Ubuntu
linux-gcp package

Add support for SEV-SNP

Bug #2001605 reported by Khaled El Mously on 2023-01-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-gcp (Ubuntu)	New	Undecided	Unassigned
	Jammy	Fix Released	Critical	Khaled El Mously

Bug Description

Version 3 of AMD's Secure Encrypted Virtualization is called SNP (Secure Nested Pages). Support for this has been added to the kernel, mostly in v5.19 with some prerequisites from v5.16. This feature is requested to be backported to Jammy (5.15).

More information at https://canonical.lightning.force.com/lightning/r/Case/5004K00000EA2meQAD/view

[Impact]
No support for SEV-SNP on AMD EPYC2 CPUs currently

[Fix]
Add SEV-SNP support patches.

[Test]
Extensive testing by the cloud team over several months, testing general functionality under SEV-SNP.

[Regression Potential]
This was never working so there should be no risk of regression for SEV-SNP.As it does change those files it can have an effect on existing SEV functionality in case of a bug. The code is limited so no regression outside of SEV is expected.

See original description

Tags:

CVE References

2022-47940

Khaled El Mously (kmously) on 2023-01-04

no longer affects:	linux-aws (Ubuntu)
description:	updated

Khaled El Mously (kmously) on 2023-01-04

description:	updated
description:	updated

Thadeu Lima de Souza Cascardo (cascardo) on 2023-01-17

Changed in linux-gcp (Ubuntu Jammy):
assignee:	nobody → Khaled El Mously (kmously)
importance:	Undecided → Critical
status:	New → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-01-18:

This bug is awaiting verification that the linux-gcp/5.15.0-1028.35 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-gcp verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-02-13:

Download full text (61.1 KiB)

This bug was fixed in the package linux-gcp - 5.15.0-1029.36

---------------
linux-gcp (5.15.0-1029.36) jammy; urgency=medium

* jammy/linux-gcp: 5.15.0-1029.36 -proposed tracker (LP: #2003429)

[ Ubuntu: 5.15.0-60.66 ]

  * jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux-gcp (5.15.0-1028.35) jammy; urgency=medium

* jammy/linux-gcp: 5.15.0-1028.35 -proposed tracker (LP: #2001767)

  * Add support for SEV-SNP (LP: #2001605)
    - KVM: SVM: Define sev_features and vmpl field in the VMSA
    - KVM: SEV: Refactor out sev_es_state struct
    - KVM: SVM: Create a separate mapping for the SEV-ES save area
    - KVM: SVM: Create a separate mapping for the GHCB save area
    - KVM: SVM: Update the SEV-ES save area mapping
    - x86/boot: Introduce helpers for MSR reads/writes
    - x86/boot: Use MSR read/write helpers instead of inline assembly
    - SAUCE: x86/compressed/64: Detect/setup SEV/SME features earlier in boot
    - x86/sev: Detect/setup SEV/SME features earlier in boot
    - x86/sev: Use CC_ATTR attribute to generalize string I/O unroll
    - x86/mm: Extend cc_attr to include AMD SEV-SNP
    - x86/sev: Shorten GHCB terminate macro names
    - SAUCE: x86/sev: Define the Linux specific guest termination reasons
    - x86/sev: Save the negotiated GHCB version
    - x86/sev: Carve out HV call's return value verification
    - x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV
    - x86/sev: Check SEV-SNP features support
    - x86/sev: Add a helper for the PVALIDATE instruction
    - x86/sev: Check the vmpl level
    - x86/compressed: Add helper for validating pages in the decompression stage
    - x86/compressed: Register GHCB memory when SEV-SNP is active
    - x86/sev: Register GHCB memory when SEV-SNP is active
    - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c
    - x86/sev: Add helper for validating pages in early enc attribute changes
    - treewide: Replace the use of mem_encrypt_active() with cc_platform_has()
    - x86/head64: Carve out the guest encryption postprocessing into a helper
    - SAUCE: x86/kernel: Make the .bss..decrypted section shared in RMP table
    - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active
    - SAUCE: x86/mm: Add support to validate memory when changing C-bit
    - x86/sev: Remove do_early_exception() forward declarations
    - x86/sev: Use SEV-SNP AP creation to start secondary CPUs
    - x86/head/64: Re-enable stack protection
    - x86/compressed/acpi: Move EFI detection to helper
    - x86/compressed/acpi: Move EFI system table lookup to helper
    - x86/compressed/acpi: Move EFI config table lookup to helper
    - x86/compressed/acpi: Move EFI vendor table lookup to helper
    - x86/compressed/acpi: Move EFI kexec handling into common code
    - x86/boot: Add Confidential Computing type to setup_data
    - KVM: x86: Move lookup of indexed CPUID leafs to helper
    - x86/sev: Move MSR-based VMGEXITs for CPUID to helper
    - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers
    - x86/boot: Add a pointer to Confident...

This bug was fixed in the package linux-gcp - 5.15.0-1029.36

---------------
linux-gcp (5.15.0-1029.36) jammy; urgency=medium

* jammy/linux-gcp: 5.15.0-1029.36 -proposed tracker (LP: #2003429)

[ Ubuntu: 5.15.0-60.66 ]

* jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux-gcp (5.15.0-1028.35) jammy; urgency=medium

* jammy/linux-gcp: 5.15.0-1028.35 -proposed tracker (LP: #2001767)

[ Ubuntu: 5.15.0-59.65 ]

* jammy/linux: 5.15.0-59.65 -proposed tracker (LP: #2001801)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2022-47940
    - ksmbd: validate length in smb2_write()
  * Fix iosm: WWAN cannot build the connection (DW5823e) (LP: #1998115)
    - net: wwan: iosm: fix driver not working with INTEL_IOMMU disabled
    - [Config] CONFIG_IOSM update annotations on arm64 armhf ppc64el s390x
  * support for same series backports versioning numbers (LP: #1993563)
    - [Packaging] sameport -- add support for sameport versioning
  * [DEP-8] Run ADT regression suite for lowlatency kernels Jammy and later
    (LP: #1999528)
    - [DEP-8] Fix regression suite to run on lowlatency
  * Micron NVME storage failure [1344,5407] (LP: #1998883)
    - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  * Jammy update: v5.15.78 upstream stable release (LP: #1998843)
    - scsi: lpfc: Rework MIB Rx Monitor debug info logic
    - serial: ar933x: Deassert Transmit Enable on ->rs485_config()
    - KVM: x86: Trace re-injected exceptions
    - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
    - drm/amd/display: explicitly disable psr_feature_enable appropriately
    - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    - HID: playstation: add initial DualSense Edge controller support
    - KVM: x86: Protect the unused bits in MSR exiting flags
    - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
    - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
    - RDMA/cma: Use output interface for net_dev check
    - IB/hfi1: Correctly move list in sc_disable()
    - RDMA/hns: Remove magic number
    - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx()
    - RDMA/hns: Disable local invalidate operation
    - NFSv4: Fix a potential state reclaim deadlock
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
    - NFSv4.2: Fixup CLONE dest file size for zero-length count
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - net: dsa: fall back to default tagger if we can't load the one from DT
    - nfc: fdp: Fix potential memory leak in fdp_nci_send()
    - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - netfilter: nf_tables: netlink notifier might race to release objects
    - netfilter: nf_tables: release flow rule object from commit path
    - ipvs: use explicitly signed chars
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix inode list leak during backref walking at find_parent_nodes()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - netfilter: ipset: enforce documented limit to prevent allocating huge memory
    - Bluetooth: virtio_bt: Use skb_put to set length
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - Bluetooth: L2CAP: Fix memory leak in vhci_write
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - ibmvnic: Free rwi on reset success
    - stmmac: dwmac-loongson: fix invalid mdio_node
    - net/smc: Fix possible leaked pernet namespace in smc_init()
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - vsock: fix possible infinite sleep in vsock_connectible_wait_data()
    - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
    - drm/msm/hdmi: fix IRQ lifetime
    - video/fbdev/stifb: Implement the stifb_fillrect() function
    - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
    - mtd: parsers: bcm47xxpart: print correct offset on read error
    - mtd: parsers: bcm47xxpart: Fix halfblock reads
    - s390/uaccess: add missing EX_TABLE entries to __clear_user()
    - s390/cio: fix out-of-bounds access on cio_ignore free
    - media: rkisp1: Don't pass the quantization to rkisp1_csm_config()
    - media: rkisp1: Initialize color space on resizer sink and source pads
    - media: rkisp1: Use correct macro for gradient registers
    - media: rkisp1: Zero v4l2_subdev_format fields in when validating links
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - media: meson: vdec: fix possible refcount leak in vdec_probe()
    - media: v4l: subdev: Fail graciously when getting try data for NULL state
    - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
    - scsi: core: Restrict legal sdev_state transitions via sysfs
    - HID: saitek: add madcatz variant of MMO7 mouse device ID
    - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
    - i2c: xiic: Add platform module alias
    - efi/tpm: Pass correct address to memblock_reserve
    - clk: qcom: Update the force mem core bit for GPU clocks
    - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
    - arm64: dts: imx8: correct clock order
    - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers
    - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers
    - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers
    - block: Fix possible memory leak for rq_wb on add_disk failure
    - firmware: arm_scmi: Suppress the driver's bind attributes
    - firmware: arm_scmi: Make Rx chan_setup fail on memory errors
    - firmware: arm_scmi: Fix devres allocation device in virtio transport
    - arm64: dts: juno: Add thermal critical trip points
    - i2c: piix4: Fix adapter not be removed in piix4_remove()
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - af_unix: Fix memory leaks of the whole sk due to OOB skb.
    - fscrypt: stop using keyrings subsystem for fscrypt_master_key
    - fscrypt: fix keyring memory leak on mount failure
    - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb
    - btrfs: fix tree mod log mishandling of reallocated nodes
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - ftrace: Fix use-after-free for dynamic ftrace_ops
    - tcp/udp: Make early_demux back namespacified.
    - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
    - kprobe: reverse kp->flags when arm_kprobe failed
    - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
    - tools/nolibc/string: Fix memcmp() implementation
    - tracing/histogram: Update document for KEYS_MAX size
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - fuse: add file_modified() to fallocate
    - efi: random: reduce seed size to 32 bytes
    - efi: random: Use 'ACPI reclaim' memory for random seed
    - arm64: entry: avoid kprobe recursion
    - perf/x86/intel: Fix pebs event constraints for ICL
    - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    - perf/x86/intel: Fix pebs event constraints for SPR
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - parisc: Avoid printing the hardware path twice
    - ext4: fix warning in 'ext4_da_release_space'
    - ext4: fix BUG_ON() when directory entry has invalid rec_len
    - x86/syscall: Include asm/ptrace.h in syscall_wrapper header
    - KVM: x86: Mask off reserved bits in CPUID.80000006H
    - KVM: x86: Mask off reserved bits in CPUID.8000001AH
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: Mask off reserved bits in CPUID.80000001H
    - KVM: x86: Mask off reserved bits in CPUID.8000001FH
    - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable
    - KVM: arm64: Fix bad dereference on MTE-enabled systems
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after rsm
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - tee: Fix tee_shm_register() for kernel TEE drivers
    - ext4,f2fs: fix readahead of verity data
    - cifs: fix regression in very old smb1 mounts
    - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
    - drm/rockchip: dsi: Force synchronous probe
    - drm/i915/sdvo: Filter out invalid outputs more sensibly
    - drm/i915/sdvo: Setup DDC fully before output init
    - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    - Linux 5.15.78
  * Fix AMD-PState driver for Genoa CPU (LP: #1998106)
    - Documentation: amd-pstate: add tracer tool introduction
    - Documentation: amd-pstate: grammar and sentence structure updates
    - Documentation: amd-pstate: Add unit test introduction
    - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at
      init
    - cpufreq: amd-pstate: change amd-pstate driver to be built-in type
    - cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
    - Documentation: amd-pstate: add driver working mode introduction
    - Documentation: add amd-pstate kernel command line options
  * Mediatek WLAN RZ616(MT7922) SAR table control (LP: #1997200)
    - mt76: mt7921: add .set_sar_specs support
    - mt76: add 6 GHz band support in mt76_sar_freq_ranges
    - mt76: mt7921: introduce ACPI SAR support
    - mt76: connac: add support for limiting to maximum regulatory Tx power
    - mt76: move sar utilities to mt76-core module
    - mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in
      mt7921_config
    - mt76: mt7921: introduce ACPI SAR config in tx power
    - wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
  * [22.04/Jammy] Replace SAUCE AMD DP tunneling patch by upstream version
    (LP: #1989944)
    - Revert "UBUNTU: SAUCE: thunderbolt: Add DP out resource when DP tunnel is
      discovered."
    - thunderbolt: Add DP OUT resource when DP tunnel is discovered
  * Jammy update: v5.15.77 upstream stable release (LP: #1997981)
    - NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
    - NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
    - can: j1939: transport: j1939_session_skb_drop_old():
      spin_unlock_irqrestore() before kfree_skb()
    - can: kvaser_usb: Fix possible completions during init_completion
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600
    - ALSA: au88x0: use explicitly signed char
    - ALSA: rme9652: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: gadget: uvc: fix sg handling in error case
    - usb: gadget: uvc: fix sg handling during video encode
    - usb: dwc3: gadget: Stop processing more requests on IMI
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - mtd: rawnand: marvell: Use correct logic for nand-keep-config
    - xhci: Add quirk to reset host back to default state at shutdown
    - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - iio: temperature: ltc2983: allocate iio channels once
    - iio: adxl372: Fix unsafe buffer attributes
    - fbdev: smscufx: Fix several use-after-free bugs
    - cpufreq: intel_pstate: Read all MSRs on the target CPU
    - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
    - fs/binfmt_elf: Fix memory leak in load_elf_binary()
    - exec: Copy oldsighand->action under spin-lock
    - mac802154: Fix LQI recording
    - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
    - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume
    - drm/msm/dsi: fix memory corruption with too many bridges
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - drm/msm/dp: fix IRQ lifetime
    - coresight: cti: Fix hang in cti_disable_hw()
    - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
    - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
    - counter: microchip-tcb-capture: Handle Signal1 read and Synapse
    - kernfs: fix use-after-free in __kernfs_remove
    - pinctrl: Ingenic: JZ4755 bug fixes
    - ARC: mm: fix leakage of memory allocated for PTE
    - perf auxtrace: Fix address filter symbol name match for modules
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - s390/pci: add missing EX_TABLE entries to
      __pcistg_mio_inuser()/__pcilg_mio_inuser()
    - Revert "scsi: lpfc: Resolve some cleanup issues following SLI path
      refactoring"
    - Revert "scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()"
    - Revert "scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()"
    - Revert "scsi: lpfc: SLI path split: Refactor SCSI paths"
    - Revert "scsi: lpfc: SLI path split: Refactor fast and slow paths to native
      SLI4"
    - Revert "scsi: lpfc: SLI path split: Refactor lpfc_iocbq"
    - mmc: block: Remove error check of hw_reset on reset
    - ethtool: eeprom: fix null-deref on genl_info in dump
    - net: ieee802154: fix error return code in dgram_bind()
    - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    - media: atomisp: prevent integer overflow in sh_css_set_black_frame()
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - KVM: selftests: Fix number of pages for memory slot in
      memslot_modification_stress_test
    - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
    - perf: Fix missing SIGTRAPs
    - sched/core: Fix comparison in sched_group_cookie_match()
    - arc: iounmap() arg is volatile
    - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe()
    - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
    - tipc: fix a null-ptr-deref in tipc_topsrv_accept
    - net: netsec: fix error handling in netsec_register_mdio()
    - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
    - net: hinic: fix memory leak when reading function table
    - net: hinic: fix the issue of CMDQ memory leaks
    - net: hinic: fix the issue of double release MBOX callback of VF
    - net: macb: Specify PHY PM management done by MAC
    - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - drm/i915/dp: Reset frl trained flag before restarting FRL training
    - atlantic: fix deadlock at aq_nic_stop
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: minor optimization in tcp_add_backlog()
    - tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - net-memcg: avoid stalls when under memory pressure
    - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - media: vivid: set num_in/outputs to 0 if not supported
    - perf vendor events power10: Fix hv-24x7 metric events
    - ipv6: ensure sane device mtu in tunnels
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix VF hang when reset is triggered on another VF
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics
    - net: fec: limit register access on i.MX6UL
    - net: ethernet: ave: Fix MAC to be in charge of PHY PM
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_register_port()
    - net: bcmsysport: Indicate MAC is in charge of PHY PM
    - nh: fix scope used to find saddr when adding non gw nh
    - net: broadcom: bcm4908enet: remove redundant variable bytes
    - net: broadcom: bcm4908_enet: update TX stats after actual transmission
    - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir
      failed
    - net/mlx5e: Do not increment ESN when updating IPsec ESN state
    - net/mlx5e: Extend SKB room check to include PTP-SQ
    - net/mlx5: Fix possible use-after-free in async command interface
    - net/mlx5: Print more info on pci error handlers
    - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover
    - net/mlx5: Fix crash during sync firmware reset
    - net: do not sense pfmemalloc status in skb_append_pagefrags()
    - kcm: do not sense pfmemalloc status in kcm_sendpage()
    - net: enetc: survive memory pressure without crashing
    - arm64: Add AMPERE1 to the Spectre-BHB affected list
    - scsi: sd: Revert "scsi: sd: Remove a local variable"
    - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L
    - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global
      FIFO receive
    - serial: core: move RS485 configuration tasks from drivers into core
    - serial: Deassert Transmit Enable on probe in driver-specific way
    - Linux 5.15.77
  * RCU stalls (LP: #1991951)
    - [Config] Harmonize RCU_CPU_STALL_TIMEOUT
  * Jammy update: v5.15.76 upstream stable release (LP: #1997113)
    - r8152: add PID for the Lenovo OneLink+ Dock
    - arm64/mm: Consolidate TCR_EL1 fields
    - usb: gadget: uvc: consistently use define for headerlen
    - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg
    - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer
    - usb: gadget: uvc: giveback vb2 buffer on req complete
    - usb: gadget: uvc: improve sg exit condition
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - perf/x86/intel/pt: Relax address filter validation
    - btrfs: enhance unsupported compat RO flags handling
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
    - cpufreq: qcom: fix writes in read-only memory region
    - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - hwmon/coretemp: Handle large core ID value
    - ata: ahci-imx: Fix MODULE_ALIAS
    - x86/resctrl: Fix min_cbm_bits for AMD
    - cpufreq: qcom: fix memory leak in error path
    - drm/amdgpu: fix sdma doorbell init ordering on APUs
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - kvm: Add support for arch compat vm ioctls
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - media: ipu3-imgu: Fix NULL pointer dereference in active selection access
    - media: mceusb: set timeout to at least timeout provided
    - media: venus: dec: Handle the case where find_format fails
    - x86/topology: Fix multiple packages shown on a single-package system
    - x86/topology: Fix duplicated core ID within a package
    - btrfs: fix processing of delayed data refs during backref walking
    - btrfs: fix processing of delayed tree block refs during backref walking
    - drm/vc4: Add module dependency on hdmi-codec
    - ACPI: extlog: Handle multiple records
    - tipc: Fix recognition of trial period
    - tipc: fix an information leak in tipc_topsrv_kern_subscr
    - i40e: Fix DMA mappings leak
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - sfc: Change VF mac via PF as first preference if available.
    - net/atm: fix proc_mpc_write incorrect return value
    - net: phy: dp83867: Extend RX strap quirk for SGMII mode
    - net: phylink: add mac_managed_pm in phylink_config structure
    - scsi: lpfc: Fix memory leak in lpfc_create_port()
    - udp: Update reuse->has_conns under reuseport_lock.
    - cifs: Fix xid leak in cifs_create()
    - cifs: Fix xid leak in cifs_copy_file_range()
    - cifs: Fix xid leak in cifs_flock()
    - cifs: Fix xid leak in cifs_ses_add_channel()
    - dm: remove unnecessary assignment statement in alloc_dev()
    - net: hsr: avoid possible NULL deref in skb_clone()
    - ionic: catch NULL pointer issue on reconfig
    - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements
    - nvme-hwmon: consistently ignore errors from nvme_hwmon_init
    - nvme-hwmon: kmalloc the NVME SMART log buffer
    - nvmet: fix workqueue MEM_RECLAIM flushing dependency
    - net: sched: cake: fix null pointer access issue when cake_init() fails
    - net: sched: delete duplicate cleanup of backlog and qlen
    - net: sched: sfb: fix null pointer access issue when sfb_init() fails
    - sfc: include vport_id in filter spec hash and equal()
    - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
    - net: hns: fix possible memory leak in hnae_ae_register()
    - net: sched: fix race condition in qdisc_graft()
    - net: phy: dp83822: disable MDI crossover status change interrupt
    - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - fs: dlm: fix invalid derefence of sb_lvbptr
    - arm64: mte: move register initialization to C
    - ksmbd: handle smb2 query dir request for OutputBufferLength that is too
      small
    - ksmbd: fix incorrect handling of iterate_dir
    - tracing: Simplify conditional compilation code in tracing_set_tracer()
    - tracing: Do not free snapshot if tracer is on cmdline
    - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
    - perf: Skip and warn on unknown format 'configN' attrs
    - ACPI: video: Force backlight native for more TongFang devices
    - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
    - Makefile.debug: re-enable debug info for .S files
    - mmc: core: Add SD card quirk for broken discard
    - mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    - Linux 5.15.76
  * UBSAN: array-index-out-of-bounds in
    /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41
    (LP: #1970074) // Jammy update: v5.15.76 upstream stable release
    (LP: #1997113)
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
  * Jammy update: v5.15.75 upstream stable release (LP: #1996825)
    - Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
    - ALSA: oss: Fix potential deadlock at unregistration
    - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    - ALSA: usb-audio: Fix potential memory leaks
    - ALSA: usb-audio: Fix NULL dererence at error path
    - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    - ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    - mtd: rawnand: atmel: Unmap streaming DMA mappings
    - io_uring/net: don't update msg_name if not provided
    - hv_netvsc: Fix race between VF offering and VF association message from host
    - cifs: destage dirty pages before re-reading them for cache=none
    - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    - iio: dac: ad5593r: Fix i2c read protocol requirements
    - iio: ltc2497: Fix reading conversion results
    - iio: adc: ad7923: fix channel readings for some variants
    - iio: pressure: dps310: Refactor startup procedure
    - iio: pressure: dps310: Reset chip after timeout
    - xhci: dbc: Fix memory leak in xhci_alloc_dbc()
    - usb: add quirks for Lenovo OneLink+ Dock
    - can: kvaser_usb: Fix use of uninitialized completion
    - can: kvaser_usb_leaf: Fix overread with an invalid command
    - can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    - can: kvaser_usb_leaf: Fix CAN state after restart
    - mmc: sdhci-sprd: Fix minimum clock limit
    - i2c: designware: Fix handling of real but unexpected device interrupts
    - fs: dlm: fix race between test_bit() and queue_work()
    - fs: dlm: handle -EBUSY first in lock arg validation
    - HID: multitouch: Add memory barriers
    - quota: Check next/prev free block number after reading from quota file
    - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
    - ASoC: wcd9335: fix order of Slimbus unprepare/disable
    - ASoC: wcd934x: fix order of Slimbus unprepare/disable
    - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
    - net: thunderbolt: Enable DMA paths only after rings are enabled
    - regulator: qcom_rpm: Fix circular deferral regression
    - arm64: topology: move store_cpu_topology() to shared code
    - riscv: topology: fix default topology reporting
    - RISC-V: Make port I/O string accessors actually work
    - parisc: fbdev/stifb: Align graphics memory size to 4MB
    - riscv: Make VM_WRITE imply VM_READ
    - riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
    - riscv: Pass -mno-relax only on lld < 15.0.0
    - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - nvmem: core: Fix memleak in nvmem_register()
    - nvme-multipath: fix possible hang in live ns resize with ANA access
    - nvme-pci: set min_align_mask before calculating max_hw_sectors
    - dmaengine: mxs: use platform_driver_register
    - drm/virtio: Check whether transferred 2D BO is shmem
    - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
    - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
    - drm/udl: Restore display mode on resume
    - [Config] updateconfigs for ARM64_ERRATUM_2441007
    - arm64: errata: Add Cortex-A55 to the repeat tlbi list
    - mm/damon: validate if the pmd entry is present before accessing
    - mm/mmap: undo ->mmap() when arch_validate_flags() fails
    - xen/gntdev: Prevent leaking grants
    - xen/gntdev: Accommodate VMA splitting
    - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    - serial: 8250: Let drivers request full 16550A feature probing
    - serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices
    - powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
    - powerpc/boot: Explicitly disable usage of SPE instructions
    - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure
    - slimbus: qcom-ngd: cleanup in probe error path
    - scsi: qedf: Populate sysfs attributes for vport
    - gpio: rockchip: request GPIO mux to pinctrl when setting direction
    - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
    - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    - ksmbd: fix endless loop when encryption for response fails
    - ksmbd: Fix wrong return value and message length check in smb2_ioctl()
    - ksmbd: Fix user namespace mapping
    - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
    - btrfs: fix race between quota enable and quota rescan ioctl
    - btrfs: set generation before calling btrfs_clean_tree_block in
      btrfs_init_new_buffer
    - f2fs: complete checkpoints during remount
    - f2fs: flush pending checkpoints when freezing super
    - f2fs: increase the limit for reserve_root
    - f2fs: fix to do sanity check on destination blkaddr during recovery
    - f2fs: fix to do sanity check on summary info
    - hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
    - hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
    - jbd2: wake up journal waiters in FIFO order, not LIFO
    - jbd2: fix potential buffer head reference count leak
    - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
    - jbd2: add miss release buffer head in fc_do_one_pass()
    - ext4: avoid crash when inline data creation follows DIO write
    - ext4: fix null-ptr-deref in ext4_write_info
    - ext4: make ext4_lazyinit_thread freezable
    - ext4: fix check for block being out of directory size
    - ext4: don't increase iversion counter for ea_inodes
    - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
    - ext4: place buffer head allocation before handle start
    - ext4: fix dir corruption when ext4_dx_add_entry() fails
    - ext4: fix miss release buffer head in ext4_fc_write_inode
    - ext4: fix potential memory leak in ext4_fc_record_modified_inode()
    - ext4: fix potential memory leak in ext4_fc_record_regions()
    - ext4: update 'state->fc_regions_size' after successful memory allocation
    - livepatch: fix race between fork and KLP transition
    - ftrace: Properly unset FTRACE_HASH_FL_MOD
    - ring-buffer: Allow splice to read previous partially read pages
    - ring-buffer: Have the shortest_full queue be the shortest not longest
    - ring-buffer: Check pending waiters when doing wake ups as well
    - ring-buffer: Add ring_buffer_wake_waiters()
    - ring-buffer: Fix race between reset page and reading page
    - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    - tracing: Wake up ring buffer waiters on closing of the file
    - tracing: Wake up waiters when tracing is disabled
    - tracing: Add ioctl() to force ring buffer waiters to wake up
    - tracing: Move duplicate code of trace_kprobe/eprobe.c into header
    - tracing: Add "(fault)" name injection to kernel probes
    - tracing: Fix reading strings from synthetic events
    - thunderbolt: Explicitly enable lane adapter hotplug events at startup
    - efi: libstub: drop pointless get_memory_map() call
    - media: cedrus: Set the platform driver data earlier
    - media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
    - blk-wbt: call rq_qos_add() after wb_normal is initialized
    - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    - KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
    - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    - staging: greybus: audio_helper: remove unused and wrong debugfs usage
    - drm/nouveau/kms/nv140-: Disable interlacing
    - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    - drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
    - drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
    - drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
    - drm/amd/display: Fix vblank refcount in vrr transition
    - smb3: must initialize two ACL struct fields to zero
    - selinux: use "grep -E" instead of "egrep"
    - ima: fix blocking of security.ima xattrs of unsupported algorithms
    - userfaultfd: open userfaultfds with O_RDONLY
    - ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
    - thermal: cpufreq_cooling: Check the policy first in
      cpufreq_cooling_register()
    - sh: machvec: Use char[] for section boundaries
    - MIPS: SGI-IP27: Free some unused memory
    - MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
    - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
    - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    - objtool: Preserve special st_shndx indexes in elf_update_symbol
    - nfsd: Fix a memory leak in an error handling path
    - NFSD: Fix handling of oversized NFSv4 COMPOUND requests
    - wifi: rtlwifi: 8192de: correct checking of IQK reload
    - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    - leds: lm3601x: Don't use mutex after it was destroyed
    - bpf: Fix reference state management for synchronous callbacks
    - wifi: mac80211: allow bw change during channel switch in mesh
    - bpftool: Fix a wrong type cast in btf_dumper_int
    - spi: mt7621: Fix an error message in mt7621_spi_probe()
    - x86/resctrl: Fix to restore to original value when re-enabling hardware
      prefetch register
    - xsk: Fix backpressure mechanism on Tx
    - bpf: Disable preemption when increasing per-cpu map_locked
    - bpf: Propagate error from htab_lock_bucket() to userspace
    - bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
    - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
    - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    - wifi: rtw88: add missing destroy_workqueue() on error path in
      rtw_core_init()
    - selftests/xsk: Avoid use-after-free on ctx
    - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    - spi: qup: add missing clk_disable_unprepare on error in
      spi_qup_pm_resume_runtime()
    - wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    - spi: meson-spicc: do not rely on busy flag in pow2 clk ops
    - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
    - wifi: mt76: sdio: fix transmitting packet hangs
    - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
      mt7615_sta_set_decap_offload
    - wifi: mt76: mt7915: do not check state before configuring implicit beamform
    - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
    - net: fs_enet: Fix wrong check in do_pd_setup
    - bpf: Ensure correct locking around vulnerable function find_vpid()
    - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
    - netfilter: conntrack: fix the gc rescheduling delay
    - netfilter: conntrack: revisit the gc initial rescheduling bias
    - wifi: ath11k: fix number of VHT beamformee spatial streams
    - x86/microcode/AMD: Track patch allocation size explicitly
    - x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
    - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
    - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    - skmsg: Schedule psock work if the cached skb exists on the psock
    - i2c: mlxbf: support lock mechanism
    - Bluetooth: hci_core: Fix not handling link timeouts propertly
    - xfrm: Reinject transport-mode packets through workqueue
    - netfilter: nft_fib: Fix for rpath check with VRF devices
    - spi: s3c64xx: Fix large transfers with DMA
    - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
    - vhost/vsock: Use kvmalloc/kvfree for larger packets.
    - eth: alx: take rtnl_lock on resume
    - sctp: handle the error returned from sctp_auth_asoc_init_active_key
    - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    - spi: Ensure that sg_table won't be used after being freed
    - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
      controller
    - net: rds: don't hold sock lock when cancelling work from
      rds_tcp_reset_callbacks()
    - bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    - net: wwan: iosm: Call mutex_init before locking it
    - net/ieee802154: reject zero-sized raw_sendmsg()
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - net: mvpp2: fix mvpp2 debugfs leak
    - drm: bridge: adv7511: fix CEC power down control register offset
    - drm: bridge: adv7511: unregister cec i2c device after cec adapter
    - drm/bridge: Avoid uninitialized variable warning
    - drm/mipi-dsi: Detach devices when removing the host
    - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
    - drm/bridge: parade-ps8640: Fix regulator supply order
    - drm/dp_mst: fix drm_dp_dpcd_read return value checks
    - drm:pl111: Add of_node_put() when breaking out of
      for_each_available_child_of_node()
    - ASoC: mt6359: fix tests for platform_get_irq() failure
    - platform/chrome: fix double-free in chromeos_laptop_prepare()
    - platform/chrome: fix memory corruption in ioctl
    - ASoC: tas2764: Allow mono streams
    - ASoC: tas2764: Drop conflicting set_bias_level power setting
    - ASoC: tas2764: Fix mute/unmute
    - platform/x86: msi-laptop: Fix old-ec check for backlight registering
    - platform/x86: msi-laptop: Fix resource cleanup
    - platform/chrome: cros_ec_typec: Correct alt mode index
    - drm/amdgpu: add missing pci_disable_device() in
      amdgpu_pmops_runtime_resume()
    - drm/bridge: megachips: Fix a null pointer dereference bug
    - ASoC: rsnd: Add check for rsnd_mod_power_on
    - ALSA: hda: beep: Simplify keep-power-at-enable behavior
    - drm/bochs: fix blanking
    - drm/omap: dss: Fix refcount leak bugs
    - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
    - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
    - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
    - ASoC: codecs: tx-macro: fix kcontrol put
    - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
    - ALSA: dmaengine: increment buffer pointer atomically
    - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
    - ALSA: hda/hdmi: Don't skip notification handling during PM operation
    - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    - memory: of: Fix refcount leak bug in of_get_ddr_timings()
    - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
    - locks: fix TOCTOU race when granting write lease
    - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    - soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
    - ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    - ARM: dts: kirkwood: lsxl: fix serial line
    - ARM: dts: kirkwood: lsxl: remove first ethernet port
    - ia64: export memory_add_physaddr_to_nid to fix cxl build error
    - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
    - arm64: dts: ti: k3-j7200: fix main pinmux range
    - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    - ARM: Drop CMDLINE_* dependency on ATAGS
    - ext4: don't run ext4lazyinit for read-only filesystems
    - arm64: ftrace: fix module PLTs with mcount
    - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    - iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
    - iio: inkern: only release the device node when done with it
    - iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
    - iio: ABI: Fix wrong format of differential capacitance channel ABI.
    - iio: magnetometer: yas530: Change data type of hard_offsets to signed
    - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
    - usb: common: debug: Check non-standard control requests
    - clk: meson: Hold reference returned by of_get_parent()
    - clk: oxnas: Hold reference returned by of_get_parent()
    - clk: qoriq: Hold reference returned by of_get_parent()
    - clk: berlin: Add of_node_put() for of_get_parent()
    - clk: sprd: Hold reference returned by of_get_parent()
    - clk: tegra: Fix refcount leak in tegra210_clock_init
    - clk: tegra: Fix refcount leak in tegra114_clock_init
    - clk: tegra20: Fix refcount leak in tegra20_clock_init
    - HSI: omap_ssi: Fix refcount leak in ssi_probe
    - HSI: omap_ssi_port: Fix dma_map_sg error check
    - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    - tty: xilinx_uartps: Fix the ignore_status
    - media: meson: vdec: add missing clk_disable_unprepare on error in
      vdec_hevc_start()
    - media: uvcvideo: Fix memory leak in uvc_gpio_parse
    - media: uvcvideo: Use entity get_cur in uvc_ctrl_set
    - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    - RDMA/rxe: Fix "kernel NULL pointer dereference" error
    - RDMA/rxe: Fix the error caused by qp->sk
    - misc: ocxl: fix possible refcount leak in afu_ioctl()
    - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
    - dmaengine: hisilicon: Disable channels when unregister hisi_dma
    - dmaengine: hisilicon: Fix CQ head update
    - dmaengine: hisilicon: Add multi-thread support for a DMA channel
    - dyndbg: fix static_branch manipulation
    - dyndbg: fix module.dyndbg handling
    - dyndbg: let query-modname override actual module name
    - dyndbg: drop EXPORTed dynamic_debug_exec_queries
    - clk: qcom: sm6115: Select QCOM_GDSC
    - mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by
      of_get_parent()
    - phy: phy-mtk-tphy: fix the phy type setting issue
    - mtd: rawnand: intel: Read the chip-select line from the correct OF node
    - mtd: rawnand: intel: Remove undocumented compatible string
    - mtd: rawnand: fsl_elbc: Fix none ECC mode
    - RDMA/irdma: Align AE id codes to correct flush code and event
    - RDMA/srp: Fix srp_abort()
    - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    - RDMA/siw: Fix QP destroy to wait for all references dropped.
    - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    - ata: fix ata_id_has_devslp()
    - ata: fix ata_id_has_ncq_autosense()
    - ata: fix ata_id_has_dipm()
    - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    - md/raid5: Ensure stripe_fill happens on non-read IO with journal
    - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
    - RDMA/cm: Use SLID in the work completion as the DLID in responder side
    - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
    - xhci: Don't show warning for reinit on known broken suspend
    - usb: gadget: function: fix dangling pnp_string in f_printer.c
    - drivers: serial: jsm: fix some leaks in probe
    - serial: 8250: Toggle IER bits on only after irq has been set up
    - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    - phy: qualcomm: call clk_disable_unprepare in the error handling
    - staging: vt6655: fix some erroneous memory clean-up loops
    - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON
    - firmware: google: Test spinlock on panic path to avoid lockups
    - serial: 8250: Fix restoring termios speed after suspend
    - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    - scsi: iscsi: Rename iscsi_conn_queue_work()
    - scsi: iscsi: Add recv workqueue helpers
    - scsi: iscsi: Run recv path from workqueue
    - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
    - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
    - clk: qcom: gcc-sm6115: Override default Alpha PLL regs
    - RDMA/rxe: Fix resize_finish() in rxe_queue.c
    - fsi: core: Check error number after calling ida_simple_get
    - mfd: intel_soc_pmic: Fix an error handling path in
      intel_soc_pmic_i2c_probe()
    - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    - mfd: lp8788: Fix an error handling path in lp8788_probe()
    - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
      lp8788_irq_init()
    - mfd: fsl-imx25: Fix check for platform_get_irq() errors
    - mfd: sm501: Add check for platform_driver_register()
    - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
      __cleanup()
    - usb: mtu3: fix failed runtime suspend in host only mode
    - spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
    - clk: baikal-t1: Fix invalid xGMAC PTP clock divider
    - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
    - clk: baikal-t1: Add SATA internal ref clock buffer
    - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    - clk: imx: scu: fix memleak on platform_device_add() fails
    - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    - clk: ast2600: BCLK comes from EPLL
    - mailbox: mpfs: fix handling of the reg property
    - mailbox: mpfs: account for mbox offsets while sending
    - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
    - powerpc/math_emu/efp: Include module.h
    - powerpc/sysdev/fsl_msi: Add missing of_node_put()
    - powerpc/pci_dn: Add missing of_node_put()
    - powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    - powerpc: Fix fallocate and fadvise64_64 compat parameter combination
    - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    - powerpc: Fix SPE Power ISA properties for e500v1 platforms
    - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
    - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
    - crypto: sahara - don't sleep when in softirq
    - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
    - hwrng: arm-smccc-trng - fix NO_ENTROPY handling
    - cgroup: Honor caller's cgroup NS when resolving path
    - hwrng: imx-rngc - Moving IRQ handler registering after
      imx_rngc_irq_mask_clear()
    - crypto: qat - fix default value of WDT timer
    - crypto: hisilicon/qm - fix missing put dfx access
    - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    - iommu/omap: Fix buffer overflow in debugfs
    - crypto: akcipher - default implementation for setting a private key
    - crypto: ccp - Release dma channels before dmaengine unrgister
    - crypto: inside-secure - Change swab to swab32
    - crypto: qat - fix DMA transfer direction
    - cifs: return correct error in ->calc_signature()
    - iommu/iova: Fix module config properly
    - tracing: kprobe: Fix kprobe event gen test module on exit
    - tracing: kprobe: Make gen test module work in arm and riscv
    - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads
    - kbuild: remove the target in signal traps when interrupted
    - kbuild: rpm-pkg: fix breakage when V=1 is used
    - crypto: marvell/octeontx - prevent integer overflows
    - crypto: cavium - prevent integer overflow loading firmware
    - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
    - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
    - f2fs: fix race condition on setting FI_NO_EXTENT flag
    - f2fs: fix to account FS_CP_DATA_IO correctly
    - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
    - fs: dlm: fix race in lowcomms
    - rcu: Avoid triggering strict-GP irq-work when RCU is idle
    - rcu: Back off upon fill_page_cache_func() allocation failure
    - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
    - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address
    - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
    - MIPS: BCM47XX: Cast memcmp() of function to (void *)
    - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to
      avoid crash
    - ARM: decompressor: Include .data.rel.ro.local
    - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
    - x86/entry: Work around Clang __bdos() bug
    - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    - NFSD: fix use-after-free on source server when doing inter-server copy
    - wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    - bpftool: Clear errno after libcap's checks
    - ice: set tx_tstamps when creating new Tx rings via ethtool
    - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
    - openvswitch: Fix double reporting of drops in dropwatch
    - openvswitch: Fix overreporting of drops in dropwatch
    - tcp: annotate data-race around tcp_md5sig_pool_populated
    - x86/mce: Retrieve poison range from hardware
    - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround
    - xfrm: Update ipcomp_scratches with NULL when freed
    - iavf: Fix race between iavf_close and iavf_reset_task
    - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
    - regulator: core: Prevent integer underflow
    - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
    - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    - can: bcm: check the result of can_send() in bcm_can_tx()
    - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    - wifi: rt2x00: set VGC gain for both chains of MT7620
    - wifi: rt2x00: set SoC wmac clock register
    - wifi: rt2x00: correctly set BBP register 86 for MT7620
    - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
    - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    - Bluetooth: L2CAP: Fix user-after-free
    - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    - drm: Use size_t type for len variable in drm_copy_field()
    - drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook
    - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
    - drm/amd/display: fix overflow on MIN_I64 definition
    - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
    - drm: bridge: dw_hdmi: only trigger hotplug event on link change
    - ALSA: usb-audio: Register card at the last interface
    - drm/vc4: vec: Fix timings for VEC modes
    - drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    - platform/chrome: cros_ec: Notify the PM of wake events during resume
    - platform/x86: msi-laptop: Change DMI match / alias strings to fix module
      autoloading
    - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
    - drm/amdgpu: fix initial connector audio value
    - drm/meson: reorder driver deinit sequence to fix use-after-free bug
    - drm/meson: explicitly remove aggregate driver at module unload time
    - mmc: sdhci-msm: add compatible string check for sdm670
    - drm/dp: Don't rewrite link config when setting phy test pattern
    - drm/amd/display: Remove interface for periodic interrupt 1
    - ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    - ARM: dts: imx6q: add missing properties for sram
    - ARM: dts: imx6dl: add missing properties for sram
    - ARM: dts: imx6qp: add missing properties for sram
    - ARM: dts: imx6sl: add missing properties for sram
    - ARM: dts: imx6sll: add missing properties for sram
    - ARM: dts: imx6sx: add missing properties for sram
    - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
    - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
    - btrfs: dump extra info if one free space cache has more bitmaps than it
      should
    - btrfs: scrub: try to fix super block errors
    - btrfs: don't print information about space cache or tree every remount
    - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
    - clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    - media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc
    - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    - usb: host: xhci-plat: suspend and resume clocks
    - usb: host: xhci-plat: suspend/resume clks for brcm
    - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
    - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to
      identity
    - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    - staging: vt6655: fix potential memory leak
    - blk-throttle: prevent overflow while calculating wait time
    - ata: libahci_platform: Sanity check the DT child nodes number
    - bcache: fix set_at_max_writeback_rate() for multiple attached devices
    - soundwire: cadence: Don't overwrite msg->buf during write commands
    - soundwire: intel: fix error handling on dai registration issues
    - HID: roccat: Fix use-after-free in roccat_read()
    - eventfd: guard wake_up in eventfd fs calls as well
    - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    - usb: musb: Fix musb_gadget.c rxstate overflow bug
    - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
    - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after
      resume bug
    - Revert "usb: storage: Add quirk for Samsung Fit flash"
    - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
    - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    - scsi: tracing: Fix compile error in trace_array calls when TRACING is
      disabled
    - ext2: Use kvmalloc() for group descriptor array
    - nvme: copy firmware_rev on each init
    - nvmet-tcp: add bounds check on Transfer Tag
    - usb: idmouse: fix an uninit-value in idmouse_open
    - clk: bcm2835: Make peripheral PLLC critical
    - clk: bcm2835: Round UART input clock up
    - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    - io_uring: correct pinned_vm accounting
    - io_uring/rw: fix short rw error handling
    - io_uring/rw: fix error'ed retry return values
    - io_uring/rw: fix unexpected link breakage
    - mm: hugetlb: fix UAF in hugetlb_handle_userfault
    - net: ieee802154: return -EINVAL for unknown addr type
    - ALSA: usb-audio: Fix last interface check for registration
    - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
    - [Config] updateconfigs for MDIO_BITBANG
    - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
    - Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    - net/ieee802154: don't warn zero-sized raw_sendmsg()
    - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
    - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
    - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
    - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
    - [Config] updateconfigs for AS_HAS_NON_CONST_LEB128
    - ext4: continue to expand file system when the target size doesn't reach
    - thermal: intel_powerclamp: Use first online CPU as control_cpu
    - gcov: support GCC 12.1 and newer compilers
    - io-wq: Fix memory leak in worker creation
    - Linux 5.15.75
  * [SRU] Ubuntu 22.04 - NVMe TCP - Host fails to reconnect to target after
    link down/link up sequence (LP: #1989990)
    - nvme-fabrics: parse nvme connect Linux error codes
    - nvme-tcp: handle number of queue changes
    - nvme-rdma: handle number of queue changes
    - nvmet: expose max queues to configfs

-- Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>  Mon, 23 Jan 2023 12:46:01 -0800

Changed in linux-gcp (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-gcp package