This bug was fixed in the package linux-oem-6.1 - 6.1.0-1007.7
---------------
linux-oem-6.1 (6.1.0-1007.7) jammy; urgency=medium
* jammy/linux-oem-6.1: 6.1.0-1007.7 -proposed tracker (LP: #2006571)
* Miscellaneous Ubuntu changes
- [Config] Update annotations after rebase
[ Ubuntu: 6.1.0-14.14 ]
* lunar/linux: 6.1.0-14.14 -proposed tracker (LP: #2003939)
* Miscellaneous upstream changes
- Revert "UBUNTU: debian/dkms-versions -- update from kernel-versions
(main/master)"
[ Ubuntu: 6.1.0-13.13 ]
* lunar/linux: 6.1.0-13.13 -proposed tracker (LP: #2003683)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/master)
* Lunar update: v6.1.6 upstream stable release (LP: #2003689)
- parisc: Align parisc MADV_XXX constants with all other architectures
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate()
- x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate().
- x86/fpu: Add a pkru argument to copy_uabi_to_xstate()
- x86/fpu: Allow PKRU to be (once again) written by ptrace.
- x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set
- selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace
- Revert "SUNRPC: Use RMW bitops in single-threaded hot paths"
- gcc: disable -Warray-bounds for gcc-11 too
- net: sched: disallow noqueue for qdisc classes
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform
- ALSA: hda: cs35l41: Don't return -EINVAL from system suspend/resume
- ALSA: hda - Enable headset mic on another Dell laptop with ALC3254
- ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle
- Linux 6.1.6
* Lunar update: v6.1.6 upstream stable release (LP: #2003689) // CVE-2023-0266
was assigned for this issue.
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
* Lunar update: v6.1.5 upstream stable release (LP: #2003688)
- ARM: renumber bits related to _TIF_WORK_MASK
- btrfs: replace strncpy() with strscpy()
- cifs: fix interface count calculation during refresh
- cifs: refcount only the selected iface during interface update
- usb: dwc3: gadget: Ignore End Transfer delay on teardown
- btrfs: fix off-by-one in delalloc search during lseek
- btrfs: fix compat_ro checks against remount
- perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
- perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged
data
- phy: qcom-qmp-combo: fix broken power on
- btrfs: fix an error handling path in btrfs_defrag_leaves()
- SUNRPC: ensure the matching upcall is in-flight upon downcall
- wifi: ath9k: use proper statements in conditionals
- bpf: pull before calling skb_postpull_rcsum()
- drm/panfrost: Fix GEM handle creation ref-counting
- netfilter: nf_tables: consolidate set description
- netfilter: nf_tables: add function to create set stateful expressions
- netfilter: nf_tables: perform type checking for existing sets
- ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf
- net: vrf: determine the dst using the original ifindex for multicast
- vmxnet3: correctly report csum_level for encapsulated packet
- mptcp: fix deadlock in fastopen error path
- mptcp: fix lockdep false positive
- netfilter: nf_tables: honor set timeout and garbage collection updates
- bonding: fix lockdep splat in bond_miimon_commit()
- net: lan966x: Fix configuration of the PCS
- veth: Fix race with AF_XDP exposing old or uninitialized descriptors
- nfsd: shut down the NFSv4 state objects before the filecache
- net: hns3: add interrupts re-initialization while doing VF FLR
- net: hns3: fix miss L3E checking for rx packet
- net: hns3: fix VF promisc mode not update when mac table full
- net: sched: fix memory leak in tcindex_set_parms
- qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
- net: dsa: mv88e6xxx: depend on PTP conditionally
- nfc: Fix potential resource leaks
- bnxt_en: Simplify bnxt_xdp_buff_init()
- bnxt_en: Fix XDP RX path
- bnxt_en: Fix first buffer size calculations for XDP multi-buffer
- bnxt_en: Fix HDS and jumbo thresholds for RX packets
- vdpa/mlx5: Fix rule forwarding VLAN to TIR
- vdpa/mlx5: Fix wrong mac address deletion
- vdpa_sim: fix possible memory leak in vdpasim_net_init() and
vdpasim_blk_init()
- vhost/vsock: Fix error handling in vhost_vsock_init()
- vringh: fix range used in iotlb_translate()
- vhost: fix range used in translate_desc()
- vhost-vdpa: fix an iotlb memory leak
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
- virtio-crypto: fix memory leak in
virtio_crypto_alg_skcipher_close_session()
- vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
- vdpasim: fix memory leak when freeing IOTLBs
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
- net/mlx5: Fix io_eq_size and event_eq_size params validation
- net/mlx5: Avoid recovery in probe flows
- net/mlx5: Fix RoCE setting at HCA level
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default
- net/mlx5e: Fix RX reporter for XSK RQs
- net/mlx5e: CT: Fix ct debugfs folder name
- net/mlx5e: Always clear dest encap in neigh-update-del
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
- net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option
- net/mlx5: Lag, fix failure to cancel delayed bond work
- bpf: Always use maximal size for copy_array()
- tcp: Add TIME_WAIT sockets in bhash2.
- net: hns3: refine the handling for VF heartbeat
- net: amd-xgbe: add missed tasklet_kill
- net: ena: Fix toeplitz initial hash value
- net: ena: Don't register memory info on XDP exchange
- net: ena: Account for the number of processed bytes in XDP
- net: ena: Use bitmask to indicate packet redirection
- net: ena: Fix rx_copybreak value update
- net: ena: Set default value for RX interrupt moderation
- net: ena: Update NUMA TPH hint register upon NUMA node update
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
- gpio: pca953x: avoid to use uninitialized value pinctrl
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
- selftests: net: fix cleanup_v6() for arp_ndisc_evict_nocarrier
- selftests: net: return non-zero for failures reported in
arp_ndisc_evict_nocarrier
- drm/meson: Reduce the FIFO lines held when AFBC is not used
- filelock: new helper: vfs_inode_has_locks
- ceph: switch to vfs_inode_has_locks() to fix file lock bug
- gpio: sifive: Fix refcount leak in sifive_gpio_probe
- net: sched: atm: dont intepret cls results when asked to drop
- net: sched: cbq: dont intepret cls results when asked to drop
- vxlan: Fix memory leaks in error path
- net: sparx5: Fix reading of the MAC address
- netfilter: ipset: fix hash:net,port,net hang with /0 subnet
- netfilter: ipset: Rework long task execution when adding/deleting entries
- drm/virtio: Fix memory leak in virtio_gpu_object_create()
- perf tools: Fix resources leak in perf_data__open_dir()
- drm/imx: ipuv3-plane: Fix overlay plane width
- fs/ntfs3: don't hold ni_lock when calling truncate_setsize()
- drivers/net/bonding/bond_3ad: return when there's no aggregator
- octeontx2-pf: Fix lmtst ID used in aura free
- usb: rndis_host: Secure rndis_query check against int overflow
- perf lock contention: Fix core dump related to not finding the
"__sched_text_end" symbol on s/390
- perf stat: Fix handling of unsupported cgroup events when using BPF
counters
- perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match
non BPF mode
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
- ublk: honor IO_URING_F_NONBLOCK for handling control command
- qed: allow sleep in qed_mcp_trace_dump()
- net/ulp: prevent ULP without clone op from entering the LISTEN status
- caif: fix memory leak in cfctrl_linkup_request()
- udf: Fix extension of the last extent in the file
- usb: dwc3: xilinx: include linux/gpio/consumer.h
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
- ASoC: SOF: Revert: "core: unregister clients and machine drivers in
.shutdown"
- 9p/client: fix data race on req->status
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
- ASoC: SOF: mediatek: initialize panic_info to zero
- drm/amdgpu: Fix size validation for non-exclusive domains (v4)
- drm/amdkfd: Fix kfd_process_device_init_vm error handling
- drm/amdkfd: Fix double release compute pasid
- io_uring/cancel: re-grab ctx mutex after finishing wait
- nvme: fix multipath crash caused by flush request when blktrace is enabled
- ACPI: video: Allow GPU drivers to report no panels
- drm/amd/display: Report to ACPI video if no panels were found
- ACPI: video: Don't enable fallback path for creating ACPI backlight by
default
- io_uring: check for valid register opcode earlier
- kunit: alloc_string_stream_fragment error handling bug fix
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
- nvme: also return I/O command effects from nvme_command_effects
- ASoC: SOF: Intel: pci-tgl: unblock S5 entry if DMA stop has failed"
- x86/kexec: Fix double-free of elf header buffer
- x86/bugs: Flush IBP in ib_prctl_set()
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
- bpf: Fix panic due to wrong pageattr of im->image
- Revert "drm/amd/display: Enable Freesync Video Mode by default"
- Revert "net: dsa: qca8k: cache lo and hi for mdio write"
- net: dsa: qca8k: fix wrong length value for mgmt eth packet
- net: dsa: tag_qca: fix wrong MGMT_DATA2 size
- block: don't allow splitting of a REQ_NOWAIT bio
- io_uring: pin context while queueing deferred tw
- io_uring: fix CQ waiting timeout handling
- tpm: Allow system suspend to continue when TPM suspend fails
- vhost_vdpa: fix the crash in unmap a large memory
- thermal: int340x: Add missing attribute for data rate base
- riscv: uaccess: fix type of 0 variable on error in get_user()
- riscv, kprobes: Stricter c.jr/c.jalr decoding
- of/fdt: run soc memory setup when early_init_dt_scan_memory fails
- drm/plane-helper: Add the missing declaration of drm_atomic_state
- drm/amdkfd: Fix kernel warning during topology setup
- drm/i915/gvt: fix gvt debugfs destroy
- drm/i915/gvt: fix vgpu debugfs clean in remove
- virtio-blk: use a helper to handle request queuing errors
- virtio_blk: Fix signedness bug in virtblk_prep_rq()
- drm/amd/display: Add check for DET fetch latency hiding for dcn32
- drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1
and not DPM0
- btrfs: handle case when repair happens with dev-replace
- ksmbd: fix infinite loop in ksmbd_conn_handler_loop()
- ksmbd: send proper error response in smb2_tree_connect()
- ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in
ksmbd_decode_ntlmssp_auth_blob
- drm/i915/dsi: add support for ICL+ native MIPI GPIO sequence
- drm/i915/dsi: fix MIPI_BKLT_EN_1 native GPIO index
- efi: random: combine bootloader provided RNG seed with RNG protocol output
- wifi: ath11k: Send PME message during wakeup from D3cold
- Linux 6.1.5
* Lunar update: v6.1.4 upstream stable release (LP: #2003687)
- drm/amdgpu: skip MES for S0ix as well since it's part of GFX
- drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0
- media: stv0288: use explicitly signed char
- cxl/region: Fix memdev reuse check
- arm64: dts: qcom: sc8280xp: fix UFS DMA coherency
- arm64: Prohibit instrumentation on arch_stack_walk()
- soc: qcom: Select REMAP_MMIO for LLCC driver
- soc: qcom: Select REMAP_MMIO for ICC_BWMON driver
- kest.pl: Fix grub2 menu handling for rebooting
- ktest.pl minconfig: Unset configs instead of just removing them
- jbd2: use the correct print format
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D
- perf/x86/intel/uncore: Clear attr_update properly
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
- arm64: dts: qcom: sc8280xp: fix UFS reference clocks
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
- phy: qcom-qmp-combo: fix out-of-bounds clock access
- drm/amd/pm: update SMU13.0.0 reported maximum shader clock
- drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings
- btrfs: fix uninitialized parent in insert_state
- btrfs: fix extent map use-after-free when handling missing device in
read_one_chunk
- btrfs: fix resolving backrefs for inline extent followed by prealloc
- ARM: ux500: do not directly dereference __iomem
- arm64: dts: qcom: sdm850-samsung-w737: correct I2C12 pins drive strength
- random: use rejection sampling for uniform bounded random integers
- x86/fpu/xstate: Fix XSTATE_WARN_ON() to emit relevant diagnostics
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive
strength
- cxl/region: Fix missing probe failure
- EDAC/mc_sysfs: Increase legacy channel support to 12
- selftests: Use optional USERCFLAGS and USERLDFLAGS
- x86/MCE/AMD: Clear DFR errors found in THR handler
- random: add helpers for random numbers with given floor or range
- PM/devfreq: governor: Add a private governor_data for governor
- cpufreq: Init completion before kobject_init_and_add()
- ext2: unbugger ext2_empty_dir()
- media: s5p-mfc: Fix to handle reference queue during finishing
- media: s5p-mfc: Clear workbit to handle error condition
- media: s5p-mfc: Fix in register read and write for H264
- bpf: Resolve fext program type when checking map compatibility
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight
- platform/x86: ideapad-laptop: Revert "check for touchpad support in _CFG"
- platform/x86: ideapad-laptop: Add new _CFG bit numbers for future use
- platform/x86: ideapad-laptop: support for more special keys in WMI
- ACPI: video: Simplify __acpi_video_get_backlight_type()
- ACPI: video: Prefer native over vendor
- platform/x86: ideapad-laptop: Refactor ideapad_sync_touchpad_state()
- platform/x86: ideapad-laptop: Do not send KEY_TOUCHPAD* events on probe /
resume
- platform/x86: ideapad-laptop: Only toggle ps2 aux port on/off on select
models
- platform/x86: ideapad-laptop: Send KEY_TOUCHPAD_TOGGLE on some models
- platform/x86: ideapad-laptop: Stop writing VPCCMD_W_TOUCHPAD at probe time
- platform/x86: intel-uncore-freq: add Emerald Rapids support
- platform/x86: x86-android-tablets: Add Medion Lifetab S10346 data
- platform/x86: x86-android-tablets: Add Lenovo Yoga Tab 3 (YT3-X90F)
charger
+ fuel-gauge data
- platform/x86: x86-android-tablets: Add Advantech MICA-071 extra button
- HID: Ignore HP Envy x360 eu0009nv stylus battery
- ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless
- fs: dlm: fix sock release if listen fails
- fs: dlm: retry accept() until -EAGAIN or error returns
- mptcp: netlink: fix some error return code
- mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
- mptcp: dedicated request sock for subflow in v6
- mptcp: use proper req destructor for IPv6
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
- dm thin: Use last transaction's pmd->root when commit failed
- dm thin: resume even if in FAIL mode
- dm thin: Fix UAF in run_timer_softirq()
- dm integrity: Fix UAF in dm_integrity_dtr()
- dm clone: Fix UAF in clone_dtr()
- dm cache: Fix UAF in destroy()
- dm cache: set needs_check flag after aborting metadata
- ata: ahci: fix enum constants for gcc-13
- PCI/DOE: Fix maximum data object length miscalculation
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
- perf/core: Call LSM hook after copying perf_event_attr
- xtensa: add __umulsidi3 helper
- of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values
- ima: Fix hash dependency to correct algorithm
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
- KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
- KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
- x86/microcode/intel: Do not retry microcode reloading on the APs
- ftrace/x86: Add back ftrace_expected for ftrace bug reports
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
- tracing: Fix race where eprobes can be called before the event
- powerpc/ftrace: fix syscall tracing on PPC64_ELF_ABI_V1
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
- tracing/hist: Fix wrong return value in parse_action_params()
- tracing/probes: Handle system names with hyphens
- tracing: Fix issue of missing one synthetic field
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line
- staging: media: tegra-video: fix chan->mipi value on error
- staging: media: tegra-video: fix device_node use after free
- arm64: dts: mediatek: mt8195-demo: fix the memory size of node secmon
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
- media: dvb-core: Fix double free in dvb_register_device()
- cifs: fix confusing debug message
- cifs: fix missing display of three mount options
- cifs: set correct tcon status after initial tree connect
- cifs: set correct ipc status after initial tree connect
- cifs: set correct status of tcon ipc when reconnecting
- ravb: Fix "failed to switch device to config mode" message during unbind
- rtc: ds1347: fix value written to century register
- drm/amdgpu: fix mmhub register base coding error
- block: mq-deadline: Fix dd_finish_request() for zoned devices
- block: mq-deadline: Do not break sequential write streams to zoned HDDs
- md/bitmap: Fix bitmap chunk size overflow issues
- efi: Add iMac Pro 2017 to uefi skip cert quirk
- wifi: wilc1000: sdio: fix module autoloading
- ASoC: jz4740-i2s: Handle independent FIFO flush bits
- ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()
- ipmi: fix long wait in unload when IPMI disconnect
- mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
- ima: Fix a potential NULL pointer access in ima_restore_measurement_list
- ipmi: fix use after free in _ipmi_destroy_user()
- mtd: spi-nor: gigadevice: gd25q256: replace gd25q256_default_init with
gd25q256_post_bfpt
- ima: Fix memory leak in __ima_inode_hash()
- um: virt-pci: Avoid GCC non-NULL warning
- crypto: ccree,hisilicon - Fix dependencies to correct algorithm
- PCI: Fix pci_device_is_present() for VFs by checking PF
- PCI/sysfs: Fix double free in error path
- RISC-V: kexec: Fix memory leak of fdt buffer
- riscv: Fixup compile error with !MMU
- RISC-V: kexec: Fix memory leak of elf header buffer
- riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
- riscv: mm: notify remote harts about mmu cache updates
- crypto: n2 - add missing hash statesize
- driver core: Fix bus_type.match() error handling in __driver_attach()
- bus: mhi: host: Fix race between channel preparation and M0 event
- phy: qcom-qmp-combo: fix sdm845 reset
- phy: qcom-qmp-combo: fix sc8180x reset
- iommu/amd: Fix ivrs_acpihid cmdline parsing code
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
- test_kprobes: Fix implicit declaration error of test_kprobes
- hugetlb: really allocate vma lock for all sharable vmas
- remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
- remoteproc: imx_rproc: Correct i.MX93 DRAM mapping
- parisc: led: Fix potential null-ptr-deref in start_task()
- parisc: Drop locking in pdc console code
- parisc: Fix locking in pdc_iodc_print() firmware call
- parisc: Add missing FORCE prerequisites in Makefile
- parisc: Drop duplicate kgdb_pdc console
- parisc: Drop PMD_SHIFT from calculation in pgtable.h
- device_cgroup: Roll back to original exceptions after copy failure
- drm/connector: send hotplug uevent on connector cleanup
- drm/vmwgfx: Validate the box size for the snooped cursor
- drm/mgag200: Fix PLL setup for G200_SE_A rev >=4
- drm/etnaviv: move idle mapping reaping into separate function
- drm/i915/dsi: fix VBT send packet port selection for dual link DSI
- drm/ingenic: Fix missing platform_driver_unregister() call in
ingenic_drm_init()
- drm/etnaviv: reap idle mapping if it doesn't match the softpin address
- ext4: silence the warning when evicting inode with dioread_nolock
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible
infinite loop
- ext4: remove trailing newline from ext4_msg() message
- ext4: correct inconsistent error msg in nojournal mode
- fs: ext4: initialize fsdata in pagecache_write()
- ext4: fix use-after-free in ext4_orphan_cleanup
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
- ext4: add helper to check quota inums
- ext4: fix bug_on in __es_tree_search caused by bad quota inode
- ext4: fix reserved cluster accounting in __es_remove_extent()
- ext4: journal_path mount options should follow links
- ext4: check and assert if marking an no_delete evicting inode dirty
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
- ext4: don't allow journal inode to have encrypt flag
- ext4: disable fast-commit of encrypted dir operations
- ext4: fix leaking uninitialized memory in fast-commit journal
- ext4: don't set up encryption key during jbd2 transaction
- ext4: add missing validation of fast-commit record lengths
- ext4: fix unaligned memory access in ext4_fc_reserve_space()
- ext4: fix off-by-one errors in fast-commit block filling
- ext4: fix uninititialized value in 'ext4_evict_inode'
- ext4: init quota for 'old.inode' in 'ext4_rename'
- ext4: don't fail GETFSUUID when the caller provides a long buffer
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
- ext4: fix corruption when online resizing a 1K bigalloc fs
- ext4: fix error code return to user-space in ext4_get_branch()
- ext4: fix bad checksum after online resize
- ext4: dont return EINVAL from GETFSUUID when reporting UUID length
- ext4: fix corrupt backup group descriptors after online resize
- ext4: avoid BUG_ON when creating xattrs
- ext4: fix deadlock due to mbcache entry corruption
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path
- ext4: initialize quota before expanding inode in setproject ioctl
- ext4: avoid unaccounted block allocation when expanding inode
- ext4: allocate extended attribute value in vmalloc area
- drm/i915/ttm: consider CCS for backup objects
- drm/amd/display: Add DCN314 display SG Support
- drm/amdgpu: handle polaris10/11 overlap asics (v2)
- drm/amdgpu: make display pinning more flexible (v2)
- drm/i915: improve the catch-all evict to handle lock contention
- drm/i915/migrate: Account for the reserved_space
- drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping
- drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping
- drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34
- drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics
- Linux 6.1.4
* Lunar update: v6.1.4 upstream stable release (LP: #2003687) //
CVE-2022-41218 is assigned to those bugs above.
- media: dvb-core: Fix UAF due to refcount races at releasing
* Lunar update: v6.1.3 upstream stable release (LP: #2003686)
- eventpoll: add EPOLL_URING_WAKE poll wakeup flag
- eventfd: provide a eventfd_signal_mask() helper
- io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups
- nvme-pci: fix doorbell buffer value endianness
- nvme-pci: fix mempool alloc size
- nvme-pci: fix page size checks
- ACPI: resource: do IRQ override on XMG Core 15
- ACPI: resource: do IRQ override on Lenovo 14ALC7
- ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
- ACPI: video: Fix Apple GMUX backlight detection
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
- ata: ahci: Fix PCS quirk application for suspend
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
- nvmet: don't defer passthrough commands with trivial effects to the
workqueue
- fs/ntfs3: Validate BOOT record_size
- fs/ntfs3: Add overflow check for attribute size
- fs/ntfs3: Validate data run offset
- fs/ntfs3: Add null pointer check to attr_load_runs_vcn
- fs/ntfs3: Fix memory leak on ntfs_fill_super() error path
- fs/ntfs3: Add null pointer check for inode operations
- fs/ntfs3: Validate attribute name offset
- fs/ntfs3: Validate buffer length while parsing index
- fs/ntfs3: Validate resident attribute name
- fs/ntfs3: Fix slab-out-of-bounds read in run_unpack
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15
- phy: sun4i-usb: Introduce port2 SIDDQ quirk
- phy: sun4i-usb: Add support for the H616 USB PHY
- fs/ntfs3: Validate index root when initialize NTFS security
- fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init()
- fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super()
- fs/ntfs3: Delete duplicate condition in ntfs_read_mft()
- fs/ntfs3: Fix slab-out-of-bounds in r_page
- objtool: Fix SEGFAULT
- iommu/mediatek: Fix crash on isr after kexec()
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
- powerpc/rtas: avoid scheduling in rtas_os_term()
- rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe()
- NFSD: fix use-after-free in __nfs42_ssc_open()
- kprobes: kretprobe events missing on 2-core KVM guest
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
- HID: plantronics: Additional PIDs for double volume key presses quirk
- futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
- rtmutex: Add acquire semantics for rtmutex lock acquisition slow path
- mm, mremap: fix mremap() expanding vma with addr inside vma
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system call
- kmsan: export kmsan_handle_urb
- kmsan: include linux/vmalloc.h
- pstore: Properly assign mem_type property
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer
- hfsplus: fix bug causing custom uid and gid being unable to be assigned
with
mount
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
- ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+
- binfmt: Fix error return code in load_elf_fdpic_binary()
- ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
- ovl: update ->f_iocb_flags when ovl_change_flags() modifies ->f_flags
- ALSA: line6: correct midi status byte when receiving data from podxt
- ALSA: line6: fix stack overflow in line6_midi_transmit
- ALSA: hda/hdmi: Static PCM mapping again with AMD HDMI codecs
- pnode: terminate at peers of source
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs
- md: fix a crash in mempool_free
- mm, compaction: fix fast_isolate_around() to stay within boundaries
- f2fs: should put a page when checking the summary info
- f2fs: allow to read node block after shutdown
- block: Do not reread partition table on exclusively open device
- mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
- tpm: acpi: Call acpi_put_table() to fix memory leak
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
- kcsan: Instrument memcpy/memset/memmove with newer Clang
- Linux 6.1.3
* Revoke & rotate to new signing key (LP: #2002812)
- [Packaging] Revoke and rotate to new signing key
* amdgpu: framebuffer is destroyed and the screen freezes with unsupported IP
blocks (LP: #2003524)
- drm/amd: Delay removal of the firmware framebuffer
* cmsg_so_mark.sh / cmsg_time.sh / cmsg_ipv6.sh in net from
ubuntu_kernel_selftests hang with non-amd64 (LP: #2000667)
- selftests: net: fix cmsg_so_mark.sh test hang
* Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
(LP: #1998905)
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.
* CVE-2023-0179
- netfilter: nft_payload: incorrect arithmetics when fetching VLAN header
bits
* Miscellaneous Ubuntu changes
- SAUCE: (no-up) Remove obj- += foo.o hack
- SAUCE: (no-up) re-add ubuntu/ directory
- [Packaging] debian/rules: Drop AUTOBUILD
- [Packaging] debian/rules: Drop NOKERNLOG and PRINTSHAS env variables
- [Packaging] debian/rules: Replace skip<foo> variables with skip_checks
- [Packaging] checks/retpoline-check: Make 'skipretpoline' argument optional
- [Packaging] checks/module-signature-check: Add 'skip_checks' argument
- [Packaging] debian/rules: Rename 'skip_dbg' to 'do_dbgsym_package'
- [Packaging] debian/rules: Rename 'skip_checks' to 'do_skip_checks'
- [Packaging] debian/rules: Rename 'full_build' to 'do_full_build'
- [Packaging] debian/rules: Fix PPA debug package builds
- [Packaging] debian/rules: Remove debug package install directory earlier
- [Packaging] debian/rules: Remove unnecessary 'lockme_<foo>' variables
- [Packaging] debian/rules: Remove unused target 'diffupstream'
- [Packaging] debian/rules: Mark PHONY targets individually
- [Packaging] debian/rules: Clean up 'help' target output
- [Packaging] debian/rules: Clean up 'printenv' target output
- [Packaging] debian/rules: Add missing 'do_<foo>' variables to 'printenv'
- SAUCE: (no-up) do not remove debian directory by 'make mrproper'
- [Packaging] Fix module-check error when modules are compressed
- [Packaging] add python3 as a build dependency
- [Packaging] scripts/misc/kernelconfig: Rewrite
- [Packaging] scripts/misc/kernelconfig: Disable config checks for mainline
builds
- [Packaging] annotations: add CONFIG_GCC_VERSION to the list of ignored
configs
- [Config] update toolchain version
-- Timo Aaltonen <timo.aalto...@canonical.com> Wed, 08 Feb 2023
16:22:03 +0200
** Changed in: linux-oem-6.1 (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41218
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0179
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0266
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.1 in Ubuntu.
https://bugs.launchpad.net/bugs/2003524
Title:
amdgpu: framebuffer is destroyed and the screen freezes with
unsupported IP blocks
Status in linux package in Ubuntu:
Fix Committed
Status in linux-oem-6.1 package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Invalid
Status in linux-oem-6.1 source package in Jammy:
Fix Released
Status in linux source package in Kinetic:
Fix Released
Status in linux-oem-6.1 source package in Kinetic:
Invalid
Status in linux source package in Lunar:
Fix Committed
Status in linux-oem-6.1 source package in Lunar:
Invalid
Bug description:
[Impact]
From "Mario Limonciello mario.limonciello at amd.com"
https://lists.ubuntu.com/archives/kernel-team/2023-January/136434.html.
There is a problem in amdgpu that if not all of IP blocks are
supported or not all of the firmware is present then the framebuffer
is destroyed and the screen freezes. In more recent kernels the
amdgpu driver loads for all PCI VGA class AMD devices.
This effectively means that unless you have all the pieces you need to
support a GPU then the installer freezes unless you do nomodeset.
This problem is to be fully fixed in kernel 6.3 with a ~47 patch series that
is currently in drm-next. This does two basic things:
1) If the IP blocks isn't supported, don't destroy the framebuffer.
2) If firmware for any IP blocks aren't present, don't destroy the
framebuffer.
The whole patch series still needs more time to back in drm-next, but
the most important part of the series is the first patch which
accomplishes "1".
This patch went out to stable 6.1.y as well:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/gpu/drm/amd?h=linux-6.1.y&id=dcfeba477b3e3df526e0f543b58fa71c045dff8b
My reasoning is that it will ensure that if someone picks up a newer
GPU such as Ryzen 7000 desktop or RDNA3 based they can at least
install Ubuntu without needing to use "Safe Graphics Mode" at the
installer.
Sure; they won't have hardware acceleration without the rest of the
kernel and framework, but that's a separate problem to a basic
display.
[Fix]
Cherry-pick/backport commit 1923bc5a56daeeabd7e9093bad2febcd6af2416a
"drm/amd: Delay removal of the firmware framebuffer" to Ubuntu Kinetic 5.19
kernel.
[Test case]
Boot kernel in a system with one of the amdgpu affected adapters.
[Where problems can occur]
The aforementioned commit could introduce other regressions on the support
for AMD GPUs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003524/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
