Package "linux"

  linux (5.13.0-52.59) impish; urgency=medium

  * impish/linux: 5.13.0-52.59 -proposed tracker (LP: #1978628)

  * CVE-2022-28388
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path

  * test_vxlan_under_vrf.sh in net from ubuntu_kernel_selftests failed (Check VM
    connectivity through VXLAN (underlay in the default VRF) [FAIL])
    (LP: #1871015)
    - selftests: net: test_vxlan_under_vrf: fix HV connectivity test
    - selftests: test_vxlan_under_vrf: Fix broken test case

  * [UBUNTU 20.04] CPU-MF: add extended counter set definitions for new IBM z16
    (LP: #1974433)
    - s390/cpumf: add new extended counter set for IBM z16

  * [UBUNTU 20.04] KVM nesting support leaks too much memory, might result in
    stalls during cleanup (LP: #1974017)
    - KVM: s390: vsie/gmap: reduce gmap_rmap overhead

  * [UBUNTU 20.04] Null Pointer issue in nfs code running Ubuntu on IBM Z
    (LP: #1968096)
    - NFS: Fix up nfs_ctx_key_to_expire()

  * prevent kernel panic with overlayfs + shiftfs (LP: #1973620)
    - SAUCE: overlayfs: prevent dereferencing struct file in ovl_vm_prfile_set()

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.05.30)

 -- Luke Nowakowski-Krijger <email address hidden> Wed, 15 Jun 2022 12:56:23 -0700

  linux (5.13.0-51.58) impish; urgency=medium

  * CVE-2022-21123 // CVE-2022-21125 // CVE-2022-21166
    - Documentation: Add documentation for Processor MMIO Stale Data
    - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
    - x86/speculation: Add a common function for MD_CLEAR mitigation update
    - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
    - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
    - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
    - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
    - x86/speculation/srbds: Update SRBDS mitigation selection
    - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
    - KVM: x86/speculation: Disable Fill buffer clear within guests
    - x86/speculation/mmio: Print SMT warning

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 13 Jun 2022 10:18:56 -0300

  linux (5.13.0-48.54) impish; urgency=medium

  * CVE-2022-1972
    - netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

  * CVE-2022-1966
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 01 Jun 2022 16:14:14 -0300

  linux (5.13.0-44.49) impish; urgency=medium

  * impish/linux: 5.13.0-44.49 -proposed tracker (LP: #1973941)

  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()

  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

 -- Kleber Sacilotto de Souza <email address hidden> Wed, 18 May 2022 14:56:02 +0200

  linux (5.13.0-41.46) impish; urgency=medium

  * impish/linux: 5.13.0-41.46 -proposed tracker (LP: #1969014)

  * NVMe devices fail to probe due to ACPI power state change (LP: #1942624)
    - ACPI: power: Rework turning off unused power resources
    - ACPI: PM: Do not turn off power resources in unknown state

  * Recent 5.13 kernel has broken KVM support (LP: #1966499)
    - KVM: Add infrastructure and macro to mark VM as bugged
    - KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
    - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled

  * LRMv6: add multi-architecture support (LP: #1968774)
    - [Packaging] resync dkms-build{,--nvidia-N}

  * io_uring regression - lost write request (LP: #1952222)
    - io-wq: split bounded and unbounded work into separate lists

  * xfrm interface cannot be changed anymore (LP: #1968591)
    - xfrm: fix the if_id check in changelink

  * Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
    - [Debian] Use kernel-testing repo from launchpad

  * vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
    selector (got 50)) (LP: #1956315)
    - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit

  * audio from external sound card is distorted (LP: #1966066)
    - ALSA: usb-audio: Fix packet size calculation regression

  * Impish update: upstream stable patchset 2022-04-12 (LP: #1968771)
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - btrfs: tree-checker: check item_size for inode_item
    - btrfs: tree-checker: check item_size for dev_item
    - clk: jz4725b: fix mmc0 clock gating
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - KVM: x86/mmu: make apf token non-zero to fix bug
    - drm/amdgpu: disable MMHUB PG for Picasso
    - drm/i915: Correctly populate use_sagv_wm for all pipes
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - CDC-NCM: avoid overflow in sanity checking
    - x86/fpu: Correct pkru/xstate inconsistency
    - tee: export teedev_open() and teedev_close_context()
    - optee: use driver internal tee_context for some rpc
    - ping: remove pr_err from ping_lookup
    - perf data: Fix double free in perf_session__delete()
    - bnx2x: fix driver load from initrd
    - bnxt_en: Fix active FEC reporting to ethtool
    - hwmon: Handle failure to register sensor with thermal zone correctly
    - bpf: Do not try bpf_msg_push_data with len 0
    - selftests: bpf: Check bpf_msg_push_data return value
    - bpf: Add schedule points in batch ops
    - io_uring: add a schedule point in io_add_buffers()
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - tipc: Fix end of loop tests for list_for_each_entry()
    - gso: do not skip outer ip header in case of ipip and net_failover
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
    - drm/edid: Always set RGB444
    - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
    - net: ll_temac: check the return value of devm_kmalloc()
    - net: Force inlining of checksum functions in net/checksum.h
    - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
    - netfilter: nf_tables: fix memory leak during stateful obj update
    - net/smc: Use a mutex for locking "struct smc_pnettable"
    - surface: surface3_power: Fix battery readings on batteries without a serial
      number
    - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
    - net/mlx5: Fix possible deadlock on rule deletion
    - net/mlx5: Fix wrong limitation of metadata match on ecpf
    - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
    - spi: spi-zynq-qspi: Fix a NULL pointer dereference in
      zynq_qspi_exec_mem_op()
    - regmap-irq: Update interrupt clear register for proper reset
    - RDMA/rtrs-clt: Fix possible double free in error case
    - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
    - configfs: fix a race in configfs_{,un}register_subsystem()
    - RDMA/ib_srp: Fix a deadlock
    - tracing: Have traceon and traceoff trigger honor the instance
    - iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
    - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
    - iio: Fix error handling for PM
    - sc16is7xx: Fix for incorrect data being transmitted
    - ata: pata_hpt37x: disable primary channel on HPT371
    - Revert "USB: serial: ch341: add new Product ID for CH341A"
    - usb: gadget: rndis: add spinlock for rndis response list
    - tracefs: Set the group ownership in apply_options() not parse_options()
    - USB: serial: option: add support for DW5829e
    - USB: serial: option: add Telit LE910R1 compositions
    - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
    - usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    - xhci: re-initialize the HC during resume if HCE was set
    - xhci: Prevent futile URB re-submissions due to incorrect return value.
    - driver core: Free DMA range map when device is released
    - RDMA/cma: Do not change route.addr.src_addr outside state checks
    - thermal: int340x: fix memory leak in int3400_notify()
    - riscv: fix oops caused by irqsoff latency tracer
    - tty: n_gsm: fix encoding of control signal octet bit DV
    - tty: n_gsm: fix proper link termination after failed open
    - tty: n_gsm: fix NULL pointer access due to DLCI release
    - tty: n_gsm: fix wrong tty control line for flow control
    - tty: n_gsm: fix deadlock in gsmtty_open()
    - gpio: tegra186: Fi