Bug #1953334 “[UBUNTU 20.04] KVM hardware diagnose data improvem...” : Impish (21.10) : Bugs : linux package : Ubuntu

bugproxy (bugproxy) on 2021-12-06

tags:	added: architecture-s39064 bugnameltc-195465 severity-high targetmilestone-inin2004
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2021-12-06

Changed in ubuntu-z-systems:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
importance:	Undecided → High

Revision history for this message

bugproxy (bugproxy) wrote on 2021-12-06: 0001-s390-setup-diag-318-refactor-struct Applied directly from upstream

#1

0001-s390-setup-diag-318-refactor-struct Applied directly from upstream Edit (1.8 KiB, text/plain)

------- Comment on attachment From <email address hidden> 2021-12-06 10:42 EDT-------

Re-attaching Collin's Patch as 'external' for sharing with Canonical

Revision history for this message

bugproxy (bugproxy) wrote on 2021-12-06: 0002-s390-kvm-diagnose-0x318-sync-and-reset backported from commit 23a60f834406c8e3805328b630d09d5546b460c1

#2

0002-s390-kvm-diagnose-0x318-sync-and-reset backported from commit 23a60f834406c8e3805328b630d09d5546b460c1 Edit (6.4 KiB, application/mbox)

------- Comment on attachment From <email address hidden> 2021-12-06 10:49 EDT-------

Comment: Re-attaching Collin's Patch (#2 of 4) as 'external' for sharing with Canonical

Revision history for this message

bugproxy (bugproxy) wrote on 2021-12-06: 0003-KVM-s390-remove-diag318-reset-code Applied directly from upstream

#3

0003-KVM-s390-remove-diag318-reset-code Applied directly from upstream Edit (1.5 KiB, text/plain)

------- Comment on attachment From <email address hidden> 2021-12-06 10:51 EDT-------

Comment: Re-attaching Collin's Patch (#3 of 4) as 'external' for sharing with Canonical

Revision history for this message

bugproxy (bugproxy) wrote on 2021-12-06: 0004-KVM-s390-add-debug-statement-for-diag-318-CPNC-data Applied directly from upstream

#4

0004-KVM-s390-add-debug-statement-for-diag-318-CPNC-data Applied directly from upstream Edit (1.6 KiB, text/plain)

------- Comment on attachment From <email address hidden> 2021-12-06 10:53 EDT-------

Comment: Re-attaching Collin's Patch (#4 of 4) as 'external' for sharing with Canonical

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-12-06 (last edit on 2021-12-07):

#5

I kicked-off a test kernel build with the above patches:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1953334
First of all the test kernel compile completed successfully.

But reading LP#1953338 one question is now whether any Extended-Length SCCB patches are required for full functionality on top of kernel 5.4 as well or not?

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-12-07:

#6

For focal SRUs we must ensure that all requested patches are also included in all versions newer than focal - this is to avoid any regressions that may occur after upgrades.

Hence I had to look-up the situation of the patches not only in focal (where the four backports apply cleanly), but also on hirsute (5.11), impish (5.13) and jammy (5.15) - and when the commits got upstream accepted.
1) a23816f3cdcb "s390/setup: diag 318: refactor struct" is upstream with v5.10-rc1 and newer
2) 23a60f834406 "s390/kvm: diagnose 0x318 sync and reset" is upstream with v5.10-rc1 and newer
3) 6cbf1e960fa5 "KVM: s390: remove diag318 reset code" is upstream with v5.10-rc6 and newer
4) but 3fd8417f2c72 "KVM: s390: add debug statement for diag 318 CPNC data" was just recently upstream accepted with v5.16-rc1 and newer.

Hence first three commits are already in hirsute, impish and jammy, BUT the last one is not, and needs to be applied on hirsute, impish and jammy on top of the work on focal.
I'm glad to see that 3fd8417f2c72 can be cleanly cherry-picked from hirsute, impish and jammy.

Frank Heimes (fheimes) on 2021-12-07

description:

updated

Frank Heimes (fheimes) on 2021-12-07

summary:	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - - kernel part + (diag 318)
summary:	[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - (diag 318) + - kernel part

Revision history for this message

Frank Heimes (fheimes) wrote on 2021-12-07:

#7

SRU request submitted to the Ubuntu kernel team mailing list for impish, hirsute and focal:
https://lists.ubuntu.com/archives/kernel-team/2021-December/thread.html#126349
Changing status to 'In Progress' for impish, hirsute and focal - jammy patch requested on top.

Changed in ubuntu-z-systems:
status:	New → In Progress
Changed in linux (Ubuntu Focal):
status:	New → In Progress
Changed in linux (Ubuntu Hirsute):
status:	New → In Progress
Changed in linux (Ubuntu Impish):
status:	New → In Progress
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
assignee:	Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Impish):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Hirsute):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)
Changed in linux (Ubuntu Focal):
assignee:	nobody → Canonical Kernel Team (canonical-kernel-team)

Kleber Sacilotto de Souza (kleber-souza) on 2021-12-15

Changed in linux (Ubuntu Impish):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Hirsute):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-06:

#8

This bug is awaiting verification that the linux/5.13.0-24.24 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-impish

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-12:

#9

This bug is awaiting verification that the linux/5.11.0-47.52 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-hirsute' to 'verification-done-hirsute'. If the problem still exists, change the tag 'verification-needed-hirsute' to 'verification-failed-hirsute'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-hirsute

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-19:

#10

This bug is awaiting verification that the linux/5.4.0-97.110 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Kelsey Steele (kelsey-steele) wrote on 2022-01-25:

#11

Hi Frank, may you please verify this bug is resolved on the focal/hirsute/impish kernels in -proposed? Appreciate your help!

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-25:

#12

Hello Kelsey, sorry for the delay, I've noticed this verification request, but for verifying this another package based on LP#1953338 is needed, which became just available since yesterday.
Now with having both, a verification will be done soon-ish ...

Frank Heimes (fheimes) on 2022-01-25

description:

updated

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-25:

#13

test_focal.txt Edit (3.0 KiB, text/plain)

Frank Heimes (fheimes) on 2022-01-25

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed
Changed in ubuntu-z-systems:
status:	In Progress → Fix Committed

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-25:

#14

for jammy it's incl. in kernel 5.15.0-18.18

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-26:

#15

Collin just confirmed that my results show the proper verification (and that the 'cpnc to 0' can happen on top). Hence adjusting the tags accordingly ...

tags:

added: verification-done-focal verification-done-hirsute verification-done-impish
removed: verification-needed-focal verification-needed-hirsute verification-needed-impish

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-27:

#16

This bug was fixed in the package linux - 5.15.0-18.18

---------------
linux (5.15.0-18.18) jammy; urgency=medium

* jammy/linux: 5.15.0-18.18 -proposed tracker (LP: #1958638)

* CVE-2021-4155
- xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate

* CVE-2022-0185
- SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

  * [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - KVM: s390: add debug statement for diag 318 CPNC data

  * OOB write on BPF_RINGBUF (LP: #1956585)
    - SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other
      than 0

  * Miscellaneous Ubuntu changes
    - [Config] re-enable shiftfs
    - [SAUCE] shiftfs: support kernel 5.15
    - [Config] update toolchain versions

* Miscellaneous upstream changes
- vfs: fs_context: fix up param length parsing in legacy_parse_param

-- Andrea Righi <email address hidden> Fri, 21 Jan 2022 13:32:27 +0100

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-31:

#17

Download full text (31.9 KiB)

This bug was fixed in the package linux - 5.4.0-97.110

---------------
linux (5.4.0-97.110) focal; urgency=medium

  * icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

  * Focal: CIFS stable updates (LP: #1954926)
    - cifs: use the expiry output of dns_query to schedule next resolution
    - cifs: set a minimum of 120s for next dns resolution
    - cifs: To match file servers, make sure the server hostname matches

  * seccomp_bpf in seccomp from ubuntu_kernel_selftests failed to build on B-5.4
    (LP: #1896420)
    - SAUCE: selftests/seccomp: fix "storage size of 'md' isn't known" build issue
    - SAUCE: selftests/seccomp: Fix s390x regs not defined issue

  * system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static

  * zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit

  * [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - s390/setup: diag 318: refactor struct
    - s390/kvm: diagnose 0x318 sync and reset
    - KVM: s390: remove diag318 reset code
    - KVM: s390: add debug statement for diag 318 CPNC data

* Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
- SAUCE: RDMA/core: Updated ib_peer_memory

  * Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface

  * Focal update: v5.4.162 upstream stable release (LP: #1954834)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix al...

This bug was fixed in the package linux - 5.4.0-97.110

---------------
linux (5.4.0-97.110) focal; urgency=medium

* icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

* Focal: CIFS stable updates (LP: #1954926)
    - cifs: use the expiry output of dns_query to schedule next resolution
    - cifs: set a minimum of 120s for next dns resolution
    - cifs: To match file servers, make sure the server hostname matches

* seccomp_bpf in seccomp from ubuntu_kernel_selftests failed to build on B-5.4
    (LP: #1896420)
    - SAUCE: selftests/seccomp: fix "storage size of 'md' isn't known" build issue
    - SAUCE: selftests/seccomp: Fix s390x regs not defined issue

* system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static

* zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit

* [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - s390/setup: diag 318: refactor struct
    - s390/kvm: diagnose 0x318 sync and reset
    - KVM: s390: remove diag318 reset code
    - KVM: s390: add debug statement for diag 318 CPNC data

* Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
    - SAUCE: RDMA/core: Updated ib_peer_memory

* Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface

* Focal update: v5.4.162 upstream stable release (LP: #1954834)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
    - powerpc/5200: dts: fix memory node unit name
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - f2fs: fix up f2fs_lookup tracepoints
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: math-emu: drop unused functions
    - sh: define __BIG_ENDIAN for math-emu
    - clk: ingenic: Fix bugs with divided dividers
    - clk/ast2600: Fix soc revision for AHB
    - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - tracing: Save normal string variables
    - tracing/histogram: Do not copy the fixed-size char array field over the
      field size
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - perf bpf: Avoid memory leak from perf_env__insert_btf()
    - perf bench futex: Fix memory leak of perf_cpu_map__new()
    - perf tests: Remove bash construct from record+zstd_comp_decomp.sh
    - net: bnx2x: fix variable dereferenced before check
    - iavf: check for null in iavf_fix_features
    - iavf: free q_vectors before queues in iavf_disable_vf
    - iavf: Fix failure to exit out from last all-multicast mode
    - iavf: prevent accidental free of filter structure
    - iavf: validate pointers
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - scsi: core: sysfs: Fix hang when device state is set via sysfs
    - net: sched: act_mirred: drop dst for the direction from egress to ingress
    - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix ping is lost after configuring ADq on VF
    - i40e: Fix creation of first queue by omitting it if is not power of two
    - i40e: Fix display error code in dmesg
    - NFC: reorganize the functions in nci_request
    - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
    - NFC: reorder the logic in nfc_{un,}register_device
    - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - s390/kexec: fix return code handling
    - arm64: vdso32: suppress error message for 'make mrproper'
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - ipc: WARN if trying to remove ipc object which is absent
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
    - s390/kexec: fix memory leak of ipl report buffer
    - udf: Fix crash after seekdir
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/udl: fix control-message timeout
    - drm/nouveau: use drm_dev_unplug() during device removal
    - drm/i915/dp: Ensure sink rate values are always valid
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - Revert "net: mvpp2: disable force link UP during port init procedure"
    - perf/core: Avoid put_page() when GUP fails
    - batman-adv: Consider fragmentation for needed_headroom
    - batman-adv: Reserve needed_*room for fragments
    - batman-adv: Don't always reallocate the fragmentation skb head
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - ice: Delete always true check of PF pointer
    - ALSA: hda: hdac_ext_stream: fix potential locking issues
    - ALSA: hda: hdac_stream: fix potential locking issue in
      snd_hdac_stream_assign()
    - Linux 5.4.162

* Focal update: v5.4.161 upstream stable release (LP: #1954828)
    - scsi: ufs: Fix interrupt error message for shared interrupts
    - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - scsi: ufs: Fix tm request when non-fatal error happens
    - fortify: Explicitly disable Clang support
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - PCI/MSI: Deal with devices lying about their MSI mask capability
    - PCI: Add MSI masking quirk for Nvidia ION AHCI
    - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
    - erofs: fix unsafe pagevec reuse of hooked pclusters
    - Linux 5.4.161

* Focal update: v5.4.160 upstream stable release (LP: #1953387)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
    - binder: use euid from cred instead of using task
    - binder: use cred instead of task for selinux checks
    - binder: use cred instead of task for getsecid
    - Input: iforce - fix control-message timeout
    - Input: elantench - fix misreporting trackpoint coordinates
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
    - scsi: qla2xxx: Fix use after free in eh_abort path
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - firmware/psci: fix application of sizeof to pointer
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - media: ite-cir: IR receiver stop working after receive overflow
    - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
    - media: v4l2-ioctl: Fix check_ext_ctrls
    - ALSA: hda/realtek: Add quirk for Clevo PC70HS
    - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
    - ALSA: hda/realtek: Add quirk for ASUS UX550VE
    - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 400
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - fuse: fix page stealing
    - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
    - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - cavium: Fix return values of the probe function
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
    - reset: socfpga: add empty driver allowing consumers to probe
    - mmc: winbond: don't build on M68K
    - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
    - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
    - bpf: Prevent increasing bpf_jit_limit above max
    - xen/netfront: stop tx queues during live migration
    - nvmet-tcp: fix a memory leak when releasing a queue
    - spi: spl022: fix Microwire full duplex mode
    - net: multicast: calculate csum of looped-back and forwarded packets
    - watchdog: Fix OMAP watchdog early handling
    - drm: panel-orientation-quirks: Add quirk for GPD Win3
    - nvmet-tcp: fix header digest verification
    - r8169: Add device 10ec:8162 to driver r8169
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
    - net/smc: Correct spelling mistake to TCPF_SYN_RECV
    - btrfs: clear MISSING device status bit in btrfs_close_one_device
    - btrfs: fix lost error handling when replaying directory deletes
    - btrfs: call btrfs_check_rw_degradable only if there is a missing device
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - rsi: fix occasional initialisation failure with BT coex
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - rsi: Fix module dev_oper_mode parameter description
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
    - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
    - can: j1939: j1939_can_recv(): ignore messages with invalid source address
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - serial: core: Fix initializing and restoring termios speed
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - PCI: pci-bridge-emul: Fix emulation of W1C bits
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Fix checking for link up via LTSSM state
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix reporting Data Link Layer Link Active
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - iio: dac: ad5446: Fix ad5622_write() return value
    - USB: serial: keyspan: fix memleak on probe errors
    - USB: iowarrior: fix control-message timeouts
    - USB: chipidea: fix interrupt deadlock
    - dma-buf: WARN on dmabuf release with pending attachments
    - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
    - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
    - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - drm/panel-orientation-quirks: add Valve Steam Deck
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - net: sched: update default qdisc visibility after Tx queue cnt changes
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - ath10k: high latency fixes for beacon buffer
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
    - media: uvcvideo: Set capability in s_param
    - media: uvcvideo: Return -EIO for control errors
    - media: uvcvideo: Set unique vdev name based in type
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: imx: set a media_device bus_info string
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
    - media: rcar-csi2: Add checking to rcsi2_start_receiver()
    - ipmi: Disable some operations during a panic
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: ipu3-imgu: imgu_fmt: Handle properly try
    - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - net-sysfs: try not to restart the syscall if it will fail eventually
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
    - ACPI: battery: Accept charges over the design capacity as full
    - leaking_addresses: Always print a trailing newline
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - workqueue: make sysfs of unbound kworker cpumask more clever
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - block: remove inaccurate requeue check
    - nvmet: fix use-after-free when a port is removed
    - nvmet-tcp: fix use-after-free when a port is removed
    - nvme: drop scan_lock and always kick requeue list when removing namespaces
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - selftests: kvm: fix mismatched fclose() after popen()
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - vrf: run conntrack only in context of lower/physdev for locally generated
      packets
    - net: annotate data-race in neigh_output()
    - btrfs: do not take the uuid_mutex in btrfs_rm_device
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream
      state
    - selftests/bpf: Fix strobemeta selftest regression
    - Bluetooth: fix init and cleanup of sco_conn.timeout_work
    - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
    - drm/v3d: fix wait for TMU write combiner flush
    - virtio-gpu: fix possible memory allocation failure
    - net: net_namespace: Fix undefined member in key_remove_domain()
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - wilc1000: fix possible memory leak in cfg_scan_result()
    - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
    - crypto: caam - disable pkc for non-E SoCs
    - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
    - net: dsa: rtl8366rb: Fix off-by-one bug
    - ath10k: Fix missing frame timestamp for beacon/probe-resp
    - drm/amdgpu: fix warning for overflow check
    - media: em28xx: add missing em28xx_close_extension
    - media: cxd2880-spi: Fix a null pointer dereference on error handling path
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: TDA1997x: handle short reads of hdmi info frame.
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: radio-wl1273: Avoid card name truncation
    - media: si470x: Avoid card name truncation
    - media: tm6000: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - kprobes: Do not use local variable when creating debugfs file
    - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
    - cpuidle: Fix kobject memory leaks in error paths
    - media: em28xx: Don't use ops->suspend if it is NULL
    - ath9k: Fix potential interrupt storm on queue reset
    - EDAC/amd64: Handle three rank interleaving mode
    - netfilter: nft_dynset: relax superfluous check on set updates
    - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
      lm25066_coeff
    - ath10k: fix max antenna gain unit
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - block: ataflop: fix breakage introduced at blk-mq refactoring
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
    - rsi: stop thread firstly in rsi_91x_init() error handling
    - mwifiex: Send DELBA requests according to spec
    - phy: micrel: ksz8041nl: do not use power down mode
    - nvme-rdma: fix error code in nvme_rdma_setup_ctrl
    - PM: hibernate: fix sparse warnings
    - clocksource/drivers/timer-ti-dm: Select TIMER_OF
    - drm/msm: Fix potential NULL dereference in DPU SSPP
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - libbpf: Fix BTF data layout checks and allow empty BTF
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - irq: mips: avoid nested irq_enter()
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - KVM: s390: Fix handle_sske page fault handling
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - wcn36xx: add proper DMA memory barriers in rx path
    - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - selftests/bpf: Fix fclose/pclose mismatch in test_progs
    - udp6: allow SO_MARK ctrl msg to affect routing
    - ibmvnic: don't stop queue in xmit
    - ibmvnic: Process crqs after enabling interrupts
    - RDMA/rxe: Fix wrong port_cap_flags
    - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - arm64: dts: rockchip: Fix GPU register width for RK3328
    - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
    - RDMA/bnxt_re: Fix query SRQ failure
    - arm64: dts: meson-g12a: Fix the pwm regulator supply properties
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - clk: at91: check pmc node status before registering syscore ops
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
    - ARM: dts: stm32: fix SAI sub nodes register range
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - phy: qcom-qusb2: Fix a memory leak on probe
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - HID: u2fzero: clarify error check and length calculations
    - HID: u2fzero: properly handle timeouts in usb_submit_urb
    - powerpc/44x/fsp2: add missing of_node_put
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
    - opp: Fix return in _opp_add_static_v2()
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - mtd: core: don't remove debugfs directory if device is in use
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - soc: fsl: dpaa2-console: free buffer before returning from
      dpaa2_console_read
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Fix gnl list corruption
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - NFSv4: Fix a regression in nfs_set_open_stateid_locked()
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - net: vlan: fix a UAF in vlan_dev_real_dev()
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - zram: off by one in read_block_state()
    - perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
    - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
    - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
    - net: hns3: allow configure ETS bandwidth of all TCs
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - net/smc: fix sk_refcnt underflow on linkdown and fallback
    - cxgb4: fix eeprom len when diagnostics not implemented
    - selftests/net: udpgso_bench_rx: fix port argument
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - parisc: Fix set_fixmap() on PA1.x CPUs
    - irqchip/sifive-plic: Fixup EOI failed when masked
    - f2fs: should use GFP_NOFS for directory inodes
    - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
    - 9p/net: fix missing error check in p9_check_errors
    - ovl: fix deadlock in splice write
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - powerpc/security: Add a helper to query stf_barrier type
    - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - video: backlight: Drop maximum brightness override for brightness zero
    - s390/cio: check the subchannel validity for dev_busid
    - s390/tape: fix timer initialization in tape_std_assign()
    - s390/cio: make ccw_device_dma_* more robust
    - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - SUNRPC: Partial revert of commit 6f9f17287e78
    - ath10k: fix invalid dma_addr_t token assignment
    - selftests/bpf: Fix also no-alu32 strobemeta selftest
    - Linux 5.4.160
    - soc/tegra: pmc: Fix imbalanced clock disabling in error code path

* Focal update: v5.4.159 upstream stable release (LP: #1953071)
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: ehci: handshake CMD_RUN instead of STS_HALT
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - binder: don't detect sender/target during buffer cleanup
    - printk/console: Allow to disable console output by using console="" or
      console=null
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
    - rsi: fix control-message timeout
    - Linux 5.4.159

* Focal update: v5.4.158 upstream stable release (LP: #1953066)
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - vrf: Revert "Reset skb conntrack connection..."
    - net: ethernet: microchip: lan743x: Fix skb allocation failure
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - Revert "xhci: Set HCD flag to defer primary roothub registration"
    - Revert "usb: core: hcd: Add support for deferring roothub registration"
    - sfc: Fix reading non-legacy supported link modes
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - Linux 5.4.158

* [Ubuntu 20.04] Problem leading IUCV service down (on s390x) (LP: #1913442)
    - usercopy: mark dma-kmalloc caches as usercopy caches

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 13 Jan 2022 19:00:41 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-31:

#18

Download full text (74.6 KiB)

This bug was fixed in the package linux - 5.13.0-28.31

---------------
linux (5.13.0-28.31) impish; urgency=medium

  * amd_sfh: Null pointer dereference on early device init causes early panic
    and fails to boot (LP: #1956519)
    - HID: amd_sfh: Fix potential NULL pointer dereference

* impish: ddebs build take too long and times out (LP: #1957810)
- [Packaging] enforce xz compression for ddebs

* audio mute/ mic mute are not working on a HP machine (LP: #1955691)
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook

* rtw88_8821ce causes freeze (LP: #1927808)
- rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE

  * alsa/sdw: fix the audio sdw codec parsing logic in the acpi table
    (LP: #1955686)
    - ALSA: hda: intel-sdw-acpi: harden detection of controller
    - ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2

  * icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

  * Impish update: upstream stable patchset 2021-12-17 (LP: #1955180)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: sunxi: Fix OPPs node name
    - arm64: dts: allwinner: h5: Fix GPU thermal zone node name
    - arm64: dts: allwinner: a100: Fix thermal zone node name
    - staging: wfx: ensure IRQ is ready before enabling it
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - bus: ti-sysc: Add quirk handling for reinit on context lost
    - bus: ti-sysc: Use context lost quirk for otg
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - ARM: dts: ux500: Skomer regulator fixes
    - staging: rtl8723bs: remove possible deadlock when disconnect (v2)
    - ARM: BCM53016: Specify switch ports for Meraki MR32
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336
      codec
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni:...

This bug was fixed in the package linux - 5.13.0-28.31

---------------
linux (5.13.0-28.31) impish; urgency=medium

* amd_sfh: Null pointer dereference on early device init causes early panic
    and fails to boot (LP: #1956519)
    - HID: amd_sfh: Fix potential NULL pointer dereference

* impish: ddebs build take too long and times out (LP: #1957810)
    - [Packaging] enforce xz compression for ddebs

* audio mute/ mic mute are not working on a HP machine (LP: #1955691)
    - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook

* rtw88_8821ce causes freeze (LP: #1927808)
    - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE

* alsa/sdw: fix the  audio sdw codec parsing logic in the acpi table
    (LP: #1955686)
    - ALSA: hda: intel-sdw-acpi: harden detection of controller
    - ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2

* icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()

* Impish update: upstream stable patchset 2021-12-17 (LP: #1955180)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: sunxi: Fix OPPs node name
    - arm64: dts: allwinner: h5: Fix GPU thermal zone node name
    - arm64: dts: allwinner: a100: Fix thermal zone node name
    - staging: wfx: ensure IRQ is ready before enabling it
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - bus: ti-sysc: Add quirk handling for reinit on context lost
    - bus: ti-sysc: Use context lost quirk for otg
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - ARM: dts: ux500: Skomer regulator fixes
    - staging: rtl8723bs: remove possible deadlock when disconnect (v2)
    - ARM: BCM53016: Specify switch ports for Meraki MR32
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336
      codec
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
    - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
    - powerpc/5200: dts: fix memory node unit name
    - ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without DEBUG_RODATA_TEST
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - f2fs: fix up f2fs_lookup tracepoints
    - f2fs: fix to use WHINT_MODE
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: math-emu: drop unused functions
    - sh: define __BIG_ENDIAN for math-emu
    - f2fs: compress: disallow disabling compress on non-empty compressed file
    - f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
    - clk: ingenic: Fix bugs with divided dividers
    - clk/ast2600: Fix soc revision for AHB
    - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - perf/x86/vlbr: Add c->flags to vlbr event constraints
    - blkcg: Remove extra blkcg_bio_issue_init
    - tracing/histogram: Do not copy the fixed-size char array field over the
      field size
    - perf bpf: Avoid memory leak from perf_env__insert_btf()
    - perf bench futex: Fix memory leak of perf_cpu_map__new()
    - perf tests: Remove bash construct from record+zstd_comp_decomp.sh
    - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
    - tcp: Fix uninitialized access in skb frags array for Rx 0cp.
    - tracing: Add length protection to histogram string copies
    - net: ipa: disable HOLB drop when updating timer
    - net: bnx2x: fix variable dereferenced before check
    - bnxt_en: reject indirect blk offload when hw-tc-offload is off
    - tipc: only accept encrypted MSG_CRYPTO msgs
    - sock: fix /proc/net/sockstat underflow in sk_clone_lock()
    - net/smc: Make sure the link_id is unique
    - iavf: Fix return of set the new channel count
    - iavf: check for null in iavf_fix_features
    - iavf: free q_vectors before queues in iavf_disable_vf
    - iavf: Fix failure to exit out from last all-multicast mode
    - iavf: prevent accidental free of filter structure
    - iavf: validate pointers
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - iavf: Fix for setting queues to 0
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
    - net/mlx5: Lag, update tracker when state change event received
    - net/mlx5: E-Switch, return error if encap isn't supported
    - scsi: core: sysfs: Fix hang when device state is set via sysfs
    - net: sched: act_mirred: drop dst for the direction from egress to ingress
    - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix ping is lost after configuring ADq on VF
    - i40e: Fix warning message and call stack during rmmod i40e driver
    - i40e: Fix creation of first queue by omitting it if is not power of two
    - i40e: Fix display error code in dmesg
    - NFC: reorganize the functions in nci_request
    - NFC: reorder the logic in nfc_{un,}register_device
    - NFC: add NCI_UNREG flag to eliminate the race
    - e100: fix device suspend/resume
    - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
    - pinctrl: qcom: sdm845: Enable dual edge errata
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - s390/kexec: fix return code handling
    - net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - hexagon: clean up timer-regs.h
    - tipc: check for null after calling kmemdup
    - ipc: WARN if trying to remove ipc object which is absent
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
    - powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
    - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id()
    - s390/kexec: fix memory leak of ipl report buffer
    - block: Check ADMIN before NICE for IOPRIO_CLASS_RT
    - KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested
      state load
    - udf: Fix crash after seekdir
    - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10
      platform
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/amd/display: Update swizzle mode enums
    - drm/udl: fix control-message timeout
    - drm/nouveau: Add a dedicated mutex for the clients list
    - drm/nouveau: use drm_dev_unplug() during device removal
    - drm/nouveau: clean up all clients on device removal
    - drm/i915/dp: Ensure sink rate values are always valid
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - scsi: ufs: core: Fix task management completion
    - scsi: ufs: core: Fix task management completion timeout race
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - selinux: fix NULL-pointer dereference when hashtab allocation fails
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - ice: Delete always true check of PF pointer
    - fs: export an inode_update_time helper
    - btrfs: update device path inode time instead of bd_inode
    - x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
    - ALSA: hda: hdac_ext_stream: fix potential locking issues
    - ALSA: hda: hdac_stream: fix potential locking issue in
      snd_hdac_stream_assign()
    - clk: sunxi-ng: Unregister clocks/resets when unbinding
    - ARM: dts: BCM5301X: Fix nodes names
    - ARM: dts: BCM5301X: Fix MDIO mux binding
    - arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus
    - scsi: pm80xx: Fix memory leak during rmmod
    - staging: rtl8723bs: remove a third possible deadlock
    - arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property
    - arm64: dts: ls1012a: Add serial alias for ls1012a-rdb
    - ALSA: usb-audio: disable implicit feedback sync for Behringer UFX1204 and
      UFX1604
    - ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
    - ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ
    - scsi: smartpqi: Add controller handshake during kdump
    - arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY
    - ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single amp
    - ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45
    - HID: multitouch: disable sticky fingers for UPERFECT Y
    - ALSA: usb-audio: Add support for the Pioneer DJM 750MK2 Mixer/Soundcard
    - ASoC: rt5682: fix a little pop while playback
    - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option
    - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
    - scsi: lpfc: Fix link down processing to address NULL pointer dereference
    - memory: tegra20-emc: Add runtime dependency on devfreq governor module
    - arm64: dts: qcom: Fix node name of rpm-msg-ram device nodes
    - clk: at91: sama7g5: remove prescaler part of master clock
    - f2fs: fix wrong condition to trigger background checkpoint correctly
    - sched/fair: Prevent dead task groups from regaining cfs_rq's
    - net/ipa: ipa_resource: Fix wrong for loop range
    - nl80211: fix radio statistics in survey dump
    - mac80211: fix monitor_sdata RCU/locking assertions
    - net: ipa: HOLB register sometimes must be written twice
    - selftests: gpio: fix gpio compiling error
    - iavf: don't clear a lock we don't hold
    - iavf: Restore VLAN filters after link down
    - bpf: Fix toctou on read-only map's constant scalar tracking
    - udp: Validate checksum in udp_read_sock()
    - btrfs: make 1-bit bit-fields of scrub_page unsigned int
    - net/mlx5e: kTLS, Fix crash in RX resync flow
    - net/mlx5e: Wait for concurrent flow deletion during neigh/fib events
    - net/mlx5: E-Switch, Fix resetting of encap mode when entering switchdev
    - net/mlx5: Update error handler for UCTX and UMEM
    - net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
    - riscv: fix building external modules
    - powerpc: clean vdso32 and vdso64 directories
    - pinctrl: qcom: sm8350: Correct UFS and SDC offsets
    - perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
    - blk-cgroup: fix missing put device in error path from blkg_conf_pref()
    - shm: extend forced shm destroy to support objects from several IPC nses
    - hugetlb, userfaultfd: fix reservation restore on userfaultfd error
    - kmap_local: don't assume kmap PTEs are linear arrays in memory
    - [Config] updateconfigs for KMAP_LOCAL_NON_LINEAR_PTE_ARRAY
    - x86/boot: Pull up cmdline preparation and early param parsing
    - x86/sgx: Fix free page accounting
    - KVM: x86: Assume a 64-bit hypercall for guests with protected state
    - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap()
    - powerpc/signal32: Fix sigset_t copy
    - Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"
    - s390/setup: avoid reserving memory above identity mapping
    - KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created vCPUs
    - spi: fix use-after-free of the add_lock mutex
    - Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size
    - fs: handle circular mappings correctly
    - net: stmmac: Fix signed/unsigned wreckage
    - mac80211: drop check for DONT_REORDER in __ieee80211_select_queue
    - drm/amd/display: Limit max DSC target bpp for specific monitors
    - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
    - drm/i915/dp: Ensure max link params are always valid
    - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms
    - drm/amd/pm: avoid duplicate powergate/ungate setting
    - ice: Fix VF true promiscuous mode
    - net: add and use skb_unclone_keeptruesize() helper

* Impish update: upstream stable patchset 2021-12-16 (LP: #1955070)
    - fortify: Explicitly disable Clang support
    - block: Add a helper to validate the block size
    - loop: Use blk_validate_block_size() to validate block size
    - bootconfig: init: Fix memblock leak in xbc_make_cmdline()
    - net: stmmac: dwmac-rk: fix unbalanced pm_runtime_enable warnings
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - PCI/MSI: Deal with devices lying about their MSI mask capability
    - PCI: Add MSI masking quirk for Nvidia ION AHCI
    - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
    - erofs: fix unsafe pagevec reuse of hooked pclusters
    - perf/core: Avoid put_page() when GUP fails
    - thermal: Fix NULL pointer dereferences in of_thermal_ functions
    - selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage
    - KVM: Fix steal time asm constraints
    - Bluetooth: btusb: Add 0x0b05:0x190e Realtek 8761BU (ASUS BT500) device.
    - Bluetooth: btusb: Add support for TP-Link UB500 Adapter
    - string: uninline memcpy_and_pad
    - btrfs: introduce btrfs_is_data_reloc_root
    - btrfs: zoned: add a dedicated data relocation block group
    - btrfs: zoned: only allow one process to add pages to a relocation inode
    - btrfs: zoned: use regular writes for relocation
    - btrfs: check for relocation inodes on zoned btrfs in should_nocow
    - btrfs: zoned: allow preallocation for relocation inodes

* CVE-2021-4090
    - NFSD: Fix exposure in nfsd4_decode_bitmap()

* AMD: Suspend not working when some cores are disabled through cpufreq
    (LP: #1954930)
    - ACPI: processor idle: Allow playing dead in C3 state

* system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static

* [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - KVM: s390: add debug statement for diag 318 CPNC data

* New fix for jack detection after resume on CS8409 sound driver
    (LP: #1954773)
    - ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver

* s2idle suspend failure: amd_pmc AMDI0005:00: SMU response timed out
    (LP: #1954633)
    - platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops

* mt7921e: Failed to start WM firmware (LP: #1954300)
    - Bluetooth: btusb: Handle download_firmware failure cases
    - SAUCE: Bluetooth: btusb: Return error code when getting patch status failed

* [SRU][I/J/OEM-5.13/OEM-5.14] Fix pci port lost when hotplug dock
    (LP: #1954646)
    - PCI: Re-enable Downstream Port LTR after reset or hotplug

* [SRU][I/OEM-5.13/OEM-5.14] Fix USB3.1 hotplug after S3 on AMD renoir
    (LP: #1952817)
    - drm/amd/display: Look at firmware version to determine using dmub on dcn21

* Thinkpad E14 Gen2: Kernel panic with trackpad and trackpoint enabled
    (LP: #1945590)
    - Input: elantech - fix stack out of bound access in
      elantech_change_report_id()

* [SRU][Ubuntu 21.10][Broadcom] mpi3mr driver submission request
    (LP: #1933359)
    - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig
    - scsi: mpi3mr: Base driver code
    - scsi: mpi3mr: Create operational request and reply queue pair
    - scsi: mpi3mr: Add support for queue command processing
    - scsi: mpi3mr: Add support for internal watchdog thread
    - scsi: mpi3mr: Add support for device add/remove event handling
    - scsi: mpi3mr: Add support for PCIe device event handling
    - scsi: mpi3mr: Additional event handling
    - scsi: mpi3mr: Add support for recovering controller
    - scsi: mpi3mr: Add support for timestamp sync with firmware
    - scsi: mpi3mr: Print IOC info for debugging
    - scsi: mpi3mr: Add bios_param SCSI host template hook
    - scsi: mpi3mr: Implement SCSI error handler hooks
    - scsi: mpi3mr: Add change queue depth support
    - scsi: mpi3mr: Allow certain commands during pci-remove hook
    - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
    - scsi: mpi3mr: Add support for threaded ISR
    - scsi: mpi3mr: Complete support for soft reset
    - scsi: mpi3mr: Print pending host I/Os for debugging
    - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
      timeout
    - scsi: mpi3mr: Add support for PM suspend and resume
    - scsi: mpi3mr: Add support for DSN secure firmware check
    - scsi: mpi3mr: Add EEDP DIF DIX support
    - scsi: mpi3mr: Add event handling debug prints
    - [Config] updateconfigs for CONFIG_SCSI_MPI3MR

* Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

* Impish update: upstream stable patchset 2021-12-09 (LP: #1954337)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
    - Input: iforce - fix control-message timeout
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd()
    - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
    - scsi: qla2xxx: Fix use after free in eh_abort path
    - mmc: mtk-sd: Add wait dma stop done flow
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - exfat: fix incorrect loading of i_blocks for large files
    - parisc: Fix set_fixmap() on PA1.x CPUs
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - firmware/psci: fix application of sizeof to pointer
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - media: rkvdec: Do not override sizeimage for output format
    - media: ite-cir: IR receiver stop working after receive overflow
    - media: rkvdec: Support dynamic resolution changes
    - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
    - media: v4l2-ioctl: Fix check_ext_ctrls
    - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
    - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
    - ALSA: hda/realtek: Add quirk for Clevo PC70HS
    - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ
    - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
    - ALSA: hda/realtek: Add quirk for ASUS UX550VE
    - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 400
    - ALSA: hda: Free card instance properly at probe errors
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - ext4: ensure enough credits in ext4_ext_shift_path_extents
    - ext4: refresh the ext4_ext_path struct after dropping i_data_sem.
    - fuse: fix page stealing
    - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
    - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked()
    - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - mISDN: Fix return values of the probe function
    - cavium: Fix return values of the probe function
    - sfc: Export fibre-specific supported link modes
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
    - reset: socfpga: add empty driver allowing consumers to probe
    - mmc: winbond: don't build on M68K
    - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
    - fcnal-test: kill hanging ping/nettest binaries on cleanup
    - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
    - bpf: Prevent increasing bpf_jit_limit above max
    - gpio: mlxbf2.c: Add check for bgpio_init failure
    - xen/netfront: stop tx queues during live migration
    - nvmet-tcp: fix a memory leak when releasing a queue
    - spi: spl022: fix Microwire full duplex mode
    - net: multicast: calculate csum of looped-back and forwarded packets
    - watchdog: Fix OMAP watchdog early handling
    - drm: panel-orientation-quirks: Add quirk for GPD Win3
    - block: schedule queue restart after BLK_STS_ZONE_RESOURCE
    - nvmet-tcp: fix header digest verification
    - r8169: Add device 10ec:8162 to driver r8169
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
    - net/smc: Fix smc_link->llc_testlink_time overflow
    - net/smc: Correct spelling mistake to TCPF_SYN_RECV
    - btrfs: clear MISSING device status bit in btrfs_close_one_device
    - btrfs: fix lost error handling when replaying directory deletes
    - btrfs: call btrfs_check_rw_degradable only if there is a missing device
    - KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - selinux: fix race condition when computing ocontext SIDs
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - ifb: Depend on netfilter alternatively to tc
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - wcn36xx: Fix tx_status mechanism
    - wcn36xx: Fix (QoS) null data frame bitrate/modulation
    - PM: sleep: Do not let "syscore" devices runtime-suspend during system
      transitions
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - mwifiex: Try waking the firmware until we get an interrupt
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - rsi: fix occasional initialisation failure with BT coex
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - rsi: Fix module dev_oper_mode parameter description
    - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server
    - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id
    - soc: fsl: dpio: use the combined functions to protect critical zone
    - mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - KVM: arm64: Extract ESR_ELx.EC only
    - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
    - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
    - can: j1939: j1939_can_recv(): ignore messages with invalid source address
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - ring-buffer: Protect ring_buffer_reset() from reentrancy
    - serial: core: Fix initializing and restoring termios speed
    - ifb: fix building without CONFIG_NET_CLS_ACT
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - ovl: fix use after free in struct ovl_aio_req
    - PCI: pci-bridge-emul: Fix emulation of W1C bits
    - PCI: cadence: Add cdns_plat_pcie_probe() missing return
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Fix checking for link up via LTSSM state
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix reporting Data Link Layer Link Active
    - PCI: aardvark: Fix configuring Reference clock
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated
      bridge
    - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
    - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
    - PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - coresight: cti: Correct the parameter for pm_runtime_put
    - iio: dac: ad5446: Fix ad5622_write() return value
    - iio: ad5770r: make devicetree property reading consistent
    - USB: serial: keyspan: fix memleak on probe errors
    - serial: 8250: fix racy uartclk update
    - most: fix control-message timeouts
    - USB: iowarrior: fix control-message timeouts
    - USB: chipidea: fix interrupt deadlock
    - power: supply: max17042_battery: Clear status bits in interrupt handler
    - dma-buf: WARN on dmabuf release with pending attachments
    - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
    - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
    - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - drm/panel-orientation-quirks: add Valve Steam Deck
    - rcutorture: Avoid problematic critical section nesting on PREEMPT_RT
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - net: sched: update default qdisc visibility after Tx queue cnt changes
    - rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - ath11k: Align bss_chan_info structure with firmware
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - fscrypt: allow 256-bit master keys with AES-256-XTS
    - drm/amdgpu: Fix MMIO access page fault
    - ath11k: Avoid reg rules update during firmware recovery
    - ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED
    - ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets
    - ath10k: high latency fixes for beacon buffer
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: atomisp: Fix error handling in probe
    - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
    - media: uvcvideo: Set capability in s_param
    - media: uvcvideo: Return -EIO for control errors
    - media: uvcvideo: Set unique vdev name based in type
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: imx: set a media_device bus_info string
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - rtw88: fix RX clock gate setting while fifo dump
    - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
    - media: rcar-csi2: Add checking to rcsi2_start_receiver()
    - ipmi: Disable some operations during a panic
    - fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: ipu3-imgu: imgu_fmt: Handle properly try
    - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - net-sysfs: try not to restart the syscall if it will fail eventually
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - mmc: moxart: Fix reference count leaks in moxart_probe
    - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
    - ACPI: battery: Accept charges over the design capacity as full
    - drm/amdkfd: fix resume error when iommu disabled in Picasso
    - net: phy: micrel: make *-skew-ps check more lenient
    - leaking_addresses: Always print a trailing newline
    - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture()
    - block: bump max plugged deferred size from 16 to 32
    - md: update superblock after changing rdev flags in state_store
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - workqueue: make sysfs of unbound kworker cpumask more clever
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mt76: mt7915: fix an off-by-one bound check
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - block: remove inaccurate requeue check
    - media: allegro: ignore interrupt if mailbox is not initialized
    - nvmet: fix use-after-free when a port is removed
    - nvmet-rdma: fix use-after-free when a port is removed
    - nvmet-tcp: fix use-after-free when a port is removed
    - nvme: drop scan_lock and always kick requeue list when removing namespaces
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - selftests: kvm: fix mismatched fclose() after popen()
    - selftests/bpf: Fix perf_buffer test on system with offline cpus
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - gfs2: Cancel remote delete work asynchronously
    - gfs2: Fix glock_hash_walk bugs
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - vrf: run conntrack only in context of lower/physdev for locally generated
      packets
    - net: annotate data-race in neigh_output()
    - ACPI: AC: Quirk GK45 to skip reading _PSR
    - btrfs: reflink: initialize return value to 0 in btrfs_extent_same()
    - btrfs: do not take the uuid_mutex in btrfs_rm_device
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - wcn36xx: Correct band/freq reporting on RX
    - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
    - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled
    - selftests/core: fix conflicting types compile error for close_range()
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - erofs: don't trigger WARN() when decompression fails
    - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream
      state
    - selftests/bpf: Fix strobemeta selftest regression
    - Bluetooth: fix init and cleanup of sco_conn.timeout_work
    - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
    - MIPS: lantiq: dma: fix burst length for DEU
    - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
    - drm/v3d: fix wait for TMU write combiner flush
    - virtio-gpu: fix possible memory allocation failure
    - lockdep: Let lock_is_held_type() detect recursive read as read
    - net: net_namespace: Fix undefined member in key_remove_domain()
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - wcn36xx: Fix Antenna Diversity Switching
    - wilc1000: fix possible memory leak in cfg_scan_result()
    - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
    - crypto: caam - disable pkc for non-E SoCs
    - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
    - net: dsa: rtl8366rb: Fix off-by-one bug
    - ath11k: fix some sleeping in atomic bugs
    - ath11k: Avoid race during regd updates
    - ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status
    - ath11k: Fix memory leak in ath11k_qmi_driver_event_work
    - ath10k: Fix missing frame timestamp for beacon/probe-resp
    - ath10k: sdio: Add missing BH locking around napi_schdule()
    - drm/ttm: stop calling tt_swapin in vm_access
    - arm64: mm: update max_pfn after memory hotplug
    - drm/amdgpu: fix warning for overflow check
    - media: em28xx: add missing em28xx_close_extension
    - media: cxd2880-spi: Fix a null pointer dereference on error handling path
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: v4l2-ioctl: S_CTRL output the right value
    - media: TDA1997x: handle short reads of hdmi info frame.
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: radio-wl1273: Avoid card name truncation
    - media: si470x: Avoid card name truncation
    - media: tm6000: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - kprobes: Do not use local variable when creating debugfs file
    - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
    - cpuidle: Fix kobject memory leaks in error paths
    - media: em28xx: Don't use ops->suspend if it is NULL
    - ath9k: Fix potential interrupt storm on queue reset
    - PM: EM: Fix inefficient states detection
    - EDAC/amd64: Handle three rank interleaving mode
    - rcu: Always inline rcu_dynticks_task*_{enter,exit}()
    - netfilter: nft_dynset: relax superfluous check on set updates
    - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - gve: Recover from queue stall due to missed IRQ
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - mmc: sdhci-omap: Fix context restore
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
      lm25066_coeff
    - ath10k: fix max antenna gain unit
    - kernel/sched: Fix sched_fork() access an invalid sched_task_group
    - tcp: switch orphan_count to bare per-cpu counters
    - drm/msm: potential error pointer dereference in init()
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - media: ir_toy: assignment to be16 should be of correct type
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
    - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
    - mt76: mt7915: fix possible infinite loop release semaphore
    - mt76: mt7915: fix sta_rec_wtbl tag len
    - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
    - rsi: stop thread firstly in rsi_91x_init() error handling
    - mwifiex: Send DELBA requests according to spec
    - net: enetc: unmap DMA in enetc_send_cmd()
    - phy: micrel: ksz8041nl: do not use power down mode
    - nvme-rdma: fix error code in nvme_rdma_setup_ctrl
    - PM: hibernate: fix sparse warnings
    - clocksource/drivers/timer-ti-dm: Select TIMER_OF
    - x86/sev: Fix stack type check in vc_switch_off_ist()
    - drm/msm: Fix potential NULL dereference in DPU SSPP
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - KVM: selftests: Fix nested SVM tests when built with clang
    - bpftool: Avoid leaking the JSON writer prepared for program metadata
    - libbpf: Fix overflow in BTF sanity checks
    - libbpf: Fix BTF header parsing checks
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - KVM: s390: pv: avoid double free of sida page
    - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
    - irq: mips: avoid nested irq_enter()
    - tpm: fix Atmel TPM crash caused by too frequent queries
    - tpm_tis_spi: Add missing SPI ID
    - libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED()
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - spi: spi-rpc-if: Check return value of rpcif_sw_init()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - KVM: s390: Fix handle_sske page fault handling
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - wcn36xx: add proper DMA memory barriers in rx path
    - wcn36xx: Fix discarded frames due to wrong sequence number
    - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
    - selftests/bpf: Fix fd cleanup in sk_lookup test
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - selftests/bpf: Fix fclose/pclose mismatch in test_progs
    - udp6: allow SO_MARK ctrl msg to affect routing
    - ibmvnic: don't stop queue in xmit
    - ibmvnic: Process crqs after enabling interrupts
    - cgroup: Fix rootcg cpu.stat guest double counting
    - bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.
    - bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit.
    - of: unittest: fix EXPECT text for gpio hog errors
    - iio: st_sensors: Call st_sensors_power_enable() from bus drivers
    - iio: st_sensors: disable regulators after device unregistration
    - RDMA/rxe: Fix wrong port_cap_flags
    - ARM: dts: BCM5301X: Fix memory nodes names
    - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - arm64: dts: rockchip: Fix GPU register width for RK3328
    - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
    - RDMA/bnxt_re: Fix query SRQ failure
    - arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes
    - arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe
    - arm64: dts: meson-g12a: Fix the pwm regulator supply properties
    - arm64: dts: meson-g12b: Fix the pwm regulator supply properties
    - bus: ti-sysc: Fix timekeeping_suspended warning on resume
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock
    - arm64: dts: renesas: beacon: Fix Ethernet PHY mode
    - arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - ALSA: hda: Fix hang during shutdown due to link reset
    - ALSA: hda: Use position buffer for SKL+ again
    - soundwire: debugfs: use controller id and link_id for debugfs
    - scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp()
    - driver core: Fix possible memory leak in device_link_add()
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - ASoC: SOF: topology: do not power down primary core during topology removal
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - clk: at91: check pmc node status before registering syscore ops
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - powerpc: fix unbalanced node refcount in check_kvm_guest()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - power: supply: max17040: fix null-ptr-deref in max17040_probe()
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - usb: musb: select GENERIC_PHY instead of depending on it
    - staging: most: dim2: do not double-register the same device
    - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
    - pinctrl: renesas: checker: Fix off-by-one bug in drive register check
    - ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
    - ARM: dts: stm32: fix SAI sub nodes register range
    - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - soc: qcom: rpmhpd: Make power_on actually enable the domain
    - usb: typec: STUSB160X should select REGMAP_I2C
    - iio: adis: do not disabe IRQs in 'adis_init()'
    - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
    - serial: imx: fix detach/attach of serial console
    - usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init
    - usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled
    - usb: dwc2: drd: reset current session before setting the new one
    - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available()
    - soc: qcom: apr: Add of_node_put() before return
    - pinctrl: equilibrium: Fix function addition in multiple groups
    - phy: qcom-qusb2: Fix a memory leak on probe
    - phy: ti: gmii-sel: check of_get_address() for failure
    - phy: qcom-snps: Correct the FSEL_MASK
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL
    - HID: u2fzero: clarify error check and length calculations
    - HID: u2fzero: properly handle timeouts in usb_submit_urb
    - powerpc/44x/fsp2: add missing of_node_put
    - ASoC: cs42l42: Use device_property API instead of of_property
    - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv
    - virtio_ring: check desc == NULL when using indirect with packed
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - nfsd: don't alloc under spinlock in rpc_parse_scope_id
    - i2c: mediatek: fixing the incorrect register offset
    - NFS: Fix dentry verifier races
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
    - opp: Fix return in _opp_add_static_v2()
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation
    - mtd: core: don't remove debugfs directory if device is in use
    - remoteproc: Fix a memory leak in an error handling path in
      'rproc_handle_vdev()'
    - rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - NFS: Fix up commit deadlocks
    - NFS: Fix an Oops in pnfs_mark_request_commit()
    - Fix user namespace leak
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - soc: fsl: dpaa2-console: free buffer before returning from
      dpaa2_console_read
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Changes to support FCP2 Target
    - scsi: qla2xxx: Relogin during fabric disturbance
    - scsi: qla2xxx: Fix gnl list corruption
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - NFSv4: Fix a regression in nfs_set_open_stateid_locked()
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - ethtool: fix ethtool msg len calculation for pause stats
    - openrisc: fix SMP tlb flush NULL pointer dereference
    - net: vlan: fix a UAF in vlan_dev_real_dev()
    - ice: Fix replacing VF hardware MAC to existing MAC filter
    - ice: Fix not stopping Tx queues for VFs
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug
    - net: phy: fix duplex out of sync problem while changing settings
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mfd: core: Add missing of_node_put for loop iteration
    - can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for
      mcp251xfd_chip_rx_int_enable()
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - zram: off by one in read_block_state()
    - perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
    - bpf, sockmap: Remove unhash handler for BPF sockmap usage
    - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
    - gve: Fix off by one in gve_tx_timeout()
    - seq_file: fix passing wrong private data
    - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
    - net: hns3: fix kernel crash when unload VF while it is being reset
    - net: hns3: allow configure ETS bandwidth of all TCs
    - net: stmmac: allow a tc-taprio base-time of zero
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - net/smc: fix sk_refcnt underflow on linkdown and fallback
    - cxgb4: fix eeprom len when diagnostics not implemented
    - selftests/net: udpgso_bench_rx: fix port argument
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
    - x86/mce: Add errata workaround for Skylake SKX37
    - posix-cpu-timers: Clear task::posix_cputimers_work in copy_process()
    - irqchip/sifive-plic: Fixup EOI failed when masked
    - f2fs: should use GFP_NOFS for directory inodes
    - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
    - 9p/net: fix missing error check in p9_check_errors
    - memcg: prohibit unconditional exceeding the limit of dying tasks
    - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - mfd: dln2: Add cell for initializing DLN2 ADC
    - video: backlight: Drop maximum brightness override for brightness zero
    - s390/cio: check the subchannel validity for dev_busid
    - s390/tape: fix timer initialization in tape_std_assign()
    - s390/ap: Fix hanging ioctl caused by orphaned replies
    - s390/cio: make ccw_device_dma_* more robust
    - mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines
    - mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
    - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
    - powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n
    - drm/sun4i: Fix macros in sun8i_csc.h
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - PCI: aardvark: Fix PCIe Max Payload Size setting
    - SUNRPC: Partial revert of commit 6f9f17287e78
    - ath10k: fix invalid dma_addr_t token assignment
    - mmc: moxart: Fix null pointer dereference on pointer host
    - selftests/bpf: Fix also no-alu32 strobemeta selftest
    - arch/cc: Introduce a function to check for confidential computing features
    - x86/sev: Add an x86 version of cc_platform_has()
    - [Config] updateconfigs for ARCH_HAS_CC_PLATFORM
    - x86/sev: Make the #VC exception stacks part of the default stacks storage
    - scsi: core: Avoid leaving shost->last_reset with stale value if EH does not
      run
    - scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding
    - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
    - ce/gf100: fix incorrect CE0 address calculation on some GPUs
    - x86/insn-eval: Make 0 a valid RIP for insn_get_effective_ip()
    - x86/iopl: Fake iopl(3) CLI/STI usage
    - KVM: arm64: Report corrupted refcount at EL2
    - ASoC: cs42l42: Ensure 0dB full scale volume is used for headsets
    - ptp: fix error print of ptp_kvm on X86_64 platform
    - net: mscc: ocelot: Add of_node_put() before goto
    - spi: altera: Change to dynamic allocation of spi id
    - bpf: Define bpf_jit_alloc_exec_limit for riscv JIT
    - net: hns3: ignore reset event before initialization process is done
    - tools/testing/selftests/vm/split_huge_page_test.c: fix application of sizeof
      to pointer
    - KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ
      handling
    - ipmi:watchdog: Set panic count to proper value on a panic
    - md/raid1: only allocate write behind bio for WriteMostly device
    - platform/surface: aggregator_registry: Add support for Surface Laptop Studio
    - mt76: mt7615: fix skb use-after-free on mac reset
    - HID: surface-hid: Use correct event registry for managing HID events
    - HID: surface-hid: Allow driver matching for target ID 1 devices
    - perf/x86/intel/uncore: Fix invalid unit check
    - soc: samsung: exynos-pmu: Fix compilation when nothing selects
      CONFIG_MFD_CORE
    - iio: core: fix double free in iio_device_unregister_sysfs()
    - KVM: x86: Fix recording of guest steal time / preempted status
    - KVM: nVMX: Handle dynamic MSR intercept toggling
    - cifs: To match file servers, make sure the server hostname matches
    - cifs: set a minimum of 120s for next dns resolution
    - coresight: trbe: Fix incorrect access of the sink specific data
    - coresight: trbe: Defer the probe on offline CPUs
    - iio: buffer: check return value of kstrdup_const()
    - iio: buffer: Fix memory leak in iio_buffers_alloc_sysfs_and_mask()
    - iio: buffer: Fix memory leak in __iio_buffer_alloc_sysfs_and_mask()
    - iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups()
    - drivers: iio: dac: ad5766: Fix dt property name
    - Documentation:devicetree:bindings:iio:dac: Fix val
    - crypto: aesni - check walk.nbytes instead of err
    - x86/mm/64: Improve stack overflow warnings
    - spi: Check we have a spi_device_id for each DT compatible
    - drm/amd/display: Fix null pointer dereference for encoders
    - selftests: net: fib_nexthops: Wait before checking reported idle time
    - media: vidtv: Fix memory leak in remove
    - media: videobuf2: rework vb2_mem_ops API
    - media: rcar-vin: Use user provided buffers when starting
    - ice: Move devlink port to PF/VF struct
    - media: imx-jpeg: Fix possible null pointer dereference
    - tracing: Disable "other" permission bits in the tracefs files
    - drm/amd/display: fix null pointer deref when plugging in display
    - thermal/core: Fix null pointer dereference in thermal_release()
    - thermal/drivers/tsens: Add timeout to get_temp_tsens_valid
    - floppy: fix calling platform_device_unregister() on invalid drives
    - locking/rwsem: Disable preemption for spinning region
    - iwlwifi: change all JnP to NO-160 configuration
    - drm/amdgpu/pm: properly handle sclk for profiling modes on vangogh
    - arm64: vdso32: suppress error message for 'make mrproper'
    - can: bittiming: can_fixup_bittiming(): change type of tseg1 and alltseg to
      unsigned int
    - tools/latency-collector: Use correct size when writing queue_full_warning
    - wcn36xx: Fix packet drop on resume
    - Revert "wcn36xx: Enable firmware link monitoring"
    - ftrace: do CPU checking after preemption disabled
    - perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings
    - fbdev/efifb: Release PCI device's runtime PM ref during FB destroy
    - drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux()
    - libbpf: Don't crash on object files with no symbol tables
    - objtool: Handle __sanitize_cov*() tail calls
    - net: phylink: don't call netif_carrier_off() with NULL netdev
    - spi: Fixed division by zero warning
    - bnxt_en: Check devlink allocation and registration status
    - qed: Don't ignore devlink allocation failures
    - fortify: Fix dropped strcpy() compile-time write overflow check
    - cfg80211: always free wiphy specific regdomain
    - net: dsa: rtl8366: Fix a bug in deleting VLANs
    - media: meson-ge2d: Fix rotation parameter changes detection in
      'ge2d_s_ctrl()'
    - media: imx258: Fix getting clock frequency
    - media: mtk-vcodec: venc: fix return value when start_streaming fails
    - media: imx-jpeg: Fix the error handling path of 'mxc_jpeg_probe()'
    - media: i2c: ths8200 needs V4L2_ASYNC
    - scs: Release kasan vmalloc poison in scs_free process
    - ath10k: Don't always treat modem stop events as crashes
    - x86/insn: Use get_unaligned() instead of memcpy()
    - crypto: ccree - avoid out-of-range warnings from clang
    - gve: Track RX buffer allocation failures
    - crypto: octeontx2 - set assoclen in aead_do_fallback()
    - thermal/core: fix a UAF bug in __thermal_cooling_device_register()
    - drm/msm: fix potential NULL dereference in cleanup
    - block: ataflop: fix breakage introduced at blk-mq refactoring
    - drm/amdkfd: Fix an inappropriate error handling in allloc memory of gpu
    - mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal()
    - mt76: connac: fix mt76_connac_gtk_rekey_tlv usage
    - mt76: fix build error implicit enumeration conversion
    - mt76: mt7921: fix survey-dump reporting
    - mt76: mt7921: Fix out of order process by invalid event pkt
    - mt76: mt7915: fix potential overflow of eeprom page index
    - mt76: mt7915: fix bit fields for HT rate idx
    - mt76: mt7921: fix dma hang in rmmod
    - mt76: connac: fix GTK rekey offload failure on WPA mixed mode
    - mt76: overwrite default reg_ops if necessary
    - mt76: mt7921: report HE MU radiotap
    - mt76: mt7921: fix firmware usage of RA info using legacy rates
    - mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate
    - mt76: mt7921: always wake device if necessary in debugfs
    - mt76: mt7921: fix retrying release semaphore without end
    - mt76: mt7615: fix monitor mode tear down crash
    - mt76: connac: fix possible NULL pointer dereference in
      mt76_connac_get_phy_mode_v2
    - iwlwifi: mvm: reset PM state on unsuccessful resume
    - nbd: Fix use-after-free in pid_show
    - crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks
    - libbpf: Fix memory leak in btf__dedup()
    - mt76: mt7615: mt7622: fix ibss and meshpoint
    - mm: add vma_lookup(), update find_vma_intersection() comments
    - s390/gmap: validate VMA in __gmap_zap()
    - s390/mm: validate VMA in PGSTE manipulation functions
    - s390/mm: fix VMA and page table handling code in storage key handling
      functions
    - s390/uv: fully validate the VMA before calling follow_page()
    - ARM: 9142/1: kasan: work around LPAE build warning
    - ath10k: fix module load regression with iram-recovery feature
    - block: ataflop: more blk-mq refactoring fixes
    - blk-cgroup: synchronize blkg creation against policy deactivation
    - bpf: Fixes possible race in update_prog_stats() for 32bit arches
    - wcn36xx: Channel list update before hardware scan
    - selftests/bpf: Fix memory leak in test_ima
    - net: bridge: fix uninitialized variables when BRIDGE_CFM is disabled
    - selftests: net: bridge: update IGMP/MLD membership interval value
    - skmsg: Lose offset info in sk_psock_skb_ingress
    - arm64: dts: meson: sm1: add Ethernet PHY reset line for ODROID-C4/HC4
    - arm64: dts: broadcom: bcm4908: Fix UART clock name
    - scsi: pm80xx: Fix lockup in outbound queue management
    - arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id" properties of pcie
      node
    - arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number for PCIe
    - soc: qcom: llcc: Disable MMUHWT retention
    - iommu/mediatek: Fix out-of-range warning with clang
    - iommu/dma: Fix arch_sync_dma for map
    - power: reset: at91-reset: check properly the return value of devm_of_iomap
    - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and
      real interrupt
    - powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous prototype
      for 'create_section_mapping'
    - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted()
    - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10
    - ARM: dts: stm32: fix STUSB1600 Type-C irq level on stm32mp15xx-dkx
    - ASoC: cs42l42: Always configure both ASP TX channels
    - iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask()
    - soundwire: bus: stop dereferencing invalid slave pointer
    - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset
    - powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and KFENCE
    - soc: qcom: rpmhpd: fix sm8350_mxc's peer domain
    - arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly
    - arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock
    - ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
    - phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe()
    - clk: at91: clk-master: check if div or pres is zero
    - clk: at91: clk-master: fix prescaler logic
    - powerpc/nohash: Fix __ptep_set_access_flags() and ptep_set_wrprotect()
    - RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware compatibility
    - serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE
    - RDMA/core: Require the driver to set the IOVA correctly during rereg_mr
    - mtd: rawnand: intel: Fix potential buffer overflow in probe
    - NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED
    - NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA
    - NFS: Ignore the directory size when marking for revalidation
    - drm/bridge/lontium-lt9611uxc: fix provided connector suport
    - Input: st1232 - increase "wait ready" timeout
    - dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path
    - dmaengine: stm32-dma: fix stm32_dma_get_max_width
    - scsi: target: core: Remove from tmr_list during LUN unlink
    - gpio: realtek-otto: fix GPIO line IRQ offset
    - nbd: fix max value for 'first_minor'
    - nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
    - kselftests/net: add missed icmp.sh test to Makefile
    - net: dsa: tag_ocelot: break circular dependency with ocelot switch lib
      driver
    - net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge
    - PCI: j721e: Fix j721e_pcie_probe() error path
    - nvdimm/btt: do not call del_gendisk() if not needed
    - block/ataflop: use the blk_cleanup_disk() helper
    - block/ataflop: add registration bool before calling del_gendisk()
    - block/ataflop: provide a helper for cleanup up an atari disk
    - ataflop: remove ataflop_probe_lock mutex
    - mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion
    - can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path
    - arm64: arm64_ftr_reg->name may not be a human-readable string
    - bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg
    - dmaengine: stm32-dma: fix burst in case of unaligned memory address
    - drm/i915/fb: Fix rounding error in subsampled plane size calculation
    - net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on ports other than
      10
    - net: hns3: fix ROCE base interrupt vector initialization bug
    - net: hns3: fix pfc packet number incorrect after querying pfc parameters
    - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
    - net: marvell: mvpp2: Fix wrong SerDes reconfiguration order
    - smb3: do not error on fsync when readonly
    - parisc: Fix backtrace to always include init funtion names
    - parisc: Flush kernel data mapping in set_pte_at() when installing pte for
      user page
    - MIPS: fix duplicated slashes for Platform file path
    - KVM: x86: move guest_pv_has out of user_access section
    - f2fs: include non-compressed blocks in compr_written_block
    - f2fs: fix UAF in f2fs_available_free_memory
    - dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail
    - dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail
    - dmaengine: bestcomm: fix system boot lockups
    - mm/filemap.c: remove bogus VM_BUG_ON
    - io-wq: fix queue stalling race
    - io-wq: serialize hash clear with wakeup
    - PM: sleep: Avoid calling put_device() under dpm_list_mtx
    - remoteproc: elf_loader: Fix loading segment when is_iomem true
    - remoteproc: Fix the wrong default value of is_iomem
    - remoteproc: imx_rproc: Fix ignoring mapping vdev regions
    - remoteproc: imx_rproc: Fix rsc-table name
    - mtd: rawnand: fsmc: Fix use of SM ORDER
    - powerpc/32e: Ignore ESR in instruction storage interrupt handler
    - powerpc/pseries/mobility: ignore ibm, platform-facilities updates
    - pinctrl: amd: Add irq field data
    - media: videobuf2: always set buffer vb2 pointer

* Faulty Elantech Trackpoint firmware unusable as it causes sudden cursor jump
    to an edge/corner on Lenovo Thinkpad X13, T14s, A475 --> Apply kernel patch
    to mitigate the FW bug  (LP: #1936295) // Impish update: upstream stable
    patchset 2021-12-09 (LP: #1954337)
    - Input: elantench - fix misreporting trackpoint coordinates

* Impish update: upstream stable patchset 2021-11-29 (LP: #1952665)
    - ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9138/1: fix link warning with XIP + frame-pointer
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
    - pinctrl: amd: disable and mask interrupts on probe
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - net/tls: Fix flipped sign in tls_err_abort() calls
    - mmc: vub300: fix control-message timeouts
    - mmc: cqhci: clear HALT state after CQE enable
    - mmc: mediatek: Move cqhci init behind ungate clock
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning
      circuit
    - ocfs2: fix race between searching chunks and release journal_head from
      buffer_head
    - nvme-tcp: fix H2CData PDU send accounting (again)
    - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
    - cfg80211: fix management registrations locking
    - net: lan78xx: fix division by zero in send path
    - mm, thp: bail out early in collapse_file for writeback page
    - drm/amdgpu: fix out of bounds write
    - cgroup: Fix memory leak caused by missing cgroup_bpf_offline
    - riscv, bpf: Fix potential NULL dereference
    - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
    - bpf: Fix potential race in tail call compatibility check
    - bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch()
    - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
    - IB/hfi1: Fix abba locking issue with sc_disable()
    - nvmet-tcp: fix data digest pointer calculation
    - nvme-tcp: fix data digest pointer calculation
    - nvme-tcp: fix possible req->offset corruption
    - octeontx2-af: Display all enabled PF VF rsrc_alloc entries.
    - RDMA/mlx5: Set user priority for DCT
    - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
    - reset: brcmstb-rescal: fix incorrect polarity of status bit
    - regmap: Fix possible double-free in regcache_rbtree_exit()
    - net: batman-adv: fix error handling
    - net-sysfs: initialize uid and gid before calling net_ns_get_ownership
    - cfg80211: correct bridge/4addr mode check
    - net: Prevent infinite while loop in skb_tx_hash()
    - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
    - gpio: xgs-iproc: fix parsing of ngpios property
    - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
    - mlxsw: pci: Recycle received packet upon allocation failure
    - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume
      fails
    - net: ethernet: microchip: lan743x: Fix dma allocation failure by using
      dma_set_mask_and_coherent
    - net: nxp: lpc_eth.c: avoid hang when bringing interface down
    - net/tls: Fix flipped sign in async_wait.err assignment
    - phy: phy_ethtool_ksettings_get: Lock the phy for consistency
    - phy: phy_ethtool_ksettings_set: Move after phy_start_aneg
    - phy: phy_start_aneg: Add an unlocked version
    - phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings
    - sctp: use init_tag from inithdr for ABORT chunk
    - sctp: fix the processing for INIT_ACK chunk
    - sctp: fix the processing for COOKIE_ECHO chunk
    - sctp: add vtag check in sctp_sf_violation
    - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
    - sctp: add vtag check in sctp_sf_ootb
    - KVM: s390: clear kicked_mask before sleeping again
    - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
    - scsi: ufs: ufs-exynos: Correct timeout value setting registers
    - riscv: fix misalgned trap vector base address
    - riscv: Fix asan-stack clang build
    - perf script: Check session->header.env.arch before using it
    - mmc: tmio: reenable card irqs after the reset callback
    - mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield
    - block: Fix partition check for host-aware zoned block devices
    - ftrace/nds32: Update the proto for ftrace_trace_function to match
      ftrace_stub
    - mm: hwpoison: remove the unnecessary THP check
    - mm: filemap: check if THP has hwpoisoned subpage for PMD page fault
    - arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2
    - arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency
    - arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY
    - arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV
    - arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are
      correct
    - mac80211: mesh: fix HE operation element length check
    - drm/ttm: fix memleak in ttm_transfered_destroy
    - drm/i915: Convert unconditional clflush to drm_clflush_virt_range()
    - drm/i915: Catch yet another unconditioal clflush
    - drm/i915/dp: Skip the HW readout of DPCD on disabled encoders
    - octeontx2-af: Fix possible null pointer dereference.
    - ice: Respond to a NETDEV_UNREGISTER event for LAG
    - RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
    - net: hns3: fix pause config problem after autoneg disabled
    - net: ethernet: microchip: lan743x: Fix skb allocation failure
    - sctp: fix the processing for INIT chunk
    - bpf: Use kvmalloc for map values in syscall
    - bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of
      CONFIG_NET
    - perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support
    - scsi: ibmvfc: Fix up duplicate response detection
    - riscv: Do not re-populate shadow memory with kasan_populate_early_shadow
    - KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock
    - KVM: SEV-ES: fix another issue with string I/O VMGEXITs
    - KVM: x86: Take srcu lock in post_kvm_run_save()
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - sfc: Fix reading non-legacy supported link modes
    - vrf: Revert "Reset skb conntrack connection..."
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - Revert "xhci: Set HCD flag to defer primary roothub registration"
    - Revert "usb: core: hcd: Add support for deferring roothub registration"
    - mm: khugepaged: skip huge page collapse for special files
    - Revert "drm/ttm: fix memleak in ttm_transfered_destroy"
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - Revert "wcn36xx: Disable bmps when encryption is disabled"
    - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
    - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table
    - drm/i915: Remove memory frequency calculation
    - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8"
    - drm/amd/display: Revert "Directly retrain link from debugfs"
    - Revert "drm/i915/gt: Propagate change in error status to children on unhold"
    - KVM: x86/mmu: Add helpers to do full reserved SPTE checks w/ generic MMU
    - KVM: x86: avoid warning with -Wbitwise-instead-of-logical
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: ehci: handshake CMD_RUN instead of STS_HALT
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - binder: don't detect sender/target during buffer cleanup
    - staging: rtl8712: fix use-after-free in rtl8712_dl_fw
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
    - rsi: fix control-message timeout
    - ALSA: pcm: Check mmap capability of runtime dma buffer at first
    - ALSA: pci: cs46xx: Fix set up buffer type properly
    - Revert "proc/wchan: use printk format instead of lookup_symbol_name()"
    - binder: use euid from cred instead of using task

* Impish update: upstream stable patchset 2021-11-29 (LP: #1952665) //
    CVE-2021-42327 was fixed by:
    - drm/amdgpu: Fix even more out of bound writes from debugfs

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 13 Jan 2022 18:13:23 +0100

Changed in linux (Ubuntu Impish):
status:	Fix Committed → Fix Released

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-01-31:

#19

Changing the "affects hirsute" entry to Invalid, since hirsute reached it's end of life on January the 20th.
With that all other releases in service are Fix Released and with that the project entry itself, hence closing as Fix Released.

Changed in linux (Ubuntu Hirsute):
status:	Fix Committed → Invalid
Changed in ubuntu-z-systems:
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-02-07:

#20

This bug is awaiting verification that the linux-ibm-5.4/5.4.0-1014.15~18.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Frank Heimes (fheimes) wrote on 2022-02-07:

#21

This bug was for 20.04 GA kernel plain Ubuntu - hence verification on linux-ibm-5.4/5.4.0-1014 does not apply here.
However, I'm updating the tags to verification-done-bionic, just to unblock the process.

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Ubuntu
linux package

[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - kernel part

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
Ubuntu on IBM z Systems	Fix Released	High	Skipper Bug Screeners
linux (Ubuntu)	Fix Released	Undecided	Canonical Kernel Team
Focal	Fix Released	Undecided	Canonical Kernel Team
Hirsute	Invalid	Undecided	Canonical Kernel Team
Impish	Fix Released	Undecided	Canonical Kernel Team
Jammy	Fix Released	Undecided	Canonical Kernel Team

Ubuntulinux package

[UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel - kernel part

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package