** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Changed in: linux (Ubuntu Noble)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Noble)
Status: New => In Progress
** Changed in: linux (Ubuntu Noble)
Assignee: (unassigned) => Manuel Diewald (diewald)
** Description changed:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2024-10-29
+
+ Ported from the following upstream stable releases:
+ v6.6.51, v6.10.10
+
from git://git.kernel.org/
+
+ net: microchip: vcap: Fix use-after-free error in kunit test
+ ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
+ KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
+ KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
+ KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
+ ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
+ ALSA: hda/realtek: add patch for internal mic in Lenovo V145
+ ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
+ powerpc/qspinlock: Fix deadlock in MCS queue
+ ksmbd: unset the binding mark of a reused connection
+ ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
+ ata: libata: Fix memory leak for error path in ata_host_alloc()
+ x86/tdx: Fix data leak in mmio_read()
+ perf/x86/intel: Limit the period on Haswell
+ irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
+ x86/kaslr: Expose and use the end of the physical memory address space
+ rtmutex: Drop rt_mutex::wait_lock before scheduling
+ nvme-pci: Add sleep quirk for Samsung 990 Evo
+ rust: types: Make Opaque::get const
+ rust: macros: provide correct provenance when constructing THIS_MODULE
+ Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
+ Bluetooth: MGMT: Ignore keys being loaded with invalid type
+ mmc: core: apply SD quirks earlier during probe
+ mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
+ mmc: sdhci-of-aspeed: fix module autoloading
+ mmc: cqhci: Fix checking of CQHCI_HALT state
+ fuse: update stats for pages in dropped aux writeback list
+ fuse: use unsigned type for getxattr/listxattr size truncation
+ fuse: fix memory leak in fuse_create_open
+ clk: starfive: jh7110-sys: Add notifier for PLL0 clock
+ clk: qcom: clk-alpha-pll: Fix the pll post div mask
+ clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
+ can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
+ kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
+ mm: vmalloc: ensure vmap_block is initialised before adding to queue
+ spi: rockchip: Resolve unbalanced runtime PM / system PM handling
+ tracing/osnoise: Use a cpumask to know what threads are kthreads
+ tracing/timerlat: Only clear timer if a kthread exists
+ tracing: Avoid possible softlockup in tracing_iter_reset()
+ tracing/timerlat: Add interface_lock around clearing of kthread in
stop_kthread()
+ userfaultfd: don't BUG_ON() if khugepaged yanks our page table
+ userfaultfd: fix checks for huge PMDs
+ fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
+ eventfs: Use list_del_rcu() for SRCU protected list variable
+ net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
+ net: mctp-serial: Fix missing escapes on transmit
+ x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
+ x86/apic: Make x2apic_disable() work correctly
+ tcp_bpf: fix return value of tcp_bpf_sendmsg()
+ ila: call nf_unregister_net_hooks() sooner
+ sched: sch_cake: fix bulk flow accounting logic for host fairness
+ nilfs2: fix missing cleanup on rollforward recovery error
+ nilfs2: protect references to superblock parameters exposed in sysfs
+ nilfs2: fix state management in error path of log writing function
+ drm/i915: Do not attempt to load the GSC multiple times
+ ALSA: control: Apply sanity check of input values for user elements
+ ALSA: hda: Add input value sanity checks to HDMI channel map controls
+ wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
+ wifi: ath12k: fix firmware crash due to invalid peer nss
+ smack: unix sockets: fix accept()ed socket label
+ bpf, verifier: Correct tail_call_reachable for bpf prog
+ ELF: fix kernel.randomize_va_space double read
+ accel/habanalabs/gaudi2: unsecure edma max outstanding register
+ irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
+ af_unix: Remove put_pid()/put_cred() in copy_peercred().
+ x86/kmsan: Fix hook for unaligned accesses
+ iommu: sun50i: clear bypass register
+ netfilter: nf_conncount: fix wrong variable type
+ wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
+ udf: Avoid excessive partition lengths
+ fs/ntfs3: One more reason to mark inode bad
+ riscv: kprobes: Use patch_text_nosync() for insn slots
+ media: vivid: fix wrong sizeimage value for mplane
+ leds: spi-byte: Call of_node_put() on error path
+ wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
+ usb: uas: set host status byte on data completion error
+ usb: gadget: aspeed_udc: validate endpoint index for ast udc
+ drm/amd/display: Run DC_LOG_DC after checking link->link_enc
+ drm/amd/display: Check HDCP returned status
+ drm/amdgpu: Fix smatch static checker warning
+ drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
+ media: vivid: don't set HDMI TX controls if there are no HDMI outputs
+ vfio/spapr: Always clear TCEs before unsetting the window
+ ice: Check all ice_vsi_rebuild() errors in function
+ PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
+ Input: ili210x - use kvmalloc() to allocate buffer for firmware update
+ media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
+ pcmcia: Use resource_size function on resource object
+ drm/amd/display: Check denominator pbn_div before used
+ drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
+ can: bcm: Remove proc entry when dev is unregistered.
+ can: m_can: Release irq on error in m_can_open
+ can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD
mode
+ rust: kbuild: fix export of bss symbols
+ cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
+ igb: Fix not clearing TimeSync interrupts for 82580
+ ice: Add netif_device_attach/detach into PF reset flow
+ platform/x86: dell-smbios: Fix error path in dell_smbios_init()
+ regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
+ can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
+ can: kvaser_pciefd: Remove unnecessary comment
+ can: kvaser_pciefd: Rename board_irq to pci_irq
+ can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR
+ can: kvaser_pciefd: Use a single write when releasing RX buffers
+ Bluetooth: qca: If memdump doesn't work, re-enable IBS
+ Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
+ Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT
+ igc: Unlock on error in igc_io_resume()
+ hwmon: (hp-wmi-sensors) Check if WMI event data exists
+ net: phy: Fix missing of_node_put() for leds
+ ice: protect XDP configuration with a mutex
+ ice: do not bring the VSI up, if it was down before the XDP setup
+ usbnet: modern method to get random MAC
+ bpf, net: Fix a potential race in do_sock_getsockopt()
+ bareudp: Fix device stats updates.
+ fou: Fix null-ptr-deref in GRO.
+ r8152: fix the firmware doesn't work
+ net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
+ net: dsa: vsc73xx: fix possible subblocks range of CAPT block
+ selftests: net: enable bind tests
+ xen: privcmd: Fix possible access to a freed kirqfd instance
+ firmware: cs_dsp: Don't allow writes to read-only controls
+ phy: zynqmp: Take the phy mutex in xlate
+ ASoC: topology: Properly initialize soc_enum values
+ dm init: Handle minors larger than 255
+ iommu/vt-d: Handle volatile descriptor status read
+ cgroup: Protect css->cgroup write under css_set_lock
+ um: line: always fill *error_out in setup_one_line()
+ devres: Initialize an uninitialized struct member
+ pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
+ virtio_ring: fix KMSAN error for premapped mode
+ wifi: rtw88: usb: schedule rx work after everything is set up
+ scsi: ufs: core: Remove SCSI host only if added
+ scsi: pm80xx: Set phy->enable_completion only when we wait for it
+ crypto: qat - fix unintentional re-enabling of error interrupts
+ ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially
broken alignment
+ libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
+ drm/amdgpu: Set no_hw_access when VF request full GPU fails
+ ext4: fix possible tid_t sequence overflows
+ jbd2: avoid mount failed when commit block is partial submitted
+ dma-mapping: benchmark: Don't starve others when doing the test
+ wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
+ drm/amdgpu: reject gang submit on reserved VMIDs
+ smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
+ fs/ntfs3: Check more cases when directory is corrupted
+ btrfs: replace BUG_ON with ASSERT in walk_down_proc()
+ btrfs: clean up our handling of refs == 0 in snapshot delete
+ btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
+ cxl/region: Verify target positions using the ordered target list
+ riscv: set trap vector earlier
+ PCI: Add missing bridge lock to pci_bus_lock()
+ tcp: Don't drop SYN+ACK for simultaneous connect().
+ Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
+ net: dpaa: avoid on-stack arrays of NR_CPUS elements
+ LoongArch: Use correct API to map cmdline in relocate_kernel()
+ regmap: maple: work around gcc-14.1 false-positive warning
+ vfs: Fix potential circular locking through setxattr() and removexattr()
+ i3c: master: svc: resend target address when get NACK
+ i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
+ kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
+ spi: hisi-kunpeng: Add verification for the max_frequency provided by the
firmware
+ btrfs: initialize location to fix -Wmaybe-uninitialized in
btrfs_lookup_dentry()
+ s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
+ HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
+ HID: amd_sfh: free driver_data after destroying hid device
+ Input: uinput - reject requests with unreasonable number of slots
+ usbnet: ipheth: race between ipheth_close and error handling
+ Squashfs: sanity check symbolic link size
+ lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
+ MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
+ spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
+ ata: pata_macio: Use WARN instead of BUG
+ NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
+ ACPI: CPPC: Add helper to get the highest performance value
+ cpufreq: amd-pstate: Enable amd-pstate preferred core support
+ cpufreq: amd-pstate: fix the highest frequency issue which limits performance
+ tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
+ staging: iio: frequency: ad9834: Validate frequency parameter value
+ iio: buffer-dmaengine: fix releasing dma channel on error
+ iio: fix scale application in iio_convert_raw_to_processed_unlocked
+ iio: adc: ad7124: fix config comparison
+ iio: adc: ad7606: remove frstdata check for serial mode
+ iio: adc: ad7124: fix chip ID mismatch
+ usb: dwc3: core: update LC timer as per USB Spec V3.2
+ usb: cdns2: Fix controller reset issue
+ usb: dwc3: Avoid waking up gadget during startxfer
+ misc: fastrpc: Fix double free of 'buf' in error path
+ binder: fix UAF caused by offsets overwrite
+ nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
+ uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
+ Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
+ clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
+ clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
+ clocksource/drivers/timer-of: Remove percpu irq related code
+ uprobes: Use kzalloc to allocate xol area
+ perf/aux: Fix AUX buffer serialization
+ Revert "mm: skip CMA pages when they are not available"
+ workqueue: wq_watchdog_touch is always called with valid CPU
+ workqueue: Improve scalability of workqueue watchdog touch
+ ACPI: processor: Return an error if acpi_processor_get_info() fails in
processor_add()
+ ACPI: processor: Fix memory leaks in error paths of processor_add()
+ arm64: acpi: Move get_cpu_for_acpi_id() to a header
+ arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
+ can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
function
+ can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum
+ can: mcp251xfd: clarify the meaning of timestamp
+ can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
+ drm/amd: Add gfx12 swizzle mode defs
+ drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
+ ata: libata-scsi: Remove redundant sense_buffer memsets
+ ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
+ crypto: starfive - Align rsa input data to 32-bit
+ crypto: starfive - Fix nent assignment in rsa dec
+ clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
+ powerpc/64e: remove unused IBM HTW code
+ powerpc/64e: split out nohash Book3E 64-bit code
+ powerpc/64e: Define mmu_pte_psize static
+ powerpc/vdso: Don't discard rela sections
+ ASoC: tegra: Fix CBB error during probe()
+ nvmet-tcp: fix kernel crash if commands allocation fails
+ nvme-pci: allocate tagset on reset if necessary
+ ASoc: SOF: topology: Clear SOF link platform name upon unload
+ ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
+ clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
+ clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
+ drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
+ drm/i915/fence: Mark debug_fence_free() with __maybe_unused
+ gpio: rockchip: fix OF node leak in probe()
+ gpio: modepin: Enable module autoloading
+ riscv: Fix toolchain vector detection
+ riscv: Do not restrict memory size because of linear mapping on nommu
+ ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
+ membarrier: riscv: Add full memory barrier in switch_mm()
+ UBUNTU: [Config] updateconfigs for ARCH_HAS_MEMBARRIER_CALLBACKS
+ x86/mm: Fix PTI for i386 some more
+ btrfs: fix race between direct IO write and fsync when using same fd
+ spi: spi-fsl-lpspi: Fix off-by-one in prescale max
+ ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
+ ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15
X1504VAP
+ fuse: clear PG_uptodate when using a stolen page
+ ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
+ riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code
+ riscv: misaligned: Restrict user access to kernel memory
+ parisc: Delay write-protection until mark_rodata_ro() call
+ pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
+ maple_tree: remove rcu_read_lock() from mt_validate()
+ Revert "wifi: ath11k: restore country code during resume"
+ btrfs: qgroup: don't use extent changeset when not needed
+ btrfs: zoned: handle broken write pointer on zones
+ drm/xe/gsc: Do not attempt to load the GSC multiple times
+ drm/imagination: Free pvr_vm_gpuva after unlink
+ drm/amdgpu: always allocate cleared VRAM for GEM allocations
+ drm/amd/display: Lock DC and exit IPS when changing backlight
+ ALSA: hda/realtek: extend quirks for Clevo V5[46]0
+ drm/amd/display: Check UnboundedRequestEnabled's value
+ cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition
+ virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch
+ media: b2c2: flexcop-usb: fix flexcop_usb_memory_req
+ gve: Add adminq mutex lock
+ wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware
+ drm/amd/display: Validate function returns
+ drm/amdgpu: add missing error handling in function
amdgpu_gmc_flush_gpu_tlb_pasid
+ crypto: qat - initialize user_input.lock for rate_limiting
+ locking: Add rwsem_assert_held() and rwsem_assert_held_write()
+ fs: don't copy to userspace under namespace semaphore
+ fs: relax permissions for statmount()
+ powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
+ seccomp: release task filters when the task exits
+ drm/amd/display: Check denominator crb_pipes before used
+ drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported
+ can: m_can: Remove m_can_rx_peripheral indirection
+ can: m_can: Do not cancel timer from within timer
+ mm: Provide a means of invalidation without using launder_folio
+ cifs: Fix copy offload to flush destination region
+ hwmon: ltc2991: fix register bits defines
+ scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum
+ ptp: ocp: convert serial ports to array
+ ptp: ocp: adjust sysfs entries to expose tty information
+ ice: move netif_queue_set_napi to rtnl-protected sections
+ ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset
+ ice: remove ICE_CFG_BUSY locking from AF_XDP code
+ net: xilinx: axienet: Fix race in axienet_stop
+ iommu/vt-d: Remove control over Execute-Requested requests
+ block: don't call bio_uninit from bio_endio
+ scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
+ tracing/kprobes: Add symbol counting check when module loads
+ perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated
+ PCI: qcom: Override NO_SNOOP attribute for SA8775P RC
+ staging: vchiq_core: Bubble up wait_event_interruptible() return value
+ iommufd: Require drivers to supply the cache_invalidate_user ops
+ bpf: Remove tst_run from lwt_seg6local_prog_ops.
+ watchdog: imx7ulp_wdt: keep already running watchdog enabled
+ btrfs: slightly loosen the requirement for qgroup removal
+ btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc()
+ btrfs: handle errors from btrfs_dec_ref() properly
+ btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
+ ethtool: fail closed if we can't get max channel used in indirection tables
+ drm/amdgpu: add PSP RAS address query command
+ drm/amdgpu: add mutex to protect ras shared memory
+ s390/boot: Do not assume the decompressor range is reserved
+ kunit/overflow: Fix UB in overflow_allocation_test
+ drm/amdgpu: Fix two reset triggered in a row
+ drm/amdgpu: Add reset_context flag for host FLR
+ drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic
+ fs: only copy to userspace on success in listmount()
+ iio: adc: ad7124: fix DT configuration parsing
+ nvmem: u-boot-env: error if NVMEM device is too small
+ mm: zswap: rename is_zswap_enabled() to zswap_is_enabled()
+ mm/memcontrol: respect zswap.writeback setting from parent cg too
+ path: add cleanup helper
+ fs: simplify error handling
+ fs: relax permissions for listmount()
+ hid: bpf: add BPF_JIT dependency
+ net/mlx5e: SHAMPO, Use KSMs instead of KLMs
+ net/mlx5e: SHAMPO, Fix page leak
+ drm/xe/xe2: Add workaround 14021402888
+ drm/xe/xe2lpg: Extend workaround 14021402888
+ clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags
+ clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs
+ nouveau: fix the fwsec sb verification register.
+ riscv: Add tracepoints for SBI calls and returns
+ riscv: Improve sbi_ecall() code generation by reordering arguments
+ riscv: Fix RISCV_ALTERNATIVE_EARLY
+ cifs: Fix zero_point init on inode initialisation
+ nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err
+ nvme: fix status magic numbers
+ nvme: rename CDR/MORE/DNR to NVME_STATUS_*
+ nvmet: Identify-Active Namespace ID List command should reject invalid nsid
+ drm/i915/display: Add mechanism to use sink model when applying quirk
+ drm/i915/display: Increase Fast Wake Sync length as a quirk
+ LoongArch: Use accessors to page table entries instead of direct dereference
+ UBUNTU: Upstream stable to v6.6.51, v6.10.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085849
Title:
Noble update: upstream stable patchset 2024-10-29
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2085849/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
