Package "linux-oem-6.1"

  linux-oem-6.1 (6.1.0-1028.28) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1028.28 -proposed tracker (LP: #2046239)

  * drm/amd: Disable PSR-SU to fix the brightness issue (LP: #2046131)
    - drm/amd: Disable PSR-SU on Parade 0803 TCON

  * Sound: Add rtl quirk of M90-Gen5 (LP: #2046105)
    - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5

  * Avoid using damage rectangle under hardware rotation mode when PSR is
    enabled (LP: #2045958)
    - SAUCE: drm/amd/display: fix hw rotated modes when PSR-SU is enabled

  * CVE-2023-6111
    - netfilter: nf_tables: remove catchall element in GC sync path

 -- Timo Aaltonen <email address hidden> Wed, 13 Dec 2023 14:41:09 +0200

  linux-oem-6.1 (6.1.0-1027.27) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1027.27 -proposed tracker (LP: #2041604)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants

  * RTL8111EPP: Fix the network lost after resume with DASH (LP: #2043786)
    - r8169: add handling DASH when DASH is disabled
    - r8169: fix network lost after resume on DASH systems

  * System hang after unplug/plug DP monitor with AMD W7500 card (LP: #2042912)
    - SAUCE: drm/amd/pm: Fix error of MACO flag setting code

  * Fix after-suspend-mediacard/sdhc-insert test failed (LP: #2042500)
    - Revert "PCI/ASPM: Save L1 PM Substates Capability for suspend/resume"
    - SAUCE: PCI/ASPM: Add back L1 PM Substate save and restore

  * Jammy update: v6.1.61 upstream stable release (LP: #2042580)
    - Revert "Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5""
    - KVM: x86/pmu: Truncate counter value to allowed width on write
    - mmc: core: Align to common busy polling behaviour for mmc ioctls
    - mmc: block: ioctl: do write error check for spi
    - mmc: core: Fix error propagation for some ioctl commands
    - ASoC: codecs: wcd938x: Convert to platform remove callback returning void
    - ASoC: codecs: wcd938x: Simplify with dev_err_probe
    - ASoC: codecs: wcd938x: fix regulator leaks on probe errors
    - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
    - pinctrl: qcom: lpass-lpi: fix concurrent register updates
    - mcb: Return actual parsed size when reading chameleon table
    - mcb-lpc: Reallocate memory region to avoid memory overlapping
    - virtio_balloon: Fix endless deflation and inflation on arm64
    - virtio-mmio: fix memory leak of vm_dev
    - virtio-crypto: handle config changed by work queue
    - virtio_pci: fix the common cfg map size
    - vsock/virtio: initialize the_virtio_vsock before using VQs
    - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
    - arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399
    - arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards
    - mm: fix vm_brk_flags() to not bail out while holding lock
    - hugetlbfs: clear resv_map pointer if mmap fails
    - mm/page_alloc: correct start page when guard page debug is enabled
    - mm/migrate: fix do_pages_move for compat pointers
    - hugetlbfs: extend hugetlb_vma_lock to private VMAs
    - maple_tree: add GFP_KERNEL to allocations in mas_expected_entries()
    - nfsd: lock_rename() needs both directories to live on the same fs
    - drm/i915/pmu: Check if pmu is closed before stopping event
    - drm/amd: Disable ASPM for VI w/ all Intel systems
    - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
    - ARM: OMAP: timer32K: fix all kernel-doc warnings
    - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
    - clk: ti: Fix missing omap4 mcbsp functional clock and aliases
    - clk: ti: Fix missing omap5 mcbsp functional clock and aliases
    - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx
    - r8169: fix the KCSAN reported data-race in rtl_tx while reading
      TxDescArray[entry].opts1
    - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
    - iavf: initialize waitqueues before starting watchdog_task
    - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value
    - treewide: Spelling fix in comment
    - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
    - neighbour: fix various data-races
    - igc: Fix ambiguity in the ethtool advertising
    - net: ethernet: adi: adin1110: Fix uninitialized variable
    - net: ieee802154: adf7242: Fix some potential buffer overflow in
      adf7242_stats_show()
    - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
    - r8152: Increase USB control msg timeout to 5000ms as per spec
    - r8152: Run the unload routine if we have errors during probe
    - r8152: Cancel hw_phy_work if we have an error in probe
    - r8152: Release firmware if we have an error in probe
    - tcp: fix wrong RTO timeout when received SACK reneging
    - gtp: uapi: fix GTPA_MAX
    - gtp: fix fragmentation needed check with gso
    - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
    - drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO
    - iavf: in iavf_down, disable queues when removing the driver
    - scsi: sd: Introduce manage_shutdown device flag
    - blk-throttle: check for overflow in calculate_bytes_allowed
    - kasan: print the original fault addr when access invalid shadow
    - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
    - iio: afe: rescale: Accept only offset channels
    - iio: exynos-adc: request second interupt only when touchscreen mode is used
    - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
    - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
    - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
    - i2c: aspeed: Fix i2c bus hang in slave read
    - tracing/kprobes: Fix the description of variable length arguments
    - misc: fastrpc: Reset metadata buffer to avoid incorrect free
    - misc: fastrpc: Free DMA handles for RPC calls with no arguments
    - misc: fastrpc: Clean buffers on remote invocation failures
    - misc: fastrpc: Unmap only if buffer is unmapped from DSP
    - nvmem: imx: correct nregs for i.MX6ULL
    - nvmem: imx: correct nregs for i.MX6SLL
    - nvmem: imx: correct nregs for i.MX6UL
    - x86/cpu: Add model number for Intel Arrow Lake mobile processor
    - perf/core: Fix potential NULL deref
    - sparc32: fix a braino in fault handling in csum_and_copy_..._u

  linux-oem-6.1 (6.1.0-1026.26) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1026.26 -proposed tracker (LP: #2041950)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - [Packaging] update helper scripts

  * Fix system suspend problem for Cirrus CS35L41 HDA codec on HP ZBook Fury 16
    G9 (LP: #2042060)
    - ALSA: hda: cs35l41: Override the _DSD for HP Zbook Fury 17 G9 to correct
      boost type
    - ALSA: hda: cs35l41: Use reset label to get GPIO for HP Zbook Fury 17 G9
    - ALSA: hda: cs35l41: Assert reset before system suspend
    - ALSA: hda: cs35l41: Assert Reset prior to de-asserting in probe and system
      resume
    - ALSA: hda: cs35l41: Run boot process during resume callbacks
    - ALSA: hda: cs35l41: Force a software reset after hardware reset
    - ALSA: hda: cs35l41: Do not unload firmware before reset in system suspend
    - ALSA: hda: cs35l41: Check CSPL state after loading firmware
    - ASoC: cs35l41: Detect CSPL errors when sending CSPL commands

  * Support speaker mute hotkey for Cirrus CS35L41 HDA codec (LP: #2039151)
    - ALSA: hda: cs35l41: Support systems with missing _DSD properties
    - ALSA: hda: cs35l41: Fix the loop check in cs35l41_add_dsd_properties
    - ALSA: hda: cs35l41: Add notification support into component binding
    - ALSA: hda/realtek: Support ACPI Notification framework via component binding
    - ALSA: hda: cs35l41: Support mute notifications for CS35L41 HDA
    - ALSA: hda: cs35l41: Add read-only ALSA control for forced mute

  * Keyboard and Touchpad Not Working in New Lenovo V15 Gen4 Laptop
    (LP: #2034477)
    - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
    - platform/x86: Add s2idle quirk for more Lenovo laptops

  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0

  * CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup

  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception

  * CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads

 -- Timo Aaltonen <email address hidden> Wed, 01 Nov 2023 14:45:18 +0200

  linux-oem-6.1 (6.1.0-1025.25) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1025.25 -proposed tracker (LP: #2038056)

  * Jammy update: v6.1.57 upstream stable release (LP: #2039174)
    - spi: zynqmp-gqspi: fix clock imbalance on probe failure
    - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
    - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
    - mptcp: rename timer related helper to less confusing names
    - mptcp: fix dangling connection hang-up
    - mptcp: annotate lockless accesses to sk->sk_err
    - mptcp: move __mptcp_error_report in protocol.c
    - mptcp: process pending subflow error on close
    - ata,scsi: do not issue START STOP UNIT on resume
    - scsi: sd: Differentiate system and runtime start/stop management
    - scsi: sd: Do not issue commands to suspended disks on shutdown
    - scsi: core: Improve type safety of scsi_rescan_device()
    - scsi: Do not attempt to rescan suspended devices
    - ata: libata-scsi: Fix delayed scsi_rescan_device() execution
    - NFS: Cleanup unused rpc_clnt variable
    - NFS: rename nfs_client_kset to nfs_kset
    - NFSv4: Fix a state manager thread deadlock regression
    - mm/memory: add vm_normal_folio()
    - mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
    - mm/mempolicy: convert queue_pages_pte_range() to queue_folios_pte_range()
    - mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
    - mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are
      specified
    - mm/page_alloc: always remove pages from temporary list
    - mm/page_alloc: leave IRQs enabled for per-cpu page allocations
    - mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
    - ring-buffer: remove obsolete comment for free_buffer_page()
    - ring-buffer: Fix bytes info in per_cpu buffer stats
    - btrfs: use struct qstr instead of name and namelen pairs
    - btrfs: setup qstr from dentrys using fscrypt helper
    - btrfs: use struct fscrypt_str instead of struct qstr
    - Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
    - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
    - net: add sysctl accept_ra_min_rtr_lft
    - net: change accept_ra_min_rtr_lft to affect all RA lifetimes
    - net: release reference to inet6_dev pointer
    - arm64: cpufeature: Fix CLRBHB and BC detection
    - drm/amd/display: Adjust the MST resume flow
    - iommu/arm-smmu-v3: Set TTL invalidation hint better
    - iommu/arm-smmu-v3: Avoid constructing invalid range commands
    - rbd: move rbd_dev_refresh() definition
    - rbd: decouple header read-in from updating rbd_dev->header
    - rbd: decouple parent info read-in from updating rbd_dev
    - rbd: take header_rwsem in rbd_dev_refresh() only when updating
    - block: fix use-after-free of q->q_usage_counter
    - hwmon: (nzxt-smart2) Add device id
    - hwmon: (nzxt-smart2) add another USB ID
    - i40e: fix the wrong PTP frequency calculation
    - scsi: zfcp: Fix a double put in zfcp_port_enqueue()
    - iommu/vt-d: Avoid memory allocation in iommu_suspend()
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
    - net: ethernet: mediatek: disable irq before schedule napi
    - mptcp: userspace pm allow creating id 0 subflow
    - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
    - Bluetooth: hci_codec: Fix leaking content of local_codecs
    - Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
    - wifi: mwifiex: Fix tlv_buf_left calculation
    - md/raid5: release batch_last before waiting for another stripe_head
    - PCI: qcom: Fix IPQ8074 enumeration
    - net: replace calls to sock->ops->connect() with kernel_connect()
    - net: prevent rewrite of msg_name in sock_sendmsg()
    - drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
    - arm64: Add Cortex-A520 CPU part definition
    - arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
    - HID: sony: Fix a potential memory leak in sony_probe()
    - ubi: Refuse attaching if mtd's erasesize is 0
    - erofs: fix memory leak of LZMA global compressed deduplication
    - wifi: iwlwifi: dbg_ini: fix structure packing
    - wifi: iwlwifi: mvm: Fix a memory corruption issue
    - wifi: cfg80211: hold wiphy lock in auto-disconnect
    - wifi: cfg80211: move wowlan disable under locks
    - wifi: cfg80211: add a work abstraction with special semantics
    - wifi: cfg80211: fix cqm_config access race
    - wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
    - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
    - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
    - bpf: Fix tr dereferencing
    - regulator: mt6358: Drop *_SSHUB regulators
    - regulator: mt6358: Use linear voltage helpers for single range regulators
    - regulator: mt6358: split ops for buck and linear range LDO regulators
    - Bluetooth: Delete unused hci_req_prepare_suspend() declaration
    - Bluetooth: ISO: Fix handling of listen for unicast
    - drivers/net: process the result of hdlc_open() and add call of hdlc_close()
      in uhdlc_close()
    - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
    - perf/x86/amd/core: Fix overflow reset on hotplug
    - regmap: rbtree: Fix wrong register marked as in-cache when creating new node
    - wifi: mac80211: fix potential key use-after-free
    - perf/x86/amd: Do not WARN() on every IRQ
    - iommu/mediatek: Fix share pgtable for iova over 4GB
    - regulator/core: regulator_register: set device->class earlier
    - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
    - scsi: target: core: Fix deadlock due to recursive locking
    - ima: rework CONFIG_IMA dependency block
    - NFSv4: Fix a nfs4_state_manager() race
    - bpf: tcp_read_skb needs to pop skb regardless of seq
    - bpf, sockmap: Do not inc copied_seq when PEEK flag set
    - bpf, sockmap: Rejec

  linux-oem-6.1 (6.1.0-1024.24) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1024.24 -proposed tracker (LP: #2038210)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending

  * CVE-2023-42752
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()

  * CVE-2023-42572
    - net: add SKB_HEAD_ALIGN() helper

  * CVE-2023-5197
    - netfilter: nf_tables: disallow rule removal from chain binding

  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

  * Fix ADL: System enabled AHCI can't get into s0ix when attached ODD
    (LP: #2037493)
    - SAUCE: ata: ahci: Add Intel Alder Lake-P AHCI controller to low power
      chipsets list

  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

  * Infinite systemd loop when power off the machine with multiple MD RAIDs
    (LP: #2036184)
    - SAUCE: md: do not _put wrong device in md_seq_next

  * Fix RCU warning on AMD laptops (LP: #2036377)
    - power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint

 -- Timo Aaltonen <email address hidden> Tue, 03 Oct 2023 18:13:17 +0300