Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.194 upstream stable release
from git://git.kernel.org/
Revert "fbdev: Disable sysfb device registration when removing conflicting FBs"
xfs: short circuit xfs_growfs_data_private() if delta is zero
kunit: kasan_test: disable fortify string checker on kasan_strings() test
mm: introduce and use {pgd,p4d}_populate_kernel()
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
media: i2c: imx214: Fix link frequency validation
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
tracing: Do not add length to print format in synthetic events
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
NFSv4: Don't clear capabilities that won't be reset
NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
tracing: Fix tracing_marker may trigger page fault during preempt_disable
NFSv4/flexfiles: Fix layout merge mirror check.
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork.
KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
KVM: SVM: Set synthesized TSA CPUID flags
EDAC/altera: Delete an inappropriate dma_free_coherent() call
compiler-clang.h: define __SANITIZE_*__ macros only when undefined
mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
ocfs2: fix recursive semaphore deadlock in fiemap call
mtd: rawnand: stm32_fmc2: fix ECC overwrite
fuse: check if copy_file_range() returns larger than requested size
fuse: prevent overflow in copy_file_range return value
libceph: fix invalid accesses to ceph_connection_v1_info
mm/khugepaged: fix the address passed to notifier on testing young
mtd: nand: raw: atmel: Fix comment in timings preparation
mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
tty: hvc_console: Call hvc_kick in hvc_write unconditionally
dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
USB: serial: option: add Telit Cinterion FN990A w/audio compositions
USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
tunnels: reset the GSO metadata before reusing the skb
igb: fix link test skipping when interface is admin down
genirq: Provide new interfaces for affinity hints
i40e: Use irq_update_affinity_hint()
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get()
fails
can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
net: hsr: Disable promiscuous mode in offload mode
net: hsr: Add support for MC filtering at the slave device
net: hsr: Add VLAN CTAG filter support
hsr: use rtnl lock when iterating over ports
hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
regulator: sy7636a: fix lifecycle of power good gpio
hrtimer: Remove unused function
hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
hrtimers: Unconditionally update target CPU base after offline timer migration
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
phy: tegra: xusb: fix device and OF node leak at probe
phy: ti-pipe3: fix device leak at unbind
soc: qcom: mdt_loader: Deal with zero e_shentsize
drm/amdgpu: fix a memory leak in fence cleanup when unloading
drm/i915/power: fix size for for_each_set_bit() in abox iteration
mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
supported
wifi: mac80211: fix incorrect type for ret
pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
cgroup: split cgroup_destroy_wq into 3 workqueues
um: virtio_uml: Fix use-after-free after put_device in probe
dpaa2-switch: fix buffer pool seeding for control traffic
qed: Don't collect too many protection override GRC elements
net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
i40e: remove redundant memory barrier when cleaning Tx descs
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
net: liquidio: fix overflow in octeon_init_instr_queue()
cnic: Fix use-after-free bugs in cnic_delete_task
nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
power: supply: bq27xxx: restrict no-battery detection to bq27000
btrfs: tree-checker: fix the incorrect inode ref size check
mmc: mvsdio: Fix dma_unmap_sg() nents value
KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
rds: ib: Increment i_fastreg_wrs before bailing out
ASoC: wm8940: Correct typo in control name
ASoC: wm8974: Correct PLL rate rounding
ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
serial: sc16is7xx: fix bug in flow control levels init
xhci: dbc: decouple endpoint allocation from initialization
xhci: dbc: Fix full DbC transfer ring after several reconnects
usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
phy: Use device_get_match_data()
phy: ti: omap-usb2: fix device leak at unbind
mptcp: set remote_deny_join_id0 on SYN recv
ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
mptcp: propagate shutdown to subflows when possible
net: rfkill: gpio: add DT support
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
ALSA: usb-audio: Fix block comments in mixer_quirks
ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
ALSA: usb-audio: Convert comma to semicolon
ALSA: usb-audio: Fix build with CONFIG_INPUT=n
usb: core: Add 0x prefix to quirks debug output
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
arm64: dts: imx8mp: Correct thermal sensor index
cpufreq: Initialize cpufreq-based invariance before subsys
can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
bpf: Reject bpf_timer for PREEMPT_RT
can: bittiming: allow TDC{V,O} to be zero and add can_tdc_const::tdc{v,o,f}_min
can: bittiming: replace CAN units with the generic ones from linux/units.h
can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
can: dev: add generic function can_eth_ioctl_hwts()
can: etas_es58x: advertise timestamping capabilities and add ioctl support
can: etas_es58x: sort the includes by alphabetic order
can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
can: peak_usb: fix shift-out-of-bounds issue
ethernet: rvu-af: Remove slash from the driver name
bnxt_en: correct offset handling for IPv6 destination address
nexthop: Forbid FDB status change while nexthop is in a group
selftests: fib_nexthops: Fix creation of non-FDB nexthops
net: dsa: lantiq_gswip: do also enable or disable cpu port
net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to
the CPU port
drm/gma500: Fix null dereference in hdmi teardown
crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
i40e: fix idx validation in i40e_validate_queue_map
i40e: fix input validation logic for action_meta
i40e: add max boundary check for VF filters
i40e: add mask to apply valid bits for itr_idx
tracing: dynevent: Add a missing lockdown check on dynevent
fbcon: fix integer overflow in fbcon_do_set_font
fbcon: Fix OOB access in font allocation
af_unix: Don't leave consecutive consumed OOB skbs.
mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
mm/hugetlb: fix folio is still mapped when deleted
i40e: fix validation of VF state in get resources
i40e: fix idx validation in config queues msg
i40e: increase max descriptors for XL710
i40e: add validation for ring_len param
drm/i915/backlight: Return immediately when scale() finds invalid parameters
Linux 5.15.194
UBUNTU: Upstream stable to v5.15.194
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux (Ubuntu Jammy)
Importance: Medium
Assignee: Alice C. Munduruca (cremfuelled)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Changed in: linux (Ubuntu Jammy)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Jammy)
Status: New => In Progress
** Changed in: linux (Ubuntu Jammy)
Assignee: (unassigned) => Alice C. Munduruca (cremfuelled)
** Description changed:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.194 upstream stable release
from git://git.kernel.org/
-
+ Revert "fbdev: Disable sysfb device registration when removing conflicting
FBs"
+ xfs: short circuit xfs_growfs_data_private() if delta is zero
+ kunit: kasan_test: disable fortify string checker on kasan_strings() test
+ mm: introduce and use {pgd,p4d}_populate_kernel()
+ media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
+ media: i2c: imx214: Fix link frequency validation
+ net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
+ tracing: Do not add length to print format in synthetic events
+ mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
+ flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
+ NFSv4: Don't clear capabilities that won't be reset
+ NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
+ NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
+ tracing: Fix tracing_marker may trigger page fault during preempt_disable
+ NFSv4/flexfiles: Fix layout merge mirror check.
+ tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork.
+ KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
+ KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
+ KVM: SVM: Set synthesized TSA CPUID flags
+ EDAC/altera: Delete an inappropriate dma_free_coherent() call
+ compiler-clang.h: define __SANITIZE_*__ macros only when undefined
+ mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
+ ocfs2: fix recursive semaphore deadlock in fiemap call
+ mtd: rawnand: stm32_fmc2: fix ECC overwrite
+ fuse: check if copy_file_range() returns larger than requested size
+ fuse: prevent overflow in copy_file_range return value
+ libceph: fix invalid accesses to ceph_connection_v1_info
+ mm/khugepaged: fix the address passed to notifier on testing young
+ mtd: nand: raw: atmel: Fix comment in timings preparation
+ mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
+ mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
+ mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
+ Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
+ tty: hvc_console: Call hvc_kick in hvc_write unconditionally
+ dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
+ USB: serial: option: add Telit Cinterion FN990A w/audio compositions
+ USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
+ net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
+ tunnels: reset the GSO metadata before reusing the skb
+ igb: fix link test skipping when interface is admin down
+ genirq: Provide new interfaces for affinity hints
+ i40e: Use irq_update_affinity_hint()
+ i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
+ can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
+ can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get()
fails
+ can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
+ net: hsr: Disable promiscuous mode in offload mode
+ net: hsr: Add support for MC filtering at the slave device
+ net: hsr: Add VLAN CTAG filter support
+ hsr: use rtnl lock when iterating over ports
+ hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
+ dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
+ regulator: sy7636a: fix lifecycle of power good gpio
+ hrtimer: Remove unused function
+ hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
+ hrtimers: Unconditionally update target CPU base after offline timer migration
+ dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
+ phy: tegra: xusb: fix device and OF node leak at probe
+ phy: ti-pipe3: fix device leak at unbind
+ soc: qcom: mdt_loader: Deal with zero e_shentsize
+ drm/amdgpu: fix a memory leak in fence cleanup when unloading
+ drm/i915/power: fix size for for_each_set_bit() in abox iteration
+ mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
+ net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
+ ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
supported
+ wifi: mac80211: fix incorrect type for ret
+ pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
+ cgroup: split cgroup_destroy_wq into 3 workqueues
+ um: virtio_uml: Fix use-after-free after put_device in probe
+ dpaa2-switch: fix buffer pool seeding for control traffic
+ qed: Don't collect too many protection override GRC elements
+ net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
+ i40e: remove redundant memory barrier when cleaning Tx descs
+ tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
+ Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
+ net: liquidio: fix overflow in octeon_init_instr_queue()
+ cnic: Fix use-after-free bugs in cnic_delete_task
+ nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
+ power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
+ power: supply: bq27xxx: restrict no-battery detection to bq27000
+ btrfs: tree-checker: fix the incorrect inode ref size check
+ mmc: mvsdio: Fix dma_unmap_sg() nents value
+ KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
+ rds: ib: Increment i_fastreg_wrs before bailing out
+ ASoC: wm8940: Correct typo in control name
+ ASoC: wm8974: Correct PLL rate rounding
+ ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
+ drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
+ drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
+ serial: sc16is7xx: fix bug in flow control levels init
+ xhci: dbc: decouple endpoint allocation from initialization
+ xhci: dbc: Fix full DbC transfer ring after several reconnects
+ usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
+ USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
+ phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
+ phy: Use device_get_match_data()
+ phy: ti: omap-usb2: fix device leak at unbind
+ mptcp: set remote_deny_join_id0 on SYN recv
+ ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
+ mptcp: propagate shutdown to subflows when possible
+ net: rfkill: gpio: add DT support
+ net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
+ ALSA: usb-audio: Fix block comments in mixer_quirks
+ ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
+ ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
+ ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
+ ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
+ ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
+ ALSA: usb-audio: Convert comma to semicolon
+ ALSA: usb-audio: Fix build with CONFIG_INPUT=n
+ usb: core: Add 0x prefix to quirks debug output
+ IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
+ arm64: dts: imx8mp: Correct thermal sensor index
+ cpufreq: Initialize cpufreq-based invariance before subsys
+ can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
+ bpf: Reject bpf_timer for PREEMPT_RT
+ can: bittiming: allow TDC{V,O} to be zero and add
can_tdc_const::tdc{v,o,f}_min
+ can: bittiming: replace CAN units with the generic ones from linux/units.h
+ can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
+ can: dev: add generic function can_eth_ioctl_hwts()
+ can: etas_es58x: advertise timestamping capabilities and add ioctl support
+ can: etas_es58x: sort the includes by alphabetic order
+ can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
+ can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
+ can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
+ can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
+ can: peak_usb: fix shift-out-of-bounds issue
+ ethernet: rvu-af: Remove slash from the driver name
+ bnxt_en: correct offset handling for IPv6 destination address
+ nexthop: Forbid FDB status change while nexthop is in a group
+ selftests: fib_nexthops: Fix creation of non-FDB nexthops
+ net: dsa: lantiq_gswip: do also enable or disable cpu port
+ net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
+ net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added
to the CPU port
+ drm/gma500: Fix null dereference in hdmi teardown
+ crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
+ crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
+ i40e: fix idx validation in i40e_validate_queue_map
+ i40e: fix input validation logic for action_meta
+ i40e: add max boundary check for VF filters
+ i40e: add mask to apply valid bits for itr_idx
+ tracing: dynevent: Add a missing lockdown check on dynevent
+ fbcon: fix integer overflow in fbcon_do_set_font
+ fbcon: Fix OOB access in font allocation
+ af_unix: Don't leave consecutive consumed OOB skbs.
+ mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
+ mm/hugetlb: fix folio is still mapped when deleted
+ i40e: fix validation of VF state in get resources
+ i40e: fix idx validation in config queues msg
+ i40e: increase max descriptors for XL710
+ i40e: add validation for ring_len param
+ drm/i915/backlight: Return immediately when scale() finds invalid parameters
Linux 5.15.194
- drm/i915/backlight: Return immediately when scale() finds invalid parameters
- i40e: add validation for ring_len param
- i40e: increase max descriptors for XL710
- i40e: fix idx validation in config queues msg
- i40e: fix validation of VF state in get resources
- mm/hugetlb: fix folio is still mapped when deleted
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
- af_unix: Don't leave consecutive consumed OOB skbs.
- fbcon: Fix OOB access in font allocation
- fbcon: fix integer overflow in fbcon_do_set_font
- tracing: dynevent: Add a missing lockdown check on dynevent
- i40e: add mask to apply valid bits for itr_idx
- i40e: add max boundary check for VF filters
- i40e: fix input validation logic for action_meta
- i40e: fix idx validation in i40e_validate_queue_map
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
- drm/gma500: Fix null dereference in hdmi teardown
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added
to the CPU port
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
- net: dsa: lantiq_gswip: do also enable or disable cpu port
- selftests: fib_nexthops: Fix creation of non-FDB nexthops
- nexthop: Forbid FDB status change while nexthop is in a group
- bnxt_en: correct offset handling for IPv6 destination address
- ethernet: rvu-af: Remove slash from the driver name
- can: peak_usb: fix shift-out-of-bounds issue
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
- can: etas_es58x: sort the includes by alphabetic order
- can: etas_es58x: advertise timestamping capabilities and add ioctl support
- can: dev: add generic function can_eth_ioctl_hwts()
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
- can: bittiming: replace CAN units with the generic ones from linux/units.h
- can: bittiming: allow TDC{V,O} to be zero and add
can_tdc_const::tdc{v,o,f}_min
- bpf: Reject bpf_timer for PREEMPT_RT
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
- cpufreq: Initialize cpufreq-based invariance before subsys
- arm64: dts: imx8mp: Correct thermal sensor index
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
- usb: core: Add 0x prefix to quirks debug output
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n
- ALSA: usb-audio: Convert comma to semicolon
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
- ALSA: usb-audio: Fix block comments in mixer_quirks
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
- net: rfkill: gpio: add DT support
- mptcp: propagate shutdown to subflows when possible
- ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
- mptcp: set remote_deny_join_id0 on SYN recv
- phy: ti: omap-usb2: fix device leak at unbind
- phy: Use device_get_match_data()
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
- xhci: dbc: Fix full DbC transfer ring after several reconnects
- xhci: dbc: decouple endpoint allocation from initialization
- serial: sc16is7xx: fix bug in flow control levels init
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
- ASoC: wm8974: Correct PLL rate rounding
- ASoC: wm8940: Correct typo in control name
- rds: ib: Increment i_fastreg_wrs before bailing out
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
- mmc: mvsdio: Fix dma_unmap_sg() nents value
- btrfs: tree-checker: fix the incorrect inode ref size check
- power: supply: bq27xxx: restrict no-battery detection to bq27000
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
- cnic: Fix use-after-free bugs in cnic_delete_task
- net: liquidio: fix overflow in octeon_init_instr_queue()
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
- i40e: remove redundant memory barrier when cleaning Tx descs
- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
- qed: Don't collect too many protection override GRC elements
- dpaa2-switch: fix buffer pool seeding for control traffic
- um: virtio_uml: Fix use-after-free after put_device in probe
- cgroup: split cgroup_destroy_wq into 3 workqueues
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
- wifi: mac80211: fix incorrect type for ret
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
supported
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
- drm/i915/power: fix size for for_each_set_bit() in abox iteration
- drm/amdgpu: fix a memory leak in fence cleanup when unloading
- soc: qcom: mdt_loader: Deal with zero e_shentsize
- phy: ti-pipe3: fix device leak at unbind
- phy: tegra: xusb: fix device and OF node leak at probe
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
- hrtimers: Unconditionally update target CPU base after offline timer migration
- hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
- hrtimer: Remove unused function
- regulator: sy7636a: fix lifecycle of power good gpio
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
- hsr: use rtnl lock when iterating over ports
- net: hsr: Add VLAN CTAG filter support
- net: hsr: Add support for MC filtering at the slave device
- net: hsr: Disable promiscuous mode in offload mode
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get()
fails
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
- i40e: Use irq_update_affinity_hint()
- genirq: Provide new interfaces for affinity hints
- igb: fix link test skipping when interface is admin down
- tunnels: reset the GSO metadata before reusing the skb
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
- mtd: nand: raw: atmel: Fix comment in timings preparation
- mm/khugepaged: fix the address passed to notifier on testing young
- libceph: fix invalid accesses to ceph_connection_v1_info
- fuse: prevent overflow in copy_file_range return value
- fuse: check if copy_file_range() returns larger than requested size
- mtd: rawnand: stm32_fmc2: fix ECC overwrite
- ocfs2: fix recursive semaphore deadlock in fiemap call
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined
- EDAC/altera: Delete an inappropriate dma_free_coherent() call
- KVM: SVM: Set synthesized TSA CPUID flags
- KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork.
- NFSv4/flexfiles: Fix layout merge mirror check.
- tracing: Fix tracing_marker may trigger page fault during preempt_disable
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
- NFSv4: Don't clear capabilities that won't be reset
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
- tracing: Do not add length to print format in synthetic events
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
- media: i2c: imx214: Fix link frequency validation
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
- mm: introduce and use {pgd,p4d}_populate_kernel()
- kunit: kasan_test: disable fortify string checker on kasan_strings() test
- xfs: short circuit xfs_growfs_data_private() if delta is zero
- Revert "fbdev: Disable sysfb device registration when removing conflicting
FBs"
+ UBUNTU: Upstream stable to v5.15.194
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2127866
Title:
Jammy update: v5.15.194 upstream stable release
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
In Progress
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.194 upstream stable release
from git://git.kernel.org/
Revert "fbdev: Disable sysfb device registration when removing conflicting
FBs"
xfs: short circuit xfs_growfs_data_private() if delta is zero
kunit: kasan_test: disable fortify string checker on kasan_strings() test
mm: introduce and use {pgd,p4d}_populate_kernel()
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
media: i2c: imx214: Fix link frequency validation
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
tracing: Do not add length to print format in synthetic events
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read
NFSv4: Don't clear capabilities that won't be reset
NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
tracing: Fix tracing_marker may trigger page fault during preempt_disable
NFSv4/flexfiles: Fix layout merge mirror check.
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork.
KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
KVM: SVM: Set synthesized TSA CPUID flags
EDAC/altera: Delete an inappropriate dma_free_coherent() call
compiler-clang.h: define __SANITIZE_*__ macros only when undefined
mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
ocfs2: fix recursive semaphore deadlock in fiemap call
mtd: rawnand: stm32_fmc2: fix ECC overwrite
fuse: check if copy_file_range() returns larger than requested size
fuse: prevent overflow in copy_file_range return value
libceph: fix invalid accesses to ceph_connection_v1_info
mm/khugepaged: fix the address passed to notifier on testing young
mtd: nand: raw: atmel: Fix comment in timings preparation
mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table
tty: hvc_console: Call hvc_kick in hvc_write unconditionally
dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
USB: serial: option: add Telit Cinterion FN990A w/audio compositions
USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
tunnels: reset the GSO metadata before reusing the skb
igb: fix link test skipping when interface is admin down
genirq: Provide new interfaces for affinity hints
i40e: Use irq_update_affinity_hint()
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get()
fails
can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
net: hsr: Disable promiscuous mode in offload mode
net: hsr: Add support for MC filtering at the slave device
net: hsr: Add VLAN CTAG filter support
hsr: use rtnl lock when iterating over ports
hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
regulator: sy7636a: fix lifecycle of power good gpio
hrtimer: Remove unused function
hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
hrtimers: Unconditionally update target CPU base after offline timer migration
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
phy: tegra: xusb: fix device and OF node leak at probe
phy: ti-pipe3: fix device leak at unbind
soc: qcom: mdt_loader: Deal with zero e_shentsize
drm/amdgpu: fix a memory leak in fence cleanup when unloading
drm/i915/power: fix size for for_each_set_bit() in abox iteration
mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory
net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not
supported
wifi: mac80211: fix incorrect type for ret
pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
cgroup: split cgroup_destroy_wq into 3 workqueues
um: virtio_uml: Fix use-after-free after put_device in probe
dpaa2-switch: fix buffer pool seeding for control traffic
qed: Don't collect too many protection override GRC elements
net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
i40e: remove redundant memory barrier when cleaning Tx descs
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
net: liquidio: fix overflow in octeon_init_instr_queue()
cnic: Fix use-after-free bugs in cnic_delete_task
nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
power: supply: bq27xxx: restrict no-battery detection to bq27000
btrfs: tree-checker: fix the incorrect inode ref size check
mmc: mvsdio: Fix dma_unmap_sg() nents value
KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
rds: ib: Increment i_fastreg_wrs before bailing out
ASoC: wm8940: Correct typo in control name
ASoC: wm8974: Correct PLL rate rounding
ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
serial: sc16is7xx: fix bug in flow control levels init
xhci: dbc: decouple endpoint allocation from initialization
xhci: dbc: Fix full DbC transfer ring after several reconnects
usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
phy: Use device_get_match_data()
phy: ti: omap-usb2: fix device leak at unbind
mptcp: set remote_deny_join_id0 on SYN recv
ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
mptcp: propagate shutdown to subflows when possible
net: rfkill: gpio: add DT support
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
ALSA: usb-audio: Fix block comments in mixer_quirks
ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
ALSA: usb-audio: Convert comma to semicolon
ALSA: usb-audio: Fix build with CONFIG_INPUT=n
usb: core: Add 0x prefix to quirks debug output
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
arm64: dts: imx8mp: Correct thermal sensor index
cpufreq: Initialize cpufreq-based invariance before subsys
can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
bpf: Reject bpf_timer for PREEMPT_RT
can: bittiming: allow TDC{V,O} to be zero and add
can_tdc_const::tdc{v,o,f}_min
can: bittiming: replace CAN units with the generic ones from linux/units.h
can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
can: dev: add generic function can_eth_ioctl_hwts()
can: etas_es58x: advertise timestamping capabilities and add ioctl support
can: etas_es58x: sort the includes by alphabetic order
can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
can: peak_usb: fix shift-out-of-bounds issue
ethernet: rvu-af: Remove slash from the driver name
bnxt_en: correct offset handling for IPv6 destination address
nexthop: Forbid FDB status change while nexthop is in a group
selftests: fib_nexthops: Fix creation of non-FDB nexthops
net: dsa: lantiq_gswip: do also enable or disable cpu port
net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added
to the CPU port
drm/gma500: Fix null dereference in hdmi teardown
crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
i40e: fix idx validation in i40e_validate_queue_map
i40e: fix input validation logic for action_meta
i40e: add max boundary check for VF filters
i40e: add mask to apply valid bits for itr_idx
tracing: dynevent: Add a missing lockdown check on dynevent
fbcon: fix integer overflow in fbcon_do_set_font
fbcon: Fix OOB access in font allocation
af_unix: Don't leave consecutive consumed OOB skbs.
mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
mm/hugetlb: fix folio is still mapped when deleted
i40e: fix validation of VF state in get resources
i40e: fix idx validation in config queues msg
i40e: increase max descriptors for XL710
i40e: add validation for ring_len param
drm/i915/backlight: Return immediately when scale() finds invalid parameters
Linux 5.15.194
UBUNTU: Upstream stable to v5.15.194
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2127866/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
