dgit.raspbian.org Git - linux.git/log

snd-pcsp: Disable autoload

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/697709

There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
  play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that.  On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it.  But
remove the alias, to ensure it's not loaded where it's not wanted.

Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch

cdc_ncm,cdc_mbim: Use NCM by default

Forwarded: not-needed

Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.

Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch

intel-iommu: Add Kconfig option to exclude iGPU by default

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage.

Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice
corresponding to "on", "off", and "on,intgpu_off".

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

intel-iommu: Add option to exclude integrated GPU only

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.

Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-option-to-exclude-integrated-gpu-only.patch

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lkml.org/lkml/2016/1/11/587

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

sched: Do not enable autogrouping by default

Forwarded: not-needed

We want to provide the option of autogrouping but without enabling
it by default yet.

Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch

fs: Enable link security restrictions by default

Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

dccp: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

[PATCH] decnet: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'decnet' protocol is unmaintained and of mostly historical
interest, and the user-space support package 'dnet-common' loads the
module explicitly. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch

[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

firmware_class: Refer to Debian wiki page when logging missing firmware

Bug-Debian: https://bugs.debian.org/888405
Forwarded: not-needed

If firmware loading fails due to a missing file, log a second error
message referring to our wiki page about firmware. This will explain
why some firmware is in non-free, or can't be packaged at all. Only
do this once per boot.

Do something similar in the radeon and amdgpu drivers, where we have
an early check to avoid failing at a point where we cannot display
anything.

Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_class-refer-to-debian-wiki-firmware-page.patch

radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward

Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Forwarded: no

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it
is missing, except for the pre-R600 case.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware: Remove redundant log messages from drivers

Forwarded: no

Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch

firmware_class: Log every success and failure against given device

Forwarded: no

The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures.  They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that.  Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise.  Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch

iwlwifi: Do not request unreleased firmware for IWL6000

Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Forwarded: no

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

Makefile: Make compiler version comparison optional

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/1019749

The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.

We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.

Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.

Gbp-Pq: Topic debian
Gbp-Pq: Name makefile-make-compiler-version-comparison-optional.patch

module: Avoid ABI changes when debug info is disabled

Forwarded: not-needed

CI builds are done with debug info disabled, but this removes some
members from struct module. This causes builds to fail if there is an
ABI reference for the current ABI.

Define these members unconditionally, so that there is no ABI change.

Gbp-Pq: Topic debian
Gbp-Pq: Name module-avoid-abi-changes-when-debug-info-is-disabled.patch

kbuild: Abort build if SUBDIRS used

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/987575

DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.

To avoid such mishaps, detect this situation and abort the build.

The error message is based on that used in commit 0126be38d988
"kbuild: announce removal of SUBDIRS if used".

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-abort-build-if-subdirs-used.patch

kbuild: Look for module.lds under arch directory too

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571

The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch

[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation

From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch

[PATCH 1/2] Documentation: Drop sphinx version check

From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch

android: Enable building ashmem and binder as modules

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.

Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch

Export symbols needed by Android drivers

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

Export the currently un-exported symbols they depend on.

Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch

wireless: Add Debian wireless-regdb certificates

Forwarded: not-needed

This hex dump is generated using:

{
    for cert in debian/certs/wireless-regdb-*.pem; do
        openssl x509 -in $cert -outform der;
    done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex

Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch

tools: install perf python bindings

Bug-Debian: http://bugs.debian.org/860957
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install-python-bindings.patch

linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-perf-read-vdso-in-libexec.patch

[sh4] Fix uImage build

Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed

[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only

Forwarded: not-needed

There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch

Disable uImage generation for mips generic

Forwarded: not-needed

MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch

[PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"

Forwarded: not-needed

This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch

Hardcode arch script output

Bug-Debian: https://bugs.debian.org/392592
Forwarded: not-needed

Here's a patch that simply uses hardcoded definitions instead of
doing the dynamic tests that require architecture-specific scripts.

I don't particularly like this approach because it restricts
portability and diverts from upstream. But, it is simpler, and this
really needs to be fixed somehow before etch (along with a rebuild of
linux-modules-extra-2.6), so I'm willing to live with it if my other
patch is deemed unacceptable.

My primary concern is that, in the future, the output of these scripts
will change and we (or our successors) will either not notice or
forget to update the hardcoded values.

Including the scripts in linux-kbuild will avoid this manual step
altogether, and allow for the possibility of other archs to provide
their own scripts in the future.

Gbp-Pq: Topic debian
Gbp-Pq: Name ia64-hardcode-arch-script-output.patch

kbuild: Make the toolchain variables easily overwritable

Forwarded: not-needed

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

Forwarded: not-needed

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

Forwarded: not-needed

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

Documentation: Fix broken link to CIPSO draft

Forwarded: not-needed

We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch

video: Remove nvidiafb and rivafb

Bug-Debian: https://bugs.debian.org/383481
Forwarded: no

These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch

Add removal patches for: 3c359, smctr, keyspan, cops

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-net-appletalk-cops.patch

vs6624: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name vs6624-disable.patch

dvb-usb-af9005: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch

Remove microcode patches for mgsuvd (not enabled in Debian configs)

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch

Tweak gitignore for Debian pkg-kernel using git svn.

Forwarded: not-needed

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

linux (6.0.12-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.11
    - [arm*] binder: validate alloc->mm in ->mmap() handler
    - ceph: Use kcalloc for allocating multiple elements
    - ceph: fix NULL pointer dereference for req->r_session
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: cfg80211: Fix bitrates overflow issue
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - [riscv64] dts: sifive unleashed: Add PWM controlled LEDs
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: airo: do not assign -1 to unsigned char
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - wifi: ath11k: Fix QCN9074 firmware boot on x86
    - [s390x] zcrypt: fix warning about field-spanning write
    - [armhf] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for
      every run
    - Revert "net: macsec: report real_dev features when HW offloading is
      enabled"
    - [x86] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515
    - [x86] platform/x86: ideapad-laptop: Disable touchpad_switch
    - [x86] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2
      2-in-1
    - [x86] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
    - [x86] platform/x86/intel/hid: Add some ACPI device IDs
    - [powerpc*] scsi: ibmvfc: Avoid path failures during live migration
    - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
    - drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - [s390x] always build relocatable kernel
    - [arm64] syscall: Include asm/ptrace.h in syscall_wrapper header.
    - nvme: quiet user passthrough command errors
    - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
    - net: wwan: iosm: fix kernel test robot reported errors
    - drm/amd/display: Zeromem mypipe heap struct before using it
    - drm/amd/display: Fix FCLK deviation and tool compile issues
    - drm/amd/display: Fix gpio port mapping issue
    - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10
      properly""
    - drm/amdgpu: Drop eviction lock when allocating PT BO
    - drm/amd/display: only fill dirty rectangles when PSR is enabled
    - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
    - [riscv64] vdso: Do not add missing symbols to version section in linker
      script
    - [mips*] pic32: treat port as signed integer
    - io_uring/poll: lockdep annote io_poll_req_insert_locked
    - xfrm: fix "disable_policy" on ipv4 early demux
    - [arm64] dts: rockchip: fix quartz64-a bluetooth configuration
    - xfrm: replay: Fix ESN wrap around for GSO
    - af_key: Fix send_acquire race with pfkey_register
    - [arm64,armhf] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
    - [x86] hyperv: Restore VP assist page after cpu offlining/onlining
    - scsi: storvsc: Fix handling of srb_status and capacity change events
    - [amd64,arm64] PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
    - [arm64] dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt
    - [x86] ASoC: max98373: Add checks for devm_kcalloc
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - regulator: core: fix UAF in destroy_regulator()
    - [arm64,armhf] bus: sunxi-rsb: Remove the shutdown callback
    - [arm64,armhf] bus: sunxi-rsb: Support atomic transfers
    - [arm64] tee: optee: fix possible memory leak in optee_register_device()
    - net: liquidio: simplify if expression
    - ipvlan: hold lower dev to avoid possible use-after-free
    - rxrpc: Fix race between conn bundle lookup and bundle removal
      [ZDI-CAN-15975]
    - nfc/nci: fix race with opening and closing
    - [i386] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - netfilter: conntrack: Fix data-races around ct mark
    - netfilter: nf_tables: do not set up extensions for end interval
    - iavf: Fix a crash during reset task
    - iavf: Do not restart Tx queues after reset task failure
    - iavf: remove INITIAL_MAC_SET to allow gARP to work properly
    - iavf: Fix race condition between iavf_shutdown and iavf_remove
    - [armhf] dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
    - net/mlx4: Check retval of mlx4_bitmap_init
    - [arm64,armhf] net: mvpp2: fix possible invalid pointer dereference
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - [i386] net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: fill splittable of devlink_port_attrs correctly
    - nfp: add port from netdev validation for EEPROM access
    - bonding: fix ICMPv6 header handling when receiving IPv6 messages
    - macsec: Fix invalid error code set
    - [x86] drm/i915: Fix warn in intel_display_power_*_domain() functions
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - netfilter: ipset: regression in ip_set_hash_ip.c
    - net/mlx5: Do not query pci info while pci disabled
    - net/mlx5: Fix FW tracer timestamp calculation
    - net/mlx5: SF: Fix probing active SFs during driver probe phase
    - net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint
    - net/mlx5: Fix handling of entry refcount when command is not issued to FW
    - net/mlx5: E-Switch, Set correctly vport destination
    - net/mlx5: Fix sync reset event handler error flow
    - net/mlx5e: Offload rule only when all encaps are valid
    - net: phy: at803x: fix error return code in at803x_probe()
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - zonefs: Fix race between modprobe and mount
    - xfrm: Fix oops in __xfrm_state_delete()
    - xfrm: Fix ignored return value in xfrm6_init()
    - net: wwan: iosm: use ACPI_FREE() but not kfree() in
      ipc_pcie_read_bios_cfg()
    - sfc: fix potential memleak in __ef100_hard_start_xmit()
    - net: sched: allow act_ct to be built without NF_NAT
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - [armhf] regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - [x86] cpufreq: amd-pstate: change amd-pstate driver to be built-in type
    - netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
    - netfilter: flowtable_offload: add missing locking
    - fs: do not update freeing inode i_io_list
    - blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - ipv4: Fix error return code in fib_table_insert()
    - [x86] arcnet: fix potential memory leak in com20020_probe()
    - [s390x] ap: fix memory leak in ap_init_qci_info()
    - [s390x] dasd: fix no record found for raw_track_access
    - fscache: fix OOB Read in __fscache_acquire_volume
    - [arm64] net: enetc: cache accesses to &priv->si->hw
    - [arm64] net: enetc: preserve TX ring priority across reconfiguration
    - virtio_net: Fix probe failed when modprobe virtio_net
    - [arm64] net: thunderx: Fix the ACPI memory leak
    - io_uring/filetable: fix file reference underflow
    - io_uring/poll: fix poll_refs race with cancelation
    - lib/vdso: use "grep -E" instead of "egrep"
    - can: gs_usb: remove dma allocations
    - [armhf] usb: dwc3: exynos: Fix remove() function
    - cifs: fix missing unlock in cifs_file_copychunk_range()
    - cifs: Use after free in debug code
    - ext4: fix use-after-free in ext4_ext_shift_extents
    - [arm64] dts: rockchip: lower rk3399-puma-haikou SD controller clock
      frequency
    - [armhf] iio: adc: aspeed: Remove the trim valid dts property.
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - iio: accel: bma400: Fix memory leak in bma400_get_steps_reg()
    - [amd64] virt/sev-guest: Prevent IV reuse in the SNP guest driver
    - [x86] cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL
      register at init
    - zonefs: Fix active zone accounting
    - [arm64,armhf] spi: spi-imx: Fix spi_bus_clk if requested clock is higher
      than input clock
    - [arm64,armhf] spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer
      first
    - NFSD: Fix reads with a non-zero offset that don't end on a page boundary
    - drm/amdgpu: Enable SA software trap.
    - drm/amd/display: Added debug option for forcing subvp num ways
    - drm/amd/display: Add debug option for allocating extra way for cursor
    - drm/amd/display: Update MALL SS NumWays calculation
    - drm/amd/display: Fix calculation for cursor CAB allocation
    - [arm64,armhf] usb: dwc3: gadget: conditionally remove requests
    - [arm64,armhf] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
    - [arm64,armhf] usb: dwc3: gadget: Clear ep descriptor last
    - io_uring: cmpxchg for poll arm refs release
    - io_uring: make poll refs more robust
    - io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1
    - mm: vmscan: fix extreme overreclaim and swap floods
    - [x86] KVM: x86/mmu: Fix race condition in direct_page_fault
      (CVE-2022-45869)
    - [x86] KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest
      CPL0
    - [x86] KVM: x86/xen: Validate port number in SCHEDOP_poll
    - [x86] drm/i915/gvt: Get reference to KVM iff attachment to VM is
      successful
    - [x86] KVM: x86: nSVM: leave nested mode on vCPU free
    - [x86] KVM: x86: forcibly leave nested mode on vCPU reset (CVE-2022-3344)
    - [x86] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while
      still in use (CVE-2022-3344)
    - [x86] KVM: x86: add kvm_leave_nested
    - [x86] KVM: x86: remove exit_int_info warning in svm_handle_exit
    - [x86] KVM: Update gfn_to_pfn_cache khva when it moves within the same page
    - [x86] tsx: Add a feature bit for TSX control MSR support
    - [x86] pm: Add enumeration check before spec MSRs save/restore setup
    - [x86] ioremap: Fix page aligned size calculation in __ioremap_caller()
    - mm: fix unexpected changes to {failslab|fail_page_alloc}.attr
    - mm: correctly charge compressed memory to its memcg
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - [x86] ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
    - [x86] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - [x86] ASoC: Intel: soc-acpi: add ES83x6 support to IceLake
    - ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake
    - [x86] ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1
      and older
    - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
    - Revert "tty: n_gsm: replace kicktimer with delayed_work"
    - Input: goodix - try resetting the controller when no config is set
    - bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
    - [x86] Input: soc_button_array - add use_low_level_irq module parameter
    - [x86] Input: soc_button_array - add Acer Switch V 10 to
      dmi_use_low_level_irq[]
    - Input: i8042 - apply probe defer to more ASUS ZenBook models
    - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
    - [x86] xen/platform-pci: add missing free_irq() in error path
    - [x86] platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine
      type
    - [x86] platform/x86: asus-wmi: add missing pci_dev_put() in
      asus_wmi_set_xusb2pr()
    - [x86] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10
      (SW5-017)
    - [x86] platform/surface: aggregator_registry: Add support for Surface Pro 9
    - drm/amd/display: use uclk pstate latency for fw assisted mclk validation
      dcn32
    - drm/amdgpu: disable BACO support on more cards
    - zonefs: fix zone report size in __zonefs_io_error()
    - [x86] platform/surface: aggregator_registry: Add support for Surface
      Laptop 5
    - [x86] platform/x86: hp-wmi: Ignore Smart Experience App event
    - [x86] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle
      on some Yoga laptops
    - [x86] platform/x86: ideapad-laptop: Add module parameters to match DMI
      quirk tables
    - tcp: configurable source port perturb table size
    - block: make blk_set_default_limits() private
    - dm-integrity: set dma_alignment limit in io_hints
    - dm-log-writes: set dma_alignment limit in io_hints
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - scsi: iscsi: Fix possible memory leak when device_register() failed
    - [arm64,armhf] gpu: host1x: Avoid trying to use GART on Tegra20
    - dm integrity: flush the journal on suspend
    - dm integrity: clear the journal on suspend
    - fuse: lock inode unconditionally in fuse_fallocate()
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying inodes to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: zoned: fix missing endianness conversion in sb_write_pointer
    - btrfs: use kvcalloc in btrfs_get_dev_zone_info
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - btrfs: do not modify log tree while holding a leaf from fs tree locked
    - [x86] drm/i915/ttm: never purge busy objects
    - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
    - drm/amd/display: No display after resume from WB/CB
    - drm/amdgpu/psp: don't free PSP buffers on suspend
    - drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
    - drm/amd/amdgpu: reserve vm invalidation engine for firmware
    - drm/amd/display: Update soc bounding box for dcn32/dcn321
    - drm/amdgpu: always register an MMU notifier for userptr
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info
      correctly when the edid is read"
    - bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE()
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
    - btrfs: qgroup: fix sleep from invalid context bug in
      btrfs_qgroup_inherit()
    - drm/amdgpu: move setting the job resources
    - drm/amdgpu: cleanup error handling in amdgpu_cs_parser_bos
    - drm/amdgpu: fix userptr HMM range handling v2
    - drm/amd/pm: add smu_v13_0_10 driver if version
    - drm/amd/pm: update driver-if header for smu_v13_0_10
    - drm/amd/pm: update driver if header for smu_13_0_7
    - [arm64] clk: qcom: gdsc: add missing error handling
    - [arm64] clk: qcom: gdsc: Remove direct runtime PM calls
    - bpf, perf: Use subprog name when reporting subprog ksymbol
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - [x86] hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - [arm64,armhf] clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL
      register math error
    - bpf: Do not copy spin lock field from user in bpf_selem_alloc
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - ixgbevf: Fix resource leak in ixgbevf_init_module()
    - i40e: Fix error handling in i40e_init_module()
    - iavf: Fix error handling in iavf_init_module()
    - e100: Fix possible use after free in e100_xmit_prepare
    - net/mlx5: DR, Fix uninitialized var warning
    - net/mlx5: E-switch, Destroy legacy fdb table when needed
    - net/mlx5: E-switch, Fix duplicate lag creation
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - [i386] can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - vfs: fix copy_file_range() averts filesystem freeze protection
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - aquantia: Do not purge addresses when setting the number of rings
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - wifi: cfg80211: don't allow multi-BSSID in S1G
    - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
    - net: phy: fix null-ptr-deref while probe() failed
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: wwan: iosm: fix kernel test robot reported error
    - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
    - net: wwan: iosm: fix crash in peek throughput test
    - net: wwan: iosm: fix incorrect skb length
    - mptcp: don't orphan ssk in mptcp_close()
    - mptcp: fix sleep in atomic at close time
    - tipc: re-fetch skb cb after tipc_msg_validate
    - net: mdiobus: fix unbalanced node reference count
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - net/mlx5: Lag, Fix for loop when checking lag
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - afs: Fix server->active leak in afs_put_server
    - [x86] hwmon: (coretemp) Check for null before removing sysfs attrs
    - [x86] hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - [x86] hwmon: (asus-ec-sensors) Add checks for devm_kcalloc
    - [riscv64] vdso: fix section overlapping under some conditions
    - [riscv64] mm: Proper page permissions after initmem free
    - ALSA: dice: fix regression for Lexicon I-ONIX FW810S
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - [x86] bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
      S3
    - [x86] pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - mm: migrate: fix THP's mapcount on isolation
    - net: stmmac: Set MAC's flow control register to reflect current settings
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - [amd64,armhf] mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci: Fix voltage switch delay
    - drm/amdgpu: temporarily disable broken Clang builds due to blown
      stack-frame
    - drm/amdgpu: enable Vangogh VCN indirect sram mode
    - [x86] drm/i915: Fix negative value passed as remaining time
    - [x86] drm/i915: Never return 0 if not all requests retired
    - tracing/osnoise: Fix duration type
    - tracing: Fix race where histograms can be called before the event
    - tracing: Free buffers when a used dynamic event is removed
    - ASoC: ops: Fix bounds check for _sx controls
    - [arm64,armhf] pinctrl: single: Fix potential division by zero
    - [riscv64] Sync efi page table's kernel mappings before switching
    - [riscv64] fix race when vmap stack overflow
    - [riscv64] kexec: Fixup irq controller broken in kexec crash path
    - nvme: fix SRCU protection of nvme_ns_head list
    - [amd64] iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
    - [amd64] iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - ipv4: Handle attempt to delete multipath route when fib_info contains an
      nh reference (CVE-2022-3435)
    - ipv4: Fix route deletion when nexthop info is not specified
    - i2c: Restore initial power state if probe fails
    - [arm64] i2c: qcom-geni: fix error return code in geni_i2c_gpi_xfer
    - [arm64,armhf] i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
    - [amd64,arm64] ACPI: HMAT: remove unnecessary variable initialization
    - [amd64,arm64] ACPI: HMAT: Fix initiator registration for single-initiator
      systems
    - char: tpm: Protect tpm_pm_suspend with locks
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - proc: avoid integer type confusion in get_proc_long
    - proc: proc_skip_spaces() shouldn't think it is working on C strings

  [ Salvatore Bonaccorso ]
  * [rt] Refresh "serial: 8250: implement write_atomic"
  * Bump ABI to 6
  * [s390x] debian/config: Drop explicit enable of RELOCATABLE.
  * [x86] drivers/cpufreq: Change X86_AMD_PSTATE from module to built-in
  * xen/netback: Ensure protocol headers don't fall in the non-linear area
    (XSA-423, CVE-2022-3643)
  * xen/netback: don't call kfree_skb() with interrupts disabled (XSA-424,
    CVE-2022-42328, CVE-2022-42329)

[dgit import unpatched linux 6.0.12-1]

Import linux_6.0.12.orig.tar.xz

[dgit import orig linux_6.0.12.orig.tar.xz]

Import linux_6.0.12-1.debian.tar.xz

[dgit import tarball linux 6.0.12-1 linux_6.0.12-1.debian.tar.xz]