[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (5.10.136-1) bullseye-security; urgency=high
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.128
- MAINTAINERS: add Amir as xfs maintainer for 5.10.y
- drm: remove drm_fb_helper_modinit
- tick/nohz: unexport __init-annotated tick_nohz_full_setup()
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init()
- xfs: use kmem_cache_free() for kmem_cache objects
- xfs: punch out data fork delalloc blocks on COW writeback failure
- xfs: Fix the free logic of state in xfs_attr_node_hasname
- xfs: remove all COW fork extents when remounting readonly
- xfs: check sb_meta_uuid for dabuf buffer recovery
- [powerpc*] ftrace: Remove ftrace init tramp once kernel init is complete
- [arm64] net: mscc: ocelot: allow unregistered IP multicast flooding
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.129
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
- ipv6: take care of disable_policy when restoring routes
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX
S40G)
- nvdimm: Fix badblocks clear off-by-one error
- [powerpc*] bpf: Fix use of user_pt_regs in uapi
- dm raid: fix accesses beyond end of raid member array
- [s390x] archrandom: simplify back to earlier design and initialize earlier
- SUNRPC: Fix READ_PLUS crasher (Closes: #
1014793)
- net: usb: ax88179_178a: Fix packet receiving
- virtio-net: fix race between ndo_open() and virtio_device_ready()
- [armhf] net: dsa: bcm_sf2: force pause link settings
- net: tun: unlink NAPI from device on destruction
- net: tun: stop NAPI when detaching queues
- net: dp83822: disable false carrier interrupt
- net: dp83822: disable rx error interrupt
- RDMA/qedr: Fix reporting QP timeout attribute
- RDMA/cm: Fix memory leak in ib_cm_insert_listen
- linux/dim: Fix divide by 0 in RDMA DIM
- usbnet: fix memory allocation in helpers
- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
- NFSD: restore EINVAL error translation in nfsd_commit()
- netfilter: nft_dynset: restore set element counter when failing to update
- net/sched: act_api: Notify user space if any actions were flushed before
error
- net: bonding: fix possible NULL deref in rlb code
- net: bonding: fix use-after-free after 802.3ad slave unbind
- tipc: move bc link creation back to tipc_node_create
- epic100: fix use after free on rmmod
- io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
- net: tun: avoid disabling NAPI twice
- xfs: use current->journal_info for detecting transaction recursion
- xfs: rename variable mp to parsing_mp
- xfs: Skip repetitive warnings about mount options
- xfs: ensure xfs_errortag_random_default matches XFS_ERRTAG_MAX
- xfs: fix xfs_trans slab cache name
- xfs: update superblock counters correctly for !lazysbcount
- xfs: fix xfs_reflink_unshare usage of filemap_write_and_wait_range
- tcp: add a missing nf_reset_ct() in 3WHS handling
- xen/gntdev: Avoid blocking in unmap_grant_pages()
- [arm64] drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
- sit: use min
- ipv6/sit: fix ipip6_tunnel_get_prl return value
- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
fails
- net: usb: qmi_wwan: add Telit 0x1060 composition
- net: usb: qmi_wwan: add Telit 0x1070 composition
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.130
- mm/slub: add missing TID updates on slab deactivation
- ALSA: hda/realtek: Add quirk for Clevo L140PU
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
- can: gs_usb: gs_usb_open/close(): fix memory leak
- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
- bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
- usbnet: fix memory leak in error case
- netfilter: nft_set_pipapo: release elements in clone from abort path
- [amd64] iommu/vt-d: Fix PCI bus rescan device hot add
- PM: runtime: Redefine pm_runtime_release_supplier()
- memregion: Fix memregion_free() fallback definition
- video: of_display_timing.h: include errno.h
- [powerpc*] powernv: delay rng platform device creation until later in boot
- can: kvaser_usb: replace run-time checks with struct
kvaser_usb_driver_info
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
- xfs: remove incorrect ASSERT in xfs_rename
- [armhf] meson: Fix refcount leak in meson_smp_prepare_cpus
- [armhf] pinctrl: sunxi: a83t: Fix NAND function name for some pins
- [arm64] dts: imx8mp-evk: correct mmc pad settings
- [arm64] dts: imx8mp-evk: correct the uart2 pinctl value
- [arm64] dts: imx8mp-evk: correct gpio-led pad settings
- [arm64] dts: imx8mp-evk: correct I2C3 pad settings
- [arm64,armhf] pinctrl: sunxi: sunxi_pconf_set: use correct offset
- [arm64] dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
- xsk: Clear page contiguity bit when unmapping pool
- i40e: Fix dropped jumbo frames statistics
- r8169: fix accessing unset transport header
- [armhf] dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
- misc: rtsx_usb: use separate command and response buffers
- misc: rtsx_usb: set return value in rsp_buf alloc err path
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
- ida: don't use BUG_ON() for debugging
- [arm64,armhf] dmaengine: pl330: Fix lockdep warning about non-static key
- [armhf] dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
- [armhf] dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.131
- [armhf] Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.132
- [x86] ALSA: hda - Add fixup for Dell Latitidue E5430
- [x86] ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
- [x86] ALSA: hda/realtek: Fix headset mic for Acer SF313-51
- [x86] ALSA: hda/realtek - Fix headset mic problem for a HP machine with
alc671
- [x86] ALSA: hda/realtek - Fix headset mic problem for a HP machine with
alc221
- [x86] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
- fix race between exit_itimers() and /proc/pid/timers
- mm: split huge PUD on wp_huge_pud fallback
- tracing/histograms: Fix memory leak problem
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer
- ip: fix dflt addr selection for connected nexthop
- [armhf] 9213/1: Print message about disabled Spectre workarounds only
once
- [armel,armhf] 9214/1: alignment: advance IT state after emulating Thumb
instruction
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
- cgroup: Use separate src/dst nodes when preloading css_sets for migration
- btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and
inline extents
- [arm64,armhf] drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error
- [arm64,armhf] drm/panfrost: Fix shrinker list corruption by madvise IOCTL
- fs/remap: constrain dedupe of EOF blocks
- nilfs2: fix incorrect masking of permission flags for symlinks
- sh: convert nommu io{re,un}map() to static inline functions
- Revert "evm: Fix memleak in init_desc"
- ext4: fix race condition between ext4_write and ext4_convert_inline_data
- [armhf] dts: imx6qdl-ts7970: Fix ngpio typo and count
- [armhf] 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out
of idle
- [armel,armhf] 9210/1: Mark the FDT_FIXED sections as shareable
- net/mlx5e: Fix capability check for updating vnic env counters
- [x86] drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector()
- ima: Fix a potential integer overflow in ima_appraise_measurement
- [arm64,armhf] ASoC: sgtl5000: Fix noise on shutdown/remove
- [x86] ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks()
- [x86] ASoC: Intel: Skylake: Correct the handling of fmt_config flexible
array
- sysctl: Fix data races in proc_dointvec().
- sysctl: Fix data races in proc_douintvec().
- sysctl: Fix data races in proc_dointvec_minmax().
- sysctl: Fix data races in proc_douintvec_minmax().
- sysctl: Fix data races in proc_doulongvec_minmax().
- sysctl: Fix data races in proc_dointvec_jiffies().
- tcp: Fix a data-race around sysctl_tcp_max_orphans.
- inetpeer: Fix data-races around sysctl.
- net: Fix data-races around sysctl_mem.
- cipso: Fix data-races around sysctl.
- icmp: Fix data-races around sysctl.
- ipv4: Fix a data-race around sysctl_fib_sync_mem.
- [armhf] dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
- [x86] drm/i915/gt: Serialize TLB invalidates with GT resets
- sysctl: Fix data-races in proc_dointvec_ms_jiffies().
- icmp: Fix a data-race around sysctl_icmp_ratelimit.
- icmp: Fix a data-race around sysctl_icmp_ratemask.
- raw: Fix a data-race around sysctl_raw_l3mdev_accept.
- ipv4: Fix data-races around sysctl_ip_dynaddr.
- nexthop: Fix data-races around nexthop_compat_mode.
- [armhf] net: ftgmac100: Hold reference returned by of_get_child_by_name()
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
- ima: Fix potential memory leak in ima_init_crypto()
- sfc: fix use after free when disabling sriov
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
- seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
- sfc: fix kernel panic when creating VF
- net: atlantic: remove deep parameter on suspend/resume functions
- net: atlantic: remove aq_nic_deinit() when resume
- [x86] KVM: x86: Fully initialize 'struct kvm_lapic_irq' in
kvm_pv_kick_cpu_op()
- net/tls: Check for errors in tls_device_init
- mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
- virtio_mmio: Add missing PM calls to freeze/restore
- virtio_mmio: Restore guest page size on resume
- netfilter: br_netfilter: do not skip all hooks with 0 priority
- [arm64] scsi: hisi_sas: Limit max hw sectors for v3 HW
- [powerpc*] cpufreq: pmac32-cpufreq: Fix refcount leak bug
- [x86] platform/x86: hp-wmi: Ignore Sanitization Mode event
- net: tipc: fix possible refcount leak in tipc_sk_create()
- nvme-tcp: always fail a request when sending it failed
- nvme: fix regression when disconnect a recovering ctrl
- net: sfp: fix memory leak in sfp_probe()
- ASoC: ops: Fix off by one in range control validation
- [armhf] pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux()
- [x86] ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
- [amd64] Clear .brk area at early boot
- [armhf] dts: stm32: use the correct clock source for CEC on stm32mp151
- Revert "can: xilinx_can: Limit CANFD brp to 2"
- nvme-pci: phison e16 has bogus namespace ids
- signal handling: don't use BUG_ON() for debugging
- USB: serial: ftdi_sio: add Belimo device ids
- usb: typec: add missing uevent when partner support PD
- [arm64,armhf] usb: dwc3: gadget: Fix event pending check
- [armhf] tty: serial: samsung_tty: set dma burst_size to 1
- vt: fix memory overlapping when deleting chars in the buffer
- serial: 8250: fix return error code in serial8250_request_std_resource()
- [armhf] serial: stm32: Clear prev values before setting RTS delays
- [arm*] serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
- serial: 8250: Fix PM usage_count for console handover
- [x86] pat: Fix x86_has_pat_wp()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.133
- [amd64] Preparation for mitigating RETbleed:
+ KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
+ KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
+ objtool: Refactor ORC section generation
+ objtool: Add 'alt_group' struct
+ objtool: Support stack layout changes in alternatives
+ objtool: Support retpoline jump detection for vmlinux.o
+ objtool: Assume only ELF functions do sibling calls
+ objtool: Combine UNWIND_HINT_RET_OFFSET and UNWIND_HINT_FUNC
+ x86/xen: Support objtool validation in xen-asm.S
+ x86/xen: Support objtool vmlinux.o validation in xen-head.S
+ x86/alternative: Merge include files
+ x86/alternative: Support not-feature
+ x86/alternative: Support ALTERNATIVE_TERNARY
+ x86/alternative: Use ALTERNATIVE_TERNARY() in _static_cpu_has()
+ x86/insn: Rename insn_decode() to insn_decode_from_regs()
+ x86/insn: Add a __ignore_sync_check__ marker
+ x86/insn: Add an insn_decode() API
+ x86/insn-eval: Handle return values from the decoder
+ x86/alternative: Use insn_decode()
+ x86: Add insn_decode_kernel()
+ x86/alternatives: Optimize optimize_nops()
+ x86/retpoline: Simplify retpolines
+ objtool: Correctly handle retpoline thunk calls
+ objtool: Handle per arch retpoline naming
+ objtool: Rework the elf_rebuild_reloc_section() logic
+ objtool: Add elf_create_reloc() helper
+ objtool: Create reloc sections implicitly
+ objtool: Extract elf_strtab_concat()
+ objtool: Extract elf_symbol_add()
+ objtool: Add elf_create_undef_symbol()
+ objtool: Keep track of retpoline call sites
+ objtool: Cache instruction relocs
+ objtool: Skip magical retpoline .altinstr_replacement
+ objtool/x86: Rewrite retpoline thunk calls
+ objtool: Support asm jump tables
+ x86/alternative: Optimize single-byte NOPs at an arbitrary position
+ objtool: Fix .symtab_shndx handling for elf_create_undef_symbol()
+ objtool: Only rewrite unconditional retpoline thunk calls
+ objtool/x86: Ignore __x86_indirect_alt_* symbols
+ objtool: Don't make .altinstructions writable
+ objtool: Teach get_alt_entry() about more relocation types
+ objtool: print out the symbol type when complaining about it
+ objtool: Remove reloc symbol type checks in get_alt_entry()
+ objtool: Make .altinstructions section entry size consistent
+ objtool: Introduce CFI hash
+ objtool: Handle __sanitize_cov*() tail calls
+ objtool: Classify symbols
+ objtool: Explicitly avoid self modifying code in .altinstr_replacement
+ objtool,x86: Replace alternatives with .retpoline_sites
+ x86/retpoline: Remove unused replacement symbols
+ x86/asm: Fix register order
+ x86/asm: Fixup odd GEN-for-each-reg.h usage
+ x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h
+ x86/retpoline: Create a retpoline thunk array
+ x86/alternative: Implement .retpoline_sites support
+ x86/alternative: Handle Jcc __x86_indirect_thunk_\reg
+ x86/alternative: Try inline spectre_v2=retpoline,amd
+ x86/alternative: Add debug prints to apply_retpolines()
+ bpf,x86: Simplify computing label offsets
+ bpf,x86: Respect X86_FEATURE_RETPOLINE*
+ x86/lib/atomic64_386_32: Rename things
- [amd64] Mitigate straight-line speculation:
+ x86: Prepare asm files for straight-line-speculation
+ x86: Prepare inline-asm for straight-line-speculation
+ x86/alternative: Relax text_poke_bp() constraint
+ objtool: Add straight-line-speculation validation
+ x86: Add straight-line-speculation mitigation
+ tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf
bench mem memcpy'
+ kvm/emulate: Fix SETcc emulation function offsets with SLS
+ objtool: Default ignore INT3 for unreachable
+ crypto: x86/poly1305 - Fixup SLS
+ objtool: Fix SLS validation for kcov tail-call replacement
- objtool: Fix code relocs vs weak symbols
- objtool: Fix type of reloc::addend
- objtool: Fix symbol creation
- x86/entry: Remove skip_r11rcx
- objtool: Fix objtool regression on x32 systems
- x86/realmode: build with -D__DISABLE_EXPORTS
- [amd64] Add mitigations for RETbleed on AMD/Hygon (CVE-2022-29900) and
Intel (CVE-2022-29901) processors:
+ x86/kvm/vmx: Make noinstr clean
+ x86/cpufeatures: Move RETPOLINE flags to word 11
+ x86/retpoline: Cleanup some #ifdefery
+ x86/retpoline: Swizzle retpoline thunk
+ Makefile: Set retpoline cflags based on CONFIG_CC_IS_{CLANG,GCC}
+ x86/retpoline: Use -mfunction-return
+ x86: Undo return-thunk damage
+ x86,objtool: Create .return_sites
+ objtool: skip non-text sections when adding return-thunk sites
+ x86,static_call: Use alternative RET encoding
+ x86/ftrace: Use alternative RET encoding
+ x86/bpf: Use alternative RET encoding
+ x86/kvm: Fix SETcc emulation for return thunks
+ x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+ x86/sev: Avoid using __x86_return_thunk
+ x86: Use return-thunk in asm code
+ objtool: Treat .text.__x86.* as noinstr
+ x86: Add magic AMD return-thunk
+ x86/bugs: Report AMD retbleed vulnerability
+ x86/bugs: Add AMD retbleed= boot parameter
+ x86/bugs: Enable STIBP for JMP2RET
+ x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
+ x86/entry: Add kernel IBRS implementation
+ x86/bugs: Optimize SPEC_CTRL MSR writes
+ x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
+ x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation()
+ x86/bugs: Report Intel retbleed vulnerability
+ intel_idle: Disable IBRS during long idle
+ objtool: Update Retpoline validation
+ x86/xen: Rename SYS* entry points
+ x86/bugs: Add retbleed=ibpb
+ x86/bugs: Do IBPB fallback check only once
+ objtool: Add entry UNRET validation
+ x86/cpu/amd: Add Spectral Chicken
+ x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+ x86/speculation: Fix firmware entry SPEC_CTRL handling
+ x86/speculation: Fix SPEC_CTRL write on SMT state change
+ x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
+ x86/speculation: Remove x86_spec_ctrl_mask
+ objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
+ KVM: VMX: Flatten __vmx_vcpu_run()
+ KVM: VMX: Convert launched argument to flags
+ KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+ KVM: VMX: Fix IBRS handling after vmexit
+ x86/speculation: Fill RSB on vmexit for IBRS
+ x86/common: Stamp out the stepping madness
+ x86/cpu/amd: Enumerate BTC_NO
+ x86/retbleed: Add fine grained Kconfig knobs
+ x86/bugs: Add Cannon lake to RETBleed affected CPU list
+ x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+ x86/kexec: Disable RET on kexec
+ x86/speculation: Disable RRSBA behavior
- x86/static_call: Serialize __static_call_fixup() properly
- tools/insn: Restore the relative include paths for cross building
- x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
- x86/xen: Fix initialisation in hypercall_page after rethunk
- x86/ftrace: Add UNWIND_HINT_FUNC annotation for ftrace_stub
- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
- efi/x86: use naked RET on mixed mode call wrapper
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
- KVM: emulate: do not adjust size of fastop and setcc subroutines
- tools arch x86: Sync the msr-index.h copy with the kernel sources
- tools headers cpufeatures: Sync with the kernel sources
- x86/bugs: Remove apostrophe typo
- um: Add missing apply_returns()
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
- kvm: fix objtool relocation warning
- objtool: Fix elf_create_undef_symbol() endianness
- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf
bench mem memcpy' - again
- tools headers: Remove broken definition of __LITTLE_ENDIAN
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.134
- [armhf] pinctrl: stm32: fix optional IRQ support to gpios
- lockdown: Fix kexec lockdown bypass with ima policy (CVE-2022-21505)
- io_uring: Use original task for req identity in io_identity_cow()
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
- docs: net: explain struct net_device lifetime
- net: make free_netdev() more lenient with unregistering devices
- net: make sure devices go through netdev_wait_all_refs
- net: move net_set_todo inside rollback_registered()
- net: inline rollback_registered()
- net: move rollback_registered_many()
- net: inline rollback_registered_many()
- [amd64] PCI: hv: Fix multi-MSI to allow more than one MSI vector
- [amd64] PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
- [amd64] PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
- [amd64] PCI: hv: Fix interrupt mapping for multi-MSI
- [arm64] serial: mvebu-uart: correctly report configured baudrate value
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
xfrm_bundle_lookup() (CVE-2022-36879)
- perf/core: Fix data race between perf_event_set_output() and
perf_mmap_close()
- drm/amdgpu/display: add quirk handling for stutter mode
- igc: Reinstate IGC_REMOVED logic and implement it properly
- ip: Fix data-races around sysctl_ip_no_pmtu_disc.
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
- ip: Fix data-races around sysctl_ip_fwd_update_priority.
- ip: Fix data-races around sysctl_ip_nonlocal_bind.
- ip: Fix a data-race around sysctl_ip_autobind_reuse.
- ip: Fix a data-race around sysctl_fwmark_reflect.
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
- tcp: Fix data-races around sysctl_tcp_mtu_probing.
- tcp: Fix data-races around sysctl_tcp_base_mss.
- tcp: Fix data-races around sysctl_tcp_min_snd_mss.
- tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
- tcp: Fix a data-race around sysctl_tcp_probe_threshold.
- tcp: Fix a data-race around sysctl_tcp_probe_interval.
- net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
- net: stmmac: fix dma queue left shift overflow issue
- igmp: Fix data-races around sysctl_igmp_llm_reports.
- igmp: Fix a data-race around sysctl_igmp_max_memberships.
- igmp: Fix data-races around sysctl_igmp_max_msf.
- tcp: Fix data-races around keepalive sysctl knobs.
- tcp: Fix data-races around sysctl_tcp_syncookies.
- tcp: Fix data-races around sysctl_tcp_reordering.
- tcp: Fix data-races around some timeout sysctl knobs.
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
- tcp: Fix a data-race around sysctl_tcp_tw_reuse.
- tcp: Fix data-races around sysctl_max_syn_backlog.
- tcp: Fix data-races around sysctl_tcp_fastopen.
- tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
- iavf: Fix handling of dummy receive descriptors
- i40e: Fix erroneous adapter reinitialization during recovery process
- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
- [arm64,armhf] gpio: pca953x: only use single read/write for No AI mode
- [arm64,armhf] gpio: pca953x: use the correct range when do regmap sync
- [arm64,armhf] gpio: pca953x: use the correct register address when
regcache sync during init
- be2net: Fix buffer overflow in be_get_module_eeprom
- ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
- ip: Fix data-races around sysctl_ip_prot_sock.
- udp: Fix a data-race around sysctl_udp_l3mdev_accept.
- tcp: Fix data-races around sysctl knobs related to SYN option.
- tcp: Fix a data-race around sysctl_tcp_early_retrans.
- tcp: Fix data-races around sysctl_tcp_recovery.
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
- tcp: Fix a data-race around sysctl_tcp_stdurg.
- tcp: Fix a data-race around sysctl_tcp_rfc1337.
- tcp: Fix data-races around sysctl_tcp_max_reordering.
- [arm*] spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for
non DMA transfers
- KVM: Don't null dereference ops->destroy
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
- bpf: Make sure mac_header was set before using it
- sched/deadline: Fix BUG_ON condition for deboosted tasks
- [x86] bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
- dlm: fix pending remove if msg allocation fails
- bitfield.h: Fix "type of reg too small for mask" test
- ALSA: memalloc: Align buffer allocations in page size
- Bluetooth: Add bt_skb_sendmsg helper
- Bluetooth: Add bt_skb_sendmmsg helper
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
- Bluetooth: Fix passing NULL to PTR_ERR
- Bluetooth: SCO: Fix sco_send_frame returning skb->len
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
- [x86] amd: Use IBPB for firmware calls
- [x86] alternative: Report missing return thunk details
- watchqueue: make sure to serialize 'wqueue->defunct' properly
- tty: drivers/tty/, stop using tty_schedule_flip()
- tty: the rest, stop using tty_schedule_flip()
- tty: drop tty_schedule_flip()
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
- net: usb: ax88179_178a needs FLAG_SEND_ZLP
- watch-queue: remove spurious double semicolon
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.135
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
- Revert "ocfs2: mount shared volume without ha stack"
- [s390x] archrandom: prevent CPACF trng invocations in interrupt context
- watch_queue: Fix missing rcu annotation
- watch_queue: Fix missing locking in add_watch_to_object()
- tcp: Fix data-races around sysctl_tcp_dsack.
- tcp: Fix a data-race around sysctl_tcp_app_win.
- tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
- tcp: Fix a data-race around sysctl_tcp_frto.
- tcp: Fix a data-race around sysctl_tcp_nometrics_save.
- tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
- ice: do not setup vlan for loopback VSI
- Revert "tcp: change pingpong threshold to 3"
- tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
- tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
- tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
- net: ping6: Fix memleak in ipv6_renew_options().
- ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
- igmp: Fix data-races around sysctl_igmp_qrv.
- net: sungem_phy: Add of_node_put() for reference returned by
of_get_parent()
- tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
- tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
- tcp: Fix a data-race around sysctl_tcp_autocorking.
- tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
- Documentation: fix sctp_wmem in ip-sysctl.rst
- macsec: fix NULL deref in macsec_add_rxsa
- macsec: fix error message in macsec_add_rxsa and _txsa
- macsec: limit replay window size with XPN
- macsec: always read MACSEC_SA_ATTR_PN as a u64
- net: macsec: fix potential resource leak in macsec_add_rxsa() and
macsec_add_txsa()
- tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
- tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
- tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
- tcp: Fix data-races around sysctl_tcp_reflect_tos.
- i40e: Fix interface init with MSI interrupts (no MSI-X)
- sctp: fix sleep in atomic context bug in timer handlers
- netfilter: nf_queue: do not allow packet truncation below transport header
offset (CVE-2022-36946)
- virtio-net: fix the race between refill work and close
- sfc: disable softirqs for ptp TX
- sctp: leave the err path free in sctp_stream_init to sctp_stream_free
- page_alloc: fix invalid watermark check on a negative value
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
- [arm*] 9216/1: Fix MAX_DMA_ADDRESS overflow
- docs/kernel-parameters: Update descriptions for "mitigations=" param with
retbleed
- xfs: refactor xfs_file_fsync
- xfs: xfs_log_force_lsn isn't passed a LSN
- xfs: prevent UAF in xfs_log_item_in_current_chkpt
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
- xfs: force the log offline when log intent item recovery fails
- xfs: hold buffer across unpin and potential shutdown processing
- xfs: remove dead stale buf unpin handling code
- xfs: logging the on disk inode LSN can make it go backwards
- xfs: Enforce attr3 buffer recovery order
- [x86] bugs: Do not enable IBPB at firmware entry when IBPB is not
available
- bpf: Consolidate shared test timing code
- bpf: Add PROG_TEST_RUN support for sk_lookup programs
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.136
- [x86] speculation: Make all RETbleed mitigations 64-bit only
- ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
- ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
- tun: avoid double free in tun_free_netdev
- [x86] ACPI: video: Force backlight native for some TongFang devices
- [x86] ACPI: video: Shortening quirk list by identifying Clevo by
board_name only
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
- [arm64] crypto: arm64/poly1305 - fix a read out-of-bound
- Bluetooth: hci_bcm: Add BCM4349B1 variant
- Bluetooth: hci_bcm: Add DT compatible for CYW55572
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
- [x86] Add mitigations for Post-Barrier Return Stack Buffer Prediction
(PBRSB) issue (CVE-2022-26373):
+ x86/speculation: Add RSB VM Exit protections
+ x86/speculation: Add LFENCE to RSB fill sequence
[ Salvatore Bonaccorso ]
* Bump ABI to 17
* [rt] Update to 5.10.131-rt72
* posix-cpu-timers: Cleanup CPU timers before freeing them during exec
(CVE-2022-2585)
* netfilter: nf_tables: do not allow SET_ID to refer to another table
(CVE-2022-2586)
* netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
* netfilter: nf_tables: do not allow RULE_ID to refer to another chain
* net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588)
[dgit import unpatched linux 5.10.136-1]
projects / linux.git / log