This bug was fixed in the package linux - 6.14.0-24.24
---------------
linux (6.14.0-24.24) plucky; urgency=medium
* plucky/linux: 6.14.0-24.24 -proposed tracker (LP: #2114501)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.06.16)
* Apple spi keyboard/trackpad not working 25.04 (LP: #2107976)
- iommu/vt-d: Restore context entry setup order for aliased devices
* Unexpected system reboot at loading GUI session on some AMD platforms
(LP: #2112462)
- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
* Fix ARL-U/H suspend issues (LP: #2112469)
- platform/x86/intel/pmc: Remove duplicate enum
- platform/x86:intel/pmc: Make tgl_core_generic_init() static
- platform/x86:intel/pmc: Create generic_core_init() for all platforms
- platform/x86/intel/pmc: Remove simple init functions
- platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
driver
- platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174)
- s390/pci: Remove redundant bus removal and disable from
zpci_release_device()
- s390/pci: Prevent self deletion in disable_slot()
- s390/pci: Allow re-add of a reserved but not yet removed device
- s390/pci: Serialize device addition and removal
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37946
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
child VFs
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37974
- s390/pci: Fix missing check for zpci_create_device() error return
* HW accelerated video playback causes VCN timeout on VCN 4.0.5 (AMD Strix)
(LP: #2112582)
- drm/amdgpu: read back register after written for VCN v4.0.5
* kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen when
pci device is attached to kvm guest when "xive=off" is set (LP: #2109951)
- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest
* System will restart while resuming with SATA HDD or nvme installed with
password set (LP: #2110090)
- PCI: Explicitly put devices into D0 when initializing
* VM boots slowly with large-BAR GPU Passthrough (Root Cause Fix SRU)
(LP: #2111861)
- mm: Provide address mask in struct follow_pfnmap_args
- vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch
- vfio/type1: Catch zero from pin_user_pages_remote()
- vfio/type1: Use vfio_batch for vaddr_get_pfns()
- vfio/type1: Use consistent types for page counts
- vfio/type1: Use mapping page mask for pfnmaps
* Plucky update: v6.14.6 upstream stable release (LP: #2113881)
- Revert "rndis_host: Flag RNDIS modems as WWAN devices"
- ALSA: hda/realtek - Add more HP laptops which need mute led fixup
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()
- btrfs: fix COW handling in run_delalloc_nocow()
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
- drm/fdinfo: Protect against driver unbind
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines
- perf/x86/intel: Only check the group flag for X86 leader
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mm/memblock: pass size instead of end to memblock_set_node()
- mm/memblock: repeat setting reserved region nid if array is doubled
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- tracing: Do not take trace_event_sem in print_event_fields()
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep
cycles
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
hotplug
- smb: client: fix zero length for mkdir POSIX create context
- cpufreq: Avoid using inconsistent policy->min and policy->max
- cpufreq: Fix setting policy limits when frequency tables are used
- bcachefs: Remove incorrect __counted_by annotation
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
properties
- ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
- firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
- Revert "UBUNTU: SAUCE: powerpc64/ftrace: fix module loading without
patchable function entries"
- pinctrl: imx: Return NULL if no group is matched and found
- powerpc/boot: Check for ld-option support
- ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
- iommu/arm-smmu-v3: Add missing S2FWB feature detection
- ALSA: hda/realtek - Enable speaker for HP platform
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions'
- wifi: iwlwifi: back off on continuous errors
- wifi: iwlwifi: don't warn if the NIC is gone in resume
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume
- powerpc/boot: Fix dash warning
- xsk: Fix offset calculation in unaligned mode
- net/mlx5e: Use custom tunnel header for vxlan gbp
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
- net/mlx5: E-switch, Fix error handling for enabling roce
- accel/ivpu: Correct DCT interrupt handling
- cpufreq: Introduce policy->boost_supported flag
- cpufreq: acpi: Set policy->boost_supported
- cpufreq: ACPI: Re-sync CPU boost state on system resume
- Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
- Bluetooth: btintel_pcie: Avoid redundant buffer allocation
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
- Bluetooth: L2CAP: copy RX timestamp to new fragments
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
- octeon_ep_vf: Resolve netdevice usage count issue
- bnxt_en: improve TX timestamping FIFO configuration
- rtase: Modify the condition used to detect overflow in
rtase_calc_time_mitigation
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
- pds_core: make pdsc_auxbus_dev_del() void
- pds_core: specify auxiliary_device to be created
- ice: Don't check device type when checking GNSS presence
- ice: Remove unnecessary ice_is_e8xx() functions
- ice: fix Get Tx Topology AQ command error on E830
- idpf: fix offloads support for encapsulated packets
- scsi: ufs: core: Remove redundant query_complete trace
- drm/xe/guc: Fix capture of steering registers
- pinctrl: qcom: Fix PINGROUP definition for sm8750
- nvme-pci: fix queue unquiesce check on slot_reset
- drm/tests: shmem: Fix memleak
- drm/mipi-dbi: Fix blanking for non-16 bit formats
- net: dlink: Correct endianness handling of led_mode
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy
- idpf: fix potential memory leak on kcalloc() failure
- idpf: protect shutdown from reset
- igc: fix lock order in igc_ptp_reset
- net: dsa: felix: fix broken taprio gate states after clock jump
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
- bnxt_en: Fix ethtool selftest output in one of the failure cases
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
- ASoC: stm32: sai: skip useless iterations on kernel rate loop
- ASoC: stm32: sai: add a check on minimal kernel frequency
- bnxt_en: fix module unload sequence
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
- net: vertexcom: mse102x: Fix LEN_MASK
- net: vertexcom: mse102x: Add range check for CMD_RTS
- net: vertexcom: mse102x: Fix RX error handling
- accel/ivpu: Abort all jobs after command queue unregister
- accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
- drm/xe: Invalidate L3 read-only cachelines for geometry streams too
- platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7
- ublk: add helper of ublk_need_map_io()
- ublk: properly serialize all FETCH_REQs
- ublk: move device reset into ublk_ch_release()
- ublk: improve detection and handling of ublk server exit
- ublk: remove __ublk_quiesce_dev()
- ublk: simplify aborting ublk request
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
- arm64: dts: imx95: Correct the range of PCIe app-reg region
- ARM: dts: opos6ul: add ksz8081 phy properties
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on
stm32mp25 SoCs
- block: introduce zone capacity helper
- btrfs: zoned: skip reporting zone for new block group
- kernel: param: rename locate_module_kobject
- kernel: globalize lookup_or_create_module_kobject()
- drivers: base: handle module_kobject creation
- btrfs: expose per-inode stable writes flag
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode()
- btrfs: pass struct btrfs_inode to btrfs_iget_locked()
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
- bcachefs: Change btree_insert_node() assertion to error
- dm: fix copying after src array boundaries
- Linux 6.14.6
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37903
- drm/amd/display: Fix slab-use-after-free in hdcp
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37904
- btrfs: fix the inode leak in btrfs_iget()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37906
- ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37907
- accel/ivpu: Fix locking order in ivpu_job_submit
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37908
- mm, slab: clean up slab->obj_exts always
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37933
- octeon_ep: Fix host hang issue during device reboot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37910
- ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37894
- net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37934
- ASoC: simple-card-utils: Fix pointer check in
graph_util_parse_link_direction
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37895
- bnxt_en: Fix error handling path in bnxt_init_chip()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37935
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37891
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37916
- pds_core: remove write-after-free of client_id
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37917
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37918
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37919
- ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37896
- spi: spi-mem: Add fix to avoid divide error
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37920
- xsk: Fix race condition in AF_XDP generic RX path
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37921
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37897
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37898
- powerpc64/ftrace: fix module loading without patchable function entries
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37922
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37899
- ksmbd: fix use-after-free in session logoff
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37924
- ksmbd: fix use-after-free in kerberos authentication
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37926
- ksmbd: fix use-after-free in ksmbd_session_rpc_open
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37900
- iommu: Fix two issues in iommu_copy_struct_from_user()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37928
- dm-bufio: don't schedule in atomic context
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37901
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37936
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
value.
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37929
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37931
- btrfs: adjust subpage bit start based on sectorsize
* Support Sony IMX471 camera sensor for Intel IPU7 platforms (LP: #2107320)
- SAUCE: media: ipu-bridge: Support imx471 sensor
* deadlock on cpu_hotplug_lock in __accept_page() (LP: #2109543)
- mm/page_alloc: fix deadlock on cpu_hotplug_lock in __accept_page()
* Plucky fails to boot on (older) Macs (LP: #2105402)
- SAUCE: hack: efi/libstub: enable t14s boot failure hack only on arm64
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- selftests/tc-testing: Add a test case for FQ_CODEL with HTB parent
- selftests/tc-testing: Add a test case for FQ_CODEL with QFQ parent
- selftests/tc-testing: Add a test case for FQ_CODEL with HFSC parent
- selftests/tc-testing: Add a test case for FQ_CODEL with DRR parent
- selftests/tc-testing: Add a test case for FQ_CODEL with ETS parent
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
-- Mehmet Basaran <[email protected]> Sun, 15 Jun 2025
12:04:06 +0300
** Changed in: linux (Ubuntu Plucky)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37798
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37890
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37891
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37894
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37895
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37896
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37897
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37898
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37899
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37900
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37901
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37903
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37904
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37905
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37906
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37907
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37909
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37910
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37911
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37912
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37913
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37914
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37915
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37916
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37917
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37918
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37919
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37920
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37921
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37922
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37923
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37924
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37926
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37928
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37929
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37930
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37931
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37933
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37934
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37935
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37936
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37946
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37974
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37990
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37991
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37997
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2109951
Title:
kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen
when pci device is attached to kvm guest when "xive=off" is set
Status in The Ubuntu-power-systems project:
Fix Committed
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released
Status in linux source package in Plucky:
Fix Released
Status in linux source package in Questing:
Invalid
Bug description:
[Impact]
KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM
Guest
The commit 9576730d0e6e ("KVM: PPC: select IRQ_BYPASS_MANAGER") enabled
IRQ_BYPASS_MANAGER when CONFIG_KVM was set. Subsequently, commit
c57875f5f9be ("KVM: PPC: Book3S HV: Enable IRQ bypass") enabled IRQ
bypass and added the necessary callbacks to create/remove the mappings
between host real IRQ and the guest GSI.
The availability of IRQ bypass is determined by the arch-specific
function kvm_arch_has_irq_bypass(), which invokes
kvmppc_irq_bypass_add_producer_hv(). This function, in turn, calls
kvmppc_set_passthru_irq_hv() to create a mapping in the passthrough IRQ
map, associating a host IRQ to a guest GSI.
However, when a pSeries KVM guest (L2) is booted within an LPAR (L1)
with the kernel boot parameter `xive=off`, it defaults to using emulated
XICS controller. As an attempt to establish host IRQ to guest GSI
mappings via kvmppc_set_passthru_irq() on a PCI device hotplug
(passhthrough) operation fail, returning -ENOENT. This failure occurs
because only interrupts with EOI operations handled through OPAL calls
(verified via is_pnv_opal_msi()) are currently supported.
These mapping failures lead to below repeated warnings in the L1 host:
[ 509.220349] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(58,4970)
[ 509.220368] kvmppc_set_passthru_irq (irq 58, gsi 4970) fails: -2
[ 509.220376] vfio-pci 0015:01:00.0: irq bypass producer (token
0000000090bc635b) registration fails: -2
...
[ 509.291781] vfio-pci 0015:01:00.0: irq bypass producer (token
000000003822eed8) registration fails: -2
Fix this by restricting IRQ bypass enablement on pSeries systems by
making the IRQ bypass callbacks unavailable when running on pSeries
platform.
[Fix]
Backport from mainline:
- ccdb36cbe65f KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries
KVM Guest
[Test Plan]
The issue can be tested executing the following steps:
1. Start a guest with kernel
2. unbind the pci device from host using below command
root@ltcrain8og-lp6:~/NET# virsh nodedev-detach pci_0028_01_00_0
Device pci_0028_01_00_0 detached
root@ltcrain8og-lp6:~/NET# virsh nodedev-detach pci_0028_01_00_1
Device pci_0028_01_00_1 detached
3. Now attach the pci device to guest using virsh attach-device
command. The xml snippet used is given below
root@ltcrain8og-lp6:~/NET# vi pci2.xml
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0028' bus='0x01' slot='0x00' function='0x0'/>
</source>
</hostdev>
root@ltcrain8og-lp6:~/NET# virsh attach-device vm pci2.xml
Device attached successfully
4. Verify that on guest side the pci device gets attached
successfully, and the interface comes up. Moreover, check that the
kernel ring buffer does not show any error of the following type:
[57906.347794] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(100,4900)
[57906.347812] kvmppc_set_passthru_irq (irq 100, gsi 4900) fails: -2
[57906.347817] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000c84b35a9) registration fails: -2
[Where Problems Could Occur]
The fix affects the IRQ bypass infrastructure in the PowerPC KVM hypervisor,
specifically the initialization of architecture-specific callback handlers
for IRQ passthrough. An issue with this fix may introduce problems such as the
VFIO subsystem failing to handle IRQ bypass even on capable PowerNV systems.
---
---Problem Description---
kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen when pci
device is attached to kvm guest when "xive=off" is set
root@ltcrain8og-lp6:~# lspci
0028:01:00.0 Ethernet controller: Mellanox Technologies MT27710 Family
[ConnectX-4 Lx]
0028:01:00.1 Ethernet controller: Mellanox Technologies MT27710 Family
[ConnectX-4 Lx]
root@ltcrain8og-lp6:~/NET# lspci -nnk -s 0028:01:00.0
0028:01:00.0 Ethernet controller [0200]: Mellanox Technologies MT27710 Family
[ConnectX-4 Lx] [15b3:1015]
Subsystem: IBM Device [1014:061e]
Kernel driver in use: vfio-pci
Kernel modules: mlx5_core
root@ltcrain8og-lp6:~/NET# lspci -nnk -s 0028:01:00.1
0028:01:00.1 Ethernet controller [0200]: Mellanox Technologies MT27710 Family
[ConnectX-4 Lx] [15b3:1015]
Subsystem: IBM Device [1014:061e]
Kernel driver in use: vfio-pci
Kernel modules: mlx5_core
--- Steps to reproduce ---
1. Start a guest with kernel
2. unbind the pci device from host using below command
root@ltcrain8og-lp6:~/NET# virsh nodedev-detach pci_0028_01_00_0
Device pci_0028_01_00_0 detached
root@ltcrain8og-lp6:~/NET# virsh nodedev-detach pci_0028_01_00_1
Device pci_0028_01_00_1 detached
3. Now attach the pci device to guest using virsh attach-device
command. The xml snippet used is given below
root@ltcrain8og-lp6:~/NET# vi pci2.xml
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0028' bus='0x01' slot='0x00' function='0x0'/>
</source>
</hostdev>
root@ltcrain8og-lp6:~/NET# virsh attach-device vm pci2.xml
Device attached successfully
4. On guest side the pci device gets attached successfully, and
interface comes up. But the following traces are seen every time the
device is attached
[57906.347794] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(100,4900)
[57906.347812] kvmppc_set_passthru_irq (irq 100, gsi 4900) fails: -2
[57906.347817] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000c84b35a9) registration fails: -2
[57906.357879] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(100,4900)
[57906.357885] kvmppc_set_passthru_irq (irq 100, gsi 4900) fails: -2
[57906.357889] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000c84b35a9) registration fails: -2
[57906.357983] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(101,4901)
[57906.357986] kvmppc_set_passthru_irq (irq 101, gsi 4901) fails: -2
[57906.357989] vfio-pci 0028:01:00.0: irq bypass producer (token
0000000024362fe0) registration fails: -2
[57906.368181] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(100,4900)
[57906.368187] kvmppc_set_passthru_irq (irq 100, gsi 4900) fails: -2
[57906.368190] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000c84b35a9) registration fails: -2
[57906.368283] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(101,4901)
[57906.368288] kvmppc_set_passthru_irq (irq 101, gsi 4901) fails: -2
[57906.368292] vfio-pci 0028:01:00.0: irq bypass producer (token
0000000024362fe0) registration fails: -2
[57906.368384] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(102,4902)
[57906.368389] kvmppc_set_passthru_irq (irq 102, gsi 4902) fails: -2
[57906.368392] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000f9dfc684) registration fails: -2
[57906.378034] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(100,4900)
[57906.378039] kvmppc_set_passthru_irq (irq 100, gsi 4900) fails: -2
[57906.378042] vfio-pci 0028:01:00.0: irq bypass producer (token
00000000c84b35a9) registration fails: -2
[57906.378135] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(101,4901)
[57906.378140] kvmppc_set_passthru_irq (irq 101, gsi 4901) fails: -2
[57906.378143] vfio-pci 0028:01:00.0: irq bypass producer (token
0000000024362fe0) registration fails: -2
[57906.378234] kvmppc_set_passthru_irq_hv: Could not assign IRQ map for
(102,4902)
[57906.378238] kvmppc_set_passthru_irq (irq 102, gsi 4902) fails: -2
Contact Information = [email protected]
---uname output---
na
Machine Type = NA
---Debugger---
A debugger is not configured
Posted v1 upstream:
https://lore.kernel.org/all/[email protected]/
~Amit
mirorring to distro for awareness.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/2109951/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
