[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.9.15-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.12
- io_uring: get an active ref_node from files_data
- io_uring: order refnode recycling
- [arm*] spi: bcm2835: Fix use-after-free on unbind
- ipv4: use IS_ENABLED instead of ifdef
- [amd64] IB/hfi1: Ensure correct mm is used at all times (CVE-2020-27835)
- RDMA/i40iw: Address an mmap handler exploit in i40iw
- btrfs: fix missing delalloc new bit for new delalloc ranges
- btrfs: tree-checker: add missing return after error in root_item
- btrfs: tree-checker: add missing returns after data_ref alignment checks
- btrfs: don't access possibly stale fs_info data for printing duplicate
device
- btrfs: fix lockdep splat when reading qgroup config on mount
- [arm64] rtc: pcf2127: fix a bug when not specify interrupts property
- [s390x] fix fpu restore in entry.S
- mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback)
- smb3: Call cifs reconnect from demultiplex thread
- smb3: Avoid Mid pending list corruption
- smb3: Handle error case during offload read path
- cifs: fix a memleak with modefromsid
- [powerpc*] KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing
ESB page
- [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for
userspace
- [x86] KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
- [x86] KVM: x86: Fix split-irqchip vs interrupt injection window request
- [amd64] iommu/vt-d: Don't read VCCAP register unless it exists
- [arm64] firmware: xilinx: Use hash-table for api feature check
- drm/amdgpu: fix SI UVD firmware validate resume fail
- io_uring: fix ITER_BVEC check
- trace: fix potenial dangerous pointer
- [arm64] pgtable: Fix pte_accessible()
- [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect()
- drm/amdgpu: fix a page fault
- drm/amdgpu: update golden setting for sienna_cichlid
- drm/amd/amdgpu: fix null pointer in runtime pm
- HID: uclogic: Add ID for Trust Flex Design Tablet
- HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off
keypresses
- HID: cypress: Support Varmilo Keyboards' media hotkeys
- HID: add support for Sega Saturn
- Input: i8042 - allow insmod to succeed on devices without an i8042
controller
- HID: hid-sensor-hub: Fix issue with devices with no report ID
- HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
- [x86] xen: don't unbind uninitialized lock_kicker_irq
- HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo
Edge
- HID: Add Logitech Dinovo Edge battery quirk
- proc: don't allow async path resolution of /proc/self components
- nvme: free sq/cq dbbuf pointers when dbbuf set fails
- io_uring: handle -EOPNOTSUPP on path resolution
- [arm64,armhf] net: stmmac: dwmac_lib: enlarge dma reset timeout
- vhost: add helper to check if a vq has been setup
- vhost scsi: alloc cmds per vq instead of session
- vhost scsi: fix cmd completion race
- [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
- scsi: libiscsi: Fix NOP race condition
- scsi: target: iscsi: Fix cmd abort fabric stop race
- lockdep: Put graph lock/unlock under lock_recursion protection
- [x86] perf/x86: fix sysfs type mismatches
- [x86] dumpstack: Do not try to access user space code of other tasks
- [arm64,armhf] net: dsa: mv88e6xxx: Wait for EEPROM done after HW reset
- [armhf] bus: ti-sysc: Fix reset status check for modules with quirks
- [armhf] bus: ti-sysc: Fix bogus resetdone warning on enable for cpsw
- [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure
- iwlwifi: mvm: use the HOT_SPOT_CMD to cancel an AUX ROC
- iwlwifi: mvm: properly cancel a session protection for P2P
- iwlwifi: mvm: write queue_sync_state only for sync
- [s390x] KVM: pv: Mark mm as protected after the set secure parameters
and improve cleanup
- [s390x] KVM: remove diag318 reset code
- btrfs: qgroup: don't commit transaction when we already hold the handle
- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
- [armhf] bus: ti-sysc: suppress err msg for timers used as
clockevent/source
- scsi: ufs: Fix race between shutdown and runtime resume flow
- bnxt_en: fix error return code in bnxt_init_one()
- bnxt_en: fix error return code in bnxt_init_board()
- [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM
- bnxt_en: Release PCI regions when DMA mask setup fails during probe.
- cxgb4: fix the panic caused by non smac rewrite
- [s390x] qeth: make af_iucv TX notification call more robust
- [s390x] qeth: fix af_iucv notification race
- [s390x] qeth: fix tear down of async TX buffers
- bonding: wait for sysfs kobject destruction before freeing struct slave
- [powerpc*] 64s: Fix allnoconfig build since uaccess flush
- iommu: Check return of __iommu_attach_device()
- IB/mthca: fix return value of error branch in mthca_init_cq()
- i40e: Fix removing driver while bare-metal VFs pass traffic
- [arm64] firmware: xilinx: Fix SD DLL node reset issue
- [armhf] spi: imx: fix the unbalanced spi runtime pm management
- io_uring: fix shift-out-of-bounds when round up cq size
- [amd64,arm64] aquantia: Remove the build_skb path
- net: ena: handle bad request id in ena_netdev
- net: ena: set initial DMA width to avoid intel iommu issue
- net: ena: fix packet's addresses for rx_offset feature
- [arm64] optee: add writeback to valid memory type
- efi/efivars: Set generic ops before loading SSDT
- efivarfs: revert "fix memory leak in efivarfs_create()"
(Closes: #977048)
- efi: EFI_EARLYCON should depend on EFI
- [riscv64] Add missing jump label initialization
- [riscv64] fix barrier() use in <vdso/processor.h>
- [arm64,armhf] net: stmmac: fix incorrect merge of patch upstream
- [arm64] enetc: Let the hardware auto-advance the taprio base-time of 0
- drm/nouveau: fix relocations applying logic and a double-free
- can: gs_usb: fix endianess problem with candleLight firmware
- [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup
time
- [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment
- [arm64] RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP
- [arm64] RDMA/hns: Bugfix for memory window mtpt configuration
- perf record: Synthesize cgroup events only if needed
- perf stat: Use proper cpu for shadow stats
- perf probe: Fix to die_entrypc() returns error correctly
- [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
- USB: core: Change %pK for __user pointers to %px
- usb: gadget: f_midi: Fix memleak in f_midi_alloc
- USB: core: Fix regression in Hercules audio card
- USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO
built-in usb-audio card
- usb: gadget: Fix memleak in gadgetfs_fill_super
- [arm64] irqchip/exiu: Fix the index of fwspec for IRQ type
- [x86] mce: Do not overwrite no_way_out if mce_end() fails
- [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
- drm/amdgpu: add rlc iram and dram firmware support
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.13
- devlink: Hold rtnl lock while reading netdev attributes
- devlink: Make sure devlink instance and port are in same net namespace
- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init
- [s390x] net/af_iucv: set correct sk_protocol for child sockets
- net: openvswitch: fix TTL decrement action netlink message format
- rose: Fix Null pointer dereference in rose_send_frame()
- sock: set sk_err to ee_errno on dequeue from errq
- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control
- tun: honor IOCB_NOWAIT flag
- vsock/virtio: discard packets only when socket is really closed
- net/packet: fix packet receive on L3 devices without visible hard header
- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING
traversal
- ipv4: Fix tos mask in inet_rtm_getroute()
- dt-bindings: net: correct interrupt flags in examples
- tipc: fix incompatible mtu of transmission
- inet_ecn: Fix endianness of checksum update when setting ECT(1)
- geneve: pull IP header before ECN decapsulation
- net: ip6_gre: set dev->hard_header_len when using header_ops
- cxgb3: fix error return code in t3_sge_alloc_qset()
- [powerpc*] net: pasemi: fix error return code in pasemi_mac_open()
- vxlan: fix error return code in __vxlan_dev_create()
- [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open()
- net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl
- net: openvswitch: ensure LSE is pullable before reading it
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering
- net/mlx5: Fix wrong address reclaim when command interface is down
- net: mlx5e: fix fs_tcp.c build when IPV6 is not enabled
- ALSA: usb-audio: US16x08: fix value count for level meters
- Input: xpad - support Ardwiino Controllers
- Input: i8042 - add ByteSpeed touchpad to noloop table
- Input: atmel_mxt_ts - fix lost interrupts
- tracing: Fix alignment of static buffer
- tracing: Remove WARN_ON in start_thread()
- uapi: fix statx attribute value overlap for DAX & MOUNT_ROOT
- [x86] drm/i915/gt: Fixup tgl mocs for PTE tracking
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14
- usb: gadget: f_fs: Use local copy of descriptors for userspace copy
- USB: serial: kl5kusb105: fix memleak on open
- USB: serial: ch341: add new Product ID for CH341A
- USB: serial: ch341: sort device-id entries
- USB: serial: option: add Fibocom NL668 variants
- USB: serial: option: add support for Thales Cinterion EXS82
- USB: serial: option: fix Quectel BG96 matching
- tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661)
- tty: Fix ->session locking (CVE-2020-29660)
- speakup: Reject setting the speakup line discipline outside of speakup
(CVE-2020-27830)
- ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14
- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
- ALSA: hda/realtek: Enable headset of ASUS UX482EG &
B9400CEA with ALC294
- ALSA: hda/realtek - Add new codec supported for ALC897
- ALSA: hda/realtek - Fixed Dell AIO wrong sound tone
- ALSA: hda/generic: Add option to enforce preferred_dacs pairs
- ring-buffer: Update write stamp with the correct ts
- ring-buffer: Set the right timestamp in the slow path of
__rb_reserve_next()
- ring-buffer: Always check to put back before stamp when crossing pages
- ftrace: Fix updating FTRACE_FL_TRAMP
- ftrace: Fix DYNAMIC_FTRACE_WITH_DIRECT_CALLS dependency
- cifs: allow syscalls to be restarted in __smb_send_rqst()
- cifs: fix potential use-after-free in cifs_echo_request()
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer
- cifs: add NULL check for ses->tcon_ipc
- gfs2: Upgrade shared glocks for atime updates
- gfs2: Fix deadlock between gfs2_{create_inode,inode_lookup} and
delete_work_func
- [s390x] pci: fix CPU address in MSI for directed IRQ
- [arm64,armhf] i2c: imx: Fix reset of I2SR_IAL flag
- [arm64,armhf] i2c: imx: Check for I2SR_IAL after every byte
- [arm64,armhf] i2c: imx: Don't generate STOP condition if arbitration has
been lost
- tracing: Fix userstacktrace option for instances
- [x86] thunderbolt: Fix use-after-free in remove_unplugged_switch()
- [armhf] drm/omap: sdi: fix bridge enable/disable
- drm/amdgpu/vcn3.0: stall DPG when WPTR/RPTR reset
- drm/amdgpu/vcn3.0: remove old DPG workaround
- [x86] drm/i915/gt: Retain default context state across shrinking
- [x86] drm/i915/gt: Limit frequency drop to RPe on parking
- [x86] drm/i915/gt: Program mocs:63 for cache eviction on gen9
- [powerpc*] KVM: PPC: Book3S HV: XIVE: Fix vCPU id sanity check
- scsi: mpt3sas: Fix ioctl timeout
- io_uring: fix recvmsg setup with compat buf-select
- dm writecache: advance the number of arguments when reporting max_age
- dm writecache: fix the maximum number of arguments
- [powerpc*] 64s/powernv: Fix memory corruption when saving SLB entries on
MCE
- genirq/irqdomain: Add an irq_create_mapping_affinity() function
- [powerpc*] pseries: Pass MSI affinity to irq_create_mapping()
- dm: fix bug with RCU locking in dm_blk_report_zones
- dm: fix double RCU unlock in dm_dax_zero_page_range() error path
- dm: remove invalid sparse __acquires and __releases annotations
- [x86] uprobes: Do not use prefixes.nbytes when looping over
prefixes.bytes
- coredump: fix core_pattern parse error
- mm: list_lru: set shrinker map bit when child nr_items is not zero
- mm/swapfile: do not sleep with a spin lock held
- hugetlb_cgroup: fix offline of hugetlb cgroup with reservations
- Revert "amd/amdgpu: Disable VCN DPG mode for Picasso"
- iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
- mm: memcg/slab: fix obj_cgroup_charge() return value handling
- lib/syscall: fix syscall registers retrieval on 32-bit platforms
(CVE-2020-28588)
- can: af_can: can_rx_unregister(): remove WARN() statement from list
operation sanity check
- gfs2: check for empty rgrp tree in gfs2_ri_update
- netfilter: ipset: prevent uninit-value in hash_ip6_add
- tipc: fix a deadlock when flushing scheduled work
- gfs2: Fix deadlock dumping resource group glocks
- gfs2: Don't freeze the file system during unmount
- rtw88: debug: Fix uninitialized memory in debugfs code
- [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
- dm writecache: remove BUG() and fail gracefully instead
- Input: i8042 - fix error return code in i8042_setup_aux()
- netfilter: nf_tables: avoid false-postive lockdep splat
- netfilter: nftables_offload: set address type in control dissector
- netfilter: nftables_offload: build mask based from the matching bytes
- [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over
prefixes bytes
- Revert "geneve: pull IP header before ECN decapsulation"
- bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds.
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.15
- mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING
- kprobes: Remove NMI context check
- kprobes: Tell lockdep about kprobe nesting
- [x86] ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks
- net, xsk: Avoid taking multiple skbuff references
- bpftool: Fix error return value in build_btf_type_table
- [powerpc*] 64s: Fix hash ISA v3.0 TLBIEL instruction generation
- batman-adv: Consider fragmentation for needed_headroom
- batman-adv: Reserve needed_*room for fragments
- batman-adv: Don't always reallocate the fragmentation skb head
- ipvs: fix possible memory leak in ip_vs_control_net_init
- [armhf] drm/panel: sony-acx565akm: Fix race condition in probe
- can: sja1000: sja1000_err(): don't count arbitration lose as an error
- [armhf] can: sun4i_can: sun4i_can_err(): don't count arbitration lose as
an error
- [armhf] can: c_can: c_can_power_up(): fix error handling
- [x86] scsi: storvsc: Fix error return in storvsc_probe()
- iwlwifi: pcie: invert values of NO_160 device config entries
- [x86] perf/x86/intel: Fix a warning on x86_pmu_stop() with large PEBS
- [x390x] zlib: export S390 symbols for zlib modules
- mm/mmap.c: fix mmap return value when vma is merged after call_mmap()
- [arm64] dts: rockchip: Remove system-power-controller from pmic on
Odroid Go Advance
- iwlwifi: pcie: limit memory read spin time
- iwlwifi: sta: set max HE max A-MPDU according to HE capa
- iwlwifi: pcie: set LTR to avoid completion timeout
- iwlwifi: mvm: fix kernel panic in case of assert during CSA
- [powerpc*] Drop -me200 addition to build flags
- scsi: ufs: Fix unexpected values from ufshcd_read_desc_param()
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
- [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS
state on suspend
- [arm64] spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts
- [arm64,armhf] arm-smmu-qcom: Ensure the qcom_scm driver has finished
probing
- btrfs: do nofs allocations when adding and removing qgroup relations
- btrfs: fix lockdep splat when enabling and disabling qgroups
- [arm64] soc: fsl: dpio: Get the cpumask through cpumask_of(cpu)
- sched/idle: Fix arch_cpu_idle() vs tracing
- [x86] intel_idle: Fix intel_idle() vs tracing
- [x86] platform/x86: thinkpad_acpi: add P1 gen3 second fan support
- [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga
11e
- [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for
Thinkpad Yoga 11e 4th gen
- [x86] platform/x86: thinkpad_acpi: Whitelist P15 firmware for dual fan
control
- [x86] platform/x86: acer-wmi: add automatic keyboard background light
toggle key as KEY_LIGHTS_TOGGLE
- [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion
13 x360 PC
- [s390x] fix irq state tracing
- [x86] intel_idle: Build fix
- media: pulse8-cec: fix duplicate free at disconnect or probe error
- media: pulse8-cec: add support for FW v10 and up
- xen: add helpers for caching grant mapping pages
- xen: don't use page->lru for ZONE_DEVICE memory
- Input: cm109 - do not stomp on control URB
- Input: i8042 - add Acer laptops to the i8042 reset list
- pinctrl: amd: remove debounce filter setting in IRQ type setting
- [arm64] mmc: sdhci-of-arasan: Fix clock registration error for Keem Bay
SOC
- mmc: block: Fixup condition for CMD13 polling for RPMB requests
- [x86] drm/i915/gem: Propagate error from cancelled submit due to context
closure
- [x86] drm/i915/display/dp: Compute the correct slice count for VDSC on
DP
- [x86] drm/i915/gt: Declare gen9 has 64 mocs entries!
- [x86] drm/i915/gt: Ignore repeated attempts to suspend request flow
across reset
- [x86] drm/i915/gt: Cancel the preemption timeout on responding to it
- drm/amdgpu: fix sdma instance fw version and feature version init
- kbuild: avoid static_assert for genksyms
- proc: use untagged_addr() for pagemap_read addresses
- mm/hugetlb: clear compound_nr before freeing gigantic pages
- scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
- [x86] membarrier: Get rid of a dubious optimization
- [x86] apic/vector: Fix ordering in vector assignment
- [x86] kprobes: Fix optprobe to detect INT3 padding correctly
[ Salvatore Bonaccorso ]
* [x86] drm/i915: Update TGL and RKL DMC firmware versions (Closes: #974646)
* [rt] Refresh "mm/zsmalloc: copy with get_cpu_var() and locking"
* xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568,
XSA-349)
* xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
(CVE-2020-29568, XSA-349)
* xen/xenbus/xen_bus_type: Support will_handle watch callback
(CVE-2020-29568, XSA-349)
* xen/xenbus: Count pending messages for each watch (CVE-2020-29568,
XSA-349)
* xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568,
XSA-349)
* xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(CVE-2020-29569, XSA-350)
* Bump ABI to 5
[dgit import unpatched linux 5.9.15-1]
projects / linux.git / log