Package "linux-riscv"

  linux-riscv (5.15.0-1020.23) jammy; urgency=medium

  * jammy/linux-riscv: 5.15.0-1020.23 -proposed tracker (LP: #1989781)

  [ Ubuntu: 5.15.0-50.56 ]

  * jammy/linux: 5.15.0-50.56 -proposed tracker (LP: #1990148)
  * CVE-2022-3176
    - io_uring: refactor poll update
    - io_uring: move common poll bits
    - io_uring: kill poll linking optimisation
    - io_uring: inline io_poll_complete
    - io_uring: correct fill events helpers types
    - io_uring: clean cqe filling functions
    - io_uring: poll rework
    - io_uring: remove poll entry from list when canceling all
    - io_uring: bump poll refs to full 31-bits
    - io_uring: fail links when poll fails
    - io_uring: fix wrong arm_poll error handling
    - io_uring: fix UAF due to missing POLLFREE handling
  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw
  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

  [ Ubuntu: 5.15.0-49.55 ]

  * jammy/linux: 5.15.0-49.55 -proposed tracker (LP: #1989785)
  * amdgpu module crash after 5.15 kernel update (LP: #1981883)
    - drm/amdgpu: fix check in fbdev init
  * scsi: hisi_sas: Increase debugfs_dump_index after dump is  completed
    (LP: #1982070)
    - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed
  * [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
    - s390/qeth: cache link_info for ethtool
  * WARN in trace_event_dyn_put_ref (LP: #1987232)
    - tracing/perf: Fix double put of trace event when init fails
  * Jammy update: v5.15.60 upstream stable release (LP: #1989221)
    - x86/speculation: Make all RETbleed mitigations 64-bit only
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - selftests/bpf: Check dst_port only on the client socket
    - block: fix default IO priority handling again
    - tools/vm/slabinfo: Handle files in debugfs
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - crypto: arm64/poly1305 - fix a read out-of-bound
    - KVM: x86: do not report a vCPU as preempted outside instruction boundaries
    - KVM: x86: do not set st->preempted when going back to user space
    - KVM: selftests: Make hyperv_clock selftest more stable
    - tools/kvm_stat: fix display of error when multiple processes are found
    - selftests: KVM: Handle compiler optimizations in ucall
    - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
    - arm64: set UXN on swapper page tables
    - btrfs: zoned: prevent allocation from previous data relocation BG
    - btrfs: zoned: fix critical section of relocation inode writeback
    - Bluetooth: hci_bcm: Add BCM4349B1 variant
    - Bluetooth: hci_bcm: Add DT compatible for CYW55572
    - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding
    - Bluetooth: btusb: Add support of IMC Networks PID 0x3568
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
    - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
    - macintosh/adb: fix oob read in do_adb_query() function
    - x86/speculation: Add RSB VM Exit protections
    - x86/speculation: Add LFENCE to RSB fill sequence
    - Linux 5.15.60
  * Jammy update: v5.15.59 upstream stable release (LP: #1989218)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - Revert "ocfs2: mount shared volume without ha stack"
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - fs: sendfile handles O_NONBLOCK of out_fd
    - secretmem: fix unhandled fault in truncate
    - mm: fix page leak with multiple threads mapping the same page
    - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte
    - asm-generic: remove a broken and needless ifdef conditional
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - nouveau/svm: Fix to migrate all requested pages
    - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid()
    - watch_queue: Fix missing rcu annotation
    - watch_queue: Fix missing locking in add_watch_to_object()
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - Revert "tcp: change pingpong threshold to 3"
    - octeontx2-pf: Fix UDP/TCP src and dst port tc filters
    - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - scsi: core: Fix warning in scsi_alloc_sgtables()
    - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - net/tls: Remove the context from the list in tls_device_down
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a

  linux-riscv (5.15.0-1019.22) jammy; urgency=medium

  * jammy/linux-riscv: 5.15.0-1019.22 -proposed tracker (LP: #1987771)

  * Jammy update: v5.15.49 upstream stable release (LP: #1983149)
    - [Config] riscv: updateconfigs for LIB_MEMNEQ

  [ Ubuntu: 5.15.0-48.54 ]

  * jammy/linux: 5.15.0-48.54 -proposed tracker (LP: #1987775)
  * System freeze after resuming from suspend due to PCI ASPM settings
    (LP: #1980829)
    - SAUCE: PCI/ASPM: Save/restore L1SS Capability for suspend/resume
    - SAUCE: whitelist platforms that needs save/restore ASPM L1SS for
      suspend/resume
  * [SRU][J/OEM-5.17][PATCH 0/1] Fix oled brightness set above frame-average
    luminance (LP: #1978986)
    - SAUCE: drm: New function to get luminance range based on static hdr metadata
    - SAUCE: drm/amdgpu_dm: Rely on split out luminance calculation function
    - SAUCE: drm/i915: Use luminance range calculated during edid parsing
  * Jammy: Add OVS Internal Port HW Offload to mlx5 driver (LP: #1983498)
    - net/mlx5e: Refactor rx handler of represetor device
    - net/mlx5e: Use generic name for the forwarding dev pointer
    - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support
    - net/mlx5e: Support accept action
    - net/mlx5e: Accept action skbedit in the tc actions list
    - net/mlx5e: Offload tc rules that redirect to ovs internal port
    - net/mlx5e: Offload internal port as encap route device
    - net/mlx5e: Enable TC offload for ingress MACVLAN
    - net/mlx5e: Add indirect tc offload of ovs internal port
    - net/mlx5e: Term table handling of internal port rules
    - net/mlx5: Support internal port as decap route device
    - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()'
    - net/mlx5e: TC, Fix memory leak with rules with internal port
    - net/mlx5e: Fix skb memory leak when TC classifier action offloads are
      disabled
    - net/mlx5e: Fix nullptr on deleting mirroring rule
    - net/mlx5e: Avoid implicit modify hdr for decap drop rule
    - net/mlx5e: Fix wrong source vport matching on tunnel rule
    - net/mlx5e: TC, fix decap fallback to uplink when int port not supported
  * Remove unused variable from i915 psr (LP: #1986798)
    - SAUCE: drm/i915/display/psr: Remove unused variable
  * refactoring of overlayfs fix to properly support shiftfs (LP: #1983640)
    - SAUCE: overlayfs: remove CONFIG_AUFS_FS dependency
  * Jammy update: v5.15.53 upstream stable release (LP: #1986728)
    - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
    - drm/amdgpu: To flush tlb for MMHUB of RAVEN series
    - ksmbd: set the range of bytes to zero without extending file size in
      FSCTL_ZERO_DATA
    - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA
    - ksmbd: use vfs_llseek instead of dereferencing NULL
    - ipv6: take care of disable_policy when restoring routes
    - net: phy: Don't trigger state machine while in suspend
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX
      S40G)
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
    - nvdimm: Fix badblocks clear off-by-one error
    - powerpc/prom_init: Fix kernel config grep
    - powerpc/book3e: Fix PUD allocation size in map_kernel_page()
    - powerpc/bpf: Fix use of user_pt_regs in uapi
    - dm raid: fix accesses beyond end of raid member array
    - dm raid: fix KASAN warning in raid5_add_disks
    - s390/archrandom: simplify back to earlier design and initialize earlier
    - SUNRPC: Fix READ_PLUS crasher
    - net: rose: fix UAF bugs caused by timer handler
    - net: usb: ax88179_178a: Fix packet receiving
    - virtio-net: fix race between ndo_open() and virtio_device_ready()
    - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
    - net: dsa: bcm_sf2: force pause link settings
    - net: tun: unlink NAPI from device on destruction
    - net: tun: stop NAPI when detaching queues
    - net: dp83822: disable false carrier interrupt
    - net: dp83822: disable rx error interrupt
    - RDMA/qedr: Fix reporting QP timeout attribute
    - RDMA/cm: Fix memory leak in ib_cm_insert_listen
    - linux/dim: Fix divide by 0 in RDMA DIM
    - net: usb: asix: do not force pause frames support
    - usbnet: fix memory allocation in helpers
    - selftests: mptcp: more stable diag tests
    - net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    - NFSD: restore EINVAL error translation in nfsd_commit()
    - vfs: fix copy_file_range() regression in cross-fs copies
    - caif_virtio: fix race between virtio_device_ready() and ndo_open()
    - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
    - vdpa/mlx5: Update Control VQ callback information
    - s390: remove unneeded 'select BUILD_BIN2C'
    - netfilter: nft_dynset: restore set element counter when failing to update
    - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup()
    - net/sched: act_api: Notify user space if any actions were flushed before
      error
    - net: asix: fix "can't send until first packet is send" issue
    - net: bonding: fix possible NULL deref in rlb code
    - net: phy: ax88772a: fix lost pause advertisement configuration
    - net: bonding: fix use-after-free after 802.3ad slave unbind
    - powerpc/memhotplug: Add add_pages override for PPC
    - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    - NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    - tipc: move bc link creation back to tipc_node_create
    - epic100: fix use after free on rmmod
    - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio
    - ACPI: video: Change how we determine if brightness key-presses are handled
    - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
    - ipv6/sit: fix ipip6_tunnel_get_prl return value
    - ipv6: fix lockdep splat in in6_dump_addrs()
    - mlxsw: spectrum_router: Fix rollback in tunnel next hop init
    - n

  linux-riscv (5.15.0-1018.21) jammy; urgency=medium

  * jammy/linux-riscv: 5.15.0-1018.21 -proposed tracker (LP: #1983898)

  * Jammy update: v5.15.46 upstream stable release (LP: #1981864)
    - [Packaging] riscv: Add python3-dev to build-depends
    - [Config] riscv: updateconfigs for IMA_TEMPLATE

  * Jammy update: v5.15.44 upstream stable release (LP: #1981649)
    - [Config] riscv: updateconfigs for CRYPTO_LIB_BLAKE2S

  [ Ubuntu: 5.15.0-47.51 ]

  * jammy/linux: 5.15.0-47.51 -proposed tracker (LP: #1983903)
  * Jammy update: v5.15.46 upstream stable release (LP: #1981864)
    - UBUNTU: [Packaging] Move python3-dev to build-depends
  * touchpad and touchscreen doesn't work at all on ACER Spin 5 (SP513-54N)
    (LP: #1884232)
    - x86/PCI: Eliminate remove_e820_regions() common subexpressions
    - x86: Log resource clipping for E820 regions
    - x86/PCI: Clip only host bridge windows for E820 regions
    - x86/PCI: Add kernel cmdline options to use/ignore E820 reserved regions
    - x86/PCI: Disable E820 reserved region clipping via quirks
    - x86/PCI: Revert "x86/PCI: Clip only host bridge windows for E820 regions"
  * [SRU][H/OEM-5.13/OEM-5.14/U][J/OEM-5.17/U] Fix invalid MAC address after
    hotplug tbt dock (LP: #1942999)
    - SAUCE: igc: wait for the MAC copy when enabled MAC passthrough
  * Mass Storage Gadget driver truncates device >2TB (LP: #1981390)
    - usb: gadget: storage: add support for media larger than 2T
  * AMD Rembrandt: DP tunneling fails with Thunderbolt monitors (LP: #1983143)
    - SAUCE: drm/amd: Fix DP Tunneling with Thunderbolt monitors
    - drm/amd/display: Fix for dmub outbox notification enable
    - Revert "drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset"
    - drm/amd/display: Reset link encoder assignments for GPU reset
    - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
    - drm/amd/display: Fix new dmub notification enabling in DM
    - SAUCE: thunderbolt: Add DP out resource when DP tunnel is discovered.
  * Fix sub-optimal I210 network speed (LP: #1976438)
    - igb: Make DMA faster when CPU is active on the PCIe link
  * e1000e report hardware hang (LP: #1973104)
    - e1000e: Enable GPT clock before sending message to CSME
    - Revert "e1000e: Fix possible HW unit hang after an s0ix exit"
  * ioam6.sh in net from ubuntu_kernel_selftests fails with 5.15 kernels in
    Focal (LP: #1982930)
    - selftests: net: fix IOAM test skip return code
  * Additional fix for TGL + AUO panel flickering (LP: #1983297)
    - Revert "UBUNTU: SAUCE: drm/i915/display/psr: Fix flicker on TGL + AUO panel"
    - drm/i915/display: Fix sel fetch plane offset calculation
    - drm/i915: Nuke ORIGIN_GTT
    - drm/i915/display: Drop PSR support from HSW and BDW
    - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip
    - drm/i915/display/psr: Do full fetch when handling multi-planar formats
    - drm/i915/display: Drop unnecessary frontbuffer flushes
    - drm/i915/display: Handle frontbuffer rendering when PSR2 selective fetch is
      enabled
    - drm/i915/display: Fix glitches when moving cursor with PSR2 selective fetch
      enabled
    - SAUCE: drm/i915/display/psr: Reinstate fix for TGL + AUO panel flicker
  * AMD Yellow Carp DMCUB fw update for s0i3 B0 fixes (LP: #1957026)
    - drm/amd/display: Optimize bandwidth on following fast update
    - drm/amd/display: Fix surface optimization regression on Carrizo
    - drm/amd/display: Reset DMCUB before HW init
  * GPIO character device v1 API not enabled in kernel (LP: #1953613)
    - [Config] Enable CONFIG_GPIO_CDEV_V1
  * intel_iommu: Fix enable intel_iommu, Ubuntu 22.04 installation crashes
    (LP: #1982104)
    - iommu/vt-d: Fix RID2PASID setup/teardown failure
  * Headset mic with Cirrus logic codec doesn't work (LP: #1972815)
    - ASoC: cs42l42: Move CS42L42 register descriptions to general include
    - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver
    - ALSA: hda/cs8409: Support manual mode detection for CS42L42
  * Failed to resume from S3 blocked by atlantic driver[1d6a:94c0]
    (LP: #1981950)
    - net: atlantic: remove deep parameter on suspend/resume functions
    - net: atlantic: remove aq_nic_deinit() when resume
  * Make cm32181 sensor work after system suspend (LP: #1981773)
    - iio: light: cm32181: Add PM support
  * Clear PCI errors left from BIOS (LP: #1981173)
    - PCI: Clear PCI_STATUS when setting up device
  * Fix AMDGPU blank screen when Type-C DP alt is in use (LP: #1980060)
    - drm/amd/display: Query DMCUB for dp alt status
    - drm/amd/display: Add version check before using DP alt query interface
  * Fix WD22TB4 suspend and resume, two external monitor can not output
    (LP: #1979267)
    - drm/dp/mst: Read the extended DPCD capabilities during system resume
  * [SRU] bcache deadlock during read IO in writeback mode (LP: #1980925)
    - bcache: memset on stack variables in bch_btree_check() and
      bch_sectors_dirty_init()
  * Audio mute key (f5) LED and Mic mute key (f8) LED are no function on HP
    440/450/640/650 G9 (LP: #1982716)
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
  * Enable WiFi hotspot feature for MediaTek MT7921 (LP: #1979173)
    - mt76: mt7921: Add AP mode support
    - mt76: mt7921: not support beacon offload disable command
    - mt76: mt7921: fix command timeout in AP stop period
  * Fix drm/amd/pm: enable ASPM by default (LP: #1966680)
    - drm/amd: Refactor `amdgpu_aspm` to be evaluated per device
    - drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching
    - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems
  * Power cycle USB ports on shutdown/reboot (LP: #1976503)
    - xhci: turn off port power in shutdown
  * Jammy update: v5.15.46 upstream stable release (LP: #1981864)
    - binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    - parisc/stifb: Implement fb_is_primary_device()
    - parisc

  linux-riscv (5.15.0-1017.19) jammy; urgency=medium

  [ Ubuntu: 5.15.0-46.49 ]

  * CVE-2022-2585
    - SAUCE: posix-cpu-timers: Cleanup CPU timers before freeing them during exec
  * CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain
  * CVE-2022-2588
    - SAUCE: net_sched: cls_route: remove from list when handle is 0

  [ Ubuntu: 5.15.0-45.48 ]

  * CVE-2022-29900 // CVE-2022-29901
    - x86/lib/atomic64_386_32: Rename things
    - x86: Prepare asm files for straight-line-speculation
    - x86: Prepare inline-asm for straight-line-speculation
    - x86/alternative: Relax text_poke_bp() constraint
    - kbuild: move objtool_args back to scripts/Makefile.build
    - x86: Add straight-line-speculation mitigation
    - kvm/emulate: Fix SETcc emulation function offsets with SLS
    - crypto: x86/poly1305 - Fixup SLS
    - objtool: Add straight-line-speculation validation
    - objtool: Fix SLS validation for kcov tail-call replacement
    - objtool: Fix objtool regression on x32 systems
    - objtool: Fix symbol creation
    - objtool: Introduce CFI hash
    - objtool: Default ignore INT3 for unreachable
    - x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
    - x86/traps: Use pt_regs directly in fixup_bad_iret()
    - x86/entry: Switch the stack after error_entry() returns
    - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
    - x86/entry: Don't call error_entry() for XENPV
    - x86/entry: Remove skip_r11rcx
    - x86/realmode: build with -D__DISABLE_EXPORTS
    - x86/ibt,ftrace: Make function-graph play nice
    - x86/kvm/vmx: Make noinstr clean
    - x86/cpufeatures: Move RETPOLINE flags to word 11
    - x86/retpoline: Cleanup some #ifdefery
    - x86/retpoline: Swizzle retpoline thunk
    - x86/retpoline: Use -mfunction-return
    - x86: Undo return-thunk damage
    - x86,objtool: Create .return_sites
    - objtool: skip non-text sections when adding return-thunk sites
    - x86,static_call: Use alternative RET encoding
    - x86/ftrace: Use alternative RET encoding
    - x86/bpf: Use alternative RET encoding
    - x86/kvm: Fix SETcc emulation for return thunks
    - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
    - x86/sev: Avoid using __x86_return_thunk
    - x86: Use return-thunk in asm code
    - x86/entry: Avoid very early RET
    - objtool: Treat .text.__x86.* as noinstr
    - x86: Add magic AMD return-thunk
    - x86/bugs: Report AMD retbleed vulnerability
    - x86/bugs: Add AMD retbleed= boot parameter
    - x86/bugs: Enable STIBP for JMP2RET
    - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    - x86/entry: Add kernel IBRS implementation
    - x86/bugs: Optimize SPEC_CTRL MSR writes
    - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    - x86/bugs: Split spectre_v2_select_mitigation() and
      spectre_v2_user_select_mitigation()
    - x86/bugs: Report Intel retbleed vulnerability
    - intel_idle: Disable IBRS during long idle
    - objtool: Update Retpoline validation
    - x86/xen: Rename SYS* entry points
    - x86/xen: Add UNTRAIN_RET
    - x86/bugs: Add retbleed=ibpb
    - x86/bugs: Do IBPB fallback check only once
    - objtool: Add entry UNRET validation
    - x86/cpu/amd: Add Spectral Chicken
    - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    - x86/speculation: Fix firmware entry SPEC_CTRL handling
    - x86/speculation: Fix SPEC_CTRL write on SMT state change
    - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    - x86/speculation: Remove x86_spec_ctrl_mask
    - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
    - KVM: VMX: Flatten __vmx_vcpu_run()
    - KVM: VMX: Convert launched argument to flags
    - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    - KVM: VMX: Fix IBRS handling after vmexit
    - x86/speculation: Fill RSB on vmexit for IBRS
    - KVM: VMX: Prevent RSB underflow before vmenter
    - x86/common: Stamp out the stepping madness
    - x86/cpu/amd: Enumerate BTC_NO
    - x86/retbleed: Add fine grained Kconfig knobs
    - x86/bugs: Add Cannon lake to RETBleed affected CPU list
    - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
    - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
    - x86/kexec: Disable RET on kexec
    - x86/speculation: Disable RRSBA behavior
    - [Config]: Enable speculation mitigations
    - x86/static_call: Serialize __static_call_fixup() properly
    - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
    - x86/bugs: Mark retbleed_strings static
    - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
    - x86/kvm: fix FASTOP_SIZE when return thunks are enabled
    - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    - KVM: emulate: do not adjust size of fastop and setcc subroutines
    - x86/bugs: Remove apostrophe typo
    - efi/x86: use naked RET on mixed mode call wrapper

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 04 Aug 2022 15:55:03 -0300

  linux-riscv (5.15.0-1016.18) jammy; urgency=medium

  * jammy/linux-riscv: 5.15.0-1016.18 -proposed tracker (LP: #1981239)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.07.11)

  [ Ubuntu: 5.15.0-43.46 ]

  * jammy/linux: 5.15.0-43.46 -proposed tracker (LP: #1981243)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
  * nbd: requests can become stuck when disconnecting from server with qemu-nbd
    (LP: #1896350)
    - nbd: don't handle response without a corresponding request message
    - nbd: make sure request completion won't concurrent
    - nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed
    - nbd: fix io hung while disconnecting device
  * Ubuntu 22.04 and 20.04 DPC Fixes for Failure Cases of DownPort Containment
    events (LP: #1965241)
    - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter()
    - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset
    - [Config] Enable config option CONFIG_PCIE_EDR
  * [SRU] Ubuntu 22.04 Feature Request-Add support for a NVMe-oF-TCP CDC Client
    - TP 8010 (LP: #1948626)
    - nvme: add CNTRLTYPE definitions for 'identify controller'
    - nvme: send uevent on connection up
    - nvme: expose cntrltype and dctype through sysfs
  * [UBUNTU 22.04] Kernel oops while removing device from cio_ignore list
    (LP: #1980951)
    - s390/cio: derive cdev information only for IO-subchannels
  * Jammy Charmed OpenStack deployment fails over connectivity issues when using
    converged OVS bridge for control and data planes (LP: #1978820)
    - net/mlx5e: TC NIC mode, fix tc chains miss table
  * Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
    - net: openvswitch: fix misuse of the cached connection on tuple changes
  * alsa: asoc: amd: the internal mic can't be dedected on yellow carp machines
    (LP: #1980700)
    - ASoC: amd: Add driver data to acp6x machine driver
    - ASoC: amd: Add support for enabling DMIC on acp6x via _DSD
  * AMD ACP 6.x DMIC Supports (LP: #1949245)
    - ASoC: amd: add Yellow Carp ACP6x IP register header
    - ASoC: amd: add Yellow Carp ACP PCI driver
    - ASoC: amd: add acp6x init/de-init functions
    - ASoC: amd: add platform devices for acp6x pdm driver and dmic driver
    - ASoC: amd: add acp6x pdm platform driver
    - ASoC: amd: add acp6x irq handler
    - ASoC: amd: add acp6x pdm driver dma ops
    - ASoC: amd: add acp6x pci driver pm ops
    - ASoC: amd: add acp6x pdm driver pm ops
    - ASoC: amd: enable Yellow carp acp6x drivers build
    - ASoC: amd: create platform device for acp6x machine driver
    - ASoC: amd: add YC machine driver using dmic
    - ASoC: amd: enable Yellow Carp platform machine driver build
    - ASoC: amd: fix uninitialized variable in snd_acp6x_probe()
    - [Config] Enable AMD ACP 6 DMIC Support
  * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
    Execution (LP: #1979296)
    - KVM: s390: pv: add macros for UVC CC values
    - KVM: s390: pv: avoid stalls when making pages secure
  * [22.04 FEAT] KVM: Attestation support for Secure Execution (crypto)
    (LP: #1959973)
    - drivers/s390/char: Add Ultravisor io device
    - s390/uv_uapi: depend on CONFIG_S390
    - [Config] CONFIG_S390_UV_UAPI=y for s390x
  * CVE-2022-1679
    - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
  * CVE-2022-28893
    - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
    - SUNRPC: Don't leak sockets in xs_local_connect()
  * CVE-2022-34918
    - netfilter: nf_tables: stricter validation of element data
  * CVE-2022-1652
    - floppy: use a statically allocated error counter

 -- Emil Renner Berthing <email address hidden> Fri, 22 Jul 2022 12:13:47 +0200