[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.103-1) bullseye-security; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.93
- kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
- devtmpfs regression fix: reconfigure on each mount
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
- perf: Protect perf_guest_cbs with RCU
- [x86] KVM: Register Processor Trace interrupt hook iff PT enabled in guest
- [s390x] KVM: Clarify SIGP orders versus STOP/RESTART
- 9p: only copy valid iattrs in 9P2000.L setattr implementation
- [x86] video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
- media: uvcvideo: fix division by zero at stream start
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled
- firmware: qemu_fw_cfg: fix sysfs information leak
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
- [x86] KVM: remove PMU FIXED_CTR3 from msrs_to_save_all
- ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
reboot from Windows
- ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
- ALSA: hda/realtek: Re-order quirk entries for Lenovo
- [powerpc*] pseries: Get entry and uaccess flush required bits from
H_GET_CPU_CHARACTERISTICS
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.94
- [x86] KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
- HID: uhid: Fix worker destroying device without any protection
- HID: wacom: Reset expected and received contact counts at the same time
- HID: wacom: Ignore the confidence flag when a touch is removed
- HID: wacom: Avoid using stale array indicies to read contact count
- f2fs: fix to do sanity check in is_alive()
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind()
- [armhf] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
- [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for
i.MX6
- mtd: Fixed breaking list in __mtd_del_partition.
- [x86] gpu: Reserve stolen memory for first integrated Intel GPU
- rtc: cmos: take rtc_lock while reading from CMOS
- media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
- media: flexcop-usb: fix control-message timeouts
- media: mceusb: fix control-message timeouts
- media: em28xx: fix control-message timeouts
- media: cpia2: fix control-message timeouts
- media: s2255: fix control-message timeouts
- media: dib0700: fix undefined behavior in tuner shutdown
- media: redrat3: fix control-message timeouts
- media: pvrusb2: fix control-message timeouts
- media: stk1160: fix control-message timeouts
- [armhf] media: cec-pin: fix interrupt en/disable handling
- [x86] can: softing_cs: softingcs_probe(): fix memleak on registration
failure
- iio: adc: ti-
adc081c: Partial revert of removal of ACPI IDs
- [arm64,armhf] gpu: host1x: Add back arm_iommu_detach_device()
- dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
- mm_zone: add function to check if managed dma zone exists
- [arm64] dma/pool: create dma atomic pool only if dma zone has managed
pages
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed
pages
- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
- drm/ttm: Put BO in its memory manager's lru list
- Bluetooth: L2CAP: Fix not initializing sk_peer_pid
- [armhf] drm/bridge: display-connector: fix an uninitialized pointer in
probe()
- drm: fix null-ptr-deref in drm_dev_init_release()
- [arm64,armhf] drm/rockchip: dsi: Fix unbalanced clock on probe error
- [arm64,armhf] drm/rockchip: dsi: Hold pm-runtime across bind/unbind
- [arm64,armhf] drm/rockchip: dsi: Disable PLL clock on bind error
- [arm64,armhf] drm/rockchip: dsi: Reconfigure hardware on resume()
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
- [arm*] clk: bcm-2835: Pick the closest clock rate
- [arm*] clk: bcm-2835: Remove rounding up the dividers
- [arm*] drm/vc4: hdmi: Set a default HSM rate
- [arm64] wcn36xx: ensure pairing of init_scan/finish_scan and
start_scan/end_scan
- [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
- [arm64] wcn36xx: Fix DMA channel enable/disable cycle
- [arm64] wcn36xx: Release DMA channel descriptor allocations
- [arm64] wcn36xx: Put DXE block into reset before freeing memory
- [arm64] wcn36xx: populate band before determining rate on RX
- [arm64] wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
- ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
- media: videobuf2: Fix the size printk format
- [armhf] media: aspeed: fix mode-detect always time out at 2nd run
- media: em28xx: fix memory leak in em28xx_init_dev
- [armhf] media: aspeed: Update signal status immediately to ensure sane hw
state
- fs: dlm: use sk->sk_socket instead of con->sock
- fs: dlm: don't call kernel_getpeername() in error_report()
- Bluetooth: stop proccessing malicious adv data
- ath11k: Fix ETSI regd with weather radar overlap
- ath11k: clear the keys properly via DISABLE_KEY
- ath11k: reset RSN/WPA present state for open BSS
- [arm64] tee: fix put order in teedev_close_context()
- [x86] drm/vboxvideo: fix a NULL vs IS_ERR() check
- media: dmxdev: fix UAF when dvb_register_device() fails
- [arm64] crypto: qce - fix uaf on qce_ahash_register_one
- [arm64] crypto: qce - fix uaf on qce_skcipher_register_one
- [armhf] dts: stm32: fix dtbs_check warning on ili9341 dts binding on
stm32f429 disco
- [x86] crypto: qat - fix spelling mistake: "messge" -> "message"
- [x86] crypto: qat - remove unnecessary collision prevention step in PFVF
- [x86] crypto: qat - make pfvf send message direction agnostic
- [x86] crypto: qat - fix undetected PFVF timeout in ACK loop
- ath11k: Use host CE parameters for CE interrupts configuration
- [armhf] media: imx-pxp: Initialize the spinlock prior to using it
- [armhf] media: coda: fix CODA960 JPEG encoder buffer overflow
- [arm64] media: venus: pm_helpers: Control core power domain manually
- [arm64] media: venus: core, venc, vdec: Fix probe dependency error
- [arm64] media: venus: core: Fix a potential NULL pointer dereference in an
error handling path
- [arm64] media: venus: core: Fix a resource leak in the error handling path
of 'venus_probe()'
- [armhf] thermal/drivers/imx: Implement runtime PM support
- netfilter: bridge: add support for pppoe filtering
- cgroup: Trace event cgroup id fields should be u64
- ACPI: EC: Rework flushing of EC work while suspended to idle
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode()
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms()
- [arm*] serial: amba-pl011: do not request memory region twice
- floppy: Fix hang in watchdog when disk is ejected
- [x86] staging: rtl8192e: return error code from rtllib_softmac_init()
- [x86] staging: rtl8192e: rtllib_module: fix error handle case in
alloc_rtllib()
- sched/fair: Fix detection of per-CPU kthreads waking a task
- sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
- bpf: Adjust BTF log size limit.
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
- bpf: Remove config check to enable bpf support for branch records
- [arm64] lib: Annotate {clear, copy}_page() as position-independent
- [arm64] clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
- media: dib8000: Fix a memleak in dib8000_init()
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
- media: si2157: Fix "warm" tuner state detection
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
- sched/rt: Try to restart rt period timer when rt runtime exceeded
- rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
- mwifiex: Fix possible ABBA deadlock
- xfrm: fix a small bug in xfrm_sa_len()
- [x86] uaccess: Move variable into switch case statement
- [armhf] crypto: stm32 - Fix last sparse warning in
stm32_cryp_check_ctr_counter
- [armhf] crypto: stm32/cryp - fix CTR counter carry
- [armhf] crypto: stm32/cryp - fix xts and race condition in crypto_engine
requests
- [armhf] crypto: stm32/cryp - check early input data
- [armhf] crypto: stm32/cryp - fix double pm exit
- [armhf] crypto: stm32/cryp - fix lrw chaining mode
- [armhf] crypto: stm32/cryp - fix bugs and crash in tests
- [armhf] crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
- ath11k: Fix deleting uninitialized kernel timer during fragment cache
flush
- media: dw2102: Fix use after free
- media: msi001: fix possible null-ptr-deref in msi001_probe()
- [armhf] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
- ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
- [arm64] dts: qcom: c630: Fix soundcard setup
- [arm64] drm/msm/dpu: fix safe status debugfs file
- [arm64,armhf] drm/tegra: vic: Fix DMA API misuse
- xfrm: interface with if_id 0 should return error
- xfrm: state and policy should fail if XFRMA_IF_ID 0
- [armel,armhf] 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
- usb: ftdi-elan: fix memory leak on device disconnect
- iwlwifi: mvm: fix 32-bit build in FTM
- iwlwifi: mvm: test roc running status bits before removing the sta
- [armhf] mmc: meson-mx-sdio: add IRQ check
- selinux: fix potential memleak in selinux_add_opt()
- Bluetooth: L2CAP: Fix using wrong mode
- bpftool: Enable line buffering for stdout
- software node: fix wrong node passed to find nargs_prop
- Bluetooth: hci_qca: Stop IBS timer during BT OFF
- [x86] mce/inject: Avoid out-of-bounds write when setting flags
- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
- [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region()
- [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region()
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
- bpf: Don't promote bogus looking registers after null check.
- bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
- ppp: ensure minimum packet size in ppp_write()
- Bluetooth: hci_bcm: Check for error irq
- Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
- [arm64] usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad
- debugfs: lockdown: Allow reading debugfs files that are not world readable
- net/mlx5e: Fix page DMA map/unmap attributes
- net/mlx5e: Don't block routes with nexthop objects in SW
- Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
- net/mlx5: Set command entry semaphore up once got index free
- lib/mpi: Add the return value check of kcalloc()
- Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
- [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in
meson_spifc_probe
- ax25: uninitialized variable in ax25_setsockopt()
- netrom: fix api breakage in nr_setsockopt()
- regmap: Call regmap_debugfs_exit() prior to _init()
- tpm: add request_locality before write TPM_INT_ENABLE
- tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
- can: softing: softing_startstop(): fix set but not used variable warning
- pcmcia: fix setting of kthread task states
- iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing()
- net: mcs7830: handle usb read errors properly
- ext4: avoid trim error on fs with small groups
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
- RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with
pending cmd-bit"
- [arm64] RDMA/hns: Validate the pkey index
- scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
- [arm64] clk: imx8mn: Fix imx8mn_clko1_sels
- [powerpc*] prom_init: Fix improper check of prom_getprop()
- dt-bindings: thermal: Fix definition of cooling-maps contribution property
- [powerpc*] 64s: Convert some cpu_setup() and cpu_restore() functions to C
- [powerpc*] perf: MMCR0 control for PMU registers under PMCC=00
- [powerpc*] perf: move perf irq/nmi handling details into traps.c
- [powerpc*] irq: Add helper to set regs->softe
- [powerpc*] perf: Fix PMU callbacks to clear pending PMI before resetting
an overflown PMC
- clocksource: Reduce clocksource-skew threshold
- clocksource: Avoid accidental unstable marking of clocksources
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
- ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
- [arm*] binder: fix handling of error during copy
- [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting
- scsi: ufs: Fix race conditions related to driver data
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
- RDMA/core: Let ib_find_gid() continue search even after empty entry
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
- [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes
- [amd64] iommu/amd: Remove iommu_init_ga()
- [amd64] iommu/amd: Restore GA log/tail pointer on host resume
- [x86] ASoC: Intel: catpt: Test dmaengine_submit() result before moving on
- iommu/iova: Fix race between FQ timeout and teardown
- scsi: block: pm: Always set request queue runtime active in
blk_post_runtime_resume()
- [powerpc*] xive: Add missing null check after calling kmalloc
- RDMA/cxgb4: Set queue pair state when being queried
- of: base: Fix phandle argument length mismatch error message
- [armhf] dts: omap3-n900: Fix lp5523 for multi color
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
- fs: dlm: filter user dlm messages for kernel locks
- [arm64,armhf] drm/lima: fix warning when CONFIG_DEBUG_SG=y &
CONFIG_DMA_API_DEBUG=y
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
- [arm64,armhf] drm/bridge: dw-hdmi: handle ELD when
DRM_BRIDGE_ATTACH_NO_CONNECTOR
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
- batman-adv: allow netlink usage in unprivileged containers
- ath11k: Fix crash caused by uninitialized TX ring
- usb: gadget: f_fs: Use stream_open() for endpoint files
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
- HID: apple: Do not reset quirks when the Fn key is not found
- media: b2c2: Add missing check in flexcop_pci_isr:
- drm/amdgpu/display: set vblank_disable_immediate for DC
- [arm64,armhf] tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of
.shutdown()
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
- [armhf] HSI: core: Fix return freed object in hsi_new_client
- crypto: jitter - consider 32 LSB for APT
- rsi: Fix use-after-free in rsi_rx_done_handler()
- rsi: Fix out-of-bounds read in rsi_read_pkt()
- ath11k: Avoid NULL ptr access during mgmt tx cleanup
- [arm64] media: venus: avoid calling core_clk_setrate() concurrently during
concurrent video sessions
- [x86] ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present
table
- ACPI: Change acpi_device_always_present() into
acpi_device_override_status()
- [x86] ACPI / x86: Allow specifying acpi_device_override_status() quirks by
path
- [x86] ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on
the GPD win
- floppy: Add max size check for user space request
- [x86] mm: Flush global TLB when switching to trampoline page-table
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach()
- media: m920x: don't use stack on USB reads
- [x86] thunderbolt: Runtime PM activate both ends of the device link
- iwlwifi: mvm: synchronize with FW after multicast commands
- iwlwifi: mvm: avoid clearing a just saved session protection id
- ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work
- ath10k: Fix tx hanging
- net-sysfs: update the queue counts in the unregistration path
- net: phy: prefer 1000baseT over 1000baseKX
- [armhf] gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
- ath11k: Avoid false DEADLOCK warning reported by lockdep
- [x86] mce: Allow instrumentation during task work queueing
- [x86] mce: Mark mce_panic() noinstr
- [x86] mce: Mark mce_end() noinstr
- [x86] mce: Mark mce_read_aux() noinstr
- net: bonding: debug: avoid printing debug logs when bond is not notifying
peers
- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
- HID: quirks: Allow inverting the absolute X/Y values
- media: igorplugusb: receiver overflow should be reported
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach()
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
- audit: ensure userspace is penalized the same as the kernel when under
pressure
- [arm64] dts: ls1028a-qds: move rtc node to the correct i2c bus
- PM: runtime: Add safety net to supplier device release
- cpufreq: Fix initialization of min and max frequency QoS requests
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
- rtw88: 8822c: update rx settings to prevent potential hw deadlock
- iwlwifi: fix leaks/bad data after failed firmware load
- iwlwifi: remove module loading failure message
- iwlwifi: mvm: Fix calculation of frame length
- iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ
- ath11k: Fix napi related hang
- Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES
- xfrm: rate limit SA mapping change message to user space
- [armhf] drm/etnaviv: consider completed fence seqno in hang check
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
- ACPICA: Utilities: Avoid deleting the same object twice in a row
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
- ACPICA: Fix wrong interpretation of PCC address
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
- drm/amdgpu: fixup bad vram size on gmc v8
- ACPI: battery: Add the ThinkPad "Not Charging" quirk
- btrfs: remove BUG_ON() in find_parent_nodes()
- btrfs: remove BUG_ON(!eie) in find_parent_nodes
- net: mdio: Demote probed message to debug print
- mac80211: allow non-standard VHT MCS-10/11
- dm btree: add a defensive bounds check to insert_at()
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
- net: phy: marvell: configure RGMII delays for
88E1118
- [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator
- [arm64,armhf] serial: pl010: Drop CR register reset on set_termios
- serial: core: Keep mctrl register state and cached copy in sync
- random: do not throw away excess input to crng_fast_load
- [powerpc*] powernv: add missing of_node_put
- [powerpc*] btext: add missing of_node_put
- [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race
- [x86] i2c: i801: Don't silently correct invalid transfer size
- [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING
- [powerpc*] i2c: mpc: Correct I2C reset procedure
- [arm64] clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
- [powerpc*] KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots
- [powerpc*] KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST
- w1: Misuse of get_user()/put_user() reported by sparse
- nvmem: core: set size for sysfs bin file
- dm: fix alloc_dax error handling in alloc_dev
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
- ALSA: seq: Set upper limit of processed events
- [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers
option
- [powerpc*] fadump: Fix inaccurate CPU state info in vmcore generated with
panic
- udf: Fix error handling in udf_new_inode()
- [mips64el,mipsel] OCTEON: add put_device() after of_find_device_by_node()
- [arm64,armhf] irqchip/gic-v4: Disable redistributors' view of the VPE
table at boot time
- [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters
- scsi: sr: Don't use GFP_DMA
- [arm64] rpmsg: core: Clean up resources on announce_create failure.
- [armhf] crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
- [arm64] crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write
buffers
- tpm: fix NPE on probe for missing device
- xen/gntdev: fix unmap notification order
- fuse: Pass correct lend value to filemap_write_and_wait_range()
- serial: Fix incorrect rs485 polarity on uart open
- cputime, cpuacct: Include guest time in user time in cpuacct.stat
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
- [s390x] mm: fix 2KB pgtable release race
- device property: Fix fwnode_graph_devcon_match() fwnode leak
- [armhf] drm/etnaviv: limit submit sizes
- drm/nouveau/kms/nv04: use vzalloc for nv04_display
- [arm64,armhf] drm/bridge: analogix_dp: Make PSR-exit block less
- [powerpc*] 64s/radix: Fix huge vmap false positive
- [arm64] PCI: xgene: Fix IB window setup
- PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
- [arm*] PCI: pci-bridge-emul: Make expansion ROM Base Address register
read-only
- [arm*] PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI
config space
- [arm*] PCI: pci-bridge-emul: Fix definitions of reserved bits
- [arm*] PCI: pci-bridge-emul: Correctly set PCIe capabilities
- [arm*] PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
- xfrm: fix policy lookup for ipv6 gre packets
- btrfs: fix deadlock between quota enable and other quota operations
- btrfs: check the root node for uptodate before returning it
- btrfs: respect the max size in the header when activating swap file
- ext4: make sure to reset inode lockdep class when quota enabling fails
- ext4: make sure quota gets properly shutdown on error
- ext4: fix a possible ABBA deadlock due to busy PA
- ext4: initialize err_blk before calling __ext4_get_inode_loc
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
- ext4: set csum seed in tmp inode while migrating to extents
- ext4: Fix BUG_ON in ext4_bread when write quota data
- ext4: use ext4_ext_remove_space() for fast commit replay delete range
- ext4: fast commit may miss tracking unwritten range during ftruncate
- ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
- ext4: don't use the orphan list when migrating an inode
- drm/radeon: fix error handling in radeon_driver_open_kms
- of: base: Improve argument length mismatch error
- firmware: Update Kconfig help text for Google firmware
- [arm*] drm/vc4: hdmi: Make sure the device is powered with CEC
- Documentation: dmaengine: Correctly describe dmatest with channel unset
- Documentation: ACPI: Fix data node reference documentation
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space
randomization
- Documentation: fix firewire.rst ABI file path error
- Bluetooth: hci_sync: Fix not setting adv set duration
- scsi: core: Show SCMD_LAST in text form
- [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device
- RDMA/rxe: Fix a typo in opcode name
- [armhf] dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
- Revert "net/mlx5: Add retry mechanism to the command entry index
allocation"
- block: Fix fsync always failed if once failed
- bpftool: Remove inclusion of utilities.mak from Makefiles
- xdp: check prog type before updating BPF link
- ipv4: update fib_info_cnt under spinlock protection
- ipv4: avoid quadratic behavior in netns dismantle
- [arm64] net/fsl: xgmac_mdio: Add workaround for erratum A-009885
- [arm64] net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
- f2fs: compress: fix potential deadlock of compress file
- f2fs: fix to reserve space for IO align feature
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
- clk: Emit a stern warning with writable debugfs enabled
- net/smc: Fix hung_task when removing SMC-R devices
- virtio_ring: mark ring unused on error
- taskstats: Cleanup the use of task->exit_code
- inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
- netns: add schedule point in ops_exit_list()
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
- gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
- perf script: Fix hex dump character output
- perf probe: Fix ppc64 'perf probe add events failed' case
- devlink: Remove misleading internal_flags from health reporter dump
- net: bonding: fix bond_xmit_broadcast return value error bug
- net_sched: restore "mpu xxx" handling
- [arm64] bcmgenet: add WOL IRQ check
- net: sfp: fix high power modules without diagnostic monitoring
- [arm64] net: mscc: ocelot: fix using match before it is set
- dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix
property
- dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
- dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7
- mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
- mtd: nand: bbt: Fix corner case in bad block table handling
- ath10k: Fix the MTU size on QCA9377 SDIO
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.95
- bnx2x: Utilize firmware 7.13.21.0
- bnx2x: Invalidate fastpath HSI version for VFs
- rcu: Tighten rcu_advance_cbs_nowake() checks
- [x86] KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU
- select: Fix indefinitely sleeping task in poll_schedule_timeout()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.96
- Bluetooth: refactor malicious adv data check
- [arm64] media: venus: core: Drop second v4l2 device unregister
- net: sfp: ignore disabled SFP node
- net: stmmac: skip only stmmac_ptp_register when resume from suspend
- [s390x] module: fix loading modules with a lot of relocations
- [s390x] hypfs: include z/VM guests with access control group set
- bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
- [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV
FCP devices
- udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617)
- udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617)
- efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
- tracing: Don't inc err_log entry count if entry allocation fails
- ceph: properly put ceph_string reference after async create attempt
- ceph: set pool_ns in new inode layout for async creates
- fsnotify: fix fsnotify hooks in pseudo filesystems
- Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
- [x86] perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
- [armhf] drm/etnaviv: relax submit size limits
- [x86] KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
- [arm64] errata: Fix exec handling in erratum
1418040 workaround
- netfilter: nft_payload: do not update layer 4 checksum when mangling
fragments
- serial: 8250: of: Fix mapped region size when using reg-offset property
- [armhf] serial: stm32: fix software flow control transfer
- tty: n_gsm: fix SW flow control encoding/handling
- tty: Add support for Brainboxes UC cards.
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
- [arm64,armhf] usb: xhci-plat: fix crash when suspend if remote wake enable
- [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match()
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
- usb: typec: tcpm: Do not disconnect while receiving VBUS off
- jbd2: export jbd2_journal_[grab|put]_journal_head
- ocfs2: fix a deadlock when commit trans
- sched/membarrier: Fix membarrier-rseq fence command missing from query
bitmask
- [x86] MCE/AMD: Allow thresholding interface updates after init
- i40e: Increase delay to 1 s after global EMP reset
- i40e: Fix issue when maximum queues is exceeded
- i40e: Fix queues reservation for XDP
- i40e: Fix for failed to init adminq while VF reset
- i40e: fix unsigned stat widths
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put()
- ipv6_tunnel: Rate limit warning messages
- net: fix information leakage in /proc/net/ptype
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
- hwmon: (lm90) Mark alert as broken for MAX6680
- ping: fix the sk_bound_dev_if match in ping_lookup
- ipv4: avoid using shared IP generator for connected sockets
- hwmon: (lm90) Reduce maximum conversion rate for G781
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file
- net-procfs: show net devices bound packet types
- [arm64] drm/msm: Fix wrong size calculation
- [arm64] drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
- [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
- ipv6: annotate accesses to fn->fn_sernum
- NFS: Ensure the server has an up to date ctime before hardlinking
- NFS: Ensure the server has an up to date ctime before renaming
- [powerpc*] powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA
v2.06
- netfilter: conntrack: don't increment invalid counter on NF_REPEAT
- kernel: delete repeated words in comments
- perf: Fix perf_event_read_local() time
- sched/pelt: Relax the sync of util_sum with util_avg
- net: phy: broadcom: hook up soft_reset for BCM54616S
- phylib: fix potential use-after-free
- rxrpc: Adjust retransmission backoff
- [arm64] efi/libstub: arm64: Fix image check alignment at entry
- hwmon: (lm90) Mark alert as broken for MAX6654
- [powerpc*] perf: Fix power_pmu_disable to call clear_pmi_irq_pending only
if PMI is pending
- net: ipv4: Move ip_options_fragment() out of loop
- net: ipv4: Fix the warning for dereference
- ipv4: fix ip option filtering for locally generated fragments
- [x86] video: hyperv_fb: Fix validation of screen resolution
- [arm64] drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
- [arm64] drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
- [armhf] net: cpsw: Properly initialise struct page_pool_params
- [arm64] net: hns3: handle empty unknown interrupt for VF
- Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
- net: bridge: vlan: fix single net device option dumping
- ipv4: raw: lock the socket in raw_bind()
- ipv4: tcp: send zero IPID in SYNACK messages
- ipv4: remove sparse error in ip_neigh_gw4()
- net: bridge: vlan: fix memory leak in __allowed_ingress
- dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
- fsnotify: invalidate dcache before IN_DELETE event
- block: Fix wrong offset in bio_truncate()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.97
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
- [x86] KVM: x86: Forcibly leave nested virt when SMM state is toggled
- psi: Fix uaf issue when psi trigger is destroyed while being polled
- [x86] mce: Add Xeon Sapphire Rapids to list of CPUs that support PPIN
- [x86] cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
- [arm*] drm/vc4: hdmi: Make sure the device is powered with CEC
- cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492)
- net/mlx5e: Fix handling of wrong devices during bond netevent
- net/mlx5: Use del_timer_sync in fw reset flow of halting poll
- net/mlx5: E-Switch, Fix uninitialized variable modact
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
- [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag
- [amd64,arm64] net: amd-xgbe: Fix skb data length underflow
- fanotify: Fix stale file descriptor in copy_event_to_user()
- net: sched: fix use-after-free in tc_new_tfilter()
- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
- af_packet: fix data-race in packet_setsockopt / packet_setsockopt
- tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.98
- [arm*] Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
- [arm*] Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
again
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.99
- selinux: fix double free of cond_list on error paths
- audit: improve audit queue handling when "audit=1" on cmdline
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
- ALSA: usb-audio: Correct quirk for VF0770
- ALSA: hda: Fix UAF of leds class devs at unbinding
- ALSA: hda: realtek: Fix race at concurrent COEF updates
- ALSA: hda/realtek: Add quirk for ASUS GU603
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
quirks
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
chipset)
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
reboot from Windows
- btrfs: fix deadlock between quota disable and qgroup rescan worker
- drm/nouveau: fix off by one in BIOS boundary checking
- mm/pgtable: define pte_index so that preprocessor could recognize it
- block: bio-integrity: Advance seed correctly for larger interval sizes
- dma-buf: heaps: Fix potential spectre v1 gadget
- [amd64] IB/hfi1: Fix AIP early init panic
- memcg: charge fs_context and legacy_fs_context
- RDMA/cma: Use correct address when leaving multicast group
- RDMA/ucma: Protect mc during concurrent multicast leaves
- [amd64] IB/rdmavt: Validate remote_addr during loopback atomic tests
- RDMA/mlx4: Don't continue event handler after memory allocation failure
- [amd64] iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping()
- [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
- [arm64,armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe
- net: ieee802154: hwsim: Ensure proper channel selection at probe time
- net: ieee802154: Return meaningful error codes from the netlink helpers
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
- net: macsec: Verify that send_sci is on when setting Tx sci explicitly
- net: stmmac: dump gmac4 DMA registers correctly
- net: stmmac: ensure PTP time register reads are consistent
- [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling
- [x86] pinctrl: intel: Fix a glitch when updating IRQ flags on a
preconfigured line
- [x86] pinctrl: intel: fix unexpected interrupt
- [arm*] pinctrl: bcm2835: Fix a few error paths
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
- [amd64,arm64] gve: fix the wrong AdminQ buffer queue index check
- bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
- rtc: cmos: Evaluate century appropriate
- Revert "fbcon: Disable accelerated scrolling"
- fbcon: Add option to enable legacy hardware acceleration
- perf stat: Fix display of grouped aliased events
- [x86] perf/x86/intel/pt: Fix crash with stop filters in single-range mode
- [x86] perf: Default set FREEZE_ON_SMI for all
- [arm64] EDAC/xgene: Fix deferred probing
- ext4: prevent used blocks from being allocated during fast commit replay
- ext4: modify the logic of ext4_mb_new_blocks_simple
- ext4: fix error handling in ext4_restore_inline_data()
- ext4: fix error handling in ext4_fc_record_modified_inode()
- ext4: fix incorrect type issue during replay_del_range
- cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.100
- moxart: fix potential use-after-free on remove path (CVE-2022-0487)
- crypto: api - Move cryptomgr soft dependency into algapi
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
- integrity: check the return value of audit_log_start()
- [arm64] mmc: sdhci-of-esdhc: Check for error num after setting mask
- can: isotp: fix potential CAN frame reception race in isotp_rcv()
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
88e1121-compatible
PHYs
- net: phy: marvell: Fix MDI-x polarity setting in
88e1118-compatible PHYs
- NFS: Fix initialisation of nfs_client cl_flags field
- NFSD: Clamp WRITE offsets
- NFSD: Fix offset type in I/O trace points
- drm/amdgpu: Set a suitable dev_info.gart_page_size (Closes: #990279)
- NFS: change nfs_access_get_cached to only report the mask
- NFSv4 only print the label when its queried
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4.1: Fix uninitialised variable in devicenotify
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4 expose nfs_parse_server_name function
- NFSv4 handle port presence in fs_location server string
- [x86] perf: Avoid warning for Arch LBR without XSAVE
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
- net: sched: Clarify error message when qdisc kind is unknown
- [powerpc*] fixmap: Fix VM debug warning on unmap
- scsi: target: iscsi: Make sure the np under each tpg is unique
- scsi: qedf: Add stag_work to all the vports
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
- scsi: pm8001: Fix bogus FW crash for maxcpus=1
- scsi: ufs: Treat link loss as fatal error
- scsi: myrs: Fix crash in error case
- PM: hibernate: Remove register_nosave_region_late()
- [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
- perf: Always wake the parent event
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
- [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of
readl_poll_timeout()
- KVM: eventfd: Fix false positive RCU usage warning
- [x86] KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
- [x86] KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
- [x86] KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
- [x86] KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
shadow
- nvme-tcp: fix bogus request completion when failing to send AER
- [arm64] ACPI/IORT: Check node revision for PMCG resources
- PM: s2idle: ACPI: Fix wakeup interrupts handling
- [arm64,armhf] drm/rockchip: vop: Correct RK3399 VOP register fields
- [armhf] ARM: dts: Fix timer regression for beagleboard revision c
- usb: f_fs: Fix use-after-free for epfile
- [arm*] drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
- netfilter: ctnetlink: disable helper autoassign
- ixgbevf: Require large buffers for build_skb on 82599VF
- [arm64,armhf] drm/panel: simple: Assign data from panel_dpi_probe()
correctly
- ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
- bonding: pair enable_port with slave_arr_updates
- [arm64,armhf] net: dsa: mv88e6xxx: don't use devres for mdiobus
- [armhf] net: dsa: bcm_sf2: don't use devres for mdiobus
- [arm64] net: dsa: felix: don't use devres for mdiobus
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure
path
- nfp: flower: fix ida_idx not being released
- net: do not keep the dst cache when uncloning an skb dst and its metadata
- net: fix a memleak when uncloning an skb dst and its metadata
- veth: fix races around rq->rx_notify_masked
- [armhf] net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
- tipc: rate limit warning for received illegal binding update
- [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal
- [arm64] dpaa2-eth: unregister the netdev before disconnecting from the PHY
- ice: fix an error code in ice_cfg_phy_fec()
- ice: fix IPIP and SIT TSO offload
- [arm64] net: mscc: ocelot: fix mutex lock error during ethtool stats read
- [arm64,armhf] net: dsa: mv88e6xxx: fix use-after-free in
mv88e6xxx_mdios_unregister
- vt_ioctl: fix array_index_nospec in vt_setactivate
- vt_ioctl: add array_index_nospec to VT_ACTIVATE
- n_tty: wake up poll(POLLRDNORM) on receiving data
- eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
- [arm*] usb: dwc2: drd: fix soft connect when gadget is unconfigured
- [arm*] Revert "usb: dwc2: drd: fix soft connect when gadget is
unconfigured"
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release
- [arm64,armhf] usb: ulpi: Call of_node_put correctly
- [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs
- usb: gadget: f_uac2: Define specific wTerminalType
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- USB: serial: option: add ZTE MF286D modem
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
- USB: serial: cp210x: add NCR Retail IO box id
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
- speakup-dectlk: Restore pitch setting
- [x86] hwmon: (dell-smm) Speed up setting of fan speed
- can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
- scsi: lpfc: Reduce log messages seen after firmware download
- perf: Fix list corruption in perf_cgroup_switch()
- iommu: Fix potential use-after-free during probe
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
- drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
- mm: memcg: synchronize objcg lists with a dedicated spinlock
- rcu: Do not report strict GPs for outgoing CPUs
- fget: clarify and improve __fget_files() implementation
- fs/proc: task_mmu.c: don't read mapcount for migration entry
- can: isotp: prevent race between isotp_bind() and isotp_setsockopt()
- can: isotp: add SF_BROADCAST support for functional addressing
- scsi: lpfc: Fix mailbox command failure during driver initialization
- HID:Add support for UGTABLET WP5540
- [x86] Revert "svm: Add warning message for AVIC IPI invalid target"
- mmc: block: fix read single on recovery logic
- mm: don't try to NUMA-migrate COW pages that have other uses
- [amd64] PCI: hv: Fix NUMA node assignment when kernel boots with custom
NUMA topology
- btrfs: send: in case of IO error log it
- net: ieee802154: at86rf230: Stop leaking skb's
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
- vfs: make freeze_super abort when sync_filesystem returns error
- quota: make dquot_quota_sync return errors from ->sync_fs
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
- nvme: fix a possible use-after-free in controller reset during load
- nvme-tcp: fix possible use-after-free in transport error_recovery work
- nvme-rdma: fix possible use-after-free in transport error_recovery work
- drm/amdgpu: fix logic inversion in check
- [amd64] x86/Xen: streamline (and fix) PV CPU enumeration
- Revert "module, async: async_synchronize_full() on module init iff async
is used"
- random: wake up /dev/random writers after zap
- iwlwifi: fix use-after-free
- drm/radeon: Fix backlight control on iMac 12,1
- [x86] drm/i915/opregion: check port number bounds for SWSCI display power
state
- vsock: remove vsock from connected table when connect is interrupted by a
signal
- [x86] drm/i915/gvt: Make DRM_I915_GVT depend on X86
- iwlwifi: pcie: fix locking when "HW not ready"
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
- netfilter: nft_synproxy: unregister hooks on init error path
- ipv6: per-netns exclusive flowlabel checks
- net: dsa: lantiq_gswip: fix use after free in gswip_remove()
- ping: fix the dif and sdif check in ping_lookup
- bonding: force carrier update when releasing slave
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
- net_sched: add __rcu annotation to netdev->qdisc
- bonding: fix data-races around agg_select_timer
- libsubcmd: Fix use-after-free for realloc(..., 0)
- [arm64] dpaa2-eth: Initialize mutex used in one step timestamping path
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
- ALSA: hda/realtek: Fix deadlock by COEF mutex
- ALSA: hda: Fix regression on forced probe mask option
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
- [powerpc*[ lib/sstep: fix 'ptesync' build error
- [armhf] mtd: rawnand: gpmi: don't leak PM reference in error path
- [x86] KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
(CVE-2020-36310)
- block/wbt: fix negative inflight counter when remove scsi device
- NFS: LOOKUP_DIRECTORY is also ok with symlinks
- NFS: Do not report writeback errors in nfs_getattr()
- tty: n_tty: do not look ahead for EOL character past the end of the buffer
- [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
- [x86] KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
- [x86] KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a
perf event
- [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
- NFS: Don't set NFS_INO_INVALID_XATTR if there is no xattr cache
- [armhf] OMAP2+: hwmod: Add of_node_put() before break
- [armhf] OMAP2+: adjust the location of put_device() call in
omapdss_init_of
- netfilter: conntrack: don't refresh sctp entries in closed state
- kconfig: let 'shell' return enough output for deep path names
- ata: libata-core: Disable TRIM on M88V29
- [armhf] soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
- [arm64,armhf] drm/rockchip: dw_hdmi: Do not leave clock enabled in error
case
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
- net: usb: qmi_wwan: Add support for Dell DW5829e
- [arm64] net: macb: Align the dma and coherent dma masks
- kconfig: fix failing to generate auto.conf
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr()
- net: sched: limit TC_ACT_REPEAT loops
- [armhf] dmaengine: stm32-dmamux: Fix PM disable depth imbalance in
stm32_dmamux_probe
- copy_process(): Move fd_install() out of sighand->siglock critical section
- [arm*] i2c: brcmstb: fix support for DSL and CM variants
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.103
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- btrfs: tree-checker: check item_size for inode_item
- btrfs: tree-checker: check item_size for dev_item
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
- [x86] KVM: x86/mmu: make apf token non-zero to fix bug
- drm/amdgpu: disable MMHUB PG for Picasso
- [x86] drm/i915: Correctly populate use_sagv_wm for all pipes
- sr9700: sanity check for packet length
- USB: zaurus: support another broken Zaurus
- CDC-NCM: avoid overflow in sanity checking
- netfilter: nf_tables_offload: incorrect flow offload action array size
(CVE-2022-25636)
- [x86] fpu: Correct pkru/xstate inconsistency
- [arm64] tee: export teedev_open() and teedev_close_context()
- [arm64] optee: use driver internal tee_context for some rpc
- ping: remove pr_err from ping_lookup
- perf data: Fix double free in perf_session__delete()
- bnx2x: fix driver load from initrd
- bnxt_en: Fix active FEC reporting to ethtool
- hwmon: Handle failure to register sensor with thermal zone correctly
- bpf: Do not try bpf_msg_push_data with len 0
- bpf: Add schedule points in batch ops
- io_uring: add a schedule point in io_add_buffers()
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
- tipc: Fix end of loop tests for list_for_each_entry()
- gso: do not skip outer ip header in case of ipip and net_failover
- openvswitch: Fix setting ipv6 fields causing hw csum failure
- drm/edid: Always set RGB444
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
- net: Force inlining of checksum functions in net/checksum.h
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
- netfilter: nf_tables: fix memory leak during stateful obj update
- net/smc: Use a mutex for locking "struct smc_pnettable"
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
- net/mlx5: Fix possible deadlock on rule deletion
- net/mlx5: Fix wrong limitation of metadata match on ecpf
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
- regmap-irq: Update interrupt clear register for proper reset
- configfs: fix a race in configfs_{,un}register_subsystem()
- RDMA/ib_srp: Fix a deadlock
- tracing: Have traceon and traceoff trigger honor the instance
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
- iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
- iio: Fix error handling for PM
- ata: pata_hpt37x: disable primary channel on HPT371
- Revert "USB: serial: ch341: add new Product ID for CH341A"
- usb: gadget: rndis: add spinlock for rndis response list
- tracefs: Set the group ownership in apply_options() not parse_options()
- USB: serial: option: add support for DW5829e
- USB: serial: option: add Telit LE910R1 compositions
- [arm*] usb: dwc2: drd: fix soft connect when gadget is unconfigured
- [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
- [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom
halves.
- xhci: re-initialize the HC during resume if HCE was set
- xhci: Prevent futile URB re-submissions due to incorrect return value.
- driver core: Free DMA range map when device is released
- RDMA/cma: Do not change route.addr.src_addr outside state checks
- [x86] thermal: int340x: fix memory leak in int3400_notify()
- tty: n_gsm: fix encoding of control signal octet bit DV
- tty: n_gsm: fix proper link termination after failed open
- tty: n_gsm: fix NULL pointer access due to DLCI release
- tty: n_gsm: fix wrong tty control line for flow control
- tty: n_gsm: fix deadlock in gsmtty_open()
- memblock: use kfree() to release kmalloced memblock regions
[ Salvatore Bonaccorso ]
* Refresh "Makefile: Do not check for libelf when building OOT module"
* Bump ABI to 12
* Refresh "firmware: Remove redundant log messages from drivers"
* [rt] Refresh "locking/rtmutex: add sleeping lock implementation"
* [rt] Refresh "cpuset: Convert callback_lock to raw_spinlock_t"
* [rt] Update to 5.10.100-rt62
* Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001,
CVE-2022-0002)
- [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
- [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
- [x86] speculation: Add eIBRS + Retpoline options
- Documentation/hw-vuln: Update spectre doc
- [x86] speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- [x86] speculation: Use generic retpoline by default on AMD
- [x86] speculation: Update link to AMD speculation whitepaper
- [x86] speculation: Warn about Spectre v2 LFENCE mitigation
- [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
[dgit import unpatched linux 5.10.103-1]
projects / linux.git / log