Package "linux-tools-host"

  linux (6.8.0-91.92) noble; urgency=medium

  * noble/linux: 6.8.0-91.92 -proposed tracker (LP: #2132306)

  * cifs: Fix memory leak of a folio every call to cifs_writepages_begin()
    (LP: #2131213)
    - cifs: fix pagecache leak when do writepages

  * CAP_PERFMON insufficient to get perf data (LP: #2131046)
    - SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4

  * i40e driver is triggering VF resets on every link state change
    (LP: #2130552)
    - i40e: avoid redundant VF link state updates

  * Dell AIO backlight is not working, dell_uart_backlight module is missing
    (LP: #2083800)
    - SAUCE: Removed sauce dell-uart-backlight driver
    - Revert "UBUNTU: SAUCE: ACPI: video: Dell AIO UART backlight detection"
    - platform/x86: Add new Dell UART backlight driver
    - ACPI: video: Add Dell UART backlight controller detection
    - SAUCE: dell_uart_backlight: size_t -> ssize_t
    - ACPI: video: Add backlight=native quirk for Dell OptiPlex 7760 AIO
    - ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO
    - [Config] enable CONFIG_DELL_UART_BACKLIGHT

  * Ubuntu x86_64 6.8 kernels won't build if CONFIG_FB_HYPERV config option is
    enabled (LP: #2127971)
    - fbdev: Introduce devm_register_framebuffer()

  * Run iio_info will be stucked forever (HID-
    SENSOR-200011.5.auto/iio:device1) (LP: #2102077)
    - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras

  * kernel: sysfs: cannot create duplicate filename
    '/bus/platform/devices/iTCO_wdt' (LP: #2121997)
    - i2c: i801: Hide Intel Birch Stream SoC TCO WDT

  * Noble update: upstream stable patchset 2025-10-30 (LP: #2130344)
    - fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
    - selftests/exec: load_address: conform test to TAP format output
    - binfmt_elf: Leave a gap between .bss and brk
    - selftests/exec: Build both static and non-static load_address tests
    - binfmt_elf: Calculate total_size earlier
    - binfmt_elf: Honor PT_LOAD alignment for static PIE
    - binfmt_elf: Move brk for static PIE even if ASLR disabled
    - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie
      14XA (GX4HRXL)
    - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
    - cgroup/cpuset: Extend kthread_is_per_cpu() check to all
      PF_NO_SETAFFINITY tasks
    - tracing: probes: Fix a possible race in trace_probe_log APIs
    - tpm: tis: Double the timeout B to 4s
    - firmware: arm_scmi: Add helper to trace bad messages
    - firmware: arm_scmi: Add message dump traces for bad and unexpected
      replies
    - firmware: arm_scmi: Add support for debug metrics at the interface
    - [Config] do not enable new support for SCMI debug metrics
    - firmware: arm_scmi: Track basic SCMI communication debug metrics
    - iio: adc: ad7266: Fix potential timestamp alignment issue.
    - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
    - iio: chemical: sps30: use aligned_s64 for timestamp
    - HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
    - spi: loopback-test: Do not split 1024-byte hexdumps
    - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
    - tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get
      operation
    - tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
    - mctp: no longer rely on net->dev_index_head[]
    - net: mctp: Ensure keys maintain only one ref to corresponding dev
    - ALSA: seq: Fix delivery of UMP events to group ports
    - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
    - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
    - nvme-pci: make nvme_pci_npages_prp() __always_inline
    - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
    - ALSA: sh: SND_AICA should depend on SH_DMA_API
    - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
    - octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
    - net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW
      capability
    - octeontx2-af: Fix CGX Receive counters
    - tsnep: fix timestamping with a stacked DSA driver
    - NFSv4/pnfs: Reset the layout state after a layoutreturn
    - udf: Make sure i_lenExtents is uptodate on inode eviction
    - LoongArch: Prevent cond_resched() occurring within kernel-fpu
    - LoongArch: Save and restore CSR.CNTC for hibernation
    - LoongArch: Fix MAX_REG_OFFSET calculation
    - LoongArch: uprobes: Remove user_{en,dis}able_single_step()
    - LoongArch: uprobes: Remove redundant code about resume_era
    - drm/amd/display: Correct the reply value when AUX write incomplete
    - drm/amd/display: Avoid flooding unnecessary info messages
    - ACPI: PPTT: Fix processor subtable walk
    - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
    - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
    - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
    - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
    - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
    - hv_netvsc: Remove rmsg_pgcnt
    - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
    - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
    - ftrace: Fix preemption accounting for stacktrace trigger command
    - ftrace: Fix preemption accounting for stacktrace filter command
    - tracing: samples: Initialize trace_array_printk() with the correct
      function
    - phy: Fix error handling in tegra_xusb_port_init
    - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
    - phy: renesas: rcar-gen3-usb2: Set timing registers only once
    - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
    - smb: client: fix memory leak during error handling for POSIX mkdir
    - spi: tegra114: Use value to check for invalid delays
    - net: qede: Initialize qed

  linux (6.8.0-88.89) noble; urgency=medium

  * noble/linux: 6.8.0-88.89 -proposed tracker (LP: #2127619)

  * Enable Xilinx PS UART configs (LP: #2121337)
    - [Config] Enable Xilinx PS UART configs

  * Fix ARL-U/H suspend issues (LP: #2112469)
    - platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
      driver
    - platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID

  * r8169 can not wake on LAN via SFP moudule (LP: #2123901)
    - r8169: set EEE speed down ratio to 1

  * Add pvpanic kernel modules to linux-modules (LP: #2126659)
    - [Packaging] Add pvpanic kernel modules to linux-modules

  * CVE-2025-21729
    - wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion

  * Fix failure to build TDX module (LP: #2126698)
    - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

  * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
    kernel and console (LP: #2123815)
    - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
      for multiple object contexts

  * ensure mptcp keepalives are honored when set (LP: #2125444)
    - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN

  * System hangs when running the memory stress test (LP: #2103680)
    - mm: page_alloc: avoid kswapd thrashing due to NUMA restrictions

  * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
    dereference (LP: #2125053)
    - SAUCE: fan: vxlan: check memory allocation for map

  * jammy:linux-riscv-6.8 is FTBFS because of wrong include (LP: #2122592)
    - SAUCE: riscv: KVM: Remove broken include

  * Performance degrades rapidly when spawning more processes to run benchmark
    (LP: #2122006)
    - cpuidle: menu: Avoid discarding useful information
    - cpuidle: governors: menu: Avoid using invalid recent intervals data

  * CVE-2025-38227
    - media: vidtv: Terminating the subsequent process of initialization
      failure

  * CVE-2025-38678
    - netfilter: nf_tables: reject duplicate device on updates

  * CVE-2025-38616
    - tls: handle data disappearing from under the TLS ULP

  * CVE-2025-37838
    - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
      Driver Due to Race Condition

  * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
    - Documentation/hw-vuln: Add VMSCAPE documentation
    - x86/vmscape: Enumerate VMSCAPE bug
    - x86/vmscape: Add conditional IBPB mitigation
    - x86/vmscape: Enable the mitigation
    - x86/bugs: Move cpu_bugs_smt_update() down
    - x86/vmscape: Warn when STIBP is disabled with SMT
    - x86/vmscape: Add old Intel CPUs to affected list

  * VMSCAPE CVE-2025-40300 (LP: #2124105)
    - [Config] Enable MITIGATION_VMSCAPE config

  * CVE-2025-38352
    - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
      posix_cpu_timer_del()

  * CVE-2025-38118
    - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
    - Bluetooth: MGMT: Fix sparse errors

 -- Edoardo Canepa <email address hidden> Sat, 11 Oct 2025 01:38:46 +0200

  linux (6.8.0-86.87) noble; urgency=medium

  * noble/linux: 6.8.0-86.87 -proposed tracker (LP: #2125391)
    - Fix FTBS caused by incorrect pick/backport of
      "perf dso: fix dso__is_kallsyms() check"

  * noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
    (LP: #2121673)
    - mm: memcg: add NULL check to obj_cgroup_put()
    - memcg: drain obj stock on cpu hotplug teardown

  * [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
    hardware - perf part (LP: #2103415)
    - perf list: Add IBM z17 event descriptions

  * memory leaks when configuring a small rate limit in audit (LP: #2122554)
    - audit: fix skb leak when audit rate limit is exceeded

  * [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
    - s390/pai: export number of sysfs attribute files
    - s390/pai_crypto: Add support for MSA 10 and 11 pai counters
    - s390/pai_ext: Update PAI extension 1 counters

  * [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
    (LP: #2121150)
    - s390/pci: Allow automatic recovery with minimal driver support

  * [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
    (LP: #2121149)
    - s390/pci: Fix stale function handles in error handling
    - s390/pci: Do not try re-enabling load/store if device is disabled

  * [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
    - vfio/pci: Extract duplicated code into macro
    - vfio/pci: Support 8-byte PCI loads and stores
    - vfio/pci: Fix typo in macro to declare accessors

  * x86 systems with PCIe BAR addresses located outside a certain range see
    P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
    - x86/kaslr: Reduce KASLR entropy on most x86 systems
    - x86/mm/init: Handle the special case of device private pages in
      add_pages(), to not increase max_pfn and trigger
      dma_addressing_limited() bounce buffers

  * sources list generation using dwarfdump takes up to 0.5hr in build process
    (LP: #2104911)
    - [Packaging] Don't generate list of source files

  * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
    namespaces (LP: #2121257)
    - apparmor: shift ouid when mediating hard links in userns
    - apparmor: shift uid when mediating af_unix in userns

  * UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
    (LP: #2119713)
    - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller

  * [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
    work (LP: #2102749)
    - ASoC: amd: yc: update quirk data for new Lenovo model

  * Fix compilation failure because of incomplete backport (LP: #2120561)
    - SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
      ctnetlink_secctx_size()

  * Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
    - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
    - cpufreq: scpi: compare kHz instead of Hz
    - smack: dont compile ipv6 code unless ipv6 is configured
    - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
    - EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
      Rapids
    - x86/fpu: Fix guest FPU state buffer allocation size
    - x86/fpu: Avoid copying dynamic FP state from init_task in
      arch_dup_task_struct()
    - x86/platform: Only allow CONFIG_EISA for 32-bit
    - [Config] updateconfigs after disabling CONFIG_EISA for amd64
    - x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
    - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
    - PM: sleep: Adjust check before setting power.must_resume
    - RISC-V: KVM: Disable the kernel perf counter during configure
    - selinux: Chain up tool resolving errors in install_policy.sh
    - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
    - EDAC/ie31200: Fix the DIMM size mask for several SoCs
    - EDAC/ie31200: Fix the error path order of ie31200_init()
    - PM: sleep: Fix handling devices with direct_complete set on errors
    - lockdep: Don't disable interrupts on RT in
      disable_irq_nosync_lockdep.*()
    - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
    - x86/traps: Make exc_double_fault() consistently noreturn
    - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
    - media: verisilicon: HEVC: Initialize start_bit field
    - media: platform: allgro-dvt: unregister v4l2_device on the error path
    - platform/x86: dell-ddv: Fix temperature calculation
    - ASoC: cs35l41: check the return value from spi_setup()
    - HID: remove superfluous (and wrong) Makefile entry for
      CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
    - dt-bindings: vendor-prefixes: add GOcontroll
    - ALSA: hda/realtek: Always honor no_shutup_pins
    - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
      compatible
    - drm/bridge: ti-sn65dsi86: Fix multiple instances
    - drm/dp_mst: Fix drm RAD print
    - drm: xlnx: zynqmp: Fix max dma segment size
    - PCI: Use downstream bridges for distributing resources
    - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
    - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
    - drm/msm/dpu: don't use active in atomic_check()
    - drm/msm/dsi: Use existing per-interface slice count in DSC timing
    - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
    - drm/amdkfd: Fix Circular Locking Dependency in
      'svm_range_cpu_invalidate_pagetables'
    - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
      payload
    - PCI: brcmstb: Use internal register to change link capability
    - PCI: brcmstb: Fix potential premature regulator disabling
    - PCI/portdrv: Only disable pciehp interrupts early when needed
    - drm/amd/display: fix type mismatch in
      CalculateDynamicMetadataParameters()
    - PCI: Remove stray put_device() in pci_register_

  linux (6.8.0-84.84) noble; urgency=medium

  * Linux refcount imbalance in af_unix subsystem (LP: #2121515)
    - SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes

  linux (6.8.0-81.81) noble; urgency=medium

  * noble/linux: 6.8.0-81.81 -proposed tracker (LP: #2121671)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.08.11)

  * nvme no longer detected on boot after upgrade to 6.8.0-60 (LP: #2111521)
    - SAUCE: PCI: Disable RRS polling for Intel SSDPE2KX020T8 nvme

  * No IP Address assigned after hot-plugging Ethernet cable on HP Platform
    (LP: #2115393)
    - Revert "e1000e: change k1 configuration on MTP and later platforms"

  * minimal kernel lacks modules for blk disk in arm64 openstack environments
    where config_drive is required (LP: #2118499)
    - [Config] Enable SYM53C8XX_2 on arm64

  * rcu: Eliminate deadlocks involving do_exit() and RCU tasks (LP: #2117123)
    - rcu-tasks: Initialize callback lists at rcu_init() time
    - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() deadlocks
    - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU tasks
    - rcu-tasks: Maintain real-time response in rcu_tasks_postscan()

  * BPF header file in wrong location (LP: #2118965)
    - [Packaging] Install bpf header to correct location

  * i915: support ARL-H gpu (LP: #2117716)
    - drm/i915: Add additional ARL PCI IDs
    - drm/i915/mtl: Add fake PCH for Meteor Lake
    - drm/i915/mtl: Wake GT before sending H2G message
    - drm/i915/xelpg: Add workaround 14019877138
    - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
    - drm/i915/display: correct dual pps handling for MTL_PCH+

  * Ubuntu 24.04.2: NULL pointer dereference with Ceph and selinux
    (LP: #2115447)
    - SAUCE: fs/ceph, selinux: fix NULL pointer dereference on CephFS write
      with SELinux in permissive mode

  * Noble update: upstream stable patchset 2025-08-04 (LP: #2119458)
    - clockevents/drivers/i8253: Fix stop sequence for timer 0
    - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
    - hrtimer: Use and report correct timerslack values for realtime tasks
    - mm: add nommu variant of vm_insert_pages()
    - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
    - io_uring: don't attempt to mmap larger than what the user asks for
    - io_uring: fix corner case forgetting to vunmap
    - io_uring: use vmap() for ring mapping
    - io_uring: unify io_pin_pages()
    - io_uring/kbuf: vmap pinned buffer ring
    - io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring
    - io_uring: use unpin_user_pages() where appropriate
    - io_uring: fix error pbuf checking
    - rust: Disallow BTF generation with Rust + LTO
    - rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and
      `Option<KBox<T>>`
    - lib/buildid: Handle memfd_secret() files in build_id_parse()
    - mm: split critical region in remap_file_pages() and invoke LSMs in
      between
    - stmmac: loongson: Pass correct arg to PCI function
    - rust: lockdep: Remove support for dynamically allocated LockClassKeys
    - netfilter: nf_tables: allow clone callbacks to sleep
    - drm/amd/display: should support dmub hw lock on Replay
    - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
    - KVM: arm64: Calculate cptr_el2 traps on activating traps
    - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
    - KVM: arm64: Remove host FPSIMD saving for non-protected KVM
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
    - KVM: arm64: Refactor exit handlers
    - KVM: arm64: Eagerly switch ZCR_EL{1,2}
    - Revert "sched/core: Reduce cost of sched_move_task when config
      autogroup"
    - wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version
      8
    - netfilter: nft_counter: Use u64_stats_t for statistic.
    - firmware: imx-scu: fix OF node leak in .probe()
    - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply
    - arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar
    - xfrm: fix tunnel mode TX datapath in packet offload mode
    - xfrm_output: Force software GSO only in tunnel mode
    - soc: imx8m: Remove global soc_uid
    - soc: imx8m: Use devm_* to simplify probe failure handling
    - soc: imx8m: Unregister cpufreq and soc dev in cleanup path
    - ARM: dts: bcm2711: Fix xHCI power-domain
    - ARM: dts: bcm2711: PL011 UARTs are actually r1p5
    - arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1
    - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
    - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate()
    - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
    - ARM: dts: bcm2711: Don't mark timer regs unconfigured
    - dma-mapping: fix missing clear bdr in check_ram_in_range_map()
    - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
    - RDMA/hns: Fix soft lockup during bt pages loop
    - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
    - RDMA/hns: Fix a missing rollback in error path of
      hns_roce_create_qp_common()
    - RDMA/hns: Fix missing xa_destroy()
    - RDMA/hns: Fix wrong value of max_sge_rd
    - Bluetooth: Fix error code in chan_alloc_skb_cb()
    - Bluetooth: hci_event: Fix connection regression between LE and non-LE
      adapters
    - accel/qaic: Fix possible data corruption in BOs > 2G
    - ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX
    - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
    - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
    - devlink: fix xa_alloc_cyclic() error handling
    - dpll: fix xa_alloc_cyclic() error handling
    - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
    - net: atm: fix use after free in lec_send()
    - net: lwtunnel: fix recursion loops
    - net: ipv6: ioam6: fix lwtunnel_output() loop
    - libfs: Fix duplicate directory entry in offset_dir_lookup
    - net/n