This bug was fixed in the package linux - 5.15.0-127.137
---------------
linux (5.15.0-127.137) jammy; urgency=medium
* jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)
* Jammy update: v5.15.168 upstream stable release (LP: #2086242)
- parisc: Fix 64-bit userspace syscall path
- parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
error
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
- mm: krealloc: consider spare memory for __GFP_ZERO
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
- ocfs2: fix uninit-value in ocfs2_get_block()
- ocfs2: reserve space for inline xattr before attaching reflink tree
- ocfs2: cancel dqi_sync_work before freeing oinfo
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
- ocfs2: fix null-ptr-deref when journal load failed.
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
- usbnet: ipheth: fix carrier detection in modes 1 and 4
- net: ethernet: use ip_hdrlen() instead of bit shift
- net: phy: vitesse: repair vsc73xx autonegotiation
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
- btrfs: update target inode's ctime on unlink
- Input: ads7846 - ratelimit the spi_sync error message
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
- HID: multitouch: Add support for GT7868Q
- scripts: kconfig: merge_config: config files: add a trailing newline
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
- drm/msm/adreno: Fix error return if missing firmware-name
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
- NFSv4: Fix clearing of layout segments in layoutreturn
- NFS: Avoid unnecessary rescanning of the per-server delegation list
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
- mptcp: pm: Fix uaf in __timer_delete_sync
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
Puma
- minmax: reduce min/max macro expansion in atomisp driver
- net: tighten bad gso csum offset check in virtio_net_hdr
- mm: avoid leaving partial pfn mappings around in error case
- fs/ntfs3: Use kvfree to free memory allocated by kvmalloc
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure
- selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
- hwmon: (pmbus) Introduce and use write_byte_data callback
- hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
1.2
- ice: fix accounting for filters shared by multiple VSIs
- igb: Always call igb_xdp_ring_update_tail() under Tx lock
- net/mlx5e: Add missing link modes to ptys2ethtool_map
- net/mlx5: Explicitly set scheduling element and TSAR type
- net/mlx5: Add support to create match definer
- net/mlx5: Add IFC bits and enums for flow meter
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements
- fou: fix initialization of grc
- octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush
- octeontx2-af: Modify SMQ flush sequence to drop packets
- net: ftgmac100: Enable TX interrupt to avoid TX timeout
- netfilter: nft_socket: fix sk refcount leaks
- net: dpaa: Pad packets to ETH_ZLEN
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler
- ASoC: meson: axg-card: fix 'use-after-free'
- ASoC: allow module autoloading for table db1200_pids
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
- scsi: lpfc: Fix overflow build issue
- pinctrl: at91: make it work with current gpiolib
- microblaze: don't treat zero reserved memory regions as error
- net: ftgmac100: Ensure tx descriptor updates are visible
- wifi: iwlwifi: lower message level for FW buffer destination
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
- wifi: iwlwifi: clear trans->state earlier upon error
- ASoC: intel: fix module autoloading
- ASoC: tda7419: fix module autoloading
- spi: spidev: Add an entry for elgin,jg10309-01
- drm: komeda: Fix an issue related to normalized zpos
- spi: bcm63xx: Enable module autoloading
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
- spi: spidev: Add missing spi_device_id for jg10309-01
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
- cgroup: Make operations on the cgroup root_list RCU safe
- Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
- gpio: prevent potential speculation leaks in gpio_device_get_desc()
- gpiolib: cdev: Ignore reconfiguration without direction
- cgroup: Move rcu_head up near the top of cgroup_root
- USB: serial: pl2303: add device id for Macrosilicon MS3020
- USB: usbtmc: prevent kernel-usb-infoleak
- EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR
- EDAC/synopsys: Use the correct register to disable the error interrupt on
v3
hw
- EDAC/synopsys: Re-enable the error interrupts on v3 hw
- EDAC/synopsys: Fix ECC status and IRQ control race condition
- EDAC/synopsys: Fix error injection on Zynq UltraScale+
- wifi: rtw88: always wait for both firmware loading attempts
- crypto: xor - fix template benchmarking
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
- wifi: ath9k: fix parameter check in ath9k_init_debug()
- wifi: ath9k: Remove error checks when creating debugfs entries
- net: stmmac: dwmac-loongson: Init ref and PTP clocks rate
- wifi: rtw88: remove CPT execution branch never used
- fs: explicitly unregister per-superblock BDIs
- mount: warn only once about timestamp range expiration
- fs/namespace: fnic: Switch to use %ptTd
- mount: handle OOM on mnt_warn_timestamp_expiry
- wifi: iwlwifi: mvm: increase the time between ranging measurements
- padata: Honor the caller's alignment in case of chunk_size 0
- can: j1939: use correct function name in comment
- ACPI: CPPC: Fix MASK_VAL() usage
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: reject expiration higher than timeout
- netfilter: nf_tables: remove annotation to access set timeout while
holding
lock
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
- x86/sgx: Fix deadlock in SGX NUMA node search
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param
- sock_map: Add a cond_resched() in sock_hash_free()
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
- can: m_can: m_can_close(): stop clocks after device has been shut down
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- bareudp: Pull inner IP header in bareudp_udp_encap_recv().
- net: geneve: support IPv4/IPv6 as inner protocol
- geneve: Fix incorrect inner network header offset when innerprotoinherit
is
set
- bareudp: Pull inner IP header on xmit.
- net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
- r8169: disable ALDPS per default for RTL8125
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
- net: tipc: avoid possible garbage value
- block, bfq: fix possible UAF for bfqq->bic with merge chain
- block, bfq: choose the last bfqq from merge chain in
bfq_setup_cooperator()
- block, bfq: don't break merge chain in bfq_split_bfqq()
- block: print symbolic error name instead of error code
- block: fix potential invalid pointer dereference in blk_add_partition
- spi: ppc4xx: handle irq_of_parse_and_map() errors
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
- arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes
- ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks
- ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
- ARM: versatile: fix OF node leak in CPUs prepare
- reset: berlin: fix OF node leak in probe() error path
- reset: k210: fix OF node leak in probe() error path
- clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
- m68k: Fix kernel_clone_args.flags in m68k_clone()
- hwmon: (max16065) Fix overflows seen when writing limits
- i2c: Add i2c_get_match_data()
- hwmon: (max16065) Remove use of i2c_match_id()
- hwmon: (max16065) Fix alarm attributes
- mtd: slram: insert break after errors in parsing the map
- hwmon: (ntc_thermistor) fix module autoloading
- power: supply: axp20x_battery: Remove design from min and max voltage
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current
sense
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
- mtd: powernv: Add check devm_kasprintf() returned value
- pmdomain: core: Harden inter-column space in debug summary
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
- drm/amd/display: Add null check for set_output_gamma in
dcn30_set_output_transfer_func
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/radeon: properly handle vbios fake edid sizing
- scsi: NCR5380: Add SCp members to struct NCR5380_cmd
- scsi: NCR5380: Check for phase match during PDMA fixup
- drm/rockchip: vop: Allow 4096px width scaling
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid()
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
- jfs: fix out-of-bounds in dbNextAG() and diAlloc()
- drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
- powerpc/32: Remove the 'nobats' kernel parameter
- powerpc/32: Remove 'noltlbs' kernel parameter
- powerpc/8xx: Fix initial memory mapping
- powerpc/8xx: Fix kernel vs user address comparison
- drm/msm: Fix incorrect file name output in adreno_request_fw()
- drm/msm/a5xx: disable preemption in submits by default
- drm/msm/a5xx: properly clear preemption records on resume
- drm/msm/a5xx: fix races in preemption evaluation stage
- drm/msm: Drop priv->lastctx
- drm/msm/a5xx: workaround early ring-buffer emptiness check
- ipmi: docs: don't advertise deprecated sysfs entries
- drm/msm: fix %s null argument error
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
- xen: use correct end address of kernel for conflict checking
- xen/swiotlb: add alignment check for dma buffers
- tpm: Clean up TPM space after command failure
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
- selftests/bpf: Fix compiling core_reloc.c with musl-libc
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc
- selftests/bpf: Fix error compiling test_lru_map.c
- selftests/bpf: Fix C++ compile error from missing _Bool type
- xz: cleanup CRC32 edits from 2018
- kthread: fix task state in kthread worker if being frozen
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in
smk_set_cipso
- ext4: avoid buffer_head leak in ext4_mark_inode_used()
- ext4: avoid potential buffer_head leak in __ext4_new_inode()
- ext4: avoid negative min_clusters in find_group_orlov()
- ext4: return error on ext4_find_inline_entry
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
- nilfs2: determine empty node blocks as corrupted
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- perf mem: Free the allocated sort string, fixing a leak
- perf sched timehist: Fix missing free of session in perf_sched__timehist()
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf time-utils: Fix 32-bit nsec parsing
- clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
- clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
- clk: imx: imx8qxp: Parent should be initialized earlier than the clock
- remoteproc: imx_rproc: Correct ddr alias for i.MX8M
- remoteproc: imx_rproc: Initialize workqueue earlier
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
- Input: ilitek_ts_i2c - add report id message validation
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
- PCI: xilinx-nwl: Fix register misspelling
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
- pinctrl: single: fix missing error code in pcs_probe()
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
- clk: ti: dra7-atl: Fix leak of of_nodes
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
- nfsd: fix refcount leak when file is unhashed after being found
- pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- IB/core: Fix ib_cache_setup_one error flow cleanup
- watchdog: imx_sc_wdt: Don't disable WDT in suspend
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
- RDMA/hns: Remove unused abnormal interrupt of type RAS
- RDMA/hns: Fix the wrong type of return value of the interrupt handler
- RDMA/hns: Refactor the abnormal interrupt handler function
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
- RDMA/hns: Optimize hem allocation performance
- riscv: Fix fp alignment bug in perf_callchain_user()
- RDMA/cxgb4: Added NULL check for lookup_atid
- RDMA/irdma: fix error message in irdma_modify_qp_roce()
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
- ntb_perf: Fix printk format
- nfsd: call cache_put if xdr_reserve_space returns NULL
- nfsd: return -EINVAL when namelen is 0
- f2fs: fix typo
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: reduce expensive checkpoint trigger frequency
- f2fs: optimize error handling in redirty_blocks
- f2fs: fix to wait page writeback before setting gcing flag
- f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy
- f2fs: clean up w/ dotdot_name
- f2fs: get rid of online repaire on corrupted directory
- spi: lpspi: Silence error message upon deferred probe
- spi: lpspi: release requested DMA channels
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
- iio: adc: ad7606: fix oversampling gpio array
- iio: adc: ad7606: fix standby gpio state to match the documentation
- coresight: tmc: sg: Do not leak sg_table
- interconnect: qcom: sm8250: Enable sync_state
- vdpa: Add eventfd for the vdpa callback
- vhost_vdpa: assign irq bypass producer token correctly
- Revert "dm: requeue IO if mapping table not yet available"
- net: axienet: Clean up device used for DMA calls
- net: axienet: Clean up DMA start/stop and error handling
- net: axienet: don't set IRQ timer when IRQ delay not used
- net: axienet: implement NAPI and GRO receive
- net: axienet: reduce default RX interrupt threshold to 1
- net: axienet: add coalesce timer ethtool configuration
- net: axienet: Be more careful about updating tx_bd_tail
- net: axienet: Use NAPI for TX completion path
- net: axienet: Switch to 64-bit RX/TX statistics
- net: xilinx: axienet: Fix packet counting
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
- tcp: check skb is non-NULL in tcp_rto_delta_us()
- net: qrtr: Update packets cloning when broadcasting
- bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
- netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
- Input: goodix - use the new soc_intel_is_byt() helper
- powercap: RAPL: fix invalid initialization for pl4_supported field
- x86/mm: Switch to new Intel CPU model defines
- vfio/pci: fix potential memory leak in vfio_intx_enable()
- selinux,smack: don't bypass permissions check in inode_setsecctx hook
- Remove *.orig pattern from .gitignore
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
- soc: versatile: integrator: fix OF node leak in probe() error path
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()"
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
- drm/amd/display: Round calculated vtotal
- drm/amd/display: Validate backlight caps are sane
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
- scsi: mac_scsi: Refactor polling loop
- scsi: mac_scsi: Disallow bus errors during PDMA send
- usbnet: fix cyclical race on disconnect with work queue
- USB: appledisplay: close race between probe and completion handler
- USB: misc: cypress_cy7c63: check for short transfer
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- usb: cdnsp: Fix incorrect usb_request status
- usb: dwc2: drd: fix clock gating on USB role switch
- bus: integrator-lm: fix OF node leak in probe()
- firmware_loader: Block path traversal
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- drbd: Add NULL check for net_conf to prevent dereference in state
validation
- ACPI: sysfs: validate return type of _STR method
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
- perf/x86/intel/pt: Fix sampling synchronization
- wifi: rtw88: 8822c: Fix reported RX band width
- wifi: mt76: mt7615: check devm_kasprintf() returned value
- debugobjects: Fix conditions in fill_pool()
- f2fs: prevent possible int overflow in dir_block_index()
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- hwrng: mtk - Use devm_pm_runtime_enable
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity
- vfs: fix race between evice_inodes() and find_inode()&iput()
- fs: Fix file_set_fowner LSM hook inconsistencies
- nfs: fix memory leak in error path of nfs4_do_reclaim
- EDAC/igen6: Fix conversion of system address to physical memory address
- padata: use integer wrap around to prevent deadlock on seq_nr overflow
- soc: versatile: realview: fix memory leak during device remove
- soc: versatile: realview: fix soc_dev leak during device remove
- usb: yurex: Replace snprintf() with the safer scnprintf() variant
- USB: misc: yurex: fix race between read and write
- xhci: fix event ring segment table related masks and variables in header
- xhci: remove xhci_test_trb_in_td_math early development check
- xhci: Refactor interrupter code for initial multi interrupter support.
- xhci: Preserve RsvdP bits in ERSTBA register correctly
- xhci: Add a quirk for writing ERST in high-low order
- usb: xhci: fix loss of data on Cadence xHC
- pps: remove usage of the deprecated ida_simple_xx() API
- pps: add an error check in parport_attach
- x86/idtentry: Incorporate definitions/declarations of the FRED entries
- x86/entry: Remove unwanted instrumentation in common_interrupt()
- bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
- lockdep: fix deadlock issue between lockdep and rcu
- mm: only enforce minimum stack gap size if it's sensible
- i2c: aspeed: Update the stop sw state when the bus recovery occurs
- i2c: isch: Add missed 'else'
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- spi: lpspi: Simplify some error message
- static_call: Handle module init failure correctly in
static_call_del_module()
- static_call: Replace pointless WARN_ON() in static_call_module_notify()
- mailbox: rockchip: fix a typo in module autoloading
- mailbox: bcm2835: Fix timeout during suspend mode
- ceph: remove the incorrect Fw reference check when dirtying pages
- ieee802154: Fix build error
- net/mlx5: Fix error path in multi-packet WQE transmit
- net/mlx5: Added cond_resched() to crdump collection
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- net: ethernet: lantiq_etop: fix memory disclosure
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
- net: add more sanity checks to qdisc_pkt_len_init()
- stmmac_pci: Fix underflow size in stmmac_rx
- net: stmmac: Disable automatic FCS/Pad stripping
- net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
- ppp: do not assume bh is held in ppp_channel_bridge_input()
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
- i2c: xiic: Fix broken locking on tx_msg
- i2c: xiic: Switch from waitqueue to completion
- i2c: xiic: Fix RX IRQ busy check
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
- i2c: xiic: improve error message when transfer fails to start
- i2c: xiic: Try re-initialization on bus busy timeout
- media: usbtv: Remove useless locks in usbtv_video_free()
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
- ALSA: hda/realtek: Fix the push button function for the ALC257
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
- f2fs: Require FMODE_WRITE for atomic write ioctls
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- net/xen-netback: prevent UAF in xenvif_flush_hash()
- net: hisilicon: hip04: fix OF node leak in probe()
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
- net: hisilicon: hns_mdio: fix OF node leak in probe()
- ACPI: PAD: fix crash in exit_round_robin()
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
- blk_iocost: fix more out of bound shifts
- nvme-pci: qdepth 1 quirk
- wifi: ath11k: fix array out-of-bound access in SoC stats
- wifi: rtw88: select WANT_DEV_COREDUMP
- ACPI: EC: Do not release locks during operation region accesses
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
- tipc: guard against string buffer overrun
- net: mvpp2: Increase size of queue_name buffer
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- net: atlantic: Avoid warning about potential string truncation
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
- ACPICA: iasl: handle empty connection_node
- proc: add config & param to block forcing mem writes
- [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- signal: Replace BUG_ON()s
- ALSA: usb-audio: Add input value sanity checks for standard types
- x86/ioapic: Handle allocation failures gracefully
- ALSA: usb-audio: Define macros for quirk table entries
- ALSA: usb-audio: Add logitech Audio profile quirk
- tools/x86/kcpuid: Protect against faulty "max subleaf" values
- ALSA: asihpi: Fix potential OOB array access
- ALSA: hdsp: Break infinite MIDI input flush loop
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- fbdev: pxafb: Fix possible use after free in pxafb_task()
- rcuscale: Provide clear error when async specified without primitives
- iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
- power: reset: brcmstb: Do not go into infinite loop if reset fails
- iommu/vt-d: Always reserve a domain ID for identity setup
- iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- drm/amd/display: Check null pointers before using dc->clk_mgr
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- jfs: Fix uaf in dbFreeBits
- jfs: check if leafidx greater than num leaves per dmap tree
- scsi: smartpqi: correct stream detection
- jfs: Fix uninit-value access of new_ea in ea_buffer
- drm/amdgpu: add raven1 gfxoff quirk
- drm/amdgpu: enable gfxoff quirk on HP 705G4
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
- platform/x86: touchscreen_dmi: add nanote-next quirk
- drm/amd/display: Check stream before comparing them
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
translation
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation
- drm/amd/display: Fix index out of bounds in DCN30 color transformation
- drm/amd/display: Initialize get_bytes_per_element's default to 1
- drm/printer: Allow NULL data in devcoredump printer
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- drm/amd/pm: ensure the fw_info is not null before using it
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- ext4: ext4_search_dir should return a proper error
- ext4: avoid use-after-free in ext4_ext_show_leaf()
- ext4: fix i_data_sem unlock order in ext4_ind_migrate()
- blk-integrity: use sysfs_emit
- blk-integrity: convert to struct device_attribute
- blk-integrity: register sysfs attributes on struct device
- usb: typec: tcpm: Check for port partner validity before consuming it
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
- spi: s3c64xx: fix timeout counters in flush_fifo
- selftests: breakpoints: use remaining time to check if suspend succeed
- selftests: vDSO: fix vDSO name for powerpc
- selftests: vDSO: fix vdso_config for powerpc
- selftests: vDSO: fix vDSO symbols lookup for powerpc64
- selftests/mm: fix charge_reserved_hugetlb.sh test
- selftests: vDSO: fix ELF hash table entry size for s390x
- selftests: vDSO: fix vdso_config for s390
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
- spi: bcm63xx: Fix module autoloading
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
- perf/core: Fix small negative period being ignored
- parisc: Fix itlb miss handler for 64-bit programs
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- ALSA: core: add isascii() check to card ID generator
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
- ALSA: usb-audio: Add native DSD support for Luxman D-08u
- ALSA: line6: add hw monitor volume control to POD HD500X
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
- ext4: no need to continue when the number of entries is 1
- ext4: correct encrypted dentry name hash when not casefolded
- ext4: fix slab-use-after-free in ext4_split_extent_at()
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
- ext4: aovid use-after-free in ext4_ext_insert_extent()
- ext4: fix double brelse() the buffer of the extents path
- ext4: update orig_path in ext4_find_extent()
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- ext4: fix incorrect tid assumption in
jbd2_journal_shrink_checkpoint_list()
- ext4: fix fast commit inode enqueueing during a full journal commit
- ext4: use handle to mark fc as ineligible in __track_dentry_update()
- ext4: mark fc as ineligible using an handle in ext4_xattr_set()
- riscv: define ILLEGAL_POINTER_VALUE for 64bit
- exfat: fix memory leak in exfat_load_bitmap()
- perf hist: Update hist symbol when updating maps
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- nfsd: map the EBADMSG to nfserr_io to avoid warning
- NFSD: Fix NFSv4's PUTPUBFH operation
- aoe: fix the potential use-after-free problem in more places
- clk: rockchip: fix error for unknown clocks
- clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- clk: qcom: clk-rpmh: Fix overflow in BCM vote
- clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
- media: venus: fix use after free bug in venus_remove due to race condition
- clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
- clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- tomoyo: fallback to realpath if symlink's pathname does not exist
- net: stmmac: Fix zero-division error when disabling tc cbs
- rtc: at91sam9: fix OF node leak in probe() error path
- Input: adp5589-keys - fix NULL pointer dereference
- Input: adp5589-keys - fix adp5589_gpio_get_value()
- ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[]
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[]
- btrfs: fix a NULL pointer dereference when failed to start a new
trasacntion
- btrfs: wait for fixup workers before stopping cleaner kthread during
umount
- gpio: davinci: fix lazy disable
- tracing/hwlat: Fix a race during cpuhp processing
- tracing/timerlat: Fix a race during cpuhp processing
- close_range(): fix the logics in descriptor table trimming
- drm/sched: Add locking to drm_sched_entity_modify_sched
- drm/amd/display: Fix system hang while resume with TBT monitor
- kconfig: qconf: fix buffer overflow in debug links
- device property: Add fwnode_iomap()
- device property: Add fwnode_irq_get_byname
- i2c: smbus: Use device_*() functions instead of of_*()
- i2c: create debugfs entry per adapter
- i2c: core: Lock address during client device instantiation
- i2c: xiic: Use devm_clk_get_enabled()
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
- spi: bcm63xx: Fix missing pm_runtime_disable()
- ext4: properly sync file size update after O_SYNC direct IO
- ext4: dax: fix overflowing extents beyond inode size when partially
writing
- arm64: Add Cortex-715 CPU part definition
- arm64: cputype: Add Neoverse-N3 definitions
- arm64: errata: Expand speculative SSBS workaround once more
- uprobes: fix kernel info leak via "[uprobes]" vma
- drm/amd/display: Allow backlight to go below
`AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
- build-id: require program headers to be right after ELF header
- lib/buildid: harden build ID parsing logic
- drm/rockchip: define gamma registers for RK3399
- drm/rockchip: support gamma control on RK3399
- drm/rockchip: vop: clear DMA stop bit on RK3066
- media: i2c: imx335: Enable regulator supplies
- media: imx335: Fix reset-gpio handling
- dt-bindings: clock: qcom: Add missing UFS QREF clocks
- dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
- r8169: add tally counter fields added with RTL8125
- clk: qcom: gcc-sc8180x: Add GPLL9 support
- ACPI: battery: Simplify battery hook locking
- ACPI: battery: Fix possible crash when unregistering a battery hook
- Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
bindings"
- ext4: fix inode tree inconsistency caused by ENOMEM
- 9p: add missing locking around taking dentry fid list
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
- perf report: Fix segfault when 'sym' sort key is not used
- ALSA: usb-audio: Fix possible NULL pointer dereference in
snd_usb_pcm_has_fixed_rate()
- unicode: Don't special case ignorable code points
- net: ethernet: cortina: Drop TSO support
- tracing: Remove precision vsnprintf() check from print event
- drm/crtc: fix uninitialized variable use even harder
- tracing: Have saved_cmdlines arrays all in one allocation
- selftests/net: give more time to udpgro bg processes to complete startup
- selftests/net: synchronize udpgro tests' tx and rx connection
- selftests: net: Remove executable bits from library scripts
- fs/ntfs3: Refactor enum_rstbl to suppress static checker
- virtio_console: fix misc probe bugs
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- bpf: Check percpu map value size first
- s390/facility: Disable compile time optimization for decompressor code
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
- bpf, x64: Fix a jit convergence issue
- ext4: don't set SB_RDONLY after filesystem errors
- ext4: nested locking for xattr inode
- s390/cpum_sf: Remove WARN_ON_ONCE statements
- ktest.pl: Avoid false positives with grub2 skip regex
- RDMA/mad: Improve handling of timed out WRs of mad agent
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment
- clk: bcm: bcm53573: fix OF node leak in init
- PCI: Add ACS quirk for Qualcomm SA8775P
- i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put()
- remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
- usb: chipidea: udc: enable suspend interrupt after usb reset
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
- comedi: ni_routing: tools: Check when the file could not be opened
- virtio_pmem: Check device status before requesting flush
- tools/iio: Add memory allocation failure check for trigger_name
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- drm/amd/display: Check null pointer before dereferencing se
- fbdev: sisfb: Fix strbuf array overflow
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
- NFSD: Mark filecache "down" if init fails
- ice: fix VLAN replay after reset
- SUNRPC: Fix integer overflow in decode_rc_list()
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
- net: phy: dp83869: fix memory corruption when enabling fiber
- tcp: fix to allow timestamp undo if no retransmits were sent
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- netfilter: br_netfilter: fix panic with metadata_dst skb
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
- net: phy: bcm84881: Fix some error handling paths
- thermal: int340x: processor_thermal: Set feature mask before
proc_thermal_add
- thermal: intel: int340x: processor: Fix warning during module unload
- net: dsa: b53: fix jumbo frame mtu check
- net: dsa: b53: fix max MTU for 1g switches
- net: dsa: b53: fix max MTU for BCM5325/BCM5365
- net: dsa: b53: allow lower MTUs on BCM5325/5365
- net: dsa: b53: fix jumbo frames on 10/100 ports
- gpio: aspeed: Add the flush write to ensure the write complete.
- gpio: aspeed: Use devm_clk api to manage clock source
- ice: Fix netif_is_ice() in Safe Mode
- i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
- igb: Do not bring the device up after non-fatal error
- net/sched: accept TCA_STAB only for root qdisc
- net: ibm: emac: mal: fix wrong goto
- sctp: ensure sk_state is set to CLOSED if hashing fails in
sctp_listen_start
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed
- net: Add l3mdev index to flow struct and avoid oif reset for port devices
- netfilter: rpfilter/fib: Populate flowic_l3mdev field
- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.
- netfilter: fib: check correct rtable in vrf setups
- net: rtnetlink: add msg kind names
- rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
- mctp: Handle error of rtnl_register_module().
- ppp: fix ppp_async_encode() illegal access
- slip: make slhc_remember() more robust against malicious packets
- RDMA/hns: Fix UAF for cq async event
- x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
- resource: fix region_intersects() vs add_memory_driver_managed()
- HID: plantronics: Workaround for an unexcepted opposite volume key
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
- usb: dwc3: core: Stop processing of pending events if controller is halted
- usb: xhci: Fix problem with xhci resume from suspend
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma
- drm/v3d: Stop the active perfmon before being destroyed
- net: explicitly clear the sk pointer, when pf->create fails
- net: Fix an unsafe loop on the list
- net: dsa: lan9303: ensure chip reset and wait for READY status
- mptcp: pm: do not remove closing subflows
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
- kthread: unpark only parked kthread
- block, bfq: fix uaf for accessing waker_bfqq after splitting
- i2c: smbus: Check for parent device before dereference
- net: geneve: add missing netlink policy and size for
IFLA_GENEVE_INNER_PROTO_INHERIT
- xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup
- net: Handle l3mdev in ip_tunnel_init_flow
- net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev
- net: vrf: determine the dst using the original ifindex for multicast
- netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
- ext4: fix warning in ext4_dio_write_end_io()
- net: axienet: start napi before enabling Rx/Tx
- selftests: net: more strict check in net_helper
- net: xilinx: axienet: Schedule NAPI in two steps
- Linux 5.15.168
* CVE-2024-36968
- Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
* CVE-2024-35904
- selinux: avoid dereference of garbage after mount failure
* IOMMU warnings on AMD systems after booting into kdump kernel
(LP: #2080378)
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
- iommu/amd: Fix compile warning in init code
* CVE-2024-42156
- s390/pkey: Wipe copies of clear-key structures on failure
* CVE-2024-44942
- f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
* CVE-2024-38538
- net: bridge: xmit: make sure we have at least eth header len bytes
* CVE-2024-42158
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
* CVE-2024-38667
- riscv: prevent pt_regs corruption for secondary idle threads
* CVE-2024-44940
- fou: remove warn in gue_gro_receive on unsupported protocol
* CVE-2024-42079
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
* CVE-2024-35951
- drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
* LXD fan bridge causes blocked tasks (LP: #2064176)
- SAUCE: fan: release rcu_read_lock on skb discard path
* CVE-2023-52532
- net: mana: Fix TX CQE error handling
* CVE-2023-52621
- bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
* CVE-2024-26947
- ARM: 9359/1: flush: check if the folio is reserved for no-mapping
addresses
* CVE-2023-52639
- KVM: s390: vsie: fix race during shadow creation
-- Mehmet Basaran <mehmet.basa...@canonical.com> Fri, 08 Nov 2024
16:48:16 +0300
** Changed in: linux (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52532
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52621
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52639
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26947
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35904
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35951
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36968
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38538
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38667
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-42079
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-42156
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-42158
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-44940
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-44942
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2080378
Title:
IOMMU warnings on AMD systems after booting into kdump kernel
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Released
Bug description:
[impact]
On some AMD systems, loading into a kdump kernel will show a few warnings
IOMMU warnings during early boot. These warnings have not been observed yet to
cause any issues but there is a fix upstream for them. Currently only focal-HWE
and jammy 5.15 are affected. Newer kernel releases already have the fix. The
stack traces look like the following:
[ 9.125703] WARNING: CPU: 0 PID: 1 at drivers/iommu/amd/init.c:829
iommu_init_irq+0x2f2/0x3c0
[ 9.134223] Modules linked in:
[ 9.137283] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
5.15.0-107-generic #117~20.04.1-Ubuntu
[ 9.145716] Hardware name: <hidden>
[ 9.153111] RIP: 0010:iommu_init_irq+0x2f2/0x3c0
[ 9.157729] Code: 90 ff 85 c0 0f 84 e8 fd ff ff be 01 00 00 00 44 89
ef 89 45 94 e8 2e dc 90 ff 4c 89 e7 e8 b6 cf 90 ff 8b 45 94 e9 6c fd ff ff <0f>
0b 31 c0 e9 63 fd ff ff 0f 0b 31 c0 e9 5a fd ff ff 31 c9 48 c7
[ 9.176475] RSP: 0018:ffffa005000fbd00 EFLAGS: 00010202
[ 9.181703] RAX: 0000000000000198 RBX: ffff9335af44a000 RCX:
ffffa00500100000
[ 9.188838] RDX: ffffa00500100000 RSI: ffff9335c05b9140 RDI:
ffff9335c05b95c8
[ 9.195970] RBP: ffffa005000fbd70 R08: ffffffffffffffff R09:
0000000000000000
[ 9.203101] R10: ffffffe000000000 R11: 0000000000000025 R12:
ffff9335c0468cc0
[ 9.210231] R13: 000000000000001a R14: ffff9335b0151600 R15:
0000000000000006
[ 9.217362] FS: 0000000000000000(0000) GS:ffff9336aec00000(0000)
knlGS:0000000000000000
[ 9.225446] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9.231185] CR2: 0000000000000000 CR3: 000002006c810000 CR4:
0000000000350ef0
[ 9.238318] Call Trace:
[ 9.240763] <TASK>
[ 9.242869] ? show_regs.cold+0x1a/0x1f
[ 9.246710] ? iommu_init_irq+0x2f2/0x3c0
[ 9.250722] ? __warn+0x8b/0xe0
[ 9.253868] ? iommu_init_irq+0x2f2/0x3c0
[ 9.257883] ? report_bug+0xd5/0x110
[ 9.261461] ? handle_bug+0x39/0x90
[ 9.264956] ? exc_invalid_op+0x19/0x70
[ 9.268794] ? asm_exc_invalid_op+0x1b/0x20
[ 9.272980] ? iommu_init_irq+0x2f2/0x3c0
[ 9.276993] ? e820__memblock_setup+0x89/0x89
[ 9.281353] state_next+0x3f5/0x6ba
[ 9.284847] ? e820__memblock_setup+0x89/0x89
[ 9.289206] iommu_go_to_state+0x28/0x31
[ 9.293131] amd_iommu_init+0x15/0x4f
[ 9.296797] ? e820__memblock_setup+0x89/0x89
[ 9.301150] pci_iommu_init+0x1a/0x48
[ 9.304817] do_one_initcall+0x48/0x1e0
[ 9.308655] kernel_init_freeable+0x284/0x2f1
[ 9.313016] ? rest_init+0x100/0x100
[ 9.316593] kernel_init+0x1b/0x150
[ 9.320078] ? rest_init+0x100/0x100
[ 9.323658] ret_from_fork+0x22/0x30
[ 9.327238] </TASK>
[ 9.329431] ---[ end trace 6113ebe8cb8ce54f ]---
The commit that fixes the issue is:
* c5e1a1eb9279 ("iommu/amd: Simplify and Consolidate Virtual APIC
(AVIC) Enablement")
However another commit was also created that fixed compiler warnings
introduced by the above commit:
* be280ea763f7 ("iommu/amd: Fix compile warning in init code")
[Test Plan]
1- On a machine using an AMD CPU and running the focal-hwe or jammy
5.15 kernel, make sure kdump is configured following these steps:
https://ubuntu.com/server/docs/kernel-crash-dump
2- Trigger a kernel panic. This can be done using the command:
$ echo c > /proc/sysrq-trigger
3- When the machine reboots, you will notice IOMMU warnings during the
early phases of the boot process in dmesg.
4- After applying the two commits and repeating step 2. No IOMMU
warnings should show up anymore in dmesg.
[Fix]
Only the first commit of the below list is required to fix the bug, but the
second one is good to have to avoid compilation warnings introduced by that
commit:
* c5e1a1eb9279 ("iommu/amd: Simplify and Consolidate Virtual APIC (AVIC)
Enablement")
* be280ea763f7 ("iommu/amd: Fix compile warning in init code")
[where problems could occur]
* IOMMU can fail to initialize after applying these commits on AMD
systems.
* There is a chance these commits do not fix IOMMU warnings for all
AMD system configurations
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2080378/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
