Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.1.24 upstream stable release
from git://git.kernel.org/
Linux 6.1.24
bpftool: Print newline before '}' for struct with padding only fields
mm: enable maple tree RCU mode by default.
maple_tree: add RCU lock checking to rcu callback functions
maple_tree: add smp_rmb() to dead node detection
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: detect dead nodes in mas_start()
maple_tree: refine ma_state init from mas_start()
maple_tree: be more cautious about dead nodes
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: reduce user error potential
maple_tree: fix potential rcu issue
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
mm: take a page reference when removing device exclusive entries
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915/dp_mst: Fix payload removal during output disabling
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amd/display: Clear MST topology if it fails to resume
blk-throttle: Fix that bps of child could exceed bps limited in parent
maple_tree: fix a potential concurrency bug in RCU mode
maple_tree: fix get wrong data_end in mtree_lookup_walk()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
drm/i915: Fix context runtime accounting
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
ublk: read any SQE values upfront
wifi: mt76: ignore key disable commands
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
zsmalloc: document freeable stats
tracing/synthetic: Make lastcmd_mutex static
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing: Free error logs of tracing instances
tracing/osnoise: Fix notify new tracing_max_latency
tracing/timerlat: Notify new max thread latency
tracing/synthetic: Fix races on freeing last_cmd
net: stmmac: Add queue reset into stmmac_xdp_open() function
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
fs: drop peer group ids under namespace lock
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
block: don't set GD_NEED_PART_SCAN if scan partition failed
block: ublk: make sure that block size is set correctly
cifs: sanitize paths in cifs_update_super_prepath.
nvme: fix discard support without oncs
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
io_uring: fix memory leak when removing provided buffers
io_uring: fix return value when removing provided buffers
iio: adc: ad7791: fix IRQ flags
blk-mq: directly poll requests
counter: 104-quad-8: Fix Synapse action reported for Index signals
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
coresight: etm4x: Do not access TRCIDR1 for identification
mm: kfence: fix handling discontiguous page
mm: kfence: fix PG_slab and memcg_data clearing
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
x86/ACPI/boot: Use FADT version to check support for online capable
x86/acpi/boot: Correct acpi_is_processor_usable() check
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK
is asserted in lpuart32_tx_empty
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: light: cm32181: Unregister second I2C client if present
iio: buffer: make sure O_NONBLOCK is respected
iio: buffer: correctly return bytes written in output buffers
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adis16480: select CONFIG_CRC32
drivers: iio: adc: ltc2497: fix LSB shift
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: dwc3: pci: add support for the Intel Meteor Lake-S
usb: cdnsp: Fixes error: uninitialized symbol 'len'
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
xhci: Free the command allocated for setting LPM if we return early
usb: xhci: tegra: fix sleep in atomic call
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
cxl/pci: Handle excessive CDAT length
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle truncated CDAT header
cxl/pci: Fix CDAT retrieval on big endian
net: stmmac: check fwnode for phy device before scanning for phy
arm64: compat: Work around uninitialized variable warning
gve: Secure enough bytes in the first TX desc for all TCP pkts
netlink: annotate lockless accesses to nlk->max_recvmsg_len
ethtool: reset #lanes when lanes is omitted
ping: Fix potentail NULL deref for /proc/net/icmp.
raw: Fix NULL deref in raw_get_next().
raw: use net_hash_mix() in hash function
ice: Reset FDIR counter in FDIR init stage
ice: fix wrong fallback logic for FDIR
NFSD: callback request does not use correct credential for AUTH_SYS
sunrpc: only free unix grouplist after RCU settles
net: stmmac: fix up RX flow hash indirection table when setting channels
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
gpio: davinci: Add irq chip flag to skip set wake
gpio: davinci: Do not clear the bank intr enable bit in save_context
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
platform/x86: think-lmi: Fix memory leak when showing current settings
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
sctp: check send stream number after wait_for_sndbuf
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
net: don't let netpoll invoke NAPI if in xmit context
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
icmp: guard against too small mtu
nfsd: call op_release, even when op_func returns an error
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
wifi: brcmfmac: Fix SDIO suspend/resume regression
l2tp: generate correct module alias strings
net: stmmac: remove redundant fixup to support fixed-link mode
net: stmmac: check if MAC needs to attach to a PHY
net: phylink: add phylink_expects_phy() method
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
KVM: s390: pv: fix external interruption loop not always detected
ASoC: codecs: lpass: fix the order or clks turn off during suspend
pwm: meson: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: Make .get_state() callback return an error code
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
Drivers: vmbus: Check for channel allocation before looking up relids
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Align chained counter implementation with architecture
pseudocode
dm: fix improper splitting for abnormal bios
dm: change "unsigned" to "unsigned int"
dm integrity: Remove bi_sector that's only used by commented debug code
dm cache: Add some documentation to dm-cache-background-tracker.h
** Affects: linux-oem-6.1 (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux-oem-6.1 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Tags: kernel-stable-tracking-bug
** Changed in: linux-oem-6.1 (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux-oem-6.1 (Ubuntu Jammy)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.1 in Ubuntu.
https://bugs.launchpad.net/bugs/2016470
Title:
Jammy update: v6.1.24 upstream stable release
Status in linux-oem-6.1 package in Ubuntu:
Confirmed
Status in linux-oem-6.1 source package in Jammy:
New
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.1.24 upstream stable release
from git://git.kernel.org/
Linux 6.1.24
bpftool: Print newline before '}' for struct with padding only fields
mm: enable maple tree RCU mode by default.
maple_tree: add RCU lock checking to rcu callback functions
maple_tree: add smp_rmb() to dead node detection
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: detect dead nodes in mas_start()
maple_tree: refine ma_state init from mas_start()
maple_tree: be more cautious about dead nodes
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: reduce user error potential
maple_tree: fix potential rcu issue
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and
kmem_cache_alloc_bulk()
mm: take a page reference when removing device exclusive entries
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915/dp_mst: Fix payload removal during output disabling
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amd/display: Clear MST topology if it fails to resume
blk-throttle: Fix that bps of child could exceed bps limited in parent
maple_tree: fix a potential concurrency bug in RCU mode
maple_tree: fix get wrong data_end in mtree_lookup_walk()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
drm/i915: Fix context runtime accounting
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
ublk: read any SQE values upfront
wifi: mt76: ignore key disable commands
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
zsmalloc: document freeable stats
tracing/synthetic: Make lastcmd_mutex static
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing: Free error logs of tracing instances
tracing/osnoise: Fix notify new tracing_max_latency
tracing/timerlat: Notify new max thread latency
tracing/synthetic: Fix races on freeing last_cmd
net: stmmac: Add queue reset into stmmac_xdp_open() function
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
fs: drop peer group ids under namespace lock
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
block: don't set GD_NEED_PART_SCAN if scan partition failed
block: ublk: make sure that block size is set correctly
cifs: sanitize paths in cifs_update_super_prepath.
nvme: fix discard support without oncs
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
io_uring: fix memory leak when removing provided buffers
io_uring: fix return value when removing provided buffers
iio: adc: ad7791: fix IRQ flags
blk-mq: directly poll requests
counter: 104-quad-8: Fix Synapse action reported for Index signals
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
coresight: etm4x: Do not access TRCIDR1 for identification
mm: kfence: fix handling discontiguous page
mm: kfence: fix PG_slab and memcg_data clearing
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
x86/ACPI/boot: Use FADT version to check support for online capable
x86/acpi/boot: Correct acpi_is_processor_usable() check
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: fsl_lpuart: avoid checking for transfer complete when
UARTCTRL_SBK is asserted in lpuart32_tx_empty
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: light: cm32181: Unregister second I2C client if present
iio: buffer: make sure O_NONBLOCK is respected
iio: buffer: correctly return bytes written in output buffers
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adis16480: select CONFIG_CRC32
drivers: iio: adc: ltc2497: fix LSB shift
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: dwc3: pci: add support for the Intel Meteor Lake-S
usb: cdnsp: Fixes error: uninitialized symbol 'len'
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
xhci: Free the command allocated for setting LPM if we return early
usb: xhci: tegra: fix sleep in atomic call
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
cxl/pci: Handle excessive CDAT length
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle truncated CDAT header
cxl/pci: Fix CDAT retrieval on big endian
net: stmmac: check fwnode for phy device before scanning for phy
arm64: compat: Work around uninitialized variable warning
gve: Secure enough bytes in the first TX desc for all TCP pkts
netlink: annotate lockless accesses to nlk->max_recvmsg_len
ethtool: reset #lanes when lanes is omitted
ping: Fix potentail NULL deref for /proc/net/icmp.
raw: Fix NULL deref in raw_get_next().
raw: use net_hash_mix() in hash function
ice: Reset FDIR counter in FDIR init stage
ice: fix wrong fallback logic for FDIR
NFSD: callback request does not use correct credential for AUTH_SYS
sunrpc: only free unix grouplist after RCU settles
net: stmmac: fix up RX flow hash indirection table when setting channels
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
gpio: davinci: Add irq chip flag to skip set wake
gpio: davinci: Do not clear the bank intr enable bit in save_context
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI
strings
platform/x86: think-lmi: Fix memory leak when showing current settings
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
sctp: check send stream number after wait_for_sndbuf
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
net: don't let netpoll invoke NAPI if in xmit context
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
icmp: guard against too small mtu
nfsd: call op_release, even when op_func returns an error
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
wifi: brcmfmac: Fix SDIO suspend/resume regression
l2tp: generate correct module alias strings
net: stmmac: remove redundant fixup to support fixed-link mode
net: stmmac: check if MAC needs to attach to a PHY
net: phylink: add phylink_expects_phy() method
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
KVM: s390: pv: fix external interruption loop not always detected
ASoC: codecs: lpass: fix the order or clks turn off during suspend
pwm: meson: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: Make .get_state() callback return an error code
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
Drivers: vmbus: Check for channel allocation before looking up relids
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Align chained counter implementation with architecture
pseudocode
dm: fix improper splitting for abnormal bios
dm: change "unsigned" to "unsigned int"
dm integrity: Remove bi_sector that's only used by commented debug code
dm cache: Add some documentation to dm-cache-background-tracker.h
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.1/+bug/2016470/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
