Package "linux-hwe-5.11"

  linux-hwe-5.11 (5.11.0-61.61) focal; urgency=medium

  * focal/linux-hwe-5.11: 5.11.0-61.61 -proposed tracker (LP: #1964211)

  * Disable unprivileged BPF by default (LP: #1961338)
    - bpf: Add kconfig knob for disabling unpriv bpf by default
    - [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
    - [Config] hwe-5.11: Enable CONFIG_BPF_UNPRIV_DEFAULT_OFF

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] resync getabis

  * linux-azure: Fix NUMA node assignment when kernel boots with custom NUMA
    topology (LP: #1961300)
    - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
      topology

  * CVE-2022-25636
    - netfilter: nf_tables_offload: incorrect flow offload action array size

  * CVE-2022-0001
    - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
    - SAUCE: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
    - SAUCE: x86/speculation: Add eIBRS + Retpoline options
    - SAUCE: Documentation/hw-vuln: Update spectre doc

  * systemd/248.3-1ubuntu8.2 ADT test failure with linux/5.13.0-29.32
    (LP: #1960034)
    - Revert "block: avoid to quiesce queue in elevator_init_mq"
    - Revert "blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and
      disk_release()"

 -- Stefan Bader <email address hidden> Wed, 09 Mar 2022 15:54:36 +0100

  linux-hwe-5.11 (5.11.0-60.60) focal; urgency=medium

  * focal/linux-hwe-5.11: 5.11.0-60.60 -proposed tracker (LP: #1959278)

  * CVE-2022-23222
    - bpf: Fix out of bounds access from invalid *_or_null type verification
    - bpf: Don't promote bogus looking registers after null check.
    - bpf, selftests: Add verifier test for mem_or_null register with offset.

  * CVE-2022-22942
    - SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

  * CVE-2022-0330
    - drm/i915: Flush TLBs before releasing backing store

  * Hirsute update: upstream stable patchset 2021-12-10 (LP: #1954533)
    - [Config] hwe-5.11: updateconfigs for ARCH_HAS_CC_PLATFORM

  * Hirsute update: upstream stable patchset 2021-12-17 (LP: #1955277)
    - [Config] hwe-5.11: updateconfigs for KMAP_LOCAL_NON_LINEAR_PTE_ARRAY

  * Pod traffic not taking advantage of interfaces with multiple tx queues
    (LP: #1958155)
    - veth: Do not record rx queue hint in veth_xmit

  * Hirsute update: upstream stable patchset 2022-01-19 (LP: #1958461)
    - netfilter: selftest: conntrack_vrf.sh: fix file permission
    - nfc: fix segfault in nfc_genl_dump_devices_done
    - drm/msm/dsi: set default num_data_lanes
    - KVM: arm64: Save PSTATE early on exit
    - s390/test_unwind: use raw opcode instead of invalid instruction
    - Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
    - net/mlx4_en: Update reported link modes for 1/10G
    - ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
    - ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P
    - parisc/agp: Annotate parisc agp init functions with __init
    - i2c: rk3x: Handle a spurious start completion interrupt flag
    - net: netlink: af_netlink: Prevent empty skb by adding a check on len.
    - drm/amd/display: Fix for the no Audio bug with Tiled Displays
    - drm/amd/display: add connector type check for CRC source set
    - tracing: Fix a kmemleak false positive in tracing_map
    - staging: most: dim2: use device release method
    - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
    - fuse: make sure reclaim doesn't write the inode
    - hwmon: (dell-smm) Fix warning on /proc/i8k creation error
    - ethtool: do not perform operations on net devices being unregistered
    - perf inject: Fix itrace space allowed for new attributes
    - perf intel-pt: Fix some PGE (packet generation enable/control flow packets)
      usage
    - perf intel-pt: Fix sync state when a PSB (synchronization) packet is found
    - perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type
    - perf intel-pt: Fix state setting when receiving overflow (OVF) packet
    - perf intel-pt: Fix next 'err' value, walking trace
    - perf intel-pt: Fix missing 'instruction' events with 'q' option
    - perf intel-pt: Fix error timestamp setting on the decoder error path
    - memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
    - memblock: align freed memory map on pageblock boundaries with SPARSEMEM
    - memblock: ensure there is no overflow in memblock_overlaps_region()
    - arm: extend pfn_valid to take into account freed memory map alignment
    - arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
    - hwmon: (corsair-psu) fix plain integer used as NULL pointer
    - drm/msm/dp: Avoid unpowered AUX xfers that caused crashes
    - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
    - KVM: downgrade two BUG_ONs to WARN_ON_ONCE
    - mac80211: fix regression in SSN handling of addba tx
    - mac80211: mark TX-during-stop for TX in in_reconfig
    - mac80211: send ADDBA requests using the tid/queue of the aggregation session
    - mac80211: validate extended element ID is present
    - firmware: arm_scpi: Fix string overflow in SCPI genpd driver
    - bpf: Fix signed bounds propagation after mov32
    - bpf: Make 32->64 bounds propagation slightly more robust
    - bpf, selftests: Add test case trying to taint map value pointer
    - virtio_ring: Fix querying of maximum DMA mapping size for virtio device
    - vdpa: check that offsets are within bounds
    - recordmcount.pl: look for jgnop instruction as well as bcrl on s390
    - dm btree remove: fix use after free in rebalance_children()
    - audit: improve robustness of the audit queue handling
    - arm64: dts: imx8m: correct assigned clocks for FEC
    - arm64: dts: imx8mp-evk: Improve the Ethernet PHY description
    - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-
      edge
    - arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply
    - arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
    - arm64: dts: rockchip: fix audio-supply for Rock Pi 4
    - mac80211: track only QoS data frames for admission control
    - tee: amdtee: fix an IS_ERR() vs NULL bug
    - ceph: fix duplicate increment of opened_inodes metric
    - ceph: initialize pathlen variable in reconnect_caps_cb
    - ARM: socfpga: dts: fix qspi node compatible
    - clk: Don't parent clks until the parent is fully registered
    - soc: imx: Register SoC device only on i.MX boards
    - virtio/vsock: fix the transport to work with VMADDR_CID_ANY
    - selftests: net: Correct ping6 expected rc from 2 to 1
    - s390/kexec_file: fix error handling when applying relocations
    - sch_cake: do not call cake_destroy() from cake_init()
    - inet_diag: fix kernel-infoleak for UDP sockets
    - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
    - selftests: Add duplicate config only for MD5 VRF tests
    - selftests: Fix raw socket bind tests with VRF
    - selftests: Fix IPv6 address bind tests
    - dmaengine: st_fdma: fix MODULE_ALIAS
    - net/sched: sch_ets: don't remove idle classes from the round-robin list
    - selftest/net/forwarding: declare NETIFS p9 p10
    - drm/ast: potential dereference of null pointer
    - mac80211: agg-tx: don't schedule_and_wake_txq() under sta-&g

  linux-hwe-5.11 (5.11.0-44.48~20.04.2) focal; urgency=medium

  * focal/linux-hwe-5.11: 5.11.0-44.48~20.04.2 -proposed tracker (LP: #1954442)
  * Hirsute update: upstream stable patchset 2021-11-10 (LP: #1950516)
    - [Config] hwe-5.11: Record removal of ks8851 modules

  [ Ubuntu: 5.11.0-44.48 ]

  * hirsute/linux: 5.11.0-44.48 -proposed tracker (LP: #1954388)
  * Add F81966 watchdog support (1949063) already included in the previous
    linux-hwe-5.11 (5.11.0-43.47~20.04.2).

  [ Ubuntu: 5.11.0-42.46 ]

  * hirsute/linux: 5.11.0-42.46 -proposed tracker (LP: #1952278)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)
  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare
  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type
  * Hirsute update: upstream stable patchset 2021-11-24 (LP: #1952136)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix gart.bo pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - io_uring: kill fasync
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device name to avoid ambiguity
    - ALSA: hda/realtek: Add quirk for Clevo X170KM-G
    - ALSA: hda/realtek - ALC236 headset MIC recording issue
    - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1
    - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
    - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
    - s390: fix strrchr() implementation
    - clk: socfpga: agilex: fix duplicate s2f_user0_clk
    - csky: don't let sigreturn play with priveleged bits of status register
    - csky: Fixup regs.sr broken in ptrace
    - arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE
    - drm/msm: Avoid potential overflow in timeout_to_jiffies()
    - btrfs: unlock newly allocated extent buffer after error
    - btrfs: deal with errors when replaying dir entry during log replay
    - btrfs: deal with errors when adding inode reference during log replay
    - btrfs: check for error when looking up inode during dir entry replay
    - btrfs: update refs for any root except tree log roots
    - btrfs: fix abort logic in btrfs_replace_file_extents
    - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
    - mei: me: add Ice Lake-N device id.
    - USB: xhci: dbc: fix tty registration race
    - xhci: guard accesses to ep_state in xhci_endpoint_reset()
    - xhci: Fix command ring pointer corruption while aborting a command
    - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
    - cb710: avoid NULL pointer subtraction
    - efi/cper: use stack buffer for error record decoding
    - efi: Change down_interruptible() in virt_efi_reset_system() to
      down_trylock()
    - usb: musb: dsps: Fix the probe error path
    - Input: xpad - add support for another USB ID of Nacon GC-100
    - USB: serial: qcserial: add EM9191 QDL support
    - USB: serial: option: add Quectel EC200S-CN module support
    - USB: serial: option: add Telit LE910Cx composition 0x1204
    - USB: serial: option: add prod. id for Quectel EG91
    - misc: fastrpc: Add missing lock before accessing find_vma()
    - EDAC/armada-xp: Fix output of uncorrectable error counter
    - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
    - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
    - powerpc/xive: Discard disabled interrupts in get_irqchip_state()
    - iio: adc: aspeed: set driver data when adc probe.
    - drivers: bus: simple-pm-bus: Add support for probing simple bus only devices
    - driver core: Reject pointless SYNC_STATE_ONLY device links
    - iio: adc: ad7192: Add IRQ flag
    - iio: adc: ad7780: Fix IRQ flag
    - iio: adc: ad7793: Fix IRQ flag
    - iio: adc128s052: Fix the error handling path of 'adc128_probe()'
    - iio: adc: max1027: Fix wrong shift with 12-bit devices
    - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
    - iio: light: opt3001: Fixed timeout error when 0 lux
    - iio: adc: max1027: Fix the number of max1X31 channels
    - iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
    - iio: ssp_senso

  linux-hwe-5.11 (5.11.0-43.47~20.04.2) focal; urgency=medium

  * focal/linux-hwe-5.11: 5.11.0-43.47~20.04.2 -proposed tracker (LP: #1954350)

  * Add F81966 watchdog support (LP: #1949063)
    - SAUCE: watchdog: f71808e_wdt: Add F81966 support

 -- Stefan Bader <email address hidden> Mon, 13 Dec 2021 11:45:24 +0100