[PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a kernel module
Origin: https://lore.kernel.org/patchwork/patch/933175/
This patch adds the logic for checking the kernel module's hash
base on blacklist. The hash must be generated by sha256 and enrolled
to dbx/mokx.
For example:
sha256sum sample.ko
mokutil --mokx --import-hash $HASH_RESULT
Whether the signature on ko file is stripped or not, the hash can be
compared by kernel.
Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.19:
- The type parameter to is_hash_blacklisted() is now an enumeration
rather than a string
- Adjust filename, context]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (6.1.123-1) bookworm; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
- [x86] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated
codec
- [x86] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10
tablet
- [x86] ASoC: Intel: sst: Support LPE0F28 ACPI HID
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
- mac80211: fix user-power when emulating chanctx
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- bpf: fix filed access without lock
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- [x86] platform/x86: dell-smbios-base: Extends support to Alienware
products
- [x86] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
- tools/lib/thermal: Remove the thermal.h soft link when doing make clean
- can: j1939: fix error in J1939 documentation.
- [x86] platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing
incorrect fan speed
- [x86] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14
Gen 6
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_mclk_round_rate()
- [armhf] ASoC: stm: Prevent potential division by zero in
stm32_sai_get_clk_div()
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less
strict
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- [armel,armhf] 9420/1: smp: Fix SMP for xip kernels
- ipmr: Fix access to mfc_cache_list without lock held
- closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
(CVE-2024-50258)
- serial: sc16is7xx: fix invalid FIFO access with special register set
(CVE-2024-44950)
- cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
- fpga: bridge: add owner module and take its refcount (CVE-2024-36479)
- fpga: manager: add owner module and take its refcount (CVE-2024-37021)
- drm/amd/display: Add NULL check for function pointer in
dcn32_set_output_transfer_func (CVE-2024-49909)
- drm/amd/display: Check null-initialized variables (CVE-2024-49898)
- Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
- Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (CVE-2024-49951)
- fbdev: efifb: Register sysfs groups through driver core (CVE-2024-49925)
- mptcp: fix possible integer overflow in mptcp_reset_tout_timer
- wifi: rtw89: avoid to add interface to list twice when SER
(CVE-2024-49939)
- drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899)
- fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
- [x86] barrier: Do not serialize MSR accesses on AMD
- [s390x] cio: Do not unregister the subchannel based on DNV
- brd: defer automatic disk creation until module initialization succeeds
- ext4: make 'abort' mount option handling standard
- ext4: avoid remount errors with 'abort' mount option
- [mips*] asm: fix warning when disabling MIPS_FP_SUPPORT
- initramfs: avoid filename buffer overrun (CVE-2024-53142)
- nvme-pci: fix freeing of the HMB descriptor table
- [arm64] acpi/arm64: Adjust error handling procedure in
gtdt_parse_timer_block()
- cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
- netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
- block: fix bio_split_rw_at to take zone_write_granularity into account
- [s390x] syscalls: Avoid creation of arch/arch/ directory
- hfsplus: don't query the device logical block size multiple times
- nvme-pci: reverse request order in nvme_queue_rqs
- virtio_blk: reverse request order in virtio_queue_rqs
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
- firmware: google: Unregister driver_info on failure
- EDAC/bluefield: Fix potential integer overflow
- [x86] crypto: qat - remove faulty arbiter config reset
- thermal: core: Initialize thermal zones before registering them
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
return -EBUSY
- crypto: cavium - Fix the if condition to exit loop after timeout
- crypto: hisilicon/qm - disable same error report before resetting
- EDAC/igen6: Avoid segmentation fault on module unload
- crypto: inside-secure - Fix the return value of
safexcel_xcbcmac_cra_init()
- doc: rcu: update printed dynticks counter bits
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
- ACPI: CPPC: Fix _CPC register setting issue
- crypto: caam - add error check to caam_rsa_set_priv_key_form
- crypto: bcm - add error check in the ahash_hmac_init function
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- tools/lib/thermal: Make more generic the command encoding function
- thermal/lib: Fix memory leak on error in thermal_genl_auto()
- time: Fix references to _msecs_to_jiffies() handling of values
- seqlock/latch: Provide raw_read_seqcount_latch_retry()
- clocksource/drivers:sp804: Make user selectable
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling
- spi: spi-fsl-lpspi: downgrade log level for pio mode
- spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
- microblaze: Export xmb_manager functions
- [arm64] dts: mt8195: Fix dtbs_check error for infracfg_ao node
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
- mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- [arm64] dts: mt8183: krane: Fix the address of eeprom at i2c4
- [arm64] dts: mt8183: kukui: Fix the address of eeprom at i2c4
- [arm64] dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
trackpad
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- [arm64] dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
- [arm64] dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
- [arm64] dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
- [arm64] dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
- pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
- [armhf] dts: cubieboard4: Fix DCDC5 regulator constraints
- pmdomain: ti-sci: Add missing of_node_put() for args.np
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- [arm64] dts: mt8183: jacuzzi: Move panel under aux-bus
- [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
- [arm64] dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
regulators
- [arm64] firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware
- venus: venc: add handling for VIDIOC_ENCODER_CMD
- media: venus: provide ctx queue lock for ioctl synchronization
- media: atomisp: Add check for rgby_data memory allocation failure
- [x86] platform/x86: panasonic-laptop: Return errno correctly in show
callback
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- [arm64,armhf] drm/vc4: hvs: Don't write gamma luts on 2711
- [arm64,armhf] drm/vc4: hdmi: Avoid hang with debug registers when
suspended
- [arm64,armhf] drm/vc4: hvs: Fix dlist debug not resetting the next entry
pointer
- [arm64,armhf] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
function
- [arm64,armhf] drm/vc4: hvs: Correct logic on stopping an HVS channel
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
- drm/omap: Fix possible NULL dereference
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm64] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm64] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm64] drm/v3d: Address race-condition in MMU flush
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: fix regmap_write_bits usage
- ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
- drm/bridge: anx7625: Drop EDID cache on bridge power off
- libbpf: Fix output .symtab byte-order during linking
- bpf: Fix the xdp_adjust_tail sample prog issue
- libbpf: fix sym_is_subprog() logic for weak global subprogs
- libbpf: never interpret subprogs in .text as entry programs
- netdevsim: copy addresses for both in and out paths
- drm/bridge: tc358767: Fix link properties discovery
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
- drm: fsl-dcu: enable PIXCLK on LS1021A
- [arm64,armhf] drm/panfrost: Remove unused id_mask from struct
panfrost_model
- [arm64] bpf, arm64: Remove garbage frame for struct_ops trampoline
- [arm64] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- [arm64] drm/msm/gpu: Add devfreq tuning debugfs
- [arm64] drm/msm/gpu: Bypass PM QoS constraint for idle clamp
- [arm64] drm/msm/gpu: Check the status of registration to PM QoS
- [arm64,armhf] drm/etnaviv: Request pages from DMA32 zone on
addressing_limited
- [arm64,armhf] drm/etnaviv: fix power register offset on GC300
- [arm64,armhf] drm/etnaviv: hold GPU lock across perfmon sampling
- wifi: wfx: Fix error handling in wfx_core_init()
- [arm64] drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk()
- netfilter: nf_tables: skip transaction if update object is not implemented
- netfilter: nf_tables: must hold rcu read lock while iterating object type
list
- netlink: typographical error in nlmsg_type constants definition
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Several fixes to bpf_msg_pop_data
- bpf, sockmap: Fix sk_msg_reset_curr
- sock_diag: add module pointer to "struct sock_diag_handler"
- sock_diag: allow concurrent operations
- sock_diag: allow concurrent operation in sock_diag_rcv_msg()
- net: use unrcu_pointer() helper
- ipv6: release nexthop on device removal
- net: rfkill: gpio: Add check for clk_enable()
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
- ALSA: 6fire: Release resources at card release
- Bluetooth: fix use-after-free in device_for_each_child()
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- wireguard: selftests: load nf_conntrack if not present
- bpf: fix recursive lock when verdict program return SK_PASS
- unicode: Fix utf8_load() error path
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- pinctrl: zynqmp: drop excess struct member description
- [powerpc*] vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
- cpufreq: loongson2: Unregister platform_driver on failure
- [powerpc*] fadump: Refactor and prepare fadump_cma_init for late init
- [powerpc*] fadump: Move fadump_cma_init to setup_arch() after
initmem_init()
- memory: renesas-rpc-if: Improve Runtime PM handling
- memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*()
- memory: renesas-rpc-if: Remove Runtime PM wrappers
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
- mtd: rawnand: atmel: Fix possible memory leak
- [powerpc*] mm/fault: Fix kfence page fault reporting
- [powerpc*] pseries: Fix dtl_access_lock to be a rw_semaphore
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
- [arm64] RDMA/hns: Fix an AEQE overflow error caused by untimely update of
eq_db_ci
- [arm64] RDMA/hns: Add clear_hem return value to log
- [arm64] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
- [arm64] RDMA/hns: Remove unnecessary QP type checks
- [arm64] RDMA/hns: Fix cpu stuck caused by printings during reset
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
- clk: imx: lpcg-scu: SW workaround for errata (e10858)
- clk: imx: fracn-gppll: correct PLL initialization flow
- clk: imx: fracn-gppll: fix pll power up
- clk: imx: clk-scu: fix clk enable state save and restore
- [amd64] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
- [amd64] iommu/vt-d: Fix checks and print in pgtable_walk()
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- fs/proc/kcore.c: fix coccinelle reported ERROR instances
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
- scsi: fusion: Remove unused variable 'rc'
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
- [arm64] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
- [arm64] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
- dax: delete a stale directory pmem
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending
doorbells
- [powerpc*] sstep: make emulate_vsx_load and emulate_vsx_store static
- [powerpc*] kexec: Fix return of uninitialized variable
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
- clk: clk-apple-nco: Add NULL check in applnco_probe
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- pinctrl: k210: Undef K210_PC_DEFAULT
- smb: cached directories can be more than root file handle
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
- perf cs-etm: Don't flush when packet_queue fills up
- PCI: Fix reset_method_store() memory leak
- perf stat: Close cork_fd when create_perf_stat_counter() failed
- perf stat: Fix affinity memory leaks on error path
- f2fs: compress: fix inconsistent update of i_blocks in
release_compress_blocks and reserve_compress_blocks
- f2fs: fix to account dirty data in __get_secs_required()
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- perf ftrace latency: Fix unit on histogram first entry when using
--use-nsec
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or
GC_URGENT_MID
- f2fs: fix to avoid forcing direct write to use buffered IO on inline_data
inode
- perf trace: avoid garbage when not printing a trace event's arguments
- svcrdma: Address an integer overflow
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk
- remoteproc: qcom: pas: add minidump_id to SM8350 resources
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
- NFSD: Fix nfsd4_shutdown_copy()
- hwmon: (tps23861) Fix reporting of negative temperatures
- vdpa/mlx5: Fix suboptimal range on iotlb iteration
- vfio/pci: Properly hide first-in-list PCIe extended capability
- fs_parser: update mount_api doc to match function signature
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- [s390x] iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
- net: mdio-ipq4019: add missing error check
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- spi: atmel-quadspi: Fix register name in verbose logging function
- net: hsr: fix hsr_init_sk() vs network/transport headers.
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
- crypto: api - Add crypto_tfm_get
- crypto: api - Add crypto_clone_tfm
- llc: Improve setsockopt() handling of malformed user input
- rxrpc: Improve setsockopt() handling of malformed user input
- tcp: Fix use-after-free of nreq in reqsk_timer_handler().
- ip6mr: fix tables suspicious RCU usage
- ipmr: fix tables suspicious RCU usage
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- counter: stm32-timer-cnt: Add check for clk_enable()
- counter: ti-ecap-capture: Add check for clk_enable()
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- [x86] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
- mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
devm_pm_runtime_enable()
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)
- ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata
paths (CVE-2024-49891)
- xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
- usb: ehci-spear: fix call balance of sehci clk handling routines
- media: aspeed: Fix memory overwrite if timing is 1600x900 (CVE-2023-52916)
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929)
- drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in
dcn30_init_hw (CVE-2024-49917)
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw
(CVE-2024-49915)
- drm/amd/display: Add NULL check for function pointer in
dcn20_set_output_transfer_func (CVE-2024-49911)
- drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897)
- rcu-tasks: Fix access non-existent percpu rtpcp variable in
rcu_tasks_need_gpcb()
- btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
(CVE-2024-35956)
- [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
enumerated
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
- Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as
disabled"
- [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
- mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN
- [powerpc*] move the ARCH_DMA_MINALIGN definition to asm/cache.h
- dma: allow dma_get_cache_alignment() to be overridden by the arch code
- [x86] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- [x86] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen
5 21MES00B00
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- [x86] perf/x86/intel/pt: Fix buffer full but size is 0 case
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- [x86] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf
SPTE
- [powerpc*] pseries: Fix KVM guest detection for disabling hardlockup
detector
- [arm64] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
- [arm64] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow
status
- PCI: Fix use-after-free of slot->bus on hot remove
- fsnotify: fix sending inotify event with unexpected filename
- comedi: Flush partial mappings in error case
- apparmor: test: Fix memory leak for aa_unpack_strdup()
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- locking/lockdep: Avoid creating new name string literals in
lockdep_set_subclass()
- pinctrl: qcom: spmi: fix debugfs drive strength
- dt-bindings: iio: dac: ad3552r: fix maximum spi speed
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055)
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of
failures
- wifi: brcmfmac: release 'root' node in all execution paths
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- gpio: exar: set value when external pull-up or pull-down is present
- netfilter: ipset: add missing range check in bitmap_ip_uadt
(CVE-2024-53141)
- spi: Fix acpi deferred irq probe
- mtd: spi-nor: core: replace dummy buswidth from addr to data
- cpufreq: mediatek-hw: Fix wrong return value in
mtk_cpufreq_get_cpu_power()
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- dt-bindings: serial: rs485: Fix rs485-rts-delay property
- serial: 8250_fintek: Add support for
F81216E
- serial: 8250: omap: Move pm_runtime_get_sync
- ublk: fix ublk_ch_mmap() for 64K page size
- [arm64] tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- smb3: request handle caching when caching directories
- usb: musb: Fix hardware lockup on first Rx endpoint request
- usb: dwc3: gadget: Fix checking for number of TRBs left
- usb: dwc3: gadget: Fix looping of queued SG entries
- ublk: fix error code for unsupported command
- lib: string_helpers: silence snprintf() output truncation warning
- ipc: fix memleak if msg_init_ns failed in create_ipc_ns
- NFSD: Prevent a potential integer overflow
- SUNRPC: make sure cache entry active before cache_show
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
- ubifs: Correct the total block count by deducting journal reservation
- ubi: fastmap: Fix duplicate slab cache names while attaching
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
- jffs2: fix use of uninitialized variable
- rtc: rzn1: fix BCD to rtc_time conversion errors
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- 9p/xen: fix release of IRQ
- [arm64] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
- [arm64] perf/arm-cmn: Ensure port and device id bits are set properly
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- nfs: ignore SB_RDONLY when mounting nfs
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
- xfs: remove unknown compat feature check in superblock write validation
- quota: flush quota_release_work upon quota writeback
- btrfs: don't loop for nowait writes when checking for cross references
- btrfs: add might_sleep() annotations
- btrfs: add a sanity check for btrfs root in btrfs_search_slot()
- btrfs: ref-verify: fix use-after-free after invalid ref action
- [arm64] dts: allwinner: pinephone: Add mount matrix to accelerometer
- [arm64] dts: freescale: imx8mm-verdin: Fix SD regulator startup delay
- media: amphion: Set video drvdata before register video device
- media: imx-jpeg: Set video drvdata before register video device
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled
- [arm64] dts: freescale: imx8mp-verdin: Fix SD regulator startup delay
- media: i2c: tc358743: Fix crash in the probe error path when using polling
- media: imx-jpeg: Ensure power suppliers be suspended before detach them
- media: ts2020: fix null-ptr-deref in ts2020_probe()
- media: platform: exynos4-is: Fix an OF node reference leak in
fimc_md_is_isp_available
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
- media: uvcvideo: Stop stream during unregister
- media: uvcvideo: Require entities to have a non-zero unique ID
- ovl: Filter invalid inodes with missing lookup function
- maple_tree: refine mas_store_root() on storing NULL
- ftrace: Fix regression with module command in stack_trace_filter
- vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
- [arm64,armhf] iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated
tables
- leds: lp55xx: Remove redundant test for invalid channel number
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- ad7780: fix division by zero in ad7780_write_raw()
- [armel,armhf] 9429/1: ioremap: Sync PGDs for VMALLOC shadow
- [s390x] entry: Mark IRQ entries to fix stack depot warnings
- [armel,armhf] 9430/1: entry: Do a dummy read from VMAP shadow
- [armel,armhf] 9431/1: mm: Pair atomic_set_release() with _read_acquire()
- ceph: extract entity name from device id
- util_macros.h: fix/rework find_closest() macros
- scsi: ufs: exynos: Fix hibern8 notify callbacks
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
- fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful
iov_iter_zero
- thermal: int3400: Fix reading of current_uuid for active policy
- ovl: properly handle large files in ovl_security_fileattr
- dm thin: Add missing destroy_work_on_stack()
- PCI: rockchip-ep: Fix address translation unit programming
- nfsd: make sure exp active before svc_export_show
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name()
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
- [powerpc*] Fix stack protector Kconfig test for clang
- [powerpc*] Adjust adding stack protector flags to KBUILD_CLAGS for clang
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc()
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check
- drm/sti: avoid potential dereference of error pointers
- [arm64,armhf] drm/etnaviv: flush shader L1 cache after user commandstream
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu
v13.0.7
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: apple: Actually flush writes after requesting watchdog restart
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: gs_usb: remove leading space from goto labels
- can: gs_usb: gs_usb_probe(): align block comment
- can: gs_usb: uniformly use "parent" as variable name for struct gs_usb
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family
- can: gs_usb: add usb endpoint address detection at driver probe step
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
fails
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
NULL
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- netfilter: x_tables: fix LED ID check in led_tg_check()
- netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
- ptp: convert remaining drivers to adjfine interface
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
- can: j1939: j1939_session_new(): fix skb reference counting
- net-timestamp: make sk_tskey more predictable in error path
- net/ipv6: release expired exception dst cached in socket
- dccp: Fix memory leak in dccp_feat_change_recv
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
- net/smc: fix LGR and link use-after-free issue
- net/qed: allow old cards not supporting "num_images" to work
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
- ixgbe: downgrade logging of unsupported VF API version to debug
- igb: Fix potential invalid memory access in igb_init_module()
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: ipset: Hold module reference while requesting a module
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- geneve: do not assume mac header is set in geneve_xmit_skb()
- net/mlx5e: Remove workaround to avoid syndrome for internal port
- [arm64] KVM: arm64: Change kvm_handle_mmio_return() return polarity
- [arm64] KVM: arm64: Don't retire aborted MMIO instruction
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- gpio: grgpio: Add NULL check in grgpio_probe
- serial: amba-pl011: Use port lock wrappers
- serial: amba-pl011: Fix RX stall when DMA is used
- usb: dwc3: gadget: Rewrite endpoint allocation flow
- usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
- usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
- [powerpc*] vdso: Skip objtool from running on VDSO files
- [powerpc*] vdso: Remove unused '-s' flag from ASFLAGS
- [powerpc*] vdso: Improve linker flags
- [powerpc*] vdso: Remove an unsupported flag from vgettimeofday-32.o with
clang
- [powerpc*] vdso: Include CLANG_FLAGS explicitly in ldflags-y
- [powerpc*] vdso: Refactor CFLAGS for CVDSO build
- [powerpc*] vdso: Drop -mstack-protector-guard flags in 32-bit files with
clang
- ntp: Remove invalid cast in time offset math
- driver core: fw_devlink: Improve logs for cycle detection
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
- driver core: fw_devlink: Stop trying to optimize cycle detection logic
- i3c: Make i3c_master_unregister() return void
- i3c: master: add enable(disable) hot join in sys entry
- i3c: master: svc: add hot join support
- i3c: master: fix kernel-doc check warning
- i3c: master: support to adjust first broadcast address speed
- i3c: master: svc: use slow speed for first broadcast address
- i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable
counter
- i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
- i3c: master: Extend address status bit to 4 and add
I3C_ADDR_SLOT_EXT_DESIRED
- i3c: master: Fix dynamic address leak when 'assigned-address' is present
- PCI: endpoint: Use a separate lock for protecting epc->pci_epf list
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf()
- device property: Constify device child node APIs
- device property: Add cleanup.h based fwnode_handle_put() scope based
cleanup.
- device property: Introduce device_for_each_child_node_scoped()
- leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error
paths
- drm/bridge: it6505: update usleep_range for RC circuit charge time
- drm/bridge: it6505: Fix inverted reset polarity
- xsk: always clear DMA mapping information when unmapping the pool
- bpftool: Remove asserts from JIT disassembler
- bpftool: fix potential NULL pointer dereferencing in prog_dump()
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
- ALSA: usb-audio: Notify xrun for low-latency mode
- tools: Override makefile ARCH variable if defined, but empty
- spi: mpc52xx: Add cancel_work_sync before module remove
- scsi: scsi_debug: Fix hrtimer support for ndelay
- [arm64] drm/v3d: Enable Performance Counters before clearing them
- ocfs2: free inode when ocfs2_get_init_inode() fails
- scatterlist: fix incorrect func name in kernel-doc
- iio: magnetometer: yas530: use signed integer type for clamp limits
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
- bpf: Handle in-place update for full LPM trie correctly
- bpf: Fix exact match conditions in trie_get_next_key()
- mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
(CVE-2024-53105)
- HID: wacom: fix when get product name maybe null pointer
- ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
- ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
- watchdog: rti: of: honor timeout-sec property
- can: dev: can_set_termination(): allow sleeping GPIOs
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E
6.
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- [arm64] Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- [arm64] ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
- scsi: qla2xxx: Fix abort in bsg timeout
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Fix use after free on unload
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- scsi: ufs: core: sysfs: Prevent div by zero
- scsi: ufs: core: Add missing post notify for power mode change
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
- drm/dp_mst: Fix MST sideband message body length check
- drm/dp_mst: Verify request type in the corresponding down message reply
- drm/dp_mst: Fix resetting msg rx state after topology removal
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP
- modpost: Add .irqentry.text to OTHER_SECTIONS
- bpf: fix OOB devmap writes when deleting elements
- dma-buf: fix dma_fence_array_signaled v4
- dma-fence: Fix reference leak on fence merge failure path
- dma-fence: Use kernel's sort for merging fences
- xsk: fix OOB map writes when deleting elements
- regmap: detach regmap from dev on regmap_exit
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- lib: stackinit: hide never-taken branch from compiler
- [arm64] iommu/arm-smmu: Defer probe of clients after smmu device bound
- epoll: annotate racy check
- [s390x] cpum_sf: Handle CPU hotplug remove during sampling
- btrfs: avoid unnecessary device path update for the same device
- btrfs: do not clear read-only when adding sprout device
- [x86] perf/x86/amd: Warn only on new bits set
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- mmc: core: Add SD card quirk for broken poweroff notification
- soc: imx8m: Probe the SoC driver as platform driver
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
- [arm64,armhf] drm/vc4: hdmi: Avoid log spam for audio start failure
- [arm64,armhf] drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
- drm/bridge: it6505: Enable module autoloading
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- drm/display: Fix building with GCC 15
- r8169: don't apply UDP padding quirk on RTL8126A
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- af_packet: avoid erroring out after sock_init_data() in packet_create()
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
rfcomm_sock_alloc()
- net: af_can: do not leave a dangling sk pointer in can_create()
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
- net: inet: do not leave a dangling sk pointer in inet_create()
- net: inet6: do not leave a dangling sk pointer in inet6_create()
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
- net: sfp: change quirks for Alcatel Lucent G-010S-P
- drm/sched: memset() 'job' in drm_sched_job_init()
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
- drm/amdgpu: Dereference the ATCS ACPI buffer
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- dma-debug: fix a possible deadlock on radix_lock
- jfs: array-index-out-of-bounds fix in dtReadFirst
- jfs: fix shift-out-of-bounds in dbSplit
- jfs: fix array-index-out-of-bounds in jfs_readdir
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- ALSA: usb-audio: Make mic volume workarounds globally applicable
- drm/amdgpu: set the right AMDGPU sg segment limitation
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
- dsa: qca8k: Use nested lock to avoid splat
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
- tracing/ftrace: disable preemption in syscall probe
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- tools/rtla: fix collision with glibc sched_attr/sched_set_attr
- scsi: hisi_sas: Add cond_resched() for no forced preemption model
- scsi: ufs: core: Make DMA mask configuration more flexible
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible
- nvdimm: rectify the illogical code within nd_dax_probe()
- smb: client: memcpy() with surrounding object base address
- verification/dot2: Improve dot parser robustness
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
- i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
- PCI: Detect and trust built-in Thunderbolt chips
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- iio: light: ltr501: Add LTER0303 to the supported devices
- [x86] ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen
6 21M1CTO1WW (Closes: #
1087673)
- [powerpc*] prom_init: Fixup missing powermac #size-cells
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- rtc: cmos: avoid taking rtc_lock for extended period of time
- serial: 8250_dw: Add Sophgo SG2044 quirk
- io_uring/tctx: work around xa_store() allocation error issue
- sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU
turning busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- tracing/eprobe: Fix to release eprobe when failed to add dyn_event
- Revert "unicode: Don't special case ignorable code points"
- vfio/mlx5: Align the page tracking max message size with the device
capability
- udf: Fold udf_getblk() into udf_bread()
- [arm64] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- [arm64] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- [arm64] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- [x86] KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn
from kvm_faultin_pfn()
- jffs2: Prevent rtime decompress memory corruption
- jffs2: Fix rtime decompressor
- mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
- io_uring: wake up optimisations
- xhci: dbc: Fix STALL transfer event handling
- mmc: mtk-sd: Fix error handle of probe function
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809)
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
volume"
- Revert "drm/amdgpu: add missing size check in
amdgpu_debugfs_gprwave_read()"
- gve: Fixes for napi_poll when budget is 0
- [arm64] sve: Discard stale CPU state when handling SVE traps
(CVE-2024-50275)
- [arm64] smccc: Remove broken support for SMCCCv1.3 SVE discard hint
- [x86] ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
- bpf: Fix helper writes to read-only maps (CVE-2024-49861)
- net: Move {l,t,d}stats allocation to core and convert veth & vrf
- bpf: Fix dev's rx stats for bpf_redirect_peer traffic
- veth: Use tstats per-CPU traffic counters
- drm/ttm: Make sure the mapped tt pages are decrypted when needed
- drm/ttm: Print the memory decryption status just once
- drm/amdgpu: rework resume handling for display (v2)
- usb: dwc3: ep0: Don't reset resource alloc flag
- serial: amba-pl011: fix build regression
- i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
- i3c: master: svc: fix possible assignment of the same address to two
devices
- PM / devfreq: Fix build issues with devfreq disabled
- [arm64] drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed
- fs/ntfs3: Sequential field availability check in mi_enum_attr()
- i3c: master: svc: Fix use after free vulnerability in svc_i3c_master
Driver Due to Race Condition
- Bluetooth: MGMT: Fix possible deadlocks
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.121
- bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
- ksmbd: fix racy issue from session lookup and expire
- tcp: check space before adding MPTCP SYN options
- blk-cgroup: Fix UAF in blkcg_unpin_online()
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys()
- usb: dwc2: Fix HCD resume
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: dwc2: Fix HCD port connection race
- usb: ehci-hcd: fix call balance of clocks handling routines
- usb: typec: anx7411: fix fwnode_handle reference leak
- usb: typec: anx7411: fix OF node reference leaks in
anx7411_typec_switch_probe()
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode
- [x86] drm/i915: Fix memory leak by correcting cache object name in error
handler
- xfs: update btree keys correctly when _insrec splits an inode root block
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: return from xfs_symlink_verify early on V4 filesystems
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- xfs: only run precommits once per transaction object
- bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
- bpf, sockmap: Fix update element with same
- smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
(Closes: #
1088733)
- exfat: support dynamic allocate bh for exfat_entry_set_cache
- exfat: fix potential deadlock on __exfat_get_dentry_set (CVE-2024-42315)
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters()
- wifi: mac80211: fix station NSS capability initialization order
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
- amdgpu/uvd: get ring reference from rq scheduler
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- net/mlx5: DR, prevent potential error pointer dereference
- ptp: kvm: Use decrypted memory in confidential guest on x86
- [x86] ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from
kvm_arch_ptp_init()
- net: lapb: increase LAPB_HEADER_LEN
- net: defer final 'struct net' free in netns dismantle
- [arm64] net: mscc: ocelot: fix memory leak on
ocelot_port_add_txtstamp_skb()
- [arm64] net: mscc: ocelot: improve handling of TX timestamp for unknown
skb
- [arm64] net: mscc: ocelot: ocelot->ts_id_lock and
ocelot_port->tx_skbs.lock are IRQ-safe
- [arm64] net: mscc: ocelot: be resilient to loss of PTP packets during
transmission
- [arm64] net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set()
- [armhf] spi: aspeed: Fix an error handling path in
aspeed_spi_[read|write]_user()
- net: sparx5: fix FDMA performance issue
- net: sparx5: fix the maximum frame length register
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- ASoC: amd: yc: Fix the wrong return value
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value
- net: dsa: felix: fix stuck CPU-injected packets with short taprio windows
- net/sched: netem: account for backlog updates from child qdisc
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- Bluetooth: iso: Fix recursive locking warning
- Bluetooth: SCO: Add support for 16 bits transparent voice setting
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device (CVE-2024-53240)
- [x86] make get_cpu_vendor() accessible from Xen code (CVE-2024-53241)
- [x86] objtool/x86: allow syscall instruction (CVE-2024-53241)
- [x86] static-call: provide a way to do very early static-call updates
(CVE-2024-53241)
- [x86] xen: don't do PV iret hypercall through hypercall page
(CVE-2024-53241)
- [x86] xen: add central hypercall functions (CVE-2024-53241)
- [x86] xen: use new hypercall functions instead of hypercall page
(CVE-2024-53241)
- [x86] xen: remove hypercall page (CVE-2024-53241)
- ALSA: usb-audio: Fix a DMA to stack memory bug
- [x86] static-call: fix 32-bit build
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.122
- net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
- PCI/AER: Disable AER service on suspend
- PCI: Use preserve_config in place of pci_flags
- PCI: vmd: Create domain symlink before pci_bus_add_devices()
- usb: cdns3: Add quirk flag to enable suspend residency
- [x86] ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
- [x86] ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- [arm64,armhf] usb: dwc2: gadget: Don't write invalid mapped sg entries
into dma_desc with iommu enabled
- PCI: Introduce pci_resource_n()
- [x86] platform/x86: p2sb: Make p2sb_get_devfn() return void
- [x86] p2sb: Factor out p2sb_read_from_cache()
- [x86] p2sb: Introduce the global flag p2sb_hidden_by_bios
- [x86] p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
- [x86] p2sb: Do not scan and remove the P2SB device when it is unhidden
- i2c: pnx: Fix timeout in wait functions
- cxl/region: Fix region creation for greater than x2 switches
- net/smc: protect link down work from execute after lgr freed
(CVE-2024-56718)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
msg
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
- net/smc: check return value of sock_recvmsg when draining clc data
- [arm64] net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
ocelot_ifh_set_basic()
- ionic: Fix netdev notifier unregister on failure (CVE-2024-56715)
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- net: mdiobus: fix an OF node reference leak
- [arm64,armhf] mmc: sdhci-tegra: Remove
SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- [x86] KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit
FE910C04 rmnet compositions
- [x86] thunderbolt: Improve redrive mode handling
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
- [x86] i915/guc: Reset engine utilization buffer before registration
- [x86] i915/guc: Ensure busyness counter increases motonically
- [x86] i915/guc: Accumulate active runtime on gt reset
- drm/amdgpu: don't access invalid sched
- hwmon: (tmp513) Don't use "proxy" headers
- hwmon: (tmp513) Simplify with dev_err_probe()
- hwmon: (tmp513) Use SI constants from units.h
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
Registers
- hwmon: (tmp513) Fix Current Register value interpretation
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and
Limit Registers
- zram: refuse to use zero sized block device as backing device
- zram: fix uninitialized ZRAM not releasing backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
- [x86] KVM: x86: Play nice with protected guests in
complete_hypercall_exit()
- tracing: Fix test_event_printk() to process entire print argument
- tracing: Add missing helper functions in event pointer dereference check
- tracing: Add "%s" check in test_event_printk()
- io_uring: Fix registered ring file refcount leak
- io_uring: check if iowq is killed before queuing (CVE-2024-56709)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
- of/irq: Fix using uninitialized variable @addr_len in API
of_irq_parse_one()
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
- nilfs2: prevent use of deleted inode
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- udf: Fix directory iteration for longer tail extents (Closes: #
1089698)
- epoll: Add synchronous wakeup support for ep_poll_callback
- io_uring/rw: split io_read() into a helper
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN
- io_uring/rw: avoid punting to io-wq directly
- drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
- mm/vmstat: fix a W=1 clang compiler warning
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- [arm64] phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- phy: usb: Toggle the PHY power during init
- [arm64] phy: rockchip: naneng-combphy: fix phy reset
- [arm*] dmaengine: mv_xor: fix child node refcount handling in early exit
- [x86] dmaengine: dw: Select only supported masters for ACPI devices
- [powerpc*] pseries/vas: Add close() callback in vas_vm_ops struct
- stddef: make __struct_group() UAPI C++-friendly
- tracing/kprobe: Make trace_kprobe's module callback called after
jump_label update
- watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- scsi: megaraid_sas: Fix for a potential deadlock
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- smb: server: Fix building with GCC 15
- regmap: Use correct format specifier for logging range errors
- [x86] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
load time
- scsi: storvsc: Do not flag MAINTENANCE_IN return of
SRB_STATUS_DATA_OVERRUN as an error
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
- virtio-blk: don't keep queue frozen during system suspend
- blk-mq: register cpuhp callback after hctx is added to xarray table
- vmalloc: fix accounting with i915
- [mips*] mipsregs: Set proper ISA level for virt extensions
- net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
(CVE-2024-53099)
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
- ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
- pmdomain: core: Add missing put_device()
- sched/core: Report correct state for TASK_IDLE | TASK_FREEZABLE
- freezer, sched: Report frozen tasks as 'D' instead of 'R'
- tracing: Constify string literal data member in struct trace_event_call
- tracing: Prevent bad count for tracing_cpumask_write
- io_uring/sqpoll: fix sqpoll error handling races
- i2c: microchip-core: actually use repeated sends
- i2c: imx: add imx7d compatible string for applying erratum ERR007805
- i2c: microchip-core: fix "ghost" detections
- power: supply: gpio-charger: Fix set charge current limits
- btrfs: avoid monopolizing a core when activating a swap file
- btrfs: sysfs: fix direct super block member reads
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
(CVE-2024-50121)
- Revert "rcu-tasks: Fix access non-existent percpu rtpcp variable in
rcu_tasks_need_gpcb()"
- ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
[ Salvatore Bonaccorso ]
* d/salsa-ci.yml: Suppress aliased-location lintian errors
* debian/salsa-ci.yml: Include run of .build-after-script from common
pipeline.
* debian/salsa-ci.yml: Reference .build-after-script from after_script
section
* Revert "[x86] Revert "x86: Increase brk randomness entropy for 64-bit
systems""
The root cause for the segfaults were actually in qemu, which re-enables
--static-pie linking for qemu-user-static binaries. It was disabled by
mistake in qemu versions in Debian. Details in #
1087822 and #
1053101.
* Bump ABI to 29
* [rt] Update to 6.1.120-rt47
[dgit import unpatched linux 6.1.123-1]
projects / linux.git / log