dgit.raspbian.org Git - linux.git/log

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lkml.org/lkml/2016/1/11/587

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

sched: Do not enable autogrouping by default

Forwarded: not-needed

We want to provide the option of autogrouping but without enabling
it by default yet.

Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch

fs: Enable link security restrictions by default

Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

dccp: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

[PATCH] arm: dts: bcm: Enable device-tree overlay support for RPi devices

Origin: https://git.kernel.org/linus/e925743edc0d86fb846d952190d005bac8a6e373

Add the '-@' DTC option for the Raspberry Pi devices. This option
populates the '__symbols__' node that contains all the necessary symbols
for supporting device-tree overlays (for instance from the firmware or
the bootloader) on these devices.

The Rasbperry Pi devices are well known for their GPIO header, that
allow various "HATs" or other modules do be connected and this enables
users to create out-of-tree device-tree overlays for these modules.

Please note that this change does increase the size of the resulting DTB
by ~40%. For example, with v6.4-rc1 increase in size is as follows:

  bcm2711-rpi-400.dtb       27556 -> 38141 bytes
  bcm2711-rpi-4-b.dtb       27484 -> 38069 bytes
  bcm2711-rpi-cm4-io.dtb    27373 -> 38076 bytes
  bcm2835-rpi-a.dtb         12879 -> 18235 bytes
  bcm2835-rpi-a-plus.dtb    13015 -> 18371 bytes
  bcm2835-rpi-b.dtb         12997 -> 18377 bytes
  bcm2835-rpi-b-plus.dtb    13237 -> 18666 bytes
  bcm2835-rpi-b-rev2.dtb    13085 -> 18514 bytes
  bcm2835-rpi-cm1-io1.dtb   13109 -> 18528 bytes
  bcm2835-rpi-zero.dtb      12923 -> 18311 bytes
  bcm2835-rpi-zero-w.dtb    13449 -> 18889 bytes
  bcm2836-rpi-2-b.dtb       14500 -> 20252 bytes
  bcm2837-rpi-3-a-plus.dtb  14930 -> 20713 bytes
  bcm2837-rpi-3-b.dtb       15107 -> 20979 bytes
  bcm2837-rpi-3-b-plus.dtb  15463 -> 21443 bytes
  bcm2837-rpi-cm3-io3.dtb   14429 -> 20098 bytes
  bcm2837-rpi-zero-2-w.dtb  14781 -> 20524 bytes

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Link: https://lore.kernel.org/r/20220410225940.135744-3-aurelien@aurel32.net
[ukleinek: rebased to v6.4-rc1]
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-bcm-Enable-device-tree-overlay-support-for-R.patch

firmware_class: Refer to Debian wiki page when logging missing firmware

Bug-Debian: https://bugs.debian.org/888405
Forwarded: not-needed

If firmware loading fails due to a missing file, log a second error
message referring to our wiki page about firmware. This will explain
why some firmware is in non-free, or can't be packaged at all. Only
do this once per boot.

Do something similar in the radeon and amdgpu drivers, where we have
an early check to avoid failing at a point where we cannot display
anything.

Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_class-refer-to-debian-wiki-firmware-page.patch

radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward

Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Forwarded: no

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it
is missing, except for the pre-R600 case.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware: Remove redundant log messages from drivers

Forwarded: no

Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch

firmware_class: Log every success and failure against given device

Forwarded: no

The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures.  They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that.  Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise.  Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch

iwlwifi: Do not request unreleased firmware for IWL6000

Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Forwarded: no

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

Makefile: Make compiler version comparison optional

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/1019749

The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.

We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.

Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.

Gbp-Pq: Topic debian
Gbp-Pq: Name makefile-make-compiler-version-comparison-optional.patch

module: Avoid ABI changes when debug info is disabled

Forwarded: not-needed

CI builds are done with debug info disabled, but this removes some
members from struct module. This causes builds to fail if there is an
ABI reference for the current ABI.

Define these members unconditionally, so that there is no ABI change.

Gbp-Pq: Topic debian
Gbp-Pq: Name module-avoid-abi-changes-when-debug-info-is-disabled.patch

kbuild: Abort build if SUBDIRS used

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/987575

DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.

To avoid such mishaps, detect this situation and abort the build.

The error message is based on that used in commit 0126be38d988
"kbuild: announce removal of SUBDIRS if used".

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-abort-build-if-subdirs-used.patch

kbuild: Look for module.lds under arch directory too

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571

The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch

[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation

From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch

[PATCH 1/2] Documentation: Drop sphinx version check

From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch

android: Enable building ashmem and binder as modules

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.

Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch

Export symbols needed by Android drivers

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

Export the currently un-exported symbols they depend on.

Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch

wireless: Add Debian wireless-regdb certificates

Forwarded: not-needed

This hex dump is generated using:

{
    for cert in debian/certs/wireless-regdb-*.pem; do
        openssl x509 -in $cert -outform der;
    done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex

Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch

tools: install perf python bindings

Bug-Debian: http://bugs.debian.org/860957
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install-python-bindings.patch

linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-perf-read-vdso-in-libexec.patch

[sh4] Fix uImage build

Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed

[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only

Forwarded: not-needed

There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch

Disable uImage generation for mips generic

Forwarded: not-needed

MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch

[PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"

Forwarded: not-needed

This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch

Hardcode arch script output

Bug-Debian: https://bugs.debian.org/392592
Forwarded: not-needed

Here's a patch that simply uses hardcoded definitions instead of
doing the dynamic tests that require architecture-specific scripts.

I don't particularly like this approach because it restricts
portability and diverts from upstream. But, it is simpler, and this
really needs to be fixed somehow before etch (along with a rebuild of
linux-modules-extra-2.6), so I'm willing to live with it if my other
patch is deemed unacceptable.

My primary concern is that, in the future, the output of these scripts
will change and we (or our successors) will either not notice or
forget to update the hardcoded values.

Including the scripts in linux-kbuild will avoid this manual step
altogether, and allow for the possibility of other archs to provide
their own scripts in the future.

Gbp-Pq: Topic debian
Gbp-Pq: Name ia64-hardcode-arch-script-output.patch

kbuild: Make the toolchain variables easily overwritable

Forwarded: not-needed

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

Forwarded: not-needed

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

Forwarded: not-needed

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

Documentation: Fix broken link to CIPSO draft

Forwarded: not-needed

We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch

video: Remove nvidiafb and rivafb

Bug-Debian: https://bugs.debian.org/383481
Forwarded: no

These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch

Add removal patches for: 3c359, smctr, keyspan, cops

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-net-appletalk-cops.patch

vs6624: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name vs6624-disable.patch

dvb-usb-af9005: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch

Remove microcode patches for mgsuvd (not enabled in Debian configs)

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch

Tweak gitignore for Debian pkg-kernel using git svn.

Forwarded: not-needed

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

linux (6.1.128-1) bookworm-security; urgency=high

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.125
    - ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
    - bpf, sockmap: Fix race between element replace and close()
      (CVE-2024-56664)
    - sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
      (CVE-2024-53128)
    - jbd2: increase IO priority for writing revoke records
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in exfat_readdir()
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
      transitivity
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - ice: fix incorrect PHY settings for 100 GB/s
    - tls: Fix tls_sw_sendmsg error handling
    - Bluetooth: hci_sync: Fix not setting Random Address when required
    - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    - netfilter: nf_tables: imbalance in flowtable binding
    - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
    - sched: sch_cake: add bounds checks to host bulk flow fairness counts
    - net/mlx5: Fix variable not being completed when function returns
    - ksmbd: fix a missing return value check bug
    - afs: Fix the maximum cell name length
    - ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
    - dm thin: make get_first_thin use rcu-safe list first function
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
    - sctp: sysctl: rto_min/max: avoid using current->nsproxy
    - sctp: sysctl: auth_enable: avoid using current->nsproxy
    - sctp: sysctl: udp_port: avoid using current->nsproxy
    - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers
    - thermal: of: fix OF node leak in of_thermal_zone_find()
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to
      irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take
      2)
    - bpf: Add MEM_WRITE attribute
    - bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - topology: Keep the cpumask unchanged when printing cpumap
    - usb: gadget: u_serial: Disable ep before setting port to null to fix the
      crash caused by port being null
    - usb: dwc3-am62: Disable autosuspend during remove
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
    - iio: light: vcnl4035: fix information leak in triggered buffer
    - iio: imu: kmx61: fix information leak in triggered buffer
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: inkern: call iio_device_put() only on mapped devices
    - io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
    - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
    - of/address: Add support for 3 address cell bus
    - of: address: Fix address translation when address-size is greater than 2
    - of: address: Remove duplicated functions
    - of: address: Store number of bus flag cells rather than bool
    - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
    - ocfs2: correct return value of ocfs2_local_free_info()
    - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
      (CVE-2024-57892)
    - drm: bridge: adv7511: use dev_err_probe in probe function
    - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887)
    - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.126
    - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
      conditionals
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.127
    - [arm64,armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    - bpf: Fix bpf_sk_select_reuseport() memory leak
    - openvswitch: fix lockup on tx to unregistering netdev with carrier
    - pktgen: Avoid out-of-bounds access in get_imix_entries
    - net: add exit_batch_rtnl() method
    - gtp: use exit_batch_rtnl() method
    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    - gtp: Destroy device along with udp socket's netns dismantle.
    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    - net/mlx5: Fix RDMA TX steering prio
    - net/mlx5: Clear port select structure when fail to create
    - [arm64] drm/v3d: Ensure job pointer is set to NULL after job completion
    - hwmon: (tmp513) Fix division of negative numbers
    - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
    - i2c: mux: demux-pinctrl: check initial mux selection, too
    - i2c: rcar: fix NACK handling when being a target
    - nvmet: propagate npwg topology
    - mac802154: check local interfaces before deleting sdata list
    - hfs: Sanity check the root record
    - fs: fix missing declaration of init_files
    - kheaders: Ignore silly-rename files
    - cachefiles: Parse the "secctx" immediately
    - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
      drivers
    - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
    - iomap: avoid avoid truncating 64-bit offset to 32 bits
    - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
      .poll()
    - [x86] asm: Make serialize() always_inline
    - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
    - zram: fix potential UAF of zram table
    - mptcp: be sure to send ack when mptcp-level window re-opens
    - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
    - vsock/virtio: discard packets if the transport changes
    - vsock/virtio: cancel close work in the destructor
    - vsock: reset socket state when de-assigning the transport
    - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
    - filemap: avoid truncating 64-bit offset to 32 bits
    - fs/proc: fix softlockup in __read_vmcore (part 2)
    - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
      (CVE-2024-36899)
    - [arm64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition
    - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
    - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
    - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
    - hrtimers: Handle CPU state correctly on hotplug
    - [x86] drm/i915/fb: Relax clear color alignment to 64 bytes
    - Revert "PCI: Use preserve_config in place of pci_flags"
    - iio: imu: inv_icm42600: fix spi burst write not supported
    - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    - [arm64,armhf] iio: adc: rockchip_saradc: fix information leak in triggered
      buffer (CVE-2024-57907)
    - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
      (CVE-2024-56608)
    - drm/amdgpu: fix usage slab after free (CVE-2024-56551)
    - block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
    - Revert "drm/amdgpu: rework resume handling for display (v2)"
      (Closes: #1094766)
    - RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
    - scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
    - Revert "regmap: detach regmap from dev on regmap_exit"
    - wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
    - erofs: tidy up EROFS on-disk naming
    - erofs: handle NONHEAD !delta[1] lclusters gracefully
    - nfsd: add list_head nf_gc to struct nfsd_file
    - [x86] xen: fix SLS mitigation in xen_hypercall_iret()
    - net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.128
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
      request
    - drm/amd/display: Use HW lock mgr for PSR1
    - [arm64,armhf] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - regmap: detach regmap from dev on regmap_exit
    - ipv6: Fix soft lockups in fib6_select_path under high next hop churn
      (CVE-2024-56703)
    - softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
    - xfs: bump max fsgeom struct version
    - xfs: hoist freeing of rt data fork extent mappings
    - xfs: prevent rt growfs when quota is enabled
    - xfs: rt stubs should return negative errnos when rt disabled
    - xfs: fix units conversion error in xfs_bmap_del_extent_delay
    - xfs: make sure maxlen is still congruent with prod when rounding down
    - xfs: introduce protection for drop nlink
    - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
    - xfs: allow read IO and FICLONE to run concurrently
    - xfs: factor out xfs_defer_pending_abort
    - xfs: abort intent items when recovery intents fail
    - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
    - xfs: up(ic_sema) if flushing data device fails
    - xfs: fix internal error from AGFL exhaustion
    - xfs: inode recovery does not validate the recovered inode
    - xfs: clean up dqblk extraction
    - xfs: dquot recovery does not validate the recovered dquot
    - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
    - xfs: respect the stable writes flag on the RT device
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - io_uring: fix waiters missing wake ups (Closes: #1093243)
    - net: sched: fix ets qdisc OOB Indexing
    - block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - vfio/platform: check the bounds of read/write syscalls
    - ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
      (CVE-2024-50304)
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - wifi: iwlwifi: add a few rate index validity checks
    - smb: client: fix UAF in async decryption (CVE-2024-50047)
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - Revert "usb: gadget: u_serial: Disable ep before setting port to null to
      fix the crash caused by port being null"
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add support for wooting two he (arm)
    - smb: client: fix NULL ptr deref in crypto_aead_setkey()
    - [arm64] drm/v3d: Assign job pointer to NULL before signaling the fence

  [ Salvatore Bonaccorso ]
  * Bump ABI to 31
  * [rt] Update to 6.1.127-rt48

[dgit import unpatched linux 6.1.128-1]

Import linux_6.1.128.orig.tar.xz

[dgit import orig linux_6.1.128.orig.tar.xz]

Import linux_6.1.128-1.debian.tar.xz

[dgit import tarball linux 6.1.128-1 linux_6.1.128-1.debian.tar.xz]