{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-116", "linux-headers-5.15.0-116-generic-lpae", "linux-image-5.15.0-116-generic-lpae", "linux-modules-5.15.0-116-generic-lpae" ], "removed": [ "linux-headers-5.15.0-113", "linux-headers-5.15.0-113-generic-lpae", "linux-image-5.15.0-113-generic-lpae", "linux-modules-5.15.0-113-generic-lpae" ], "diff": [ "landscape-common", "libldap-2.5-0:armhf", "libldap-common", "libpython3.10:armhf", "libpython3.10-minimal:armhf", "libpython3.10-stdlib:armhf", "linux-generic-lpae", "linux-headers-generic-lpae", "linux-image-generic-lpae", "python3.10", "python3.10-minimal", "tzdata", "ubuntu-minimal", "ubuntu-server", "ubuntu-standard" ] } }, "diff": { "deb": [ { "name": "landscape-common", "from_version": { "source_package_name": "landscape-client", "source_package_version": "23.02-0ubuntu1~22.04.2", "version": "23.02-0ubuntu1~22.04.2" }, "to_version": { "source_package_name": "landscape-client", "source_package_version": "23.02-0ubuntu1~22.04.3", "version": "23.02-0ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2066983 ], "changes": [ { "cves": [], "log": [ "", " * d/landscape-sysinfo.wrapper: fix 'cores' variable to CORES in message-", " of-the-day load threshold calculation (LP: #2066983)", "" ], "package": "landscape-client", "version": "23.02-0ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2066983 ], "author": "Spencer Runde ", "date": "Tue, 28 May 2024 14:19:00 -0500" } ], "notes": null }, { "name": "libldap-2.5-0:armhf", "from_version": { "source_package_name": "openldap", "source_package_version": "2.5.17+dfsg-0ubuntu0.22.04.1", "version": "2.5.17+dfsg-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.1", "version": "2.5.18+dfsg-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2067745 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (LP: #2067745).", " - Fixed libldap exit handling with OpenSSL3 again (ITS#9952)", " - Fixed libldap OpenSSL channel binding digest (ITS#10216)", " - Fixed slapd handling of large uid/gids peercred auth (ITS#10211)", " - Fixed slapd-meta with dynlist (ITS#10164)", " - Fixed slapd-meta binds when proxying internal op (ITS#10165)", " - Fixed slapo-accesslog startup initialization (ITS#10170)", " - Fixed slapo-dynlist with abandoned operations (ITS#10044)", "" ], "package": "openldap", "version": "2.5.18+dfsg-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2067745 ], "author": "Sergio Durigan Junior ", "date": "Fri, 31 May 2024 11:01:55 -0400" } ], "notes": null }, { "name": "libldap-common", "from_version": { "source_package_name": "openldap", "source_package_version": "2.5.17+dfsg-0ubuntu0.22.04.1", "version": "2.5.17+dfsg-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.1", "version": "2.5.18+dfsg-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2067745 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (LP: #2067745).", " - Fixed libldap exit handling with OpenSSL3 again (ITS#9952)", " - Fixed libldap OpenSSL channel binding digest (ITS#10216)", " - Fixed slapd handling of large uid/gids peercred auth (ITS#10211)", " - Fixed slapd-meta with dynlist (ITS#10164)", " - Fixed slapd-meta binds when proxying internal op (ITS#10165)", " - Fixed slapo-accesslog startup initialization (ITS#10170)", " - Fixed slapo-dynlist with abandoned operations (ITS#10044)", "" ], "package": "openldap", "version": "2.5.18+dfsg-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2067745 ], "author": "Sergio Durigan Junior ", "date": "Fri, 31 May 2024 11:01:55 -0400" } ], "notes": null }, { "name": "libpython3.10:armhf", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.3", "version": "3.10.12-1~22.04.3" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.4", "version": "3.10.12-1~22.04.4" }, "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect permission assignment", " - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.", " - CVE-2023-6597", " * SECURITY UPDATE: zipbomb DoS attack", " - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying", " to read an entry that overlaps with other entry or central", " directory.", " - CVE-2024-0450", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Fri, 22 Mar 2024 16:50:05 +0000" } ], "notes": null }, { "name": "libpython3.10-minimal:armhf", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.3", "version": "3.10.12-1~22.04.3" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.4", "version": "3.10.12-1~22.04.4" }, "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect permission assignment", " - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.", " - CVE-2023-6597", " * SECURITY UPDATE: zipbomb DoS attack", " - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying", " to read an entry that overlaps with other entry or central", " directory.", " - CVE-2024-0450", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Fri, 22 Mar 2024 16:50:05 +0000" } ], "notes": null }, { "name": "libpython3.10-stdlib:armhf", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.3", "version": "3.10.12-1~22.04.3" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.4", "version": "3.10.12-1~22.04.4" }, "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect permission assignment", " - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.", " - CVE-2023-6597", " * SECURITY UPDATE: zipbomb DoS attack", " - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying", " to read an entry that overlaps with other entry or central", " directory.", " - CVE-2024-0450", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Fri, 22 Mar 2024 16:50:05 +0000" } ], "notes": null }, { "name": "linux-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.113.113", "version": "5.15.0.113.113" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-116", "" ], "package": "linux-meta", "version": "5.15.0.116.116", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:33:23 +0200" }, { "cves": [], "log": [ "", " * Bump ABI 5.15.0-115", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- resync from main package", "" ], "package": "linux-meta", "version": "5.15.0.115.115", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:42:59 +0200" } ], "notes": null }, { "name": "linux-headers-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.113.113", "version": "5.15.0.113.113" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-116", "" ], "package": "linux-meta", "version": "5.15.0.116.116", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:33:23 +0200" }, { "cves": [], "log": [ "", " * Bump ABI 5.15.0-115", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- resync from main package", "" ], "package": "linux-meta", "version": "5.15.0.115.115", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:42:59 +0200" } ], "notes": null }, { "name": "linux-image-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.113.113", "version": "5.15.0.113.113" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-116", "" ], "package": "linux-meta", "version": "5.15.0.116.116", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:33:23 +0200" }, { "cves": [], "log": [ "", " * Bump ABI 5.15.0-115", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- resync from main package", "" ], "package": "linux-meta", "version": "5.15.0.115.115", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:42:59 +0200" } ], "notes": null }, { "name": "python3.10", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.3", "version": "3.10.12-1~22.04.3" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.4", "version": "3.10.12-1~22.04.4" }, "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect permission assignment", " - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.", " - CVE-2023-6597", " * SECURITY UPDATE: zipbomb DoS attack", " - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying", " to read an entry that overlaps with other entry or central", " directory.", " - CVE-2024-0450", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Fri, 22 Mar 2024 16:50:05 +0000" } ], "notes": null }, { "name": "python3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.3", "version": "3.10.12-1~22.04.3" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.4", "version": "3.10.12-1~22.04.4" }, "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-6597", "url": "https://ubuntu.com/security/CVE-2023-6597", "cve_description": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" }, { "cve": "CVE-2024-0450", "url": "https://ubuntu.com/security/CVE-2024-0450", "cve_description": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.", "cve_priority": "medium", "cve_public_date": "2024-03-19 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect permission assignment", " - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.", " - CVE-2023-6597", " * SECURITY UPDATE: zipbomb DoS attack", " - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying", " to read an entry that overlaps with other entry or central", " directory.", " - CVE-2024-0450", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Fri, 22 Mar 2024 16:50:05 +0000" } ], "notes": null }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2024a-0ubuntu0.22.04", "version": "2024a-0ubuntu0.22.04" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2024a-0ubuntu0.22.04.1", "version": "2024a-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2055718 ], "changes": [ { "cves": [], "log": [ "", " * Do not replace CET, CST6CDT, EET, EST*, HST, MET, MST*, PST8PDT, WET.", " The replacements differed in using daylight saving. (LP: #2055718)", " * Correct timezone symlinks when using BACKWARD=backward PACKRATDATA=backzone", " to fix (at least) the timezone symlinks Africa/Asmera,", " Antarctica/South_Pole, Iceland, Pacific/Ponape, and Pacific/Truk.", " * Correct timezone updates on tzdata configuration:", " - Fix updating US/Indiana-Starke to America/Indiana/Knox", " - Update Mideast/Riyadh8[789] to Asia/Riyadh", " - Update America/Fort_Wayne and America/Indianapolis", " to America/Indiana/Indianapolis", " - Update America/Knox_IN to America/Indiana/Knox", " - Update America/Louisville to America/Kentucky/Louisville", " * Test convert_timezone for consistency", "" ], "package": "tzdata", "version": "2024a-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2055718 ], "author": "Benjamin Drung ", "date": "Fri, 03 May 2024 19:02:45 +0200" } ], "notes": null }, { "name": "ubuntu-minimal", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.1", "version": "1.481.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.2", "version": "1.481.2" }, "cves": [], "launchpad_bugs_fixed": [ 2028769 ], "changes": [ { "cves": [], "log": [ "", " * Add riscv64 build of ubuntu-desktop, ubuntu-desktop-minimal", " (LP: #2028769)", "" ], "package": "ubuntu-meta", "version": "1.481.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028769 ], "author": "Heinrich Schuchardt ", "date": "Wed, 26 Jul 2023 14:21:36 +0200" } ], "notes": null }, { "name": "ubuntu-server", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.1", "version": "1.481.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.2", "version": "1.481.2" }, "cves": [], "launchpad_bugs_fixed": [ 2028769 ], "changes": [ { "cves": [], "log": [ "", " * Add riscv64 build of ubuntu-desktop, ubuntu-desktop-minimal", " (LP: #2028769)", "" ], "package": "ubuntu-meta", "version": "1.481.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028769 ], "author": "Heinrich Schuchardt ", "date": "Wed, 26 Jul 2023 14:21:36 +0200" } ], "notes": null }, { "name": "ubuntu-standard", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.1", "version": "1.481.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.481.2", "version": "1.481.2" }, "cves": [], "launchpad_bugs_fixed": [ 2028769 ], "changes": [ { "cves": [], "log": [ "", " * Add riscv64 build of ubuntu-desktop, ubuntu-desktop-minimal", " (LP: #2028769)", "" ], "package": "ubuntu-meta", "version": "1.481.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2028769 ], "author": "Heinrich Schuchardt ", "date": "Wed, 26 Jul 2023 14:21:36 +0200" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-116", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738, 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "changes": [ { "cves": [], "log": [ "", " * jammy/linux: 5.15.0-116.126 -proposed tracker (LP: #2071603)", "", " * idxd: NULL pointer dereference reading wq op_config attribute (LP: #2069081)", " - SAUCE: dmaengine: idxd: set is_visible member of idxd_wq_attribute_group", "", " * AMD GPUs fail with null pointer dereference when IOMMU enabled, leading to", " black screen (LP: #2068738)", " - SAUCE: Revert \"drm/amdgpu: init iommu after amdkfd device init\"", "" ], "package": "linux", "version": "5.15.0-116.126", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738 ], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:13:30 +0200" }, { "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-115.125 -proposed tracker (LP: #2068396)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian.master/dkms-versions -- update from kernel-versions", " (main/2024.06.10)", "", " * Jammy update: v5.15.158 upstream stable release (LP: #2067974)", " - smb: client: fix rename(2) regression against samba", " - cifs: reinstate original behavior again for forceuid/forcegid", " - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc", " - HID: logitech-dj: allow mice to use all types of reports", " - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma", " - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma", " - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma", " - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts", " - arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg", " - arm64: dts: mediatek: mt7622: add support for coherent DMA", " - arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch", " - arm64: dts: mediatek: mt7622: fix clock controllers", " - arm64: dts: mediatek: mt7622: fix IR nodename", " - arm64: dts: mediatek: mt7622: fix ethernet controller \"compatible\"", " - arm64: dts: mediatek: mt7622: drop \"reset-names\" from thermal block", " - arm64: dts: mediatek: mt2712: fix validation errors", " - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property", " - wifi: iwlwifi: mvm: remove old PASN station when adding a new one", " - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd", " - vxlan: drop packets from invalid src-address", " - mlxsw: core: Unregister EMAD trap using FORWARD action", " - icmp: prevent possible NULL dereferences from icmp_build_probe()", " - bridge/br_netlink.c: no need to return void function", " - NFC: trf7970a: disable all regulators on removal", " - ipv4: check for NULL idev in ip_route_use_hint()", " - net: usb: ax88179_178a: stop lying about skb->truesize", " - net: gtp: Fix Use-After-Free in gtp_dellink", " - ipvs: Fix checksumming on GSO of SCTP packets", " - net: openvswitch: Fix Use-After-Free in ovs_ct_exit", " - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash", " - mlxsw: spectrum_acl_tcam: Rate limit error message", " - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash", " - mlxsw: spectrum_acl_tcam: Fix warning during rehash", " - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage", " - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", " - netfilter: nf_tables: honor table dormant flag from netdev release event", " path", " - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue", " - i40e: Report MFS in decimal base instead of hex", " - iavf: Fix TC config comparison with existing adapter TC config", " - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets", " - af_unix: Suppress false-positive lockdep splat for spin_lock() in", " __unix_gc().", " - serial: core: Provide port lock wrappers", " - serial: mxs-auart: add spinlock around changing cts state", " - drm-print: add drm_dbg_driver to improve namespace symmetry", " - drm/vmwgfx: Fix crtc's atomic check conditional", " - Revert \"crypto: api - Disallow identical driver names\"", " - net/mlx5e: Fix a race in command alloc flow", " - tracing: Show size of requested perf buffer", " - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker", " together", " - x86/cpu: Fix check for RDPKRU in __show_regs()", " - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()", " - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853", " - Bluetooth: qca: fix NULL-deref on non-serdev suspend", " - mmc: sdhci-msm: pervent access to suspended controller", " - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()", " - cpu: Re-enable CPU mitigations by default for !X86 architectures", " - [Configs] Update CPU mitigation configs", " - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma", " - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3", " - drm/amdgpu: Fix leak when GPU memory allocation fails", " - irqchip/gic-v3-its: Prevent double free on error", " - ethernet: Add helper for assigning packet type when dest address does not", " match device address", " - net: b44: set pause params only when interface is up", " - stackdepot: respect __GFP_NOLOCKDEP allocation flag", " - mtd: diskonchip: work around ubsan link failure", " - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()", " - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()", " - dmaengine: owl: fix register access functions", " - idma64: Don't try to serve interrupts when device is powered off", " - dma: xilinx_dpdma: Fix locking", " - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", " - riscv: fix VMALLOC_START definition", " - riscv: Fix TASK_SIZE on 64-bit NOMMU", " - i2c: smbus: fix NULL function pointer dereference", " - fbdev: fix incorrect address computation in deferred IO", " - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up", " - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS", " - udp: preserve the connected status if only UDP cmsg", " - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()", " - Linux 5.15.158", "", " * Jammy update: v5.15.157 upstream stable release (LP: #2067959)", " - ksmbd: don't send oplock break if rename fails", " - ksmbd: validate payload size in ipc response", " - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1", " - btrfs: record delayed inode root in transaction", " - SUNRPC: Fix rpcgss_context trace event acceptor field", " - selftests/ftrace: Limit length in subsystem-enable tests", " - bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support", " - bpf: Generalize check_ctx_reg for reuse with other types", " - bpf: Generally fix helper register offset check", " - bpf: Fix out of bounds access for ringbuf helpers", " - bpf: Fix ringbuf memory type confusion when passing to helpers", " - kprobes: Fix possible use-after-free issue on kprobe registration", " - Revert \"tracing/trigger: Fix to return error if failed to alloc snapshot\"", " - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()", " - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()", " - netfilter: br_netfilter: skip conntrack input hook for promisc packets", " - netfilter: nf_flow_table: count pending offload workqueue tasks", " - [Config] update configs to enable new NF_FLOW_TABLE_PROCFS", " - netfilter: flowtable: validate pppoe header", " - netfilter: flowtable: incorrect pppoe tuple", " - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().", " - af_unix: Don't peek OOB data without MSG_OOB.", " - tun: limit printing rate when illegal packet received by tun dev", " - net: dsa: mt7530: fix mirroring frames received on local port", " - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them", " - RDMA/rxe: Fix the problem \"mutex_destroy missing\"", " - RDMA/cm: Print the old state when cm_destroy_id gets timeout", " - RDMA/mlx5: Fix port number for counter query in multi-port configuration", " - s390/qdio: handle deferred cc1", " - s390/cio: fix race condition during online processing", " - drm: nv04: Fix out of bounds access", " - drm/panel: visionox-rm69299: don't unregister DSI device", " - clk: Remove prepare_lock hold assertion in __clk_release()", " - clk: Mark 'all_lists' as const", " - clk: remove extra empty line", " - clk: Print an info line before disabling unused clocks", " - clk: Initialize struct clk_core kref earlier", " - clk: Get runtime PM before walking tree during disable_unused", " - x86/bugs: Fix BHI retpoline check", " - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ", " - thunderbolt: Avoid notify PM core about runtime PM resume", " - thunderbolt: Fix wake configurations after device unplug", " - comedi: vmk80xx: fix incomplete endpoint checking", " - serial/pmac_zilog: Remove flawed mitigation for rx irq flood", " - USB: serial: option: add Fibocom FM135-GL variants", " - USB: serial: option: add support for Fibocom FM650/FG650", " - USB: serial: option: add Lonsung U8300/U9300 product", " - USB: serial: option: support Quectel EM060K sub-models", " - USB: serial: option: add Rolling RW101-GL and RW135-GL support", " - USB: serial: option: add Telit FN920C04 rmnet compositions", " - usb: dwc2: host: Fix dereference issue in DDMA completion flow.", " - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport", " error", " - mei: me: disable RPL-S on SPS and IGN firmwares", " - speakup: Avoid crash on very long word", " - fs: sysfs: Fix reference leak in sysfs_break_active_protection()", " - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible", " - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms", " - arm64: hibernate: Fix level3 translation fault in swsusp_save()", " - init/main.c: Fix potential static_command_line memory overflow", " - drm/vmwgfx: Sort primary plane formats by order of preference", " - nouveau: fix instmem race condition around ptr stores", " - nilfs2: fix OOB in nilfs_set_de_type", " - net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP", " - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530", " - net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530", " - net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards", " - Linux 5.15.157", "", " * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)", " - scsi: megaraid_sas: Log message when controller reset is requested but not", " issued", " - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1", "", " * Jammy update: v5.15.156 upstream stable release (LP: #2065857)", " - batman-adv: Avoid infinite loop trying to resize local TT", " - ring-buffer: Only update pages_touched when a new page is touched", " - Bluetooth: Fix memory leak in hci_req_sync_complete()", " - media: cec: core: remove length check of Timer Status", " - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order", " - Revert \"drm/qxl: simplify qxl_fence_wait\"", " - nouveau: fix function cast warning", " - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()", " - net: openvswitch: fix unwanted error log on timeout policy probing", " - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates.", " - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING", " - geneve: fix header validation in geneve[6]_xmit_skb", " - af_unix: Clear stale u->oob_skb.", " - octeontx2-af: Fix NIX SQ mode and BP config", " - ipv6: fib: hide unused 'pn' variable", " - ipv4/route: avoid unused-but-set-variable warning", " - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr", " - netfilter: complete validation of user input", " - net/mlx5: Properly link new fs rules into the tree", " - net: sparx5: fix wrong config being used when reconfiguring PCS", " - net: dsa: mt7530: trap link-local frames regardless of ST Port State", " - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.", " - af_unix: Fix garbage collector racing against connect()", " - net: ena: Fix potential sign extension issue", " - net: ena: Wrong missing IO completions check order", " - net: ena: Fix incorrect descriptor free behavior", " - tracing: hide unused ftrace_event_id_fops", " - iommu/vt-d: Allocate local memory for page request queue", " - btrfs: qgroup: correctly model root qgroup rsv in convert", " - drm/client: Fully protect modes[] with dev->mode_config.mutex", " - vhost: Add smp_rmb() in vhost_vq_avail_empty()", " - perf/x86: Fix out of range data", " - x86/cpu: Actually turn off mitigations by default for", " SPECULATION_MITIGATIONS=n", " - selftests: timers: Fix abs() warning in posix_timers test", " - x86/apic: Force native_apic_mem_read() to use the MOV instruction", " - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument", " - x86/bugs: Fix return type of spectre_bhi_state()", " - x86/bugs: Fix BHI documentation", " - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES", " - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'", " - x86/bugs: Fix BHI handling of RRSBA", " - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation", " - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto", " - [Config] updateconfigs to remove obsolete SPECTRE_BHI_AUTO", " - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with", " CONFIG_MITIGATION_SPECTRE_BHI", " - [Config] updateconfigs to enable new MITIGATION_SPECTRE_BHI", " - drm/i915/cdclk: Fix CDCLK programming order when pipes are active", " - Linux 5.15.156", "", " * Jammy update: v5.15.155 upstream stable release (LP: #2065805)", " - amdkfd: use calloc instead of kzalloc to avoid integer overflow", " - net: dsa: fix panic when DSA master device unbinds on shutdown", " - wifi: ath9k: fix LNA selection in ath_ant_try_scan()", " - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()", " - panic: Flush kernel log buffer at the end", " - cpuidle: Avoid potential overflow in integer multiplication", " - arm64: dts: rockchip: fix rk3328 hdmi ports node", " - arm64: dts: rockchip: fix rk3399 hdmi ports node", " - ionic: set adminq irq affinity", " - pstore/zone: Add a null pointer check to the psz_kmsg_read", " - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()", " - net: pcs: xpcs: Return EINVAL in the internal methods", " - wifi: ath11k: decrease MHI channel buffer length to 8KB", " - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()", " - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()", " - btrfs: send: handle path ref underflow in header iterate_inode_ref()", " - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()", " - Bluetooth: btintel: Fix null ptr deref in btintel_read_version", " - Input: synaptics-rmi4 - fail probing if memory allocation for \"phys\" fails", " - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs", " - sysv: don't call sb_bread() with pointers_lock held", " - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()", " - isofs: handle CDs with bad root inode but good Joliet root directory", " - media: sta2x11: fix irq handler cast", " - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block", " counter", " - ext4: add a hint for block bitmap corrupt state in mb_groups", " - ext4: forbid commit inconsistent quota data when errors=remount-ro", " - drm/amd/display: Fix nanosec stat overflow", " - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned", " int", " - Revert \"ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default\"", " - libperf evlist: Avoid out-of-bounds access", " - block: prevent division by zero in blk_rq_stat_sum()", " - RDMA/cm: add timeout to cm_destroy_id wait", " - Input: allocate keycode for Display refresh rate toggle", " - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi", " Vi8 tablet", " - ktest: force $buildonly = 1 for 'make_warnings_file' test type", " - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent", " environment", " - tools: iio: replace seekdir() in iio_generic_buffer", " - usb: typec: tcpci: add generic tcpci fallback compatible", " - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined", " - ASoC: soc-core.c: Skip dummy codec when adding platforms", " - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2", " - drivers/nvme: Add quirks for device 126f:2262", " - fbmon: prevent division by zero in fb_videomode_from_videomode()", " - netfilter: nf_tables: release batch on table validation from abort path", " - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", " - netfilter: nf_tables: discard table flag update with pending basechain", " deletion", " - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc", " - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text", " - gcc-plugins/stackleak: Avoid .head.text section", " - virtio: reenable config if freezing device failed", " - x86/mm/pat: fix VM_PAT handling in COW mappings", " - randomize_kstack: Improve entropy diffusion", " - platform/x86: intel-vbtn: Update tablet mode switch at end of probe", " - Bluetooth: btintel: Fixe build regression", " - VMCI: Fix possible memcpy() run-time warning in", " vmci_datagram_invoke_guest_handler()", " - Linux 5.15.155", "", " * Jammy update: v5.15.154 upstream stable release (LP: #2065435)", " - Documentation/hw-vuln: Update spectre doc", " - x86/cpu: Support AMD Automatic IBRS", " - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()", " - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd", " - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()", " - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()", " - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts", " - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts", " - pci_iounmap(): Fix MMIO mapping leak", " - KVM: Always flush async #PF workqueue when vCPU is being destroyed", " - sparc64: NMI watchdog: fix return value of __setup handler", " - sparc: vDSO: fix return value of __setup handler", " - crypto: qat - fix double free during reset", " - crypto: qat - resolve race condition during AER recovery", " - selftests/mqueue: Set timeout to 180 seconds", " - ext4: correct best extent lstart adjustment logic", " - block: Clear zone limits for a non-zoned stacked queue", " - kasan: test: add memcpy test that avoids out-of-bounds write", " - kasan/test: avoid gcc warning for intentional overflow", " - bounds: support non-power-of-two CONFIG_NR_CPUS", " - fat: fix uninitialized field in nostale filehandles", " - ubifs: Set page uptodate in the correct place", " - ubi: Check for too small LEB size in VTBL code", " - ubi: correct the calculation of fastmap size", " - mtd: rawnand: meson: fix scrambling mode value in command macro", " - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt", " macros", " - parisc: Fix ip_fast_csum", " - parisc: Fix csum_ipv6_magic on 32-bit systems", " - parisc: Fix csum_ipv6_magic on 64-bit systems", " - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds", " - PM: suspend: Set mem_sleep_current during kernel command line setup", " - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays", " - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays", " - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays", " - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays", " - usb: xhci: Add error handling in xhci_map_urb_for_dma", " - powerpc/fsl: Fix mfpmr build errors with newer binutils", " - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB", " - USB: serial: add device ID for VeriFone adapter", " - USB: serial: cp210x: add ID for MGP Instruments PDS100", " - USB: serial: option: add MeiG Smart SLM320 product", " - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M", " - PM: sleep: wakeirq: fix wake irq warning in system suspend", " - mmc: tmio: avoid concurrent runs of mmc_request_done()", " - fuse: fix root lookup with nonzero generation", " - fuse: don't unhash root", " - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros", " - printk/console: Split out code that enables default console", " - serial: Lock console when calling into driver before registration", " - btrfs: fix off-by-one chunk length calculation at contains_pending_extent()", " - PCI: Drop pci_device_remove() test of pci_dev->driver", " - PCI/PM: Drain runtime-idle callbacks before driver removal", " - PCI: Work around Intel I210 ROM BAR overlap defect", " - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited", " - PCI/DPC: Quirk PIO log size for certain Intel Root Ports", " - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports", " - dm-raid: fix lockdep waring in \"pers->hot_add_disk\"", " - mac802154: fix llsec key resources release in mac802154_llsec_key_del", " - swap: comments get_swap_device() with usage rule", " - mm: swap: fix race between free_swap_and_cache() and swapoff()", " - mmc: core: Fix switch on gp3 partition", " - drm/etnaviv: Restore some id values", " - landlock: Warn once if a Landlock action is requested while disabled", " - hwmon: (amc6821) add of_match table", " - ext4: fix corruption during on-line resize", " - nvmem: meson-efuse: fix function pointer type mismatch", " - slimbus: core: Remove usage of the deprecated ida_simple_xx() API", " - phy: tegra: xusb: Add API to retrieve the port number of phy", " - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic", " - speakup: Fix 8bit characters from direct synth", " - PCI/AER: Block runtime suspend when handling errors", " - nfs: fix UAF in direct writes", " - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1", " - PCI: dwc: endpoint: Fix advertised resizable BAR size", " - vfio/platform: Disable virqfds on cleanup", " - ksmbd: retrieve number of blocks using vfs_getattr in", " set_file_allocation_info", " - ring-buffer: Fix waking up ring buffer readers", " - ring-buffer: Do not set shortest_full when full target is hit", " - ring-buffer: Fix resetting of shortest_full", " - ring-buffer: Fix full_waiters_pending in poll", " - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()", " - soc: fsl: qbman: Always disable interrupts when taking cgr_lock", " - soc: fsl: qbman: Add helper for sanity checking cgr ops", " - soc: fsl: qbman: Add CGR update function", " - soc: fsl: qbman: Use raw spinlock for cgr_lock", " - s390/zcrypt: fix reference counting on zcrypt card objects", " - drm/panel: do not return negative error codes from drm_panel_get_modes()", " - drm/exynos: do not return negative values from .get_modes()", " - drm/imx/ipuv3: do not return negative values from .get_modes()", " - drm/vc4: hdmi: do not return negative values from .get_modes()", " - memtest: use {READ,WRITE}_ONCE in memory scanning", " - nilfs2: fix failure to detect DAT corruption in btree and direct mappings", " - nilfs2: prevent kernel bug at submit_bh_wbc()", " - cpufreq: dt: always allocate zeroed cpumask", " - x86/CPU/AMD: Update the Zenbleed microcode revisions", " - NFSD: Fix nfsd_clid_class use of __string_len() macro", " - net: hns3: tracing: fix hclgevf trace event strings", " - wireguard: netlink: check for dangling peer via is_dead instead of empty", " list", " - wireguard: netlink: access device through ctx instead of peer", " - ahci: asm1064: correct count of reported ports", " - ahci: asm1064: asm1166: don't limit reported ports", " - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag", " - drm/amd/display: Return the correct HDCP error code", " - drm/amd/display: Fix noise issue on HDMI AV mute", " - dm snapshot: fix lockup in dm_exception_table_exit", " - x86/pm: Work around false positive kmemleak report in msr_build_context()", " - net: ravb: Add R-Car Gen4 support", " - cpufreq: brcmstb-avs-cpufreq: fix up \"add check for cpufreq_cpu_get's return", " value\"", " - netfilter: nf_tables: reject constant set with timeout", " - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of", " memory", " - xfrm: Avoid clang fortify warning in copy_to_user_tmpl()", " - KVM: SVM: Flush pages under kvm->lock to fix UAF in", " svm_register_enc_region()", " - tracing: Use .flush() call to wake up readers", " - drm/i915: Check before removing mm notifier", " - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command", " - usb: gadget: ncm: Fix handling of zero block length packets", " - usb: port: Don't try to peer unused USB ports based on location", " - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled", " - mei: me: add arrow lake point S DID", " - mei: me: add arrow lake point H DID", " - vt: fix unicode buffer corruption when deleting characters", " - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion", " - tee: optee: Fix kernel panic caused by incorrect error handling", " - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table", " - xen/events: close evtchn after mapping cleanup", " - clocksource/drivers/arm_global_timer: Fix maximum prescaler value", " - entry: Respect changes to system call number by trace_sys_enter()", " - minmax: add umin(a, b) and umax(a, b)", " - swiotlb: Fix alignment checks when both allocation and DMA masks are present", " - dma-mapping: add dma_opt_mapping_size()", " - dma-iommu: add iommu_dma_opt_mapping_size()", " - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device", " - printk: Update @console_may_schedule in console_trylock_spinning()", " - tty: serial: imx: Fix broken RS485", " - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix", " - x86/bugs: Add asm helpers for executing VERW", " - x86/entry_64: Add VERW just before userspace transition", " - x86/entry_32: Add VERW just before userspace transition", " - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key", " - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH", " - KVM/VMX: Move VERW closer to VMentry for MDS mitigation", " - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set", " - Documentation/hw-vuln: Add documentation for RFDS", " - x86/rfds: Mitigate Register File Data Sampling (RFDS)", " - [Config] updateconfigs for MITIGATION_RFDS", " - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests", " - arch: Introduce CONFIG_FUNCTION_ALIGNMENT", " - [Config] updateconfigs for FUNCTION_ALIGNMENT", " - x86/asm: Differentiate between code and function alignment", " - x86/alternatives: Introduce int3_emulate_jcc()", " - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions", " - x86/static_call: Add support for Jcc tail-calls", " - fsnotify: pass data_type to fsnotify_name()", " - fsnotify: pass dentry instead of inode data", " - fsnotify: clarify contract for create event hooks", " - fsnotify: Don't insert unmergeable events in hashtable", " - fanotify: Fold event size calculation to its own function", " - fanotify: Split fsid check from other fid mode checks", " - inotify: Don't force FS_IN_IGNORED", " - fsnotify: Add helper to detect overflow_event", " - fsnotify: Add wrapper around fsnotify_add_event", " - fsnotify: Retrieve super block from the data field", " - fsnotify: Protect fsnotify_handle_inode_event from no-inode events", " - fsnotify: Pass group argument to free_event", " - fanotify: Support null inode event in fanotify_dfid_inode", " - fanotify: Allow file handle encoding for unhashed events", " - fanotify: Encode empty file handle when no inode is provided", " - fanotify: Require fid_mode for any non-fd event", " - fsnotify: Support FS_ERROR event type", " - fanotify: Reserve UAPI bits for FAN_FS_ERROR", " - fanotify: Pre-allocate pool of error events", " - fanotify: Support enqueueing of error events", " - fanotify: Support merging of error events", " - fanotify: Wrap object_fh inline space in a creator macro", " - fanotify: Add helpers to decide whether to report FID/DFID", " - fanotify: WARN_ON against too large file handles", " - fanotify: Report fid info for file related file system errors", " - fanotify: Emit generic error info for error event", " - fanotify: Allow users to request FAN_FS_ERROR events", " - ext4: Send notifications on error", " - docs: Document the FAN_FS_ERROR event", " - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s", " - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field", " - NFS: Move generic FS show macros to global header", " - NFS: Move NFS protocol display macros to global header", " - NFSD: Optimize DRC bucket pruning", " - NFSD: move filehandle format declarations out of \"uapi\".", " - NFSD: drop support for ancient filehandles", " - NFSD: simplify struct nfsfh", " - NFSD: Initialize pointer ni with NULL and not plain integer 0", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_decode", " - SUNRPC: Change return value type of .pc_decode", " - NFSD: Save location of NFSv4 COMPOUND status", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_encode", " - SUNRPC: Change return value type of .pc_encode", " - nfsd: update create verifier comment", " - NFSD:fix boolreturn.cocci warning", " - nfsd4: remove obselete comment", " - ext4: fix error code saved on super block during file system abort", " - fsnotify: clarify object type argument", " - fsnotify: separate mark iterator type from object type enum", " - fanotify: introduce group flag FAN_REPORT_TARGET_FID", " - fsnotify: generate FS_RENAME event with rich information", " - fanotify: use macros to get the offset to fanotify_info buffer", " - fanotify: use helpers to parcel fanotify_info buffer", " - fanotify: support secondary dir fh and name in fanotify_info", " - fanotify: record old and new parent and name in FAN_RENAME event", " - fanotify: record either old name new name or both for FAN_RENAME", " - fanotify: report old and/or new parent+name in FAN_RENAME event", " - fanotify: wire up FAN_RENAME event", " - exit: Implement kthread_exit", " - exit: Rename module_put_and_exit to module_put_and_kthread_exit", " - NFSD: handle errors better in write_ports_addfd()", " - SUNRPC: change svc_get() to return the svc.", " - SUNRPC/NFSD: clean up get/put functions.", " - SUNRPC: stop using ->sv_nrthreads as a refcount", " - nfsd: make nfsd_stats.th_cnt atomic_t", " - SUNRPC: use sv_lock to protect updates to sv_nrthreads.", " - NFSD: narrow nfsd_mutex protection in nfsd thread", " - NFSD: Make it possible to use svc_set_num_threads_sync", " - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()", " - NFSD: simplify locking for network notifier.", " - lockd: introduce nlmsvc_serv", " - lockd: simplify management of network status notifiers", " - lockd: move lockd_start_svc() call into lockd_create_svc()", " - lockd: move svc_exit_thread() into the thread", " - lockd: introduce lockd_put()", " - lockd: rename lockd_create_svc() to lockd_get()", " - SUNRPC: move the pool_map definitions (back) into svc.c", " - SUNRPC: always treat sv_nrpools==1 as \"not pooled\"", " - lockd: use svc_set_num_threads() for thread start and stop", " - NFS: switch the callback service back to non-pooled.", " - NFSD: Remove be32_to_cpu() from DRC hash function", " - NFSD: Fix inconsistent indenting", " - NFSD: simplify per-net file cache management", " - NFSD: Combine XDR error tracepoints", " - nfsd: improve stateid access bitmask documentation", " - NFSD: De-duplicate nfsd4_decode_bitmap4()", " - nfs: block notification on fs with its own ->lock", " - nfsd4: add refcount for nfsd4_blocked_lock", " - nfsd: map EBADF", " - nfsd: Add errno mapping for EREMOTEIO", " - nfsd: Retry once in nfsd_open on an -EOPENSTALE return", " - NFSD: Clean up nfsd_vfs_write()", " - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)", " - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()", " - NFSD: Write verifier might go backwards", " - NFSD: Clean up the nfsd_net::nfssvc_boot field", " - NFSD: Rename boot verifier functions", " - NFSD: Trace boot verifier resets", " - NFSD: Move fill_pre_wcc() and fill_post_wcc()", " - fsnotify: invalidate dcache before IN_DELETE event", " - NFSD: Deprecate NFS_OFFSET_MAX", " - nfsd: Add support for the birth time attribute", " - orDate: Thu Sep 30 19:19:57 2021 -0400", " - NFSD: Skip extra computation for RC_NOCACHE case", " - NFSD: Streamline the rare \"found\" case", " - NFSD: Remove NFSD_PROC_ARGS_* macros", " - SUNRPC: Remove the .svo_enqueue_xprt method", " - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()", " - SUNRPC: Remove svo_shutdown method", " - SUNRPC: Rename svc_create_xprt()", " - SUNRPC: Rename svc_close_xprt()", " - SUNRPC: Remove svc_shutdown_net()", " - NFSD: Remove svc_serv_ops::svo_module", " - NFSD: Move svc_serv_ops::svo_function into struct svc_serv", " - NFSD: Remove CONFIG_NFSD_V3", " - [Config] updateconfigs for NFSD_V3", " - NFSD: Clean up _lm_ operation names", " - nfsd: fix using the correct variable for sizeof()", " - fsnotify: fix merge with parent's ignored mask", " - fsnotify: optimize FS_MODIFY events with no ignored masks", " - fsnotify: remove redundant parameter judgment", " - nfsd: Fix a write performance regression", " - nfsd: Clean up nfsd_file_put()", " - fanotify: do not allow setting dirent events in mask of non-dir", " - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.", " - inotify: move control flags from mask to mark flags", " - fsnotify: pass flags argument to fsnotify_alloc_group()", " - fsnotify: make allow_dups a property of the group", " - fsnotify: create helpers for group mark_mutex lock", " - inotify: use fsnotify group lock helpers", " - nfsd: use fsnotify group lock helpers", " - dnotify: use fsnotify group lock helpers", " - fsnotify: allow adding an inode mark without pinning inode", " - fanotify: create helper fanotify_mark_user_flags()", " - fanotify: factor out helper fanotify_mark_update_flags()", " - fanotify: implement \"evictable\" inode marks", " - fanotify: use fsnotify group lock helpers", " - fanotify: enable \"evictable\" inode marks", " - fsnotify: introduce mark type iterator", " - fsnotify: consistent behavior for parent not watching children", " - fanotify: fix incorrect fmode_t casts", " - NFSD: Clean up nfsd_splice_actor()", " - NFSD: add courteous server support for thread with only delegation", " - NFSD: add support for share reservation conflict to courteous server", " - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd", " - fs/lock: add helper locks_owner_has_blockers to check for blockers", " - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict", " - NFSD: add support for lock conflict to courteous server", " - NFSD: Show state of courtesy client in client info", " - NFSD: Clean up nfsd3_proc_create()", " - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()", " - NFSD: Refactor nfsd_create_setattr()", " - NFSD: Refactor NFSv3 CREATE", " - NFSD: Refactor NFSv4 OPEN(CREATE)", " - NFSD: Remove do_nfsd_create()", " - NFSD: Clean up nfsd_open_verified()", " - NFSD: Instantiate a struct file when creating a regular NFSv4 file", " - NFSD: Remove dprintk call sites from tail of nfsd4_open()", " - NFSD: Fix whitespace", " - NFSD: Move documenting comment for nfsd4_process_open2()", " - NFSD: Trace filecache opens", " - SUNRPC: Use RMW bitops in single-threaded hot paths", " - nfsd: Unregister the cld notifier when laundry_wq create failed", " - nfsd: Fix null-ptr-deref in nfsd_fill_super()", " - NFSD: Modernize nfsd4_release_lockowner()", " - NFSD: Add documenting comment for nfsd4_release_lockowner()", " - NFSD: nfsd_file_put() can sleep", " - NFSD: Fix potential use-after-free in nfsd_file_put()", " - NFS: restore module put when manager exits.", " - fanotify: refine the validation checks on non-dir inode mask", " - NFSD: Decode NFSv4 birth time attribute", " - fs: inotify: Fix typo in inotify comment", " - fanotify: prepare for setting event flags in ignore mask", " - fanotify: cleanups for fanotify_mark() input validations", " - fanotify: introduce FAN_MARK_IGNORE", " - fsnotify: Fix comment typo", " - NLM: Defend against file_lock changes after vfs_test_lock()", " - NFSD: Instrument fh_verify()", " - NFSD: Fix space and spelling mistake", " - nfsd: remove redundant assignment to variable len", " - NFSD: Demote a WARN to a pr_warn()", " - NFSD: Report filecache LRU size", " - NFSD: Report count of calls to nfsd_file_acquire()", " - NFSD: Report count of freed filecache items", " - NFSD: Report average age of filecache items", " - NFSD: Add nfsd_file_lru_dispose_list() helper", " - NFSD: Refactor nfsd_file_gc()", " - NFSD: Refactor nfsd_file_lru_scan()", " - NFSD: Report the number of items evicted by the LRU walk", " - NFSD: Record number of flush calls", " - NFSD: Zero counters when the filecache is re-initialized", " - NFSD: Hook up the filecache stat file", " - NFSD: WARN when freeing an item still linked via nf_lru", " - NFSD: Trace filecache LRU activity", " - NFSD: Leave open files out of the filecache LRU", " - NFSD: Fix the filecache LRU shrinker", " - NFSD: Never call nfsd_file_gc() in foreground paths", " - NFSD: No longer record nf_hashval in the trace log", " - NFSD: Remove lockdep assertion from unhash_and_release_locked()", " - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode", " - NFSD: Refactor __nfsd_file_close_inode()", " - NFSD: nfsd_file_hash_remove can compute hashval", " - NFSD: Remove nfsd_file::nf_hashval", " - NFSD: Replace the \"init once\" mechanism", " - NFSD: Set up an rhashtable for the filecache", " - NFSD: Convert the filecache to use rhashtable", " - NFSD: Clean up unused code after rhashtable conversion", " - NFSD: Separate tracepoints for acquire and create", " - NFSD: Move nfsd_file_trace_alloc() tracepoint", " - NFSD: NFSv4 CLOSE should release an nfsd_file immediately", " - NFSD: Ensure nf_inode is never dereferenced", " - NFSD: refactoring v4 specific code to a helper in nfs4state.c", " - NFSD: keep track of the number of v4 clients in the system", " - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory", " - nfsd: silence extraneous printk on nfsd.ko insertion", " - NFSD: Optimize nfsd4_encode_operation()", " - NFSD: Optimize nfsd4_encode_fattr()", " - NFSD: Clean up SPLICE_OK in nfsd4_encode_read()", " - NFSD: Add an nfsd4_read::rd_eof field", " - NFSD: Optimize nfsd4_encode_readv()", " - NFSD: Simplify starting_len", " - NFSD: Use xdr_pad_size()", " - NFSD: Clean up nfsd4_encode_readlink()", " - NFSD: Fix strncpy() fortify warning", " - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox", " - NFSD: Shrink size of struct nfsd4_copy_notify", " - NFSD: Shrink size of struct nfsd4_copy", " - NFSD: Reorder the fields in struct nfsd4_op", " - NFSD: Make nfs4_put_copy() static", " - NFSD: Replace boolean fields in struct nfsd4_copy", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)", " - NFSD: Refactor nfsd4_do_copy()", " - NFSD: Remove kmalloc from nfsd4_do_async_copy()", " - NFSD: Add nfsd4_send_cb_offload()", " - NFSD: Move copy offload callback arguments into a separate structure", " - NFSD: drop fh argument from alloc_init_deleg", " - NFSD: verify the opened dentry after setting a delegation", " - NFSD: introduce struct nfsd_attrs", " - NFSD: set attributes when creating symlinks", " - NFSD: add security label to struct nfsd_attrs", " - NFSD: add posix ACLs to struct nfsd_attrs", " - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before", " returning.", " - NFSD: always drop directory lock in nfsd_unlink()", " - NFSD: only call fh_unlock() once in nfsd_link()", " - NFSD: reduce locking in nfsd_lookup()", " - NFSD: use explicit lock/unlock for directory ops", " - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations", " - NFSD: discard fh_locked flag and fh_lock/fh_unlock", " - NFSD: fix regression with setting ACLs.", " - nfsd_splice_actor(): handle compound pages", " - NFSD: move from strlcpy with unused retval to strscpy", " - lockd: move from strlcpy with unused retval to strscpy", " - NFSD enforce filehandle check for source file in COPY", " - NFSD: remove redundant variable status", " - nfsd: Avoid some useless tests", " - nfsd: Propagate some error code returned by memdup_user()", " - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND", " - NFSD: drop fname and flen args from nfsd_create_locked()", " - nfsd: clean up mounted_on_fileid handling", " - nfsd: remove nfsd4_prepare_cb_recall() declaration", " - NFSD: Replace dprintk() call site in fh_verify()", " - NFSD: Trace NFSv4 COMPOUND tags", " - NFSD: Add tracepoints to report NFSv4 callback completions", " - NFSD: Add a mechanism to wait for a DELEGRETURN", " - NFSD: Refactor nfsd_setattr()", " - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY", " - NFSD: keep track of the number of courtesy clients in the system", " - NFSD: add shrinker to reap courtesy clients on low memory condition", " - SUNRPC: Parametrize how much of argsize should be zeroed", " - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing", " - NFSD: Refactor common code out of dirlist helpers", " - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks", " - NFSD: Clean up WRITE arg decoders", " - NFSD: Clean up nfs4svc_encode_compoundres()", " - NFSD: Remove unused nfsd4_compoundargs::cachetype field", " - NFSD: Pack struct nfsd4_compoundres", " - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and", " supported_enctypes_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops", " - NFSD: Rename the fields in copy_stateid_t", " - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid", " - nfsd: fix comments about spinlock handling with delegations", " - nfsd: make nfsd4_run_cb a bool return function", " - nfsd: extra checks when freeing delegation stateids", " - fs/notify: constify path", " - fsnotify: remove unused declaration", " - fanotify: Remove obsoleted fanotify_event_has_path()", " - nfsd: fix nfsd_file_unhash_and_dispose", " - nfsd: rework hashtable handling in nfsd_do_file_acquire", " - NFSD: unregister shrinker when nfsd_init_net() fails", " - nfsd: ensure we always call fh_verify_error tracepoint", " - nfsd: fix net-namespace logic in __nfsd_file_cache_purge", " - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint", " - nfsd: put the export reference in nfsd4_verify_deleg_dentry", " - NFSD: Fix trace_nfsd_fh_verify_err() crasher", " - NFSD: Fix reads with a non-zero offset that don't end on a page boundary", " - lockd: use locks_inode_context helper", " - nfsd: use locks_inode_context helper", " - NFSD: Simplify READ_PLUS", " - NFSD: Remove redundant assignment to variable host_err", " - NFSD: Finish converting the NFSv3 GETACL result encoder", " - nfsd: ignore requests to disable unsupported versions", " - nfsd: move nfserrno() to vfs.c", " - nfsd: allow disabling NFSv2 at compile time", " - [Config] updateconfigs for NFSD_V2", " - exportfs: use pr_debug for unreachable debug statements", " - NFSD: Pass the target nfsd_file to nfsd_commit()", " - NFSD: Revert \"NFSD: NFSv4 CLOSE should release an nfsd_file immediately\"", " - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection", " - NFSD: Flesh out a documenting comment for filecache.c", " - NFSD: Clean up nfs4_preprocess_stateid_op() call sites", " - NFSD: Trace stateids returned via DELEGRETURN", " - NFSD: Trace delegation revocations", " - NFSD: Use const pointers as parameters to fh_ helpers", " - NFSD: Update file_hashtbl() helpers", " - NFSD: Clean up nfsd4_init_file()", " - NFSD: Add a nfsd4_file_hash_remove() helper", " - NFSD: Clean up find_or_add_file()", " - NFSD: Refactor find_file()", " - NFSD: Use rhashtable for managing nfs4_file objects", " - NFSD: Fix licensing header in filecache.c", " - nfsd: remove the pages_flushed statistic from filecache", " - nfsd: reorganize filecache.c", " - filelock: add a new locks_inode_context accessor function", " - nfsd: fix up the filecache laundrette scheduling", " - NFSD: Add an nfsd_file_fsync tracepoint", " - nfsd: return error if nfs4_setacl fails", " - NFSD: Use struct_size() helper in alloc_session()", " - lockd: set missing fl_flags field when retrieving args", " - lockd: ensure we use the correct file descriptor when unlocking", " - lockd: fix file selection in nlmsvc_cancel_blocked", " - trace: Relocate event helper files", " - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker", " - NFSD: add support for sending CB_RECALL_ANY", " - NFSD: add delegation reaper to react to low memory condition", " - NFSD: add CB_RECALL_ANY tracepoints", " - NFSD: Use only RQ_DROPME to signal the need to drop a reply", " - NFSD: Avoid clashing function prototypes", " - nfsd: rework refcounting in filecache", " - nfsd: fix handling of cached open files in nfsd4_open codepath", " - Revert \"SUNRPC: Use RMW bitops in single-threaded hot paths\"", " - NFSD: Use set_bit(RQ_DROPME)", " - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown", " time", " - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker", " - nfsd: don't free files unconditionally in __nfsd_file_cache_purge", " - nfsd: don't destroy global nfs4_file table in per-net shutdown", " - NFSD: enhance inter-server copy cleanup", " - nfsd: allow nfsd_file_get to sanely handle a NULL pointer", " - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath", " - NFSD: fix leaked reference count of nfsd4_ssc_umount_item", " - nfsd: don't hand out delegation on setuid files being opened for write", " - NFSD: fix problems with cleanup on errors in nfsd4_copy", " - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open", " - nfsd: don't fsync nfsd_files on last close", " - NFSD: copy the whole verifier in nfsd_copy_write_verifier", " - NFSD: Protect against filesystem freezing", " - nfsd: don't replace page in rq_pages if it's a continuation of last page", " - nfsd: call op_release, even when op_func returns an error", " - nfsd: don't open-code clear_and_wake_up_bit", " - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries", " - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator", " - nfsd: don't kill nfsd_files because of lease break error", " - nfsd: add some comments to nfsd_file_do_acquire", " - nfsd: don't take/put an extra reference when putting a file", " - nfsd: update comment over __nfsd_file_cache_purge", " - nfsd: allow reaping files still under writeback", " - NFSD: Convert filecache to rhltable", " - nfsd: simplify the delayed disposal list code", " - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop", " - nfsd: make a copy of struct iattr before calling notify_change", " - nfsd: fix double fget() bug in __write_ports_addfd()", " - lockd: drop inappropriate svc_get() from locked_get()", " - NFSD: Add an nfsd4_encode_nfstime4() helper", " - nfsd: Fix creation time serialization order", " - nfsd: Simplify code around svc_exit_thread() call in nfsd()", " - nfsd: separate nfsd_last_thread() from nfsd_put()", " - Documentation: Add missing documentation for EXPORT_OP flags", " - NFSD: fix possible oops when nfsd/pool_stats is closed.", " - nfsd: call nfsd_last_thread() before final nfsd_put()", " - nfsd: drop the nfsd_put helper", " - nfsd: fix RELEASE_LOCKOWNER", " - nfsd: don't take fi_lock in nfsd_break_deleg_cb()", " - nfsd: don't call locks_release_private() twice concurrently", " - nfsd: Fix a regression in nfsd_setattr()", " - perf/core: Fix reentry problem in perf_output_read_group()", " - efivarfs: Request at most 512 bytes for variable names", " - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS", " - selftests: mptcp: diag: return KSFT_FAIL not test_cnt", " - vfio/pci: Disable auto-enable of exclusive INTx IRQ", " - vfio/pci: Lock external INTx masking ops", " - vfio: Introduce interface to flush virqfd inject workqueue", " - vfio/pci: Create persistent INTx handler", " - vfio/platform: Create persistent IRQ handlers", " - vfio/fsl-mc: Block calling interrupt handler without trigger", " - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO", " - mm/migrate: set swap entry values of THP tail pages properly.", " - init: open /initrd.image with O_LARGEFILE", " - btrfs: zoned: use zone aware sb location for scrub", " - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", " - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()", " - hexagon: vmlinux.lds.S: handle attributes section", " - mmc: core: Initialize mmc_blk_ioc_data", " - mmc: core: Avoid negative index with array access", " - net: ll_temac: platform_get_resource replaced by wrong function", " - drm/i915/gt: Reset queue_priority_hint on parking", " - drm/amdgpu: Use drm_mode_copy()", " - drm/amd/display: Preserve original aspect ratio in create stream", " - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", " - scsi: core: Fix unremoved procfs host directory regression", " - staging: vc04_services: changen strncpy() to strscpy_pad()", " - staging: vc04_services: fix information leak in create_component()", " - USB: core: Add hub_get() and hub_put() routines", " - usb: dwc2: host: Fix remote wakeup from hibernation", " - usb: dwc2: host: Fix hibernation flow", " - usb: dwc2: host: Fix ISOC flow in DDMA mode", " - usb: dwc2: gadget: Fix exiting from clock gating", " - usb: dwc2: gadget: LPM flow fix", " - usb: udc: remove warning when queue disabled ep", " - usb: typec: ucsi: Ack unsupported commands", " - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset", " - scsi: qla2xxx: Prevent command send on chip reset", " - scsi: qla2xxx: Fix N2N stuck connection", " - scsi: qla2xxx: Split FCE|EFT trace control", " - scsi: qla2xxx: NVME|FCP prefer flag not being honored", " - scsi: qla2xxx: Fix command flush on cable pull", " - scsi: qla2xxx: Fix double free of fcport", " - scsi: qla2xxx: Change debug message during driver unload", " - scsi: qla2xxx: Delay I/O Abort on PCI error", " - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled", " - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports", " - scsi: lpfc: Correct size for wqe for memset()", " - USB: core: Fix deadlock in usb_deauthorize_interface()", " - scsi: usb: Call scsi_done() directly", " - scsi: usb: Stop using the SCSI pointer", " - USB: UAS: return ENODEV when submit urbs fail with device not attached", " - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet", " - mlxbf_gige: stop PHY during open() error paths", " - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy", " - wifi: iwlwifi: mvm: rfi: fix potential response leaks", " - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()", " - s390/qeth: handle deferred cc1", " - tcp: properly terminate timers for kernel sockets", " - ACPICA: debugger: check status of acpi_evaluate_object() in", " acpi_db_walk_for_fields()", " - mlxbf_gige: call request_irq() after NAPI initialized", " - bpf: Protect against int overflow for stack access size", " - Octeontx2-af: fix pause frame configuration in GMP mode", " - dm integrity: fix out-of-range warning", " - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d", " - x86/cpufeatures: Add new word for scattered features", " - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word", " - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken", " - Bluetooth: hci_event: set the conn encrypted before conn establishes", " - Bluetooth: Fix TOCTOU in HCI debugfs implementation", " - xen-netfront: Add missing skb_mark_for_recycle", " - net/rds: fix possible cp null dereference", " - locking/rwsem: Disable preemption while trying for rwsem lock", " - io_uring: ensure '0' is returned on file registration success", " - Revert \"x86/mm/ident_map: Use gbpages only where full GB page should be", " mapped.\"", " - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL", " allocations", " - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util", " - KVM: x86: Bail to userspace if emulation of atomic user access faults", " - KVM: x86: Mark target gfn of emulated atomic instruction as dirty", " - netfilter: nf_tables: reject new basechain after table flag update", " - netfilter: nf_tables: flush pending destroy work before exit_net release", " - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()", " - netfilter: validate user input for expected length", " - vboxsf: Avoid an spurious warning if load_nls_xxx() fails", " - bpf, sockmap: Prevent lock inversion deadlock in map delete elem", " - net/sched: act_skbmod: prevent kernel-infoleak", " - net: stmmac: fix rx queue priority assignment", " - selftests: net: gro fwd: update vxlan GRO test expectations", " - erspan: make sure erspan_base_hdr is present in skb->head", " - selftests: reuseaddr_conflict: add missing new line at the end of the output", " - ipv6: Fix infinite recursion in fib6_dump_done().", " - mlxbf_gige: stop interface during shutdown", " - udp: do not accept non-tunnel GSO skbs landing in a tunnel", " - udp: do not transition UDP GRO fraglist partial checksums to unnecessary", " - udp: prevent local UDP tunnel packets from being GROed", " - octeontx2-af: Fix issue with loading coalesced KPU profiles", " - octeontx2-pf: check negative error code in otx2_open()", " - i40e: fix i40e_count_filters() to count only active/new filters", " - i40e: fix vf may be used uninitialized in this function warning", " - scsi: qla2xxx: Update manufacturer details", " - scsi: qla2xxx: Update manufacturer detail", " - Revert \"usb: phy: generic: Get the vbus supply\"", " - i40e: Store the irq number in i40e_q_vector", " - i40e: Remove _t suffix from enum type names", " - i40e: Enforce software interrupt during busy-poll exit", " - net: usb: asix: suspend embedded PHY if external is used", " - drivers: net: convert to boolean for the mac_managed_pm flag", " - net: fec: Set mac_managed_pm during probe", " - net: ravb: Always process TX descriptor ring", " - ASoC: rt5682-sdw: fix locking sequence", " - ASoC: rt711-sdca: fix locking sequence", " - ASoC: rt711-sdw: fix locking sequence", " - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw", " - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit", " - scsi: mylex: Fix sysfs buffer lengths", " - ata: sata_mv: Fix PCI device ID table declaration compilation warning", " - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY", " - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running", " - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached", " - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()", " - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with", " microphone", " - driver core: Introduce device_link_wait_removal()", " - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals", " - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()", " - s390/entry: align system call table on 8 bytes", " - riscv: Fix spurious errors from __get/put_kernel_nofault", " - riscv: process: Fix kernel gp leakage", " - x86/bugs: Fix the SRSO mitigation on Zen3/4", " - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for", " !SRSO", " - mptcp: don't account accept() of non-MPC client as fallback to TCP", " - mm/secretmem: fix GUP-fast succeeding on secretmem folios", " - gro: fix ownership transfer", " - nvme: fix miss command type check", " - x86: set SPECTRE_BHI_ON as default", " - Linux 5.15.154", "", " * CVE-2024-23307", " - md/raid5: fix atomicity violation in raid5_cache_count", "", " * CVE-2024-26828", " - cifs: fix underflow in parse_server_interfaces()", "", " * CVE-2024-24861", " - media: xc4000: Fix atomicity violation in xc4000_get_frequency", "", " * CVE-2024-26642", " - netfilter: nf_tables: disallow anonymous set with timeout flag", "", " * CVE-2024-26926", " - binder: check offset alignment in binder_get_object()", "", " * CVE-2024-26922", " - drm/amdgpu: validate the parameters of bo mapping operations more clearly", "", " * CVE-2023-6039", " - timers: Silently ignore timers with a NULL function", "", " * CVE-2024-26924", " - netfilter: nft_set_pipapo: do not free live element", "", " * CVE-2024-26643", " - netfilter: nf_tables: mark set as dead when unbinding anonymous set with", " timeout", "" ], "package": "linux", "version": "5.15.0-115.125", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:06:00 +0200" } ], "notes": "linux-headers-5.15.0-116 version '5.15.0-116.126' (source package linux version '5.15.0-116.126') was added. linux-headers-5.15.0-116 version '5.15.0-116.126' has the same source package name, linux, as removed package linux-headers-5.15.0-113. As such we can use the source package version of the removed package, '5.15.0-113.123', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-headers-5.15.0-116-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738, 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "changes": [ { "cves": [], "log": [ "", " * jammy/linux: 5.15.0-116.126 -proposed tracker (LP: #2071603)", "", " * idxd: NULL pointer dereference reading wq op_config attribute (LP: #2069081)", " - SAUCE: dmaengine: idxd: set is_visible member of idxd_wq_attribute_group", "", " * AMD GPUs fail with null pointer dereference when IOMMU enabled, leading to", " black screen (LP: #2068738)", " - SAUCE: Revert \"drm/amdgpu: init iommu after amdkfd device init\"", "" ], "package": "linux", "version": "5.15.0-116.126", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738 ], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:13:30 +0200" }, { "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-115.125 -proposed tracker (LP: #2068396)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian.master/dkms-versions -- update from kernel-versions", " (main/2024.06.10)", "", " * Jammy update: v5.15.158 upstream stable release (LP: #2067974)", " - smb: client: fix rename(2) regression against samba", " - cifs: reinstate original behavior again for forceuid/forcegid", " - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc", " - HID: logitech-dj: allow mice to use all types of reports", " - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma", " - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma", " - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma", " - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts", " - arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg", " - arm64: dts: mediatek: mt7622: add support for coherent DMA", " - arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch", " - arm64: dts: mediatek: mt7622: fix clock controllers", " - arm64: dts: mediatek: mt7622: fix IR nodename", " - arm64: dts: mediatek: mt7622: fix ethernet controller \"compatible\"", " - arm64: dts: mediatek: mt7622: drop \"reset-names\" from thermal block", " - arm64: dts: mediatek: mt2712: fix validation errors", " - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property", " - wifi: iwlwifi: mvm: remove old PASN station when adding a new one", " - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd", " - vxlan: drop packets from invalid src-address", " - mlxsw: core: Unregister EMAD trap using FORWARD action", " - icmp: prevent possible NULL dereferences from icmp_build_probe()", " - bridge/br_netlink.c: no need to return void function", " - NFC: trf7970a: disable all regulators on removal", " - ipv4: check for NULL idev in ip_route_use_hint()", " - net: usb: ax88179_178a: stop lying about skb->truesize", " - net: gtp: Fix Use-After-Free in gtp_dellink", " - ipvs: Fix checksumming on GSO of SCTP packets", " - net: openvswitch: Fix Use-After-Free in ovs_ct_exit", " - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash", " - mlxsw: spectrum_acl_tcam: Rate limit error message", " - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash", " - mlxsw: spectrum_acl_tcam: Fix warning during rehash", " - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage", " - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", " - netfilter: nf_tables: honor table dormant flag from netdev release event", " path", " - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue", " - i40e: Report MFS in decimal base instead of hex", " - iavf: Fix TC config comparison with existing adapter TC config", " - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets", " - af_unix: Suppress false-positive lockdep splat for spin_lock() in", " __unix_gc().", " - serial: core: Provide port lock wrappers", " - serial: mxs-auart: add spinlock around changing cts state", " - drm-print: add drm_dbg_driver to improve namespace symmetry", " - drm/vmwgfx: Fix crtc's atomic check conditional", " - Revert \"crypto: api - Disallow identical driver names\"", " - net/mlx5e: Fix a race in command alloc flow", " - tracing: Show size of requested perf buffer", " - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker", " together", " - x86/cpu: Fix check for RDPKRU in __show_regs()", " - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()", " - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853", " - Bluetooth: qca: fix NULL-deref on non-serdev suspend", " - mmc: sdhci-msm: pervent access to suspended controller", " - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()", " - cpu: Re-enable CPU mitigations by default for !X86 architectures", " - [Configs] Update CPU mitigation configs", " - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma", " - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3", " - drm/amdgpu: Fix leak when GPU memory allocation fails", " - irqchip/gic-v3-its: Prevent double free on error", " - ethernet: Add helper for assigning packet type when dest address does not", " match device address", " - net: b44: set pause params only when interface is up", " - stackdepot: respect __GFP_NOLOCKDEP allocation flag", " - mtd: diskonchip: work around ubsan link failure", " - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()", " - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()", " - dmaengine: owl: fix register access functions", " - idma64: Don't try to serve interrupts when device is powered off", " - dma: xilinx_dpdma: Fix locking", " - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", " - riscv: fix VMALLOC_START definition", " - riscv: Fix TASK_SIZE on 64-bit NOMMU", " - i2c: smbus: fix NULL function pointer dereference", " - fbdev: fix incorrect address computation in deferred IO", " - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up", " - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS", " - udp: preserve the connected status if only UDP cmsg", " - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()", " - Linux 5.15.158", "", " * Jammy update: v5.15.157 upstream stable release (LP: #2067959)", " - ksmbd: don't send oplock break if rename fails", " - ksmbd: validate payload size in ipc response", " - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1", " - btrfs: record delayed inode root in transaction", " - SUNRPC: Fix rpcgss_context trace event acceptor field", " - selftests/ftrace: Limit length in subsystem-enable tests", " - bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support", " - bpf: Generalize check_ctx_reg for reuse with other types", " - bpf: Generally fix helper register offset check", " - bpf: Fix out of bounds access for ringbuf helpers", " - bpf: Fix ringbuf memory type confusion when passing to helpers", " - kprobes: Fix possible use-after-free issue on kprobe registration", " - Revert \"tracing/trigger: Fix to return error if failed to alloc snapshot\"", " - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()", " - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()", " - netfilter: br_netfilter: skip conntrack input hook for promisc packets", " - netfilter: nf_flow_table: count pending offload workqueue tasks", " - [Config] update configs to enable new NF_FLOW_TABLE_PROCFS", " - netfilter: flowtable: validate pppoe header", " - netfilter: flowtable: incorrect pppoe tuple", " - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().", " - af_unix: Don't peek OOB data without MSG_OOB.", " - tun: limit printing rate when illegal packet received by tun dev", " - net: dsa: mt7530: fix mirroring frames received on local port", " - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them", " - RDMA/rxe: Fix the problem \"mutex_destroy missing\"", " - RDMA/cm: Print the old state when cm_destroy_id gets timeout", " - RDMA/mlx5: Fix port number for counter query in multi-port configuration", " - s390/qdio: handle deferred cc1", " - s390/cio: fix race condition during online processing", " - drm: nv04: Fix out of bounds access", " - drm/panel: visionox-rm69299: don't unregister DSI device", " - clk: Remove prepare_lock hold assertion in __clk_release()", " - clk: Mark 'all_lists' as const", " - clk: remove extra empty line", " - clk: Print an info line before disabling unused clocks", " - clk: Initialize struct clk_core kref earlier", " - clk: Get runtime PM before walking tree during disable_unused", " - x86/bugs: Fix BHI retpoline check", " - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ", " - thunderbolt: Avoid notify PM core about runtime PM resume", " - thunderbolt: Fix wake configurations after device unplug", " - comedi: vmk80xx: fix incomplete endpoint checking", " - serial/pmac_zilog: Remove flawed mitigation for rx irq flood", " - USB: serial: option: add Fibocom FM135-GL variants", " - USB: serial: option: add support for Fibocom FM650/FG650", " - USB: serial: option: add Lonsung U8300/U9300 product", " - USB: serial: option: support Quectel EM060K sub-models", " - USB: serial: option: add Rolling RW101-GL and RW135-GL support", " - USB: serial: option: add Telit FN920C04 rmnet compositions", " - usb: dwc2: host: Fix dereference issue in DDMA completion flow.", " - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport", " error", " - mei: me: disable RPL-S on SPS and IGN firmwares", " - speakup: Avoid crash on very long word", " - fs: sysfs: Fix reference leak in sysfs_break_active_protection()", " - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible", " - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms", " - arm64: hibernate: Fix level3 translation fault in swsusp_save()", " - init/main.c: Fix potential static_command_line memory overflow", " - drm/vmwgfx: Sort primary plane formats by order of preference", " - nouveau: fix instmem race condition around ptr stores", " - nilfs2: fix OOB in nilfs_set_de_type", " - net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP", " - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530", " - net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530", " - net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards", " - Linux 5.15.157", "", " * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)", " - scsi: megaraid_sas: Log message when controller reset is requested but not", " issued", " - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1", "", " * Jammy update: v5.15.156 upstream stable release (LP: #2065857)", " - batman-adv: Avoid infinite loop trying to resize local TT", " - ring-buffer: Only update pages_touched when a new page is touched", " - Bluetooth: Fix memory leak in hci_req_sync_complete()", " - media: cec: core: remove length check of Timer Status", " - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order", " - Revert \"drm/qxl: simplify qxl_fence_wait\"", " - nouveau: fix function cast warning", " - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()", " - net: openvswitch: fix unwanted error log on timeout policy probing", " - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates.", " - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING", " - geneve: fix header validation in geneve[6]_xmit_skb", " - af_unix: Clear stale u->oob_skb.", " - octeontx2-af: Fix NIX SQ mode and BP config", " - ipv6: fib: hide unused 'pn' variable", " - ipv4/route: avoid unused-but-set-variable warning", " - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr", " - netfilter: complete validation of user input", " - net/mlx5: Properly link new fs rules into the tree", " - net: sparx5: fix wrong config being used when reconfiguring PCS", " - net: dsa: mt7530: trap link-local frames regardless of ST Port State", " - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.", " - af_unix: Fix garbage collector racing against connect()", " - net: ena: Fix potential sign extension issue", " - net: ena: Wrong missing IO completions check order", " - net: ena: Fix incorrect descriptor free behavior", " - tracing: hide unused ftrace_event_id_fops", " - iommu/vt-d: Allocate local memory for page request queue", " - btrfs: qgroup: correctly model root qgroup rsv in convert", " - drm/client: Fully protect modes[] with dev->mode_config.mutex", " - vhost: Add smp_rmb() in vhost_vq_avail_empty()", " - perf/x86: Fix out of range data", " - x86/cpu: Actually turn off mitigations by default for", " SPECULATION_MITIGATIONS=n", " - selftests: timers: Fix abs() warning in posix_timers test", " - x86/apic: Force native_apic_mem_read() to use the MOV instruction", " - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument", " - x86/bugs: Fix return type of spectre_bhi_state()", " - x86/bugs: Fix BHI documentation", " - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES", " - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'", " - x86/bugs: Fix BHI handling of RRSBA", " - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation", " - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto", " - [Config] updateconfigs to remove obsolete SPECTRE_BHI_AUTO", " - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with", " CONFIG_MITIGATION_SPECTRE_BHI", " - [Config] updateconfigs to enable new MITIGATION_SPECTRE_BHI", " - drm/i915/cdclk: Fix CDCLK programming order when pipes are active", " - Linux 5.15.156", "", " * Jammy update: v5.15.155 upstream stable release (LP: #2065805)", " - amdkfd: use calloc instead of kzalloc to avoid integer overflow", " - net: dsa: fix panic when DSA master device unbinds on shutdown", " - wifi: ath9k: fix LNA selection in ath_ant_try_scan()", " - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()", " - panic: Flush kernel log buffer at the end", " - cpuidle: Avoid potential overflow in integer multiplication", " - arm64: dts: rockchip: fix rk3328 hdmi ports node", " - arm64: dts: rockchip: fix rk3399 hdmi ports node", " - ionic: set adminq irq affinity", " - pstore/zone: Add a null pointer check to the psz_kmsg_read", " - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()", " - net: pcs: xpcs: Return EINVAL in the internal methods", " - wifi: ath11k: decrease MHI channel buffer length to 8KB", " - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()", " - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()", " - btrfs: send: handle path ref underflow in header iterate_inode_ref()", " - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()", " - Bluetooth: btintel: Fix null ptr deref in btintel_read_version", " - Input: synaptics-rmi4 - fail probing if memory allocation for \"phys\" fails", " - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs", " - sysv: don't call sb_bread() with pointers_lock held", " - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()", " - isofs: handle CDs with bad root inode but good Joliet root directory", " - media: sta2x11: fix irq handler cast", " - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block", " counter", " - ext4: add a hint for block bitmap corrupt state in mb_groups", " - ext4: forbid commit inconsistent quota data when errors=remount-ro", " - drm/amd/display: Fix nanosec stat overflow", " - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned", " int", " - Revert \"ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default\"", " - libperf evlist: Avoid out-of-bounds access", " - block: prevent division by zero in blk_rq_stat_sum()", " - RDMA/cm: add timeout to cm_destroy_id wait", " - Input: allocate keycode for Display refresh rate toggle", " - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi", " Vi8 tablet", " - ktest: force $buildonly = 1 for 'make_warnings_file' test type", " - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent", " environment", " - tools: iio: replace seekdir() in iio_generic_buffer", " - usb: typec: tcpci: add generic tcpci fallback compatible", " - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined", " - ASoC: soc-core.c: Skip dummy codec when adding platforms", " - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2", " - drivers/nvme: Add quirks for device 126f:2262", " - fbmon: prevent division by zero in fb_videomode_from_videomode()", " - netfilter: nf_tables: release batch on table validation from abort path", " - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", " - netfilter: nf_tables: discard table flag update with pending basechain", " deletion", " - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc", " - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text", " - gcc-plugins/stackleak: Avoid .head.text section", " - virtio: reenable config if freezing device failed", " - x86/mm/pat: fix VM_PAT handling in COW mappings", " - randomize_kstack: Improve entropy diffusion", " - platform/x86: intel-vbtn: Update tablet mode switch at end of probe", " - Bluetooth: btintel: Fixe build regression", " - VMCI: Fix possible memcpy() run-time warning in", " vmci_datagram_invoke_guest_handler()", " - Linux 5.15.155", "", " * Jammy update: v5.15.154 upstream stable release (LP: #2065435)", " - Documentation/hw-vuln: Update spectre doc", " - x86/cpu: Support AMD Automatic IBRS", " - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()", " - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd", " - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()", " - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()", " - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts", " - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts", " - pci_iounmap(): Fix MMIO mapping leak", " - KVM: Always flush async #PF workqueue when vCPU is being destroyed", " - sparc64: NMI watchdog: fix return value of __setup handler", " - sparc: vDSO: fix return value of __setup handler", " - crypto: qat - fix double free during reset", " - crypto: qat - resolve race condition during AER recovery", " - selftests/mqueue: Set timeout to 180 seconds", " - ext4: correct best extent lstart adjustment logic", " - block: Clear zone limits for a non-zoned stacked queue", " - kasan: test: add memcpy test that avoids out-of-bounds write", " - kasan/test: avoid gcc warning for intentional overflow", " - bounds: support non-power-of-two CONFIG_NR_CPUS", " - fat: fix uninitialized field in nostale filehandles", " - ubifs: Set page uptodate in the correct place", " - ubi: Check for too small LEB size in VTBL code", " - ubi: correct the calculation of fastmap size", " - mtd: rawnand: meson: fix scrambling mode value in command macro", " - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt", " macros", " - parisc: Fix ip_fast_csum", " - parisc: Fix csum_ipv6_magic on 32-bit systems", " - parisc: Fix csum_ipv6_magic on 64-bit systems", " - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds", " - PM: suspend: Set mem_sleep_current during kernel command line setup", " - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays", " - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays", " - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays", " - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays", " - usb: xhci: Add error handling in xhci_map_urb_for_dma", " - powerpc/fsl: Fix mfpmr build errors with newer binutils", " - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB", " - USB: serial: add device ID for VeriFone adapter", " - USB: serial: cp210x: add ID for MGP Instruments PDS100", " - USB: serial: option: add MeiG Smart SLM320 product", " - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M", " - PM: sleep: wakeirq: fix wake irq warning in system suspend", " - mmc: tmio: avoid concurrent runs of mmc_request_done()", " - fuse: fix root lookup with nonzero generation", " - fuse: don't unhash root", " - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros", " - printk/console: Split out code that enables default console", " - serial: Lock console when calling into driver before registration", " - btrfs: fix off-by-one chunk length calculation at contains_pending_extent()", " - PCI: Drop pci_device_remove() test of pci_dev->driver", " - PCI/PM: Drain runtime-idle callbacks before driver removal", " - PCI: Work around Intel I210 ROM BAR overlap defect", " - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited", " - PCI/DPC: Quirk PIO log size for certain Intel Root Ports", " - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports", " - dm-raid: fix lockdep waring in \"pers->hot_add_disk\"", " - mac802154: fix llsec key resources release in mac802154_llsec_key_del", " - swap: comments get_swap_device() with usage rule", " - mm: swap: fix race between free_swap_and_cache() and swapoff()", " - mmc: core: Fix switch on gp3 partition", " - drm/etnaviv: Restore some id values", " - landlock: Warn once if a Landlock action is requested while disabled", " - hwmon: (amc6821) add of_match table", " - ext4: fix corruption during on-line resize", " - nvmem: meson-efuse: fix function pointer type mismatch", " - slimbus: core: Remove usage of the deprecated ida_simple_xx() API", " - phy: tegra: xusb: Add API to retrieve the port number of phy", " - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic", " - speakup: Fix 8bit characters from direct synth", " - PCI/AER: Block runtime suspend when handling errors", " - nfs: fix UAF in direct writes", " - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1", " - PCI: dwc: endpoint: Fix advertised resizable BAR size", " - vfio/platform: Disable virqfds on cleanup", " - ksmbd: retrieve number of blocks using vfs_getattr in", " set_file_allocation_info", " - ring-buffer: Fix waking up ring buffer readers", " - ring-buffer: Do not set shortest_full when full target is hit", " - ring-buffer: Fix resetting of shortest_full", " - ring-buffer: Fix full_waiters_pending in poll", " - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()", " - soc: fsl: qbman: Always disable interrupts when taking cgr_lock", " - soc: fsl: qbman: Add helper for sanity checking cgr ops", " - soc: fsl: qbman: Add CGR update function", " - soc: fsl: qbman: Use raw spinlock for cgr_lock", " - s390/zcrypt: fix reference counting on zcrypt card objects", " - drm/panel: do not return negative error codes from drm_panel_get_modes()", " - drm/exynos: do not return negative values from .get_modes()", " - drm/imx/ipuv3: do not return negative values from .get_modes()", " - drm/vc4: hdmi: do not return negative values from .get_modes()", " - memtest: use {READ,WRITE}_ONCE in memory scanning", " - nilfs2: fix failure to detect DAT corruption in btree and direct mappings", " - nilfs2: prevent kernel bug at submit_bh_wbc()", " - cpufreq: dt: always allocate zeroed cpumask", " - x86/CPU/AMD: Update the Zenbleed microcode revisions", " - NFSD: Fix nfsd_clid_class use of __string_len() macro", " - net: hns3: tracing: fix hclgevf trace event strings", " - wireguard: netlink: check for dangling peer via is_dead instead of empty", " list", " - wireguard: netlink: access device through ctx instead of peer", " - ahci: asm1064: correct count of reported ports", " - ahci: asm1064: asm1166: don't limit reported ports", " - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag", " - drm/amd/display: Return the correct HDCP error code", " - drm/amd/display: Fix noise issue on HDMI AV mute", " - dm snapshot: fix lockup in dm_exception_table_exit", " - x86/pm: Work around false positive kmemleak report in msr_build_context()", " - net: ravb: Add R-Car Gen4 support", " - cpufreq: brcmstb-avs-cpufreq: fix up \"add check for cpufreq_cpu_get's return", " value\"", " - netfilter: nf_tables: reject constant set with timeout", " - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of", " memory", " - xfrm: Avoid clang fortify warning in copy_to_user_tmpl()", " - KVM: SVM: Flush pages under kvm->lock to fix UAF in", " svm_register_enc_region()", " - tracing: Use .flush() call to wake up readers", " - drm/i915: Check before removing mm notifier", " - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command", " - usb: gadget: ncm: Fix handling of zero block length packets", " - usb: port: Don't try to peer unused USB ports based on location", " - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled", " - mei: me: add arrow lake point S DID", " - mei: me: add arrow lake point H DID", " - vt: fix unicode buffer corruption when deleting characters", " - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion", " - tee: optee: Fix kernel panic caused by incorrect error handling", " - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table", " - xen/events: close evtchn after mapping cleanup", " - clocksource/drivers/arm_global_timer: Fix maximum prescaler value", " - entry: Respect changes to system call number by trace_sys_enter()", " - minmax: add umin(a, b) and umax(a, b)", " - swiotlb: Fix alignment checks when both allocation and DMA masks are present", " - dma-mapping: add dma_opt_mapping_size()", " - dma-iommu: add iommu_dma_opt_mapping_size()", " - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device", " - printk: Update @console_may_schedule in console_trylock_spinning()", " - tty: serial: imx: Fix broken RS485", " - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix", " - x86/bugs: Add asm helpers for executing VERW", " - x86/entry_64: Add VERW just before userspace transition", " - x86/entry_32: Add VERW just before userspace transition", " - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key", " - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH", " - KVM/VMX: Move VERW closer to VMentry for MDS mitigation", " - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set", " - Documentation/hw-vuln: Add documentation for RFDS", " - x86/rfds: Mitigate Register File Data Sampling (RFDS)", " - [Config] updateconfigs for MITIGATION_RFDS", " - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests", " - arch: Introduce CONFIG_FUNCTION_ALIGNMENT", " - [Config] updateconfigs for FUNCTION_ALIGNMENT", " - x86/asm: Differentiate between code and function alignment", " - x86/alternatives: Introduce int3_emulate_jcc()", " - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions", " - x86/static_call: Add support for Jcc tail-calls", " - fsnotify: pass data_type to fsnotify_name()", " - fsnotify: pass dentry instead of inode data", " - fsnotify: clarify contract for create event hooks", " - fsnotify: Don't insert unmergeable events in hashtable", " - fanotify: Fold event size calculation to its own function", " - fanotify: Split fsid check from other fid mode checks", " - inotify: Don't force FS_IN_IGNORED", " - fsnotify: Add helper to detect overflow_event", " - fsnotify: Add wrapper around fsnotify_add_event", " - fsnotify: Retrieve super block from the data field", " - fsnotify: Protect fsnotify_handle_inode_event from no-inode events", " - fsnotify: Pass group argument to free_event", " - fanotify: Support null inode event in fanotify_dfid_inode", " - fanotify: Allow file handle encoding for unhashed events", " - fanotify: Encode empty file handle when no inode is provided", " - fanotify: Require fid_mode for any non-fd event", " - fsnotify: Support FS_ERROR event type", " - fanotify: Reserve UAPI bits for FAN_FS_ERROR", " - fanotify: Pre-allocate pool of error events", " - fanotify: Support enqueueing of error events", " - fanotify: Support merging of error events", " - fanotify: Wrap object_fh inline space in a creator macro", " - fanotify: Add helpers to decide whether to report FID/DFID", " - fanotify: WARN_ON against too large file handles", " - fanotify: Report fid info for file related file system errors", " - fanotify: Emit generic error info for error event", " - fanotify: Allow users to request FAN_FS_ERROR events", " - ext4: Send notifications on error", " - docs: Document the FAN_FS_ERROR event", " - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s", " - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field", " - NFS: Move generic FS show macros to global header", " - NFS: Move NFS protocol display macros to global header", " - NFSD: Optimize DRC bucket pruning", " - NFSD: move filehandle format declarations out of \"uapi\".", " - NFSD: drop support for ancient filehandles", " - NFSD: simplify struct nfsfh", " - NFSD: Initialize pointer ni with NULL and not plain integer 0", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_decode", " - SUNRPC: Change return value type of .pc_decode", " - NFSD: Save location of NFSv4 COMPOUND status", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_encode", " - SUNRPC: Change return value type of .pc_encode", " - nfsd: update create verifier comment", " - NFSD:fix boolreturn.cocci warning", " - nfsd4: remove obselete comment", " - ext4: fix error code saved on super block during file system abort", " - fsnotify: clarify object type argument", " - fsnotify: separate mark iterator type from object type enum", " - fanotify: introduce group flag FAN_REPORT_TARGET_FID", " - fsnotify: generate FS_RENAME event with rich information", " - fanotify: use macros to get the offset to fanotify_info buffer", " - fanotify: use helpers to parcel fanotify_info buffer", " - fanotify: support secondary dir fh and name in fanotify_info", " - fanotify: record old and new parent and name in FAN_RENAME event", " - fanotify: record either old name new name or both for FAN_RENAME", " - fanotify: report old and/or new parent+name in FAN_RENAME event", " - fanotify: wire up FAN_RENAME event", " - exit: Implement kthread_exit", " - exit: Rename module_put_and_exit to module_put_and_kthread_exit", " - NFSD: handle errors better in write_ports_addfd()", " - SUNRPC: change svc_get() to return the svc.", " - SUNRPC/NFSD: clean up get/put functions.", " - SUNRPC: stop using ->sv_nrthreads as a refcount", " - nfsd: make nfsd_stats.th_cnt atomic_t", " - SUNRPC: use sv_lock to protect updates to sv_nrthreads.", " - NFSD: narrow nfsd_mutex protection in nfsd thread", " - NFSD: Make it possible to use svc_set_num_threads_sync", " - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()", " - NFSD: simplify locking for network notifier.", " - lockd: introduce nlmsvc_serv", " - lockd: simplify management of network status notifiers", " - lockd: move lockd_start_svc() call into lockd_create_svc()", " - lockd: move svc_exit_thread() into the thread", " - lockd: introduce lockd_put()", " - lockd: rename lockd_create_svc() to lockd_get()", " - SUNRPC: move the pool_map definitions (back) into svc.c", " - SUNRPC: always treat sv_nrpools==1 as \"not pooled\"", " - lockd: use svc_set_num_threads() for thread start and stop", " - NFS: switch the callback service back to non-pooled.", " - NFSD: Remove be32_to_cpu() from DRC hash function", " - NFSD: Fix inconsistent indenting", " - NFSD: simplify per-net file cache management", " - NFSD: Combine XDR error tracepoints", " - nfsd: improve stateid access bitmask documentation", " - NFSD: De-duplicate nfsd4_decode_bitmap4()", " - nfs: block notification on fs with its own ->lock", " - nfsd4: add refcount for nfsd4_blocked_lock", " - nfsd: map EBADF", " - nfsd: Add errno mapping for EREMOTEIO", " - nfsd: Retry once in nfsd_open on an -EOPENSTALE return", " - NFSD: Clean up nfsd_vfs_write()", " - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)", " - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()", " - NFSD: Write verifier might go backwards", " - NFSD: Clean up the nfsd_net::nfssvc_boot field", " - NFSD: Rename boot verifier functions", " - NFSD: Trace boot verifier resets", " - NFSD: Move fill_pre_wcc() and fill_post_wcc()", " - fsnotify: invalidate dcache before IN_DELETE event", " - NFSD: Deprecate NFS_OFFSET_MAX", " - nfsd: Add support for the birth time attribute", " - orDate: Thu Sep 30 19:19:57 2021 -0400", " - NFSD: Skip extra computation for RC_NOCACHE case", " - NFSD: Streamline the rare \"found\" case", " - NFSD: Remove NFSD_PROC_ARGS_* macros", " - SUNRPC: Remove the .svo_enqueue_xprt method", " - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()", " - SUNRPC: Remove svo_shutdown method", " - SUNRPC: Rename svc_create_xprt()", " - SUNRPC: Rename svc_close_xprt()", " - SUNRPC: Remove svc_shutdown_net()", " - NFSD: Remove svc_serv_ops::svo_module", " - NFSD: Move svc_serv_ops::svo_function into struct svc_serv", " - NFSD: Remove CONFIG_NFSD_V3", " - [Config] updateconfigs for NFSD_V3", " - NFSD: Clean up _lm_ operation names", " - nfsd: fix using the correct variable for sizeof()", " - fsnotify: fix merge with parent's ignored mask", " - fsnotify: optimize FS_MODIFY events with no ignored masks", " - fsnotify: remove redundant parameter judgment", " - nfsd: Fix a write performance regression", " - nfsd: Clean up nfsd_file_put()", " - fanotify: do not allow setting dirent events in mask of non-dir", " - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.", " - inotify: move control flags from mask to mark flags", " - fsnotify: pass flags argument to fsnotify_alloc_group()", " - fsnotify: make allow_dups a property of the group", " - fsnotify: create helpers for group mark_mutex lock", " - inotify: use fsnotify group lock helpers", " - nfsd: use fsnotify group lock helpers", " - dnotify: use fsnotify group lock helpers", " - fsnotify: allow adding an inode mark without pinning inode", " - fanotify: create helper fanotify_mark_user_flags()", " - fanotify: factor out helper fanotify_mark_update_flags()", " - fanotify: implement \"evictable\" inode marks", " - fanotify: use fsnotify group lock helpers", " - fanotify: enable \"evictable\" inode marks", " - fsnotify: introduce mark type iterator", " - fsnotify: consistent behavior for parent not watching children", " - fanotify: fix incorrect fmode_t casts", " - NFSD: Clean up nfsd_splice_actor()", " - NFSD: add courteous server support for thread with only delegation", " - NFSD: add support for share reservation conflict to courteous server", " - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd", " - fs/lock: add helper locks_owner_has_blockers to check for blockers", " - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict", " - NFSD: add support for lock conflict to courteous server", " - NFSD: Show state of courtesy client in client info", " - NFSD: Clean up nfsd3_proc_create()", " - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()", " - NFSD: Refactor nfsd_create_setattr()", " - NFSD: Refactor NFSv3 CREATE", " - NFSD: Refactor NFSv4 OPEN(CREATE)", " - NFSD: Remove do_nfsd_create()", " - NFSD: Clean up nfsd_open_verified()", " - NFSD: Instantiate a struct file when creating a regular NFSv4 file", " - NFSD: Remove dprintk call sites from tail of nfsd4_open()", " - NFSD: Fix whitespace", " - NFSD: Move documenting comment for nfsd4_process_open2()", " - NFSD: Trace filecache opens", " - SUNRPC: Use RMW bitops in single-threaded hot paths", " - nfsd: Unregister the cld notifier when laundry_wq create failed", " - nfsd: Fix null-ptr-deref in nfsd_fill_super()", " - NFSD: Modernize nfsd4_release_lockowner()", " - NFSD: Add documenting comment for nfsd4_release_lockowner()", " - NFSD: nfsd_file_put() can sleep", " - NFSD: Fix potential use-after-free in nfsd_file_put()", " - NFS: restore module put when manager exits.", " - fanotify: refine the validation checks on non-dir inode mask", " - NFSD: Decode NFSv4 birth time attribute", " - fs: inotify: Fix typo in inotify comment", " - fanotify: prepare for setting event flags in ignore mask", " - fanotify: cleanups for fanotify_mark() input validations", " - fanotify: introduce FAN_MARK_IGNORE", " - fsnotify: Fix comment typo", " - NLM: Defend against file_lock changes after vfs_test_lock()", " - NFSD: Instrument fh_verify()", " - NFSD: Fix space and spelling mistake", " - nfsd: remove redundant assignment to variable len", " - NFSD: Demote a WARN to a pr_warn()", " - NFSD: Report filecache LRU size", " - NFSD: Report count of calls to nfsd_file_acquire()", " - NFSD: Report count of freed filecache items", " - NFSD: Report average age of filecache items", " - NFSD: Add nfsd_file_lru_dispose_list() helper", " - NFSD: Refactor nfsd_file_gc()", " - NFSD: Refactor nfsd_file_lru_scan()", " - NFSD: Report the number of items evicted by the LRU walk", " - NFSD: Record number of flush calls", " - NFSD: Zero counters when the filecache is re-initialized", " - NFSD: Hook up the filecache stat file", " - NFSD: WARN when freeing an item still linked via nf_lru", " - NFSD: Trace filecache LRU activity", " - NFSD: Leave open files out of the filecache LRU", " - NFSD: Fix the filecache LRU shrinker", " - NFSD: Never call nfsd_file_gc() in foreground paths", " - NFSD: No longer record nf_hashval in the trace log", " - NFSD: Remove lockdep assertion from unhash_and_release_locked()", " - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode", " - NFSD: Refactor __nfsd_file_close_inode()", " - NFSD: nfsd_file_hash_remove can compute hashval", " - NFSD: Remove nfsd_file::nf_hashval", " - NFSD: Replace the \"init once\" mechanism", " - NFSD: Set up an rhashtable for the filecache", " - NFSD: Convert the filecache to use rhashtable", " - NFSD: Clean up unused code after rhashtable conversion", " - NFSD: Separate tracepoints for acquire and create", " - NFSD: Move nfsd_file_trace_alloc() tracepoint", " - NFSD: NFSv4 CLOSE should release an nfsd_file immediately", " - NFSD: Ensure nf_inode is never dereferenced", " - NFSD: refactoring v4 specific code to a helper in nfs4state.c", " - NFSD: keep track of the number of v4 clients in the system", " - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory", " - nfsd: silence extraneous printk on nfsd.ko insertion", " - NFSD: Optimize nfsd4_encode_operation()", " - NFSD: Optimize nfsd4_encode_fattr()", " - NFSD: Clean up SPLICE_OK in nfsd4_encode_read()", " - NFSD: Add an nfsd4_read::rd_eof field", " - NFSD: Optimize nfsd4_encode_readv()", " - NFSD: Simplify starting_len", " - NFSD: Use xdr_pad_size()", " - NFSD: Clean up nfsd4_encode_readlink()", " - NFSD: Fix strncpy() fortify warning", " - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox", " - NFSD: Shrink size of struct nfsd4_copy_notify", " - NFSD: Shrink size of struct nfsd4_copy", " - NFSD: Reorder the fields in struct nfsd4_op", " - NFSD: Make nfs4_put_copy() static", " - NFSD: Replace boolean fields in struct nfsd4_copy", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)", " - NFSD: Refactor nfsd4_do_copy()", " - NFSD: Remove kmalloc from nfsd4_do_async_copy()", " - NFSD: Add nfsd4_send_cb_offload()", " - NFSD: Move copy offload callback arguments into a separate structure", " - NFSD: drop fh argument from alloc_init_deleg", " - NFSD: verify the opened dentry after setting a delegation", " - NFSD: introduce struct nfsd_attrs", " - NFSD: set attributes when creating symlinks", " - NFSD: add security label to struct nfsd_attrs", " - NFSD: add posix ACLs to struct nfsd_attrs", " - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before", " returning.", " - NFSD: always drop directory lock in nfsd_unlink()", " - NFSD: only call fh_unlock() once in nfsd_link()", " - NFSD: reduce locking in nfsd_lookup()", " - NFSD: use explicit lock/unlock for directory ops", " - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations", " - NFSD: discard fh_locked flag and fh_lock/fh_unlock", " - NFSD: fix regression with setting ACLs.", " - nfsd_splice_actor(): handle compound pages", " - NFSD: move from strlcpy with unused retval to strscpy", " - lockd: move from strlcpy with unused retval to strscpy", " - NFSD enforce filehandle check for source file in COPY", " - NFSD: remove redundant variable status", " - nfsd: Avoid some useless tests", " - nfsd: Propagate some error code returned by memdup_user()", " - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND", " - NFSD: drop fname and flen args from nfsd_create_locked()", " - nfsd: clean up mounted_on_fileid handling", " - nfsd: remove nfsd4_prepare_cb_recall() declaration", " - NFSD: Replace dprintk() call site in fh_verify()", " - NFSD: Trace NFSv4 COMPOUND tags", " - NFSD: Add tracepoints to report NFSv4 callback completions", " - NFSD: Add a mechanism to wait for a DELEGRETURN", " - NFSD: Refactor nfsd_setattr()", " - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY", " - NFSD: keep track of the number of courtesy clients in the system", " - NFSD: add shrinker to reap courtesy clients on low memory condition", " - SUNRPC: Parametrize how much of argsize should be zeroed", " - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing", " - NFSD: Refactor common code out of dirlist helpers", " - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks", " - NFSD: Clean up WRITE arg decoders", " - NFSD: Clean up nfs4svc_encode_compoundres()", " - NFSD: Remove unused nfsd4_compoundargs::cachetype field", " - NFSD: Pack struct nfsd4_compoundres", " - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and", " supported_enctypes_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops", " - NFSD: Rename the fields in copy_stateid_t", " - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid", " - nfsd: fix comments about spinlock handling with delegations", " - nfsd: make nfsd4_run_cb a bool return function", " - nfsd: extra checks when freeing delegation stateids", " - fs/notify: constify path", " - fsnotify: remove unused declaration", " - fanotify: Remove obsoleted fanotify_event_has_path()", " - nfsd: fix nfsd_file_unhash_and_dispose", " - nfsd: rework hashtable handling in nfsd_do_file_acquire", " - NFSD: unregister shrinker when nfsd_init_net() fails", " - nfsd: ensure we always call fh_verify_error tracepoint", " - nfsd: fix net-namespace logic in __nfsd_file_cache_purge", " - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint", " - nfsd: put the export reference in nfsd4_verify_deleg_dentry", " - NFSD: Fix trace_nfsd_fh_verify_err() crasher", " - NFSD: Fix reads with a non-zero offset that don't end on a page boundary", " - lockd: use locks_inode_context helper", " - nfsd: use locks_inode_context helper", " - NFSD: Simplify READ_PLUS", " - NFSD: Remove redundant assignment to variable host_err", " - NFSD: Finish converting the NFSv3 GETACL result encoder", " - nfsd: ignore requests to disable unsupported versions", " - nfsd: move nfserrno() to vfs.c", " - nfsd: allow disabling NFSv2 at compile time", " - [Config] updateconfigs for NFSD_V2", " - exportfs: use pr_debug for unreachable debug statements", " - NFSD: Pass the target nfsd_file to nfsd_commit()", " - NFSD: Revert \"NFSD: NFSv4 CLOSE should release an nfsd_file immediately\"", " - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection", " - NFSD: Flesh out a documenting comment for filecache.c", " - NFSD: Clean up nfs4_preprocess_stateid_op() call sites", " - NFSD: Trace stateids returned via DELEGRETURN", " - NFSD: Trace delegation revocations", " - NFSD: Use const pointers as parameters to fh_ helpers", " - NFSD: Update file_hashtbl() helpers", " - NFSD: Clean up nfsd4_init_file()", " - NFSD: Add a nfsd4_file_hash_remove() helper", " - NFSD: Clean up find_or_add_file()", " - NFSD: Refactor find_file()", " - NFSD: Use rhashtable for managing nfs4_file objects", " - NFSD: Fix licensing header in filecache.c", " - nfsd: remove the pages_flushed statistic from filecache", " - nfsd: reorganize filecache.c", " - filelock: add a new locks_inode_context accessor function", " - nfsd: fix up the filecache laundrette scheduling", " - NFSD: Add an nfsd_file_fsync tracepoint", " - nfsd: return error if nfs4_setacl fails", " - NFSD: Use struct_size() helper in alloc_session()", " - lockd: set missing fl_flags field when retrieving args", " - lockd: ensure we use the correct file descriptor when unlocking", " - lockd: fix file selection in nlmsvc_cancel_blocked", " - trace: Relocate event helper files", " - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker", " - NFSD: add support for sending CB_RECALL_ANY", " - NFSD: add delegation reaper to react to low memory condition", " - NFSD: add CB_RECALL_ANY tracepoints", " - NFSD: Use only RQ_DROPME to signal the need to drop a reply", " - NFSD: Avoid clashing function prototypes", " - nfsd: rework refcounting in filecache", " - nfsd: fix handling of cached open files in nfsd4_open codepath", " - Revert \"SUNRPC: Use RMW bitops in single-threaded hot paths\"", " - NFSD: Use set_bit(RQ_DROPME)", " - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown", " time", " - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker", " - nfsd: don't free files unconditionally in __nfsd_file_cache_purge", " - nfsd: don't destroy global nfs4_file table in per-net shutdown", " - NFSD: enhance inter-server copy cleanup", " - nfsd: allow nfsd_file_get to sanely handle a NULL pointer", " - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath", " - NFSD: fix leaked reference count of nfsd4_ssc_umount_item", " - nfsd: don't hand out delegation on setuid files being opened for write", " - NFSD: fix problems with cleanup on errors in nfsd4_copy", " - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open", " - nfsd: don't fsync nfsd_files on last close", " - NFSD: copy the whole verifier in nfsd_copy_write_verifier", " - NFSD: Protect against filesystem freezing", " - nfsd: don't replace page in rq_pages if it's a continuation of last page", " - nfsd: call op_release, even when op_func returns an error", " - nfsd: don't open-code clear_and_wake_up_bit", " - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries", " - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator", " - nfsd: don't kill nfsd_files because of lease break error", " - nfsd: add some comments to nfsd_file_do_acquire", " - nfsd: don't take/put an extra reference when putting a file", " - nfsd: update comment over __nfsd_file_cache_purge", " - nfsd: allow reaping files still under writeback", " - NFSD: Convert filecache to rhltable", " - nfsd: simplify the delayed disposal list code", " - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop", " - nfsd: make a copy of struct iattr before calling notify_change", " - nfsd: fix double fget() bug in __write_ports_addfd()", " - lockd: drop inappropriate svc_get() from locked_get()", " - NFSD: Add an nfsd4_encode_nfstime4() helper", " - nfsd: Fix creation time serialization order", " - nfsd: Simplify code around svc_exit_thread() call in nfsd()", " - nfsd: separate nfsd_last_thread() from nfsd_put()", " - Documentation: Add missing documentation for EXPORT_OP flags", " - NFSD: fix possible oops when nfsd/pool_stats is closed.", " - nfsd: call nfsd_last_thread() before final nfsd_put()", " - nfsd: drop the nfsd_put helper", " - nfsd: fix RELEASE_LOCKOWNER", " - nfsd: don't take fi_lock in nfsd_break_deleg_cb()", " - nfsd: don't call locks_release_private() twice concurrently", " - nfsd: Fix a regression in nfsd_setattr()", " - perf/core: Fix reentry problem in perf_output_read_group()", " - efivarfs: Request at most 512 bytes for variable names", " - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS", " - selftests: mptcp: diag: return KSFT_FAIL not test_cnt", " - vfio/pci: Disable auto-enable of exclusive INTx IRQ", " - vfio/pci: Lock external INTx masking ops", " - vfio: Introduce interface to flush virqfd inject workqueue", " - vfio/pci: Create persistent INTx handler", " - vfio/platform: Create persistent IRQ handlers", " - vfio/fsl-mc: Block calling interrupt handler without trigger", " - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO", " - mm/migrate: set swap entry values of THP tail pages properly.", " - init: open /initrd.image with O_LARGEFILE", " - btrfs: zoned: use zone aware sb location for scrub", " - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", " - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()", " - hexagon: vmlinux.lds.S: handle attributes section", " - mmc: core: Initialize mmc_blk_ioc_data", " - mmc: core: Avoid negative index with array access", " - net: ll_temac: platform_get_resource replaced by wrong function", " - drm/i915/gt: Reset queue_priority_hint on parking", " - drm/amdgpu: Use drm_mode_copy()", " - drm/amd/display: Preserve original aspect ratio in create stream", " - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", " - scsi: core: Fix unremoved procfs host directory regression", " - staging: vc04_services: changen strncpy() to strscpy_pad()", " - staging: vc04_services: fix information leak in create_component()", " - USB: core: Add hub_get() and hub_put() routines", " - usb: dwc2: host: Fix remote wakeup from hibernation", " - usb: dwc2: host: Fix hibernation flow", " - usb: dwc2: host: Fix ISOC flow in DDMA mode", " - usb: dwc2: gadget: Fix exiting from clock gating", " - usb: dwc2: gadget: LPM flow fix", " - usb: udc: remove warning when queue disabled ep", " - usb: typec: ucsi: Ack unsupported commands", " - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset", " - scsi: qla2xxx: Prevent command send on chip reset", " - scsi: qla2xxx: Fix N2N stuck connection", " - scsi: qla2xxx: Split FCE|EFT trace control", " - scsi: qla2xxx: NVME|FCP prefer flag not being honored", " - scsi: qla2xxx: Fix command flush on cable pull", " - scsi: qla2xxx: Fix double free of fcport", " - scsi: qla2xxx: Change debug message during driver unload", " - scsi: qla2xxx: Delay I/O Abort on PCI error", " - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled", " - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports", " - scsi: lpfc: Correct size for wqe for memset()", " - USB: core: Fix deadlock in usb_deauthorize_interface()", " - scsi: usb: Call scsi_done() directly", " - scsi: usb: Stop using the SCSI pointer", " - USB: UAS: return ENODEV when submit urbs fail with device not attached", " - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet", " - mlxbf_gige: stop PHY during open() error paths", " - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy", " - wifi: iwlwifi: mvm: rfi: fix potential response leaks", " - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()", " - s390/qeth: handle deferred cc1", " - tcp: properly terminate timers for kernel sockets", " - ACPICA: debugger: check status of acpi_evaluate_object() in", " acpi_db_walk_for_fields()", " - mlxbf_gige: call request_irq() after NAPI initialized", " - bpf: Protect against int overflow for stack access size", " - Octeontx2-af: fix pause frame configuration in GMP mode", " - dm integrity: fix out-of-range warning", " - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d", " - x86/cpufeatures: Add new word for scattered features", " - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word", " - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken", " - Bluetooth: hci_event: set the conn encrypted before conn establishes", " - Bluetooth: Fix TOCTOU in HCI debugfs implementation", " - xen-netfront: Add missing skb_mark_for_recycle", " - net/rds: fix possible cp null dereference", " - locking/rwsem: Disable preemption while trying for rwsem lock", " - io_uring: ensure '0' is returned on file registration success", " - Revert \"x86/mm/ident_map: Use gbpages only where full GB page should be", " mapped.\"", " - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL", " allocations", " - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util", " - KVM: x86: Bail to userspace if emulation of atomic user access faults", " - KVM: x86: Mark target gfn of emulated atomic instruction as dirty", " - netfilter: nf_tables: reject new basechain after table flag update", " - netfilter: nf_tables: flush pending destroy work before exit_net release", " - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()", " - netfilter: validate user input for expected length", " - vboxsf: Avoid an spurious warning if load_nls_xxx() fails", " - bpf, sockmap: Prevent lock inversion deadlock in map delete elem", " - net/sched: act_skbmod: prevent kernel-infoleak", " - net: stmmac: fix rx queue priority assignment", " - selftests: net: gro fwd: update vxlan GRO test expectations", " - erspan: make sure erspan_base_hdr is present in skb->head", " - selftests: reuseaddr_conflict: add missing new line at the end of the output", " - ipv6: Fix infinite recursion in fib6_dump_done().", " - mlxbf_gige: stop interface during shutdown", " - udp: do not accept non-tunnel GSO skbs landing in a tunnel", " - udp: do not transition UDP GRO fraglist partial checksums to unnecessary", " - udp: prevent local UDP tunnel packets from being GROed", " - octeontx2-af: Fix issue with loading coalesced KPU profiles", " - octeontx2-pf: check negative error code in otx2_open()", " - i40e: fix i40e_count_filters() to count only active/new filters", " - i40e: fix vf may be used uninitialized in this function warning", " - scsi: qla2xxx: Update manufacturer details", " - scsi: qla2xxx: Update manufacturer detail", " - Revert \"usb: phy: generic: Get the vbus supply\"", " - i40e: Store the irq number in i40e_q_vector", " - i40e: Remove _t suffix from enum type names", " - i40e: Enforce software interrupt during busy-poll exit", " - net: usb: asix: suspend embedded PHY if external is used", " - drivers: net: convert to boolean for the mac_managed_pm flag", " - net: fec: Set mac_managed_pm during probe", " - net: ravb: Always process TX descriptor ring", " - ASoC: rt5682-sdw: fix locking sequence", " - ASoC: rt711-sdca: fix locking sequence", " - ASoC: rt711-sdw: fix locking sequence", " - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw", " - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit", " - scsi: mylex: Fix sysfs buffer lengths", " - ata: sata_mv: Fix PCI device ID table declaration compilation warning", " - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY", " - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running", " - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached", " - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()", " - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with", " microphone", " - driver core: Introduce device_link_wait_removal()", " - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals", " - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()", " - s390/entry: align system call table on 8 bytes", " - riscv: Fix spurious errors from __get/put_kernel_nofault", " - riscv: process: Fix kernel gp leakage", " - x86/bugs: Fix the SRSO mitigation on Zen3/4", " - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for", " !SRSO", " - mptcp: don't account accept() of non-MPC client as fallback to TCP", " - mm/secretmem: fix GUP-fast succeeding on secretmem folios", " - gro: fix ownership transfer", " - nvme: fix miss command type check", " - x86: set SPECTRE_BHI_ON as default", " - Linux 5.15.154", "", " * CVE-2024-23307", " - md/raid5: fix atomicity violation in raid5_cache_count", "", " * CVE-2024-26828", " - cifs: fix underflow in parse_server_interfaces()", "", " * CVE-2024-24861", " - media: xc4000: Fix atomicity violation in xc4000_get_frequency", "", " * CVE-2024-26642", " - netfilter: nf_tables: disallow anonymous set with timeout flag", "", " * CVE-2024-26926", " - binder: check offset alignment in binder_get_object()", "", " * CVE-2024-26922", " - drm/amdgpu: validate the parameters of bo mapping operations more clearly", "", " * CVE-2023-6039", " - timers: Silently ignore timers with a NULL function", "", " * CVE-2024-26924", " - netfilter: nft_set_pipapo: do not free live element", "", " * CVE-2024-26643", " - netfilter: nf_tables: mark set as dead when unbinding anonymous set with", " timeout", "" ], "package": "linux", "version": "5.15.0-115.125", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:06:00 +0200" } ], "notes": "linux-headers-5.15.0-116-generic-lpae version '5.15.0-116.126' (source package linux version '5.15.0-116.126') was added. linux-headers-5.15.0-116-generic-lpae version '5.15.0-116.126' has the same source package name, linux, as removed package linux-headers-5.15.0-113. As such we can use the source package version of the removed package, '5.15.0-113.123', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-5.15.0-116-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738, 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "changes": [ { "cves": [], "log": [ "", " * jammy/linux: 5.15.0-116.126 -proposed tracker (LP: #2071603)", "", " * idxd: NULL pointer dereference reading wq op_config attribute (LP: #2069081)", " - SAUCE: dmaengine: idxd: set is_visible member of idxd_wq_attribute_group", "", " * AMD GPUs fail with null pointer dereference when IOMMU enabled, leading to", " black screen (LP: #2068738)", " - SAUCE: Revert \"drm/amdgpu: init iommu after amdkfd device init\"", "" ], "package": "linux", "version": "5.15.0-116.126", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738 ], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:13:30 +0200" }, { "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-115.125 -proposed tracker (LP: #2068396)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian.master/dkms-versions -- update from kernel-versions", " (main/2024.06.10)", "", " * Jammy update: v5.15.158 upstream stable release (LP: #2067974)", " - smb: client: fix rename(2) regression against samba", " - cifs: reinstate original behavior again for forceuid/forcegid", " - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc", " - HID: logitech-dj: allow mice to use all types of reports", " - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma", " - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma", " - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma", " - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts", " - arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg", " - arm64: dts: mediatek: mt7622: add support for coherent DMA", " - arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch", " - arm64: dts: mediatek: mt7622: fix clock controllers", " - arm64: dts: mediatek: mt7622: fix IR nodename", " - arm64: dts: mediatek: mt7622: fix ethernet controller \"compatible\"", " - arm64: dts: mediatek: mt7622: drop \"reset-names\" from thermal block", " - arm64: dts: mediatek: mt2712: fix validation errors", " - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property", " - wifi: iwlwifi: mvm: remove old PASN station when adding a new one", " - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd", " - vxlan: drop packets from invalid src-address", " - mlxsw: core: Unregister EMAD trap using FORWARD action", " - icmp: prevent possible NULL dereferences from icmp_build_probe()", " - bridge/br_netlink.c: no need to return void function", " - NFC: trf7970a: disable all regulators on removal", " - ipv4: check for NULL idev in ip_route_use_hint()", " - net: usb: ax88179_178a: stop lying about skb->truesize", " - net: gtp: Fix Use-After-Free in gtp_dellink", " - ipvs: Fix checksumming on GSO of SCTP packets", " - net: openvswitch: Fix Use-After-Free in ovs_ct_exit", " - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash", " - mlxsw: spectrum_acl_tcam: Rate limit error message", " - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash", " - mlxsw: spectrum_acl_tcam: Fix warning during rehash", " - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage", " - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", " - netfilter: nf_tables: honor table dormant flag from netdev release event", " path", " - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue", " - i40e: Report MFS in decimal base instead of hex", " - iavf: Fix TC config comparison with existing adapter TC config", " - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets", " - af_unix: Suppress false-positive lockdep splat for spin_lock() in", " __unix_gc().", " - serial: core: Provide port lock wrappers", " - serial: mxs-auart: add spinlock around changing cts state", " - drm-print: add drm_dbg_driver to improve namespace symmetry", " - drm/vmwgfx: Fix crtc's atomic check conditional", " - Revert \"crypto: api - Disallow identical driver names\"", " - net/mlx5e: Fix a race in command alloc flow", " - tracing: Show size of requested perf buffer", " - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker", " together", " - x86/cpu: Fix check for RDPKRU in __show_regs()", " - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()", " - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853", " - Bluetooth: qca: fix NULL-deref on non-serdev suspend", " - mmc: sdhci-msm: pervent access to suspended controller", " - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()", " - cpu: Re-enable CPU mitigations by default for !X86 architectures", " - [Configs] Update CPU mitigation configs", " - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma", " - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3", " - drm/amdgpu: Fix leak when GPU memory allocation fails", " - irqchip/gic-v3-its: Prevent double free on error", " - ethernet: Add helper for assigning packet type when dest address does not", " match device address", " - net: b44: set pause params only when interface is up", " - stackdepot: respect __GFP_NOLOCKDEP allocation flag", " - mtd: diskonchip: work around ubsan link failure", " - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()", " - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()", " - dmaengine: owl: fix register access functions", " - idma64: Don't try to serve interrupts when device is powered off", " - dma: xilinx_dpdma: Fix locking", " - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", " - riscv: fix VMALLOC_START definition", " - riscv: Fix TASK_SIZE on 64-bit NOMMU", " - i2c: smbus: fix NULL function pointer dereference", " - fbdev: fix incorrect address computation in deferred IO", " - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up", " - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS", " - udp: preserve the connected status if only UDP cmsg", " - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()", " - Linux 5.15.158", "", " * Jammy update: v5.15.157 upstream stable release (LP: #2067959)", " - ksmbd: don't send oplock break if rename fails", " - ksmbd: validate payload size in ipc response", " - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1", " - btrfs: record delayed inode root in transaction", " - SUNRPC: Fix rpcgss_context trace event acceptor field", " - selftests/ftrace: Limit length in subsystem-enable tests", " - bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support", " - bpf: Generalize check_ctx_reg for reuse with other types", " - bpf: Generally fix helper register offset check", " - bpf: Fix out of bounds access for ringbuf helpers", " - bpf: Fix ringbuf memory type confusion when passing to helpers", " - kprobes: Fix possible use-after-free issue on kprobe registration", " - Revert \"tracing/trigger: Fix to return error if failed to alloc snapshot\"", " - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()", " - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()", " - netfilter: br_netfilter: skip conntrack input hook for promisc packets", " - netfilter: nf_flow_table: count pending offload workqueue tasks", " - [Config] update configs to enable new NF_FLOW_TABLE_PROCFS", " - netfilter: flowtable: validate pppoe header", " - netfilter: flowtable: incorrect pppoe tuple", " - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().", " - af_unix: Don't peek OOB data without MSG_OOB.", " - tun: limit printing rate when illegal packet received by tun dev", " - net: dsa: mt7530: fix mirroring frames received on local port", " - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them", " - RDMA/rxe: Fix the problem \"mutex_destroy missing\"", " - RDMA/cm: Print the old state when cm_destroy_id gets timeout", " - RDMA/mlx5: Fix port number for counter query in multi-port configuration", " - s390/qdio: handle deferred cc1", " - s390/cio: fix race condition during online processing", " - drm: nv04: Fix out of bounds access", " - drm/panel: visionox-rm69299: don't unregister DSI device", " - clk: Remove prepare_lock hold assertion in __clk_release()", " - clk: Mark 'all_lists' as const", " - clk: remove extra empty line", " - clk: Print an info line before disabling unused clocks", " - clk: Initialize struct clk_core kref earlier", " - clk: Get runtime PM before walking tree during disable_unused", " - x86/bugs: Fix BHI retpoline check", " - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ", " - thunderbolt: Avoid notify PM core about runtime PM resume", " - thunderbolt: Fix wake configurations after device unplug", " - comedi: vmk80xx: fix incomplete endpoint checking", " - serial/pmac_zilog: Remove flawed mitigation for rx irq flood", " - USB: serial: option: add Fibocom FM135-GL variants", " - USB: serial: option: add support for Fibocom FM650/FG650", " - USB: serial: option: add Lonsung U8300/U9300 product", " - USB: serial: option: support Quectel EM060K sub-models", " - USB: serial: option: add Rolling RW101-GL and RW135-GL support", " - USB: serial: option: add Telit FN920C04 rmnet compositions", " - usb: dwc2: host: Fix dereference issue in DDMA completion flow.", " - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport", " error", " - mei: me: disable RPL-S on SPS and IGN firmwares", " - speakup: Avoid crash on very long word", " - fs: sysfs: Fix reference leak in sysfs_break_active_protection()", " - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible", " - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms", " - arm64: hibernate: Fix level3 translation fault in swsusp_save()", " - init/main.c: Fix potential static_command_line memory overflow", " - drm/vmwgfx: Sort primary plane formats by order of preference", " - nouveau: fix instmem race condition around ptr stores", " - nilfs2: fix OOB in nilfs_set_de_type", " - net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP", " - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530", " - net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530", " - net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards", " - Linux 5.15.157", "", " * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)", " - scsi: megaraid_sas: Log message when controller reset is requested but not", " issued", " - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1", "", " * Jammy update: v5.15.156 upstream stable release (LP: #2065857)", " - batman-adv: Avoid infinite loop trying to resize local TT", " - ring-buffer: Only update pages_touched when a new page is touched", " - Bluetooth: Fix memory leak in hci_req_sync_complete()", " - media: cec: core: remove length check of Timer Status", " - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order", " - Revert \"drm/qxl: simplify qxl_fence_wait\"", " - nouveau: fix function cast warning", " - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()", " - net: openvswitch: fix unwanted error log on timeout policy probing", " - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates.", " - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING", " - geneve: fix header validation in geneve[6]_xmit_skb", " - af_unix: Clear stale u->oob_skb.", " - octeontx2-af: Fix NIX SQ mode and BP config", " - ipv6: fib: hide unused 'pn' variable", " - ipv4/route: avoid unused-but-set-variable warning", " - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr", " - netfilter: complete validation of user input", " - net/mlx5: Properly link new fs rules into the tree", " - net: sparx5: fix wrong config being used when reconfiguring PCS", " - net: dsa: mt7530: trap link-local frames regardless of ST Port State", " - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.", " - af_unix: Fix garbage collector racing against connect()", " - net: ena: Fix potential sign extension issue", " - net: ena: Wrong missing IO completions check order", " - net: ena: Fix incorrect descriptor free behavior", " - tracing: hide unused ftrace_event_id_fops", " - iommu/vt-d: Allocate local memory for page request queue", " - btrfs: qgroup: correctly model root qgroup rsv in convert", " - drm/client: Fully protect modes[] with dev->mode_config.mutex", " - vhost: Add smp_rmb() in vhost_vq_avail_empty()", " - perf/x86: Fix out of range data", " - x86/cpu: Actually turn off mitigations by default for", " SPECULATION_MITIGATIONS=n", " - selftests: timers: Fix abs() warning in posix_timers test", " - x86/apic: Force native_apic_mem_read() to use the MOV instruction", " - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument", " - x86/bugs: Fix return type of spectre_bhi_state()", " - x86/bugs: Fix BHI documentation", " - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES", " - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'", " - x86/bugs: Fix BHI handling of RRSBA", " - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation", " - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto", " - [Config] updateconfigs to remove obsolete SPECTRE_BHI_AUTO", " - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with", " CONFIG_MITIGATION_SPECTRE_BHI", " - [Config] updateconfigs to enable new MITIGATION_SPECTRE_BHI", " - drm/i915/cdclk: Fix CDCLK programming order when pipes are active", " - Linux 5.15.156", "", " * Jammy update: v5.15.155 upstream stable release (LP: #2065805)", " - amdkfd: use calloc instead of kzalloc to avoid integer overflow", " - net: dsa: fix panic when DSA master device unbinds on shutdown", " - wifi: ath9k: fix LNA selection in ath_ant_try_scan()", " - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()", " - panic: Flush kernel log buffer at the end", " - cpuidle: Avoid potential overflow in integer multiplication", " - arm64: dts: rockchip: fix rk3328 hdmi ports node", " - arm64: dts: rockchip: fix rk3399 hdmi ports node", " - ionic: set adminq irq affinity", " - pstore/zone: Add a null pointer check to the psz_kmsg_read", " - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()", " - net: pcs: xpcs: Return EINVAL in the internal methods", " - wifi: ath11k: decrease MHI channel buffer length to 8KB", " - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()", " - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()", " - btrfs: send: handle path ref underflow in header iterate_inode_ref()", " - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()", " - Bluetooth: btintel: Fix null ptr deref in btintel_read_version", " - Input: synaptics-rmi4 - fail probing if memory allocation for \"phys\" fails", " - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs", " - sysv: don't call sb_bread() with pointers_lock held", " - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()", " - isofs: handle CDs with bad root inode but good Joliet root directory", " - media: sta2x11: fix irq handler cast", " - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block", " counter", " - ext4: add a hint for block bitmap corrupt state in mb_groups", " - ext4: forbid commit inconsistent quota data when errors=remount-ro", " - drm/amd/display: Fix nanosec stat overflow", " - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned", " int", " - Revert \"ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default\"", " - libperf evlist: Avoid out-of-bounds access", " - block: prevent division by zero in blk_rq_stat_sum()", " - RDMA/cm: add timeout to cm_destroy_id wait", " - Input: allocate keycode for Display refresh rate toggle", " - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi", " Vi8 tablet", " - ktest: force $buildonly = 1 for 'make_warnings_file' test type", " - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent", " environment", " - tools: iio: replace seekdir() in iio_generic_buffer", " - usb: typec: tcpci: add generic tcpci fallback compatible", " - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined", " - ASoC: soc-core.c: Skip dummy codec when adding platforms", " - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2", " - drivers/nvme: Add quirks for device 126f:2262", " - fbmon: prevent division by zero in fb_videomode_from_videomode()", " - netfilter: nf_tables: release batch on table validation from abort path", " - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", " - netfilter: nf_tables: discard table flag update with pending basechain", " deletion", " - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc", " - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text", " - gcc-plugins/stackleak: Avoid .head.text section", " - virtio: reenable config if freezing device failed", " - x86/mm/pat: fix VM_PAT handling in COW mappings", " - randomize_kstack: Improve entropy diffusion", " - platform/x86: intel-vbtn: Update tablet mode switch at end of probe", " - Bluetooth: btintel: Fixe build regression", " - VMCI: Fix possible memcpy() run-time warning in", " vmci_datagram_invoke_guest_handler()", " - Linux 5.15.155", "", " * Jammy update: v5.15.154 upstream stable release (LP: #2065435)", " - Documentation/hw-vuln: Update spectre doc", " - x86/cpu: Support AMD Automatic IBRS", " - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()", " - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd", " - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()", " - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()", " - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts", " - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts", " - pci_iounmap(): Fix MMIO mapping leak", " - KVM: Always flush async #PF workqueue when vCPU is being destroyed", " - sparc64: NMI watchdog: fix return value of __setup handler", " - sparc: vDSO: fix return value of __setup handler", " - crypto: qat - fix double free during reset", " - crypto: qat - resolve race condition during AER recovery", " - selftests/mqueue: Set timeout to 180 seconds", " - ext4: correct best extent lstart adjustment logic", " - block: Clear zone limits for a non-zoned stacked queue", " - kasan: test: add memcpy test that avoids out-of-bounds write", " - kasan/test: avoid gcc warning for intentional overflow", " - bounds: support non-power-of-two CONFIG_NR_CPUS", " - fat: fix uninitialized field in nostale filehandles", " - ubifs: Set page uptodate in the correct place", " - ubi: Check for too small LEB size in VTBL code", " - ubi: correct the calculation of fastmap size", " - mtd: rawnand: meson: fix scrambling mode value in command macro", " - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt", " macros", " - parisc: Fix ip_fast_csum", " - parisc: Fix csum_ipv6_magic on 32-bit systems", " - parisc: Fix csum_ipv6_magic on 64-bit systems", " - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds", " - PM: suspend: Set mem_sleep_current during kernel command line setup", " - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays", " - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays", " - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays", " - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays", " - usb: xhci: Add error handling in xhci_map_urb_for_dma", " - powerpc/fsl: Fix mfpmr build errors with newer binutils", " - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB", " - USB: serial: add device ID for VeriFone adapter", " - USB: serial: cp210x: add ID for MGP Instruments PDS100", " - USB: serial: option: add MeiG Smart SLM320 product", " - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M", " - PM: sleep: wakeirq: fix wake irq warning in system suspend", " - mmc: tmio: avoid concurrent runs of mmc_request_done()", " - fuse: fix root lookup with nonzero generation", " - fuse: don't unhash root", " - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros", " - printk/console: Split out code that enables default console", " - serial: Lock console when calling into driver before registration", " - btrfs: fix off-by-one chunk length calculation at contains_pending_extent()", " - PCI: Drop pci_device_remove() test of pci_dev->driver", " - PCI/PM: Drain runtime-idle callbacks before driver removal", " - PCI: Work around Intel I210 ROM BAR overlap defect", " - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited", " - PCI/DPC: Quirk PIO log size for certain Intel Root Ports", " - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports", " - dm-raid: fix lockdep waring in \"pers->hot_add_disk\"", " - mac802154: fix llsec key resources release in mac802154_llsec_key_del", " - swap: comments get_swap_device() with usage rule", " - mm: swap: fix race between free_swap_and_cache() and swapoff()", " - mmc: core: Fix switch on gp3 partition", " - drm/etnaviv: Restore some id values", " - landlock: Warn once if a Landlock action is requested while disabled", " - hwmon: (amc6821) add of_match table", " - ext4: fix corruption during on-line resize", " - nvmem: meson-efuse: fix function pointer type mismatch", " - slimbus: core: Remove usage of the deprecated ida_simple_xx() API", " - phy: tegra: xusb: Add API to retrieve the port number of phy", " - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic", " - speakup: Fix 8bit characters from direct synth", " - PCI/AER: Block runtime suspend when handling errors", " - nfs: fix UAF in direct writes", " - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1", " - PCI: dwc: endpoint: Fix advertised resizable BAR size", " - vfio/platform: Disable virqfds on cleanup", " - ksmbd: retrieve number of blocks using vfs_getattr in", " set_file_allocation_info", " - ring-buffer: Fix waking up ring buffer readers", " - ring-buffer: Do not set shortest_full when full target is hit", " - ring-buffer: Fix resetting of shortest_full", " - ring-buffer: Fix full_waiters_pending in poll", " - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()", " - soc: fsl: qbman: Always disable interrupts when taking cgr_lock", " - soc: fsl: qbman: Add helper for sanity checking cgr ops", " - soc: fsl: qbman: Add CGR update function", " - soc: fsl: qbman: Use raw spinlock for cgr_lock", " - s390/zcrypt: fix reference counting on zcrypt card objects", " - drm/panel: do not return negative error codes from drm_panel_get_modes()", " - drm/exynos: do not return negative values from .get_modes()", " - drm/imx/ipuv3: do not return negative values from .get_modes()", " - drm/vc4: hdmi: do not return negative values from .get_modes()", " - memtest: use {READ,WRITE}_ONCE in memory scanning", " - nilfs2: fix failure to detect DAT corruption in btree and direct mappings", " - nilfs2: prevent kernel bug at submit_bh_wbc()", " - cpufreq: dt: always allocate zeroed cpumask", " - x86/CPU/AMD: Update the Zenbleed microcode revisions", " - NFSD: Fix nfsd_clid_class use of __string_len() macro", " - net: hns3: tracing: fix hclgevf trace event strings", " - wireguard: netlink: check for dangling peer via is_dead instead of empty", " list", " - wireguard: netlink: access device through ctx instead of peer", " - ahci: asm1064: correct count of reported ports", " - ahci: asm1064: asm1166: don't limit reported ports", " - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag", " - drm/amd/display: Return the correct HDCP error code", " - drm/amd/display: Fix noise issue on HDMI AV mute", " - dm snapshot: fix lockup in dm_exception_table_exit", " - x86/pm: Work around false positive kmemleak report in msr_build_context()", " - net: ravb: Add R-Car Gen4 support", " - cpufreq: brcmstb-avs-cpufreq: fix up \"add check for cpufreq_cpu_get's return", " value\"", " - netfilter: nf_tables: reject constant set with timeout", " - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of", " memory", " - xfrm: Avoid clang fortify warning in copy_to_user_tmpl()", " - KVM: SVM: Flush pages under kvm->lock to fix UAF in", " svm_register_enc_region()", " - tracing: Use .flush() call to wake up readers", " - drm/i915: Check before removing mm notifier", " - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command", " - usb: gadget: ncm: Fix handling of zero block length packets", " - usb: port: Don't try to peer unused USB ports based on location", " - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled", " - mei: me: add arrow lake point S DID", " - mei: me: add arrow lake point H DID", " - vt: fix unicode buffer corruption when deleting characters", " - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion", " - tee: optee: Fix kernel panic caused by incorrect error handling", " - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table", " - xen/events: close evtchn after mapping cleanup", " - clocksource/drivers/arm_global_timer: Fix maximum prescaler value", " - entry: Respect changes to system call number by trace_sys_enter()", " - minmax: add umin(a, b) and umax(a, b)", " - swiotlb: Fix alignment checks when both allocation and DMA masks are present", " - dma-mapping: add dma_opt_mapping_size()", " - dma-iommu: add iommu_dma_opt_mapping_size()", " - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device", " - printk: Update @console_may_schedule in console_trylock_spinning()", " - tty: serial: imx: Fix broken RS485", " - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix", " - x86/bugs: Add asm helpers for executing VERW", " - x86/entry_64: Add VERW just before userspace transition", " - x86/entry_32: Add VERW just before userspace transition", " - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key", " - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH", " - KVM/VMX: Move VERW closer to VMentry for MDS mitigation", " - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set", " - Documentation/hw-vuln: Add documentation for RFDS", " - x86/rfds: Mitigate Register File Data Sampling (RFDS)", " - [Config] updateconfigs for MITIGATION_RFDS", " - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests", " - arch: Introduce CONFIG_FUNCTION_ALIGNMENT", " - [Config] updateconfigs for FUNCTION_ALIGNMENT", " - x86/asm: Differentiate between code and function alignment", " - x86/alternatives: Introduce int3_emulate_jcc()", " - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions", " - x86/static_call: Add support for Jcc tail-calls", " - fsnotify: pass data_type to fsnotify_name()", " - fsnotify: pass dentry instead of inode data", " - fsnotify: clarify contract for create event hooks", " - fsnotify: Don't insert unmergeable events in hashtable", " - fanotify: Fold event size calculation to its own function", " - fanotify: Split fsid check from other fid mode checks", " - inotify: Don't force FS_IN_IGNORED", " - fsnotify: Add helper to detect overflow_event", " - fsnotify: Add wrapper around fsnotify_add_event", " - fsnotify: Retrieve super block from the data field", " - fsnotify: Protect fsnotify_handle_inode_event from no-inode events", " - fsnotify: Pass group argument to free_event", " - fanotify: Support null inode event in fanotify_dfid_inode", " - fanotify: Allow file handle encoding for unhashed events", " - fanotify: Encode empty file handle when no inode is provided", " - fanotify: Require fid_mode for any non-fd event", " - fsnotify: Support FS_ERROR event type", " - fanotify: Reserve UAPI bits for FAN_FS_ERROR", " - fanotify: Pre-allocate pool of error events", " - fanotify: Support enqueueing of error events", " - fanotify: Support merging of error events", " - fanotify: Wrap object_fh inline space in a creator macro", " - fanotify: Add helpers to decide whether to report FID/DFID", " - fanotify: WARN_ON against too large file handles", " - fanotify: Report fid info for file related file system errors", " - fanotify: Emit generic error info for error event", " - fanotify: Allow users to request FAN_FS_ERROR events", " - ext4: Send notifications on error", " - docs: Document the FAN_FS_ERROR event", " - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s", " - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field", " - NFS: Move generic FS show macros to global header", " - NFS: Move NFS protocol display macros to global header", " - NFSD: Optimize DRC bucket pruning", " - NFSD: move filehandle format declarations out of \"uapi\".", " - NFSD: drop support for ancient filehandles", " - NFSD: simplify struct nfsfh", " - NFSD: Initialize pointer ni with NULL and not plain integer 0", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_decode", " - SUNRPC: Change return value type of .pc_decode", " - NFSD: Save location of NFSv4 COMPOUND status", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_encode", " - SUNRPC: Change return value type of .pc_encode", " - nfsd: update create verifier comment", " - NFSD:fix boolreturn.cocci warning", " - nfsd4: remove obselete comment", " - ext4: fix error code saved on super block during file system abort", " - fsnotify: clarify object type argument", " - fsnotify: separate mark iterator type from object type enum", " - fanotify: introduce group flag FAN_REPORT_TARGET_FID", " - fsnotify: generate FS_RENAME event with rich information", " - fanotify: use macros to get the offset to fanotify_info buffer", " - fanotify: use helpers to parcel fanotify_info buffer", " - fanotify: support secondary dir fh and name in fanotify_info", " - fanotify: record old and new parent and name in FAN_RENAME event", " - fanotify: record either old name new name or both for FAN_RENAME", " - fanotify: report old and/or new parent+name in FAN_RENAME event", " - fanotify: wire up FAN_RENAME event", " - exit: Implement kthread_exit", " - exit: Rename module_put_and_exit to module_put_and_kthread_exit", " - NFSD: handle errors better in write_ports_addfd()", " - SUNRPC: change svc_get() to return the svc.", " - SUNRPC/NFSD: clean up get/put functions.", " - SUNRPC: stop using ->sv_nrthreads as a refcount", " - nfsd: make nfsd_stats.th_cnt atomic_t", " - SUNRPC: use sv_lock to protect updates to sv_nrthreads.", " - NFSD: narrow nfsd_mutex protection in nfsd thread", " - NFSD: Make it possible to use svc_set_num_threads_sync", " - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()", " - NFSD: simplify locking for network notifier.", " - lockd: introduce nlmsvc_serv", " - lockd: simplify management of network status notifiers", " - lockd: move lockd_start_svc() call into lockd_create_svc()", " - lockd: move svc_exit_thread() into the thread", " - lockd: introduce lockd_put()", " - lockd: rename lockd_create_svc() to lockd_get()", " - SUNRPC: move the pool_map definitions (back) into svc.c", " - SUNRPC: always treat sv_nrpools==1 as \"not pooled\"", " - lockd: use svc_set_num_threads() for thread start and stop", " - NFS: switch the callback service back to non-pooled.", " - NFSD: Remove be32_to_cpu() from DRC hash function", " - NFSD: Fix inconsistent indenting", " - NFSD: simplify per-net file cache management", " - NFSD: Combine XDR error tracepoints", " - nfsd: improve stateid access bitmask documentation", " - NFSD: De-duplicate nfsd4_decode_bitmap4()", " - nfs: block notification on fs with its own ->lock", " - nfsd4: add refcount for nfsd4_blocked_lock", " - nfsd: map EBADF", " - nfsd: Add errno mapping for EREMOTEIO", " - nfsd: Retry once in nfsd_open on an -EOPENSTALE return", " - NFSD: Clean up nfsd_vfs_write()", " - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)", " - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()", " - NFSD: Write verifier might go backwards", " - NFSD: Clean up the nfsd_net::nfssvc_boot field", " - NFSD: Rename boot verifier functions", " - NFSD: Trace boot verifier resets", " - NFSD: Move fill_pre_wcc() and fill_post_wcc()", " - fsnotify: invalidate dcache before IN_DELETE event", " - NFSD: Deprecate NFS_OFFSET_MAX", " - nfsd: Add support for the birth time attribute", " - orDate: Thu Sep 30 19:19:57 2021 -0400", " - NFSD: Skip extra computation for RC_NOCACHE case", " - NFSD: Streamline the rare \"found\" case", " - NFSD: Remove NFSD_PROC_ARGS_* macros", " - SUNRPC: Remove the .svo_enqueue_xprt method", " - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()", " - SUNRPC: Remove svo_shutdown method", " - SUNRPC: Rename svc_create_xprt()", " - SUNRPC: Rename svc_close_xprt()", " - SUNRPC: Remove svc_shutdown_net()", " - NFSD: Remove svc_serv_ops::svo_module", " - NFSD: Move svc_serv_ops::svo_function into struct svc_serv", " - NFSD: Remove CONFIG_NFSD_V3", " - [Config] updateconfigs for NFSD_V3", " - NFSD: Clean up _lm_ operation names", " - nfsd: fix using the correct variable for sizeof()", " - fsnotify: fix merge with parent's ignored mask", " - fsnotify: optimize FS_MODIFY events with no ignored masks", " - fsnotify: remove redundant parameter judgment", " - nfsd: Fix a write performance regression", " - nfsd: Clean up nfsd_file_put()", " - fanotify: do not allow setting dirent events in mask of non-dir", " - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.", " - inotify: move control flags from mask to mark flags", " - fsnotify: pass flags argument to fsnotify_alloc_group()", " - fsnotify: make allow_dups a property of the group", " - fsnotify: create helpers for group mark_mutex lock", " - inotify: use fsnotify group lock helpers", " - nfsd: use fsnotify group lock helpers", " - dnotify: use fsnotify group lock helpers", " - fsnotify: allow adding an inode mark without pinning inode", " - fanotify: create helper fanotify_mark_user_flags()", " - fanotify: factor out helper fanotify_mark_update_flags()", " - fanotify: implement \"evictable\" inode marks", " - fanotify: use fsnotify group lock helpers", " - fanotify: enable \"evictable\" inode marks", " - fsnotify: introduce mark type iterator", " - fsnotify: consistent behavior for parent not watching children", " - fanotify: fix incorrect fmode_t casts", " - NFSD: Clean up nfsd_splice_actor()", " - NFSD: add courteous server support for thread with only delegation", " - NFSD: add support for share reservation conflict to courteous server", " - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd", " - fs/lock: add helper locks_owner_has_blockers to check for blockers", " - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict", " - NFSD: add support for lock conflict to courteous server", " - NFSD: Show state of courtesy client in client info", " - NFSD: Clean up nfsd3_proc_create()", " - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()", " - NFSD: Refactor nfsd_create_setattr()", " - NFSD: Refactor NFSv3 CREATE", " - NFSD: Refactor NFSv4 OPEN(CREATE)", " - NFSD: Remove do_nfsd_create()", " - NFSD: Clean up nfsd_open_verified()", " - NFSD: Instantiate a struct file when creating a regular NFSv4 file", " - NFSD: Remove dprintk call sites from tail of nfsd4_open()", " - NFSD: Fix whitespace", " - NFSD: Move documenting comment for nfsd4_process_open2()", " - NFSD: Trace filecache opens", " - SUNRPC: Use RMW bitops in single-threaded hot paths", " - nfsd: Unregister the cld notifier when laundry_wq create failed", " - nfsd: Fix null-ptr-deref in nfsd_fill_super()", " - NFSD: Modernize nfsd4_release_lockowner()", " - NFSD: Add documenting comment for nfsd4_release_lockowner()", " - NFSD: nfsd_file_put() can sleep", " - NFSD: Fix potential use-after-free in nfsd_file_put()", " - NFS: restore module put when manager exits.", " - fanotify: refine the validation checks on non-dir inode mask", " - NFSD: Decode NFSv4 birth time attribute", " - fs: inotify: Fix typo in inotify comment", " - fanotify: prepare for setting event flags in ignore mask", " - fanotify: cleanups for fanotify_mark() input validations", " - fanotify: introduce FAN_MARK_IGNORE", " - fsnotify: Fix comment typo", " - NLM: Defend against file_lock changes after vfs_test_lock()", " - NFSD: Instrument fh_verify()", " - NFSD: Fix space and spelling mistake", " - nfsd: remove redundant assignment to variable len", " - NFSD: Demote a WARN to a pr_warn()", " - NFSD: Report filecache LRU size", " - NFSD: Report count of calls to nfsd_file_acquire()", " - NFSD: Report count of freed filecache items", " - NFSD: Report average age of filecache items", " - NFSD: Add nfsd_file_lru_dispose_list() helper", " - NFSD: Refactor nfsd_file_gc()", " - NFSD: Refactor nfsd_file_lru_scan()", " - NFSD: Report the number of items evicted by the LRU walk", " - NFSD: Record number of flush calls", " - NFSD: Zero counters when the filecache is re-initialized", " - NFSD: Hook up the filecache stat file", " - NFSD: WARN when freeing an item still linked via nf_lru", " - NFSD: Trace filecache LRU activity", " - NFSD: Leave open files out of the filecache LRU", " - NFSD: Fix the filecache LRU shrinker", " - NFSD: Never call nfsd_file_gc() in foreground paths", " - NFSD: No longer record nf_hashval in the trace log", " - NFSD: Remove lockdep assertion from unhash_and_release_locked()", " - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode", " - NFSD: Refactor __nfsd_file_close_inode()", " - NFSD: nfsd_file_hash_remove can compute hashval", " - NFSD: Remove nfsd_file::nf_hashval", " - NFSD: Replace the \"init once\" mechanism", " - NFSD: Set up an rhashtable for the filecache", " - NFSD: Convert the filecache to use rhashtable", " - NFSD: Clean up unused code after rhashtable conversion", " - NFSD: Separate tracepoints for acquire and create", " - NFSD: Move nfsd_file_trace_alloc() tracepoint", " - NFSD: NFSv4 CLOSE should release an nfsd_file immediately", " - NFSD: Ensure nf_inode is never dereferenced", " - NFSD: refactoring v4 specific code to a helper in nfs4state.c", " - NFSD: keep track of the number of v4 clients in the system", " - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory", " - nfsd: silence extraneous printk on nfsd.ko insertion", " - NFSD: Optimize nfsd4_encode_operation()", " - NFSD: Optimize nfsd4_encode_fattr()", " - NFSD: Clean up SPLICE_OK in nfsd4_encode_read()", " - NFSD: Add an nfsd4_read::rd_eof field", " - NFSD: Optimize nfsd4_encode_readv()", " - NFSD: Simplify starting_len", " - NFSD: Use xdr_pad_size()", " - NFSD: Clean up nfsd4_encode_readlink()", " - NFSD: Fix strncpy() fortify warning", " - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox", " - NFSD: Shrink size of struct nfsd4_copy_notify", " - NFSD: Shrink size of struct nfsd4_copy", " - NFSD: Reorder the fields in struct nfsd4_op", " - NFSD: Make nfs4_put_copy() static", " - NFSD: Replace boolean fields in struct nfsd4_copy", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)", " - NFSD: Refactor nfsd4_do_copy()", " - NFSD: Remove kmalloc from nfsd4_do_async_copy()", " - NFSD: Add nfsd4_send_cb_offload()", " - NFSD: Move copy offload callback arguments into a separate structure", " - NFSD: drop fh argument from alloc_init_deleg", " - NFSD: verify the opened dentry after setting a delegation", " - NFSD: introduce struct nfsd_attrs", " - NFSD: set attributes when creating symlinks", " - NFSD: add security label to struct nfsd_attrs", " - NFSD: add posix ACLs to struct nfsd_attrs", " - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before", " returning.", " - NFSD: always drop directory lock in nfsd_unlink()", " - NFSD: only call fh_unlock() once in nfsd_link()", " - NFSD: reduce locking in nfsd_lookup()", " - NFSD: use explicit lock/unlock for directory ops", " - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations", " - NFSD: discard fh_locked flag and fh_lock/fh_unlock", " - NFSD: fix regression with setting ACLs.", " - nfsd_splice_actor(): handle compound pages", " - NFSD: move from strlcpy with unused retval to strscpy", " - lockd: move from strlcpy with unused retval to strscpy", " - NFSD enforce filehandle check for source file in COPY", " - NFSD: remove redundant variable status", " - nfsd: Avoid some useless tests", " - nfsd: Propagate some error code returned by memdup_user()", " - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND", " - NFSD: drop fname and flen args from nfsd_create_locked()", " - nfsd: clean up mounted_on_fileid handling", " - nfsd: remove nfsd4_prepare_cb_recall() declaration", " - NFSD: Replace dprintk() call site in fh_verify()", " - NFSD: Trace NFSv4 COMPOUND tags", " - NFSD: Add tracepoints to report NFSv4 callback completions", " - NFSD: Add a mechanism to wait for a DELEGRETURN", " - NFSD: Refactor nfsd_setattr()", " - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY", " - NFSD: keep track of the number of courtesy clients in the system", " - NFSD: add shrinker to reap courtesy clients on low memory condition", " - SUNRPC: Parametrize how much of argsize should be zeroed", " - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing", " - NFSD: Refactor common code out of dirlist helpers", " - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks", " - NFSD: Clean up WRITE arg decoders", " - NFSD: Clean up nfs4svc_encode_compoundres()", " - NFSD: Remove unused nfsd4_compoundargs::cachetype field", " - NFSD: Pack struct nfsd4_compoundres", " - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and", " supported_enctypes_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops", " - NFSD: Rename the fields in copy_stateid_t", " - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid", " - nfsd: fix comments about spinlock handling with delegations", " - nfsd: make nfsd4_run_cb a bool return function", " - nfsd: extra checks when freeing delegation stateids", " - fs/notify: constify path", " - fsnotify: remove unused declaration", " - fanotify: Remove obsoleted fanotify_event_has_path()", " - nfsd: fix nfsd_file_unhash_and_dispose", " - nfsd: rework hashtable handling in nfsd_do_file_acquire", " - NFSD: unregister shrinker when nfsd_init_net() fails", " - nfsd: ensure we always call fh_verify_error tracepoint", " - nfsd: fix net-namespace logic in __nfsd_file_cache_purge", " - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint", " - nfsd: put the export reference in nfsd4_verify_deleg_dentry", " - NFSD: Fix trace_nfsd_fh_verify_err() crasher", " - NFSD: Fix reads with a non-zero offset that don't end on a page boundary", " - lockd: use locks_inode_context helper", " - nfsd: use locks_inode_context helper", " - NFSD: Simplify READ_PLUS", " - NFSD: Remove redundant assignment to variable host_err", " - NFSD: Finish converting the NFSv3 GETACL result encoder", " - nfsd: ignore requests to disable unsupported versions", " - nfsd: move nfserrno() to vfs.c", " - nfsd: allow disabling NFSv2 at compile time", " - [Config] updateconfigs for NFSD_V2", " - exportfs: use pr_debug for unreachable debug statements", " - NFSD: Pass the target nfsd_file to nfsd_commit()", " - NFSD: Revert \"NFSD: NFSv4 CLOSE should release an nfsd_file immediately\"", " - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection", " - NFSD: Flesh out a documenting comment for filecache.c", " - NFSD: Clean up nfs4_preprocess_stateid_op() call sites", " - NFSD: Trace stateids returned via DELEGRETURN", " - NFSD: Trace delegation revocations", " - NFSD: Use const pointers as parameters to fh_ helpers", " - NFSD: Update file_hashtbl() helpers", " - NFSD: Clean up nfsd4_init_file()", " - NFSD: Add a nfsd4_file_hash_remove() helper", " - NFSD: Clean up find_or_add_file()", " - NFSD: Refactor find_file()", " - NFSD: Use rhashtable for managing nfs4_file objects", " - NFSD: Fix licensing header in filecache.c", " - nfsd: remove the pages_flushed statistic from filecache", " - nfsd: reorganize filecache.c", " - filelock: add a new locks_inode_context accessor function", " - nfsd: fix up the filecache laundrette scheduling", " - NFSD: Add an nfsd_file_fsync tracepoint", " - nfsd: return error if nfs4_setacl fails", " - NFSD: Use struct_size() helper in alloc_session()", " - lockd: set missing fl_flags field when retrieving args", " - lockd: ensure we use the correct file descriptor when unlocking", " - lockd: fix file selection in nlmsvc_cancel_blocked", " - trace: Relocate event helper files", " - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker", " - NFSD: add support for sending CB_RECALL_ANY", " - NFSD: add delegation reaper to react to low memory condition", " - NFSD: add CB_RECALL_ANY tracepoints", " - NFSD: Use only RQ_DROPME to signal the need to drop a reply", " - NFSD: Avoid clashing function prototypes", " - nfsd: rework refcounting in filecache", " - nfsd: fix handling of cached open files in nfsd4_open codepath", " - Revert \"SUNRPC: Use RMW bitops in single-threaded hot paths\"", " - NFSD: Use set_bit(RQ_DROPME)", " - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown", " time", " - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker", " - nfsd: don't free files unconditionally in __nfsd_file_cache_purge", " - nfsd: don't destroy global nfs4_file table in per-net shutdown", " - NFSD: enhance inter-server copy cleanup", " - nfsd: allow nfsd_file_get to sanely handle a NULL pointer", " - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath", " - NFSD: fix leaked reference count of nfsd4_ssc_umount_item", " - nfsd: don't hand out delegation on setuid files being opened for write", " - NFSD: fix problems with cleanup on errors in nfsd4_copy", " - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open", " - nfsd: don't fsync nfsd_files on last close", " - NFSD: copy the whole verifier in nfsd_copy_write_verifier", " - NFSD: Protect against filesystem freezing", " - nfsd: don't replace page in rq_pages if it's a continuation of last page", " - nfsd: call op_release, even when op_func returns an error", " - nfsd: don't open-code clear_and_wake_up_bit", " - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries", " - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator", " - nfsd: don't kill nfsd_files because of lease break error", " - nfsd: add some comments to nfsd_file_do_acquire", " - nfsd: don't take/put an extra reference when putting a file", " - nfsd: update comment over __nfsd_file_cache_purge", " - nfsd: allow reaping files still under writeback", " - NFSD: Convert filecache to rhltable", " - nfsd: simplify the delayed disposal list code", " - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop", " - nfsd: make a copy of struct iattr before calling notify_change", " - nfsd: fix double fget() bug in __write_ports_addfd()", " - lockd: drop inappropriate svc_get() from locked_get()", " - NFSD: Add an nfsd4_encode_nfstime4() helper", " - nfsd: Fix creation time serialization order", " - nfsd: Simplify code around svc_exit_thread() call in nfsd()", " - nfsd: separate nfsd_last_thread() from nfsd_put()", " - Documentation: Add missing documentation for EXPORT_OP flags", " - NFSD: fix possible oops when nfsd/pool_stats is closed.", " - nfsd: call nfsd_last_thread() before final nfsd_put()", " - nfsd: drop the nfsd_put helper", " - nfsd: fix RELEASE_LOCKOWNER", " - nfsd: don't take fi_lock in nfsd_break_deleg_cb()", " - nfsd: don't call locks_release_private() twice concurrently", " - nfsd: Fix a regression in nfsd_setattr()", " - perf/core: Fix reentry problem in perf_output_read_group()", " - efivarfs: Request at most 512 bytes for variable names", " - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS", " - selftests: mptcp: diag: return KSFT_FAIL not test_cnt", " - vfio/pci: Disable auto-enable of exclusive INTx IRQ", " - vfio/pci: Lock external INTx masking ops", " - vfio: Introduce interface to flush virqfd inject workqueue", " - vfio/pci: Create persistent INTx handler", " - vfio/platform: Create persistent IRQ handlers", " - vfio/fsl-mc: Block calling interrupt handler without trigger", " - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO", " - mm/migrate: set swap entry values of THP tail pages properly.", " - init: open /initrd.image with O_LARGEFILE", " - btrfs: zoned: use zone aware sb location for scrub", " - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", " - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()", " - hexagon: vmlinux.lds.S: handle attributes section", " - mmc: core: Initialize mmc_blk_ioc_data", " - mmc: core: Avoid negative index with array access", " - net: ll_temac: platform_get_resource replaced by wrong function", " - drm/i915/gt: Reset queue_priority_hint on parking", " - drm/amdgpu: Use drm_mode_copy()", " - drm/amd/display: Preserve original aspect ratio in create stream", " - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", " - scsi: core: Fix unremoved procfs host directory regression", " - staging: vc04_services: changen strncpy() to strscpy_pad()", " - staging: vc04_services: fix information leak in create_component()", " - USB: core: Add hub_get() and hub_put() routines", " - usb: dwc2: host: Fix remote wakeup from hibernation", " - usb: dwc2: host: Fix hibernation flow", " - usb: dwc2: host: Fix ISOC flow in DDMA mode", " - usb: dwc2: gadget: Fix exiting from clock gating", " - usb: dwc2: gadget: LPM flow fix", " - usb: udc: remove warning when queue disabled ep", " - usb: typec: ucsi: Ack unsupported commands", " - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset", " - scsi: qla2xxx: Prevent command send on chip reset", " - scsi: qla2xxx: Fix N2N stuck connection", " - scsi: qla2xxx: Split FCE|EFT trace control", " - scsi: qla2xxx: NVME|FCP prefer flag not being honored", " - scsi: qla2xxx: Fix command flush on cable pull", " - scsi: qla2xxx: Fix double free of fcport", " - scsi: qla2xxx: Change debug message during driver unload", " - scsi: qla2xxx: Delay I/O Abort on PCI error", " - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled", " - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports", " - scsi: lpfc: Correct size for wqe for memset()", " - USB: core: Fix deadlock in usb_deauthorize_interface()", " - scsi: usb: Call scsi_done() directly", " - scsi: usb: Stop using the SCSI pointer", " - USB: UAS: return ENODEV when submit urbs fail with device not attached", " - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet", " - mlxbf_gige: stop PHY during open() error paths", " - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy", " - wifi: iwlwifi: mvm: rfi: fix potential response leaks", " - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()", " - s390/qeth: handle deferred cc1", " - tcp: properly terminate timers for kernel sockets", " - ACPICA: debugger: check status of acpi_evaluate_object() in", " acpi_db_walk_for_fields()", " - mlxbf_gige: call request_irq() after NAPI initialized", " - bpf: Protect against int overflow for stack access size", " - Octeontx2-af: fix pause frame configuration in GMP mode", " - dm integrity: fix out-of-range warning", " - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d", " - x86/cpufeatures: Add new word for scattered features", " - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word", " - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken", " - Bluetooth: hci_event: set the conn encrypted before conn establishes", " - Bluetooth: Fix TOCTOU in HCI debugfs implementation", " - xen-netfront: Add missing skb_mark_for_recycle", " - net/rds: fix possible cp null dereference", " - locking/rwsem: Disable preemption while trying for rwsem lock", " - io_uring: ensure '0' is returned on file registration success", " - Revert \"x86/mm/ident_map: Use gbpages only where full GB page should be", " mapped.\"", " - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL", " allocations", " - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util", " - KVM: x86: Bail to userspace if emulation of atomic user access faults", " - KVM: x86: Mark target gfn of emulated atomic instruction as dirty", " - netfilter: nf_tables: reject new basechain after table flag update", " - netfilter: nf_tables: flush pending destroy work before exit_net release", " - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()", " - netfilter: validate user input for expected length", " - vboxsf: Avoid an spurious warning if load_nls_xxx() fails", " - bpf, sockmap: Prevent lock inversion deadlock in map delete elem", " - net/sched: act_skbmod: prevent kernel-infoleak", " - net: stmmac: fix rx queue priority assignment", " - selftests: net: gro fwd: update vxlan GRO test expectations", " - erspan: make sure erspan_base_hdr is present in skb->head", " - selftests: reuseaddr_conflict: add missing new line at the end of the output", " - ipv6: Fix infinite recursion in fib6_dump_done().", " - mlxbf_gige: stop interface during shutdown", " - udp: do not accept non-tunnel GSO skbs landing in a tunnel", " - udp: do not transition UDP GRO fraglist partial checksums to unnecessary", " - udp: prevent local UDP tunnel packets from being GROed", " - octeontx2-af: Fix issue with loading coalesced KPU profiles", " - octeontx2-pf: check negative error code in otx2_open()", " - i40e: fix i40e_count_filters() to count only active/new filters", " - i40e: fix vf may be used uninitialized in this function warning", " - scsi: qla2xxx: Update manufacturer details", " - scsi: qla2xxx: Update manufacturer detail", " - Revert \"usb: phy: generic: Get the vbus supply\"", " - i40e: Store the irq number in i40e_q_vector", " - i40e: Remove _t suffix from enum type names", " - i40e: Enforce software interrupt during busy-poll exit", " - net: usb: asix: suspend embedded PHY if external is used", " - drivers: net: convert to boolean for the mac_managed_pm flag", " - net: fec: Set mac_managed_pm during probe", " - net: ravb: Always process TX descriptor ring", " - ASoC: rt5682-sdw: fix locking sequence", " - ASoC: rt711-sdca: fix locking sequence", " - ASoC: rt711-sdw: fix locking sequence", " - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw", " - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit", " - scsi: mylex: Fix sysfs buffer lengths", " - ata: sata_mv: Fix PCI device ID table declaration compilation warning", " - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY", " - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running", " - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached", " - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()", " - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with", " microphone", " - driver core: Introduce device_link_wait_removal()", " - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals", " - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()", " - s390/entry: align system call table on 8 bytes", " - riscv: Fix spurious errors from __get/put_kernel_nofault", " - riscv: process: Fix kernel gp leakage", " - x86/bugs: Fix the SRSO mitigation on Zen3/4", " - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for", " !SRSO", " - mptcp: don't account accept() of non-MPC client as fallback to TCP", " - mm/secretmem: fix GUP-fast succeeding on secretmem folios", " - gro: fix ownership transfer", " - nvme: fix miss command type check", " - x86: set SPECTRE_BHI_ON as default", " - Linux 5.15.154", "", " * CVE-2024-23307", " - md/raid5: fix atomicity violation in raid5_cache_count", "", " * CVE-2024-26828", " - cifs: fix underflow in parse_server_interfaces()", "", " * CVE-2024-24861", " - media: xc4000: Fix atomicity violation in xc4000_get_frequency", "", " * CVE-2024-26642", " - netfilter: nf_tables: disallow anonymous set with timeout flag", "", " * CVE-2024-26926", " - binder: check offset alignment in binder_get_object()", "", " * CVE-2024-26922", " - drm/amdgpu: validate the parameters of bo mapping operations more clearly", "", " * CVE-2023-6039", " - timers: Silently ignore timers with a NULL function", "", " * CVE-2024-26924", " - netfilter: nft_set_pipapo: do not free live element", "", " * CVE-2024-26643", " - netfilter: nf_tables: mark set as dead when unbinding anonymous set with", " timeout", "" ], "package": "linux", "version": "5.15.0-115.125", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:06:00 +0200" } ], "notes": "linux-image-5.15.0-116-generic-lpae version '5.15.0-116.126' (source package linux version '5.15.0-116.126') was added. linux-image-5.15.0-116-generic-lpae version '5.15.0-116.126' has the same source package name, linux, as removed package linux-headers-5.15.0-113. As such we can use the source package version of the removed package, '5.15.0-113.123', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-5.15.0-116-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738, 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "changes": [ { "cves": [], "log": [ "", " * jammy/linux: 5.15.0-116.126 -proposed tracker (LP: #2071603)", "", " * idxd: NULL pointer dereference reading wq op_config attribute (LP: #2069081)", " - SAUCE: dmaengine: idxd: set is_visible member of idxd_wq_attribute_group", "", " * AMD GPUs fail with null pointer dereference when IOMMU enabled, leading to", " black screen (LP: #2068738)", " - SAUCE: Revert \"drm/amdgpu: init iommu after amdkfd device init\"", "" ], "package": "linux", "version": "5.15.0-116.126", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071603, 2069081, 2068738 ], "author": "Stefan Bader ", "date": "Mon, 01 Jul 2024 11:13:30 +0200" }, { "cves": [ { "cve": "CVE-2024-23307", "url": "https://ubuntu.com/security/CVE-2024-23307", "cve_description": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.", "cve_priority": "low", "cve_public_date": "2024-01-25 07:15:00 UTC" }, { "cve": "CVE-2024-26828", "url": "https://ubuntu.com/security/CVE-2024-26828", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that \"bytes_left\" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.", "cve_priority": "high", "cve_public_date": "2024-04-17 10:15:00 UTC" }, { "cve": "CVE-2024-24861", "url": "https://ubuntu.com/security/CVE-2024-24861", "cve_description": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "cve_priority": "medium", "cve_public_date": "2024-02-05 08:15:00 UTC" }, { "cve": "CVE-2024-26642", "url": "https://ubuntu.com/security/CVE-2024-26642", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" }, { "cve": "CVE-2024-26926", "url": "https://ubuntu.com/security/CVE-2024-26926", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 (\"binder: avoid potential data leakage when copying txn\") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df (\"binder: add function to copy binder object from buffer\"), likely removed due to redundancy at the time.", "cve_priority": "medium", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26922", "url": "https://ubuntu.com/security/CVE-2024-26922", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.", "cve_priority": "medium", "cve_public_date": "2024-04-23 13:15:00 UTC" }, { "cve": "CVE-2023-6039", "url": "https://ubuntu.com/security/CVE-2023-6039", "cve_description": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.", "cve_priority": "low", "cve_public_date": "2023-11-09 15:15:00 UTC" }, { "cve": "CVE-2024-26924", "url": "https://ubuntu.com/security/CVE-2024-26924", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem(\"00000000\") timeout 100 ms ... add_elem(\"0000000X\") timeout 100 ms del_elem(\"0000000X\") <---------------- delete one that was just added ... add_elem(\"00005000\") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove function there is a chance that we will drop a rule that maps to a non-deactivated element. Removal happens in two steps, first we do a lookup for key k and return the to-be-removed element and mark it as inactive in the next generation. Then, in a second step, the element gets removed from the set/map. The _remove function does not work correctly if we have more than one element that share the same key. This can happen if we insert an element into a set when the set already holds an element with same key, but the element mapping to the existing key has timed out or is not active in the next generation. In such case its possible that removal will unmap the wrong element. If this happens, we will leak the non-deactivated element, it becomes unreachable. The element that got deactivated (and will be freed later) will remain reachable in the set data structure, this can result in a crash when such an element is retrieved during lookup (stale pointer). Add a check that the fully matching key does in fact map to the element that we have marked as inactive in the deactivation step. If not, we need to continue searching. Add a bug/warn trap at the end of the function as well, the remove function must not ever be called with an invisible/unreachable/non-existent element. v2: avoid uneeded temporary variable (Stefano)", "cve_priority": "high", "cve_public_date": "2024-04-25 06:15:00 UTC" }, { "cve": "CVE-2024-26643", "url": "https://ubuntu.com/security/CVE-2024-26643", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set element timeout\"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on transaction abort\"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.", "cve_priority": "high", "cve_public_date": "2024-03-21 11:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-115.125 -proposed tracker (LP: #2068396)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian.master/dkms-versions -- update from kernel-versions", " (main/2024.06.10)", "", " * Jammy update: v5.15.158 upstream stable release (LP: #2067974)", " - smb: client: fix rename(2) regression against samba", " - cifs: reinstate original behavior again for forceuid/forcegid", " - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc", " - HID: logitech-dj: allow mice to use all types of reports", " - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma", " - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma", " - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma", " - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts", " - arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg", " - arm64: dts: mediatek: mt7622: add support for coherent DMA", " - arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch", " - arm64: dts: mediatek: mt7622: fix clock controllers", " - arm64: dts: mediatek: mt7622: fix IR nodename", " - arm64: dts: mediatek: mt7622: fix ethernet controller \"compatible\"", " - arm64: dts: mediatek: mt7622: drop \"reset-names\" from thermal block", " - arm64: dts: mediatek: mt2712: fix validation errors", " - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property", " - wifi: iwlwifi: mvm: remove old PASN station when adding a new one", " - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd", " - vxlan: drop packets from invalid src-address", " - mlxsw: core: Unregister EMAD trap using FORWARD action", " - icmp: prevent possible NULL dereferences from icmp_build_probe()", " - bridge/br_netlink.c: no need to return void function", " - NFC: trf7970a: disable all regulators on removal", " - ipv4: check for NULL idev in ip_route_use_hint()", " - net: usb: ax88179_178a: stop lying about skb->truesize", " - net: gtp: Fix Use-After-Free in gtp_dellink", " - ipvs: Fix checksumming on GSO of SCTP packets", " - net: openvswitch: Fix Use-After-Free in ovs_ct_exit", " - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update", " - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash", " - mlxsw: spectrum_acl_tcam: Rate limit error message", " - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash", " - mlxsw: spectrum_acl_tcam: Fix warning during rehash", " - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage", " - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", " - netfilter: nf_tables: honor table dormant flag from netdev release event", " path", " - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue", " - i40e: Report MFS in decimal base instead of hex", " - iavf: Fix TC config comparison with existing adapter TC config", " - net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets", " - af_unix: Suppress false-positive lockdep splat for spin_lock() in", " __unix_gc().", " - serial: core: Provide port lock wrappers", " - serial: mxs-auart: add spinlock around changing cts state", " - drm-print: add drm_dbg_driver to improve namespace symmetry", " - drm/vmwgfx: Fix crtc's atomic check conditional", " - Revert \"crypto: api - Disallow identical driver names\"", " - net/mlx5e: Fix a race in command alloc flow", " - tracing: Show size of requested perf buffer", " - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker", " together", " - x86/cpu: Fix check for RDPKRU in __show_regs()", " - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()", " - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853", " - Bluetooth: qca: fix NULL-deref on non-serdev suspend", " - mmc: sdhci-msm: pervent access to suspended controller", " - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()", " - cpu: Re-enable CPU mitigations by default for !X86 architectures", " - [Configs] Update CPU mitigation configs", " - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma", " - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3", " - drm/amdgpu: Fix leak when GPU memory allocation fails", " - irqchip/gic-v3-its: Prevent double free on error", " - ethernet: Add helper for assigning packet type when dest address does not", " match device address", " - net: b44: set pause params only when interface is up", " - stackdepot: respect __GFP_NOLOCKDEP allocation flag", " - mtd: diskonchip: work around ubsan link failure", " - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()", " - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()", " - dmaengine: owl: fix register access functions", " - idma64: Don't try to serve interrupts when device is powered off", " - dma: xilinx_dpdma: Fix locking", " - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", " - riscv: fix VMALLOC_START definition", " - riscv: Fix TASK_SIZE on 64-bit NOMMU", " - i2c: smbus: fix NULL function pointer dereference", " - fbdev: fix incorrect address computation in deferred IO", " - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up", " - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS", " - udp: preserve the connected status if only UDP cmsg", " - serial: core: fix kernel-doc for uart_port_unlock_irqrestore()", " - Linux 5.15.158", "", " * Jammy update: v5.15.157 upstream stable release (LP: #2067959)", " - ksmbd: don't send oplock break if rename fails", " - ksmbd: validate payload size in ipc response", " - ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1", " - btrfs: record delayed inode root in transaction", " - SUNRPC: Fix rpcgss_context trace event acceptor field", " - selftests/ftrace: Limit length in subsystem-enable tests", " - bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support", " - bpf: Generalize check_ctx_reg for reuse with other types", " - bpf: Generally fix helper register offset check", " - bpf: Fix out of bounds access for ringbuf helpers", " - bpf: Fix ringbuf memory type confusion when passing to helpers", " - kprobes: Fix possible use-after-free issue on kprobe registration", " - Revert \"tracing/trigger: Fix to return error if failed to alloc snapshot\"", " - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()", " - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()", " - netfilter: br_netfilter: skip conntrack input hook for promisc packets", " - netfilter: nf_flow_table: count pending offload workqueue tasks", " - [Config] update configs to enable new NF_FLOW_TABLE_PROCFS", " - netfilter: flowtable: validate pppoe header", " - netfilter: flowtable: incorrect pppoe tuple", " - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().", " - af_unix: Don't peek OOB data without MSG_OOB.", " - tun: limit printing rate when illegal packet received by tun dev", " - net: dsa: mt7530: fix mirroring frames received on local port", " - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them", " - RDMA/rxe: Fix the problem \"mutex_destroy missing\"", " - RDMA/cm: Print the old state when cm_destroy_id gets timeout", " - RDMA/mlx5: Fix port number for counter query in multi-port configuration", " - s390/qdio: handle deferred cc1", " - s390/cio: fix race condition during online processing", " - drm: nv04: Fix out of bounds access", " - drm/panel: visionox-rm69299: don't unregister DSI device", " - clk: Remove prepare_lock hold assertion in __clk_release()", " - clk: Mark 'all_lists' as const", " - clk: remove extra empty line", " - clk: Print an info line before disabling unused clocks", " - clk: Initialize struct clk_core kref earlier", " - clk: Get runtime PM before walking tree during disable_unused", " - x86/bugs: Fix BHI retpoline check", " - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ", " - thunderbolt: Avoid notify PM core about runtime PM resume", " - thunderbolt: Fix wake configurations after device unplug", " - comedi: vmk80xx: fix incomplete endpoint checking", " - serial/pmac_zilog: Remove flawed mitigation for rx irq flood", " - USB: serial: option: add Fibocom FM135-GL variants", " - USB: serial: option: add support for Fibocom FM650/FG650", " - USB: serial: option: add Lonsung U8300/U9300 product", " - USB: serial: option: support Quectel EM060K sub-models", " - USB: serial: option: add Rolling RW101-GL and RW135-GL support", " - USB: serial: option: add Telit FN920C04 rmnet compositions", " - usb: dwc2: host: Fix dereference issue in DDMA completion flow.", " - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport", " error", " - mei: me: disable RPL-S on SPS and IGN firmwares", " - speakup: Avoid crash on very long word", " - fs: sysfs: Fix reference leak in sysfs_break_active_protection()", " - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible", " - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms", " - arm64: hibernate: Fix level3 translation fault in swsusp_save()", " - init/main.c: Fix potential static_command_line memory overflow", " - drm/vmwgfx: Sort primary plane formats by order of preference", " - nouveau: fix instmem race condition around ptr stores", " - nilfs2: fix OOB in nilfs_set_de_type", " - net: dsa: mt7530: set all CPU ports in MT7531_CPU_PMAP", " - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530", " - net: dsa: mt7530: fix improper frames on all 25MHz and 40MHz XTAL MT7530", " - net: dsa: mt7530: fix enabling EEE on MT7531 switch on all boards", " - Linux 5.15.157", "", " * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)", " - scsi: megaraid_sas: Log message when controller reset is requested but not", " issued", " - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1", "", " * Jammy update: v5.15.156 upstream stable release (LP: #2065857)", " - batman-adv: Avoid infinite loop trying to resize local TT", " - ring-buffer: Only update pages_touched when a new page is touched", " - Bluetooth: Fix memory leak in hci_req_sync_complete()", " - media: cec: core: remove length check of Timer Status", " - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order", " - Revert \"drm/qxl: simplify qxl_fence_wait\"", " - nouveau: fix function cast warning", " - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()", " - net: openvswitch: fix unwanted error log on timeout policy probing", " - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates.", " - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING", " - geneve: fix header validation in geneve[6]_xmit_skb", " - af_unix: Clear stale u->oob_skb.", " - octeontx2-af: Fix NIX SQ mode and BP config", " - ipv6: fib: hide unused 'pn' variable", " - ipv4/route: avoid unused-but-set-variable warning", " - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr", " - netfilter: complete validation of user input", " - net/mlx5: Properly link new fs rules into the tree", " - net: sparx5: fix wrong config being used when reconfiguring PCS", " - net: dsa: mt7530: trap link-local frames regardless of ST Port State", " - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.", " - af_unix: Fix garbage collector racing against connect()", " - net: ena: Fix potential sign extension issue", " - net: ena: Wrong missing IO completions check order", " - net: ena: Fix incorrect descriptor free behavior", " - tracing: hide unused ftrace_event_id_fops", " - iommu/vt-d: Allocate local memory for page request queue", " - btrfs: qgroup: correctly model root qgroup rsv in convert", " - drm/client: Fully protect modes[] with dev->mode_config.mutex", " - vhost: Add smp_rmb() in vhost_vq_avail_empty()", " - perf/x86: Fix out of range data", " - x86/cpu: Actually turn off mitigations by default for", " SPECULATION_MITIGATIONS=n", " - selftests: timers: Fix abs() warning in posix_timers test", " - x86/apic: Force native_apic_mem_read() to use the MOV instruction", " - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument", " - x86/bugs: Fix return type of spectre_bhi_state()", " - x86/bugs: Fix BHI documentation", " - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES", " - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'", " - x86/bugs: Fix BHI handling of RRSBA", " - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation", " - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto", " - [Config] updateconfigs to remove obsolete SPECTRE_BHI_AUTO", " - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with", " CONFIG_MITIGATION_SPECTRE_BHI", " - [Config] updateconfigs to enable new MITIGATION_SPECTRE_BHI", " - drm/i915/cdclk: Fix CDCLK programming order when pipes are active", " - Linux 5.15.156", "", " * Jammy update: v5.15.155 upstream stable release (LP: #2065805)", " - amdkfd: use calloc instead of kzalloc to avoid integer overflow", " - net: dsa: fix panic when DSA master device unbinds on shutdown", " - wifi: ath9k: fix LNA selection in ath_ant_try_scan()", " - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()", " - panic: Flush kernel log buffer at the end", " - cpuidle: Avoid potential overflow in integer multiplication", " - arm64: dts: rockchip: fix rk3328 hdmi ports node", " - arm64: dts: rockchip: fix rk3399 hdmi ports node", " - ionic: set adminq irq affinity", " - pstore/zone: Add a null pointer check to the psz_kmsg_read", " - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()", " - net: pcs: xpcs: Return EINVAL in the internal methods", " - wifi: ath11k: decrease MHI channel buffer length to 8KB", " - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()", " - btrfs: export: handle invalid inode or root reference in btrfs_get_parent()", " - btrfs: send: handle path ref underflow in header iterate_inode_ref()", " - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()", " - Bluetooth: btintel: Fix null ptr deref in btintel_read_version", " - Input: synaptics-rmi4 - fail probing if memory allocation for \"phys\" fails", " - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs", " - sysv: don't call sb_bread() with pointers_lock held", " - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()", " - isofs: handle CDs with bad root inode but good Joliet root directory", " - media: sta2x11: fix irq handler cast", " - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block", " counter", " - ext4: add a hint for block bitmap corrupt state in mb_groups", " - ext4: forbid commit inconsistent quota data when errors=remount-ro", " - drm/amd/display: Fix nanosec stat overflow", " - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned", " int", " - Revert \"ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default\"", " - libperf evlist: Avoid out-of-bounds access", " - block: prevent division by zero in blk_rq_stat_sum()", " - RDMA/cm: add timeout to cm_destroy_id wait", " - Input: allocate keycode for Display refresh rate toggle", " - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi", " Vi8 tablet", " - ktest: force $buildonly = 1 for 'make_warnings_file' test type", " - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent", " environment", " - tools: iio: replace seekdir() in iio_generic_buffer", " - usb: typec: tcpci: add generic tcpci fallback compatible", " - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined", " - ASoC: soc-core.c: Skip dummy codec when adding platforms", " - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2", " - drivers/nvme: Add quirks for device 126f:2262", " - fbmon: prevent division by zero in fb_videomode_from_videomode()", " - netfilter: nf_tables: release batch on table validation from abort path", " - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", " - netfilter: nf_tables: discard table flag update with pending basechain", " deletion", " - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc", " - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text", " - gcc-plugins/stackleak: Avoid .head.text section", " - virtio: reenable config if freezing device failed", " - x86/mm/pat: fix VM_PAT handling in COW mappings", " - randomize_kstack: Improve entropy diffusion", " - platform/x86: intel-vbtn: Update tablet mode switch at end of probe", " - Bluetooth: btintel: Fixe build regression", " - VMCI: Fix possible memcpy() run-time warning in", " vmci_datagram_invoke_guest_handler()", " - Linux 5.15.155", "", " * Jammy update: v5.15.154 upstream stable release (LP: #2065435)", " - Documentation/hw-vuln: Update spectre doc", " - x86/cpu: Support AMD Automatic IBRS", " - media: staging: ipu3-imgu: Set fields before media_entity_pads_init()", " - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd", " - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()", " - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()", " - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts", " - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts", " - pci_iounmap(): Fix MMIO mapping leak", " - KVM: Always flush async #PF workqueue when vCPU is being destroyed", " - sparc64: NMI watchdog: fix return value of __setup handler", " - sparc: vDSO: fix return value of __setup handler", " - crypto: qat - fix double free during reset", " - crypto: qat - resolve race condition during AER recovery", " - selftests/mqueue: Set timeout to 180 seconds", " - ext4: correct best extent lstart adjustment logic", " - block: Clear zone limits for a non-zoned stacked queue", " - kasan: test: add memcpy test that avoids out-of-bounds write", " - kasan/test: avoid gcc warning for intentional overflow", " - bounds: support non-power-of-two CONFIG_NR_CPUS", " - fat: fix uninitialized field in nostale filehandles", " - ubifs: Set page uptodate in the correct place", " - ubi: Check for too small LEB size in VTBL code", " - ubi: correct the calculation of fastmap size", " - mtd: rawnand: meson: fix scrambling mode value in command macro", " - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt", " macros", " - parisc: Fix ip_fast_csum", " - parisc: Fix csum_ipv6_magic on 32-bit systems", " - parisc: Fix csum_ipv6_magic on 64-bit systems", " - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds", " - PM: suspend: Set mem_sleep_current during kernel command line setup", " - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays", " - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays", " - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays", " - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays", " - usb: xhci: Add error handling in xhci_map_urb_for_dma", " - powerpc/fsl: Fix mfpmr build errors with newer binutils", " - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB", " - USB: serial: add device ID for VeriFone adapter", " - USB: serial: cp210x: add ID for MGP Instruments PDS100", " - USB: serial: option: add MeiG Smart SLM320 product", " - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M", " - PM: sleep: wakeirq: fix wake irq warning in system suspend", " - mmc: tmio: avoid concurrent runs of mmc_request_done()", " - fuse: fix root lookup with nonzero generation", " - fuse: don't unhash root", " - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros", " - printk/console: Split out code that enables default console", " - serial: Lock console when calling into driver before registration", " - btrfs: fix off-by-one chunk length calculation at contains_pending_extent()", " - PCI: Drop pci_device_remove() test of pci_dev->driver", " - PCI/PM: Drain runtime-idle callbacks before driver removal", " - PCI: Work around Intel I210 ROM BAR overlap defect", " - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited", " - PCI/DPC: Quirk PIO log size for certain Intel Root Ports", " - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports", " - dm-raid: fix lockdep waring in \"pers->hot_add_disk\"", " - mac802154: fix llsec key resources release in mac802154_llsec_key_del", " - swap: comments get_swap_device() with usage rule", " - mm: swap: fix race between free_swap_and_cache() and swapoff()", " - mmc: core: Fix switch on gp3 partition", " - drm/etnaviv: Restore some id values", " - landlock: Warn once if a Landlock action is requested while disabled", " - hwmon: (amc6821) add of_match table", " - ext4: fix corruption during on-line resize", " - nvmem: meson-efuse: fix function pointer type mismatch", " - slimbus: core: Remove usage of the deprecated ida_simple_xx() API", " - phy: tegra: xusb: Add API to retrieve the port number of phy", " - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic", " - speakup: Fix 8bit characters from direct synth", " - PCI/AER: Block runtime suspend when handling errors", " - nfs: fix UAF in direct writes", " - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1", " - PCI: dwc: endpoint: Fix advertised resizable BAR size", " - vfio/platform: Disable virqfds on cleanup", " - ksmbd: retrieve number of blocks using vfs_getattr in", " set_file_allocation_info", " - ring-buffer: Fix waking up ring buffer readers", " - ring-buffer: Do not set shortest_full when full target is hit", " - ring-buffer: Fix resetting of shortest_full", " - ring-buffer: Fix full_waiters_pending in poll", " - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()", " - soc: fsl: qbman: Always disable interrupts when taking cgr_lock", " - soc: fsl: qbman: Add helper for sanity checking cgr ops", " - soc: fsl: qbman: Add CGR update function", " - soc: fsl: qbman: Use raw spinlock for cgr_lock", " - s390/zcrypt: fix reference counting on zcrypt card objects", " - drm/panel: do not return negative error codes from drm_panel_get_modes()", " - drm/exynos: do not return negative values from .get_modes()", " - drm/imx/ipuv3: do not return negative values from .get_modes()", " - drm/vc4: hdmi: do not return negative values from .get_modes()", " - memtest: use {READ,WRITE}_ONCE in memory scanning", " - nilfs2: fix failure to detect DAT corruption in btree and direct mappings", " - nilfs2: prevent kernel bug at submit_bh_wbc()", " - cpufreq: dt: always allocate zeroed cpumask", " - x86/CPU/AMD: Update the Zenbleed microcode revisions", " - NFSD: Fix nfsd_clid_class use of __string_len() macro", " - net: hns3: tracing: fix hclgevf trace event strings", " - wireguard: netlink: check for dangling peer via is_dead instead of empty", " list", " - wireguard: netlink: access device through ctx instead of peer", " - ahci: asm1064: correct count of reported ports", " - ahci: asm1064: asm1166: don't limit reported ports", " - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag", " - drm/amd/display: Return the correct HDCP error code", " - drm/amd/display: Fix noise issue on HDMI AV mute", " - dm snapshot: fix lockup in dm_exception_table_exit", " - x86/pm: Work around false positive kmemleak report in msr_build_context()", " - net: ravb: Add R-Car Gen4 support", " - cpufreq: brcmstb-avs-cpufreq: fix up \"add check for cpufreq_cpu_get's return", " value\"", " - netfilter: nf_tables: reject constant set with timeout", " - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of", " memory", " - xfrm: Avoid clang fortify warning in copy_to_user_tmpl()", " - KVM: SVM: Flush pages under kvm->lock to fix UAF in", " svm_register_enc_region()", " - tracing: Use .flush() call to wake up readers", " - drm/i915: Check before removing mm notifier", " - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command", " - usb: gadget: ncm: Fix handling of zero block length packets", " - usb: port: Don't try to peer unused USB ports based on location", " - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled", " - mei: me: add arrow lake point S DID", " - mei: me: add arrow lake point H DID", " - vt: fix unicode buffer corruption when deleting characters", " - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion", " - tee: optee: Fix kernel panic caused by incorrect error handling", " - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table", " - xen/events: close evtchn after mapping cleanup", " - clocksource/drivers/arm_global_timer: Fix maximum prescaler value", " - entry: Respect changes to system call number by trace_sys_enter()", " - minmax: add umin(a, b) and umax(a, b)", " - swiotlb: Fix alignment checks when both allocation and DMA masks are present", " - dma-mapping: add dma_opt_mapping_size()", " - dma-iommu: add iommu_dma_opt_mapping_size()", " - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device", " - printk: Update @console_may_schedule in console_trylock_spinning()", " - tty: serial: imx: Fix broken RS485", " - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix", " - x86/bugs: Add asm helpers for executing VERW", " - x86/entry_64: Add VERW just before userspace transition", " - x86/entry_32: Add VERW just before userspace transition", " - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key", " - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH", " - KVM/VMX: Move VERW closer to VMentry for MDS mitigation", " - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set", " - Documentation/hw-vuln: Add documentation for RFDS", " - x86/rfds: Mitigate Register File Data Sampling (RFDS)", " - [Config] updateconfigs for MITIGATION_RFDS", " - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests", " - arch: Introduce CONFIG_FUNCTION_ALIGNMENT", " - [Config] updateconfigs for FUNCTION_ALIGNMENT", " - x86/asm: Differentiate between code and function alignment", " - x86/alternatives: Introduce int3_emulate_jcc()", " - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions", " - x86/static_call: Add support for Jcc tail-calls", " - fsnotify: pass data_type to fsnotify_name()", " - fsnotify: pass dentry instead of inode data", " - fsnotify: clarify contract for create event hooks", " - fsnotify: Don't insert unmergeable events in hashtable", " - fanotify: Fold event size calculation to its own function", " - fanotify: Split fsid check from other fid mode checks", " - inotify: Don't force FS_IN_IGNORED", " - fsnotify: Add helper to detect overflow_event", " - fsnotify: Add wrapper around fsnotify_add_event", " - fsnotify: Retrieve super block from the data field", " - fsnotify: Protect fsnotify_handle_inode_event from no-inode events", " - fsnotify: Pass group argument to free_event", " - fanotify: Support null inode event in fanotify_dfid_inode", " - fanotify: Allow file handle encoding for unhashed events", " - fanotify: Encode empty file handle when no inode is provided", " - fanotify: Require fid_mode for any non-fd event", " - fsnotify: Support FS_ERROR event type", " - fanotify: Reserve UAPI bits for FAN_FS_ERROR", " - fanotify: Pre-allocate pool of error events", " - fanotify: Support enqueueing of error events", " - fanotify: Support merging of error events", " - fanotify: Wrap object_fh inline space in a creator macro", " - fanotify: Add helpers to decide whether to report FID/DFID", " - fanotify: WARN_ON against too large file handles", " - fanotify: Report fid info for file related file system errors", " - fanotify: Emit generic error info for error event", " - fanotify: Allow users to request FAN_FS_ERROR events", " - ext4: Send notifications on error", " - docs: Document the FAN_FS_ERROR event", " - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s", " - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field", " - NFS: Move generic FS show macros to global header", " - NFS: Move NFS protocol display macros to global header", " - NFSD: Optimize DRC bucket pruning", " - NFSD: move filehandle format declarations out of \"uapi\".", " - NFSD: drop support for ancient filehandles", " - NFSD: simplify struct nfsfh", " - NFSD: Initialize pointer ni with NULL and not plain integer 0", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_decode", " - SUNRPC: Change return value type of .pc_decode", " - NFSD: Save location of NFSv4 COMPOUND status", " - SUNRPC: Replace the \"__be32 *p\" parameter to .pc_encode", " - SUNRPC: Change return value type of .pc_encode", " - nfsd: update create verifier comment", " - NFSD:fix boolreturn.cocci warning", " - nfsd4: remove obselete comment", " - ext4: fix error code saved on super block during file system abort", " - fsnotify: clarify object type argument", " - fsnotify: separate mark iterator type from object type enum", " - fanotify: introduce group flag FAN_REPORT_TARGET_FID", " - fsnotify: generate FS_RENAME event with rich information", " - fanotify: use macros to get the offset to fanotify_info buffer", " - fanotify: use helpers to parcel fanotify_info buffer", " - fanotify: support secondary dir fh and name in fanotify_info", " - fanotify: record old and new parent and name in FAN_RENAME event", " - fanotify: record either old name new name or both for FAN_RENAME", " - fanotify: report old and/or new parent+name in FAN_RENAME event", " - fanotify: wire up FAN_RENAME event", " - exit: Implement kthread_exit", " - exit: Rename module_put_and_exit to module_put_and_kthread_exit", " - NFSD: handle errors better in write_ports_addfd()", " - SUNRPC: change svc_get() to return the svc.", " - SUNRPC/NFSD: clean up get/put functions.", " - SUNRPC: stop using ->sv_nrthreads as a refcount", " - nfsd: make nfsd_stats.th_cnt atomic_t", " - SUNRPC: use sv_lock to protect updates to sv_nrthreads.", " - NFSD: narrow nfsd_mutex protection in nfsd thread", " - NFSD: Make it possible to use svc_set_num_threads_sync", " - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()", " - NFSD: simplify locking for network notifier.", " - lockd: introduce nlmsvc_serv", " - lockd: simplify management of network status notifiers", " - lockd: move lockd_start_svc() call into lockd_create_svc()", " - lockd: move svc_exit_thread() into the thread", " - lockd: introduce lockd_put()", " - lockd: rename lockd_create_svc() to lockd_get()", " - SUNRPC: move the pool_map definitions (back) into svc.c", " - SUNRPC: always treat sv_nrpools==1 as \"not pooled\"", " - lockd: use svc_set_num_threads() for thread start and stop", " - NFS: switch the callback service back to non-pooled.", " - NFSD: Remove be32_to_cpu() from DRC hash function", " - NFSD: Fix inconsistent indenting", " - NFSD: simplify per-net file cache management", " - NFSD: Combine XDR error tracepoints", " - nfsd: improve stateid access bitmask documentation", " - NFSD: De-duplicate nfsd4_decode_bitmap4()", " - nfs: block notification on fs with its own ->lock", " - nfsd4: add refcount for nfsd4_blocked_lock", " - nfsd: map EBADF", " - nfsd: Add errno mapping for EREMOTEIO", " - nfsd: Retry once in nfsd_open on an -EOPENSTALE return", " - NFSD: Clean up nfsd_vfs_write()", " - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id)", " - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range()", " - NFSD: Write verifier might go backwards", " - NFSD: Clean up the nfsd_net::nfssvc_boot field", " - NFSD: Rename boot verifier functions", " - NFSD: Trace boot verifier resets", " - NFSD: Move fill_pre_wcc() and fill_post_wcc()", " - fsnotify: invalidate dcache before IN_DELETE event", " - NFSD: Deprecate NFS_OFFSET_MAX", " - nfsd: Add support for the birth time attribute", " - orDate: Thu Sep 30 19:19:57 2021 -0400", " - NFSD: Skip extra computation for RC_NOCACHE case", " - NFSD: Streamline the rare \"found\" case", " - NFSD: Remove NFSD_PROC_ARGS_* macros", " - SUNRPC: Remove the .svo_enqueue_xprt method", " - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt()", " - SUNRPC: Remove svo_shutdown method", " - SUNRPC: Rename svc_create_xprt()", " - SUNRPC: Rename svc_close_xprt()", " - SUNRPC: Remove svc_shutdown_net()", " - NFSD: Remove svc_serv_ops::svo_module", " - NFSD: Move svc_serv_ops::svo_function into struct svc_serv", " - NFSD: Remove CONFIG_NFSD_V3", " - [Config] updateconfigs for NFSD_V3", " - NFSD: Clean up _lm_ operation names", " - nfsd: fix using the correct variable for sizeof()", " - fsnotify: fix merge with parent's ignored mask", " - fsnotify: optimize FS_MODIFY events with no ignored masks", " - fsnotify: remove redundant parameter judgment", " - nfsd: Fix a write performance regression", " - nfsd: Clean up nfsd_file_put()", " - fanotify: do not allow setting dirent events in mask of non-dir", " - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock.", " - inotify: move control flags from mask to mark flags", " - fsnotify: pass flags argument to fsnotify_alloc_group()", " - fsnotify: make allow_dups a property of the group", " - fsnotify: create helpers for group mark_mutex lock", " - inotify: use fsnotify group lock helpers", " - nfsd: use fsnotify group lock helpers", " - dnotify: use fsnotify group lock helpers", " - fsnotify: allow adding an inode mark without pinning inode", " - fanotify: create helper fanotify_mark_user_flags()", " - fanotify: factor out helper fanotify_mark_update_flags()", " - fanotify: implement \"evictable\" inode marks", " - fanotify: use fsnotify group lock helpers", " - fanotify: enable \"evictable\" inode marks", " - fsnotify: introduce mark type iterator", " - fsnotify: consistent behavior for parent not watching children", " - fanotify: fix incorrect fmode_t casts", " - NFSD: Clean up nfsd_splice_actor()", " - NFSD: add courteous server support for thread with only delegation", " - NFSD: add support for share reservation conflict to courteous server", " - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd", " - fs/lock: add helper locks_owner_has_blockers to check for blockers", " - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict", " - NFSD: add support for lock conflict to courteous server", " - NFSD: Show state of courtesy client in client info", " - NFSD: Clean up nfsd3_proc_create()", " - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()", " - NFSD: Refactor nfsd_create_setattr()", " - NFSD: Refactor NFSv3 CREATE", " - NFSD: Refactor NFSv4 OPEN(CREATE)", " - NFSD: Remove do_nfsd_create()", " - NFSD: Clean up nfsd_open_verified()", " - NFSD: Instantiate a struct file when creating a regular NFSv4 file", " - NFSD: Remove dprintk call sites from tail of nfsd4_open()", " - NFSD: Fix whitespace", " - NFSD: Move documenting comment for nfsd4_process_open2()", " - NFSD: Trace filecache opens", " - SUNRPC: Use RMW bitops in single-threaded hot paths", " - nfsd: Unregister the cld notifier when laundry_wq create failed", " - nfsd: Fix null-ptr-deref in nfsd_fill_super()", " - NFSD: Modernize nfsd4_release_lockowner()", " - NFSD: Add documenting comment for nfsd4_release_lockowner()", " - NFSD: nfsd_file_put() can sleep", " - NFSD: Fix potential use-after-free in nfsd_file_put()", " - NFS: restore module put when manager exits.", " - fanotify: refine the validation checks on non-dir inode mask", " - NFSD: Decode NFSv4 birth time attribute", " - fs: inotify: Fix typo in inotify comment", " - fanotify: prepare for setting event flags in ignore mask", " - fanotify: cleanups for fanotify_mark() input validations", " - fanotify: introduce FAN_MARK_IGNORE", " - fsnotify: Fix comment typo", " - NLM: Defend against file_lock changes after vfs_test_lock()", " - NFSD: Instrument fh_verify()", " - NFSD: Fix space and spelling mistake", " - nfsd: remove redundant assignment to variable len", " - NFSD: Demote a WARN to a pr_warn()", " - NFSD: Report filecache LRU size", " - NFSD: Report count of calls to nfsd_file_acquire()", " - NFSD: Report count of freed filecache items", " - NFSD: Report average age of filecache items", " - NFSD: Add nfsd_file_lru_dispose_list() helper", " - NFSD: Refactor nfsd_file_gc()", " - NFSD: Refactor nfsd_file_lru_scan()", " - NFSD: Report the number of items evicted by the LRU walk", " - NFSD: Record number of flush calls", " - NFSD: Zero counters when the filecache is re-initialized", " - NFSD: Hook up the filecache stat file", " - NFSD: WARN when freeing an item still linked via nf_lru", " - NFSD: Trace filecache LRU activity", " - NFSD: Leave open files out of the filecache LRU", " - NFSD: Fix the filecache LRU shrinker", " - NFSD: Never call nfsd_file_gc() in foreground paths", " - NFSD: No longer record nf_hashval in the trace log", " - NFSD: Remove lockdep assertion from unhash_and_release_locked()", " - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode", " - NFSD: Refactor __nfsd_file_close_inode()", " - NFSD: nfsd_file_hash_remove can compute hashval", " - NFSD: Remove nfsd_file::nf_hashval", " - NFSD: Replace the \"init once\" mechanism", " - NFSD: Set up an rhashtable for the filecache", " - NFSD: Convert the filecache to use rhashtable", " - NFSD: Clean up unused code after rhashtable conversion", " - NFSD: Separate tracepoints for acquire and create", " - NFSD: Move nfsd_file_trace_alloc() tracepoint", " - NFSD: NFSv4 CLOSE should release an nfsd_file immediately", " - NFSD: Ensure nf_inode is never dereferenced", " - NFSD: refactoring v4 specific code to a helper in nfs4state.c", " - NFSD: keep track of the number of v4 clients in the system", " - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory", " - nfsd: silence extraneous printk on nfsd.ko insertion", " - NFSD: Optimize nfsd4_encode_operation()", " - NFSD: Optimize nfsd4_encode_fattr()", " - NFSD: Clean up SPLICE_OK in nfsd4_encode_read()", " - NFSD: Add an nfsd4_read::rd_eof field", " - NFSD: Optimize nfsd4_encode_readv()", " - NFSD: Simplify starting_len", " - NFSD: Use xdr_pad_size()", " - NFSD: Clean up nfsd4_encode_readlink()", " - NFSD: Fix strncpy() fortify warning", " - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox", " - NFSD: Shrink size of struct nfsd4_copy_notify", " - NFSD: Shrink size of struct nfsd4_copy", " - NFSD: Reorder the fields in struct nfsd4_op", " - NFSD: Make nfs4_put_copy() static", " - NFSD: Replace boolean fields in struct nfsd4_copy", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2)", " - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2)", " - NFSD: Refactor nfsd4_do_copy()", " - NFSD: Remove kmalloc from nfsd4_do_async_copy()", " - NFSD: Add nfsd4_send_cb_offload()", " - NFSD: Move copy offload callback arguments into a separate structure", " - NFSD: drop fh argument from alloc_init_deleg", " - NFSD: verify the opened dentry after setting a delegation", " - NFSD: introduce struct nfsd_attrs", " - NFSD: set attributes when creating symlinks", " - NFSD: add security label to struct nfsd_attrs", " - NFSD: add posix ACLs to struct nfsd_attrs", " - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before", " returning.", " - NFSD: always drop directory lock in nfsd_unlink()", " - NFSD: only call fh_unlock() once in nfsd_link()", " - NFSD: reduce locking in nfsd_lookup()", " - NFSD: use explicit lock/unlock for directory ops", " - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations", " - NFSD: discard fh_locked flag and fh_lock/fh_unlock", " - NFSD: fix regression with setting ACLs.", " - nfsd_splice_actor(): handle compound pages", " - NFSD: move from strlcpy with unused retval to strscpy", " - lockd: move from strlcpy with unused retval to strscpy", " - NFSD enforce filehandle check for source file in COPY", " - NFSD: remove redundant variable status", " - nfsd: Avoid some useless tests", " - nfsd: Propagate some error code returned by memdup_user()", " - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND", " - NFSD: drop fname and flen args from nfsd_create_locked()", " - nfsd: clean up mounted_on_fileid handling", " - nfsd: remove nfsd4_prepare_cb_recall() declaration", " - NFSD: Replace dprintk() call site in fh_verify()", " - NFSD: Trace NFSv4 COMPOUND tags", " - NFSD: Add tracepoints to report NFSv4 callback completions", " - NFSD: Add a mechanism to wait for a DELEGRETURN", " - NFSD: Refactor nfsd_setattr()", " - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY", " - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY", " - NFSD: keep track of the number of courtesy clients in the system", " - NFSD: add shrinker to reap courtesy clients on low memory condition", " - SUNRPC: Parametrize how much of argsize should be zeroed", " - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing", " - NFSD: Refactor common code out of dirlist helpers", " - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks", " - NFSD: Clean up WRITE arg decoders", " - NFSD: Clean up nfs4svc_encode_compoundres()", " - NFSD: Remove unused nfsd4_compoundargs::cachetype field", " - NFSD: Pack struct nfsd4_compoundres", " - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and", " supported_enctypes_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops", " - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops", " - NFSD: Rename the fields in copy_stateid_t", " - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid", " - nfsd: fix comments about spinlock handling with delegations", " - nfsd: make nfsd4_run_cb a bool return function", " - nfsd: extra checks when freeing delegation stateids", " - fs/notify: constify path", " - fsnotify: remove unused declaration", " - fanotify: Remove obsoleted fanotify_event_has_path()", " - nfsd: fix nfsd_file_unhash_and_dispose", " - nfsd: rework hashtable handling in nfsd_do_file_acquire", " - NFSD: unregister shrinker when nfsd_init_net() fails", " - nfsd: ensure we always call fh_verify_error tracepoint", " - nfsd: fix net-namespace logic in __nfsd_file_cache_purge", " - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint", " - nfsd: put the export reference in nfsd4_verify_deleg_dentry", " - NFSD: Fix trace_nfsd_fh_verify_err() crasher", " - NFSD: Fix reads with a non-zero offset that don't end on a page boundary", " - lockd: use locks_inode_context helper", " - nfsd: use locks_inode_context helper", " - NFSD: Simplify READ_PLUS", " - NFSD: Remove redundant assignment to variable host_err", " - NFSD: Finish converting the NFSv3 GETACL result encoder", " - nfsd: ignore requests to disable unsupported versions", " - nfsd: move nfserrno() to vfs.c", " - nfsd: allow disabling NFSv2 at compile time", " - [Config] updateconfigs for NFSD_V2", " - exportfs: use pr_debug for unreachable debug statements", " - NFSD: Pass the target nfsd_file to nfsd_commit()", " - NFSD: Revert \"NFSD: NFSv4 CLOSE should release an nfsd_file immediately\"", " - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection", " - NFSD: Flesh out a documenting comment for filecache.c", " - NFSD: Clean up nfs4_preprocess_stateid_op() call sites", " - NFSD: Trace stateids returned via DELEGRETURN", " - NFSD: Trace delegation revocations", " - NFSD: Use const pointers as parameters to fh_ helpers", " - NFSD: Update file_hashtbl() helpers", " - NFSD: Clean up nfsd4_init_file()", " - NFSD: Add a nfsd4_file_hash_remove() helper", " - NFSD: Clean up find_or_add_file()", " - NFSD: Refactor find_file()", " - NFSD: Use rhashtable for managing nfs4_file objects", " - NFSD: Fix licensing header in filecache.c", " - nfsd: remove the pages_flushed statistic from filecache", " - nfsd: reorganize filecache.c", " - filelock: add a new locks_inode_context accessor function", " - nfsd: fix up the filecache laundrette scheduling", " - NFSD: Add an nfsd_file_fsync tracepoint", " - nfsd: return error if nfs4_setacl fails", " - NFSD: Use struct_size() helper in alloc_session()", " - lockd: set missing fl_flags field when retrieving args", " - lockd: ensure we use the correct file descriptor when unlocking", " - lockd: fix file selection in nlmsvc_cancel_blocked", " - trace: Relocate event helper files", " - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker", " - NFSD: add support for sending CB_RECALL_ANY", " - NFSD: add delegation reaper to react to low memory condition", " - NFSD: add CB_RECALL_ANY tracepoints", " - NFSD: Use only RQ_DROPME to signal the need to drop a reply", " - NFSD: Avoid clashing function prototypes", " - nfsd: rework refcounting in filecache", " - nfsd: fix handling of cached open files in nfsd4_open codepath", " - Revert \"SUNRPC: Use RMW bitops in single-threaded hot paths\"", " - NFSD: Use set_bit(RQ_DROPME)", " - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown", " time", " - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker", " - nfsd: don't free files unconditionally in __nfsd_file_cache_purge", " - nfsd: don't destroy global nfs4_file table in per-net shutdown", " - NFSD: enhance inter-server copy cleanup", " - nfsd: allow nfsd_file_get to sanely handle a NULL pointer", " - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath", " - NFSD: fix leaked reference count of nfsd4_ssc_umount_item", " - nfsd: don't hand out delegation on setuid files being opened for write", " - NFSD: fix problems with cleanup on errors in nfsd4_copy", " - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open", " - nfsd: don't fsync nfsd_files on last close", " - NFSD: copy the whole verifier in nfsd_copy_write_verifier", " - NFSD: Protect against filesystem freezing", " - nfsd: don't replace page in rq_pages if it's a continuation of last page", " - nfsd: call op_release, even when op_func returns an error", " - nfsd: don't open-code clear_and_wake_up_bit", " - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries", " - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator", " - nfsd: don't kill nfsd_files because of lease break error", " - nfsd: add some comments to nfsd_file_do_acquire", " - nfsd: don't take/put an extra reference when putting a file", " - nfsd: update comment over __nfsd_file_cache_purge", " - nfsd: allow reaping files still under writeback", " - NFSD: Convert filecache to rhltable", " - nfsd: simplify the delayed disposal list code", " - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop", " - nfsd: make a copy of struct iattr before calling notify_change", " - nfsd: fix double fget() bug in __write_ports_addfd()", " - lockd: drop inappropriate svc_get() from locked_get()", " - NFSD: Add an nfsd4_encode_nfstime4() helper", " - nfsd: Fix creation time serialization order", " - nfsd: Simplify code around svc_exit_thread() call in nfsd()", " - nfsd: separate nfsd_last_thread() from nfsd_put()", " - Documentation: Add missing documentation for EXPORT_OP flags", " - NFSD: fix possible oops when nfsd/pool_stats is closed.", " - nfsd: call nfsd_last_thread() before final nfsd_put()", " - nfsd: drop the nfsd_put helper", " - nfsd: fix RELEASE_LOCKOWNER", " - nfsd: don't take fi_lock in nfsd_break_deleg_cb()", " - nfsd: don't call locks_release_private() twice concurrently", " - nfsd: Fix a regression in nfsd_setattr()", " - perf/core: Fix reentry problem in perf_output_read_group()", " - efivarfs: Request at most 512 bytes for variable names", " - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS", " - selftests: mptcp: diag: return KSFT_FAIL not test_cnt", " - vfio/pci: Disable auto-enable of exclusive INTx IRQ", " - vfio/pci: Lock external INTx masking ops", " - vfio: Introduce interface to flush virqfd inject workqueue", " - vfio/pci: Create persistent INTx handler", " - vfio/platform: Create persistent IRQ handlers", " - vfio/fsl-mc: Block calling interrupt handler without trigger", " - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO", " - mm/migrate: set swap entry values of THP tail pages properly.", " - init: open /initrd.image with O_LARGEFILE", " - btrfs: zoned: use zone aware sb location for scrub", " - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", " - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()", " - hexagon: vmlinux.lds.S: handle attributes section", " - mmc: core: Initialize mmc_blk_ioc_data", " - mmc: core: Avoid negative index with array access", " - net: ll_temac: platform_get_resource replaced by wrong function", " - drm/i915/gt: Reset queue_priority_hint on parking", " - drm/amdgpu: Use drm_mode_copy()", " - drm/amd/display: Preserve original aspect ratio in create stream", " - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", " - scsi: core: Fix unremoved procfs host directory regression", " - staging: vc04_services: changen strncpy() to strscpy_pad()", " - staging: vc04_services: fix information leak in create_component()", " - USB: core: Add hub_get() and hub_put() routines", " - usb: dwc2: host: Fix remote wakeup from hibernation", " - usb: dwc2: host: Fix hibernation flow", " - usb: dwc2: host: Fix ISOC flow in DDMA mode", " - usb: dwc2: gadget: Fix exiting from clock gating", " - usb: dwc2: gadget: LPM flow fix", " - usb: udc: remove warning when queue disabled ep", " - usb: typec: ucsi: Ack unsupported commands", " - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset", " - scsi: qla2xxx: Prevent command send on chip reset", " - scsi: qla2xxx: Fix N2N stuck connection", " - scsi: qla2xxx: Split FCE|EFT trace control", " - scsi: qla2xxx: NVME|FCP prefer flag not being honored", " - scsi: qla2xxx: Fix command flush on cable pull", " - scsi: qla2xxx: Fix double free of fcport", " - scsi: qla2xxx: Change debug message during driver unload", " - scsi: qla2xxx: Delay I/O Abort on PCI error", " - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled", " - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports", " - scsi: lpfc: Correct size for wqe for memset()", " - USB: core: Fix deadlock in usb_deauthorize_interface()", " - scsi: usb: Call scsi_done() directly", " - scsi: usb: Stop using the SCSI pointer", " - USB: UAS: return ENODEV when submit urbs fail with device not attached", " - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet", " - mlxbf_gige: stop PHY during open() error paths", " - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy", " - wifi: iwlwifi: mvm: rfi: fix potential response leaks", " - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()", " - s390/qeth: handle deferred cc1", " - tcp: properly terminate timers for kernel sockets", " - ACPICA: debugger: check status of acpi_evaluate_object() in", " acpi_db_walk_for_fields()", " - mlxbf_gige: call request_irq() after NAPI initialized", " - bpf: Protect against int overflow for stack access size", " - Octeontx2-af: fix pause frame configuration in GMP mode", " - dm integrity: fix out-of-range warning", " - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d", " - x86/cpufeatures: Add new word for scattered features", " - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word", " - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken", " - Bluetooth: hci_event: set the conn encrypted before conn establishes", " - Bluetooth: Fix TOCTOU in HCI debugfs implementation", " - xen-netfront: Add missing skb_mark_for_recycle", " - net/rds: fix possible cp null dereference", " - locking/rwsem: Disable preemption while trying for rwsem lock", " - io_uring: ensure '0' is returned on file registration success", " - Revert \"x86/mm/ident_map: Use gbpages only where full GB page should be", " mapped.\"", " - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL", " allocations", " - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util", " - KVM: x86: Bail to userspace if emulation of atomic user access faults", " - KVM: x86: Mark target gfn of emulated atomic instruction as dirty", " - netfilter: nf_tables: reject new basechain after table flag update", " - netfilter: nf_tables: flush pending destroy work before exit_net release", " - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()", " - netfilter: validate user input for expected length", " - vboxsf: Avoid an spurious warning if load_nls_xxx() fails", " - bpf, sockmap: Prevent lock inversion deadlock in map delete elem", " - net/sched: act_skbmod: prevent kernel-infoleak", " - net: stmmac: fix rx queue priority assignment", " - selftests: net: gro fwd: update vxlan GRO test expectations", " - erspan: make sure erspan_base_hdr is present in skb->head", " - selftests: reuseaddr_conflict: add missing new line at the end of the output", " - ipv6: Fix infinite recursion in fib6_dump_done().", " - mlxbf_gige: stop interface during shutdown", " - udp: do not accept non-tunnel GSO skbs landing in a tunnel", " - udp: do not transition UDP GRO fraglist partial checksums to unnecessary", " - udp: prevent local UDP tunnel packets from being GROed", " - octeontx2-af: Fix issue with loading coalesced KPU profiles", " - octeontx2-pf: check negative error code in otx2_open()", " - i40e: fix i40e_count_filters() to count only active/new filters", " - i40e: fix vf may be used uninitialized in this function warning", " - scsi: qla2xxx: Update manufacturer details", " - scsi: qla2xxx: Update manufacturer detail", " - Revert \"usb: phy: generic: Get the vbus supply\"", " - i40e: Store the irq number in i40e_q_vector", " - i40e: Remove _t suffix from enum type names", " - i40e: Enforce software interrupt during busy-poll exit", " - net: usb: asix: suspend embedded PHY if external is used", " - drivers: net: convert to boolean for the mac_managed_pm flag", " - net: fec: Set mac_managed_pm during probe", " - net: ravb: Always process TX descriptor ring", " - ASoC: rt5682-sdw: fix locking sequence", " - ASoC: rt711-sdca: fix locking sequence", " - ASoC: rt711-sdw: fix locking sequence", " - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw", " - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit", " - scsi: mylex: Fix sysfs buffer lengths", " - ata: sata_mv: Fix PCI device ID table declaration compilation warning", " - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY", " - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running", " - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached", " - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()", " - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with", " microphone", " - driver core: Introduce device_link_wait_removal()", " - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals", " - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()", " - s390/entry: align system call table on 8 bytes", " - riscv: Fix spurious errors from __get/put_kernel_nofault", " - riscv: process: Fix kernel gp leakage", " - x86/bugs: Fix the SRSO mitigation on Zen3/4", " - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for", " !SRSO", " - mptcp: don't account accept() of non-MPC client as fallback to TCP", " - mm/secretmem: fix GUP-fast succeeding on secretmem folios", " - gro: fix ownership transfer", " - nvme: fix miss command type check", " - x86: set SPECTRE_BHI_ON as default", " - Linux 5.15.154", "", " * CVE-2024-23307", " - md/raid5: fix atomicity violation in raid5_cache_count", "", " * CVE-2024-26828", " - cifs: fix underflow in parse_server_interfaces()", "", " * CVE-2024-24861", " - media: xc4000: Fix atomicity violation in xc4000_get_frequency", "", " * CVE-2024-26642", " - netfilter: nf_tables: disallow anonymous set with timeout flag", "", " * CVE-2024-26926", " - binder: check offset alignment in binder_get_object()", "", " * CVE-2024-26922", " - drm/amdgpu: validate the parameters of bo mapping operations more clearly", "", " * CVE-2023-6039", " - timers: Silently ignore timers with a NULL function", "", " * CVE-2024-26924", " - netfilter: nft_set_pipapo: do not free live element", "", " * CVE-2024-26643", " - netfilter: nf_tables: mark set as dead when unbinding anonymous set with", " timeout", "" ], "package": "linux", "version": "5.15.0-115.125", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2068396, 1786013, 2067974, 2067959, 2046722, 2065857, 2065805, 2065435 ], "author": "Stefan Bader ", "date": "Fri, 07 Jun 2024 15:06:00 +0200" } ], "notes": "linux-modules-5.15.0-116-generic-lpae version '5.15.0-116.126' (source package linux version '5.15.0-116.126') was added. linux-modules-5.15.0-116-generic-lpae version '5.15.0-116.126' has the same source package name, linux, as removed package linux-headers-5.15.0-113. As such we can use the source package version of the removed package, '5.15.0-113.123', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-113", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": "5.15.0-113.123" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-headers-5.15.0-113-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": "5.15.0-113.123" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-5.15.0-113-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": "5.15.0-113.123" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-5.15.0-113-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-113.123", "version": "5.15.0-113.123" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240701 to 20240716", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240701", "to_serial": "20240716", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }