KPU profiles
    - octeontx2-pf: check negative error code in otx2_open()
    - octeontx2-af: Add array index check
    - i40e: fix i40e_count_filters() to count only active/new filters
    - i40e: fix vf may be used uninitialized in this function warning
    - i40e: Enforce software interrupt during busy-poll exit
    - drm/amd: Flush GFXOFF requests in prepare stage
    - e1000e: Minor flow correction in e1000_shutdown function
    - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue
    - mean_and_variance: Drop always failing tests
    - net: ravb: Let IP-specific receive function to interrogate descriptors
    - net: ravb: Always process TX descriptor ring
    - net: ravb: Always update error counters
    - KVM: SVM: Use unsigned integers when dealing with ASIDs
    - KVM: SVM: Add support for allowing zero SEV ASIDs
    - selftests: mptcp: connect: fix shellcheck warnings
    - selftests: mptcp: use += operator to append strings
    - mptcp: don't account accept() of non-MPC client as fallback to TCP
    - 9p: Fix read/write debug statements to report server reply
    - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl()
    - ASoC: cs42l43: Correct extraction of data pointer in suspend/resume
    - riscv: mm: Fix prototype to avoid discarding const
    - riscv: hwprobe: do not produce frtace relocation
    - drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
    - block: count BLK_OPEN_RESTRICT_WRITES openers
    - RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ
    - ASoC: amd: acp: fix for acp pdm configuration check
    - regmap: maple: Fix cache corruption in regcache_maple_drop()
    - ALSA: hda: cs35l56: Add ACPI device match tables
    - drm/panfrost: fix power transition timeout warnings
    - nouveau/uvmm: fix addr/range calcs for remap operations
    - drm/prime: Unbreak virtgpu dma-buf export
    - ASoC: rt5682-sdw: fix locking sequence
    - ASoC: rt711-sdca: fix locking sequence
    - ASoC: rt711-sdw: fix locking sequence
    - ASoC: rt712-sdca-sdw: fix locking sequence
    - ASoC: rt722-sdca-sdw: fix locking sequence
    - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
    - spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro
    - spi: s3c64xx: sort headers alphabetically
    - spi: s3c64xx: explicitly include <linux/bits.h>
    - spi: s3c64xx: remove else after return
    - spi: s3c64xx: define a magic value
    - spi: s3c64xx: allow full FIFO masks
    - spi: s3c64xx: determine the fifo depth only once
    - spi: s3c64xx: Use DMA mode from fifo size
    - ASoC: amd: acp: fix for acp_init function error handling
    - regmap: maple: Fix uninitialized symbol 'ret' warnings
    - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
    - scsi: mylex: Fix sysfs buffer lengths
    - scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
    - Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching"
    - drm/i915/dp: Fix DSC state HW readout for SST connectors
    - cifs: Fix caching to try to do open O_WRONLY as rdwr on server
    - spi: mchp-pci1xxx: Fix a possible null pointer dereference in
      pci1xxx_spi_probe
    - s390/pai: fix sampling event removal for PMU device driver
    - thermal: gov_power_allocator: Allow binding without cooling devices
    - thermal: gov_power_allocator: Allow binding without trip points
    - drm/i915/gt: Limit the reserved VM space to only the platforms that need it
    - ata: sata_mv: Fix PCI device ID table declaration compilation warning
    - ASoC: SOF: amd: fix for false dsp interrupts
    - SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP
    - riscv: use KERN_INFO in do_trap
    - riscv: Fix warning by declaring arch_cpu_idle() as noinstr
    - riscv: Disable preemption when using patch_map()
    - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
    - lib/stackdepot: move stack_record struct definition into the header
    - stackdepot: rename pool_index to pool_index_plus_1
    - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
    - Revert "drm/amd/display: Send DTBCLK disable message on first commit"
    - gpio: cdev: check for NULL labels when sanitizing them for irqs
    - gpio: cdev: fix missed label sanitizing in debounce_setup()
    - ksmbd: don't send oplock break if rename fails
    - ksmbd: validate payload size in ipc response
    - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
    - ALSA: hda: Add pplcllpl/u members to hdac_ext_stream
    - ALSA: hda/realtek - Fix inactive headset mic jack
    - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models
    - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR
    - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
      microphone
    - io_uring/kbuf: get rid of lower BGID lists
    - io_uring/kbuf: get rid of bl->is_ready
    - io_uring/kbuf: protect io_buffer_list teardown with a reference
    - io_uring/rw: don't allow multishot reads without NOWAIT support
    - io_uring: use private workqueue for exit work
    - io_uring/kbuf: hold io_buffer_list reference over mmap
    - ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream
    - ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs
    - ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint
    - ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position)
    - ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback
    - ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting
    - ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks
    - ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position
      callback
    - ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for
      pcm_delay
    - ASoC: SOF: Remove the get_stream_position callback
    - ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally
    - ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger
    - ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state
    - ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops
    - ASoC: SOF: ipc4-pcm: Correct the delay calculation
    - ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset
    - driver core: Introduce device_link_wait_removal()
    - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
    - of: module: prevent NULL pointer dereference in vsnprintf()
    - x86/mm/pat: fix VM_PAT handling in COW mappings
    - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
    - x86/coco: Require seeding RNG with RDRAND on CoCo systems
    - perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event
    - riscv: Fix vector state restore in rt_sigreturn()
    - arm64/ptrace: Use saved floating point state type to determine SVE layout
    - mm/secretmem: fix GUP-fast succeeding on secretmem folios
    - selftests/mm: include strings.h for ffsl
    - s390/entry: align system call table on 8 bytes
    - riscv: Fix spurious errors from __get/put_kernel_nofault
    - riscv: process: Fix kernel gp leakage
    - smb: client: fix UAF in smb2_reconnect_server()
    - smb: client: guarantee refcounted children from parent session
    - smb: client: refresh referral without acquiring refpath_lock
    - smb: client: handle DFS tcons in cifs_construct_tcon()
    - smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex
    - smb3: retrying on failed server close
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()
    - smb: client: fix potential UAF in cifs_stats_proc_write()
    - smb: client: fix potential UAF in cifs_stats_proc_show()
    - smb: client: fix potential UAF in cifs_dump_full_key()
    - smb: client: fix potential UAF in smb2_is_valid_oplock_break()
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()
    - smb: client: fix potential UAF in is_valid_oplock_break()
    - smb: client: fix potential UAF in smb2_is_network_name_deleted()
    - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
    - drm/i915/mst: Limit MST+DSC to TGL+
    - drm/i915/mst: Reject FEC+MST on ICL
    - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13
    - drm/i915/gt: Disable HW load balancing for CCS
    - drm/i915/gt: Do not generate the command streamer for all the CCS
    - drm/i915/gt: Enable only one CCS for compute workload
    - drm/xe: Use ring ops TLB invalidation for rebinds
    - drm/xe: Rework rebinding
    - Revert "x86/mpparse: Register APIC address only once"
    - bpf: put uprobe link's path and task in release callback
    - bpf: support deferring bpf_link dealloc to after RCU grace period
    - efi/libstub: Add generic support for parsing mem_encrypt=
    - x86/boot: Move mem_encrypt= parsing to the decompressor
    - x86/sme: Move early SME kernel encryption handling into .head.text
    - x86/sev: Move early startup code into .head.text section
    - Linux 6.8.5

* CVE-2024-26926
    - binder: check offset alignment in binder_get_object()

* CVE-2024-26922
    - drm/amdgpu: validate the parameters of bo mapping operations more clearly

* CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 07 Jun 2024 14:51:17 +0200

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#6

This bug is awaiting verification that the linux-gke/6.8.0-1006.9 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-gke' to 'verification-done-noble-linux-gke'. If the problem still exists, change the tag 'verification-needed-noble-linux-gke' to 'verification-failed-noble-linux-gke'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-gke-v2 verification-needed-noble-linux-gke

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#7

This bug is awaiting verification that the linux-nvidia/6.8.0-1009.9 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia' to 'verification-done-noble-linux-nvidia'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia' to 'verification-failed-noble-linux-nvidia'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-v2 verification-needed-noble-linux-nvidia

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#8

This bug is awaiting verification that the linux-ibm/6.8.0-1008.8 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-ibm' to 'verification-done-noble-linux-ibm'. If the problem still exists, change the tag 'verification-needed-noble-linux-ibm' to 'verification-failed-noble-linux-ibm'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-ibm-v2 verification-needed-noble-linux-ibm

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#9

This bug is awaiting verification that the linux-hwe-6.8/6.8.0-38.38~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-done-jammy-linux-hwe-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-hwe-6.8' to 'verification-failed-jammy-linux-hwe-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-hwe-6.8-v2 verification-needed-jammy-linux-hwe-6.8

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#10

This bug is awaiting verification that the linux-azure-6.8/6.8.0-1010.10~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-6.8' to 'verification-done-jammy-linux-azure-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-6.8' to 'verification-failed-jammy-linux-azure-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-azure-6.8-v2 verification-needed-jammy-linux-azure-6.8

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#11

This bug is awaiting verification that the linux-lowlatency-hwe-6.8/6.8.0-38.38.1~22.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-lowlatency-hwe-6.8' to 'verification-done-jammy-linux-lowlatency-hwe-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-lowlatency-hwe-6.8' to 'verification-failed-jammy-linux-lowlatency-hwe-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-lowlatency-hwe-6.8-v2 verification-needed-jammy-linux-lowlatency-hwe-6.8

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-07-10:

#12

This bug is awaiting verification that the linux-raspi-realtime/6.8.0-2006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-raspi-realtime' to 'verification-done-noble-linux-raspi-realtime'. If the problem still exists, change the tag 'verification-needed-noble-linux-raspi-realtime' to 'verification-failed-noble-linux-raspi-realtime'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-raspi-realtime-v2 verification-needed-noble-linux-raspi-realtime

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote 19 hours ago:

#13

This bug is awaiting verification that the linux-ibm-6.8/6.8.0-1008.8~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-ibm-6.8' to 'verification-done-jammy-linux-ibm-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-ibm-6.8' to 'verification-failed-jammy-linux-ibm-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-ibm-6.8-v2 verification-needed-jammy-linux-ibm-6.8

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote 3 hours ago:

#14

This bug is awaiting verification that the linux-aws-6.8/6.8.0-1011.12~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.8' to 'verification-done-jammy-linux-aws-6.8'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.8' to 'verification-failed-jammy-linux-aws-6.8'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws-6.8-v2 verification-needed-jammy-linux-aws-6.8

Ubuntu
linux package

Pull-request to address TPM bypass issue

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Triaged	Medium	Unassigned
Noble	Fix Released	Medium	Unassigned
linux-nvidia-6.2 (Ubuntu)	Fix Committed	Undecided	Unassigned
Jammy	Fix Released	Undecided	Unassigned

Ubuntulinux package

Pull-request to address TPM bypass issue

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package