[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.140-1) bullseye; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
- Makefile: link with -z noexecstack --no-warn-rwx-segments
- [x86] link vdso and boot with -z noexecstack --no-warn-rwx-segments
- Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
- ALSA:
bcd2000: Fix a UAF bug on the error path of probing
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
- wifi: mac80211_hwsim: fix race condition in pending packet
- wifi: mac80211_hwsim: add back erroneously removed cast
- wifi: mac80211_hwsim: use 32-bit skb cookie
- add barriers to buffer_uptodate and set_buffer_uptodate
- HID: wacom: Only report rotation for art pen
- HID: wacom: Don't register pad_input for touch switch
- [x86] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
case
- [x86] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending
case
- [x86] KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- [s390x] KVM: s390: pv: don't present the ecall interrupt twice
- [x86] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
- [x86] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks
- [x86] KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP
- [x86] KVM: x86: Tag kvm_mmu_x86_module_init() with __init
- mm: Add kvrealloc()
- xfs: only set IOMAP_F_SHARED when providing a srcmap to a write
- xfs: fix I_DONTCACHE
- mm/mremap: hold the rmap lock in write mode when moving page table
entries.
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
- ALSA: hda/cirrus - support for iMac 12,1 model
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
- tty: vt: initialize unicode screen buffer
- vfs: Check the truncate maximum size in inode_newsize_ok()
- fs: Add missing umask strip in vfs_tmpfile
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
- fbcon: Fix accelerated fbdev scrolling while logo is still shown
- usbnet: Fix linkwatch use-after-free on disconnect
- ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
- [arm*] drm/vc4: hdmi: Disable audio if dmas property is present but empty
- drm/nouveau: fix another off-by-one in nvbios_addr
- drm/nouveau: Don't pm_runtime_put_sync(), only
pm_runtime_put_autosuspend()
- drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from
pm_runtime
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains
- iio: light: isl29028: Fix the warning in isl29028_remove()
- scsi: sg: Allow waiting for commands to complete on removed device
- scsi: qla2xxx: Fix incorrect display of max frame size
- scsi: qla2xxx: Zero undefined mailbox IN registers
- fuse: limit nsec
- [arm64] serial: mvebu-uart: uart2 error bits clearing
- md-raid: destroy the bitmap after destroying the thread
- md-raid10: fix KASAN warning
- PCI: Add defines for normal and subtractive PCI bridges
- [powerpc*] powernv: Avoid crashing if rng is NULL
- [mips64el,mipsel] cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
- USB: HCD: Fix URB giveback issue in tasklet function
- [arm64,armhf] usb: dwc3: gadget: refactor dwc3_repare_one_trb
- [arm64,armhf] usb: dwc3: gadget: fix high speed multiplier setting
- netfilter: nf_tables: fix null deref due to zeroed list head
- epoll: autoremove wakers even more aggressively
- [x86] Handle idle=nomwait cmdline properly for x86_idle
- [arm64] Do not forget syscall when starting a new thread.
- [arm64] fix oops in concurrently setting insn_emulation sysctls
- genirq: Don't return error on missing optional irq_request_resources()
- [mips64el,mipsel] irqchip/mips-gic: Only register IPI domain when SMP is
enabled
- genirq: GENERIC_IRQ_IPI depends on SMP
- [mips64el,mipsel] irqchip/mips-gic: Check the return value of ioremap() in
gic_of_init()
- wait: Fix __wait_event_hrtimeout for RT/DL tasks
- [armhf] OMAP2+: display: Fix refcount leak bug
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
- ACPI: PM: save NVS memory for Lenovo G40-45
- ACPI: LPSS: Fix missing check in register_device_clock()
- [arm64] dts: allwinner: a64: orangepi-win: Fix LED node name
- PM: hibernate: defer device probing when resuming from hibernation
- selinux: Add boundary check in put_entry()
- [armel,armhf] findbit: fix overflowing offset
- [arm64,armhf] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
- ACPI: processor/idle: Annotate more functions to live in cpuidle section
- Input: atmel_mxt_ts - fix up inverted RESET handler
- [arm64] soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
- [x86] pmem: Fix platform-device leak in error path
- [armhf] dts: ast2500-evb: fix board compatible
- [armhf] dts: ast2600-evb: fix board compatible
- [arm64] cpufeature: Allow different PMU versions in ID_DFR0_EL1
- locking/lockdep: Fix lockdep_init_map_*() confusion
- [arm64] soc: fsl: guts: machine variable might be unset
- block: fix infinite loop for invalid zone append
- [armhf] OMAP2+: Fix refcount leak in omapdss_init_of
- [armhf] OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
- [arm64] regulator: qcom_smd: Fix pm8916_pldo range
- [arm64] ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
- [arm64] bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe()
- erofs: avoid consecutive detection for Highmem memory
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
- hwmon: (drivetemp) Add module alias
- block: remove the request_queue to argument request based tracepoints
- blktrace: Trace remapped requests correctly
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
- dm: return early from dm_pr_call() if DM device is suspended
- ath10k: do not enforce interrupt trigger type
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
- ath11k: fix netdev open race
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer
- ath11k: Fix incorrect debug_mask mappings
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
- virtio-gpu: fix a missing check to avoid NULL dereference
- [arm64] drm: adv7511: override i2c address of cec before accessing it
- net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
- i2c: Fix a potential use after free
- media: tw686x: Register the irq at the end of probe
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679)
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd()
- drm/radeon: fix incorrrect SPDX-License-Identifiers
- [amd64] crypto: ccp - During shutdown, check SEV data pointer before using
- [arm64] drm: bridge: adv7511: Add check for mipi_dsi_driver_register
- media: hdpvr: fix error value returns in hdpvr_read
- [arm64,armhf] media: v4l2-mem2mem: prevent pollerr when
last_buffer_dequeued is set
- media: tw686x: Fix memory leak in tw686x_video_init
- [arm*] drm/vc4: plane: Remove subpixel positioning check
- [arm*] drm/vc4: plane: Fix margin calculations for the right/bottom edges
- [arm*] drm/vc4: dsi: Correct DSI divider calculations
- [arm*] drm/vc4: dsi: Correct pixel order for DSI0
- [arm*] drm/vc4: drv: Remove the DSI pointer in vc4_drv
- [arm*] drm/vc4: dsi: Use snprintf for the PHY clocks instead of an array
- [arm*] drm/vc4: dsi: Introduce a variant structure
- [arm*] drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
- [arm*] drm/vc4: dsi: Fix dsi0 interrupt support
- [arm*] drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration
- [arm*] drm/vc4: hdmi: Remove firmware logic for MAI threshold setting
- [arm*] drm/vc4: hdmi: Avoid full hdmi audio fifo writes
- [arm*] drm/vc4: hdmi: Don't access the connector state in reset if kmalloc
fails
- [arm*] drm/vc4: hdmi: Limit the BCM2711 to the max without scrambling
- [arm*] drm/vc4: hdmi: Fix timings for interlaced modes
- [arm*] drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
- [arm64,armhf] drm/rockchip: vop: Don't crash for invalid duplicate_state()
- [arm64,armhf] drm/rockchip: Fix an error handling path rockchip_dp_probe()
- lib: bitmap: order includes alphabetically
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
- hinic: Use the bitmap API when applicable
- net: hinic: fix bug that ethtool get wrong stats
- net: hinic: avoid kernel hung in hinic_get_stats64()
- [arm64] drm/msm/mdp5: Fix global state lock backoff
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
- tcp: make retransmitted SKB fit into the send window
- bpf: Fix subprog names in stack traces.
- fs: check FMODE_LSEEK to control internal pipe splicing
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
- [i386] can: pch_can: do not report txerr and rxerr during bus-off
- can: sja1000: do not report txerr and rxerr during bus-off
- [armhf] can: sun4i_can: do not report txerr and rxerr during bus-off
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
- can: usb_8dev: do not report txerr and rxerr during bus-off
- can: error: specify the values of data[5..7] of CAN error frames
- [i386] can: pch_can: pch_can_error(): initialize errc before using it
- Bluetooth: hci_intel: Add check for platform_driver_register
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()`
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
- [arm64,armhf] media: cedrus: hevc: Add check for invalid timestamp
- net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS
cipher/version
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
- [arm64] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
- inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
- tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
- ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
- tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
- net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
- iavf: Fix max_rate limiting
- net: rose: fix netdev reference changes
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
- wireguard: ratelimiter: use hrtimer in selftest
- wireguard: allowedips: don't corrupt stack when detecting overflow
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
- mtd: partitions: Fix refcount leak in parse_redboot_of
- [arm64,armhf] usb: xhci: tegra: Fix error check
- netfilter: xtables: Bring SPDX identifier back
- [arm64,armhf] platform/chrome: cros_ec: Always expose last resume result
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware
- mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
- driver core: fix potential deadlock in __driver_attach
- usb: host: xhci: use snprintf() in xhci_decode_trb()
- [arm64,armhf] PCI: dwc: Add unroll iATU space support to
dw_pcie_disable_atu()
- [arm64,armhf] PCI: dwc: Always enable CDM check if "snps,enable-cdm-check"
exists
- soundwire: bus_type: fix remove and shutdown support
- [arm64] KVM: arm64: Don't return from void function
- [x86] intel_th: Fix a resource leak in an error handling path
- [x86] intel_th: msu-sink: Potential dereference of null pointer
- [x86] intel_th: msu: Fix vmalloced buffers
- [x86] staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback
- [arm64] mmc: sdhci-of-esdhc: Fix refcount leak in
esdhc_signal_voltage_switch
- mmc: block: Add single read for 4k sector cards
- [s390x] KVM: s390: pv: leak the topmost page table when destroy fails
- PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
- [arm64] PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
- scsi: smartpqi: Fix DMA direction for RAID requests
- [armhf] usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
- [arm64,armhf] usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
- [arm64,armhf] usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during
bootup
- [arm64,armhf] usb: dwc3: qcom: fix missing optional irq warnings
- RDMA/qedr: Improve error logs for rdma_alloc_tid error return
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
- [arm64] RDMA/hns: Fix incorrect clearing of interrupt status register
- [amd64] RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
- [mips64el,mipsel] mmc: cavium-octeon: Add of_node_put() when breaking out
of loop
- HID: alps: Declare U1_UNICORN_LEGACY support
- USB: serial: fix tty-port initialized comments
- [armhf,i386] platform/olpc: Fix uninitialized data in debugfs write
- RDMA/srpt: Duplicate port name members
- RDMA/srpt: Introduce a reference count in struct srpt_device
- RDMA/srpt: Fix a use-after-free
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
- RDMA/mlx5: Add missing check for return value in get namespace flow
- RDMA/rxe: Fix error unwind in rxe_create_qp()
- null_blk: fix ida error handling in null_add_dev()
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
- ext4: recover csum seed of tmp_inode after migrating to extents
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted
- opp: Fix error check in dev_pm_opp_attach_genpd()
- serial: 8250: Export ICR access helpers for internal use
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
- profiling: fix shift too large makes kernel panic
- tty: n_gsm: Delete gsmtty open SABM frame when config requester
- tty: n_gsm: fix user open not possible at responder until initiator open
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
- tty: n_gsm: fix non flow control frames during mux flow off
- tty: n_gsm: fix packet re-transmission without open control channel
- tty: n_gsm: fix race condition in gsmld_write()
- [arm64] ASoC: qcom: Fix missing of_node_put() in
asoc_qcom_lpass_cpu_platform_probe()
- vfio: Remove extra put/gets around vfio_device->group
- vfio: Simplify the lifetime logic for vfio_device
- vfio: Split creation of a vfio_device into init and register ops
- tty: n_gsm: fix wrong T1 retry count handling
- tty: n_gsm: fix DM command
- tty: n_gsm: fix missing corner cases in gsmld_poll()
- kfifo: fix kfifo_to_user() return type
- lib/smp_processor_id: fix imbalanced instrumentation_end() call
- [arm64] mfd: max77620: Fix refcount leak in max77620_initialise_fps
- [arm64] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of
loop
- [s390x] dump: fix old lowcore virtual vs physical address confusion
- fuse: Remove the control interface for virtio-fs
- [armhf] ASoC: audio-graph-card: Add of_node_put() in fail path
- [arm64] watchdog: armada_37xx_wdt: check the return value of
devm_ioremap() in armada_37xx_wdt_probe()
- [arm64,armhf] video: fbdev: amba-clcd: Fix refcount leak bugs
- video: fbdev: sis: fix typos in SiS_GetModeID()
- [powerpc*] pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
alias
- f2fs: don't set GC_FAILURE_PIN for background GC
- f2fs: write checkpoint during FG_GC
- f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
- [powerpc*] xive: Fix refcount leak in xive_get_max_prio
- kprobes: Forbid probing on trampoline and BPF code areas
- [powerpc*] pci: Fix PHB numbering when using opal-phbid
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
- sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
- [amd64] x86/numa: Use cpumask_available instead of hardcoded NULL check
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
- sched: Fix the check of nr_running at queue wakelist
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
- video: fbdev: arkfb: Check the size of screen before memset_io()
- video: fbdev: s3fb: Check the size of screen before memset_io()
- [s390x] scsi: zfcp: Fix missing auto port scan and thus missing target
ports
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
- [x86] bugs: Enable STIBP for IBPB mitigated RETBleed
- [x86] ftrace/x86: Add back ftrace_expected assignment
- __follow_mount_rcu(): verify that mount_lock remains unchanged
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
- [x86] drm/i915/dg1: Update DMC_DEBUG3 register
- HID: Ignore battery for Elan touchscreen on HP Spectre X360 15-df0xxx
- HID: hid-input: add Surface Go battery quirk
- [arm*] drm/vc4: drv: Adopt the dma configuration from the HVS or V3D
component
- usbnet: smsc95xx: Don't clear read-only PHY interrupt
- usbnet: smsc95xx: Avoid link settings race on interrupt reception
- [x86] intel_th: pci: Add Meteor Lake-P support
- [x86] intel_th: pci: Add Raptor Lake-S PCH support
- [x86] intel_th: pci: Add Raptor Lake-S CPU support
- [x86] KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
- [x86] KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
- [amd64] iommu/vt-d: avoid invalid memory access via
node_online(NUMA_NO_NODE)
- PCI/AER: Write AER Capability only when we control it
- PCI/ERR: Bind RCEC devices to the Root Port driver
- PCI/ERR: Rename reset_link() to reset_subordinates()
- PCI/ERR: Simplify by using pci_upstream_bridge()
- PCI/ERR: Simplify by computing pci_pcie_type() once
- PCI/ERR: Use "bridge" for clarity in pcie_do_recovery()
- PCI/ERR: Avoid negated conditional for clarity
- PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery()
- PCI/ERR: Recover from RCEC AER errors
- PCI/AER: Iterate over error counters instead of error strings
- serial: 8250: Dissociate 4MHz Titan ports from Oxford ports
- serial: 8250: Correct the clock for OxSemi PCIe devices
- serial: 8250_pci: Refactor the loop in pci_ite887x_init()
- serial: 8250_pci: Replace dev_*() by pci_*() macros
- serial: 8250: Fold EndRun device support into OxSemi Tornado code
- dm writecache: set a default MAX_WRITEBACK_JOBS
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
- timekeeping: contribute wall clock to rng on time change
- btrfs: reject log replay if there is unsupported RO compat flag
- btrfs: reset block group chunk force if we have to wait
- [amd64,arm64] ACPI: CPPC: Do not prevent CPPC from working in the future
- [x86] KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
- [x86] KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()
- [x86] KVM: SVM: Drop VMXE check from svm_set_cr4()
- [x86] KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops
hook
- [x86] KVM: nVMX: Inject #UD if VMXON is attempted with incompatible
CR0/CR4
- [x86] KVM: x86/pmu: preserve IA32_PERF_CAPABILITIES across CPUID refresh
- [x86] KVM: x86/pmu: Use binary search to check filtered events
- [x86] KVM: x86/pmu: Use different raw event masks for AMD and Intel
- [x86] KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
- [x86] KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's
no vPMU
- [x86] KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support
global_ctrl
- xen-blkback: fix persistent grants negotiation
- xen-blkback: Apply 'feature_persistent' parameter when connect
- xen-blkfront: Apply 'feature_persistent' parameter when connect
- KEYS: asymmetric: enforce SM2 signature use pkey algo
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
- tracing: Use a struct alignof to determine trace event field alignment
- ext4: check if directory block is within i_size (CVE-2022-1184)
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- ext4: fix warning in ext4_iomap_begin as race between bmap and write
- ext4: make sure ext4_append() always allocates new block
- ext4: fix use-after-free in ext4_xattr_set_entry
- ext4: update s_overhead_clusters in the superblock during an on-line
resize
- ext4: fix extent status tree race in writeback error recovery path
- ext4: correct max_inline_xattr_value_size computing
- ext4: correct the misjudgment in ext4_iget_extra_inode
- dm raid: fix address sanitizer warning in raid_resume
- dm raid: fix address sanitizer warning in raid_status
- KVM: Add infrastructure and macro to mark VM as bugged
- [x86] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC
irq (CVE-2022-2153)
- [x86] KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (CVE-2022-2153)
- mac80211: fix a memory leak where sta_info is not freed
- tcp: fix over estimation in sk_forced_mem_schedule()
- Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
- [arm*] drm/vc4: change vc4_dma_range_matches from a global to static
- Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
- [x86] kvm: x86/pmu: Fix the compare function used by the pmu event filter
- [arm64] tee: add overflow check in register_shm_helper()
- net/9p: Initialize the iounit field during fid creation
- net_sched: cls_route: disallow handle of 0
- sched/fair: Fix fault in reweight_entity
- btrfs: only write the sectors in the vertical stripe which has data
stripes
- btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.138
- ALSA: info: Fix llseek return value when using callback
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
- [x86] mm: Use proper mask when setting PUD mapping
- rds: add missing barrier to release_refill
- ata: libata-eh: Add missing command name
- [arm64] mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
- btrfs: fix lost error handling when looking up extended ref on log replay
- tracing: Have filter accept "common_cpu" to be consistent
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
- can: ems_usb: fix clang's -Wunaligned-access warning
- apparmor: fix quiet_denied for file rules
- apparmor: fix absroot causing audited secids to begin with =
- apparmor: Fix failed mount permission check error message
- apparmor: fix aa_label_asxprint return check
- apparmor: fix setting unconfined mode on a loaded profile
- apparmor: fix overlapping attachment computation
- apparmor: fix reference count leak in aa_pivotroot()
- apparmor: Fix memleak in aa_simple_write_to_buffer()
- Documentation: ACPI: EINJ: Fix obsolete example
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
- NFSv4: Fix races in the legacy idmapper upcall
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES
- NFSv4/pnfs: Fix a use-after-free bug in open
- bpf: Acquire map uref in .init_seq_private for array map iterator
- bpf: Acquire map uref in .init_seq_private for hash map iterator
- bpf: Acquire map uref in .init_seq_private for sock local storage map
iterator
- bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
- bpf: Check the validity of max_rdwr_access for sock local storage map
iterator
- can: mcp251x: Fix race condition on receive interrupt
- [amd64,arm64] net: atlantic: fix aq_vec index out of range error
- sunrpc: fix expiry of auth creds
- SUNRPC: Reinitialise the backchannel request buffers before reuse
- virtio_net: fix memory leak inside XPD_TX with mergeable
- devlink: Fix use-after-free after a failed reload
- [arm64] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
- [arm64,armhf] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
- geneve: do not use RT_TOS for IPv6 flowlabel
- ipv6: do not use RT_TOS for IPv6 flowlabel
- [x86] plip: avoid rcu debug splat
- vsock: Fix memory leak in vsock_connect()
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
- ceph: use correct index when encoding client supported features
- ceph: don't leak snap_rwsem in handle_cap_grant
- nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
- xen/xenbus: fix return type in xenbus_file_read()
- atm: idt77252: fix use-after-free bugs caused by tst_timer
- geneve: fix TOS inheriting for ipv4
- [arm64] dpaa2-eth: trace the allocated address instead of page struct
- iavf: Fix adminq error handling
- netfilter: nf_tables: really skip inactive sets when allocating name
- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on
NFT_SET_OBJECT flag
- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is
specified
- [powerpc*] pci: Fix get_phb_number() locking
- [arm64,armhf] spi: meson-spicc: add local pow2 clock ops to preserve rate
between messages
- [arm64,armhf] net: dsa: mv88e6060: prevent crash on an unused port
- [arm64] net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet
counters
- net: genl: fix error path memory leak in policy dumping
- ice: Ignore EEXIST when setting promisc mode
- [arm64,armhf] i2c: imx: Make sure to unregister adapter on remove()
- regulator: pca9450: Remove restrictions for regulator-name
- i40e: Fix to stop tx_timeout recovery if GLOBR fails
- [arm64,armhf] fec: Fix timer capture timing in `fec_ptp_enable_pps()`
- [x86] stmmac: intel: Add a missing clk_disable_unprepare() call in
intel_eth_pci_remove()
- igb: Add lock to avoid data race
- kbuild: fix the modules order between drivers and libs
- locking/atomic: Make test_and_*_bit() ordered on failure
- [x86] ASoC: SOF: intel: move sof_intel_dsp_desc() forward
- [arm64] drm/meson: Fix refcount bugs in
meson_vpu_has_available_connectors()
- audit: log nftables configuration change events once per table
- netfilter: nftables: add helper function to set the base sequence number
- netfilter: add helper function to set up the nfnetlink header and use it
- [armhf] drm/sun4i: dsi: Prevent underflow when computing packet sizes
- PCI: Add ACS quirk for Broadcom BCM5750x NICs
- [arm64,armhf] platform/chrome: cros_ec_proto: don't show MKBP version if
unsupported
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info
- [arm64,armhf] irqchip/tegra: Fix overflow implicit truncation warnings
- [arm64] drm/meson: Fix overflow implicit truncation warnings
- [armhf] clk: ti: Stop using legacy clkctrl names for omap4 and 5
- [arm*] usb: dwc2: gadget: remove D+ pull-up while no vbus with
usb-role-switch
- [x86] vboxguest: Do not use devm for irq
- uacce: Handle parent device removal or parent driver module rmmod
- zram: do not lookup algorithm in backends table
- [arm64] clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
input
- gadgetfs: ep_io - wait until IRQ finishes
- [x86] pinctrl: intel: Check against matching data instead of ACPI
companion
- [powerpc*] cxl: Fix a memory leak in an error handling path
- [arm64] PCI/ACPI: Guard ARM64-specific mcfg_quirks
- RDMA/rxe: Limit the number of calls to each tasklet
- md: Notify sysfs sync_completed in md_reap_sync_thread()
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue
teardown
- drivers:md:fix a potential use-after-free bug
- ext4: avoid remove directory when directory is corrupted
- ext4: avoid resizing to a partial cluster size
- lib/list_debug.c: Detect uninitialized lists
- vfio: Clear the caps->buf to NULL after free
- [mips64el,mipsel] cavium-octeon: Fix missing of_node_put() in
octeon2_usb_clocks_start
- modules: Ensure natural alignment for .altinstructions and __bug_table
sections
- watchdog: export lockup_detector_reconfigure
- ALSA: core: Add async signal helpers
- ALSA: timer: Use deferred fasync helper
- ALSA: control: Use deferred fasync helper
- f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
- f2fs: fix to do sanity check on segment type in build_sit_entries()
- smb3: check xattr value length earlier
- [powerpc*] 64: Init jump labels before parse_early_param()
- netfilter: nftables: fix a warning message in
nf_tables_commit_audit_collect()
- netfilter: nf_tables: fix audit memory leak in nf_tables_commit
- tracing/probes: Have kprobes and uprobes use $COMM too
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE
with netdev_warn_once()
- can: j1939: j1939_session_destroy(): fix memory leak of skbs
- PCI/ERR: Retain status from error notification
- qrtr: Convert qrtr_ports from IDR to XArray
- bpf: Fix KASAN use-after-free Read in compute_effective_progs
- [arm64] tee: fix memory leak in tee_shm_register()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.139
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.140
- audit: fix potential double free on error path from
fsnotify_add_inode_mark
- pinctrl: amd: Don't save/restore interrupt status and wake status bits
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
- fs: remove __sync_filesystem
- vfs: make sync_filesystem return errors from ->sync_fs
- xfs: return errors in xfs_fs_sync_fs
- xfs: only bother with sync_filesystem during readonly remount
- kernel/sched: Remove dl_boosted flag comment
- xfrm: fix refcount leak in __xfrm_policy_check()
- xfrm: clone missing x->lastused in xfrm_do_migrate
- af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028)
- xfrm: policy: fix metadata dst->dev xmit null pointer dereference
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
- NFSv4.2 fix problems with __nfs42_ssc_open
- SUNRPC: RPC level errors should set task->tk_rpc_status
- mm/huge_memory.c: use helper function migration_entry_to_page()
- mm/smaps: don't access young/dirty bit if pte unpresent
- rose: check NULL rose_loopback_neigh->loopback
- ice: xsk: Force rings to be sized to power of 2
- ice: xsk: prohibit usage of non-balanced queue id
- net/mlx5e: Properly disable vlan strip on non-UL reps
- bonding: 802.3ad: fix no transmission of LACPDUs
- net: ipvtap - add __init/__exit annotations to module init/exit funcs
- netfilter: ebtables: reject blobs that don't provide all entry points
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
- netfilter: nft_payload: report ERANGE for too long offset and length
- netfilter: nft_payload: do not truncate csum_offset and csum_type
- netfilter: nf_tables: do not leave chain stats enabled on error
- netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
- netfilter: nft_tunnel: restrict it to netdev family
- netfilter: nftables: remove redundant assignment of variable err
- netfilter: nf_tables: consolidate rule verdict trace call
- netfilter: nft_cmp: optimize comparison for 16-bytes
- netfilter: bitwise: improve error goto labels
- netfilter: nf_tables: upfront validation of data via nft_data_init()
- netfilter: nf_tables: disallow jump to implicit chain from set element
- netfilter: nf_tables: disallow binding to already bound chain
(CVE-2022-39190)
- tcp: tweak len/truesize ratio for coalesce candidates
- net: Fix data-races around sysctl_[rw]mem(_offset)?.
- net: Fix data-races around sysctl_[rw]mem_(max|default).
- net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
- net: Fix data-races around netdev_max_backlog.
- net: Fix data-races around netdev_tstamp_prequeue.
- ratelimit: Fix data-races in ___ratelimit().
- bpf: Folding omem_charge() into sk_storage_charge()
- net: Fix data-races around sysctl_optmem_max.
- net: Fix a data-race around sysctl_tstamp_allow_data.
- net: Fix a data-race around sysctl_net_busy_poll.
- net: Fix a data-race around sysctl_net_busy_read.
- net: Fix a data-race around netdev_budget.
- net: Fix a data-race around netdev_budget_usecs.
- net: Fix data-races around sysctl_fb_tunnels_only_for_init_net.
- net: Fix data-races around sysctl_devconf_inherit_init_net.
- net: Fix a data-race around sysctl_somaxconn.
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
- rxrpc: Fix locking in rxrpc's sendmsg
- btrfs: fix silent failure when deleting root reference
- btrfs: replace: drop assert for suspended replace
- btrfs: add info when mount fails due to stale replace target
- btrfs: check if root is readonly while setting security xattr
- [x86] perf/x86/lbr: Enable the branch type for the Arch LBR by default
- [amd64] x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
- [x86] bugs: Add "unknown" reporting for MMIO Stale Data
- loop: Check for overflow while configuring loop
- asm-generic: sections: refactor memory_intersects
- [s390x] fix double free of GS and RI CBs on fork() failure
- [x86] ACPI: processor: Remove freq Qos request for all CPUs
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
- mm/hugetlb: fix hugetlb not supporting softdirty tracking
- Revert "md-raid: destroy the bitmap after destroying the thread"
- md: call __md_stop_writes in md_stop
- [arm64] Fix match_list for erratum
1286807 on Arm Cortex-A76
- Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- blk-mq: fix io hung due to missing commit_rqs
- [x86] perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
- [x86] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
- bpf: Don't use tnum_range on array range checking for poke descriptors
(CVE-2022-2905)
[ Salvatore Bonaccorso ]
* Bump ABI to 18
* certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux"
certificate (Closes: #
1018752)
* [x86] nospec: Unwreck the RSB stuffing
* [x86] nospec: Fix i386 RSB stuffing (Closes: #
1017425)
* mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188)
* Revert "PCI/portdrv: Don't disable AER reporting in
get_port_device_capability()"
* bpf: Don't redirect packets with invalid pkt_len
* mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
* net/af_packet: check len when min_header_len equals to 0
[dgit import unpatched linux 5.10.140-1]
projects / linux.git / log