[PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a kernel module
Origin: https://lore.kernel.org/patchwork/patch/933175/
This patch adds the logic for checking the kernel module's hash
base on blacklist. The hash must be generated by sha256 and enrolled
to dbx/mokx.
For example:
sha256sum sample.ko
mokutil --mokx --import-hash $HASH_RESULT
Whether the signature on ko file is stripped or not, the hash can be
compared by kernel.
Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.113-1) bullseye-security; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.107
- Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
(Closes: #
1008299)
- xfrm: Check if_id in xfrm_migrate
- xfrm: Fix xfrm migrate issues when address family changes
- mac80211: refuse aggregations sessions before authorized
- [mips64el,mipsel] smp: fill in sibling and core maps earlier
- [x86] atm: firestream: check the return value of ioremap() in fs_init()
- iwlwifi: don't advertise TWT support
- drm/vrr: Set VRR capable prop only if it is attached to connector
- nl80211: Update bss channel on channel switch for P2P_CLIENT
- sfc: extend the locking on mcdi->seqno
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.108
- [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled
- ocfs2: fix crash when initialize filecheck kobj fails
- mm: swap: get rid of livelock in swapin readahead
- efi: fix return value of __setup handlers
- vsock: each transport cycles only on its own sockets
- esp6: fix check on ipv6_skip_exthdr's return value
- net: phy: marvell: Fix invalid comparison in the resume and suspend
functions
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
- atm: eni: Add check for dma_map_single
- [x86] hv_netvsc: Add check for kvmalloc_array
- [armhf] drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check()
- [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
- net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
- [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of
- net: phy: mscc: Add MODULE_FIRMWARE macros
- bnx2x: fix built-in kernel driver load failure
- [arm64] net: bcmgenet: skip invalid partial checksums
- [arm64] net: mscc: ocelot: fix backwards compatibility with single-chain
tc-flower offload
- usb: gadget: rndis: prevent integer overflow in rndis_set_response()
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
- usb: usbtmc: Fix bug in pipe direction for control transfers
- scsi: mpt3sas: Page fault in reply q processing
- Input: aiptek - properly check endpoint type
- perf symbols: Fix symbol size calculation condition
- net: usb: Correct PHY handling of smsc95xx
- net: usb: Correct reset handling of smsc95xx
- smsc95xx: Ignore -ENODEV errors when device is unplugged
- esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.109
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490)
- net: ipv6: fix skb_over_panic in __ip6_append_data
- exfat: avoid incorrectly releasing for root inode
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
(CVE-2021-4197)
- cgroup: Use open-time cgroup namespace for process migration perm checks
(CVE-2021-4197)
- cgroup-v1: Correct privileges check in release_agent writes
- tpm: Fix error handling in async work
- llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356)
- ALSA: oss: Fix PCM OSS buffer allocation overflow
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
- ALSA: hda/realtek: Add quirk for ASUS GA402
- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent read/write and buffer changes
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048)
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
- ALSA: cmipci: Restore aux vol on suspend/resume
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
- [arm64] drivers: net: xgene: Fix regression in CRC stripping
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016)
- [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
- [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
- [x86] crypto: qat - disable registration of algorithms
- Revert "ath: add support for special 0x0 regulatory domain"
- rcu: Don't deboost before reporting expedited quiescent state
- mac80211: fix potential double free on mesh join
- tpm: use try_get_ops() in tpm-space.c
- [arm64] wcn36xx: Differentiate wcn3660 from wcn3620
- llc: only change llc->dev when bind() succeeds
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854)
- USB: serial: pl2303: add IBM device IDs
- USB: serial: simple: add Nokia phone driver
- netdevice: add the case if dev is NULL
- HID: logitech-dj: add new lightspeed receiver id
- xfrm: fix tunnel model fragmentation behavior
- virtio_console: break out of buf poll on remove
- ethernet: sun: Free the coherent when failing in probing
- gpio: Revert regression in sysfs-gpio (gpiolib.c)
- spi: Fix invalid sgs value
- Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
- spi: Fix erroneous sgs value with min_t()
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function
pfkey_register (CVE-2022-1353)
- [arm*] iommu/iova: Improve 32-bit free space estimate
- tpm: fix reference counting for struct tpm_chip
- virtio-blk: Use blk_validate_block_size() to validate block size
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
- xhci: fix garbage USBSTS being logged in some cases
- xhci: fix runtime PM imbalance in USB2 resume
- xhci: make xhci_handshake timeout for xhci_reset() adjustable
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
- [x86] mei: me: add Alder Lake N device id.
- [x86] mei: avoid iterator usage outside of list_for_each_entry
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
- iio: inkern: apply consumer scale when no channel scale is available
- iio: inkern: make a best effort on offset calculation
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
- KEYS: fix length validation in keyctl_pkey_params_get_2()
- Documentation: add link to stable release candidate tree
- Documentation: update stable tree link
- firmware: stratix10-svc: add missing callback parameter on RSU
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
- NFSD: prevent underflow in nfssvc_decode_writeargs()
- NFSD: prevent integer overflow on 32 bit systems
- f2fs: fix to unlock page correctly in error path of is_alive()
- f2fs: quota: fix loop condition at f2fs_quota_sync()
- f2fs: fix to do sanity check on .cp_pack_total_block_count
- [armhf] remoteproc: Fix count check in rproc_coredump_write()
- [armhf] pinctrl: samsung: drop pin banks references on error paths
- mtd: rawnand: protect access to rawnand devices while in suspend
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
path (CVE-2022-28390)
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
- jffs2: fix memory leak in jffs2_do_mount_fs
- jffs2: fix memory leak in jffs2_scan_medium
- mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
- mm: invalidate hwpoison page cache page in fault path
- mempolicy: mbind_range() set_policy() after vma_merge()
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
- qed: display VF trust config
- qed: validate and restrict untrusted VFs vlan promisc mode
- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(CVE-2022-0168)
- [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator
- ALSA: hda: Avoid unsol event during RPM suspending
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
- mm: madvise: skip unmapped vma holes passed to process_madvise
- mm: madvise: return correct bytes advised with process_madvise
- Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
- mm,hwpoison: unmap poisoned page before invalidation
- dm integrity: set journal entry unused when shrinking device
- drbd: fix potential silent data corruption
- can: isotp: sanitize CAN ID checks in isotp_bind()
- [powerpc*] kvm: Fix kvm_use_magic_page
- udp: call udp_encap_enable for v6 sockets when enabling encap
- [arm64] signal: nofpsimd: Do not allocate fp/simd context when not
available
- ACPI: properties: Consistently return -ENOENT if there are no more
references
- coredump: Also dump first pages of non-executable ELF libraries
- ext4: fix ext4_fc_stats trace point
- ext4: fix fs corruption when tring to remove a non-empty directory with IO
error
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(CVE-2022-1198)
- block: limit request dispatch loop duration
- block: don't merge across cgroup boundaries if blkcg is enabled
- drm/edid: check basic audio support on CEA extension block
- [armhf] dts: exynos: add missing HDMI supplies on SMDK5250
- [armhf] dts: exynos: add missing HDMI supplies on SMDK5420
- [x86] mgag200 fix memmapsl configuration in GCTL6 register
- carl9170: fix missing bit-wise or operator for tx_params
- pstore: Don't use semaphores in always-atomic-context code
- [x86] thermal: int340x: Increase bitmap size
- exec: Force single empty string when argv is empty
- crypto: rsa-pkcs1pad - only allow with rsa
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
- crypto: rsa-pkcs1pad - restore signature length check
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
- bcache: fixup multiple threads crash
- DEC: Limit PMAX memory probing to R3k systems
- brcmfmac: firmware: Allocate space for default boardrev in nvram
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
- brcmfmac: pcie: Fix crashes due to early IRQs
- [x86] drm/i915/opregion: check port number bounds for SWSCI display power
state
- [x86] drm/i915/gem: add missing boundary check in vm_access
- PCI: pciehp: Clear cmd_busy bit in polling mode
- [arm64] PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
- [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings
- selinux: check return value of sel_make_avc_files
- [arm64] hwrng: cavium - Check health status while reading random data
- [arm64] hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
- [x86] thermal: int340x: Check for NULL after calling kmemdup()
- [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe
- [arm64] mm: avoid fixmap race condition when create pud mapping
- audit: log AUDIT_TIME_* records only from rules
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
- [armhf] hwmon: (pmbus) Add mutex to regulator ops
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
- nvme: cleanup __nvme_check_ids
- block: don't delete queue kobject before its children
- PM: hibernate: fix __setup handler error handling
- PM: suspend: fix return value of __setup handler
- [arm64] crypto: sun8i-ce - call finalize with bh disabled
- [arm64,armhf] crypto: amlogic - call finalize with bh disabled
- [armhf] clocksource/drivers/timer-ti-dm: Fix regression from errata i940
fix
- [armhf] clocksource/drivers/exynos_mct: Refactor resources allocation
- [armhf] clocksource/drivers/exynos_mct: Handle DTS with higher number of
interrupts
- clocksource/drivers/timer-of: Check return value of of_iomap in
timer_of_base_init()
- ACPI: APEI: fix return value of __setup handlers
- [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels
- [arm*] amba: Make the remove callback return void
- [armhf] hwmon: (pmbus) Add Vin unit off handling
- [x86] clocksource: acpi_pm: fix return value of __setup handler
- io_uring: terminate manual loop iterator loop correctly for non-vecs
- watch_queue: Fix NULL dereference in error cleanup
- watch_queue: Actually free the watch
- f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
- sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
- sched/core: Export pelt_thermal_tp
- rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
- rseq: Remove broken uapi field layout on 32-bit little endian
- perf/core: Fix address filter parser for multiple filters
- [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel
- f2fs: fix missing free nid in f2fs_handle_failed_inode
- nfsd: more robust allocation failure handling in nfsd_file_cache_init
- f2fs: fix to avoid potential deadlock
- btrfs: fix unexpected error path when reflinking an inline extent
- f2fs: compress: remove unneeded read when rewrite whole cluster
- f2fs: fix compressed file start atomic write may cause data corruption
- [arm64,armhf] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP
buffers across ioctls
- media: bttv: fix WARNING regression on tunerless devices
- [arm*] ASoC: generic: simple-card-utils: remove useless assignment
- [armhf] media: coda: Fix missing put_device() call in coda_get_vdoa_data
- [armhf] media: aspeed: Correct value for h-total-pixels
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
- [arm64] firmware: qcom: scm: Remove reassignment to desc following
initializer
- firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is
not defined
- [armhf] dts: imx: Add missing LVDS decoder on M53Menlo
- media: em28xx: initialize refcount before kref_get
- media: usb: go7007: s2250-board: fix leak in probe()
- [arm64,armhf] media: cedrus: H265: Fix neighbour info buffer size
- [arm64,armhf] media: cedrus: h264: Fix neighbour info buffer size
- [x86] ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp()
- printk: fix return value of printk.devkmsg __setup handler
- [x86] ASoC: soc-compress: prevent the potentially use of null pointer
- [armhf] memory: emif: Add check for setup_interrupts
- [armhf] memory: emif: check the pointer temp in get_device_details()
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
- [arm64] dts: rockchip: Fix SDIO regulator supply properties on
rk3399-firefly
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED
- media: saa7134: convert list_for_each to entry variant
- media: saa7134: fix incorrect use to determine if list is empty
- ivtv: fix incorrect device_caps for ivtvfb
- [arm64,armhf] ASoC: rockchip: i2s: Use
devm_platform_get_and_ioremap_resource()
- [arm64,armhf] ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in
rockchip_i2s_probe
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
- [armhf] ASoC: fsl_spdif: Disable TX clock when stop
- [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
- [arm64] drm/meson: osd_afbcd: Add an exit callback to struct
meson_afbcd_ops
- [arm64,armhf] drm/bridge: Add missing pm_runtime_disable() in
__dw_mipi_dsi_probe
- [arm64] drm: bridge: adv7511: Fix ADV7535 HPD enablement
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
- [arm64,armhf] drm/panfrost: Check for error num after setting mask
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
- [armhf] mtd: rawnand: gpmi: fix controller timings setting
- drm/edid: Don't clear formats if using deep color
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes()
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
- ath9k_htc: fix uninit value bugs
- RDMA/core: Set MR type in ib_reg_user_mr
- [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation
- i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
- i40e: respect metadata on XSK Rx to skb
- [x86] ray_cs: Check ioremap return value
- [powerpc*] KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
- [powerpc*] perf: Don't use perf_hw_context for trace IMC PMU
- [arm64,armhf] net: dsa: mv88e6xxx: Enable port policy support on 6097
- [arm64] PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
bridge
- [arm64,armhf] drm/bridge: dw-hdmi: use safe format when first in bridge
chain
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
- drm/amd/pm: enable pm sysfs write for one VF mode
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
- IB/cma: Allow XRC INI QPs to set their local ACK timeout
- dax: make sure inodes are flushed before destroy cache
- iwlwifi: Fix -EIO error code that is never returned
- iwlwifi: mvm: Fix an error code in iwl_mvm_up()
- [arm64] drm/msm/dp: populate connector of struct dp_panel
- [arm64] drm/msm/dpu: add DSPP blocks teardown
- [arm64] drm/msm/dpu: fix dp audio condition
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config()
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
- scsi: pm8001: Fix NCQ NON DATA command task initialization
- scsi: pm8001: Fix NCQ NON DATA command completion handling
- scsi: pm8001: Fix abort all task initialization
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
- drm/amd/display: Remove vupdate_int_entry definition
- TOMOYO: fix __setup handlers return values
- [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
- [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong
false return
- [arm64] scsi: hisi_sas: Change permission of parameter prot_mask
- [arm64] bpf, arm64: Call build_prologue() first in first JIT pass
- [arm64] bpf, arm64: Feed byte-offset into bpf line info
- [arm64,armhf] gpu: host1x: Fix a memory leak in 'host1x_remove()'
- [powerpc*] mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
- [x86] KVM: x86: Fix emulation in writing cr8
- [x86] KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor()
- [x86] hv_balloon: rate-limit "Unhandled message" warning
- [amd64] IB/hfi1: Allow larger MTU without AIP
- PCI: Reduce warnings on possible RW1C corruption
- [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request
- [x86] platform/x86: huawei-wmi: check the return value of
device_create_file()
- vxcan: enable local echo for sent CAN frames
- ath10k: Fix error handling in ath10k_setup_msa_resources
- [mips*] pgalloc: fix memory leak caused by pgd_free()
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
- bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
- bpf, sockmap: Fix more uncharged while msg has more_data
- bpf, sockmap: Fix double uncharge the mem of sk_msg
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
- can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
- can: isotp: support MSG_TRUNC flag when reading from socket
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
- ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
- af_netlink: Fix shift out of bounds in group mask calculation
- [arm64,armhf] i2c: meson: Fix wrong speed use from probe
- PCI: Avoid broken MSI on SB600 USB devices
- [arm64] net: bcmgenet: Use stronger register read/writes to assure
ordering
- tcp: ensure PMTU updates are processed during fastopen
- openvswitch: always update flow key after nat
- tipc: fix the timer expires after interval 100ms
- [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff
- [armhf] fsi: aspeed: convert to devm_platform_ioremap_resource
- [armhf] fsi: Aspeed: Fix a potential double free
- soundwire: intel: fix wrong register name in intel_shim_wake
- iio: mma8452: Fix probe failing when an i2c_device_id is used
- [arm64,armhf] phy: dphy: Correct lpx parameter and its
derivatives(ta_{get,go,sure})
- [x86] serial: 8250_mid: Balance reference count for PCI DMA device
- [x86] serial: 8250_lpss: Balance reference count for PCI DMA device
- NFS: Use of mapping_set_error() results in spurious errors
- serial: 8250: Fix race condition in RTS-after-send handling
- NFS: Return valid errors from nfs2/3_decode_dirent()
- [arm64] clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
- [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock
- nvdimm/region: Fix default alignment for small regions
- [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver
- NFS: remove unneeded check in decode_devicenotify_args()
- [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in
rockchip_pinctrl_probe
- [s390x] tty: hvc: fix return value of __setup handler
- serial: 8250: fix XOFF/XON sending when DMA is used
- driver core: dd: fix return value of __setup handler
- jfs: fix divide error in dbNextAG
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
- kdb: Fix the putarea helper function
- clk: Initialize orphan req_rate
- [amd64] xen: fix is_xen_pmu()
- [arm64] net: enetc: report software timestamping via SO_TIMESTAMPING
- [arm64] net: hns3: fix bug when PF set the duplicate MAC address for VFs
- net: phy: broadcom: Fix brcm_fet_config_init()
- NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
- [armhf] net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
iterator
- fs: fd tables have to be multiples of BITS_PER_LONG
- fs: fix fd table size alignment properly
- LSM: general protection fault in legacy_parse_param
- block, bfq: don't move oom_bfqq
- selinux: use correct type for context length
- selinux: allow FIOCLEX and FIONCLEX with policy capability
- loop: use sysfs_emit() in the sysfs xxx show()
- Fix incorrect type in assignment of ipv6 port for audit
- fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
- bfq: fix use-after-free in bfq_dispatch_request
- ACPICA: Avoid walking the ACPI Namespace if it is not there
- Revert "Revert "block, bfq: honor already-setup queue merges""
- ACPI/APEI: Limit printable size of BERT table data
- PM: core: keep irq flags in device_pm_check_callbacks()
- nvme-tcp: lockdep: annotate in-kernel sockets
- [arm64] spi: tegra20: Use of_device_get_match_data()
- ext4: correct cluster len and clusters changed accounting in
ext4_mb_mark_bb
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
- ext4: don't BUG if someone dirty pages without asking ext4 first
- f2fs: fix to do sanity check on curseg->alloc_type
- NFSD: Fix nfsd_breaker_owns_lease() return values
- f2fs: compress: fix to print raw data size in error path of lz4
decompression
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
- [armel,armhf] ftrace: avoid redundant loads or clobbering IP
- video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
- ASoC: soc-core: skip zero num_dai component in searching dai name
- media: cx88-mpeg: clear interrupt status register before streaming video
- uaccess: fix type mismatch warnings from access_ok()
- media: Revert "media: em28xx: add missing em28xx_close_extension"
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
- [x86] KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP
MMU
- [powerpc*] lib/sstep: Fix 'sthcx' instruction
- [powerpc*] lib/sstep: Fix build errors with newer binutils
- scsi: qla2xxx: Fix stuck session in gpdb
- scsi: qla2xxx: Fix scheduling while atomic
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
- scsi: qla2xxx: Fix warning for missing error code
- scsi: qla2xxx: Fix device reconnect in loop topology
- scsi: qla2xxx: Add devids and conditionals for 28xx
- scsi: qla2xxx: Check for firmware dump already collected
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
- scsi: qla2xxx: Fix disk failure to rediscover
- scsi: qla2xxx: Fix incorrect reporting of task management failure
- scsi: qla2xxx: Fix hang due to session stuck
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
- scsi: qla2xxx: Fix N2N inconsistent PLOGI
- scsi: qla2xxx: Reduce false trigger to login
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing
- [arm64] platform: chrome: Split trace include file
- [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated
- KVM: Prevent module exit until all VMs are freed
- [x86] KVM: x86: fix sending PV IPI
- [x86] KVM: SVM: fix panic on out-of-bounds guest IRQ
- [x86] ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
- ubifs: Fix to add refcount once page is set private
- ubifs: rename_whiteout: correct old_dir size computing
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
- wireguard: socket: free skb in send6 when ipv6 is disabled
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
- XArray: Fix xas_create_range() when multi-order entry present
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
path (CVE-2022-28389)
- can: mcba_usb: properly check endpoint type
- XArray: Update the LRU list in xas_split()
- rtc: check if __rtc_read_time was successful
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
- [arm64] net: hns3: fix software vlan talbe of vlan 0 inconsistent with
hardware
- rxrpc: Fix call timer start racing with call destruction
- [arm64] mailbox: imx: fix wakeup failure from freeze mode
- watch_queue: Free the page array when watch_queue is dismantled
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
- ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
- [arm*] iop32x: offset IRQ numbers by 1
- io_uring: fix memory leak of uid in files registration
- [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC
data
- [arm64] platform/chrome: cros_ec_typec: Check for EC device
- can: isotp: restore accidentally removed MSG_PEEK feature
- proc: bootconfig: Add null pointer check
- [x86] ASoC: soc-compress: Change the check for codec_dai
- batman-adv: Check ptr for NULL before reducing its refcnt
- mm/mmap: return 1 from stack_guard_gap __setup() handler
- mm/memcontrol: return 1 from cgroup.memory __setup() handler
- mm/usercopy: return 1 from hardened_usercopy __setup() handler
- bpf: Adjust BPF stack helper functions to accommodate skip > 0
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
- dt-bindings: mtd: nand-controller: Fix the reg property description
- dt-bindings: mtd: nand-controller: Fix a comment in the examples
- dt-bindings: spi: mxic: The interrupt property is not mandatory
- [x86] ASoC: topology: Allow TLV control to be either read or write
- docs: sysctl/kernel: add missing bit to panic_print
- openvswitch: Fixed nd target mask field in the flow dump.
- [x86] KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
(CVE-2022-1158)
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
path (CVE-2022-28388)
- coredump: Snapshot the vmas in do_coredump
- coredump: Remove the WARN_ON in dump_vma_snapshot
- coredump/elf: Pass coredump_params into fill_note_info
- coredump: Use the vma snapshot in fill_files_note
- [arm64] Do not defer reserve_crashkernel() for platforms with no DMA
memory zones
- [arm64] PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.111
- ubifs: Rectify space amount budget for mkdir/tmpfile operations
- gfs2: Check for active reservation in gfs2_release
- gfs2: Fix gfs2_release for non-writers regression
- gfs2: gfs2_setattr_size error path fix
- [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
- [x86] KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
- drm: Add orientation quirk for GPD Win Max
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
- drm/amd/display: Add signal type check when verify stream backends same
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
- ptp: replace snprintf with sysfs_emit
- [armhf] ath11k: fix kernel panic during unload/load ath11k modules
- ath11k: mhi: use mhi_sync_power_up()
- bpf: Make dst_port field in struct bpf_sock 16-bit wide
- scsi: mvsas: Replace snprintf() with sysfs_emit()
- scsi: bfa: Replace snprintf() with sysfs_emit()
- [arm64,armhf] power: supply: axp20x_battery: properly report current when
discharging
- mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
- cfg80211: don't add non transmitted BSS to 6GHz scanned channels
- ipv6: make mc_forwarding atomic
- [powerpc*] Set crashkernel offset to mid of RMA region
- drm/amdgpu: Fix recursive locking warning
- [arm64] PCI: aardvark: Fix support for MSI interrupts
- [arm64] iommu/arm-smmu-v3: fix event handling soft lockup
- usb: ehci: add pci device support for Aspeed platforms
- tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
- iwlwifi: mvm: Correctly set fragmented EBS
- ipv4: Invalidate neighbour for broadcast address upon address addition
- dm ioctl: prevent potential spectre v1 gadget
- dm: requeue IO if mapping table not yet available
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
- scsi: pm8001: Fix task leak in pm8001_send_abort_all()
- scsi: pm8001: Fix tag leaks on error
- scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
- [arm64] scsi: hisi_sas: Free irq vectors in order for v3 HW
- net/smc: correct settings of RMB window update limit
- macvtap: advertise link netns via netlink
- tuntap: add sanity checks about msg_controllen in sendmsg
- Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
- Bluetooth: use memset avoid memory leaks
- bnxt_en: Eliminate unintended link toggle during FW reset
- [mps64el,mipsel] fix fortify panic when copying asm exception handlers
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
- can: isotp: set default value for N_As to 50 micro seconds
- net: account alternate interface name memory
- net: limit altnames to 64k total
- net: sfp: add 2500base-X quirk for Lantech SFP module
- [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on
omap5evm
- Bluetooth: Fix use after free in hci_send_acl
- netlabel: fix out-of-bounds memory accesses
- ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
- init/main.c: return 1 from handled __setup() functions
- minix: fix bug when opening a file with O_DIRECT
- [arm*] staging: vchiq_core: handle NULL result of find_service_by_handle
- [arm64,armhf] phy: amlogic: meson8b-usb2: Use dev_err_probe()
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
- NFSv4: Protect the state recovery thread against direct reclaim
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
- [armhf] clk: ti: Preserve node in ti_dt_clocks_register()
- clk: Enforce that disjoints limits are invalid
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
- SUNRPC/xprt: async tasks mustn't block waiting for memory
- SUNRPC: remove scheduling boost for "SWAPPER" tasks.
- NFS: swap IO handling is slightly different for O_DIRECT IO
- NFS: swap-out must always use STABLE writes.
- [armhf] serial: samsung_tty: do not unlock port->lock for
uart_write_wakeup()
- virtio_console: eliminate anonymous module_init & module_exit
- jfs: prevent NULL deref in diFree
- SUNRPC: Fix socket waits for write buffer space
- NFS: nfsiod should not block forever in mempool_alloc()
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
- [x86] Drivers: hv: vmbus: Fix potential crash on module unload
- Revert "NFSv4: Handle the special Linux file open access mode"
- NFSv4: fix open failure with O_ACCMODE flag
- ice: Clear default forwarding VSI during VSI release
- net: ipv4: fix route with nexthop object delete warning
- net: stmmac: Fix unset max_speed difference between DT and non-DT
platforms
- [armhf] drm/imx: imx-ldb: Check for null pointer after calling kmemdup
- [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes
- sfc: Do not free an empty page_ring
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
- [amd64] IB/rdmavt: add lock to call to rvt_error_qp to prevent a race
condition
- [arm64] dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
- ipv6: Fix stats accounting in ip6_pkt_drop
- ice: synchronize_rcu() when terminating rings
- net: openvswitch: don't send internal clone attribute to the userspace.
- net: openvswitch: fix leak of nested actions
- rxrpc: fix a race in rxrpc_exit_net()
- qede: confirm skb is allocated before using
- bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
- drbd: Fix five use after free bugs in get_initial_state
- io_uring: don't touch scm_fp_list after queueing skb
- SUNRPC: Handle ENOMEM in call_transmit_status()
- SUNRPC: Handle low memory situations in call_status()
- SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
- [armhf] iommu/omap: Fix regression in probe for NULL pointer dereference
- [arm64] Add part number for Arm Cortex-A78AE
- [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
- [arm64,armhf] mmc: mmci: stm32: correctly check all elements of sg list
- lz4: fix LZ4_decompress_safe_partial read out of bound
- mmmremap.c: avoid pointless invalidate_range_start/end on
mremap(old_size=0)
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
- io_uring: fix race between timeout flush and removal (CVE-2022-29582)
- [x86] pm: Save the MSR validity status at context setup
- [x86] speculation: Restore speculation related MSRs during S3 resume
- btrfs: fix qgroup reserve overflow the qgroup limit
- btrfs: prevent subvol with swapfile from being deleted
- [arm64] patch_text: Fixup last cpu should be master
- [amd64] RDMA/hfi1: Fix use-after-free bug for mm struct
- gpio: Restrict usage of GPIO chip irq members before initialization
- [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
- [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling
- drm/nouveau/pmu: Add missing callbacks for Tegra devices
- mm: don't skip swap entry even if zap_details specified
- cgroup: Use open-time credentials for process migraton perm checks
(CVE-2021-4197)
- [x86] Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
- [arm64,armhf] irqchip/gic, gic-v3: Prevent GSI to SGI translations
- [powerpc*] Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.112
- [amd64] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
- hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195)
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195)
- [arm64] cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
function
- ACPI: processor idle: Check for architectural support for LPI
- btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
- [arm64] drm/msm: Add missing put_task_struct() in debugfs path
- SUNRPC: Fix the svc_deferred_event trace class
- net/sched: flower: fix parsing of ethertype following VLAN header
- veth: Ensure eth header is in skb's linear part
- gpiolib: acpi: use correct format characters
- net: mdio: Alphabetically sort header inclusion
- net/sched: fix initialization order when updating chain 0 head
- [arm64] net: dsa: felix: suppress -EPROBE_DEFER errors
- [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a
fixed-link
- net/sched: taprio: Check if socket flags are valid
- cfg80211: hold bss_lock while updating nontrans_list
- [arm64] drm/msm: Fix range size vs end confusion
- [arm64] drm/msm/dsi: Use connector directly in
msm_dsi_manager_connector_init()
- net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
- scsi: pm80xx: Enable upper inbound, outbound queues
- scsi: iscsi: Stop queueing during ep_disconnect
- scsi: iscsi: Force immediate failure during shutdown
- scsi: iscsi: Use system_unbound_wq for destroy_work
- scsi: iscsi: Rel ref after iscsi_lookup_endpoint()
- scsi: iscsi: Fix in-kernel conn failure handling
- scsi: iscsi: Move iscsi_ep_disconnect()
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts
- scsi: iscsi: Fix conn cleanup and stop race during iscsid restart
- sctp: Initialize daddr on peeled off socket
- cifs: potential buffer overflow in handling symlinks
- [arm64] net: bcmgenet: Revert "Use stronger register read/writes to assure
ordering"
- drm/amd: Add USBC connector ID
- btrfs: fix fallocate to use file_modified to update permissions
consistently
- btrfs: do not warn for free space inode in cow_file_range
- drm/amd/display: fix audio format not updated after edid updated
- drm/amd/display: FEC check in timing validation
- drm/amd/display: Update VTEM Infopacket definition
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS
- drm/amdgpu/vcn: improve vcn dpg stop procedure
- [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring
buffer
- scsi: target: tcmu: Fix possible page UAF
- scsi: lpfc: Fix queue failures when recovering from PCI parity error
- [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
- [armhf] gpu: ipu-v3: Fix dev_dbg frequency output
- [arm64] alternatives: mark patch_alternative() as `noinstr`
- tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
- myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
- drm/amd/display: Revert FEC check in validation
- drm/amd/display: Fix allocate_mst_payload assert on resume
- scsi: mvsas: Add PCI ID of RocketRaid 2640
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
- drivers: net: slip: fix NPD bug in sl_tx_timeout()
- mm, page_alloc: fix build_zonerefs_node()
- mm: fix unexpected zeroed page mapping with zram swap
- [x86] KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
- ath9k: Properly clear TX status area before reporting to mac80211
- ath9k: Fix usage of driver-private space in tx_info
- btrfs: fix root ref counts in error handling in btrfs_get_root_ref
- btrfs: mark resumed async balance as writing
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT
- ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
- ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
- nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
- ipv6: fix panic when forwarding a pkt with no in6 dev
- drm/amd/display: don't ignore alpha property on pre-multiplied mode
- drm/amdgpu: Enable gfxoff quirk on MacBook Pro
- genirq/affinity: Consider that CPUs on nodes can be unbalanced
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
- dm integrity: fix memory corruption when tag_size is less than digest size
- smp: Fix offline cpu check in flush_smp_call_function_queue()
- timers: Fix warning condition in __run_timers()
- dma-direct: avoid redundant memory sync for swiotlb
- scsi: iscsi: Fix endpoint reuse regression
- scsi: iscsi: Fix unbound endpoint error handling
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204)
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1204)
- ax25: fix UAF bugs of net_device caused by rebinding operation
(CVE-2022-1204)
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1204)
- ax25: fix UAF bug in ax25_send_control()
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199)
- ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205)
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.113
- tracing: Dump stacktrace trigger to the corresponding instance
- gfs2: assign rgrp glock before compute_bitstructs
- net/sched: cls_u32: fix netns refcount changes in u32_change()
- ALSA: usb-audio: Clear MIDI port active flag after draining
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP
- dm: fix mempool NULL pointer race when completing IO
- [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap
- esp: limit skb_page_frag_refill use to a single page
- igc: Fix infinite loop in release_swfw_sync
- igc: Fix BUG: scheduling while atomic
- rxrpc: Restore removed timer deletion
- net/smc: Fix sock leak when release after smc_shutdown()
- net/packet: fix packet_sock xmit return value checking
- ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
- ip6_gre: Fix skb_under_panic in __gre6_xmit()
- net/sched: cls_u32: fix possible leak in u32_init_knode()
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
netdev_master_upper_dev_get_rcu
- ipv6: make ip6_rt_gc_expire an atomic_t
- netlink: reset network and mac headers in netlink_dump()
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state
- [arm64] mm: Remove [PUD|PMD]_TABLE_BIT from [pud|pmd]_bad()
- [arm64] mm: fix p?d_leaf()
- [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can
never be negative
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant
- vxlan: fix error return code in vxlan_fdb_append
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT
- [amd64,arm64] net: atlantic: Avoid out-of-bounds indexing
- mt76: Fix undefined behavior due to shift overflowing the constant
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant
- [arm64] drm/msm/mdp5: check the return of kzalloc()
- [arm64] net: macb: Restart tx only if queue pointer is lagging
- scsi: qedi: Fix failed disconnect handling
- stat: fix inconsistency between struct stat and struct compat_stat
- nvme: add a quirk to disable namespace identifiers
- nvme-pci: disable namespace identifiers for Qemu controllers
- mm, hugetlb: allow for "high" userspace addresses
- oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
cleanup
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
- [amd64,arm64] net: atlantic: invert deep par in pm functions, preventing
null derefs
- openvswitch: fix OOB access in reserve_sfa_size()
- gpio: Request interrupts after IRQ is initialized
- ASoC: soc-dapm: fix two incorrect uses of list iterator
- e1000e: Fix possible overflow in LTR decoding
- [arm*] arm_pmu: Validate single/group leader events
- sched/pelt: Fix attach_entity_load_avg() corner case
- [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
initialised
- [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in
prepare
- [powerpc*] KVM: PPC: Fix TCE handling for VFIO
- [arm*] drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()
usage
- [powerpc*] perf: Fix power9 event alternatives
- ext4: fix fallocate to use file_modified to update permissions
consistently
- ext4: fix symlink file size not match to file content
- ext4: fix use-after-free in ext4_search_dir
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
- ext4, doc: fix incorrect h_reserved size
- ext4: fix overhead calculation to account for the reserved gdt blocks
- ext4: force overhead calculation if the s_overhead_cluster makes no sense
- can: isotp: stop timeout monitoring when no first frame was sent
- jbd2: fix a potential race while discarding reserved buffers after an
abort
- block/compat_ioctl: fix range check in BLKGETSIZE
[ Salvatore Bonaccorso ]
* Bump ABI to 14
* [rt] Drop "tcp: Remove superfluous BH-disable around"
* [rt] Update "tracing: Merge irqflags + preempt counter." for upstream
changes in 5.10.113
* [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
(Closes: #
1006346)
* floppy: disable FDRAWCMD by default
[dgit import unpatched linux 5.10.113-1]
projects / linux.git / log