Ubuntu
linux package

LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot

Bug #1987998 reported by Matthew Ruffell on 2022-08-29

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Medium	Matthew Ruffell
Jammy	Fix Released	Medium	Matthew Ruffell
Kinetic	Fix Released	Medium	Matthew Ruffell
linux-oem-6.0 (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Fix Released	Medium	Thadeu Lima de Souza Cascardo
Kinetic	Invalid	Undecided	Unassigned
linux-oem-6.1 (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Fix Released	Medium	Thadeu Lima de Souza Cascardo
Kinetic	Invalid	Undecided	Unassigned

Bug Description

BugLink: https://bugs.launchpad.net/bugs/1987998

[Impact]

The Ubuntu kernel carries an out of tree patchet, known as "LSM: Module stacking for AppArmor" upstream, to enable stackable LSMs for containers. The revision the Ubuntu kernel carries is an older one, from 2020, and has some slight divergences from the latest revision in development.

One such divergence, is support for Landlock as a stackable LSM. When the stackable LSM patchset was applied, Landlock was still in development and not mainlined yet, and wasn't present in the earlier revision of the "LSM: Module stacking for AppArmor" patchset. Support for this was added by us.

There was a minor omission made during enabling support for Landlock. The LSM slot type was marked as LSMBLOB_NEEDED, when it should have been LSMBLOB_NOT_NEEDED.

Landlock itself does not provide any of the hooks that use a struct lsmblob, such as secid_to_secctx, secctx_to_secid, inode_getsecid, cred_getsecid, kernel_act_as task_getsecid_subj task_getsecid_obj and ipc_getsecid.

When we set .slot = LSMBLOB_NEEDED, this indicates that we need an entry in struct lsmblob, and we need to increment LSMBLOB_ENTRIES by one to fit the entry into the secid array:

#define LSMBLOB_ENTRIES ( \
       (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
       (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
       (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
       (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0))

struct lsmblob {
u32 secid[LSMBLOB_ENTRIES];
};

Currently, we don't increment LSMBLOB_ENTRIES by one to make an entry for Landlock, so for the Ubuntu kernel, we can fit a maximum of two entries, one for Apparmor and one for bpf.

If you try and configure three LSMs like so and reboot:

GRUB_CMDLINE_LINUX_DEFAULT="lsm=landlock,bpf,apparmor"

You will receive the following panic:

LSM: Security Framework initializing
landlock: Up and running.
LSM support for eBPF active
Kernel panic - not syncing: security_add_hooks Too many LSMs registered.
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.0-46-generic #49-Ubuntu
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
show_stack+0x52/0x5c
dump_stack_lvl+0x4a/0x63
dump_stack+0x10/0x16
panic+0x149/0x321
security_add_hooks+0x45/0x13a
apparmor_init+0x189/0x1ef
initialize_lsm+0x54/0x74
ordered_lsm_init+0x379/0x392
security_init+0x40/0x49
start_kernel+0x466/0x4dc
x86_64_start_reservations+0x24/0x2a
x86_64_start_kernel+0xe4/0xef
secondary_startup_64_no_verify+0xc2/0xcb
</TASK>
---[ end Kernel panic - not syncing: security_add_hooks Too many LSMs registered. ]---

There is a check added in security_add_hooks() that makes sure that you cannot configure too many LSMs:

if (lsmid->slot == LSMBLOB_NEEDED) {
if (lsm_slot >= LSMBLOB_ENTRIES)
panic("%s Too many LSMs registered.\n", __func__);
lsmid->slot = lsm_slot++;
init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
lsmid->slot);
}

A workaround is to enable no more than 2 LSMs until this is fixed.

[Fix]

If you read the following mailing list thread on linux-security-modules from May 2021:

https://lore.kernel.org/selinux/202105141224.942DE93@keescook/T/

It is explained that Landlock does not provide any of the hooks that use a struct lsmblob, such as secid_to_secctx, secctx_to_secid, inode_getsecid, cred_getsecid, kernel_act_as task_getsecid_subj task_getsecid_obj and ipc_getsecid.

I verified this with:

ubuntu-jammy$ grep -Rin "secid_to_secctx" security/landlock/
ubuntu-jammy$ grep -Rin "secctx_to_secid" security/landlock/
ubuntu-jammy$ grep -Rin "inode_getsecid" security/landlock/
ubuntu-jammy$ grep -Rin "cred_getsecid" security/landlock/
ubuntu-jammy$ grep -Rin "kernel_act_as" security/landlock/
ubuntu-jammy$ grep -Rin "task_getsecid_subj" security/landlock/
ubuntu-jammy$ grep -Rin "task_getsecid_obj" security/landlock/
ubuntu-jammy$ grep -Rin "ipc_getsecid" security/landlock/

The fix is to change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED.

Due to the "LSM: Module stacking for AppArmor" patchset being 25 patches long, it was impractical to revert just the below patch and reapply with the fix, due to a large amount of conflicts:

commit f17b27a2790e72198d2aaf45242453e5a9043049
Author: Casey Schaufler <email address hidden>
Date: Mon Aug 17 16:02:56 2020 -0700
Subject: UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure.
Link: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=f17b27a2790e72198d2aaf45242453e5a9043049

So instead, I wrote up a fix that just changes the Landlock LSM slots to follow the latest upstream development, from V37 of the patchset:

https://<email address hidden>/

I refactored the landlock_lsmid struct to only be in one place, and to be marked as extern from security/landlock/setup.h.

[Testcase]

Launch a Jammy or Kinetic VM.

1. Edit /etc/default/grub and append the following to GRUB_CMDLINE_LINUX_DEFAULT:
"lsm=landlock,bpf,apparmor"
2. sudo update-grub
3. reboot

The system will panic on boot.

If you install the test kernel from the following ppa:

https://launchpad.net/~mruffell/+archive/ubuntu/sf343286-test

Instead of a panic occurring, the kernel should display all LSMs initialising, and continue to boot.

[ 0.288224] LSM: Security Framework initializing
[ 0.289457] landlock: Up and running.
[ 0.290290] LSM support for eBPF active
[ 0.291189] AppArmor: AppArmor initialized

[Where problems could occur]

The risk of regression in changing Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED is low, due to Landlock not needing a slot in the secid array in struct lsmblob in the first place.

The refactor is minor and unlikely to introduce any issues with Landlock or its security promises.

I feel that simply fixing this small bug is less regression risk than reverting the entire 25 patch patchset and applying the latest V37 upstream patchset, which has undergone significant changes from mid 2020. I think its best we consume the newer patchset once it makes its way into mainline in a future kernel instead.

If a regression were to occur, users could configure 2 LSMs instead of all 3, or not enable Landlock.

[Other Info]

This patchset was originally NACKed by Stefan Bader on request of John Johansen due to a minor misunderstanding on how LSMBLOB_NEEDED worked with blob slot registration.

ACK:
https://lists.ubuntu.com/archives/kernel-team/2022-August/132898.html
Applied:
https://lists.ubuntu.com/archives/kernel-team/2022-August/132887.html
NACK:
https://lists.ubuntu.com/archives/kernel-team/2022-September/132965.html
Revert:
https://lists.ubuntu.com/archives/kernel-team/2022-September/132966.html

This led to a off list discussion between myself, Stefan bader, Andrea Righi, John Johansen, Jay Vosburgh and Tim Gardner:

Subject:
Please Re-review LSM Stacking Patchset fix - Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

The discussion uses largely information found in this SRU template, plus some additional information from mailing list threads highlighting why it is safe to move to LSMBLOB_NOT_NEEDED.

From Matthew Ruffell
https://pastebin.canonical.com/p/hxMgk2tDG9/

From John Johansen
https://pastebin.canonical.com/p/ZM4qCMrx2M/
https://pastebin.canonical.com/p/q6485wDwdt/

From Matthew Ruffell
https://pastebin.canonical.com/p/y2HxnDMS6T/

From Stefan Bader
https://pastebin.canonical.com/p/CCvVh8SvhB/

Now that the misunderstanding has been cleared up, and the patchset has been double checked and approved by the Security Team, resubmitting the initial patch as V2.

See original description

Tags:

CVE References

Matthew Ruffell (mruffell) on 2022-08-29

Changed in linux (Ubuntu Jammy):
status:	New → In Progress
Changed in linux (Ubuntu Kinetic):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Kinetic):
importance:	Undecided → Medium
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Matthew Ruffell (mruffell)
Changed in linux (Ubuntu Kinetic):
assignee:	nobody → Matthew Ruffell (mruffell)
description:	updated
tags:	added: jammy kinetic sts

Matthew Ruffell (mruffell) on 2022-09-27

description:

updated

Matthew Ruffell (mruffell) on 2022-09-27

Changed in linux (Ubuntu Kinetic):
status:	In Progress → Fix Committed

Stefan Bader (smb) on 2022-10-05

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-10-25:

This bug is awaiting verification that the linux/5.15.0-53.59 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Matthew Ruffell (mruffell) wrote on 2022-10-26:

Performing verification for Jammy

I started a fresh Jammy VM, running 5.15.0-52-generic from -updates.

I edited /etc/default/grub and set GRUB_CMDLINE_LINUX_DEFAULT to "lsm=landlock,bpf,apparmor", updated grub, and rebooted.

The system panicked with the usual splat:

[ 0.355151] LSM: Security Framework initializing
[ 0.356309] landlock: Up and running.
[ 0.357186] LSM support for eBPF active
[ 0.358143] Kernel panic - not syncing: security_add_hooks Too many LSMs registered.
[ 0.359849] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.0-52-generic #58-Ubuntu
[ 0.360292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
[ 0.360292] Call Trace:
[ 0.360292] <TASK>
[ 0.360292] show_stack+0x52/0x5c
[ 0.360292] dump_stack_lvl+0x4a/0x63
[ 0.360292] dump_stack+0x10/0x16
[ 0.360292] panic+0x149/0x321
[ 0.360292] security_add_hooks+0x45/0x13a
[ 0.360292] apparmor_init+0x189/0x1ef
[ 0.360292] initialize_lsm+0x54/0x74
[ 0.360292] ordered_lsm_init+0x379/0x392
[ 0.360292] security_init+0x40/0x49
[ 0.360292] start_kernel+0x454/0x4ca
[ 0.360292] x86_64_start_reservations+0x24/0x2a
[ 0.360292] x86_64_start_kernel+0xfb/0x106
[ 0.360292] secondary_startup_64_no_verify+0xc2/0xcb
[ 0.360292] </TASK>
[ 0.360292] ---[ end Kernel panic - not syncing: security_add_hooks Too many LSMs registered. ]---

I then rebooted, enabled -proposed, and installed 5.15.0-53-generic, and rebooted again.

The system came up fine, with all the LSMs enabled:

[ 0.312038] LSM: Security Framework initializing
[ 0.313217] landlock: Up and running.
[ 0.314065] LSM support for eBPF active
[ 0.314999] AppArmor: AppArmor initialized

The 5.15.0-53-generic kernel in -proposed fixes the issue, happy to mark verified for Jammy.

tags:

added: verification-done-jammy

Revision history for this message

Matthew Ruffell (mruffell) wrote on 2022-10-27:

Performing verification for Kinetic.

I installed the 5.19.0-23-generic kernel from -updates, and edited /etc/default/grub to set GRUB_CMDLINE_LINUX_DEFAULT to "lsm=landlock,bpf,apparmor", updated grub, and rebooted.

The system came up as expected and all LSM modules loaded.

[ 0.264264] LSM: Security Framework initializing
[ 0.265198] landlock: Up and running.
[ 0.266816] LSM support for eBPF active
[ 0.267630] AppArmor: AppArmor initialized

Marking Kinetic as verified.

tags:	added: verification-done-kinetic
Changed in linux (Ubuntu Kinetic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-11-15:

Download full text (73.3 KiB)

This bug was fixed in the package linux - 5.15.0-53.59

---------------
linux (5.15.0-53.59) jammy; urgency=medium

* Fix blank screen on Thinkpad ADL 4K+ panel (LP: #1980621)
- drm/i915: Implement WaEdpLinkRateDataReload

* Kernel regresses openjdk on riscv64 (LP: #1992484)
- SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid"

  * iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500
    (LP: #1983656)
    - iavf: Fix set max MTU size with port VLAN and jumbo frames
    - i40e: Fix VF set max MTU size

  * [Ubuntu 22.04] mpt3sas: Request to include latest bug fix patches
    (LP: #1965927)
    - scsi: mpt3sas: Remove scsi_dma_map() error messages
    - scsi: mpt3sas: Update persistent trigger pages from sysfs interface

  * ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
    systems (LP: #1990985)
    - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
      systems

  * Fix resume on AMD platforms when TBT monitor is plugged (LP: #1990920)
    - SAUCE: Revert "drm/amd/display: Add helper for blanking all dp displays"
    - drm/amd/display: Detect dpcd_rev when hotplug mst monitor
    - drm/amd/display: Release remote dc_sink under mst scenario

* LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
- SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

* To support Intel Maple Ridge Thunderbolt [8086:1134] (LP: #1990240)
- thunderbolt: Add support for Intel Maple Ridge single port controller

  * Intel graphic driver is not probing[8086:468b] (LP: #1990242)
    - drm/i915/adl_s: Update ADL-S PCI IDs
    - drm/i915: Add new ADL-S pci id

* Add HDMI codec ID for Intel Raptor Lake (LP: #1989578)
- ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake

This bug was fixed in the package linux - 5.15.0-53.59

---------------
linux (5.15.0-53.59) jammy; urgency=medium

* Fix blank screen on Thinkpad ADL 4K+ panel (LP: #1980621)
    - drm/i915: Implement WaEdpLinkRateDataReload

* Kernel regresses openjdk on riscv64 (LP: #1992484)
    - SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid"

* iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500
    (LP: #1983656)
    - iavf: Fix set max MTU size with port VLAN and jumbo frames
    - i40e: Fix VF set max MTU size

* LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
    - SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

* To support Intel Maple Ridge Thunderbolt [8086:1134] (LP: #1990240)
    - thunderbolt: Add support for Intel Maple Ridge single port controller

* Intel graphic driver is not probing[8086:468b] (LP: #1990242)
    - drm/i915/adl_s: Update ADL-S PCI IDs
    - drm/i915: Add new ADL-S pci id

* Add HDMI codec ID for Intel Raptor Lake (LP: #1989578)
    - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake

* Jammy update: v5.15.64 upstream stable release (LP: #1991717)
    - wifi: rtlwifi: remove always-true condition pointed out by GCC 12
    - eth: sun: cassini: remove dead code
    - audit: fix potential double free on error path from fsnotify_add_inode_mark
    - cgroup: Fix race condition at rebind_subsystems()
    - parisc: Make CONFIG_64BIT available for ARCH=parisc64 only
    - parisc: Fix exception handler for fldw and fstw instructions
    - kernel/sys_ni: add compat entry for fadvise64_64
    - x86/entry: Move CLD to the start of the idtentry macro
    - block: add a bdev_max_zone_append_sectors helper
    - block: add bdev_max_segments() helper
    - btrfs: zoned: revive max_zone_append_bytes
    - btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size
    - btrfs: convert count_max_extents() to use fs_info->max_extent_size
    - Input: i8042 - move __initconst to fix code styling warning
    - Input: i8042 - merge quirk tables
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables
    - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables
    - drivers/base: fix userspace break from using bin_attributes for cpumap and
      cpulist
    - scsi: qla2xxx: Fix response queue handler reading stale packets
    - scsi: qla2xxx: edif: Fix dropped IKE message
    - btrfs: put initial index value of a directory in a constant
    - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode
    - btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc()
    - riscv: lib: uaccess: fold fixups into body
    - riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit
    - xfrm: fix refcount leak in __xfrm_policy_check()
    - xfrm: clone missing x->lastused in xfrm_do_migrate
    - xfrm: policy: fix metadata dst->dev xmit null pointer dereference
    - fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
    - net: use eth_hw_addr_set() instead of ether_addr_copy()
    - Revert "net: macsec: update SCI upon MAC address change."
    - NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
    - NFSv4.2 fix problems with __nfs42_ssc_open
    - SUNRPC: RPC level errors should set task->tk_rpc_status
    - mm/smaps: don't access young/dirty bit if pte unpresent
    - ntfs: fix acl handling
    - rose: check NULL rose_loopback_neigh->loopback
    - r8152: fix the units of some registers for RTL8156A
    - r8152: fix the RX FIFO settings when suspending
    - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
    - ice: xsk: Force rings to be sized to power of 2
    - ice: xsk: prohibit usage of non-balanced queue id
    - net/mlx5e: Properly disable vlan strip on non-UL reps
    - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key
    - net/mlx5e: Fix wrong application of the LRO state
    - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
    - net: ipa: don't assume SMEM is page-aligned
    - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume()
    - net: moxa: get rid of asymmetry in DMA mapping/unmapping
    - bonding: 802.3ad: fix no transmission of LACPDUs
    - net: ipvtap - add __init/__exit annotations to module init/exit funcs
    - netfilter: ebtables: reject blobs that don't provide all entry points
    - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    - netfilter: nf_tables: disallow updates of implicit chain
    - netfilter: nf_tables: make table handle allocation per-netns friendly
    - netfilter: nft_payload: report ERANGE for too long offset and length
    - netfilter: nft_payload: do not truncate csum_offset and csum_type
    - netfilter: nf_tables: do not leave chain stats enabled on error
    - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    - netfilter: nft_tunnel: restrict it to netdev family
    - netfilter: nf_tables: consolidate rule verdict trace call
    - netfilter: nft_cmp: optimize comparison for 16-bytes
    - netfilter: bitwise: improve error goto labels
    - netfilter: nf_tables: upfront validation of data via nft_data_init()
    - netfilter: nf_tables: disallow jump to implicit chain from set element
    - netfilter: nf_tables: disallow binding to already bound chain
    - netfilter: flowtable: add function to invoke garbage collection immediately
    - netfilter: flowtable: fix stuck flows on cleanup due to pending work
    - net: Fix data-races around sysctl_[rw]mem_(max|default).
    - net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
    - net: Fix data-races around netdev_max_backlog.
    - net: Fix data-races around netdev_tstamp_prequeue.
    - ratelimit: Fix data-races in ___ratelimit().
    - net: Fix data-races around sysctl_optmem_max.
    - net: Fix a data-race around sysctl_tstamp_allow_data.
    - net: Fix a data-race around sysctl_net_busy_poll.
    - net: Fix a data-race around sysctl_net_busy_read.
    - net: Fix a data-race around netdev_budget.
    - tcp: expose the tcp_mark_push() and tcp_skb_entail() helpers
    - mptcp: stop relying on tcp_tx_skb_cache
    - net: Fix data-races around sysctl_max_skb_frags.
    - net: Fix a data-race around netdev_budget_usecs.
    - net: Fix data-races around sysctl_fb_tunnels_only_for_init_net.
    - net: Fix data-races around sysctl_devconf_inherit_init_net.
    - net: Fix a data-race around sysctl_somaxconn.
    - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
    - i40e: Fix incorrect address type for IPv6 flow rules
    - rxrpc: Fix locking in rxrpc's sendmsg
    - ionic: widen queue_lock use around lif init and deinit
    - ionic: clear broken state on generation change
    - ionic: fix up issues with handling EAGAIN on FW cmds
    - ionic: VF initial random MAC address if no assigned mac
    - net: stmmac: work around sporadic tx issue on link-up
    - btrfs: fix silent failure when deleting root reference
    - btrfs: replace: drop assert for suspended replace
    - btrfs: add info when mount fails due to stale replace target
    - btrfs: check if root is readonly while setting security xattr
    - btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()
    - perf/x86/lbr: Enable the branch type for the Arch LBR by default
    - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
    - x86/bugs: Add "unknown" reporting for MMIO Stale Data
    - x86/nospec: Unwreck the RSB stuffing
    - loop: Check for overflow while configuring loop
    - writeback: avoid use-after-free after removing device
    - asm-generic: sections: refactor memory_intersects
    - mm/damon/dbgfs: avoid duplicate context directory creation
    - s390/mm: do not trigger write fault when vma does not allow VM_WRITE
    - bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem
    - s390: fix double free of GS and RI CBs on fork() failure
    - fbdev: fbcon: Properly revert changes when vc_resize() failed
    - Revert "memcg: cleanup racy sum avoidance code"
    - ACPI: processor: Remove freq Qos request for all CPUs
    - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf
    - smb3: missing inode locks in punch hole
    - xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
    - riscv: traps: add missing prototype
    - io_uring: fix issue with io_write() not always undoing sb_start_write()
    - mm/hugetlb: fix hugetlb not supporting softdirty tracking
    - md: call __md_stop_writes in md_stop
    - mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release
      skb
    - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76
    - binder_alloc: add missing mmap_lock calls when using the VMA
    - x86/nospec: Fix i386 RSB stuffing
    - Documentation/ABI: Mention retbleed vulnerability info file for sysfs
    - blk-mq: fix io hung due to missing commit_rqs
    - perf python: Fix build when PYTHON_CONFIG is user supplied
    - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
    - perf/x86/intel/ds: Fix precise store latency handling
    - perf stat: Clear evsel->reset_group for each stat run
    - scsi: ufs: core: Enable link lost interrupt
    - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
    - bpf: Don't use tnum_range on array range checking for poke descriptors
    - Linux 5.15.64

* Jammy update: v5.15.63 upstream stable release (LP: #1990564)
    - ALSA: info: Fix llseek return value when using callback
    - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
    - KVM: Unconditionally get a ref to /dev/kvm module when creating a VM
    - x86/mm: Use proper mask when setting PUD mapping
    - rds: add missing barrier to release_refill
    - locking/atomic: Make test_and_*_bit() ordered on failure
    - drm/nouveau: recognise GA103
    - drm/ttm: Fix dummy res NULL ptr deref bug
    - drm/amd/display: Check correct bounds for stream encoder instances for
      DCN303
    - ata: libata-eh: Add missing command name
    - mmc: pxamci: Fix another error handling path in pxamci_probe()
    - mmc: pxamci: Fix an error handling path in pxamci_probe()
    - mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
    - btrfs: unset reloc control if transaction commit fails in
      prepare_to_relocate()
    - btrfs: reset RO counter on block group if we fail to relocate
    - btrfs: fix lost error handling when looking up extended ref on log replay
    - cifs: Fix memory leak on the deferred close
    - x86/kprobes: Fix JNG/JNLE emulation
    - tracing/eprobes: Do not allow eprobes to use $stack, or % for regs
    - tracing/eprobes: Do not hardcode $comm as a string
    - tracing/eprobes: Have event probes be consistent with kprobes and uprobes
    - tracing/probes: Have kprobes and uprobes use $COMM too
    - tracing: Have filter accept "common_cpu" to be consistent
    - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
    - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional
    - can: ems_usb: fix clang's -Wunaligned-access warning
    - apparmor: fix quiet_denied for file rules
    - Revert "UBUNTU: SAUCE: apparmor: drop prefixing abs root labels with '='"
    - apparmor: fix absroot causing audited secids to begin with =
    - apparmor: Fix failed mount permission check error message
    - apparmor: fix aa_label_asxprint return check
    - apparmor: fix setting unconfined mode on a loaded profile
    - apparmor: fix overlapping attachment computation
    - apparmor: fix reference count leak in aa_pivotroot()
    - apparmor: Fix memleak in aa_simple_write_to_buffer()
    - Documentation: ACPI: EINJ: Fix obsolete example
    - NFSv4.1: Don't decrease the value of seq_nr_highest_sent
    - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
    - NFSv4: Fix races in the legacy idmapper upcall
    - NFSv4.1: RECLAIM_COMPLETE must handle EACCES
    - NFSv4/pnfs: Fix a use-after-free bug in open
    - BPF: Fix potential bad pointer dereference in bpf_sys_bpf()
    - bpf: Don't reinit map value in prealloc_lru_pop
    - bpf: Acquire map uref in .init_seq_private for array map iterator
    - bpf: Acquire map uref in .init_seq_private for hash map iterator
    - bpf: Acquire map uref in .init_seq_private for sock local storage map
      iterator
    - bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
    - bpf: Check the validity of max_rdwr_access for sock local storage map
      iterator
    - can: mcp251x: Fix race condition on receive interrupt
    - can: j1939: j1939_session_destroy(): fix memory leak of skbs
    - net: atlantic: fix aq_vec index out of range error
    - m68k: coldfire/device.c: protect FLEXCAN blocks
    - sunrpc: fix expiry of auth creds
    - SUNRPC: Fix xdr_encode_bool()
    - SUNRPC: Reinitialise the backchannel request buffers before reuse
    - virtio_net: fix memory leak inside XPD_TX with mergeable
    - devlink: Fix use-after-free after a failed reload
    - net: phy: Warn about incorrect mdio_bus_phy_resume() state
    - net: bcmgenet: Indicate MAC is in charge of PHY PM
    - net: bgmac: Fix a BUG triggered by wrong bytes_compl
    - selftests: forwarding: Fix failing tests with old libnet
    - dt-bindings: arm: qcom: fix Alcatel OneTouch Idol 3 compatibles
    - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
    - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
    - pinctrl: amd: Don't save/restore interrupt status and wake status bits
    - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
    - pinctrl: qcom: sm8250: Fix PDC map
    - Input: exc3000 - fix return value check of wait_for_completion_timeout
    - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration
    - octeontx2-af: Apply tx nibble fixup always
    - octeontx2-af: suppress external profile loading warning
    - octeontx2-af: Fix mcam entry resource leak
    - octeontx2-af: Fix key checking for source mac
    - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
    - geneve: do not use RT_TOS for IPv6 flowlabel
    - mlx5: do not use RT_TOS for IPv6 flowlabel
    - ipv6: do not use RT_TOS for IPv6 flowlabel
    - plip: avoid rcu debug splat
    - vsock: Fix memory leak in vsock_connect()
    - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
    - dt-bindings: gpio: zynq: Add missing compatible strings
    - dt-bindings: arm: qcom: fix Longcheer L8150 compatibles
    - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
    - dt-bindings: arm: qcom: fix MSM8994 boards compatibles
    - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
    - spi: dt-bindings: cadence: add missing 'required'
    - spi: dt-bindings: zynqmp-qspi: add missing 'required'
    - ceph: use correct index when encoding client supported features
    - tools/vm/slabinfo: use alphabetic order when two values are equal
    - ceph: don't leak snap_rwsem in handle_cap_grant
    - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
    - tools build: Switch to new openssl API for test-libcrypto
    - NTB: ntb_tool: uninitialized heap data in tool_fn_write()
    - nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
    - xen/xenbus: fix return type in xenbus_file_read()
    - atm: idt77252: fix use-after-free bugs caused by tst_timer
    - geneve: fix TOS inheriting for ipv4
    - perf probe: Fix an error handling path in 'parse_perf_probe_command()'
    - perf parse-events: Fix segfault when event parser gets an error
    - perf tests: Fix Track with sched_switch test for hybrid case
    - dpaa2-eth: trace the allocated address instead of page struct
    - fs/ntfs3: Fix using uninitialized value n when calling indx_read
    - fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
    - fs/ntfs3: Don't clear upper bits accidentally in log_replay()
    - fs/ntfs3: Fix double free on remount
    - fs/ntfs3: Do not change mode if ntfs_set_ea failed
    - fs/ntfs3: Fix missing i_op in ntfs_read_mft
    - nios2: page fault et.al. are *not* restartable syscalls...
    - nios2: don't leave NULLs in sys_call_table[]
    - nios2: traced syscall does need to check the syscall number
    - nios2: fix syscall restart checks
    - nios2: restarts apply only to the first sigframe we build...
    - nios2: add force_successful_syscall_return()
    - iavf: Fix adminq error handling
    - iavf: Fix reset error handling
    - ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
    - ASoC: tas2770: Set correct FSYNC polarity
    - ASoC: tas2770: Allow mono streams
    - ASoC: tas2770: Drop conflicting set_bias_level power setting
    - ASoC: tas2770: Fix handling of mute/unmute
    - ASoC: codec: tlv320aic32x4: fix mono playback via I2S
    - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id
      access
    - fs/ntfs3: uninitialized variable in ntfs_set_acl_ex()
    - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with
      NFT_SET_ELEM_INTERVAL_END flag
    - netfilter: nf_tables: possible module reference underflow in error path
    - netfilter: nf_tables: really skip inactive sets when allocating name
    - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT
      flag
    - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval
      flags
    - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and
      NFT_SET_ELEM_INTERVAL_END
    - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
    - powerpc/pci: Fix get_phb_number() locking
    - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages
    - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
    - net: dsa: mv88e6060: prevent crash on an unused port
    - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice
    - net: moxa: pass pdev instead of ndev to DMA functions
    - net: fix potential refcount leak in ndisc_router_discovery()
    - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
    - net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters
    - net: genl: fix error path memory leak in policy dumping
    - net: dsa: don't warn in dsa_port_set_state_now() when driver doesn't support
      it
    - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
    - ice: Ignore EEXIST when setting promisc mode
    - i2c: imx: Make sure to unregister adapter on remove()
    - regulator: pca9450: Remove restrictions for regulator-name
    - i40e: Fix to stop tx_timeout recovery if GLOBR fails
    - fec: Fix timer capture timing in `fec_ptp_enable_pps()`
    - stmmac: intel: Add a missing clk_disable_unprepare() call in
      intel_eth_pci_remove()
    - igb: Add lock to avoid data race
    - kbuild: fix the modules order between drivers and libs
    - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
    - tracing/eprobes: Fix reading of string fields
    - drm/imx/dcss: get rid of HPD warning message
    - ASoC: SOF: Intel: hda: Define rom_status_reg in sof_intel_dsp_desc
    - ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
    - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
    - drm/sun4i: dsi: Prevent underflow when computing packet sizes
    - net: qrtr: start MHI channel after endpoit creation
    - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems
    - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems
    - HID: multitouch: new device class fix Lenovo X12 trackpad sticky
    - PCI: Add ACS quirk for Broadcom BCM5750x NICs
    - platform/chrome: cros_ec_proto: don't show MKBP version if unsupported
    - usb: cdns3 fix use-after-free at workaround 2
    - usb: cdns3: fix random warning message when driver load
    - usb: gadget: uvc: calculate the number of request depending on framesize
    - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
      uvcg_info
    - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge
    - irqchip/tegra: Fix overflow implicit truncation warnings
    - drm/meson: Fix overflow implicit truncation warnings
    - clk: ti: Stop using legacy clkctrl names for omap4 and 5
    - scsi: ufs: ufs-mediatek: Fix the timing of configuring device regulators
    - usb: host: ohci-ppc-of: Fix refcount leak bug
    - usb: renesas: Fix refcount leak bug
    - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
    - vboxguest: Do not use devm for irq
    - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
    - uacce: Handle parent device removal or parent driver module rmmod
    - zram: do not lookup algorithm in backends table
    - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
    - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
      input
    - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
    - gadgetfs: ep_io - wait until IRQ finishes
    - coresight: etm4x: avoid build failure with unrolled loops
    - habanalabs/gaudi: fix shift out of bounds
    - habanalabs/gaudi: mask constant value before cast
    - mmc: tmio: avoid glitches when resetting
    - pinctrl: intel: Check against matching data instead of ACPI companion
    - cxl: Fix a memory leak in an error handling path
    - PCI/ACPI: Guard ARM64-specific mcfg_quirks
    - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
    - dmaengine: dw-axi-dmac: do not print NULL LLI during error
    - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor
    - RDMA/rxe: Limit the number of calls to each tasklet
    - csky/kprobe: reclaim insn_slot on kprobe unregistration
    - selftests/kprobe: Do not test for GRP/ without event failures
    - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
    - openrisc: io: Define iounmap argument as volatile
    - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks
    - md: Notify sysfs sync_completed in md_reap_sync_thread()
    - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
    - drivers:md:fix a potential use-after-free bug
    - ext4: avoid remove directory when directory is corrupted
    - ext4: avoid resizing to a partial cluster size
    - lib/list_debug.c: Detect uninitialized lists
    - tty: serial: Fix refcount leak bug in ucc_uart.c
    - KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
    - vfio: Clear the caps->buf to NULL after free
    - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
    - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit
    - modules: Ensure natural alignment for .altinstructions and __bug_table
      sections
    - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl()
    - riscv: dts: sifive: Add fu740 topology information
    - riscv: dts: canaan: Add k210 topology information
    - riscv: mmap with PROT_WRITE but no PROT_READ is invalid
    - RISC-V: Add fast call path of crash_kexec()
    - watchdog: export lockup_detector_reconfigure
    - powerpc/32: Set an IBAT covering up to _einittext during init
    - powerpc/32: Don't always pass -mcpu=powerpc to the compiler
    - ovl: warn if trusted xattr creation fails
    - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
    - ALSA: core: Add async signal helpers
    - ALSA: timer: Use deferred fasync helper
    - ALSA: control: Use deferred fasync helper
    - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
    - f2fs: fix to do sanity check on segment type in build_sit_entries()
    - smb3: check xattr value length earlier
    - powerpc/64: Init jump labels before parse_early_param()
    - venus: pm_helpers: Fix warning in OPP during probe
    - video: fbdev: i740fb: Check the argument of i740_calc_vclk()
    - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
    - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with
      netdev_warn_once()
    - scsi: ufs: ufs-mediatek: Fix build error and type mismatch
    - xfs: flush inodegc workqueue tasks before cancel
    - xfs: reserve quota for dir expansion when linking/unlinking files
    - xfs: reserve quota for target dir expansion when renaming files
    - xfs: remove infinite loop when reserving free block pool
    - xfs: always succeed at setting the reserve pool size
    - xfs: fix overfilling of reserve pool
    - xfs: fix soft lockup via spinning in filestream ag selection loop
    - xfs: revert "xfs: actually bump warning counts when we send warnings"
    - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
    - Linux 5.15.63

* Jammy update: v5.15.62 upstream stable release (LP: #1990554)
    - io_uring: use original request task for inflight tracking
    - tee: add overflow check in register_shm_helper()
    - net_sched: cls_route: disallow handle of 0
    - ksmbd: prevent out of bound read for SMB2_WRITE
    - ksmbd: fix heap-based overflow in set_ntacl_dacl()
    - btrfs: only write the sectors in the vertical stripe which has data stripes
    - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
    - Linux 5.15.62

* Jammy update: v5.15.61 upstream stable release (LP: #1990162)
    - Makefile: link with -z noexecstack --no-warn-rwx-segments
    - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
    - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
    - pNFS/flexfiles: Report RDMA connection errors to the server
    - NFSD: Clean up the show_nf_flags() macro
    - nfsd: eliminate the NFSD_FILE_BREAK_* flags
    - ALSA: usb-audio: Add quirk for Behringer UMC202HD
    - ALSA: bcd2000: Fix a UAF bug on the error path of probing
    - ALSA: hda/realtek: Add quirk for Clevo NV45PZ
    - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
    - wifi: mac80211_hwsim: fix race condition in pending packet
    - wifi: mac80211_hwsim: add back erroneously removed cast
    - wifi: mac80211_hwsim: use 32-bit skb cookie
    - add barriers to buffer_uptodate and set_buffer_uptodate
    - lockd: detect and reject lock arguments that overflow
    - HID: hid-input: add Surface Go battery quirk
    - HID: wacom: Only report rotation for art pen
    - HID: wacom: Don't register pad_input for touch switch
    - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
    - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
    - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
    - KVM: s390: pv: don't present the ecall interrupt twice
    - KVM: x86: Split kvm_is_valid_cr4() and export only the non-vendor bits
    - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
    - KVM: nVMX: Account for KVM reserved CR4 bits in consistency checks
    - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
    - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
    - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
    - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
    - KVM: x86: Tag kvm_mmu_x86_module_init() with __init
    - KVM: x86: do not report preemption if the steal time cache is stale
    - KVM: x86: revalidate steal time cache if MSR value changes
    - riscv: set default pm_power_off to NULL
    - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
    - ALSA: hda/cirrus - support for iMac 12,1 model
    - ALSA: hda/realtek: Add quirk for another Asus K42JZ model
    - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
    - tty: vt: initialize unicode screen buffer
    - vfs: Check the truncate maximum size in inode_newsize_ok()
    - fs: Add missing umask strip in vfs_tmpfile
    - thermal: sysfs: Fix cooling_device_stats_setup() error code path
    - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
    - fbcon: Fix accelerated fbdev scrolling while logo is still shown
    - usbnet: Fix linkwatch use-after-free on disconnect
    - fix short copy handling in copy_mc_pipe_to_iter()
    - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory
      leak
    - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
    - parisc: Fix device names in /proc/iomem
    - parisc: Drop pa_swapper_pg_lock spinlock
    - parisc: Check the return value of ioremap() in lba_driver_probe()
    - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
    - riscv:uprobe fix SR_SPIE set/clear handling
    - dt-bindings: riscv: fix SiFive l2-cache's cache-sets
    - RISC-V: kexec: Fixup use of smp_processor_id() in preemptible context
    - RISC-V: Fixup get incorrect user mode PC for kernel mode regs
    - RISC-V: Fixup schedule out issue in machine_crash_shutdown()
    - RISC-V: Add modules to virtual kernel memory layout dump
    - rtc: rx8025: fix 12/24 hour mode detection on RX-8035
    - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
    - drm/shmem-helper: Add missing vunmap on error
    - drm/vc4: hdmi: Disable audio if dmas property is present but empty
    - drm/hyperv-drm: Include framebuffer and EDID headers
    - drm/nouveau: fix another off-by-one in nvbios_addr
    - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend()
    - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime
    - drm/nouveau/kms: Fix failure path for creating DP connectors
    - drm/amdgpu: Check BO's requested pinning domains against its
      preferred_domains
    - bpf: Fix KASAN use-after-free Read in compute_effective_progs
    - btrfs: reject log replay if there is unsupported RO compat flag
    - mtd: rawnand: arasan: Fix clock rate in NV-DDR
    - mtd: rawnand: arasan: Update NAND bus clock instead of system clock
    - um: Remove straying parenthesis
    - um: seed rng using host OS rng
    - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
    - iio: light: isl29028: Fix the warning in isl29028_remove()
    - scsi: sg: Allow waiting for commands to complete on removed device
    - scsi: qla2xxx: Fix incorrect display of max frame size
    - scsi: qla2xxx: Zero undefined mailbox IN registers
    - soundwire: qcom: Check device status before reading devid
    - ksmbd: fix memory leak in smb2_handle_negotiate
    - ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT
    - ksmbd: fix use-after-free bug in smb2_tree_disconect
    - fuse: limit nsec
    - fuse: ioctl: translate ENOSYS
    - serial: mvebu-uart: uart2 error bits clearing
    - md-raid10: fix KASAN warning
    - mbcache: don't reclaim used entries
    - mbcache: add functions to delete entry if unused
    - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator
    - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
    - PCI: Add defines for normal and subtractive PCI bridges
    - powerpc/fsl-pci: Fix Class Code of PCIe Root Port
    - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
    - powerpc/powernv: Avoid crashing if rng is NULL
    - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - coresight: Clear the connection field properly
    - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
    - USB: HCD: Fix URB giveback issue in tasklet function
    - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
    - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
    - usb: dwc3: gadget: refactor dwc3_repare_one_trb
    - usb: dwc3: gadget: fix high speed multiplier setting
    - netfilter: nf_tables: fix null deref due to zeroed list head
    - epoll: autoremove wakers even more aggressively
    - x86: Handle idle=nomwait cmdline properly for x86_idle
    - arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic
    - arm64: Do not forget syscall when starting a new thread.
    - arm64: fix oops in concurrently setting insn_emulation sysctls
    - ext2: Add more validity checks for inode counts
    - sched/fair: Introduce SIS_UTIL to search idle CPU based on sum of util_avg
    - genirq: Don't return error on missing optional irq_request_resources()
    - irqchip/mips-gic: Only register IPI domain when SMP is enabled
    - genirq: GENERIC_IRQ_IPI depends on SMP
    - sched/core: Always flush pending blk_plug
    - irqchip/mips-gic: Check the return value of ioremap() in gic_of_init()
    - wait: Fix __wait_event_hrtimeout for RT/DL tasks
    - ARM: dts: imx6ul: add missing properties for sram
    - ARM: dts: imx6ul: change operating-points to uint32-matrix
    - ARM: dts: imx6ul: fix keypad compatible
    - ARM: dts: imx6ul: fix csi node compatible
    - ARM: dts: imx6ul: fix lcdif node compatible
    - ARM: dts: imx6ul: fix qspi node compatible
    - ARM: dts: BCM5301X: Add DT for Meraki MR26
    - ARM: dts: ux500: Fix Codina accelerometer mounting matrix
    - ARM: dts: ux500: Fix Gavini accelerometer mounting matrix
    - spi: synquacer: Add missing clk_disable_unprepare()
    - ARM: OMAP2+: display: Fix refcount leak bug
    - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug
    - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
    - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
    - ACPI: PM: save NVS memory for Lenovo G40-45
    - ACPI: LPSS: Fix missing check in register_device_clock()
    - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART
    - arm64: dts: qcom: ipq8074: fix NAND node name
    - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
    - ARM: shmobile: rcar-gen2: Increase refcount for new reference
    - firmware: tegra: Fix error check return value of debugfs_create_file()
    - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
    - hwmon: (sht15) Fix wrong assumptions in device remove callback
    - PM: hibernate: defer device probing when resuming from hibernation
    - selinux: fix memleak in security_read_state_kernel()
    - selinux: Add boundary check in put_entry()
    - kasan: test: Silence GCC 12 warnings
    - drm/amdgpu: Remove one duplicated ef removal
    - powerpc/64s: Disable stack variable initialisation for prom_init
    - spi: spi-rspi: Fix PIO fallback on RZ platforms
    - ARM: findbit: fix overflowing offset
    - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
    - arm64: dts: renesas: beacon: Fix regulator node names
    - spi: spi-altera-dfl: Fix an error handling path
    - ARM: bcm: Fix refcount leak in bcm_kona_smc_init
    - ACPI: processor/idle: Annotate more functions to live in cpuidle section
    - ARM: dts: imx7d-colibri-emmc: add cpu1 supply
    - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
    - scsi: hisi_sas: Use managed PCI functions
    - dt-bindings: iio: accel: Add DT binding doc for ADXL355
    - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
    - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
    - x86/pmem: Fix platform-device leak in error path
    - ARM: dts: ast2500-evb: fix board compatible
    - ARM: dts: ast2600-evb: fix board compatible
    - ARM: dts: ast2600-evb-a1: fix board compatible
    - arm64: dts: mt8192: Fix idle-states nodes naming scheme
    - arm64: dts: mt8192: Fix idle-states entry-method
    - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT
    - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
    - locking/lockdep: Fix lockdep_init_map_*() confusion
    - arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor
    - soc: fsl: guts: machine variable might be unset
    - block: fix infinite loop for invalid zone append
    - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
    - ARM: OMAP2+: Fix refcount leak in omapdss_init_of
    - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
    - arm64: dts: qcom: sdm630: disable GPU by default
    - arm64: dts: qcom: sdm630: fix the qusb2phy ref clock
    - arm64: dts: qcom: sdm630: fix gpu's interconnect path
    - arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct sdc2 pinconf
    - cpufreq: zynq: Fix refcount leak in zynq_get_revision
    - regulator: qcom_smd: Fix pm8916_pldo range
    - ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
    - ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1
    - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem
    - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
    - ARM: dts: qcom: pm8841: add required thermal-sensor-cells
    - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
    - stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
    - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
    - ACPI: APEI: explicit init of HEST and GHES in apci_init()
    - drivers/iio: Remove all strcpy() uses
    - ACPI: VIOT: Fix ACS setup
    - arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201 to sm6125
    - arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes
    - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells
    - arm64: dts: mt7622: fix BPI-R64 WPS button
    - arm64: tegra: Fixup SYSRAM references
    - arm64: tegra: Update Tegra234 BPMP channel addresses
    - arm64: tegra: Mark BPMP channels as no-memory-wc
    - arm64: tegra: Fix SDMMC1 CD on P2888
    - erofs: avoid consecutive detection for Highmem memory
    - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
    - spi: Fix simplification of devm_spi_register_controller
    - spi: tegra20-slink: fix UAF in tegra_slink_remove()
    - hwmon: (drivetemp) Add module alias
    - blktrace: Trace remapped requests correctly
    - PM: domains: Ensure genpd_debugfs_dir exists before remove
    - dm writecache: return void from functions
    - dm writecache: count number of blocks read, not number of read bios
    - dm writecache: count number of blocks written, not number of write bios
    - dm writecache: count number of blocks discarded, not number of discard bios
    - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
    - soc: qcom: Make QCOM_RPMPD depend on PM
    - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment
    - irqdomain: Report irq number for NOMAP domains
    - drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
    - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
    - x86/extable: Fix ex_handler_msr() print condition
    - selftests/seccomp: Fix compile warning when CC=clang
    - thermal/tools/tmon: Include pthread and time headers in tmon.h
    - dm: return early from dm_pr_call() if DM device is suspended
    - pwm: sifive: Simplify offset calculation for PWMCMP registers
    - pwm: sifive: Ensure the clk is enabled exactly once per running PWM
    - pwm: sifive: Shut down hardware only after pwmchip_remove() completed
    - pwm: lpc18xx-sct: Reduce number of devm memory allocations
    - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data()
    - pwm: lpc18xx: Fix period handling
    - drm/dp: Export symbol / kerneldoc fixes for DP AUX bus
    - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated
      function
    - ath10k: do not enforce interrupt trigger type
    - drm/st7735r: Fix module autoloading for Okaya RH128128T
    - drm/panel: Fix build error when CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y &&
      CONFIG_DRM_DISPLAY_HELPER=m
    - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
    - ath11k: fix netdev open race
    - drm/mipi-dbi: align max_chunk to 2 in spi_transfer
    - ath11k: Fix incorrect debug_mask mappings
    - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
    - drm/mediatek: Modify dsi funcs to atomic operations
    - drm/mediatek: Separate poweron/poweroff from enable/disable and define new
      funcs
    - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
    - drm/meson: encoder_hdmi: switch to bridge DRM_BRIDGE_ATTACH_NO_CONNECTOR
    - drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init
    - drm/bridge: lt9611uxc: Cancel only driver's work
    - i2c: npcm: Remove own slave addresses 2:10
    - i2c: npcm: Correct slave role behavior
    - i2c: mxs: Silence a clang warning
    - virtio-gpu: fix a missing check to avoid NULL dereference
    - drm/shmem-helper: Unexport drm_gem_shmem_create_with_handle()
    - drm/shmem-helper: Export dedicated wrappers for GEM object functions
    - drm/shmem-helper: Pass GEM shmem object in public interfaces
    - drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init
    - drm: adv7511: override i2c address of cec before accessing it
    - crypto: sun8i-ss - do not allocate memory when handling hash requests
    - crypto: sun8i-ss - fix error codes in allocate_flows()
    - net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
    - can: netlink: allow configuring of fixed bit rates without need for
      do_set_bittiming callback
    - can: netlink: allow configuring of fixed data bit rates without need for
      do_set_data_bittiming callback
    - i2c: Fix a potential use after free
    - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs()
    - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF
    - media: tw686x: Register the irq at the end of probe
    - media: imx-jpeg: Correct some definition according specification
    - media: imx-jpeg: Leave a blank space before the configuration data
    - media: imx-jpeg: Add pm-runtime support for imx-jpeg
    - media: imx-jpeg: use NV12M to represent non contiguous NV12
    - media: imx-jpeg: Set V4L2_BUF_FLAG_LAST at eos
    - media: imx-jpeg: Refactor function mxc_jpeg_parse
    - media: imx-jpeg: Identify and handle precision correctly
    - media: imx-jpeg: Handle source change in a function
    - media: imx-jpeg: Support dynamic resolution change
    - media: imx-jpeg: Align upwards buffer size
    - media: imx-jpeg: Implement drain using v4l2-mem2mem helpers
    - wifi: iwlegacy: 4965: fix potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - drm/radeon: fix incorrrect SPDX-License-Identifiers
    - rcutorture: Warn on individual rcu_torture_init() error conditions
    - rcutorture: Don't cpuhp_remove_state() if cpuhp_setup_state() failed
    - rcutorture: Fix ksoftirqd boosting timing and iteration
    - test_bpf: fix incorrect netdev features
    - crypto: ccp - During shutdown, check SEV data pointer before using
    - drm: bridge: adv7511: Add check for mipi_dsi_driver_register
    - media: imx-jpeg: Disable slot interrupt when frame done
    - drm/mcde: Fix refcount leak in mcde_dsi_bind
    - media: hdpvr: fix error value returns in hdpvr_read
    - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
    - media: driver/nxp/imx-jpeg: fix a unexpected return value problem
    - media: tw686x: Fix memory leak in tw686x_video_init
    - drm/vc4: plane: Remove subpixel positioning check
    - drm/vc4: plane: Fix margin calculations for the right/bottom edges
    - drm/bridge: Add a function to abstract away panels
    - drm/vc4: dsi: Switch to devm_drm_of_get_bridge
    - drm/vc4: Use of_device_get_match_data()
    - drm/vc4: dsi: Release workaround buffer and DMA
    - drm/vc4: dsi: Correct DSI divider calculations
    - drm/vc4: dsi: Correct pixel order for DSI0
    - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
    - drm/vc4: dsi: Fix dsi0 interrupt support
    - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
      iteration
    - drm/vc4: hdmi: Fix HPD GPIO detection
    - drm/vc4: hdmi: Avoid full hdmi audio fifo writes
    - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register
    - drm/vc4: hdmi: Fix timings for interlaced modes
    - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
    - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
    - selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0
    - drm/rockchip: vop: Don't crash for invalid duplicate_state()
    - drm/rockchip: Fix an error handling path rockchip_dp_probe()
    - drm/mediatek: dpi: Remove output format of YUV
    - drm/mediatek: dpi: Only enable dpi after the bridge is enabled
    - drm: bridge: sii8620: fix possible off-by-one
    - hinic: Use the bitmap API when applicable
    - net: hinic: fix bug that ethtool get wrong stats
    - net: hinic: avoid kernel hung in hinic_get_stats64()
    - drm/msm/mdp5: Fix global state lock backoff
    - crypto: hisilicon/sec - don't sleep when in softirq
    - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
    - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
    - drm/msm: Avoid dirtyfb stalls on video mode displays (v2)
    - drm/msm/dpu: Fix for non-visible planes
    - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
    - mt76: mt7615: do not update pm stats in case of error
    - ieee80211: add EHT 1K aggregation definitions
    - mt76: mt7921: fix aggregation subframes setting to HE max
    - mt76: mt7921: enlarge maximum VHT MPDU length to 11454
    - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
    - mediatek: mt76: eeprom: fix missing of_node_put() in
      mt76_find_power_limits_node()
    - skmsg: Fix invalid last sg check in sk_msg_recvmsg()
    - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
    - tcp: make retransmitted SKB fit into the send window
    - libbpf: Fix the name of a reused map
    - selftests: timers: valid-adjtimex: build fix for newer toolchains
    - selftests: timers: clocksource-switch: fix passing errors from child
    - bpf: Fix subprog names in stack traces.
    - fs: check FMODE_LSEEK to control internal pipe splicing
    - media: cedrus: h265: Fix flag name
    - media: hantro: postproc: Fix motion vector space size
    - media: hantro: Simplify postprocessor
    - media: hevc: Embedded indexes in RPS
    - media: staging: media: hantro: Fix typos
    - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
    - wifi: p54: Fix an error handling path in p54spi_probe()
    - wifi: p54: add missing parentheses in p54_flush()
    - selftests/bpf: fix a test for snprintf() overflow
    - libbpf: fix an snprintf() overflow check
    - can: pch_can: do not report txerr and rxerr during bus-off
    - can: rcar_can: do not report txerr and rxerr during bus-off
    - can: sja1000: do not report txerr and rxerr during bus-off
    - can: hi311x: do not report txerr and rxerr during bus-off
    - can: sun4i_can: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
    - can: usb_8dev: do not report txerr and rxerr during bus-off
    - can: error: specify the values of data[5..7] of CAN error frames
    - can: pch_can: pch_can_error(): initialize errc before using it
    - Bluetooth: hci_intel: Add check for platform_driver_register
    - i2c: cadence: Support PEC for SMBus block read
    - i2c: mux-gpmux: Add of_node_put() when breaking out of loop
    - wifi: wil6210: debugfs: fix uninitialized variable use in
      `wil_write_file_wmi()`
    - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
    - wifi: libertas: Fix possible refcount leak in if_usb_probe()
    - media: cedrus: hevc: Add check for invalid timestamp
    - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS
      cipher/version
    - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
    - net/mlx5: Adjust log_max_qp to be 18 at most
    - crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
    - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
    - crypto: hisilicon/sec - fix auth key size error
    - inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
    - ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
    - net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
    - netdevsim: fib: Fix reference count leak on route deletion failure
    - wifi: rtw88: check the return value of alloc_workqueue()
    - iavf: Fix max_rate limiting
    - iavf: Fix 'tc qdisc show' listing too many queues
    - netdevsim: Avoid allocation warnings triggered from user space
    - net: rose: fix netdev reference changes
    - net: ionic: fix error check for vlan flags in ionic_set_nic_features()
    - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
    - net: usb: make USB_RTL8153_ECM non user configurable
    - wireguard: ratelimiter: use hrtimer in selftest
    - wireguard: allowedips: don't corrupt stack when detecting overflow
    - HID: amd_sfh: Don't show client init failed as error when discovery fails
    - clk: renesas: r9a06g032: Fix UART clkgrp bitsel
    - mtd: maps: Fix refcount leak in of_flash_probe_versatile
    - mtd: maps: Fix refcount leak in ap_flash_init
    - mtd: rawnand: meson: Fix a potential double free issue
    - of: check previous kernel's ima-kexec-buffer against memory bounds
    - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
    - scsi: qla2xxx: edif: Fix potential stuck session in sa update
    - scsi: qla2xxx: edif: Reduce connection thrash
    - scsi: qla2xxx: edif: Fix inconsistent check of db_flags
    - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication
      application
    - scsi: qla2xxx: edif: Add retry for ELS passthrough
    - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
    - scsi: qla2xxx: edif: Fix n2n login retry for secure device
    - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
    - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported
    - phy: samsung: exynosautov9-ufs: correct TSRV register configurations
    - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
    - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
    - HID: cp2112: prevent a buffer overflow in cp2112_xfer()
    - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
    - mtd: partitions: Fix refcount leak in parse_redboot_of
    - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
    - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
    - PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()
    - fpga: altera-pr-ip: fix unsigned comparison with less than zero
    - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
    - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
    - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()
    - usb: xhci: tegra: Fix error check
    - netfilter: xtables: Bring SPDX identifier back
    - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
    - scsi: qla2xxx: edif: Reduce disruption due to multiple app start
    - scsi: qla2xxx: edif: Fix no login after app start
    - scsi: qla2xxx: edif: Tear down session if keys have been removed
    - scsi: qla2xxx: edif: Fix session thrash
    - scsi: qla2xxx: edif: Fix no logout on delete for N2N
    - iio: accel: bma400: Fix the scale min and max macro values
    - platform/chrome: cros_ec: Always expose last resume result
    - iio: accel: bma400: Reordering of header files
    - clk: mediatek: reset: Fix written reset bit offset
    - lib/test_hmm: avoid accessing uninitialized pages
    - memremap: remove support for external pgmap refcounts
    - mm/memremap: fix memunmap_pages() race with get_dev_pagemap()
    - KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
    - mwifiex: Ignore BTCOEX events from the 88W8897 firmware
    - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
    - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel
    - scsi: iscsi: Add helper to remove a session from the kernel
    - scsi: iscsi: Fix session removal on shutdown
    - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
    - mtd: dataflash: Add SPI ID table
    - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level
    - misc: rtsx: Fix an error handling path in rtsx_pci_probe()
    - driver core: fix potential deadlock in __driver_attach
    - clk: qcom: clk-krait: unlock spin after mux completion
    - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
    - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
    - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
    - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock
    - usb: host: xhci: use snprintf() in xhci_decode_trb()
    - RDMA/rxe: Fix deadlock in rxe_do_local_ops()
    - clk: qcom: ipq8074: fix NSS core PLL-s
    - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
    - clk: qcom: ipq8074: fix NSS port frequency tables
    - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
    - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
    - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain
    - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not
      enabled.
    - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register
    - mm/mempolicy: fix get_nodes out of bound access
    - PCI: dwc: Stop link on host_init errors and de-initialization
    - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
    - PCI: dwc: Disable outbound windows only for controllers using iATU
    - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
    - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
    - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
    - soundwire: bus_type: fix remove and shutdown support
    - soundwire: revisit driver bind/unbind and callbacks
    - KVM: arm64: Don't return from void function
    - dmaengine: sf-pdma: Add multithread support for a DMA channel
    - PCI: endpoint: Don't stop controller when unbinding endpoint function
    - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
    - intel_th: Fix a resource leak in an error handling path
    - intel_th: msu-sink: Potential dereference of null pointer
    - intel_th: msu: Fix vmalloced buffers
    - binder: fix redefinition of seq_file attributes
    - staging: rtl8192u: Fix sleep in atomic context bug in
      dm_fsync_timer_callback
    - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
    - mmc: mxcmmc: Silence a clang warning
    - mmc: renesas_sdhi: Get the reset handle early in the probe
    - memstick/ms_block: Fix some incorrect memory allocation
    - memstick/ms_block: Fix a memory leak
    - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
    - of: device: Fix missing of_node_put() in of_dma_set_restricted_buffer
    - mmc: block: Add single read for 4k sector cards
    - KVM: s390: pv: leak the topmost page table when destroy fails
    - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
    - scsi: smartpqi: Fix DMA direction for RAID requests
    - xtensa: iss/network: provide release() callback
    - xtensa: iss: fix handling error cases in iss_net_configure()
    - usb: gadget: udc: amd5536 depends on HAS_DMA
    - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
    - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
    - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
    - usb: dwc3: qcom: fix missing optional irq warnings
    - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
    - phy: stm32: fix error return in stm32_usbphyc_phy_init
    - interconnect: imx: fix max_node_id
    - um: random: Don't initialise hwrng struct with zero
    - RDMA/irdma: Fix a window for use-after-free
    - RDMA/irdma: Fix VLAN connection with wildcard address
    - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
    - RDMA/rtrs-srv: Fix modinfo output for stringify
    - RDMA/rtrs: Fix warning when use poll mode on client side.
    - RDMA/rtrs: Replace duplicate check with is_pollqueue helper
    - RDMA/rtrs: Introduce destroy_cq helper
    - RDMA/rtrs: Do not allow sessname to contain special symbols / and .
    - RDMA/rtrs: Rename rtrs_sess to rtrs_path
    - RDMA/rtrs-srv: Rename rtrs_srv_sess to rtrs_srv_path
    - RDMA/rtrs-clt: Rename rtrs_clt_sess to rtrs_clt_path
    - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function
    - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
    - RDMA/hns: Fix incorrect clearing of interrupt status register
    - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
    - iio: cros: Register FIFO callback after sensor is registered
    - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk
    - RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
    - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
    - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
    - HID: amd_sfh: Add NULL check for hid device
    - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t)
    - scripts/gdb: lx-dmesg: read records individually
    - scripts/gdb: fix 'lx-dmesg' on 32 bits arch
    - RDMA/rxe: Fix mw bind to allow any consumer key portion
    - mmc: cavium-octeon: Add of_node_put() when breaking out of loop
    - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
    - HID: alps: Declare U1_UNICORN_LEGACY support
    - RDMA/rxe: For invalidate compare according to set keys in mr
    - PCI: tegra194: Fix Root Port interrupt handling
    - PCI: tegra194: Fix link up retry sequence
    - HID: amd_sfh: Handle condition of "no sensors"
    - USB: serial: fix tty-port initialized comments
    - usb: cdns3: change place of 'priv_ep' assignment in
      cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
    - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in
      spi_nor_erase_{sector,chip}()
    - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
    - platform/olpc: Fix uninitialized data in debugfs write
    - RDMA/srpt: Duplicate port name members
    - RDMA/srpt: Introduce a reference count in struct srpt_device
    - RDMA/srpt: Fix a use-after-free
    - android: binder: stop saving a pointer to the VMA
    - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
    - selftests: kvm: set rax before vmcall
    - of/fdt: declared return type does not match actual return type
    - RDMA/mlx5: Add missing check for return value in get namespace flow
    - RDMA/rxe: Add memory barriers to kernel queues
    - RDMA/rxe: Remove the is_user members of struct rxe_sq/rxe_rq/rxe_srq
    - RDMA/rxe: Fix error unwind in rxe_create_qp()
    - block/rnbd-srv: Set keep_id to true after mutex_trylock
    - null_blk: fix ida error handling in null_add_dev()
    - nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
    - nvme: define compat_ioctl again to unbreak 32-bit userspace.
    - nvme: disable namespace access for unsupported metadata
    - nvme: don't return an error from nvme_configure_metadata
    - nvme: catch -ENODEV from nvme_revalidate_zones again
    - block/bio: remove duplicate append pages code
    - block: ensure iov_iter advances for added pages
    - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
    - ext4: recover csum seed of tmp_inode after migrating to extents
    - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
    - usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable()
    - opp: Fix error check in dev_pm_opp_attach_genpd()
    - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
    - ASoC: samsung: Fix error handling in aries_audio_probe
    - ASoC: imx-audmux: Silence a clang warning
    - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
    - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
    - ASoC: codecs: da7210: add check for i2c_add_driver
    - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
    - serial: 8250: Export ICR access helpers for internal use
    - serial: 8250: dma: Allow driver operations before starting DMA transfers
    - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
    - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
    - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
    - rpmsg: char: Add mutex protection for rpmsg_eptdev_open()
    - rpmsg: mtk_rpmsg: Fix circular locking dependency
    - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
    - selftests/livepatch: better synchronize test_klp_callbacks_busy
    - profiling: fix shift too large makes kernel panic
    - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
    - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
    - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI
      check in power_pmu_disable
    - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to
      static variables
    - tty: n_gsm: Delete gsmtty open SABM frame when config requester
    - tty: n_gsm: fix user open not possible at responder until initiator open
    - tty: n_gsm: fix tty registration before control channel open
    - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
    - tty: n_gsm: fix missing timer to handle stalled links
    - tty: n_gsm: fix non flow control frames during mux flow off
    - tty: n_gsm: fix packet re-transmission without open control channel
    - tty: n_gsm: fix race condition in gsmld_write()
    - tty: n_gsm: fix resource allocation order in gsm_activate_mux()
    - ASoC: qcom: Fix missing of_node_put() in
      asoc_qcom_lpass_cpu_platform_probe()
    - ASoC: imx-card: Fix DSD/PDM mclk frequency
    - remoteproc: qcom: wcnss: Fix handling of IRQs
    - vfio/ccw: Do not change FSM state in subchannel event
    - serial: 8250_fsl: Don't report FE, PE and OE twice
    - tty: n_gsm: fix wrong T1 retry count handling
    - tty: n_gsm: fix DM command
    - tty: n_gsm: fix missing corner cases in gsmld_poll()
    - MIPS: vdso: Utilize __pa() for gic_pfn
    - swiotlb: fail map correctly with failed io_tlb_default_mem
    - ASoC: mt6359: Fix refcount leak bug
    - serial: 8250_bcm7271: Save/restore RTS in suspend/resume
    - iommu/exynos: Handle failed IOMMU device registration properly
    - 9p: fix a bunch of checkpatch warnings
    - 9p: Drop kref usage
    - 9p: Add client parameter to p9_req_put()
    - net: 9p: fix refcount leak in p9_read_work() error handling
    - MIPS: Fixed __debug_virt_addr_valid()
    - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
    - kfifo: fix kfifo_to_user() return type
    - lib/smp_processor_id: fix imbalanced instrumentation_end() call
    - proc: fix a dentry lock race between release_task and lookup
    - remoteproc: qcom: pas: Check if coredump is enabled
    - remoteproc: sysmon: Wait for SSCTL service to come up
    - mfd: t7l66xb: Drop platform disable callback
    - mfd: max77620: Fix refcount leak in max77620_initialise_fps
    - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
    - perf tools: Fix dso_id inode generation comparison
    - s390/dump: fix old lowcore virtual vs physical address confusion
    - s390/maccess: fix semantics of memcpy_real() and its callers
    - s390/crash: fix incorrect number of bytes to copy to user space
    - s390/zcore: fix race when reading from hardware system area
    - ASoC: fsl_asrc: force cast the asrc_format type
    - ASoC: fsl-asoc-card: force cast the asrc_format type
    - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format
    - ASoC: imx-card: use snd_pcm_format_t type for asrc_format
    - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
    - fuse: Remove the control interface for virtio-fs
    - ASoC: audio-graph-card: Add of_node_put() in fail path
    - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
    - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
      armada_37xx_wdt_probe()
    - video: fbdev: amba-clcd: Fix refcount leak bugs
    - video: fbdev: sis: fix typos in SiS_GetModeID()
    - ASoC: mchp-spdifrx: disable end of block interrupt on failures
    - powerpc/32: Call mmu_mark_initmem_nx() regardless of data block mapping.
    - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
    - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
    - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
      alias
    - tty: serial: fsl_lpuart: correct the count of break characters
    - s390/dump: fix os_info virtual vs physical address confusion
    - s390/smp: cleanup target CPU callback starting
    - s390/smp: cleanup control register update routines
    - s390/maccess: rework absolute lowcore accessors
    - s390/smp: enforce lowcore protection on CPU restart
    - f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
    - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
    - powerpc/xive: Fix refcount leak in xive_get_max_prio
    - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
    - perf symbol: Fail to read phdr workaround
    - kprobes: Forbid probing on trampoline and BPF code areas
    - x86/bus_lock: Don't assume the init value of DEBUGCTLMSR.BUS_LOCK_DETECT to
      be zero
    - powerpc/pci: Fix PHB numbering when using opal-phbid
    - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
    - scripts/faddr2line: Fix vmlinux detection on arm64
    - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
    - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
    - x86/numa: Use cpumask_available instead of hardcoded NULL check
    - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
    - tools/thermal: Fix possible path truncations
    - sched: Fix the check of nr_running at queue wakelist
    - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle
    - sched/core: Do not requeue task on CPU excluded from cpus_mask
    - f2fs: allow compression for mmap files in compress_mode=user
    - f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED
    - video: fbdev: vt8623fb: Check the size of screen before memset_io()
    - video: fbdev: arkfb: Check the size of screen before memset_io()
    - video: fbdev: s3fb: Check the size of screen before memset_io()
    - scsi: ufs: core: Correct ufshcd_shutdown() flow
    - scsi: zfcp: Fix missing auto port scan and thus missing target ports
    - scsi: qla2xxx: Fix imbalance vha->vref_count
    - scsi: qla2xxx: Fix discovery issues in FC-AL topology
    - scsi: qla2xxx: Turn off multi-queue for 8G adapters
    - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
    - scsi: qla2xxx: Fix excessive I/O error messages by default
    - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
    - scsi: qla2xxx: Wind down adapter after PCIe error
    - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
    - scsi: qla2xxx: Fix losing target when it reappears during delete
    - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
    - x86/bugs: Enable STIBP for IBPB mitigated RETBleed
    - ftrace/x86: Add back ftrace_expected assignment
    - x86/kprobes: Update kcb status flag after singlestepping
    - x86/olpc: fix 'logical not is only applied to the left hand side'
    - SMB3: fix lease break timeout when multiple deferred close handles for the
      same file.
    - Input: gscps2 - check return value of ioremap() in gscps2_probe()
    - __follow_mount_rcu(): verify that mount_lock remains unchanged
    - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
    - drm/mediatek: Allow commands to be sent during video mode
    - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer
    - crypto: blake2s - remove shash module
    - [Config] updateconfigs for CRYPTO_LIB_BLAKE2S
    - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
    - usbnet: smsc95xx: Don't clear read-only PHY interrupt
    - usbnet: smsc95xx: Avoid link settings race on interrupt reception
    - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
    - scsi: lpfc: SLI path split: Refactor lpfc_iocbq
    - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
    - scsi: lpfc: SLI path split: Refactor SCSI paths
    - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
      VMID
    - intel_th: pci: Add Meteor Lake-P support
    - intel_th: pci: Add Raptor Lake-S PCH support
    - intel_th: pci: Add Raptor Lake-S CPU support
    - KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
    - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
    - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
    - PCI/AER: Iterate over error counters instead of error strings
    - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
    - serial: 8250_pci: Refactor the loop in pci_ite887x_init()
    - serial: 8250_pci: Replace dev_*() by pci_*() macros
    - serial: 8250: Fold EndRun device support into OxSemi Tornado code
    - serial: 8250: Add proper clock handling for OxSemi PCIe devices
    - tty: 8250: Add support for Brainboxes PX cards.
    - dm writecache: set a default MAX_WRITEBACK_JOBS
    - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature
      verification
    - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
    - net/9p: Initialize the iounit field during fid creation
    - ARM: remove some dead code
    - timekeeping: contribute wall clock to rng on time change
    - locking/csd_lock: Change csdlock_debug from early_param to __setup
    - block: remove the struct blk_queue_ctx forward declaration
    - block: don't allow the same type rq_qos add more than once
    - btrfs: ensure pages are unlocked on cow_file_range() failure
    - btrfs: reset block group chunk force if we have to wait
    - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA
    - ACPI: CPPC: Do not prevent CPPC from working in the future
    - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
    - KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
    - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU
    - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support
      global_ctrl
    - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL
    - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists
    - dm raid: fix address sanitizer warning in raid_status
    - dm raid: fix address sanitizer warning in raid_resume
    - tracing: Add '__rel_loc' using trace event macros
    - tracing: Avoid -Warray-bounds warning for __rel_loc macro
    - ext4: update s_overhead_clusters in the superblock during an on-line resize
    - ext4: fix extent status tree race in writeback error recovery path
    - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
    - ext4: fix use-after-free in ext4_xattr_set_entry
    - ext4: correct max_inline_xattr_value_size computing
    - ext4: correct the misjudgment in ext4_iget_extra_inode
    - ext4: fix warning in ext4_iomap_begin as race between bmap and write
    - ext4: check if directory block is within i_size
    - ext4: make sure ext4_append() always allocates new block
    - ext4: remove EA inode entry from mbcache on inode eviction
    - ext4: use kmemdup() to replace kmalloc + memcpy
    - ext4: unindent codeblock in ext4_xattr_block_set()
    - ext4: fix race when reusing xattr blocks
    - KEYS: asymmetric: enforce SM2 signature use pkey algo
    - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
    - xen-blkback: fix persistent grants negotiation
    - xen-blkback: Apply 'feature_persistent' parameter when connect
    - xen-blkfront: Apply 'feature_persistent' parameter when connect
    - powerpc: Fix eh field when calling lwarx on PPC32
    - tracing: Use a struct alignof to determine trace event field alignment
    - mac80211: fix a memory leak where sta_info is not freed
    - tcp: fix over estimation in sk_forced_mem_schedule()
    - crypto: lib/blake2s - reduce stack frame usage in self test
    - Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
    - Revert "s390/smp: enforce lowcore protection on CPU restart"
    - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated
      function
    - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode
    - drm/vc4: change vc4_dma_range_matches from a global to static
    - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
    - drm/msm: Fix dirtyfb refcounting
    - drm/meson: Fix refcount leak in meson_encoder_hdmi_init
    - io_uring: mem-account pbuf buckets
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
    - drm/bridge: Move devm_drm_of_get_bridge to bridge/panel.c
    - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
    - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
    - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
    - Linux 5.15.61

* CVE-2022-3028
    - af_key: Do not call xfrm_probe_algs in parallel

* CVE-2022-2978
    - fs: fix UAF/GPF bug in nilfs_mdt_destroy

* CVE-2022-40768
    - scsi: stex: Properly zero out the passthrough command structure

-- Stefan Bader <stefan.bader@canonical.com>  Mon, 17 Oct 2022 20:36:48 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-07:

This bug is awaiting verification that the linux-bluefield/5.15.0-1010.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-bluefield verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-12-12:

This bug is awaiting verification that the linux-nvidia/5.15.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia

Thadeu Lima de Souza Cascardo (cascardo) on 2023-02-09

Changed in linux-oem-6.0 (Ubuntu Kinetic):
status:	New → Invalid
Changed in linux-oem-6.0 (Ubuntu):
status:	New → Invalid
Changed in linux-oem-6.0 (Ubuntu Jammy):
status:	New → In Progress
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance:	Undecided → Medium

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-02-13:

This bug is awaiting verification that the linux-oem-6.0/6.0.0-1012.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oem-6.0

Timo Aaltonen (tjaalton) on 2023-02-14

Changed in linux-oem-6.0 (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-03-01:

This bug was fixed in the package linux-oem-6.0 - 6.0.0-1012.12

---------------
linux-oem-6.0 (6.0.0-1012.12) jammy; urgency=medium

* jammy/linux-oem-6.0: 6.0.0-1012.12 -proposed tracker (LP: #2004348)

* CVE-2023-0469
- io_uring/filetable: fix file reference underflow

* LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
- SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

* CVE-2023-0045
- x86/bugs: Flush IBP in ib_prctl_set()

* CVE-2022-47520
- wifi: wilc1000: validate pairwise and authentication suite offsets

* CVE-2022-3567
- ipv6: Fix data races around sk->sk_prot.

* CVE-2022-45934
- Bluetooth: L2CAP: Fix u8 overflow

* CVE-2022-42896
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

  * CVE-2022-43945
    - NFSD: Remove "inline" directives on op_rsize_bop helpers
    - NFSD: Cap rsize_bop result based on send buffer size

* CVE-2022-20369
- NFSD: fix use-after-free in __nfs42_ssc_open()

  * CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP

* Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

-- Timo Aaltonen <email address hidden> Fri, 10 Feb 2023 12:37:27 +0200

Changed in linux-oem-6.0 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Thadeu Lima de Souza Cascardo (cascardo) on 2023-06-13

Changed in linux-oem-6.1 (Ubuntu Kinetic):
status:	New → Invalid
Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in linux-oem-6.1 (Ubuntu):
status:	New → Invalid

Timo Aaltonen (tjaalton) on 2023-06-16

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-19:

This bug is awaiting verification that the linux-oem-6.1/6.1.0-1015.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oem-6.1

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-06-28:

#10

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1015.15

---------------
linux-oem-6.1 (6.1.0-1015.15) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1015.15 -proposed tracker (LP: #2024152)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis

  * CVE-2023-2430
    - io_uring: get rid of double locking
    - io_uring: extract a io_msg_install_complete helper
    - io_uring/msg_ring: move double lock/unlock helpers higher up
    - io_uring/msg_ring: fix missing lock on overflow for IOPOLL

* LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
- SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

* CVE-2023-2176
- RDMA/core: Refactor rdma_bind_addr

* ALSA: hda/realtek: Enable headset onLenovo M70/M90 (LP: #2021449)
- ALSA: hda/realtek: Enable headset onLenovo M70/M90

  * Add microphone support of the front headphone port on P3 Tower
    (LP: #2023650)
    - ALSA: hda/realtek: Add Lenovo P3 Tower platform

  * Add support of Smart Amplifier IC ALC1319D on Intel platforms
    (LP: #2023201)
    - ASoC: Intel: soc-acpi: add table for RPL Dell SKU 0BDA

* Fix speaker volume too low on HP G10 laptops (LP: #2023197)
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform

  * System hang at reading amdgpu sysfs attribute psp_vbflash (LP: #2023307)
    - SAUCE: drm/amd: Make sure image is written to trigger VBIOS image update
      flow

  * System either hang with black screen or rebooted on entering suspend on AMD
    Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics (LP: #2020685)
    - drm/amdgpu: refine get gpu clock counter method
    - drm/amdgpu/gfx11: update gpu_clock_counter logic

  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
    dongle (LP: #2021949)
    - thunderbolt: Increase timeout of DP OUT adapter handshake
    - thunderbolt: Do not touch CL state configuration during discovery
    - thunderbolt: Increase DisplayPort Connection Manager handshake timeout

  * Fix Disable thunderbolt clx make edp-monitor garbage while moving the
    touchpad (LP: #2023004)
    - drm/i915: Explain the magic numbers for AUX SYNC/precharge length
    - drm/i915: Use 18 fast wake AUX sync len

* Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
- r8152: add USB device driver for config selection

  * FM350(mtk_t7xx) failed to suspend, or early wake while suspending
    (LP: #2020743)
    - net: wwan: t7xx: Ensure init is completed before system sleep

-- Timo Aaltonen <email address hidden> Fri, 16 Jun 2023 11:51:13 +0300

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1015.15

---------------
linux-oem-6.1 (6.1.0-1015.15) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1015.15 -proposed tracker (LP: #2024152)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis

* LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
    - SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

* Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

* CVE-2023-2176
    - RDMA/core: Refactor rdma_bind_addr

* ALSA: hda/realtek: Enable headset onLenovo M70/M90 (LP: #2021449)
    - ALSA: hda/realtek: Enable headset onLenovo M70/M90

* Add microphone support of the front headphone port on P3 Tower
    (LP: #2023650)
    - ALSA: hda/realtek: Add Lenovo P3 Tower platform

* Add support of Smart Amplifier IC ALC1319D  on Intel platforms
    (LP: #2023201)
    - ASoC: Intel: soc-acpi: add table for RPL Dell SKU 0BDA

* Fix speaker volume too low on HP G10 laptops (LP: #2023197)
    - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform

* System hang at reading amdgpu sysfs attribute psp_vbflash (LP: #2023307)
    - SAUCE: drm/amd: Make sure image is written to trigger VBIOS image update
      flow

* Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
    - r8152: add USB device driver for config selection

* FM350(mtk_t7xx) failed to suspend, or early wake while suspending
    (LP: #2020743)
    - net: wwan: t7xx: Ensure init is completed before system sleep

-- Timo Aaltonen <timo.aaltonen@canonical.com>  Fri, 16 Jun 2023 11:51:13 +0300

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package