linux (4.19.316-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.305 - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local - i40e: Fix filter input checks to prevent config with invalid values - net: sched: em_text: fix possible memory leak in em_text_destroy() - [armhf] sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init - net: Save and restore msg_namelen in sock_sendmsg (regression in 4.19.297) - i40e: fix use-after-free in i40e_aqc_add_filters() - i40e: Restore VF MSI-X state during PCI reset - net/qla3xxx: switch from 'pci_' to 'dma_' API - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues - asix: Add check for usbnet_get_endpoints - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() - mm/memory-failure: check the mapcount of the precise page - [x86] firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards - mm: fix unmap_mapping_range high bits shift bug - mmc: rpmb: fixes pause retune on all RPMB partitions. - mmc: core: Cancel delayed work before releasing host - fuse: nlookup missing decrement in fuse_direntplus_link - netfilter: nf_tables: Reject tables of unsupported family (CVE-2023-6040) - PCI: Disable ATS for specific Intel IPU E2000 devices - net: add a route cache full diagnostic message - net/dst: use a smaller percpu_counter batch for dst entries accounting - ipv6: make ip6_rt_gc_expire an atomic_t - ipv6: remove max_size check inline with ipv4 (CVE-2023-52340) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.306 - f2fs: explicitly null-terminate the xattr list (CVE-2023-52436) - ASoC: rt5650: add mutex to avoid the jack detection failure - net/tg3: fix race condition in tg3_reset_task() - ASoC: da7219: Support low DC impedance headset - [armhf] drm/exynos: fix a potential error pointer dereference - [arm*] clk: rockchip: rk3128: Fix HCLK_OTG gate register - jbd2: correct the printing of write_flags in jbd2_write_superblock() - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing - tracing: Add size check when printing trace_marker output - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI - [x86] Input: atkbd - skip ATKBD_CMD_GETID in translated mode - [x86] Input: i8042 - add nomux quirk for Acer P459-G2-M - [x86] Input: xpad - add Razer Wolverine V2 support - [armhf] sun9i: smp: fix return code check of of_property_match_string - drm/crtc: fix uninitialized variable use - uio: Fix use-after-free in uio_open (CVE-2023-52439) - [x86] lib: Fix overflow when counting digits - [arm64] EDAC/thunderx: Fix possible out-of-bounds string access (CVE-2023-52464) - [x86] ACPI: video: check for error while searching for backlight device parent (CVE-2023-52693) - [amd64] ACPI: LPIT: Avoid u32 multiplication overflow (CVE-2023-52683) - calipso: fix memory leak in netlbl_calipso_add_pass() (CVE-2023-52698) - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (CVE-2023-52449) - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket - crypto: virtio - Handle dataq logic with tasklet - [x86] crypto: ccp - fix memleak in ccp_init_dm_workarea - crypto: af_alg - Disallow multiple in-flight AIO requests - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() - crypto: virtio - Wait for tasklet to complete on device remove - crypto: scompress - return proper error code for allocation failure - crypto: scompress - Use per-CPU struct instead multiple variables - crypto: scomp - fix req->dst buffer overflow (CVE-2023-52612) - blocklayoutdriver: Fix reference leak of pnfs_device_node - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT - bpf, lpm: Fix check prefixlen before walking trie - rtlwifi: Use ffs in _phy_calculate_bit_shift - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior - [arm64] scsi: hisi_sas: Replace with standard error code return value - wifi: rtlwifi: add calculate_bit_shift() - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() - rtlwifi: rtl8192de: make arrays static const, makes object smaller - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() - Bluetooth: Fix bogus check for re-auth no supported with non-ssp - Bluetooth: btmtkuart: fix recv_buf() return value - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633) - RDMA/usnic: Silence uninitialized symbol smatch warnings - media: pvrusb2: fix use after free on context disconnection (CVE-2023-52445) - f2fs: fix to avoid dirent corruption (CVE-2023-52444) - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() - drm/radeon: check return value of radeon_ring_lock() - [arm64] drm/msm/mdp4: flush vblank event on disable - drm/drv: propagate errors from drm_modeset_register_all() - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (CVE-2023-52470) - drm/amd/pm: fix a double-free in si_dpm_init (CVE-2023-52691) - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (CVE-2023-52469) - gpu/drm/radeon: fix two memleaks in radeon_vm_init - watchdog: set cdev owner before adding (regression in 4.19.93) - [x86] watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO - [arm*] watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling - of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679) - binder: fix async space check for 0-sized buffers - [x86] Input: atkbd - use ab83 as id when skipping the getid command - xen-netback: don't produce zero-size SKB frags (CVE-2023-46838) - binder: fix race between mmput() and do_exit() (CVE-2023-52609) - binder: fix unused alloc->free_async_space - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug - [armhf] usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() - [arm*] usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart - [arm*] Revert "usb: dwc3: Soft reset phy on probe for host" (regression in 4.19.297) - [arm*] Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" (regression in 4.19.291) - [arm*] usb: chipidea: wait controller resume finished for wakeup irq - [x86] Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" (regression in 4.19.302) - [x86] usb: typec: class: fix typec_altmode_put_partner to put plugs - usb: mon: Fix atomicity violation in mon_bin_vma_fault (regression in 4.19.90) - ALSA: oxygen: Fix right channel of capture volume mixer - fbdev: flush deferred work in fb_deferred_io_fsync() - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors - wifi: mwifiex: configure BSSID consistently when starting AP - HID: wacom: Correct behavior when processing some confidence == false touches - acpi: property: Let args be NULL in __acpi_node_get_property_reference - perf genelf: Set ELF program header addresses properly - apparmor: avoid crash when parsed profile name is empty (CVE-2023-52443) - [armhf] serial: imx: Correct clock error message in function probe() - net: qualcomm: rmnet: fix global oob in rmnet_policy (CVE-2024-26597) - ipvs: avoid stat macros calls from preemptible context - [armhf] i2c: s3c24xx: fix read transfers in polling mode - [armhf] i2c: s3c24xx: fix transferring more than one message in polling mode - Revert "NFSD: Fix possible sleep during nfsd4_release_lockowner()" (regression in 4.19.246) - crypto: scompress - initialize per-CPU variables on each CPU https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307 - driver core: add device probe log helper - ext4: allow for the last group to be marked as trimmed (regression in 4.19.296) - PM: hibernate: Enforce ordering during image compression/decompression - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615) - rpmsg: virtio: Free driver_override when rpmsg_remove() (CVE-2023-52670) - nouveau/vmm: don't set addr on the fail path to avoid warning - block: Remove special-casing of compound pages - [x86] CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum - net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING - llc: make llc_ui_sendmsg() more robust against bonding changes (CVE-2024-26636) - llc: Drop support for ETH_P_TR_802_2. (CVE-2024-26635) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (CVE-2024-23849) - tracing: Ensure visibility when inserting an element into tracing_map (CVE-2024-26645) - tcp: Add memory barrier to tcp_push() - netlink: fix potential sleeping issue in mqueue_flush_file - net/mlx5e: fix a double-free in arfs_create_groups (CVE-2024-35835) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes - [armhf] net: fec: fix the unhandled context fault from smmu - btrfs: don't warn if discard range is not aligned to sector - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 - drm: Don't unref the same fb many times by mistake due to deadlock handling (CVE-2023-52486) - tick/sched: Preserve number of idle sleeps across CPU hotplug events - [amd64] x86/entry/ia32: Ensure s32 is sign extended to s64 - net/sched: cbs: Fix not adding cbs instance to list (regression in 4.19.99) (CVE-2021-33630) - audit: Send netlink ACK before setting connection in auditd_set - [x86] ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop - ACPI: extlog: fix NULL pointer dereference check - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (CVE-2023-52604) - UBSAN: array-index-out-of-bounds in dtSplitRoot (CVE-2023-52603) - jfs: fix slab-out-of-bounds Read in dtSearch (CVE-2023-52602) - jfs: fix array-index-out-of-bounds in dbAdjTree (CVE-2023-52601) - jfs: fix uaf in jfs_evict_inode (CVE-2023-52600) - pstore/ram: Fix crash when setting number of cpus to an odd number (CVE-2023-52619) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() - jfs: fix array-index-out-of-bounds in diNewExt (CVE-2023-52599) - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623) - ext4: fix inconsistent between segment fstrim and full fstrim - ext4: unify the type of flexbg_size to unsigned int - ext4: remove unnecessary check from alloc_flex_gd() - ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622) - scsi: lpfc: Fix possible file string name overflow when updating firmware - PCI: Add no PM reset quirk for NVIDIA Spectrum devices - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() - scsi: libfc: Don't schedule abort twice - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() - [armhf] dts: rockchip: fix rk3036 hdmi ports node - md: Whenassemble the array, consult the superblock of the freshest device - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() - wifi: cfg80211: free beacon_ies when overridden from hidden BSS - f2fs: fix to check return value of f2fs_reserve_new_block() - fast_dput(): handle underflows gracefully - RDMA/IPoIB: Fix error code return in ipoib_mcast_join - drm/drm_file: fix use of uninitialized variable - drm/framebuffer: Fix use of uninitialized variable - drm/mipi-dsi: Fix detach call without attach - media: stk1160: Fixed high volume of stk1160_dbg messages - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time - IB/ipoib: Fix mcast list locking (CVE-2023-52587) - media: ddbridge: fix an error code problem in ddb_probe - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs - drm/amdgpu: Let KFD sync with VM fences - [amd64] drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' - leds: trigger: panic: Don't register panic notifier if creating the trigger failed - blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671) - ceph: fix deadlock or deadcode of misusing dget() (CVE-2023-52583) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update - [x86] scsi: isci: Fix an error code problem in isci_io_request_build() - ixgbe: Refactor returning internal error codes - ixgbe: Refactor overtemp event handling - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses - llc: call sock_orphan() at release time (CVE-2024-26625) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger - net: ipv4: fix a memleak in ip_setup_cork (regression in 4.19.91) - HID: apple: Add support for the 2021 Magic Keyboard - HID: apple: Swap the Fn and Left Control keys on Apple keyboards - HID: apple: Add 2021 magic keyboard FN key mapping - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (CVE-2024-26600) - hwmon: (aspeed-pwm-tacho) mutex for tach reading - [x86] hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664) - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping (regression in 4.19.264) - inet: read sk->sk_family once in inet_recv_error() (CVE-2024-26679) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (CVE-2024-26663) - ppp_async: limit MRU to 64K (CVE-2024-26675) - netfilter: nft_compat: reject unused compat flag - netfilter: nft_compat: restrict match/target protocol to u16 - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e - USB: serial: option: add Fibocom FM101-GL variant - USB: serial: cp210x: add ID for IMST iM871A-USB - [x86] Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID - vhost: use kzalloc() instead of kmalloc() followed by memset() (CVE-2024-0340) - hrtimer: Report offline hrtimer enqueue (regression in 4.19.302) - btrfs: forbid creating subvol qgroups - btrfs: send: return EOPNOTSUPP on unknown flags - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (CVE-2024-26722) - i40e: Fix waiting for queues of all VSIs to be disabled - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace - HID: wacom: Do not register input devices until after hid_hw_start - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT - usb: f_mass_storage: forbid async queue when shutdown happen - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" (regression in 4.19.295) (CVE-2024-26917) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (CVE-2024-26825) - xen-netback: properly sync TX responses - binder: signal epoll threads of self-work (CVE-2024-26606) - ext4: fix double-free of blocks due to wrong extents moved_len (CVE-2024-26704) - ring-buffer: Clean ring_buffer_poll_wait() error return - ALSA: hda/conexant: Add quirk for SWS JS201D - nilfs2: fix data corruption in dsync block recovery for small block sizes (CVE-2024-26697) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (CVE-2024-26696) - pmdomain: core: Move the unused cleanup to a _sync initcall - sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602) - nilfs2: fix potential bug in end_buffer_async_write (CVE-2024-26685) - lsm: new security_file_ioctl_compat() hook - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (CVE-2024-0607) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308 - net/sched: Retire CBQ qdisc - net/sched: Retire ATM qdisc - net/sched: Retire dsmark qdisc - [arm*] stmmac: no need to check return value of debugfs_create functions - [arm*] net: stmmac: fix notifier registration (regression in 4.19.283) - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() - nilfs2: replace WARN_ONs for invalid DAT metadata block requests - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset - sched/rt: Disallow writing invalid values to sched_rt_period_us - scsi: target: core: Add TMF to tmr_list handling (CVE-2024-26845) - wifi: cfg80211: fix missing interfaces when dumping - wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779) - [x86] fbdev: savage: Error out if pixclock equals zero (CVE-2024-26778) - [x86] fbdev: sis: Error out if pixclock equals zero (CVE-2024-26777) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772) - [arm64] regulator: pwm-regulator: Add validity checks in continuous .get_voltage - [x86] hwmon: (coretemp) Enlarge per package core count limit - firewire: core: send bus reset promptly on gap count error - virtio-blk: Ensure no requests in virtqueues before deleting vqs. - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (regression in 4.19.291) (CVE-2024-26766) - mm: memcontrol: switch to rcu protection in drain_all_stock() - dm-crypt: don't modify the data when using authenticated encryption (CVE-2024-26763) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (CVE-2024-26754) - l2tp: pass correct message length to ip6_append_data (regression in 4.19.296) (CVE-2024-26752) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (CVE-2024-27405) - usb: roles: don't get/set_role() when usb_role_switch is unregistered - [amd64] IB/hfi1: Fix a memleak in init_credit_return (CVE-2024-26839) - RDMA/bnxt_re: Return error for SRQ resize - RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744) - RDMA/ulp: Use dev_name instead of ibdev->name - RDMA/srpt: Make debug output more detailed - ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) - PCI/MSI: Prevent MSI hardware interrupt number truncation - [arm*] KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() - [arm*] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (CVE-2024-26764) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.309 - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (CVE-2024-26805 - tun: Fix xdp_rxq_info's queue_index when detaching - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (regression in 4.19.297) - Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (regression in 4.19.297) (CVE-2024-27416) - Bluetooth: Enforce validation on max value of connection interval (regression in 4.19.76) - efi/capsule-loader: fix incorrect allocation size (CVE-2024-27413) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (CVE-2024-27412) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (CVE-2024-26793) - wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410) - btrfs: dev-replace: properly validate device names (CVE-2024-26791) - mmc: core: Fix eMMC initialization with 1-bit bus connection - cachefiles: fix memory leak in cachefiles_add_cache() (CVE-2024-26840) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.310 - lan78xx: Add missing return code checks - lan78xx: Fix partial packet errors on suspend/resume - lan78xx: Fix race conditions in suspend/resume handling - net: lan78xx: fix runtime PM count underflow on link stop - net: move definition of pcpu_lstats to header file - geneve: make sure to pull inner header in geneve_rx() (CVE-2024-26857) - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) - net/rds: fix WARNING in rds_conn_connect_if_down (CVE-2024-27024) - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851) - [x86] netrom: Fix data-races around sysctl variables (CVE-2024-27419) - btrfs: ref-verify: free ref cache before clearing mount opt - [x86] Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU - [x86] hv_netvsc: Make netvsc/VF binding check both MAC and serial number - [x86] hv_netvsc: use netif_is_bond_master() instead of open code - [x86] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (CVE-2024-26820) - getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() - getrusage: use __for_each_thread() - getrusage: use sig->stats_lock rather than lock_task_sighand() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311 - ASoC: rt5645: Make LattePanda board DMI match more precise - [x86] xen: Add some null pointer checking to smp.c - block: sed-opal: handle empty atoms when parsing response - dm-verity, dm-crypt: align "struct bvec_iter" correctly - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (CVE-2024-22099, CVE-2024-26903) - firewire: core: use long bus reset on gap count error - [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet - [i386] Input: gpio_keys_polled - suppress deferred probe error for gpio - crypto: algif_aead - fix uninitialized ctx->init - crypto: af_alg - make some functions static - crypto: algif_aead - Only wake up when ctx->more is zero - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901) - md: switch to ->check_events for media change notifications - block: add a new set_read_only method - md: implement ->set_read_only to hook into BLKROSET processing - md: Don't clear MD_CLOSING when the raid is about to stop - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (CVE-2023-6270) - timekeeping: Fix cross-timestamp interpolation on counter wrap - timekeeping: Fix cross-timestamp interpolation corner case decision - [arm*] timekeeping: Fix cross-timestamp interpolation for non-x86 - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042) - b43: dma: Fix use true/false for bool type variable - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (CVE-2023-52644) - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled - b43: main: Fix use true/false for bool type - wifi: b43: Stop correct queue in DMA worker when QoS is disabled - wifi: b43: Disable QoS for bcm4331 - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() - sock_diag: annotate data-races around sock_diag_handlers[family] - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (CVE-2024-35828) - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (CVE-2024-26894) - [amd64] iommu/amd: Mark interrupt as managed - wifi: brcmsmac: avoid function pointer casts - ACPI: scan: Fix device check notification handling - [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816) - SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388) - [armhf] mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function - igb: move PEROUT and EXTTS isr logic to separate functions - igb: Fix missing time sync events - Bluetooth: Remove superfluous call to hci_conn_check_pending() - Bluetooth: hci_core: Fix possible buffer overflow (CVE-2024-26889) - sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651) - [armhf,i386] bpf: Fix hashtab overflow check on 32-bit arches (CVE-2024-26884) - [armhf,i386] bpf: Fix stackmap overflow check on 32-bit arches (CVE-2024-26883) - ipv6: fib6_rules: flush route cache when rule is changed - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function - net/x25: fix incorrect parameter validation in the x25_getsockopt() function - nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) - dm raid: fix false positive for requeue needed during reshape - dm: call the resume method on internal suspend (CVE-2024-26880) - [arm*] drm/tegra: dsi: Add missing check for of_find_device_by_node (CVE-2023-52650) - [arm*] gpu: host1x: mipi: Update tegra_mipi_request() to be node based - [arm*] drm/tegra: dsi: Make use of the helper function dev_err_probe() - [arm*] drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() - [arm*] drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() - [arm*] drm/rockchip: inno_hdmi: Fix video timing - drm: Don't treat 0 as -1 in drm_fixp2int_ceil - [arm*] drm/rockchip: lvds: do not overwrite error code - [arm*] drm/rockchip: lvds: do not print scary message when probing defer - media: tc358743: register v4l2 async device only after successful setup (CVE-2024-35830) - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() - media: v4l2-tpg: fix some memleaks in tpg_alloc (CVE-2024-27078) - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (CVE-2024-27077) - media: dvbdev: remove double-unlock - media: dvbdev: Fix memleak in dvb_register_device - media: dvbdev: fix error logic at dvb_register_device() - media: dvb-core: Fix use-after-free due to race at dvb_register_device() - media: edia: dvbdev: fix a use-after-free (CVE-2024-27043) - [arm64] clk: qcom: reset: Allow specifying custom reset delay - [arm64] clk: qcom: reset: support resetting multiple bits - [arm64] clk: qcom: reset: Commonize the de/assert functions - [arm64] clk: qcom: reset: Ensure write completion on reset de/assertion - quota: check time limit when back out space/inode change - quota: simplify drop_dquot_ref() - quota: Fix potential NULL pointer dereference (CVE-2024-26878) - quota: Fix rcu annotations of inode dquot pointers - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() - ALSA: seq: fix function cast warnings - media: go7007: add check of return value of go7007_read_addr() - media: pvrusb2: fix pvr2_stream_callback casts - [arm64] firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface - [arm64] clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken - [arm64] clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() - [arm*] drm/tegra: put drm_gem_object ref on error in tegra_fb_create - [arm*] mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref - [arm*] crypto: arm - Rename functions to avoid conflict with crypto/sha256.h - [arm*] crypto: arm/sha - fix function cast warnings - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() - media: pvrusb2: fix uaf in pvr2_context_set_notify (CVE-2024-26875) - media: dvb-frontends: avoid stack overflow warnings with clang (CVE-2024-27075) - media: go7007: fix a memleak in go7007_load_encoder (CVE-2024-27074) - [arm*] drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (CVE-2024-26874) - ALSA: usb-audio: Stop parsing channels bits when all channels are found. (CVE-2024-27436) - scsi: csiostor: Avoid function pointer casts - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() - NFS: Fix an off by one in root_nfs_cat() - [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay - [armhf] tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT - kconfig: fix infinite loop when expanding a macro at the end of file - serial: 8250_exar: Don't remove GPIO device on suspend - hsr: Fix uninit-value access in hsr_get_node() (CVE-2024-26863) - rds: introduce acquire/release ordering in acquire/release_in_xmit() - net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859) - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (CVE-2024-27028) - crypto: af_alg - Fix regression on empty requests - crypto: af_alg - Work around empty control messages without MSG_MORE https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312 - [x86] cpu: Support AMD Automatic IBRS - [x86] bugs: Use sysfs_emit() - timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps - timer/trace: Improve timer tracing - timers: Prepare support for PREEMPT_RT - timers: Use del_timer_sync() even on UP - timers: Rename del_timer_sync() to timer_delete_sync() - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach (CVE-2023-47233) - media: xc4000: Fix atomicity violation in xc4000_get_frequency (CVE-2024-24861) - [x86] KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976) - [x86] crypto: qat - fix double free during reset - [x86] crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) - fat: fix uninitialized field in nostale filehandles (CVE-2024-26973) - ubifs: Set page uptodate in the correct place (CVE-2024-35821) - ubi: Check for too small LEB size in VTBL code (CVE-2024-25739) - ubi: correct the calculation of fastmap size - PM: suspend: Set mem_sleep_current during kernel command line setup - [arm64] clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays (CVE-2024-26969) - [armhf] clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays (CVE-2024-26966) - [armhf] clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays (CVE-2024-26965) - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB - USB: serial: add device ID for VeriFone adapter - USB: serial: cp210x: add ID for MGP Instruments PDS100 - USB: serial: option: add MeiG Smart SLM320 product - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M - PM: sleep: wakeirq: fix wake irq warning in system suspend (regression in 4.19.291) - fuse: don't unhash root (regression in 4.19.226) - PCI: Drop pci_device_remove() test of pci_dev->driver - PCI/PM: Drain runtime-idle callbacks before driver removal (CVE-2024-35809) - dm-raid: fix lockdep waring in "pers->hot_add_disk" - mmc: core: Fix switch on gp3 partition - hwmon: (amc6821) add of_match table - ext4: fix corruption during on-line resize (CVE-2024-35807) - speakup: Fix 8bit characters from direct synth - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (CVE-2024-35806) - soc: fsl: qbman: Use raw spinlock for cgr_lock (CVE-2024-35819) - [armhf] drm/imx/ipuv3: do not return negative values from .get_modes() - [arm*] drm/vc4: hdmi: do not return negative values from .get_modes() - [x86] memtest: use {READ,WRITE}_ONCE in memory scanning - nilfs2: fix failure to detect DAT corruption in btree and direct mappings (CVE-2024-26956) - nilfs2: use a more common logging style - nilfs2: prevent kernel bug at submit_bh_wbc() (CVE-2024-26955) - [x86] CPU/AMD: Update the Zenbleed microcode revisions - [x86] comedi: comedi_test: Prevent timers rescheduling during deletion - netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) - netfilter: nf_tables: reject constant set with timeout - xfrm: Avoid clang fortify warning in copy_to_user_tmpl() - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059) - usb: gadget: ncm: Fix handling of zero block length packets (regression in 4.19.297) (CVE-2024-35825) - usb: port: Don't try to peer unused USB ports based on location - vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823) - vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) - mm/memory-failure: fix an incorrect use of tail pages - mm/migrate: set swap entry values of THP tail pages properly. - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (CVE-2024-35789) - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (CVE-2024-35815) - printk: Update @console_may_schedule in console_trylock_spinning() - btrfs: allocate btrfs_ioctl_defrag_range_args on stack - Revert "loop: Check for overflow while configuring loop" - loop: Call loop_config_discard() only after new config is applied - loop: Factor out setting loop device size - loop: Refactor loop_set_status() size calculation - loop: properly observe rotational flag of underlying device - perf/core: Fix reentry problem in perf_output_read_group() - efivarfs: Request at most 512 bytes for variable names - loop: Factor out configuring loop from status - loop: Check for overflow while configuring loop - loop: loop_set_status_from_info() check before assignment - usb: dwc2: host: Fix remote wakeup from hibernation - usb: dwc2: host: Fix hibernation flow - usb: dwc2: host: Fix ISOC flow in DDMA mode - usb: dwc2: gadget: LPM flow fix - usb: udc: remove warning when queue disabled ep (CVE-2024-35822) - scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931) - [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled - scsi: lpfc: Correct size for wqe for memset() - USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934) - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (CVE-2024-35915) - mptcp: add sk_stop_timer_sync helper - tcp: properly terminate timers for kernel sockets (CVE-2024-35910) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d - Bluetooth: hci_event: set the conn encrypted before conn establishes - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857, CVE-2024-24858) - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620) - net/rds: fix possible cp null dereference (CVE-2024-35902) - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) - net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893) - [arm*] net: stmmac: fix rx queue priority assignment - ipv6: Fix infinite recursion in fib6_dump_done(). (CVE-2024-35886) - i40e: fix vf may be used uninitialized in this function warning (regression in 4.19.264) (CVE-2024-36020) - initramfs: factor out a helper to populate the initrd image - fs: add a vfs_fchown helper - fs: add a vfs_fchmod helper - initramfs: switch initramfs unpacking to struct file based APIs - init: open /initrd.image with O_LARGEFILE - erspan: Add type I version 0 support. - erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888) - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit - [x86] ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone - wifi: ath9k: fix LNA selection in ath_ant_try_scan() - [x86] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (CVE-2024-35944) - [arm64] dts: rockchip: fix rk3399 hdmi ports node - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (CVE-2024-35936) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() - btrfs: send: handle path ref underflow in header iterate_inode_ref() (CVE-2024-35935) - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (CVE-2024-35933) - Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails - sysv: don't call sb_bread() with pointers_lock held (CVE-2023-52699) - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930) - isofs: handle CDs with bad root inode but good Joliet root directory - [i386] drm/amd/display: Fix nanosec stat overflow - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int - block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925) - Input: allocate keycode for Display refresh rate toggle - [x86] fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 - fbmon: prevent division by zero in fb_videomode_from_videomode() (CVE-2024-35922) - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (CVE-2023-52880) - virtio: reenable config if freezing device failed - x86/mm/pat: fix VM_PAT handling in COW mappings (CVE-2024-35877) - Bluetooth: btintel: Fixe build regression - [x86] VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() - erspan: Check IFLA_GRE_ERSPAN_VER is set. - ip_gre: do not report erspan version on GRE interface - initramfs: fix populate_initrd_image() section mismatch - [amd64] amdkfd: use calloc instead of kzalloc to avoid integer overflow (CVE-2024-26817) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.313 - batman-adv: Avoid infinite loop trying to resize local TT (CVE-2024-35982) - Bluetooth: Fix memory leak in hci_req_sync_complete() (CVE-2024-35978) - nouveau: fix function cast warning - geneve: fix header validation in geneve[6]_xmit_skb (regression in 4.19.191) (CVE-2024-35973) - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969) - net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) - vhost: Add smp_rmb() in vhost_vq_avail_empty() - [x86] apic: Force native_apic_mem_read() to use the MOV instruction - btrfs: record delayed inode root in transaction - kprobes: Fix possible use-after-free issue on kprobe registration (regression in 4.19.256) (CVE-2024-35955) - netfilter: nf_tables: __nft_expr_type_get() selects specific family type - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020) - tun: limit printing rate when illegal packet received by tun dev (CVE-2024-27013) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (regression in 4.19.258) - drm: nv04: Fix out of bounds access (CVE-2024-27008) - [x86] comedi: vmk80xx: fix incomplete endpoint checking (CVE-2024-27001) - USB: serial: option: add Fibocom FM135-GL variants - USB: serial: option: add support for Fibocom FM650/FG650 - USB: serial: option: add Lonsung U8300/U9300 product - USB: serial: option: support Quectel EM060K sub-models - USB: serial: option: add Rolling RW101-GL and RW135-GL support - USB: serial: option: add Telit FN920C04 rmnet compositions - [arm*] usb: dwc2: host: Fix dereference issue in DDMA completion flow. (CVE-2024-26997) - speakup: Avoid crash on very long word (CVE-2024-26994) - fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) - nouveau: fix instmem race condition around ptr stores (CVE-2024-26984) - nilfs2: fix OOB in nilfs_set_de_type (CVE-2024-26981) - tracing: Remove hist trigger synth_var_refs - tracing: Use var_refs[] for hist trigger reference checking - [arm64] dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma - [arm64] dts: mediatek: mt7622: fix IR nodename - [arm64] dts: mediatek: mt7622: fix ethernet controller "compatible" - [arm64] dts: mediatek: mt7622: drop "reset-names" from thermal block - net: usb: ax88179_178a: stop lying about skb->truesize (regression in 4.19.251) - net: gtp: Fix Use-After-Free in gtp_dellink (CVE-2024-27396) - ipvs: Fix checksumming on GSO of SCTP packets - net: openvswitch: ovs_ct_exit to be done under ovs_lock - net: openvswitch: Fix Use-After-Free in ovs_ct_exit (CVE-2024-27395) - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004) - serial: core: Provide port lock wrappers - drm/amdgpu: restrict bo mapping within gpu address limits - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va - drm/amdgpu: validate the parameters of bo mapping operations more clearly (CVE-2024-26922) - tracing: Show size of requested perf buffer - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (CVE-2024-35849) - [arm64] dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma - [arm*] irqchip/gic-v3-its: Prevent double free on error (CVE-2024-35847) - [x86] net: b44: set pause params only when interface is up - [x86] mtd: diskonchip: work around ubsan link failure - tcp: Clean up kernel listener's reqsk in inet_twsk_purge() - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() - [x86] idma64: Don't try to serve interrupts when device is powered off - i2c: smbus: fix NULL function pointer dereference (CVE-2024-35984) - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (CVE-2024-35997) - udp: preserve the connected status if only UDP cmsg https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.314 - wifi: nl80211: don't free NULL coalescing rule (CVE-2024-36941) - [amd64] drm/amdkfd: change system memory overcommit limit - [amd64] drm/amdgpu: Fix leak when GPU memory allocation fails - net: slightly optimize eth_type_trans - ethernet: add a helper for assigning port addresses - ethernet: Add helper for assigning packet type when dest address does not match device address - pinctrl: core: delete incorrect free in pinctrl_enable() (CVE-2024-36940) - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (CVE-2024-36959) - bna: ensure the copied buf is NUL terminated (CVE-2024-36934) - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (CVE-2024-36933) - net l2tp: drop flow hash on forward - [arm*] net: dsa: mv88e6xxx: Add number of MACs in the ATU - [arm*] net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 - net: bridge: fix multicast-to-unicast with fraglist GSO - tipc: fix a possible memleak in tipc_buf_append (regression in 4.19.193) (CVE-2024-36954) - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic - gfs2: Fix invalid metadata access in punch_hole - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc - net: mark racy access on sk->sk_rcvbuf - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (CVE-2024-36919) - ALSA: line6: Zero-initialize message buffers - firewire: ohci: mask bus reset interrupts between ISR and bottom half (CVE-2024-36950) - [x86] tools/power turbostat: Fix added raw MSR output - [x86] tools/power turbostat: Fix Bzy_MHz documentation typo - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve - btrfs: always clear PERTRANS metadata during commit - scsi: target: Fix SELinux error when systemd-modules loads the target module - fs/9p: only translate RWX permissions for plain 9P2000 (CVE-2024-36964) - fs/9p: translate O_TRUNC into OTRUNC - 9p: explicitly deny setlease attempts - fs/9p: drop inodes immediately on non-.L too - net:usb:qmi_wwan: support Rolling modules - tcp: remove redundant check on tskb - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (CVE-2024-36905) - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904) - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (regression in 4.19.207) (CVE-2024-27398) - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399) - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017) - phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946) - net: bridge: fix corrupted ethernet header on multicast-to-unicast - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CVE-2024-36902) - af_unix: Do not use atomic ops for unix_sk(sk)->inflight. - af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) - firewire: nosy: ensure user_length is taken into account when fetching packet contents (CVE-2024-27401) - usb: gadget: composite: fix OS descriptors w_value logic - usb: gadget: f_fs: Fix a race condition when processing setup packets. - tipc: fix UAF in error path (CVE-2024-36886) - dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947) - [x86] drm/vmwgfx: Fix invalid reads in fence signaled events (CVE-2024-36960) - net: fix out-of-bounds access in ops_init (CVE-2024-36883) - af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.315 - dm: limit the number of targets and parameter size area (CVE-2023-52429) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() - tracing: Simplify creation and deletion of synthetic events - tracing: Add unified dynamic event framework - tracing: Use dyn_event framework for synthetic events - tracing: Remove unneeded synth_event_mutex - tracing: Consolidate trace_add/remove_event_call back to the nolock functions - string.h: Add str_has_prefix() helper function - tracing: Use str_has_prefix() helper for histogram code - tracing: Use str_has_prefix() instead of using fixed sizes - tracing: Have the historgram use the result of str_has_prefix() for len of prefix - tracing: Refactor hist trigger action code - tracing: Split up onmatch action data - tracing: Generalize hist trigger onmax and save action - tracing: Remove unnecessary var_ref destroy in track_data_destroy() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316 - [x86] tsc: Trust initial offset in architectural TSC-adjust MSRs - speakup: Fix sizeof() vs ARRAY_SIZE() bug (CVE-2024-38587) - ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601) - nilfs2: fix unexpected freezing of nilfs_segctor_sync() - nilfs2: fix potential hang in nilfs_detach_log_writer() (CVE-2024-38582) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class - net: usb: qmi_wwan: add Telit FN920C04 compositions - drm/amd/display: Set color_mgmt_changed to true on unsuspend - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating - ASoC: da7219-aad: fix usage of device_get_named_child_node() - crypto: bcm - Fix pointer arithmetic (CVE-2024-38579) - [arm*] firmware: raspberrypi: Use correct device for DMA mappings - ecryptfs: Fix buffer size for tag 66 packet (CVE-2024-38578) - nilfs2: fix out-of-range warning - jffs2: prevent xattr node from overflowing the eraseblock (CVE-2024-38599) - null_blk: Fix missing mutex_destroy() at module removal - md: fix resync softlockup when bitmap size is less than array size (regression in 4.19.291) (CVE-2024-38598) - [arm64] power: supply: cros_usbpd: provide ID table for avoiding fallback match - nfsd: drop st_mutex before calling move_to_close_lru() - wifi: ath10k: poll service ready message before failing - [x86] boot: Ignore relocations in .notes sections in walk_relocs() too - qed: avoid truncating work queue length - scsi: ufs: cleanup struct utp_task_req_desc - scsi: ufs: add a low-level __ufshcd_issue_tm_cmd helper - scsi: ufs: core: Perform read back after disabling interrupts - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL - scsi: libsas: Fix the failure of adding phy with zero-address to port - scsi: hpsa: Fix allocation size for Scsi_Host private data - [x86] purgatory: Switch to the position-independent small code model (regression in 4.19.74) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() - wifi: ath10k: populate board data for WCN3990 - wifi: carl9170: add a proper sanity check for endpoints (CVE-2024-38567) - wifi: ar5523: enable proper endpoint verification (CVE-2024-38565) - scsi: bfa: Ensure the copied buf is NUL terminated (CVE-2024-38560) - scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) - wifi: mwl8k: initialize cmd->addr[] properly - net: usb: sr9700: stop lying about skb->truesize - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (CVE-2024-38596) - net: usb: smsc95xx: stop lying about skb->truesize - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (CVE-2024-38558) - ipv6: sr: add missing seg6_local_exit - ipv6: sr: fix incorrect unregister order - ipv6: sr: fix invalid unregister error path (CVE-2024-38612) - drm/amd/display: Fix potential index out of bounds in color transformation function (CVE-2024-38552) - mtd: rawnand: hynix: fixed typo - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (CVE-2024-38549) - media: ngene: Add dvb_ca_en50221_init return value check - media: radio-shark2: Avoid led_names truncations - [arm64] drm/arm/malidp: fix a possible null pointer dereference (CVE-2024-36014) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value - [arm64] RDMA/hns: Use complete parentheses in macros - [x86] insn: Fix PUSH instruction in x86 instruction decoder opcode map - ext4: avoid excessive credit estimate in ext4_tmpfile() - SUNRPC: Fix gss_free_in_token_pages() - RDMA/IPoIB: Fix format truncation compilation errors - [x86] netrom: fix possible dead-lock in nr_rt_ioctl() (CVE-2024-38589) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (regression in 4.19.57) - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level - greybus: lights: check return of get_channel_from_mode (CVE-2024-38637) - [x86] dmaengine: idma64: Add check for dma_set_max_seg_size - firmware: dmi-id: add a release callback function - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (CVE-2024-38634) - serial: max3100: Update uart_driver_registered on driver removal (CVE-2024-38633) - usb: gadget: u_audio: Clear uac pointer when freed. - stm class: Fix a double free in stm_register_device() (CVE-2024-38627) - [x86] ppdev: Remove usage of the deprecated ida_simple_xx() API - [x86] ppdev: Add an error check in register_device (CVE-2024-36015) - f2fs: add error prints for debugging mount failure - f2fs: fix to release node block count in error path of f2fs_new_node_page() - libsubcmd: Fix parse-options memory leak - [arm64] drm/msm/dpu: use kms stored hw mdp block - um: Add winch to winch_handlers before registering winch IRQ (CVE-2024-39292) - media: stk1160: fix bounds checking in stk1160_copy_video() (CVE-2024-38621) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh - media: cec: cec-api: add locking in cec_release() - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() - [x86] kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y - nfc: nci: Fix uninit-value in nci_rx_work (CVE-2024-38381) - ipv6: sr: fix memleak in seg6_hmac_init_algo - params: lift param_set_uint_minmax to common code - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CVE-2024-37356) - openvswitch: Set the skbuff pkt_type for proper pmtud support. - [arm64] asm-bug: Add .align 2 to the end of __BUG_ENTRY - virtio: delete vq in vp_find_vqs_msix()< when request_irq() fails (CVE-2024-37353) - [armhf] net: fec: avoid lock evasion when reading pps_enable - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286) - spi: Don't mark message DMA mapped when no transfer in it is - nvmet: fix ns enable/disable possible hang - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (CVE-2024-38780) - enic: Validate length of nl attributes in enic_set_vf_port (CVE-2024-38659) - smsc95xx: remove redundant function arguments - smsc95xx: use usbnet->driver_priv - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM - [armhf] net:fec: Add fec_enet_deinit() - kconfig: fix comparison to constant symbols, 'm', 'n' - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (CVE-2024-33621) - ALSA: timer: Set lower bound of start tick time (CVE-2024-38618) - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (CVE-2024-31076) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (regression in 4.19.99) (CVE-2024-36288) - binder: fix max_thread type inconsistency - mmc: core: Do not force a retune before RPMB switch - nilfs2: fix use-after-free of timer for log writer thread (CVE-2024-38583) - neighbour: fix unaligned access to pneigh_entry - [i386] ata: pata_legacy: make legacy_exit() work again - [arm64] tegra: Correct Tegra132 I2C alias - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (regression in 4.19.262) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU - [arm64] dts: hi3798cv200: fix the size of GICR - media: mxl5xx: Move xpt structures off stack - media: v4l2-core: hold videodev_lock until dev reg, finishes - [x86] fbdev: savage: Handle err return when savagefb_check_var failed - netfilter: nf_tables: pass context to nft_set_destroy() - netfilter: nftables: rename set element data activation/deactivation functions - netfilter: nf_tables: drop map element references from preparation phase - netfilter: nft_set_rbtree: allow loose matching of closing element in interval - netfilter: nft_set_rbtree: Add missing expired checks - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection - netfilter: nft_set_rbtree: fix null deref on element insertion - netfilter: nft_set_rbtree: fix overlap expiration walk - netfilter: nf_tables: don't skip expired elements during walk - netfilter: nf_tables: GC transaction API to avoid race with control plane - netfilter: nf_tables: adapt set backend to use GC transaction API - netfilter: nf_tables: remove busy mark and gc batch API - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path - netfilter: nf_tables: GC transaction race with netns dismantle - netfilter: nf_tables: GC transaction race with abort path - netfilter: nf_tables: defer gc run if previous batch is still pending - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration - netfilter: nf_tables: fix memleak when more than 255 elements expired - netfilter: nf_tables: unregister flowtable hooks on netns exit - netfilter: nf_tables: double hook unregistration in netns path - netfilter: nftables: update table flags from the commit phase - netfilter: nf_tables: fix table flag updates - netfilter: nf_tables: disable toggling dormant table state more than once - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19) - netfilter: nft_dynset: fix timeouts later than 23 days - netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628) - netfilter: nft_dynset: report EOPNOTSUPP on missing set feature - netfilter: nft_dynset: relax superfluous check on set updates - netfilter: nf_tables: mark newset as dead on transaction abort - netfilter: nf_tables: skip dead set elements in netlink dump - netfilter: nf_tables: validate NFPROTO_* family - netfilter: nft_set_rbtree: skip end interval element from gc - netfilter: nf_tables: set dormant flag on hook register failure - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() - netfilter: nf_tables: do not compare internal table flags on updates - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout - netfilter: nf_tables: reject new basechain after table flag update - netfilter: nf_tables: discard table flag update with pending basechain deletion - [arm64] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode - [x86] crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak - net/9p: fix uninit-value in p9_client_rpc() - [x86] intel_th: pci: Add Meteor Lake-S CPU support - net: fix __dst_negative_advice() race (CVE-2024-36971) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() - nfs: fix undefined behavior in nfs_block_bits() [ Ben Hutchings ] * Bump ABI to 27 * ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386) * [rt] Update to 4.19.315-rt135: - Drop "crypto: scompress - serialize RT percpu scratch buffer access with a local lock", redundant with changes in 4.19.306 - Drop patches to timer subsystem that were included in 4.19.312 -- Ben Hutchings Tue, 25 Jun 2024 20:32:46 +0200 linux (4.19.304-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.290 - xen/netback: Fix buffer overrun triggered by unusual packet (CVE-2023-34319) - [x86] fix backwards merge of GDS/SRSO bit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.291 - gfs2: Don't deref jdesc in evict (CVE-2023-3212) - [x86] smp: Use dedicated cache-line for mwait_play_dead() - drm/edid: Fix uninitialized variable in drm_cvt_modes() - drm/amdgpu: Validate VM ioctl flags. - treewide: Remove uninitialized_var() usage - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter - md/raid10: fix overflow of md/safe_mode_delay - md/raid10: fix wrong setting of max_corr_read_errors - md/raid10: fix io loss while replacement replace rdev - clocksource/drivers: Unify the names to timer-* format - PM: domains: fix integer overflow issues in genpd_parse_state() - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx - nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() - [x86] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() - [x86] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() - [x86] wifi: atmel: Fix an error handling path in atmel_probe() - net: create netdev->dev_addr assignment helpers - [x86] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() - [x86] wifi: ray_cs: Utilize strnlen() in parse_addr() - [x86] wifi: ray_cs: Fix an error handling path in ray_probe() - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes - watchdog/perf: more properly prevent false positives with turbo modes - kexec: fix a memory leak in crash_shrink_memory() - memstick r592: make memstick_debug_get_tpc_name() static - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (regression in 4.19.205) - wifi: ath9k: convert msecs to jiffies where needed - netlink: fix potential deadlock in netlink_set_err() - netlink: do not hard code device address lenth in fdb dumps - gtp: Fix use-after-free in __gtp_encap_destroy(). - lib/ts_bm: reset initial match offset for every block of text - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. - ipvlan: Fix return value of ipvlan_queue_xmit() - netlink: Add __sock_i_ino() for __netlink_diag_dump(). - radeon: avoid double free in ci_dpm_init() - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H - [x86] ASoC: es8316: Increment max value for ALC Capture Target Volume control - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors - drm/radeon: fix possible division-by-zero errors - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() - [x86] pinctrl: cherryview: Return correct value if pin in push-pull mode - perf dwarf-aux: Fix off-by-one in die_get_varname() - hwrng: virtio - add an internal buffer - hwrng: virtio - don't wait on cleanup - hwrng: virtio - don't waste entropy - hwrng: virtio - always add a pending request - hwrng: virtio - Fix race on data_avail and actual data - modpost: fix section mismatch message for R_ARM_ABS32 - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} - USB: serial: option: add LARA-R6 01B PIDs - block: change all __u32 annotations to __be32 in affs_hardblocks.h - w1: fix loop in w1_fini() - media: usb: Check az6007_read() return value - media: usb: siano: Fix warning due to null work_func_t function pointer (regression in 4.19.276) - [x86] mfd: intel-lpss: Add missing check for platform_get_resource - [armhf] mfd: stmpe: Only disable the regulators if they are enabled - sctp: fix potential deadlock on &net->sctp.addr_wq_lock (regression in 4.19.191) - tg3: Add MODULE_FIRMWARE() for FIRMWARE_TG357766. - f2fs: fix error path handling in truncate_dnode() - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode - tcp: annotate data races in __tcp_oow_rate_limited() - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX - ALSA: jack: Fix mutex call in snd_jack_report() (regression in 4.19.247) - NFSD: add encoding of op_recall flag for write delegation - mmc: core: disable TRIM on Kingston EMMC04G-M627 - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M - bcache: Remove unnecessary NULL point check in node allocations - integrity: Fix possible multiple allocation in integrity_inode_get() - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() - btrfs: fix race when deleting quota root from the dirty cow roots list - netfilter: nf_tables: fix nat hook table deletion - netfilter: nf_tables: add rescheduling points during loop detection walks - netfilter: nftables: add helper function to set the base sequence number - netfilter: add helper function to set up the nfnetlink header and use it - netfilter: nf_tables: use net_generic infra for transaction data - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (CVE-2023-3390) - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/ chain - netfilter: nf_tables: reject unbound anonymous set before commit phase - netfilter: nf_tables: unbind non-anonymous set if rule construction fails - netfilter: nf_tables: fix scheduling-while-atomic splat - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (CVE-2023-35001) - net: lan743x: Don't sleep in atomic context - workqueue: clean up WORK_* constant types, clarify masking - [arm*] net: mvneta: fix txq_map in case of txq_number==1 - vrf: Increment Icmp6InMsgs on the original netdev - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). - udp6: fix udp6_ehashfn() typo - ipv6/addrconf: fix a potential refcount underflow for idev - [x86] wifi: airo: avoid uninitialized warning in airo_get_rate() - net/sched: make psched_mtu() RTNL-less safe - pinctrl: amd: Fix mistake in handling clearing pins at startup - pinctrl: amd: Detect internal GPIO0 debounce handling - pinctrl: amd: Only use special debounce behavior for GPIO 0 - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() - [x86] perf intel-pt: Fix CYC timestamps after standalone CBR - ext4: fix wrong unit use in ext4_mb_clear_bb - ext4: only update i_reserved_data_blocks on successful block allocation - jfs: jfs_dmap: Validate db_l2nbperpage while mounting - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked - md/raid0: add discard support for the 'original' layout - fs: dlm: return positive pid value for F_GETLK - [armhf] hwrng: imx-rngc - fix the timeout for init and self check - ceph: don't let check_caps skip sending responses for revoke msgs - [arm*] meson saradc: fix clock divider mask length - [armhf] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error - [armhf] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk - ring-buffer: Fix deadloop issue on reading trace_pipe - scsi: qla2xxx: Wait for io return on terminate rport - scsi: qla2xxx: Fix potential NULL pointer dereference - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() - scsi: qla2xxx: Pointer may be dereferenced - drm/atomic: Fix potential use-after-free in nonblocking commits - tracing/histograms: Add histograms to hist_vars if they have referenced variables - fuse: revalidate: don't invalidate if interrupted - can: bcm: Fix UAF in bcm_proc_show() - ext4: correct inline offset when handling xattrs in inode body - nbd: Add the maximum limit of allocated index in nbd_dev_add - md: fix data corruption for raid456 when reshape restart while grow up - md/raid10: prevent soft lockup while flush writes - posix-timers: Ensure timer ID search-loop limit is valid - sched/fair: Don't balance task to its current running CPU - bpf: Address KCSAN report on bpf_lru_list - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() - wifi: iwlwifi: mvm: avoid baid size integer overflow - igb: Fix igb_down hung on surprise removal - pinctrl: amd: Use amd_pinconf_set() for all config options - [armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/ cpsw_ale_set_field() - net:ipv6: check return value of pskb_trim() - Revert "tcp: avoid the lookup process failing to get sk in ehash table" (regression in 4.19.272) - llc: Don't drop packet from non-root netns. - netfilter: nf_tables: fix spurious set element insertion failure - netfilter: nf_tables: can't schedule in nft_chain_validate - net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX - tcp: annotate data-races around tp->linger2 - tcp: annotate data-races around rskq_defer_accept - tcp: annotate data-races around tp->notsent_lowat - tcp: annotate data-races around fastopenq.max_qlen - tracing/histograms: Return an error if we fail to add histogram to hist_vars list - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent - btrfs: fix extent buffer leak after tree mod log failure at split_node() - ext4: Fix reusing stale buffer heads from last failed mounting - PCI: Rework pcie_retrain_link() wait loop - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() - PCI/ASPM: Factor out pcie_wait_for_retrain() - PCI/ASPM: Avoid link retraining race - dlm: cleanup plock_op vs plock_xop - dlm: rearrange async condition return - fs: dlm: interrupt posix locks only when process is killed - ftrace: Add information on number of page groups allocated - ftrace: Check if pages were allocated before calling free_pages() - ftrace: Store the order of pages allocated in ftrace_page - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c - scsi: qla2xxx: Array index may go out of bound - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() - ethernet: atheros: fix return value check in atl1e_tso_csum() - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address - tcp: Reduce chance of collisions in inet6_hashfn(). (CVE-2023-1206) - bonding: reset bond's flags when down link is P2P device - team: reset team's flags when down link is P2P device - [x86] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 - net/sched: mqprio: refactor nlattr parsing to a separate function - net/sched: mqprio: add extack to mqprio_parse_nlattr() - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 - benet: fix return value check in be_lancer_xmit_workarounds() - RDMA/mlx4: Make check for invalid flags stricter - [arm64] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() - [armhf] ASoC: fsl_spdif: Silence output on stop - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths - ring-buffer: Fix wrong stat of cpu_buffer->read (regression in 4.19.172) - tracing: Fix warning in trace_buffered_event_disable() - USB: serial: option: support Quectel EM060K_128 - USB: serial: option: add Quectel EC200A module support - USB: serial: simple: add Kaufmann RKS+CAN VCP - USB: serial: simple: sort driver entries - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED - [arm*] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" - [arm64] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy - [arm*] usb: dwc3: don't reset device side if dwc3 was configured as host- only - USB: quirks: add quirk for Focusrite Scarlett - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled - btrfs: check for commit error at btrfs_attach_transaction_barrier() - tpm_tis: Explicitly check for error code - virtio-net: fix race between set queues and probe - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress - drm/client: Fix memory leak in drm_client_target_cloned - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776) - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (CVE-2023-3611) - net/sched: cls_u32: Fix reference counter leak leading to overflow (CVE-2023-3609) - loop: Select I/O scheduler 'none' from inside add_disk() - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() - net: sched: cls_u32: Fix match key mis-addressing - net: add missing data-race annotations around sk->sk_peek_off - net: add missing data-race annotation for sk_ll_usec - net/sched: cls_u32: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4208) - net/sched: cls_route: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4206) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() - tcp_metrics: fix addr_same() helper - tcp_metrics: annotate data-races around tm->tcpm_stamp - tcp_metrics: annotate data-races around tm->tcpm_lock - tcp_metrics: annotate data-races around tm->tcpm_vals[] - tcp_metrics: annotate data-races around tm->tcpm_net - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen - libceph: fix potential hang in ceph_osdc_notify() - USB: zaurus: Add ID for A-300/B-500/C-700 - fs/sysv: Null check to prevent null-ptr-deref bug - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (CVE-2023-40283) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb - test_firmware: fix a memory leak with reqs buffer - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation - PM / wakeirq: support enabling wake-up irq after runtime_suspend called - PM: sleep: wakeirq: fix wake irq arming - [armhf] dts: imx6sll: Make ssi node name same as other platforms - [armhf] dts: imx: add usb alias - [armhf] dts: imx6sll: fixup of operating points - [armhf] dts: nxp/imx6sll: fix wrong property name in usbphy node - drm/edid: fix objtool warning in drm_cvt_modes() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.292 - ipv6: adjust ndisc_is_useropt() to also return true for PIO - [arm*] dmaengine: pl330: Return DMA_PAUSED when transaction is paused - drm/nouveau/gr: enable memory loads on helper invocation on all channels - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput - [arm64] iio: cros_ec: Fix the allocation size for cros_ec_command - binder: fix memory leak in binder_init() - usb-storage: alauda: Fix uninit-value in alauda_check_media() - [arm*] usb: dwc3: Properly handle processing of pending events - [x86] cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 - [amd64] mm: Fix VDSO and VVAR placement on 5-level paging machines - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (regression in 4.19.287) - net/packet: annotate data-races around tp->status - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves - dccp: fix data-race around dp->dccps_mss_cache - drivers: net: prevent tun_build_skb() to exceed the packet size limit - [amd64] IB/hfi1: Fix possible panic during hotplug remove - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN - btrfs: don't stop integrity writeback too early - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush - netfilter: nf_tables: report use refcount overflow - [x86] scsi: storvsc: Fix handling of virtual Fibre Channel timeouts - scsi: snic: Fix possible memory leak if device_add() fails - scsi: core: Fix possible memory leak if device_add() fails - sch_netem: fix issues in netem_change() vs get_dist_table() (regression in 4.19.288) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.293 - drm/radeon: Fix integer overflow in radeon_cs_parser_init - ALSA: emu10k1: roll up loops in DSP setup code for Audigy - quota: Properly disable quotas when add_dquot_ref() fails - quota: fix warning in dqgrab() - HID: add quirk for 03f0:464a HP Elite Presenter Mouse - udf: Fix uninitialized array access for some pathnames - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev - FS: JFS: Fix null-ptr-deref Read in txBegin - FS: JFS: Check for read-only mounted filesystem in txBegin - media: v4l2-mem2mem: add lock to protect parameter num_rdy - gfs2: Fix possible data races in gfs2_show_options() - [x86] pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() - Bluetooth: L2CAP: Fix use-after-free - drm/amdgpu: Fix potential fence use-after-free v2 - iio: adc: stx104: Utilize iomap interface - iio: adc: stx104: Implement and utilize register structures - iio: addac: stx104: Fix race condition for stx104_write_raw() - iio: addac: stx104: Fix race condition when converting analog-to-digital - [x86] topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms - [arm64] usb: dwc3: qcom: Add helper functions to enable,disable wake irqs - [arm64] USB: dwc3: qcom: fix NULL-deref on suspend - [arm64] mmc: meson-gx: remove useless lock - [arm64] mmc: meson-gx: remove redundant mmc_request_done() call from irq context - mmc: Remove dev_err() usage after platform_get_irq() - [arm*] mmc: bcm2835: fix deferred probing - [arm*] mmc: sunxi: fix deferred probing - block: fix signed int overflow in Amiga partition support - nfsd4: kill warnings on testing stateids with mismatched clientids - nfsd: Remove incorrect check in nfsd4_validate_stateid - virtio-mmio: convert to devm_platform_ioremap_resource - virtio-mmio: Use to_virtio_mmio_device() to simply code - virtio-mmio: don't break lifecycle of vm_dev - btrfs: fix BUG_ON condition in btrfs_cancel_balance - net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194) - net: af_key: fix sadb_x_filter validation (regression in 4.19.148) - xfrm: fix slab-use-after-free in decode_session6 - ip6_vti: fix slab-use-after-free in decode_session6 - ip_vti: fix potential slab-use-after-free in decode_session6 - xfrm: add NULL check in xfrm_update_ae_params (CVE-2023-3772) - netfilter: nft_dynset: disallow object maps (CVE-2023-4244) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves - sock: Fix misuse of sk_under_memory_pressure() - net: do not allow gso_size to be set to GSO_BY_FRAGS - serial: 8250: Fix oops for port->pm on uart_change_pm() - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. - cifs: Release folio lock on fscache read hit. - [x86] mmc: wbsd: fix double mmc_free_host() in wbsd_init() (regression in 4.19.270) - test_firmware: prevent race conditions by a correct implementation of locking - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (CVE-2023-4622) - virtio-net: set queues after driver_ok - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure - net: phy: broadcom: stub c45 read/write for 54810 - dlm: improve plock logging if interrupted - dlm: replace usage of found with dedicated list iterator variable - fs: dlm: add pid to debug log - fs: dlm: change plock interrupted message to debug again - fs: dlm: use dlm_plock_info for do_unlock_close - fs: dlm: fix mismatch of plock results from userspace - fbdev: Improve performance of sys_imageblit() - fbdev: Fix sys_imageblit() for arbitrary image widths - fbdev: fix potential OOB read in fast_imageblit() - dm integrity: increase RECALC_SECTORS to improve recalculate speed - dm integrity: reduce vmalloc space footprint on 32-bit architectures - regmap: Account for register length in SMBus I/O limits - drm/amd/display: do not wait for mpc idle if tg is disabled - drm/amd/display: check TG is non-null before checking if enabled - tracing: Fix memleak due to race between current_tracer and trace - sock: annotate data-races around prot->memory_pressure - dccp: annotate data-races in dccp_poll() - igb: Avoid starting unnecessary workqueues - net/sched: fix a qdisc modification with ambiguous command request - bonding: fix macvlan over alb bond support - ipvs: Improve robustness to the ipvs sysctl - ipvs: fix racy memcpy in proc_do_sync_threshold - nfsd: Fix race to FREE_STATEID and cl_revoked - batman-adv: Trigger events for auto adjusted MTU - batman-adv: Don't increase MTU when set by user - batman-adv: Do not get eth header before batadv_check_management_packet - batman-adv: Fix TT global entry leak when client roamed back - batman-adv: Fix batadv_v_ogm_aggr_send memory leak - [x86] fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (regression in 4.19.289-2) - mmc: block: Fix in_flight[issue_type] value error - sched/rt: pick_next_rt_entity(): check list_entry (CVE-2023-1077) - netfilter: nf_queue: fix socket leak (regression in 4.19.233) - scsi: snic: Fix double free in snic_tgt_create() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.294 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295 - erofs: ensure that the post-EOF tails are all zeroed - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules - USB: serial: option: add Quectel EM05G variant (0x030e) - USB: serial: option: add FOXCONN T99W368/T99W373 product - HID: wacom: remove the battery when the EKR is off - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (CVE-2023-1989) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse - pinctrl: amd: Don't show `Invalid config param` errors - 9p: virtio: make sure 'offs' is initialized in zc_request - ASoC: da7219: Flush pending AAD IRQ when suspending - ASoC: da7219: Check for failure reading AAD IRQ events - ethernet: atheros: fix return value check in atl1c_tso_csum() - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args - fs/nls: make load_nls() take a const parameter - [x86] ASoc: codecs: ES8316: Fix DMIC config - [x86] platform/x86: intel: hid: Always call BTNL ACPI method - security: keys: perform capable check only on privileged operations - net: usb: qmi_wwan: add Quectel EM05GV2 - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock - bnx2x: fix page fault following EEH recovery - sctp: handle invalid error codes without calling BUG() - cifs: add a warning when the in-flight count goes negative - ALSA: seq: oss: Fix racy open/close of MIDI devices - net: Avoid address overwrite in kernel_connect - udf: Check consistency of Space Bitmap Descriptor - udf: Handle error when adding extent to a file - Revert "net: macsec: preserve ingress frame ordering" (regression in 4.19.123) - reiserfs: Check the return value from __getblk() - eventfd: Export eventfd_ctx_do_read() - eventfd: prevent underflow for eventfd semaphores - fs: new helper: lookup_positive_unlocked() - netfilter: nft_flow_offload: fix underflow in flowtable reference counter - netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation - fs: Fix error checking for d_hash_and_lookup() - [x86] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() - bpf: Clear the probe_addr for uprobe - regmap: rbtree: Use alloc_flags for memory allocations - [arm*] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM - wifi: mwifiex: Fix OOB and integer underflow when rx packets - mwifiex: switch from 'pci_' to 'dma_' API - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly - fs: ocfs2: namei: check return value of ocfs2_add_entry() - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() - wifi: mwifiex: Fix missed return in oob checks failed path - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx - wifi: ath9k: protect WMI command response buffer replacement with a lock - wifi: mwifiex: avoid possible NULL skb pointer dereference - wifi: ath9k: use IS_ERR() with debugfs_create_dir() - [x86] net: arcnet: Do not call kfree_skb() under local_irq_disable() - net/sched: sch_hfsc: Ensure inner classes have fsc curve (CVE-2023-4623) - [x86] netrom: Deny concurrent connect(). - quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list - quota: factor out dquot_write_dquot() - quota: fix dqput() to follow the guarantees dquot_srcu should provide - [arm64] dts: msm8996: thermal: Add interrupt support - [arm64] dts: qcom: msm8996: Add missing interrupt to the USB2 controller - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() - [arm64] drm: adv7511: Fix low refresh rate register for ADV7533/5 - drm/tegra: Remove superfluous error messages around platform_get_irq() - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq - [arm64] drm/msm/mdp5: Don't leak some plane state - audit: fix possible soft lockup in __audit_inode_child() - ALSA: ac97: Fix possible error value of *rac97 - PCI: pciehp: Use RMW accessors for changing LNKCTL - PCI/ASPM: Use RMW accessors for changing LNKCTL - PCI/ATS: Add pci_prg_resp_pasid_required() interface. - PCI: Decode PCIe 32 GT/s link speed - PCI: Add #defines for Enter Compliance, Transmit Margin - drm/amdgpu: Correct Transmit Margin masks - drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions - drm/amdgpu: Prefer pcie_capability_read_word() - drm/amdgpu: Use RMW accessors for changing LNKCTL - drm/radeon: Correct Transmit Margin masks - drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions - drm/radeon: Prefer pcie_capability_read_word() - drm/radeon: Use RMW accessors for changing LNKCTL - wifi: ath10k: Use RMW accessors for changing LNKCTL - nfs/blocklayout: Use the passed in gfp flags - jfs: validate max amount of blocks before allocation. - fs: lockd: avoid possible wrong NULL parameter - NFSD: da_addr_body field missing in some GETDEVICEINFO replies - media: Use of_node_name_eq for node name comparisons - media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling - media: v4l2-fwnode: simplify v4l2_fwnode_parse_link - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() - drivers: usb: smsusb: fix error handling code in smsusb_init_device - media: dib7000p: Fix potential division by zero - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (regression in 4.19.226) - media: cx24120: Add retval check for cx24120_message_send() - [armhf] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() - scsi: be2iscsi: Add length check when parsing nlattrs - scsi: qla4xxx: Add length check when parsing nlattrs - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly - IB/uverbs: Fix an potential error pointer dereference - USB: gadget: f_mass_storage: Fix unused variable warning - scsi: core: Use 32-bit hostnum in scsi_host_lookup() - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock - [arm*] serial: tegra: handle clk prepare error in tegra_uart_hw_init() - [arm*] amba: bus: fix refcount leak - Revert "IB/isert: Fix incorrect release of isert connection" (regression in 4.19.287) - HID: multitouch: Correct devm device reference for hidinput input_dev name - [arm64] rpmsg: glink: Add check for kstrdup - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (CVE-2023-42753) - netfilter: xt_u32: validate user space input (CVE-2023-39192) - netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193) - skbuff: skb_segment, Call zero copy functions before using skbuff frags - igb: set max size RX buffer when store bad packet is enabled (CVE-2023-45871) - PM / devfreq: Fix leak in devfreq_dev_release() - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl - ipmi_si: fix a memleak in try_smi_init() - [armhf] OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() - [armhf] backlight/gpio_backlight: Compare against struct fb_info.device - media: dvb: symbol fixup for dvb_attach() - procfs: block chmod on /proc/thread-self/comm - dlm: fix plock lookup when using multiple lockspaces - dccp: Fix out of bounds access in DCCP error handler - X.509: if signature is unsupported skip validation - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() - pstore/ram: Check start of empty przs during init - udf: initialize newblock to 0 - scsi: qla2xxx: fix inconsistent TMF timeout - scsi: qla2xxx: Turn off noisy message log - drm/ast: Fix DRAM init on AST2200 - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info - kconfig: fix possible buffer overflow - net: read sk->sk_family once in sk_mc_loop() - igb: disable virtualization features on 82580 - veth: Fixing transmit return status for dropped packets - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr - af_unix: Fix data-races around user->unix_inflight. - af_unix: Fix data-race around unix_tot_inflight. - af_unix: Fix data-races around sk->sk_shutdown. - af_unix: Fix data race around sk->sk_err. - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 - netfilter: nfnetlink_osf: avoid OOB read (CVE-2023-39189) - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART - perf hists browser: Fix hierarchy mode header - ixgbe: fix timestamp configuration code - drm/amd/display: Fix a bug when searching for insert_above_mpcc - autofs: fix memory leak of waitqueues in autofs_catatonic_mode - btrfs: output extra debug info if we failed to find an inline backref - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer - [x86] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 - [arm*] hw_breakpoint: fix single-stepping when using bpf_overflow_handler - wifi: ath9k: fix printk specifier - wifi: mwifiex: fix fortify warning - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() - tpm_tis: Resend command to recover from data transfer errors - [armhf] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() - md: raid1: fix potential OOB in raid1_remove_disk() - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer - media: anysee: fix null-ptr-deref in anysee_master_xfer - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() - media: tuners: qt1010: replace BUG_ON with a regular error - media: pci: cx23885: replace BUG with error return - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() - kobject: Add sanity check for kset->kobj.ktype in kset_register() - md/raid1: fix error: ISO C90 forbids mixed declarations - attr: block mode changes of symlinks - btrfs: fix lockdep splat and potential deadlock after failure running delayed items - nfsd: fix change_info in NFSv4 RENAME replies - net/sched: cls_fw: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4207) - net/sched: Retire rsvp classifier (CVE-2023-42755) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.296 - NFS/pNFS: Report EINVAL errors from connect() to the server - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones - ata: libahci: clear pending interrupt status - netfilter: nf_tables: disallow element removal on anonymous sets - ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754) - [arm64] net: hns3: add 5ms delay before clear firmware reset irq source - net: add atomic_long_t to net_device_stats fields - net: bridge: use DEV_STATS_INC() - team: fix null-ptr-deref when team device type is changed - [x86] Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN - scsi: qla2xxx: Add protection mask module parameters - scsi: qla2xxx: Remove unsupported ql2xenabledif option - scsi: megaraid_sas: Load balance completions across all MSI-X - scsi: megaraid_sas: Fix deadlock on firmware crashdump - ext4: remove the 'group' parameter of ext4_trim_extent - ext4: add new helper interface ext4_try_to_trim_range() - ext4: scope ret locally in ext4_try_to_trim_range() - ext4: change s_last_trim_minblks type to unsigned long - ext4: mark group as trimmed only if it was fully scanned - ext4: replace the traditional ternary conditional operator with with max()/min() - ext4: move setting of trimmed bit into ext4_try_to_trim_range() - ext4: do not let fstrim block system suspend - [armhf] dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot - ring-buffer: Avoid softlockup in ring_buffer_resize() - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() - nvme-pci: do not set the NUMA node of device if it has none - [x86] watchdog: iTCO_wdt: No need to stop the timer in probe - [x86] watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running - net: Fix unwanted sign extension in netdev_stats_to_stats64() - scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers - serial: 8250_port: Check IRQ data before use (regression in 4.19.283) - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() - [x86] ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES - [x86] i2c: i801: unregister tco_pdev in i801_probe() error path - btrfs: properly report 0 avail for very full file systems - net: thunderbolt: Fix TCPv6 GSO checksum calculation - ata: libata-core: Fix ata_port_request_pm() locking - ata: libata-core: Fix port and device removal - ata: libata-core: Do not register PM operations for SAS ports - ata: libata-sata: increase PMP SRST timeout to 10s - ata: libata: disallow dev-initiated LPM transitions to unsupported states - media: dvb: symbol fixup for dvb_attach() - again - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info - wifi: mwifiex: Fix tlv_buf_left calculation - net: replace calls to sock->ops->connect() with kernel_connect() - ubi: Refuse attaching if mtd's erasesize is 0 - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet - regmap: rbtree: Fix wrong register marked as in-cache when creating new node - scsi: target: core: Fix deadlock due to recursive locking - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg - tcp: fix quick-ack counting to count actual ACKs of new data - tcp: fix delayed ACKs for MSS boundary condition - sctp: update transport state when processing a dupcook packet - sctp: update hb timer immediately after users change hb_interval - IB/mlx4: Fix the size of a buffer in add_port_entries() - RDMA/cma: Fix truncation compilation warning in make_cma_ports - RDMA/mlx5: Fix NULL string error - dccp: fix dccp_v4_err()/dccp_v6_err() again - rtnetlink: Reject negative ifindexes in RTM_NEWLINK - xen/events: replace evtchn_rwlock with RCU (CVE-2023-34324) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297 - [x86] indirect call wrappers: helpers to speed-up indirect calls of builtin - [x86] net: use indirect calls helpers at the socket layer - net: prevent rewrite of msg_name in sock_sendmsg() - RDMA/cxgb4: Check skb value for failure to allocate - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect - quota: Fix slow quotaoff - net: prevent address rewrite in kernel_bind() - [armhf] drm: etvnaviv: fix bad backport leading to warning (regression in 4.19.280) - [arm64] drm/msm/dsi: skip the wait for video mode done if not applicable - xen-netback: use default TX queue size for vifs - [x86] drm/vmwgfx: fix typo of sizeof argument - ixgbe: fix crash with empty VF macvlan list - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() - nfc: nci: assert requested protocol is valid - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() - sched,idle,rcu: Push rcu_idle deeper into the idle path - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read - [arm*] usb: dwc3: Soft reset phy on probe for host - [arm*] usb: musb: Get the musb_qh poniter after musb_giveback - [arm*] usb: musb: Modify the "HWVers" register address - [x86] iio: pressure: bmp280: Fix NULL pointer exception - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() - Input: powermate - fix use-after-free in powermate_config_complete - Input: psmouse - fix fast_reconnect function for PS/2 mode - [x86] Input: xpad - add PXN V900 support - cgroup: Remove duplicates in cgroup v1 tasks file - [x86] cpu: Fix AMD erratum #1485 on Zen4-based CPUs - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call - dev_forward_skb: do not scrub skb mark within the same name space - usb: hub: Guard against accesses to uninitialized BOS descriptors - Bluetooth: hci_event: Ignore NULL link key - Bluetooth: Reject connection with the device which has same BD_ADDR - Bluetooth: Fix a refcnt underflow problem for hci_conn - [x86] Bluetooth: vhci: Fix race when opening vhci device - Bluetooth: avoid memcmp() out of bounds warning - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() - regmap: fix NULL deref on lookup (regression in 4.19.135) - [x86] KVM: x86: Mask LVTPC when handling a PMI - netfilter: nft_payload: fix wrong mac header matching - xfrm: fix a data-race in xfrm_gen_index() - xfrm: interface: use DEV_STATS_INC() - net: ipv4: fix return value check in esp_remove_trailer - net: ipv6: fix return value check in esp_remove_trailer - tcp: fix excessive TLP and RACK timeouts from HZ rounding - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() - i40e: prevent crash on probe if hw registers have invalid values - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve - netfilter: nft_set_rbtree: .deactivate fails if element has expired - net: pktgen: Fix interface flags printing - libceph: fix unaligned accesses in ceph_entity_addr handling - libceph: use kernel_connect() - [armhf] dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 - btrfs: initialize start_slot in btrfs_log_prealloc_extents - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter - overlayfs: set ctime when setting mtime and atime - ata: libata-eh: Fix compilation warning in ata_eh_link_report() - tracing: relax trace_event_eval_update() execution with cond_resched() - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event - Bluetooth: Avoid redundant authentication - Bluetooth: hci_core: Fix build warnings - wifi: mac80211: allow transmitting EAPOL frames with tainted key - wifi: cfg80211: avoid leaking stack data into trace - drm: panel-orientation-quirks: Add quirk for One Mix 2S - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c - Bluetooth: hci_event: Fix using memcmp when comparing keys - ACPI: irq: Fix incorrect return value in acpi_register_gsi() - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition - USB: serial: option: add entry for Sierra EM9191 with new firmware - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL - perf: Disallow mis-matched inherited group reads (CVE-2023-5717) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name - xfrm6: fix inet6_dev refcount underflow problem https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.298 - mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume - mmc: core: sdio: hold retuning if sdio in 1-bit mode - virtio-mmio: fix memory leak of vm_dev - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry - gtp: fix fragmentation needed check with gso - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR - [armhf] i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() - [armhf] i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() - perf/core: Fix potential NULL deref - [armhf] iio: exynos-adc: request second interupt only when touchscreen mode is used - [x86] i8259: Skip probing when ACPI/MADT advertises PCAT compatibility - NFS: Don't call generic_error_remove_page() while holding locks - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() - [arm64] fix a concurrency issue in emulation_proc_handler() - kobject: Fix slab-out-of-bounds in fill_kobj_path() (CVE-2023-45863) - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879) - nfsd: lock_rename() needs both directories to live on the same fs - [x86] mm: Simplify RESERVE_BRK() - [x86] mm: Fix RESERVE_BRK() for older binutils - driver: platform: Add helper for safer setting of driver_override - [arm64] rpmsg: Constify local variable in field store macro - [arm64] rpmsg: Fix kfree() of static memory on setting driver_override - [arm64] rpmsg: Fix calling device_lock() on non-initialized device - [arm64] rpmsg: glink: Release driver_override - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() - [x86] Fix .brk attribute in linker script - [armhf] ASoC: simple-card: fixup asoc_simple_probe() error handling - [x86] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table - [x86] Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport - [x86] fbdev: atyfb: only use ioremap_uc() on i386 and ia64 - netfilter: nfnetlink_log: silence bogus compiler warning - ASoC: rt5650: fix the wrong result of key button - [x86] fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() - scsi: mpt3sas: Fix in error path - [x86] platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw - [i386] remove the sx8 block driver - [x86] PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility - tty: 8250: Remove UC-257 and UC-431 - tty: 8250: Add support for additional Brainboxes UC cards - tty: 8250: Add support for Brainboxes UP cards - tty: 8250: Add support for Intashield IS-100 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299 - vfs: fix readahead(2) on block devices - [x86] genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() - i40e: fix potential memory leaks in i40e_remove() - tcp_metrics: add missing barriers on delete - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() - tcp_metrics: do not create an entry from tcp_init_metrics() - wifi: rtlwifi: fix EDCA limit set by BT coexistence - can: dev: can_restart(): don't crash kernel if carrier is OK - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() - thermal: core: prevent potential string overflow - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() - ipv6: avoid atomic fragment on GSO packets (regression in 4.19.170) - macsec: Fix traffic counters/statistics - macsec: use DEV_STATS_INC() - net: add DEV_STATS_READ() helper - ipvlan: properly track tx_errors - regmap: debugfs: Fix a erroneous check after snprintf() - [arm64] clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies - [x86] platform/x86: wmi: Fix probe failure when failing to register WMI devices - [x86] platform/x86: wmi: remove unnecessary initializations - [x86] platform/x86: wmi: Fix opening of char device - [x86] hwmon: (coretemp) Fix potentially truncated sysfs attribute name - [arm*] drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs - drm/radeon: possible buffer overflow - [arm64] drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() - [i386] hwrng: geode - fix accessing registers (regression in 4.19.270) - sched/rt: Provide migrate_disable/enable() inlines - nd_btt: Make BTT lanes preemptible - HID: cp2112: Use irqchip template - hid: cp2112: Fix duplicate workqueue initialization - [armhf] 9321/1: memset: cast the constant byte to unsigned char - ext4: move 'ix' sanity check to corrent position - [amd64] RDMA/hfi1: Workaround truncation compilation error - [x86] ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails - [arm*] leds: pwm: simplify if condition - [arm*] leds: pwm: convert to atomic PWM API - [arm*] leds: pwm: Don't disable the PWM when the LED should be off - ledtrig-cpu: Limit to 8 CPUs - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (regression in 4.19.163) - [arm*] usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency - [armhf] dmaengine: ti: edma: handle irq_of_parse_and_map() errors - [arm*] misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() - USB: usbip: fix stub_dev hub disconnect - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() - [x86] pcmcia: cs: fix possible hung task and memory leak pccardd() - [x86] pcmcia: ds: fix refcount leak in pcmcia_device_add() - [x86] pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() - media: bttv: fix use after free error due to btv->timeout timer - media: dvb-usb-v2: af9035: fix missing unlock - [x86] Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() - llc: verify mac len before reading mac header - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING - dccp: Call security_inet_conn_request() after setting IPv4 addresses. - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. - r8169: improve rtl_set_rx_mode - net/smc: postpone release of clcsock - net/smc: wait for pending work before clcsock release_sock - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT - tg3: power down device only on SYSTEM_POWER_OFF (regression in 4.19.259) - r8169: respect userspace disabling IFF_MULTICAST - netfilter: xt_recent: fix (increase) ipv6 literal buffer length - btrfs: use u64 for buffer sizes in the tree search ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300 - perf/core: Bail out early if the request AUX area is out of bound - [armhf] clocksource/drivers/timer-imx-gpt: Fix potential memory leak - [x86] mm: Drop the 4 MB restriction on minimal NUMA node memory size - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() - net: annotate data-races around sk->sk_tx_queue_mapping - net: annotate data-races around sk->sk_dst_pending_confirm - Bluetooth: Fix double free in hci_conn_cleanup - [x86] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL - crypto: pcrypt - Fix hungtask for PADATA_RESET - fs/jfs: Add check for negative db_l2nbperpage - fs/jfs: Add validity check for db_maxag and db_agpref - jfs: fix array-index-out-of-bounds in dbFindLeaf - jfs: fix array-index-out-of-bounds in diAlloc - ALSA: hda: Fix possible null-ptr-deref when assigning a stream - atm: iphase: Do PCI error checks on own line - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W - usb: gadget: f_ncm: Always set current gadget in ncm_bind() - [armhf] i2c: sun6i-p2wi: Prevent potential division by zero - media: gspca: cpia1: shift-out-of-bounds in set_flicker - media: vivid: avoid integer overflow - gfs2: ignore negated quota changes - drm/amd/display: Avoid NULL dereference of timing generator - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO - ipvlan: add ipvlan_route_v6_outbound() helper - tty: Fix uninit-value access in ppp_sync_receive() - tipc: Fix kernel-infoleak due to uninitialized TLV value - ppp: limit MRU to 64K - xen/events: fix delayed eoi list handling (regression in 4.19.155) - ptp: annotate data-race around q->head and q->tail - macvlan: Don't propagate promisc change to lower dev in passthru - cifs: spnego: add ';' in HOST_KEY_LEN - [arm64] media: venus: hfi: add checks to perform sanity on queue pointers - [x86] KVM: x86: Ignore MSR_AMD64_TW_CFG access - audit: don't take task_lock() in audit_exe_compare() code path - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver - PCI/sysfs: Protect driver's D3cold preference from user space - [arm64] mmc: meson-gx: Remove setting of CMD_CFG_ERROR (regression in 4.19.88) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware - mmc: vub300: fix an error code - PM: hibernate: Use __get_safe_page() rather than touching the list - PM: hibernate: Clean up sync_read handling in snapshot_write_next() - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev - quota: explicitly forbid quota files from being encrypted - ALSA: info: Fix potential deadlock at disconnection - [x86] ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC - [arm*] tty: serial: meson: if no alias specified use an available id - [arm*] serial: meson: remove redundant initialization of variable id - [arm*] tty: serial: meson: retrieve port FIFO size from DT - [arm*] serial: meson: Use platform_get_irq() to get the interrupt - [arm*] tty: serial: meson: fix hard LOCKUP on crtscts mode - [x86] i2c: i801: fix potential race in i801_block_transaction_byte_by_byte - media: lirc: drop trailing space from scancode transmit - media: sharp: fix sharp encoding - [arm64] media: venus: hfi_parser: Add check to keep the number of codecs within range - [arm64] media: venus: hfi: fix the check to handle session buffer requirement - [arm64] media: venus: hfi: add checks to handle capabilities from firmware - ext4: correct offset of gdb backup in non meta_bg group to update_backups - ext4: correct return value of ext4_convert_meta_bg - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks - drm/amdgpu: fix error handling in amdgpu_bo_list_get() - scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids - iomap: Set all uptodate bits for an Uptodate page - net: sched: fix race condition in qdisc_graft() (CVE-2023-0590) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.301 - driver core: Release all resources during unbind before updating device links - RDMA/irdma: Prevent zero-length STAG registration (CVE-2023-25775) - [arm*] drm/panel: simple: Fix Innolux G101ICE-L01 timings - [i386] ata: pata_isapnp: Add missing error check for devm_ioport_map() - [arm*] drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full - HID: core: store the unique system identifier in hid_device - HID: fix HID device resource race between HID core and debugging support - net: usb: ax88179_178a: fix failed operations during ax88179_reset - [arm*] xen: fix xen_vcpu_info allocation alignment - amd-xgbe: handle corner-case during sfp hotplug - amd-xgbe: handle the corner-case during tx completion - amd-xgbe: propagate the correct speed and duplex status - [arm64] cpufeature: Extract capped perfmon fields - [arm64] KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() - USB: serial: option: add Luat Air72*U series products - [x86] hv_netvsc: Fix race of register_netdevice_notifier and VF register - [x86] hv_netvsc: Mark VF as slave before exposing it to user-mode - dm-delay: fix a race between delay_presuspend and delay_bio - bcache: check return value from btree_node_alloc_replacement() - bcache: prevent potential division by zero error - USB: serial: option: add Fibocom L7xx modules - USB: serial: option: don't claim interface 4 for ZTE MF290 - [arm*] USB: dwc2: write HCINT with INTMASK applied - [arm*] usb: dwc3: set the dma max_seg_size - [arm64] USB: dwc3: qcom: fix wakeup after probe deferral - pinctrl: avoid reload of p state in list iteration - firewire: core: fix possible memory leak in create_units() - mmc: block: Do not lose cache flush during CQE error recovery - [x86] ALSA: hda: Disable power-save on KONTRON SinglePC - ALSA: hda/realtek: Headset Mic VREF to 100% - dm-verity: align struct dm_verity_fec_io properly - dm verity: don't perform FEC for failed readahead IO - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR - btrfs: fix off-by-one when checking chunk map includes logical address - btrfs: send: ensure send_fd is writable - [x86] Input: xpad - add HyperX Clutch Gladiate Support - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (CVE-2023-6932) - smb3: fix touch -h of symlink - [x86] mtd: cfi_cmdset_0001: Support the absence of protection registers - ima: annotate iint mutex to avoid lockdep false positive warnings - ovl: skip overlayfs superblocks at global sync - [armhf] cpufreq: imx6q: don't warn for disabling a non-existing frequency - [armhf] cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily - mmc: cqhci: Increase recovery halt timeout - mmc: cqhci: Warn of halt or task clear failure - mmc: cqhci: Fix task clearing in CQE error recovery - mmc: block: Retry commands in CQE error recovery https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.302 - [armhf] spi: imx: add a device specific prepare_message callback - [armhf] spi: imx: move wml setting to later than setup_transfer - [armhf] spi: imx: correct wml as the last sg length - [armhf] spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. - hrtimers: Push pending hrtimers away from outgoing CPU earlier - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test - tg3: Move the [rt]x_dropped counters to tg3_napi - tg3: Increment tx_dropped in tg3_tso_bug() - drm/amdgpu: correct chunk_ptr to a pointer to chunk. - ipv6: fix potential NULL deref in fib6_add() - [x86] net: arcnet: Fix RESET flag handling - [x86] net: arcnet: com20020 fix error handling - [x86] arcnet: restoring support for multiple Sohard Arcnet cards - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() - [arm64] net: hns: fix fake link up on xge port - netfilter: xt_owner: Add supplementary groups option - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket - tcp: do not accept ACK of bytes we never sent - [x86] hwmon: (acpi_power_meter) Fix 4.29 MW bug - tracing: Fix a warning when allocating buffered events fails - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() - [armhf] imx: Check return value of devm_kasprintf in imx_mmdc_perf_init - [armhf] dts: imx: make gpt node name generic - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names - packet: Move reference count in packet_sock to atomic_long_t - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() - tracing: Always update snapshot buffer size - tracing: Fix incomplete locking when disabling buffered events - tracing: Fix a possible race when disabling buffered events - perf/core: Add a new read format to get a number of lost samples - perf: Fix perf_event_validate_size() (CVE-2023-6931) - gpiolib: sysfs: Fix error handling on failed export - usb: gadget: f_hid: fix report descriptor allocation (regression in 4.19.270) - parport: Add support for Brainboxes IX/UC/PX parallel cards - [x86] usb: typec: class: fix typec_altmode_put_partner to put plugs - [x86] CPU/AMD: Check vendor in the AMD microcode callback - nilfs2: fix missing error check for sb_set_blocksize call - netlink: don't call ->netlink_bind with table lock held - genetlink: add CAP_NET_ADMIN test for multicast bind - psample: Require 'CAP_NET_ADMIN' when joining "packets" group - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group - IB/isert: Fix unaligned immediate-data handling - devcoredump : Serialize devcd_del work - devcoredump: Send uevent once devcd is ready https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.303 - atm: solos-pci: Fix potential deadlock on &cli_queue_lock - atm: solos-pci: Fix potential deadlock on &tx_queue_lock - atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780) - [x86] net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc - net: Remove acked SYN flag from packet in the transmit queue correctly - sign-file: Fix incorrect return values check - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() - [arm*] net: stmmac: Handle disabled MDIO busses from devicetree - appletalk: Fix Use-After-Free in atalk_ioctl (CVE-2023-51781) - cred: switch to using atomic_long_t - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" - bcache: avoid oversize memory allocation by small stripe_size - bcache: avoid NULL checking to c->root in run_cache_set() - HID: add ALWAYS_POLL quirk for Apple kb - [x86] HID: hid-asus: reset the backlight brightness level on resume - [x86] HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 - perf: Fix perf_event_validate_size() lockdep splat - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (regression in 4.19.284) - [arm64] mm: Always make sw-dirty PTEs hw-dirty in pte_modify - team: Fix use-after-free when an option instance allocation fails - ring-buffer: Fix memory leak of free page - mmc: block: Be sure to wait while busy in CQE error recovery https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.304 - [x86] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB - [x86] ALSA: hda/realtek: Enable headset onLenovo M70/M90 - [x86] ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE - reset: Fix crash when freeing non-existent optional resets - wifi: mac80211: mesh_plink: fix matches_local logic - net/mlx5: Fix fw tracer first block check - net: sched: ife: fix potential use-after-free - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources - [x86] net/rose: fix races in rose_kill_by_device() - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() - afs: Fix the dynamic root's d_delete to always delete unused dentries - net: warn if gso_type isn't set for a GSO SKB - net: check dev->gso_max_size in gso_features_check() - smb: client: fix NULL deref in asn1_ber_decoder() - btrfs: do not allow non subvolume root targets for snapshot - [x86] iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() - wifi: cfg80211: Add my certificate - wifi: cfg80211: fix certs build to not depend on file order - USB: serial: option: add Quectel EG912Y module support - USB: serial: option: add Foxconn T99W265 with new baseline - USB: serial: option: add Quectel RM500Q R13 firmware support - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent - net: 9p: avoid freeing uninit memory in p9pdu_vreadf - net: rfkill: gpio: set GPIO direction - [x86] alternatives: Sync core before enabling interrupts - [arm*] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (regression in 4.19.185) - smb: client: fix OOB in smbCalcSize() (CVE-2023-6606) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() - block: Don't invalidate pagecache for invalid falloc modes [ Ben Hutchings ] * Bump ABI to 26 * [rt] Update to 4.19.302-rt131: - Revert "sched/rt: Provide migrate_disable/enable() inlines" from 4.19.299 -- Ben Hutchings Tue, 09 Jan 2024 00:13:47 +0000 linux (4.19.289-2) buster-security; urgency=high * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/xen: Fix secondary processors' FPU initialization - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] cpu: Avoid ABI change for GDS mitigations -- Ben Hutchings Tue, 08 Aug 2023 04:35:25 +0200 linux (4.19.289-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.283 - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-1380) - bluetooth: Perform careful capability checks in hci_sock_ioctl() (CVE-2023-2002) - USB: serial: option: add UNISOC vendor and TOZED LT70C product - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 - [arm*] stmmac: debugfs entry name is not be changed when udev rename device name. - [arm*] USB: dwc3: fix runtime pm imbalance on unbind - debugfs: regset32: Add Runtime PM support - xhci: fix debugfs register accesses while suspended - [arm*] pwm: meson: Fix axg ao mux parents - ring-buffer: Sync IRQ works before buffer destruction - reiserfs: Add security prefix to xattr name in reiserfs_security_write() - [x86] KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted - [armhf] i2c: omap: Fix standard mode false ACK readings - Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" (regression in 4.19.276) - ubifs: Fix memleak when insert_old_idx() failed - ubi: Fix return value overwrite issue in try_write_vid_and_data() - ubifs: Free memory for tmpfile name - [arm*] drm/rockchip: Drop unbalanced obj unref - drm/vgem: add missing mutex_destroy - drm/probe-helper: Cancel previous job before starting new one - [amd64] EDAC, skx: Move debugfs node under EDAC's hierarchy - [amd64] EDAC/skx: Fix overflows on the DRAM row address mapping arrays - media: av7110: prevent underflow in write_ts_to_decoder() - [arm64] firmware: qcom_scm: Clear download bit during reboot - [arm64] drm/msm/adreno: Defer enabling runpm until hw_init() - [arm64] drm/msm/adreno: drop bogus pm_runtime_set_active() - [x86] apic: Fix atomic update of offset in reserve_eilvt_offset() - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (CVE-2023-35824) - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (CVE-2023-35823) - [armhf] media: rc: gpio-ir-recv: Fix support for wake-up - [x86] ioapic: Don't return 0 from arch_dynirq_lower_bound() - wifi: ath9k: hif_usb: fix memory leak of remain_skbs - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() - wifi: ath6kl: reduce WARN to dev_dbg() in callback - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC - vlan: partially enable SIOCSHWTSTAMP in container - net/packet: convert po->origdev to an atomic flag - net/packet: convert po->auxdata to an atomic flag - scsi: target: iscsit: Fix TAS handling during conn cleanup (regression in 4.19.161) - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS - rtlwifi: rtl_pci: Fix memory leak when hardware init fails - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors - crypto: drbg - Only fail when jent is unavailable in FIPS mode - md/raid10: fix leak of 'r10bio->remaining' for recovery - md/raid10: fix memleak for 'conf->bio_split' - md: update the optimal I/O size on reshape - md/raid10: fix memleak of md thread - wifi: iwlwifi: make the loop for card preparation effective - wifi: iwlwifi: mvm: check firmware response size - ixgbe: Allow flow hash to be set via ethtool - ixgbe: Enable setting RSS table to default values - netfilter: nf_tables: don't write table validation state without mutex - ipv4: Fix potential uninit variable access bug in __ip_make_skb() - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (regression in 4.19.280) - netlink: Use copy_to_user() for optval in netlink_getsockopt(). - [x86] net: amd: Fix link leak when verifying config failed - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. - pstore: Revert pmsg_lock back to a normal mutex (regression in 4.19.270) - [arm64] spi: qup: fix PM reference leak in spi_qup_remove() - [arm64] spi: qup: Don't skip cleanup in remove's error path - [x86] vmci_host: fix a race condition in vmci_host_poll() causing GPF - [arm*] of: Fix modalias string generation - [arm*] usb: chipidea: fix missing goto in `ci_hdrc_probe` - serial: 8250: Add missing wakeup event reporting - [x86] staging: rtl8192e: Fix W_DISABLE# does not work after stop/start - [arm64] spmi: Add a check for remove callback when removing a SPMI driver - perf/core: Fix hardlockup failure caused by perf throttle - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() - clk: add missing of_node_put() in "assigned-clocks" property parsing - [amd64] IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease - SUNRPC: remove the maximum number of retries in call_bind_status - RDMA/mlx5: Use correct device num_ports when modify DC - [arm*] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port - nilfs2: do not write dirty data after degenerating to read-only - nilfs2: fix infinite loop in nilfs_mdt_get_block() - md/raid10: fix null-ptr-deref in raid10_sync_request - wifi: rtl8xxxu: RTL8192EU always needs full init - [arm*] clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent - btrfs: scrub: reject unsupported scrub flags - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path - dm flakey: fix a crash with invalid table line - dm ioctl: fix nested locking in table_clear() to remove deadlock concern (CVE-2023-2269) - perf auxtrace: Fix address filter entire kernel size - netfilter: nf_tables: deactivate anonymous set from preparation phase (CVE-2023-32233) - ipmi: Fix SSIF flag requests - ipmi: Fix how the lower layers are told to watch for messages - ipmi_ssif: Rename idle state and check - ipmi: fix SSIF not responding under certain cond. - dm verity: skip redundant verity_handle_err() on I/O errors - dm verity: fix error handling for check_at_most_once on FEC - kernel/relay.c: fix read_pos error when multiple readers - relayfs: fix out-of-bounds access in relay_file_read (CVE-2023-3268) - sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() - [arm*] net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family - [arm*] net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu - net/sched: act_mirred: Add carrier check - rxrpc: Fix hard call timeout units - af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). - drm/amdgpu: Add amdgpu_gfx_off_ctrl function - drm/amdgpu: Put enable gfx off feature to a delay thread - drm/amdgpu: Add command to override the context priority. - drm/amdgpu: add a missing lock for AMDGPU_SCHED - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` - virtio_net: split free_unused_bufs() - virtio_net: suppress cpu stall when free_unused_bufs - perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() - perf symbols: Fix return incorrect build_id size in elf_read_build_id() - btrfs: fix btrfs_prev_leaf() to not return the same key twice - btrfs: print-tree: parent bytenr must be aligned to sector size - cifs: fix pcchunk length type in smb2_copychunk_range - [x86] platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i - [armhf] dts: exynos: fix WM8960 clock name in Itop Elite - HID: wacom: Set a default resolution for older tablets - ext4: fix WARNING in mb_find_extent - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (CVE-2023-34256) - ext4: improve error recovery code paths in __ext4_remount() - ext4: add bounds checking in get_max_inline_xattr_value_size() - ext4: bail out of ext4_xattr_ibody_get() fails for any reason - ext4: remove a BUG_ON in ext4_mb_release_group_pa() - ext4: fix invalid free tracking in ext4_xattr_move_to_block() - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx - drbd: correctly submit flush bio on barrier - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock (regression in 4.19.261) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.284 - net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). - netlink: annotate accesses to nlk->cb_running - net: annotate sk->sk_err write from do_recvmmsg() - tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit - tcp: factor out __tcp_close() helper - tcp: add annotations around sk->sk_shutdown accesses - ipvlan:Fix out-of-bounds caused by unclear skb->cb (CVE-2023-3090) - net: datagram: fix data-races in datagram_poll() - af_unix: Fix a data race of sk->sk_receive_queue->qlen. - af_unix: Fix data races around sk->sk_shutdown. - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() - drm/amd/display: Use DC_LOG_DC in the trasform pixel function - regmap: cache: Return error in cache sync operations for REGCACHE_NONE - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141) - ACPI: EC: Fix oops when removing custom query handlers - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex - net: Catch invalid index in XPS mapping - lib: cpu_rmap: Avoid use after free on rmap->obj array entries - [x86] scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition - gfs2: Fix inode height consistency check - ext4: set goal start correctly in ext4_mb_normalize_request - ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() - f2fs: fix to drop all dirty pages during umount() if cp_error is set - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp - HID: logitech-hidpp: Don't use the USB serial for USB devices - HID: logitech-hidpp: Reconcile USB and Unifying serials - [armhf] spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 - HID: wacom: generic: Set battery quirk only when we see battery data - [x86] usb: typec: tcpm: fix multiple times discover svids error - serial: 8250: Reinit port->pm on port specific driver unbind - btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid - btrfs: fix space cache inconsistency after error loading it from disk - [x86] cpupower: Make TSC read per CPU for Mperf monitor - af_key: Reject optional tunnel/BEET mode templates in outbound policies - [armhf] net: fec: Better handle pm_runtime_get() failing in .remove() - vsock: avoid to close connected socket after the timeout - [armhf] serial: arc_uart: fix of_iomap leak in `arc_serial_probe` - ip6_gre: Fix skb_under_panic in __gre6_xmit() - ip6_gre: Make o_seqno start from 0 in native mode - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode - erspan: get the proto with the md version for collect_md - media: netup_unidvb: fix use-after-free at del_timer() - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() - igb: fix bit_shift to be in [1..8] range - vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() - usb-storage: fix deadlock when a scsi command timeouts more than once - ALSA: hda: Fix Oops by 9.1 surround channel names - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table - statfs: enforce statfs[64] structure initialization - serial: Add support for Advantech PCI-1611U card - ceph: force updating the msg pointer in non-split case - [x86] tpm/tpm_tis: Disable interrupts for more Lenovo devices - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() - netfilter: nftables: add nft_parse_register_load() and use it - netfilter: nftables: add nft_parse_register_store() and use it - netfilter: nftables: statify nft_parse_register() - netfilter: nf_tables: validate registers coming from userspace. - netfilter: nf_tables: add nft_setelem_parse_key() - netfilter: nf_tables: allow up to 64 bytes in the set element data area - netfilter: nf_tables: stricter validation of element data - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag - netfilter: nf_tables: do not allow RULE_ID to refer to another chain - HID: wacom: Force pen out of prox if no events have been received in a while - [x86] Add Acer Aspire Ethos 8951G model quirk - [x86]ALSA: hda/realtek - Add Headset Mic supported for HP cPC - [x86] ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 - [x86] ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 - [x86] ALSA: hda/realtek - The front Mic on a HP machine doesn't work - [x86] ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW - [x86] ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform - ALSA: hda/realtek - ALC897 headset MIC no sound - [x86] ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 - usb: gadget: u_ether: Convert prints to device prints - usb: gadget: u_ether: Fix host MAC address case - vc_screen: rewrite vcs_size to accept vc, not inode - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF - [x86] ALSA: hda/ca0132: add quirk for EVGA X299 DARK - btrfs: use nofs when cleaning up aborted transactions - [x86] mm: Avoid incomplete Global INVLPG flushes - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported - [x86] ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). - USB: sisusbvga: Add endpoint checks - media: radio-shark: Add endpoint checks - net: fix skb leak in __skb_tstamp_tx() - bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields - ipv6: Fix out-of-bounds access in ipv6_find_tlv() - power: supply: leds: Fix blink to LED on transition - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition - power: supply: bq27xxx: Fix poll_interval handling and races on remove - [x86] show_trace_log_lvl: Ensure stack pointer is aligned, again - [x86] forcedeth: Fix an error handling path in nv_probe() - [x86] 3c589_cs: Fix an error handling path in tc589_probe() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.285 - cdc_ncm: Implement the 32-bit version of NCM Transfer Block - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize - power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier() - [x86] power: supply: bq24190: Call power_supply_changed() after updating input current - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() - ipv{4,6}/raw: fix output xfrm lookup wrt protocol - netfilter: ctnetlink: Support offloaded conntrack entry deletion - net/mlx5: fw_tracer, Fix event handling - [x86] netrom: fix info-leak in nr_write_internal() - af_packet: Fix data-races of pkt_sk(sk)->num. - amd-xgbe: fix the false linkup in xgbe_phy_status - af_packet: do not use READ_ONCE() in packet_bind() - tcp: deny tcp_disconnect() when threads are waiting - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set - net/sched: sch_ingress: Only create under TC_H_INGRESS - net/sched: sch_clsact: Only create under TC_H_CLSACT - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs - net/sched: Prohibit regrafting ingress or clsact Qdiscs - net: sched: fix NULL pointer dereference in mq_attach - ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report - udp6: Fix race condition in udp6_sendmsg & connect - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (CVE-2023-35788) - [arm*] net: dsa: mv88e6xxx: Increase wait after reset deactivation - fbdev: modedb: Add 1920x1080 at 60 Hz video mode - nbd: Fix debugfs_create_dir error checking - xfrm: Check if_id in inbound policy/secpath match - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address - media: netup_unidvb: fix irq init by register it at the end of probe - media: dvb_ca_en50221: fix a size write bug - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() - media: dvb-core: Fix use-after-free due on race condition at dvb_net - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (CVE-2023-31084) - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed - HID: wacom: avoid integer overflow in wacom_intuos_inout() - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 - usb: gadget: f_fs: Add unbind event before functionfs_unbind (regression in 4.19.272) - ata: libata-scsi: Use correct device no in ata_find_dev() - mmc: vub300: fix invalid response handling - fbcon: Fix null-ptr-deref in soft_cursor - regmap: Account for register length when chunking - [x86] scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) (CVE-2023-2007) - [x86] scsi: dpt_i2o: Do not process completions with invalid addresses - wifi: rtlwifi: 8192de: correct checking of IQK reload https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.286 - [arm64] spi: qup: Request DMA before enabling clocks - Bluetooth: Fix l2cap_disconnect_req deadlock (regression in 4.19.281) - Bluetooth: L2CAP: Add missing checks for invalid DCID - rfs: annotate lockless accesses to sk->sk_rxhash - rfs: annotate lockless accesses to RFS sock flow table - net: sched: move rtm_tca_policy declaration to include file - net: sched: fix possible refcount leak in tc_chain_tmplt_add() - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() - batman-adv: Broken sync while rescheduling delayed work - [x86] Input: xpad - delete a Razer DeathAdder mouse VID/PID entry - Input: psmouse - fix OOB access in Elantech protocol - drm/amdgpu: fix xclk freq on CHIP_STONEY - ceph: fix use-after-free bug for inodes when flushing capsnaps - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk - [arm64] pinctrl: meson-axg: add missing GPIOA_18 gpio group - ext4: only check dquot_initialize_needed() when debugging - btrfs: check return value of btrfs_commit_transaction in relocation - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (CVE-2023-3111) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.287 - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() - [armhf] dts: vexpress: add missing cache properties - power: supply: Ratelimit no data debug output - regulator: Fix error checking for debugfs_create_dir - [arm64] irqchip/meson-gpio: Mark OF related data as maybe unused - power: supply: Fix logic checking if system is running from battery - xen/blkfront: Only check REQ_FUA for writes - ocfs2: fix use-after-free when unmounting read-only filesystem - ocfs2: check new file size on fallocate call - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl - kexec: support purgatories with .text.hot sections - nouveau: fix client work fence deletion race - RDMA/uverbs: Restrict usage of privileged QKEYs - net: usb: qmi_wwan: add support for Compal RXM-G1 - Remove DECnet support from kernel (CVE-2023-3338) - USB: serial: option: add Quectel EM061KGL series - [arm*] usb: dwc3: gadget: Reset num TRBs before giving back the request - usb: gadget: f_ncm: Add OS descriptor support - usb: gadget: f_ncm: Fix NTP-32 support - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM - ping6: Fix send to link-local addresses with VRF. - RDMA/rxe: Remove the unused variable obj - RDMA/rxe: Removed unused name from rxe_task struct - RDMA/rxe: Fix the use-before-initialization error of resp_pkts - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode - IB/isert: Fix dead lock in ib_isert - IB/isert: Fix possible list corruption in CMA handler - IB/isert: Fix incorrect release of isert connection - sctp: fix an error code in sctp_sf_eat_auth() - igb: fix nvm.ops.read() error handling - drm/nouveau/dp: check for NULL nv_connector->native_mode - drm/nouveau/kms: Don't change EDID when it hasn't actually changed - drm/nouveau: add nv_encoder pointer check for NULL - net: tipc: resize nlattr array to correct size - neighbour: Remove unused inline function neigh_key_eq16() - net: Remove unused inline function dst_hold_and_use() - neighbour: delete neigh_lookup_nodev as not used - drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth - mmc: block: ensure error propagation for non-blk https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.288 - nilfs2: reject devices with insufficient block count - ipmi: Make the smi watcher be disabled immediately when not needed - ipmi: move message error checking to avoid deadlock - nilfs2: fix buffer corruption due to concurrent device reads - [x86] Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs - [amd64] PCI: hv: Fix a race condition bug in hv_pci_query_relations() - cgroup: Do not corrupt task iteration when rebinding subsystem - nilfs2: prevent general protection fault in nilfs_clear_dirty_page() - rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() - ieee802154: hwsim: Fix possible memory leaks - xfrm: Linearize the skb after offloading if needed. - [armhf] mmc: mvsdio: convert to devm_platform_ioremap_resource - [armhf] mmc: mvsdio: fix deferred probing - [armhf] mmc: omap: fix deferred probing - [armhf] mmc: omap_hsmmc: fix deferred probing - mmc: sdhci-acpi: fix deferred probing - be2net: Extend xmit workaround to BE3 chip - netfilter: nf_tables: disallow element updates of bound anonymous sets - netfilter: nfnetlink_osf: fix module autoload - sch_netem: acquire qdisc lock in netem_change() - scsi: target: iscsi: Prevent login threads from racing between each other - HID: wacom: Add error check to wacom_parse_and_register() - media: cec: core: don't set last_initiator if tx in progress - nfcsim.c: Fix error checking for debugfs_create_dir - [i386] usb: gadget: udc: fix NULL dereference in remove() - [x86] ASoC: nau8824: Add quirk to active-high jack-detect - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl - [x86] apic: Fix kernel panic when booting with intremap=off and x2apic_phys https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.289 - [x86] microcode/AMD: Load late on both threads too - [x86] cpu/amd: Move the errata checking functionality up - [x86] cpu/amd: Add a Zenbleed fix (CVE-2023-20593) [ Ben Hutchings ] * Bump ABI to 25 * [rt] Update to 4.19.284-rt125: - debugobjects: Check CONFIG_PREEMPT_RT_FULL instead of CONFIG_PREEMPT_RT * [x86] debug: Disable FUNCTION_ERROR_INJECTION -- Ben Hutchings Tue, 25 Jul 2023 01:50:13 +0200 linux (4.19.282-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270 - mm/khugepaged: fix GUP-fast interaction by sending IPI - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths - block: unhash blkdev part inode when the part is deleted - nfp: fix use-after-free in area_cache_get() (CVE-2022-3545) - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() - can: sja1000: fix size of OCR_MODE_MASK define - can: mcba_usb: Fix termination command argument - ASoC: ops: Correct bounds check for second channel on SX controls - udf: Discard preallocation before extending file with a hole - udf: Fix preallocation discarding at indirect extent boundary - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size - udf: Fix extending file within last block - usb: gadget: uvc: Prevent buffer overflow in setup handler - USB: serial: option: add Quectel EM05-G modem - USB: serial: cp210x: add Kamstrup RF sniffer PIDs - USB: serial: f81534: fix division by zero on line-speed change - igb: Initialize mailbox message for VF reset - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934) - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type - [arm*] usb: musb: remove extra check in musb_gadget_vbus_draw - [armhf] soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe - [armhf] dts: dove: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: armada-370: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: armada-xp: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: armada-375: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: armada-38x: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: armada-39x: Fix assigned-addresses for every PCIe Root Port - [armhf] dts: turris-omnia: Add ethernet aliases - [armhf] dts: turris-omnia: Add switch port 6 node - pstore/ram: Fix error return code in ramoops_probe() - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP - [x86] tpm/tpm_crb: Fix error message in __crb_relinquish_locality() - [arm64] cpuidle: dt: Return the correct numbers of parsed idle states - fs: don't audit the capability check in simple_xattr_list() - selftests/ftrace: event_triggers: wait longer for test_event_enable - perf: Fix possible memleak in pmu_dev_alloc() - timerqueue: Use rb_entry_safe() in timerqueue_getnext() - ocfs2: fix memory leak in ocfs2_stack_glue_init() - PNP: fix name memory leak in pnp_alloc_dev() - [x86] perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (regression in 4.19.189) - [x86] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() - lib/notifier-error-inject: fix error when writing -errno to debugfs file - debugfs: fix error when writing negative value to atomic_t debugfs file (regression in 4.19.160) - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() - [x86] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix - [x86] xen/events: only register debug interrupt for 2-level events - [x86] xen: Fix memory leak in xen_smp_intr_init{_pv}() - [x86] xen: Fix memory leak in xen_init_lock_cpu() - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() - PM: runtime: Improve path in rpm_idle() when no callback - PM: runtime: Do not call __rpm_callback() from rpm_idle() - [x86] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() - fs: sysv: Fix sysv_nblocks() returns wrong value - relay: fix type mismatch when allocating memory in relay_create_buf() - hfs: Fix OOB Write in hfs_asc2mac - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (regression in 4.19.154) - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() - wifi: rtl8xxxu: Fix reading the vendor of combo chips - can: kvaser_usb: do not increase tx statistics when sending error message frames - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT - can: kvaser_usb_leaf: Set Warning state even without bus errors - can: kvaser_usb_leaf: Fix improved state not being reported - can: kvaser_usb_leaf: Fix wrong CAN state after stopping - can: kvaser_usb_leaf: Fix bogus restart events - can: kvaser_usb: Add struct kvaser_usb_busparams - can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming - media: vivid: fix compose size exceed boundary - mtd: Fix device name leak when register device failed in add_mtd_device() - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port - drm/radeon: Add the missed acpi_put_table() to fix memory leak - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() - wifi: ath10k: Fix return value in ath10k_pci_init() - [arm64] Input: elants_i2c - properly handle the reset GPIO when power is off - media: solo6x10: fix possible memory leak in solo_sysfs_init() - HID: hid-sensor-custom: set fixed size for custom attributes - bonding: Export skip slave logic to function - media: imon: fix a race condition in send_packet() - pinctrl: pinconf-generic: add missing of_node_put() - media: dvb-core: Fix ignored return value in dvb_register_frontend() - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (CVE-2023-28328) - [arm*] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() - NFSv4.2: Fix a memory stomp in decode_attr_security_label - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn - [x86] ALSA: asihpi: fix missing pci_disable_device() - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails - regulator: core: fix module refcount leak in set_supply() - media: saa7164: fix missing pci_disable_device() - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt - SUNRPC: Fix missing release socket in rpc_sockname() - NFSv4.x: Fail client initialisation if state manager thread can't run - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() - mmc: toshsd: fix return value check of mmc_add_host() - mmc: vub300: fix return value check of mmc_add_host() - [armhf] mmc: wmt-sdmmc: fix return value check of mmc_add_host() - [arm64] mmc: meson-gx: fix return value check of mmc_add_host() - mmc: via-sdmmc: fix return value check of mmc_add_host() - [x86] mmc: wbsd: fix return value check of mmc_add_host() - [arm*] mmc: mmci: fix return value check of mmc_add_host() - [armhf] clk: samsung: Fix memory leak in _samsung_clk_register_pll() - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() - blktrace: Fix output non-blktrace event when blk_classic option enabled - [armhf] clk: socfpga: use clk_hw_register for a5/c5 - [x86] net: vmw_vsock: vmci: Check memcpy_from_msg() - net: defxx: Fix missing err handling in dfx_init() - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() - [x86] net: farsync: Fix kmemleak when rmmods farsync - net/tunnel: wait until all sk_user_data reader finish before releasing the sock - [i386] hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() - [i386] net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() - [amd64,arm64] net: amd-xgbe: Fix logic around active and passive cables - [amd64,arm64] net: amd-xgbe: Check only the minimum speed for active/ passive cables - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() - [x86] Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (regression in 4.19.254) - [arm*] stmmac: fix potential division by 0 (regression in 4.19.122) - apparmor: fix a memleak in multi_transaction_new() - apparmor: fix lockdep warning when removing a namespace - apparmor: Fix abi check to include v8 abi - f2fs: fix normal discard process - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port - [x86] scsi: scsi_debug: Fix a warning in resp_write_scat() - PCI: Check for alloc failure in pci_request_irq() - [amd64] RDMA/hfi: Decrease PCI device reference count in error path - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed - scsi: hpsa: use local workqueues instead of system workqueues - scsi: hpsa: Fix possible memory leak in hpsa_init_one() - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak - scsi: hpsa: Fix error handling in hpsa_add_sas_host() - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() - scsi: fcoe: Fix possible name leak when device_register() fails - [x86] scsi: ipr: Fix WARNING in ipr_init() - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails - scsi: snic: Fix possible UAF in snic_tgt_create() - [amd64] RDMA/hfi1: Fix error return code in parse_platform_config() - orangefs: Fix sysfs not cleanup when dev init failed - [x86] hwrng: amd - Fix PCI device refcount leak - [i386] hwrng: geode - Fix PCI device refcount leak - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces - [arm*] serial: tegra: avoid reg access when clk disabled - [arm*] serial: tegra: check for FIFO mode enabled status - [arm*] serial: tegra: set maximum num of uart ports to 8 - [arm*] serial: tegra: add support to use 8 bytes trigger - [arm*] serial: tegra: add support to adjust baud rate - [arm*] serial: tegra: report clk rate errors - [arm*] serial: tegra: Add PIO mode support - [arm*] tty: serial: tegra: Activate RX DMA transfer by request - [arm*] serial: tegra: Read DMA status before terminating - [x86] usb: typec: Check for ops->exit instead of ops->enter in altmode_exit - [arm*] serial: amba-pl011: avoid SBSA UART accessing DMACR register - [arm*] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. (regression in 4.19.253) - [i386] serial: pch: Fix PCI device refcount leak in pch_request_dma() - [x86] misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (CVE-2022-3424) - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() - usb: gadget: f_hid: optional SETUP/SET_REPORT mode - usb: gadget: f_hid: fix f_hidg lifetime vs cdev - usb: gadget: f_hid: fix refcount leak on error path - chardev: fix error handling in cdev_device_add() - [i386] i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe - [x86] staging: rtl8192u: Fix use after free in ieee80211_rx() - [x86] staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() - [x86] i2c: ismt: Fix an out-of-bounds bug in ismt_access() (CVE-2022-2873) - usb: storage: Add check for kcalloc - tracing/hist: Fix issue of losting command info in error_log - [x86] fbdev: pm2fb: fix missing pci_disable_device() - [x86] fbdev: via: Fix error in via_core_init() - [x86] fbdev: vermilion: decrease reference count in error path - [x86] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() - [armhf] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() - [armhf] HSI: omap_ssi_core: fix possible memory leak in ssi_probe() - power: supply: fix residue sysfs file in error handle route of __power_supply_register() - perf symbol: correction while adjusting symbol (regression in 4.19.255) - [armhf] HSI: omap_ssi_core: Fix error handling in ssi_init() - include/uapi/linux/swab: Fix potentially missing __always_inline - [armhf] rtc: snvs: Allow a time difference on clock register read - [amd64] iommu/amd: Fix pci device refcount leak in ppr_notifier() - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (regression in 4.19.130) - [x86] mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() - [x86] mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() - [x86] mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() - nfc: pn533: Clear nfc_target before being used - r6040: Fix kmemleak in probe and remove - openvswitch: Fix flow lookup to use unmasked key - skbuff: Account for tail adjustment during pull operations - net_sched: reject TCF_EM_SIMPLE case for complex ematch module - rxrpc: Fix missing unlock in rxrpc_do_sendmsg() - myri10ge: Fix an error handling path in myri10ge_probe() - net: stream: purge sk_error_queue in sk_stream_kill_queues() (regression in 4.19.218) - fs: jfs: fix shift-out-of-bounds in dbAllocAG - udf: Avoid double brelse() in udf_rename() - fs: jfs: fix shift-out-of-bounds in dbDiscardAG - ACPICA: Fix error code path in acpi_ds_call_control_method() - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() - acct: fix potential integer overflow in encode_comp_t() - hfs: fix OOB Read in __hfs_brec_find - wifi: ath9k: verify the expected usb_endpoints are present - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out - bpf: make sure skb->len != 0 when redirecting to a tunneling device - [i386] hamradio: baycom_epp: Fix return type of baycom_send_packet() - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() - igb: Do not free q_vector unless new one was allocated - drm/amdgpu: Fix type of second parameter in trans_msg() callback - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() - md/raid1: stop mdx_raid1 thread when raid1 array run failed - mrp: introduce active flags to prevent UAF when applicant uninit - ppp: associate skb with a device at tx - media: dvb-frontends: fix leak of memory fw - media: dvbdev: adopts refcnt to avoid UAF - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() - blk-mq: fix possible memleak when register 'hctx' failed - regulator: core: fix use_count leakage when handling boot-on - [arm64] mmc: f-sdh30: Add quirks for broken timeout clock capability - media: si470x: Fix use-after-free in si470x_int_in_callback() - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() - [arm*] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() - [x86] ASoC: rt5670: Remove unbalanced pm_runtime_put() - [arm*] usb: dwc3: core: defer probe on ulpi_read_id timeout - HID: wacom: Ensure bootloader PID is usable in hidraw mode - reiserfs: Add missing calls to reiserfs_security_free() - media: dvbdev: fix refcnt bug - ata: ahci: Fix PCS quirk application for suspend (regression in 4.19.77) - HID: plantronics: Additional PIDs for double volume key presses quirk - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount - ovl: Use ovl mounter's fsuid and fsgid in ovl_link() - ALSA: line6: correct midi status byte when receiving data from podxt - ALSA: line6: fix stack overflow in line6_midi_transmit - pnode: terminate at peers of source - md: fix a crash in mempool_free - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails - media: stv0288: use explicitly signed char - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort - dm thin: Use last transaction's pmd->root when commit failed - dm thin: Fix UAF in run_timer_softirq() - dm cache: Fix UAF in destroy() - dm cache: set needs_check flag after aborting metadata - [x86] microcode/intel: Do not retry microcode reloading on the APs - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line - media: dvb-core: Fix double free in dvb_register_device() (regression in 4.19.77) - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218) - md/bitmap: Fix bitmap chunk size overflow issues - ipmi: fix long wait in unload when IPMI disconnect - ipmi: fix use after free in _ipmi_destroy_user() - PCI: Fix pci_device_is_present() for VFs by checking PF - PCI/sysfs: Fix double free in error path - [amd64] iommu/amd: Fix ivrs_acpihid cmdline parsing code - device_cgroup: Roll back to original exceptions after copy failure - drm/connector: send hotplug uevent on connector cleanup - [x86] drm/vmwgfx: Validate the box size for the snooped cursor (CVE-2022-36280) - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop - ext4: add helper to check quota inums - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode - ext4: init quota for 'old.inode' in 'ext4_rename' - ext4: fix corruption when online resizing a 1K bigalloc fs - ext4: fix error code return to user-space in ext4_get_branch() - ext4: avoid BUG_ON when creating xattrs - ext4: fix inode leak in ext4_xattr_inode_create() on an error path - ext4: initialize quota before expanding inode in setproject ioctl - ext4: avoid unaccounted block allocation when expanding inode - ext4: allocate extended attribute value in vmalloc area - btrfs: send: avoid unnecessary backref lookups when finding clone source - btrfs: replace strncpy() with strscpy() - dm thin: resume even if in FAIL mode - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data - driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set - ext4: goto right label 'failed_mount3a' - ext4: correct inconsistent error msg in nojournal mode - ext4: use kmemdup() to replace kmalloc + memcpy - mbcache: don't reclaim used entries - mbcache: add functions to delete entry if unused - ext4: remove EA inode entry from mbcache on inode eviction - ext4: unindent codeblock in ext4_xattr_block_set() - ext4: fix race when reusing xattr blocks - mbcache: automatically delete entries from cache on freeing - ext4: fix deadlock due to mbcache entry corruption - SUNRPC: ensure the matching upcall is in-flight upon downcall - bpf: pull before calling skb_postpull_rcsum() - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure - nfc: Fix potential resource leaks - [amd64,arm64] net: amd-xgbe: add missed tasklet_kill - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC - net: sched: atm: dont intepret cls results when asked to drop (CVE-2023-23455) - usb: rndis_host: Secure rndis_query check against int overflow - udf: Fix extension of the last extent in the file - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet - [x86] bugs: Flush IBP in ib_prctl_set() (CVE-2023-0045) - nfsd: fix handling of readdir in v4root vs. mount upcall timeout - ext4: don't allow journal inode to have encrypt flag - hfs/hfsplus: use WARN_ON for sanity check - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling - mbcache: Avoid nesting of cache->c_list_lock under bit locks - driver core: Fix bus_type.match() error handling in __driver_attach() - net: sched: disallow noqueue for qdisc classes (CVE-2022-47929) - perf auxtrace: Fix address filter duplicate symbol selection - net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461) - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) - cifs: Fix uninitialized memory read for smb311 posix symlink create - [x86] platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (CVE-2023-0394) - [x86] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later - quota: Factor out setup of quota inode - ext4: fix bug_on in __es_tree_search caused by bad quota inode - ext4: lost matching-pair of trace in ext4_truncate - ext4: fix use-after-free in ext4_orphan_cleanup - ext4: fix uninititialized value in 'ext4_evict_inode' - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. - [x86] boot: Avoid using Intel mnemonics in AT&T syntax asm - EDAC/device: Fix period calculation in edac_device_reset_delay_period() - hvc/xen: lock console list traversal - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() - net/mlx5: Rename ptp clock info - net/mlx5: Fix ptp max frequency adjustment range - drm/virtio: Fix GEM handle creation UAF - [arm64] cmpxchg_double*: hazard against entire exchange variable - efi: fix NULL-deref in init error path (regression in 4.19.142) - [arm*] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started - [arm*] serial: tegra: Only print FIFO error message when an error occurs - [arm*] serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.271 - pNFS/filelayout: Fix coalescing test for single DS - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats - RDMA/srp: Move large values to a new enum for gcc13 - f2fs: let's avoid panic if extent_tree is not created - nilfs2: fix general protection fault in nilfs_btree_insert() - xhci-pci: set the dma max_seg_size - usb: xhci: Check endpoint is valid before dereferencing it - xhci: Fix null pointer dereference when host dies - xhci: Add a flag to disable USB3 lpm on a xhci root port level. - prlimit: do_prlimit needs to have a speculation check (CVE-2023-0458) - USB: serial: option: add Quectel EM05-G (GR) modem - USB: serial: option: add Quectel EM05-G (CS) modem - USB: serial: option: add Quectel EM05-G (RS) modem - USB: serial: option: add Quectel EC200U modem - USB: serial: option: add Quectel EM05CN (SG) modem - USB: serial: option: add Quectel EM05CN modem - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 - usb: core: hub: disable autosuspend for TI TUSB8041 - [x86] comedi: adv_pci1760: Fix PWM instruction handling - [arm*] mmc: sunxi-mmc: Fix clock refcount imbalance during unbind - cifs: do not include page data when checking signature - USB: serial: cp210x: add SCALANCE LPE-9000 device id - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 - [i386] serial: pch_uart: Pass correct sg to dma_unmap_sg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.272 - [armhf] dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' - [amd64] intel_ish-hid: Add check for ishtp_dma_tx_map - [amd64] IB/hfi1: Reject a zero-length user expected buffer - [amd64] IB/hfi1: Reserve user expected TIDs - [amd64] IB/hfi1: Fix expected receive setup error exit issues - affs: initialize fsdata in affs_truncate() - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent - amd-xgbe: Delay AN timeout during KR training - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation - [arm64] phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() - net: nfc: Fix use-after-free in local_cleanup() - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (CVE-2023-23559) - net: usb: sr9700: Handle negative len - net: mdio: validate parameter addr in mdiobus_get_phy() - HID: check empty report_list in hid_validate_values() (CVE-2023-1073) - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request - net: mlx5: eliminate anonymous module_init & module_exit - dmaengine: Fix double increment of client_count in dma_chan_get() - [arm64] net: macb: fix PTP TX timestamp failure due to packet padding - HID: betop: check shape of output reports - tcp: avoid the lookup process failing to get sk in ehash table - w1: fix deadloop in __w1_remove_master_device() - w1: fix WARNING after calling w1_process() - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state - block: fix and cleanup bio_check_ro - perf env: Do not return pointers to local variables - fs: reiserfs: remove useless new_opts in reiserfs_remount - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed - scsi: hpsa: Fix allocation size for scsi_host_alloc() - module: Don't wait for GOING modules - tracing: Make sure trace_printk() can output as soon as it can be used - trace_events_hist: add check for return value of 'create_hist_field' - smbd: Make upper layer decide when to destroy the transport - cifs: Fix oops due to uncleared server->smbd_conn in reconnect - EDAC/device: Respect any driver-supplied workqueue polling value - net: fix UaF in netns ops registration error path (regression in 4.19.264) - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection - netlink: remove hash::nelems check in netlink_insert - netlink: annotate data races around nlk->portid - netlink: annotate data races around dst_portid and dst_group - netlink: annotate data races around sk_state - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE - [x86] netrom: Fix use-after-free of a listening socket. (regression in 4.19.199) - sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074) - net/tg3: resolve deadlock in tg3_reset_task() during EEH - [x86] Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (regression in 4.19.268) - [x86] i8259: Mark legacy PIC interrupts with IRQ_LEVEL - [x86] drm/i915/display: fix compiler warning about array overrun - [armhf] dts: imx: Fix pca9547 i2c-mux node name - [armhf] dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init - panic: unset panic_on_warn inside panic() - exit: Add and use make_task_dead. - exit: Put an upper limit on how often we can oops - exit: Expose "oops_count" to sysfs - exit: Allow oops_limit to be disabled - panic: Consolidate open-coded panic_on_warn checks - panic: Introduce warn_limit - panic: Expose "warn_count" to sysfs - docs: Fix path paste-o for /sys/kernel/warn_count - exit: Use READ_ONCE() for all oops/warn limit reads - ipv6: ensure sane device mtu in tunnels - [arm*] usb: host: xhci-plat: add wakeup entry at sysfs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.273 - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region - [arm*] bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() - [x86] netrom: Fix use-after-free caused by accept on already connected socket - ata: libata: Fix sata_down_spd_limit() when no link speed is reported - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new - scsi: target: core: Fix warning on RT kernels - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (CVE-2023-2162) - [arm*] i2c: rk3x: fix a bunch of kernel-doc warnings - [arm64] usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API - [arm64] usb: dwc3: qcom: enable vbus override when in OTG dr-mode - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF - [x86] Input: i8042 - merge quirk tables - [x86] Input: i8042 - add TUXEDO devices to i8042 quirk tables - [x86] Input: i8042 - add Clevo PCX0DX to i8042 quirk table - [x86] nVMX x86: Check VMX-preemption timer controls on vmentry of L2 guests - [x86] KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup() - [x86] KVM: x86/vmx: Do not skip segment attributes if unusable bit is set - [x86] thermal: intel: int340x: Protect trip temperature from concurrent updates - fbcon: Check font dimension limits - efi: Accept version 2 of memory attributes table - iio: hid: fix the retval in accel_3d_capture_sample - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps - mm/swapfile: add cond_resched() in get_swap_pages() - Squashfs: fix handling and sanity checking of xattr_ids count - serial: 8250_dma: Fix DMA Rx completion race - serial: 8250_dma: Fix DMA Rx rearm race - [x86] thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() - btrfs: limit device extents to the device size - [x86] ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() - [amd64] IB/hfi1: Restore allocated resources on failed copyout - [arm64] net: phy: meson-gxl: add g12a support - [arm64] net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078) - ALSA: pci: lx6464es: fix a debug loop - [arm*] pinctrl: single: fix potential NULL dereference - [x86] pinctrl: intel: Convert unsigned to unsigned int - [x86] pinctrl: intel: Restore the pins that used to be in Direct IRQ mode - net: USB: Fix wrong-direction WARNING in plusb.c - usb: core: add quirk for Alcor Link AK9563 smartcard reader - [arm64] dts: meson-gx: Make mmc host controller interrupts level- sensitive - [arm64] dts: meson-axg: Make mmc host controller interrupts level- sensitive - bpf: Always return target ifindex in bpf_fib_lookup - migrate: hugetlb: check for hugetlb shared PMD in node migration - [x86] net/rose: Fix to not accept on connected socket - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association - aio: fix mremap after fork null-deref - netfilter: nft_tproxy: restrict to prerouting hook - mmc: sdio: fix possible resource leaks in some error paths - ALSA: hda/conexant: add a new hda codec SN6180 - ALSA: hda/realtek - fixed wrong gpio assigned - [armhf,i386] hugetlb: check for undefined shift on 32 bit architectures - i40e: add double of VLAN header when computing the max MTU - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path - [arm*] net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence - bnxt_en: Fix mqprio and XDP ring checking logic - [arm*] net: stmmac: Restrict warning on disabling DMA store and fwd mode - net: mpls: fix stale pointer if allocation fails during device rename (CVE-2023-26545) - ipv6: Fix datagram socket connection with DSCP. - ipv6: Fix tcp socket connection with DSCP. - i40e: Add checking for null for nlmsg_find_attr() - [x86] kvm: initialize all of the kvm_debugregs structure before sending it to userspace (CVE-2023-1513) - nilfs2: fix underflow in second superblock position calculations - [arm64] net: phy: meson-gxl: Add generic dummy stubs for MMD register access https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.274 - wifi: rtl8xxxu: gen2: Turn on the rate control - random: always mix cycle counter in add_latent_entropy() - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len - alarmtimer: Prevent starvation by small intervals and SIG_IGN - [x86] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (CVE-2022-3707) - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh - uaccess: Add speculation barrier to copy_from_user() (CVE-2023-0459) - bpf: add missing header file include https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.275 - [armhf] dts: rockchip: add power-domains property to dp node on rk3288 - [amd64,arm64] ACPI: NFIT: fix a potential deadlock during NFIT teardown - btrfs: send: limit number of clones and allocated memory size - [amd64] IB/hfi1: Assign npages earlier - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). - vc_screen: don't clobber return value in vcs_read - USB: serial: option: add support for VW/Skoda "Carstick LTE" - USB: core: Don't hold device lock while reading the "descriptors" sysfs file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.276 - HID: asus: Remove check for same LED brightness on set - HID: asus: use spinlock to protect concurrent accesses - HID: asus: use spinlock to safely schedule workers (CVE-2023-1079) - [armhf] OMAP2+: Fix memory leak in realtime_counter_init() - [armhf] imx: Call ida_simple_remove() for ida_simple_get - [arm64] dts: meson-axg: enable SCPI - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx - block: bio-integrity: Copy flags when bio_integrity_payload is cloned - wifi: rsi: Fix memory leak in rsi_coex_attach() - wifi: libertas: fix memory leak in lbs_init_adapter() - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() - rtlwifi: fix -Wpointer-sign warning - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() - ipw2x00: switch from 'pci_' to 'dma_' API - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() - wifi: ipw2200: fix memory leak in ipw_wdev_init() - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() - [x86] wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() - [x86] ACPICA: Drop port I/O validation for some regions - genirq: Fix the return type of kstat_cpu_irqs_sum() - lib/mpi: Fix buffer overrun when SG is too long - ACPICA: nsrepair: handle cases without a return value correctly - [x86] wifi: orinoco: check return value of hermes_write_wordrec() - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() - [x86] ACPI: battery: Fix missing NUL-termination with large strings - crypto: seqiv - Handle EBUSY correctly - Bluetooth: L2CAP: Fix potential user-after-free - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() - crypto: rsa-pkcs1pad - Use akcipher_request_complete - wifi: iwl3945: Add missing check for create_singlethread_workqueue - wifi: iwl4965: Add missing check for create_singlethread_workqueue() - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error - [arm*] drm/vc4: dpi: Add option for inverting pixel clock and output enable - [arm*] drm/vc4: dpi: Fix format mapping for RGB565 - [arm64] drm/msm/hdmi: Add missing check for alloc_ordered_workqueue - ALSA: hda/ca0132: minor fix for allocation size - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness - [arm64] drm/msm: use strscpy instead of strncpy - [arm64] drm/msm/dpu: Add check for pstates - [arm*] gpu: host1x: Don't skip assigning syncpoints to channels - [x86] ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() - scsi: aic94xx: Add missing check for dma_map_single() - nfsd: fix race to check ls_layouts - gfs2: jdata writepage fix - perf llvm: Fix inadvertent file creation - [arm64] perf tools: Fix auto-complete on aarch64 - [armhf] mtd: rawnand: sunxi: Fix the size of the last OOB region - Input: ads7846 - don't report pressure for ads7845 - Input: ads7846 - don't check penirq immediately for 7845 - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() - [armhf] media: platform: ti: Add missing check for devm_regulator_get - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118) - media: i2c: ov7670: 0 instead of -EINVAL was returned - media: usb: siano: Fix use after free bugs caused by do_submit_urb - [arm64] rpmsg: glink: Avoid infinite loop on intent for missing channel - [armhf] dts: exynos: Use Exynos5420 compatible for the MIPI video phy - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() - rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() - [x86] thermal: intel: Fix unsigned comparison with less than zero - timers: Prevent union confusion from unexpected restart_syscall() - [x86] bugs: Reset speculation control settings on init - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack- out-of-bounds - inet: fix fast path in __inet_hash_connect() - ACPI: Don't build ACPICA with '-Os' - [x86] ACPI: video: Fix Lenovo Ideapad Z570 DMI match - drm/amd/display: Fix potential null-deref in dm_resume - [arm64] drm/msm/dsi: Add missing check for alloc_ordered_workqueue - dm thin: add cond_resched() to various workqueue loops - dm cache: add cond_resched() to various workqueue loops - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu - [arm64] rtc: pm8xxx: fix set-alarm race - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create - fs: hfsplus: fix UAF issue in hfsplus_put_super - f2fs: fix information leak in f2fs_move_inline_dirents() - ocfs2: fix defrag path triggering jbd2 ASSERT - ocfs2: fix non-auto defrag path not working issue - udf: Truncate added extents on failed expansion - udf: Do not bother merging very long extents - udf: Do not update file length for failed writes to inline files - udf: Fix file corruption when appending just after end of preallocated extent - [x86] virt: Force GIF=1 prior to disabling SVM (for reboot flows) - [x86] crash: Disable virt in core NMI crash handler to avoid double shootdown - [x86] reboot: Disable virtualization in an emergency if SVM is supported - [x86] reboot: Disable SVM, not just VMX, when stopping CPUs - [x86] kprobes: Fix __recover_optprobed_insn check optimizing logic - [x86] kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range - [x86] microcode/amd: Remove load_microcode_amd()'s bsp parameter - [x86] microcode/AMD: Add a @cpu parameter to the reloading functions - [x86] microcode/AMD: Fix mixed steppings support - [x86] speculation: Allow enabling STIBP with legacy IBRS (CVE-2023-1998) - irqdomain: Fix association race - irqdomain: Fix disassociation race - irqdomain: Drop bogus fwspec-mapping error handling - [x86] ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() - ext4: optimize ea_inode block expansion - ext4: refuse to create ea block when umounted - wifi: rtl8xxxu: Use a longer retry limit of 48 - wifi: cfg80211: Fix use after free for wext - dm flakey: fix logic when corrupting a bio - dm flakey: don't corrupt the zero page - [armhf] dts: exynos: correct TMU phandle in Exynos4 - [armhf] dts: exynos: correct TMU phandle in Odroid XU - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails - scsi: qla2xxx: Fix link failure in NPIV environment - scsi: qla2xxx: Fix erroneous link down - scsi: ses: Don't attach if enclosure has no components - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses - scsi: ses: Fix possible desc_ptr out-of-bounds accesses - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() - [x86] PCI: Avoid FLR for AMD FCH AHCI adapters - [x86] drm/radeon: Fix eDP for single-display iMac11,2 - wifi: ath9k: use proper statements in conditionals - net/sched: Retire tcindex classifier (CVE-2023-1281, CVE-2023-1829) - fs/jfs: fix shift exponent db_agl2size negative - ubi: ensure that VID header offset + VID header size <= alloc, size - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted - ubifs: Rectify space budget for ubifs_xrename() - ubifs: Fix wrong dirty space budget for dirty inode - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 - ubifs: Reserve one leb for each journal head while doing budget - ubi: Fix use-after-free when volume resizing failed - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() - ubi: Fix possible null-ptr-deref in ubi_free_volume() - ubifs: Re-statistic cleaned znode count if commit failed - ubifs: dirty_cow_znode: Fix memleak in error handling path - ubifs: ubifs_writepage: Mark page dirty after writing inode failed - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed - [x86] watchdog: pcwd_usb: Fix attempting to access uninitialized memory - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() - net: fix __dev_kfree_skb_any() vs drop monitor - 9p/xen: fix version parsing - 9p/xen: fix connection sequence - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() - nfc: fix memory leak of se_io context in nfc_genl_se_io - tcp: tcp_check_req() can be called from process context - vc_screen: modify vcs_size() handling in vcs_read() - [x86] scsi: ipr: Work around fortify-string warning - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() - [x86] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 - media: uvcvideo: Handle cameras with invalid descriptors - media: uvcvideo: Handle errors from calls to usb_string - media: uvcvideo: Silence memcpy() run-time false positive warnings - tty: fix out-of-bounds access in tty_driver_lookup_tty() - [x86] mei: bus-fixup:upon error print return values of send and receive - USB: ene_usb6250: Allocate enough memory for full object - [arm64] phy: rockchip-typec: Fix unsigned comparison with less than zero - Bluetooth: hci_sock: purge socket queues in the destruct() callback - tcp: Fix listen() regression in 4.19.270 - media: uvcvideo: Provide sync and async uvc_ctrl_status_event - media: uvcvideo: Fix race condition with usb_kill_urb - f2fs: fix cgroup writeback accounting with fs-layer encryption - [x86] thermal: intel: powerclamp: Fix cur_state for multi package system https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.277 - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" - [x86] staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script - [x86] staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.278 - fs: prevent out-of-bounds array speculation when closing a file descriptor - [x86] CPU/AMD: Disable XSAVES on AMD family 0x17 - ext4: fix RENAME_WHITEOUT handling for inline directories (regression in 4.19.183) - ext4: fix another off-by-one fsmap error on 1k block filesystems - ext4: move where set the MAY_INLINE_DATA flag is set - ext4: fix WARNING in ext4_update_inline_data - ext4: zero i_disksize when initializing the bootloader inode - nfc: change order inside nfc_se_io error path - udf: reduce leakage of blocks related to named streams - udf: Remove pointless union in udf_inode_info - udf: Preserve link count of system files - udf: Detect system inodes linked into directory hierarchy - kbuild: fix false-positive need-builtin calculation - kbuild: generate modules.order only in directories visited by obj-y/m - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier - tipc: improve function tipc_wait_for_cond() - [x86] drm/i915: Don't use BAR mappings for ring buffers with LLC - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.279 - ext4: fix cgroup writeback accounting with fs-layer encryption - fs: sysfs_emit_at: Remove PAGE_SIZE alignment check (regression in 4.19.179) - tcp: tcp_make_synack() can be called from process context - nfc: pn533: initialize struct pn533_out_arg properly - qed/qed_dev: guard against a possible division by zero - net: tunnels: annotate lockless accesses to dev->needed_headroom - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (CVE-2023-1990) - net: usb: smsc75xx: Limit packet length to skb->len - nvmet: avoid potential UAF in nvmet_req_complete() - ipv4: Fix incorrect table ID in IOCTL path - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull - hwmon: (adt7475) Display smoothing attributes in correct order - hwmon: (adt7475) Fix masking of hysteresis registers - [arm64] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (CVE-2023-1855) - jffs2: correct logic when creating a hole in jffs2_write_begin - ext4: fail ext4_iget if special inode unallocated - ext4: fix task hung in ext4_xattr_delete_inode - [amd64] drm/amdkfd: Fix an illegal memory access - tracing: Check field value in hist_field_name() - ftrace: Fix invalid address access in lookup_rec() when index is 0 - [x86] mm: Fix use of uninitialized buffer in sme_enable() - [x86] drm/i915: Don't use stolen memory for ring buffers with LLC - HID: core: Provide new max_buffer_size attribute to over-ride the default - HID: uhid: Over-ride the default maximum data buffer value with our own https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.280 - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772) - i40evf: Change a VF mac without reloading the VF driver - intel-ethernet: rename i40evf to iavf - iavf: diet and reformat - iavf: fix inverted Rx hash condition leading to disabled hash - intel/igbvf: free irq on the error path in igbvf_request_msix() - igbvf: Regard vf reset nack as success - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() - net: usb: smsc95xx: Limit packet length to skb->len - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info - [x86] xirc2ps_cs: Fix use after free bug in xirc2ps_detach (CVE-2023-1670) - [arm64] net: qcom/emac: Fix use after free bug in emac_remove due to race condition - bpf: Adjust insufficient default bpf_jit_limit - net/mlx5: Read the TC mapping of all priorities on ETS query - erspan: do not use skb_mac_header() in ndo_start_xmit() - hvc/xen: prevent concurrent accesses to the shared ring - [arm64] net: mdio: thunder: Add missing fwnode_handle_put() - [arm64 ]Bluetooth: btqcomsmd: Fix command timeout after setting BD address - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989) - [x86] hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 - [x86] thunderbolt: Use const qualifier for `ring_interrupt_index` - scsi: target: iscsi: Fix an error message in iscsi_check_key() - scsi: ufs: core: Add soft dependency on governor_simpleondemand - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 - net: usb: qmi_wwan: add Telit 0x1080 composition - cifs: empty interface list when server doesn't support query interfaces - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR - usb: gadget: u_audio: don't let userspace block driver unbind - igb: revert rtnl_lock() that causes deadlock (regression in 4.19.256) - dm thin: fix deadlock when swapping to thin device - [arm*] usb: chipdea: core: fix return -EINVAL if request role is the same with current role - [arm*] usb: chipidea: core: fix possible concurrent when switch role - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() - [arm64] i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (CVE-2023-2194) - dm stats: check for and propagate alloc_percpu failure - dm crypt: add cond_resched() to dmcrypt_write() - sched/fair: sanitize vruntime of entity being placed - sched/fair: Sanitize vruntime of entity being migrated - tun: avoid double free in tun_free_netdev (CVE-2022-4744) - ocfs2: fix data corruption after failed write (regression in 4.19.155) - md: avoid signed overflow in slot_store() - [x86] ALSA: asihpi: check pao in control_message() - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized - [i386] fbdev: lxfb: Fix potential divide by zero - scsi: megaraid_sas: Fix crash after a double completion - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write - i40e: fix registers dump after run ethtool adapter self test - [arm*] net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only - [arm*] net: mvneta: make tx buffer array agnostic - [arm*] Input: alps - fix compatibility with -funsigned-char - [arm*] Input: focaltech - use explicitly signed char type - cifs: prevent infinite recursion in CIFSGetDFSRefer() - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL - xen/netback: don't do grant copy across page boundary (regression in 4.19.269) - [x86] ALSA: hda/conexant: Partial revert of a quirk for Lenovo (regression in 4.19.256) - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (regression in 4.19.164) - [armhf] drm/etnaviv: fix reference leak when mmaping imported buffer - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' - gfs2: Always check inode size of inline inodes - net: sched: cbq: dont intepret cls results when asked to drop (CVE-2023-23454) - cgroup/cpuset: Change cpuset_rwsem and hotplug lock order - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (regression in 4.19.232) - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.281 - pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver - pinctrl: amd: Use irqchip template - pinctrl: amd: disable and mask interrupts on probe - NFSv4: Convert struct nfs4_state to use refcount_t - NFSv4: Check the return value of update_open_stateid() - NFSv4: Fix hangs when recovering open state after a server reboot - [arm64] pwm: cros-ec: Explicitly set .polarity in .get_state() - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta - icmp: guard against too small mtu - net: don't let netpoll invoke NAPI if in xmit context - sctp: check send stream number after wait_for_sndbuf - ipv6: Fix an uninit variable access bug in __ip6_make_skb() - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs - USB: serial: option: add Telit FE990 compositions - USB: serial: option: add Quectel RM500U-CN modem - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() - nilfs2: fix sysfs interface lifetime - [x86] ALSA: hda/realtek: Add quirk for Clevo X370SNW - perf/core: Fix the same task check in perf_event_set_output - ftrace: Mark get_lock_parent_ip() __always_inline - ring-buffer: Fix race while reader and writer are on the same page - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() - [x86] ALSA: emu10k1: fix capture interrupt handler unlinking - [x86] ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard - [x86] ALSA: i2c/cs8427: fix iec958 mixer control deactivation - [x86] ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} - Bluetooth: Fix race condition in hidp_session_thread - mtdblock: tolerate corrected bit-flips - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition (CVE-2023-1859) - niu: Fix missing unwind goto in niu_alloc_channels() - qlcnic: check pci_reset_function result - sctp: fix a potential overflow in sctp_ifwdtsn_skip - [arm64] net: macb: fix a memory corruption in extended buffer descriptor mode - udp6: fix potential access to stale information - [arm64] power: supply: cros_usbpd: reclassify "default case!" as debug - [x86] efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L - [amd64] verify_pefile: relax wrapper length check - scsi: ses: Handle enclosure with just a primary component gracefully - [x86] PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size - ubi: Fix deadlock caused by recursively holding work_sem - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() - [arm64] watchdog: sbsa_wdog: Make sure the timeout programming is within the limits - [x86] KVM: nVMX: add missing consistency checks for CR0 and CR4 (CVE-2023-30456) - [arm64] KVM: arm64: Factor out core register ID enumeration - [arm64] KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (regression in 4.19) - [arm64] KVM: Fix system register enumeration https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.282 - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg - virtio_net: bugfix overflow inside xdp_linearize_page() - i40e: fix accessing vsi->active_filters without holding lock - i40e: fix i40e_setup_misc_vector() error handling - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() - e1000e: Disable TSO on i219-LM card to increase speed - f2fs: Fix f2fs_truncate_partial_nodes ftrace event - [x86] Input: i8042 - add quirk for Fujitsu Lifebook A574/H - scsi: megaraid_sas: Fix fw_crash_buffer_show() - scsi: core: Improve scsi_vpd_inquiry() checks - xen/netback: use same error messages for same errors - nilfs2: initialize unused bytes in segment summary blocks - memstick: fix memory leak if card device is never registered - [x86] purgatory: Don't generate debug info for purgatory.ro - Revert "ext4: fix use-after-free in ext4_xattr_set_entry" (regression in 4.19.256) - ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() - ext4: fix use-after-free in ext4_xattr_set_entry - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). - dccp: Call inet6_destroy_sock() via sk->sk_destruct(). - sctp: Call inet6_destroy_sock() via sk->sk_destruct(). [ Ben Hutchings ] * Bump ABI to 24 * [armhf] Disable LOCK_DOWN_KERNEL, LOCK_DOWN_IN_EFI_SECURE_BOOT, and MODULE_SIG where we don't sign code (Closes: #825141) * [rt] Update to 4.19.280-rt123: - workqueue: Fix deadlock due to recursive locking of pool->lock * [rt] netpoll: Fix netif_local_xmit_active() for 4.19-rt -- Ben Hutchings Sat, 29 Apr 2023 22:07:39 +0200 linux (4.19.269-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.261 - uas: add no-uas quirk for Hiksemi usb_disk - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS - uas: ignore UAS for Thinkplus chips - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 - mm/page_alloc: fix race condition between build_all_zonelists and page allocation - mm: prevent page_frag_alloc() from corrupting the memory - mm/migrate_device.c: flush TLB while holding PTL - [arm64,armhf] soc: sunxi: sram: Actually claim SRAM regions - [arm64,armhf] soc: sunxi: sram: Prevent the driver from being unbound - [arm64,armhf] soc: sunxi: sram: Fix probe function ordering issues - [arm64,armhf] soc: sunxi: sram: Fix debugfs info for A64 SRAM C - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" - usbnet: Fix memory leak in usbnet_disconnect() - nvme: add new line after variable declatation - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.262 - fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978) - scsi: qedf: Fix a UAF bug in __qedf_probe() - net/ieee802154: fix uninit value bug in dgram_sendmsg - usb: mon: make mmapped memory read only (CVE-2022-43750) - USB: serial: ftdi_sio: fix 300 bps rate for SIO - mmc: core: Replace with already defined values for readability - mmc: core: Terminate infinite loop in SD-UHS voltage switch - [arm64] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (CVE-2022-3621) - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (CVE-2022-3646) - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - random: clamp credited irq bits to maximum mixed (regression in 4.19.249) - [i386] ALSA: hda: Fix position reporting on Poulsbo - scsi: stex: Properly zero out the passthrough command structure (CVE-2022-40768) - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - random: restore O_NONBLOCK support (regression in 4.19.249) - random: avoid reading two cache lines on irq randomness (regression in 4.19.249) - random: use expired timer rather than wq for mixing fast pool (regression in 4.19.249) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate - [x86] Input: xpad - add supported devices as contributed on github - [x86] Input: xpad - fix wireless 360 controller breaking after suspend - ALSA: oss: Fix potential deadlock at unregistration - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() - ALSA: usb-audio: Fix potential memory leaks - ALSA: usb-audio: Fix NULL dererence at error path - [x86] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (regression in 4.19.260) - [x86] usb: add quirks for Lenovo OneLink+ Dock - can: kvaser_usb: Fix use of uninitialized completion - can: kvaser_usb_leaf: Fix overread with an invalid command - can: kvaser_usb_leaf: Fix TX queue out of sync after restart - can: kvaser_usb_leaf: Fix CAN state after restart - fs: dlm: fix race between test_bit() and queue_work() - fs: dlm: handle -EBUSY first in lock arg validation - HID: multitouch: Add memory barriers - quota: Check next/prev free block number after reading from quota file - [arm64] regulator: qcom_rpm: Fix circular deferral regression - Revert "fs: check FMODE_LSEEK to control internal pipe splicing" (regression in 4.19.256) - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge - fbdev: smscufx: Fix use-after-free in ufx_ops_open() (CVE-2022-41849) - btrfs: fix race between quota enable and quota rescan ioctl - nilfs2: fix use-after-free bug of struct nilfs_root (CVE-2022-3649) - ext4: avoid crash when inline data creation follows DIO write - ext4: fix null-ptr-deref in ext4_write_info - ext4: make ext4_lazyinit_thread freezable - ext4: place buffer head allocation before handle start - [amd64] livepatch: fix race between fork and KLP transition - ftrace: Properly unset FTRACE_HASH_FL_MOD - ring-buffer: Allow splice to read previous partially read pages - ring-buffer: Check pending waiters when doing wake ups as well - ring-buffer: Fix race between reset page and reading page - [x86] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility - [x86] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() - wifi: mac80211: allow bw change during channel switch in mesh - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() - [arm64] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() - [arm64] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() - wifi: rtl8xxxu: Fix skb misuse in TX queue selection - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration - bpf: Ensure correct locking around vulnerable function find_vpid() - netfilter: nft_fib: Fix for rpath check with VRF devices - vhost/vsock: Use kvmalloc/kvfree for larger packets. - [x86] mISDN: fix use-after-free bugs in l1oip timer handlers (CVE-2022-3565) - sctp: handle the error returned from sctp_auth_asoc_init_active_key (regression in 4.19.199) - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited - net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() - bnx2x: fix potential memory leak in bnx2x_tpa_stop() - once: add DO_ONCE_SLOW() for sleepable contexts - net: mvpp2: fix mvpp2 debugfs leak - [arm64] drm: bridge: adv7511: fix CEC power down control register offset - drm/mipi-dsi: Detach devices when removing the host - [x86] platform/chrome: fix double-free in chromeos_laptop_prepare() - [x86] platform/x86: msi-laptop: Fix old-ec check for backlight registering - [x86] platform/x86: msi-laptop: Fix resource cleanup - [armhf] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API - [arm64] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx - ALSA: dmaengine: increment buffer pointer atomically - [armhf] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() - [armhf] dts: kirkwood: lsxl: fix serial line - [arm64] clk: tegra: Fix refcount leak in tegra210_clock_init - [armhf] HSI: omap_ssi: Fix refcount leak in ssi_probe - [armhf] HSI: omap_ssi_port: Fix dma_map_sg error check - [arm64] tty: xilinx_uartps: Fix the ignore_status - RDMA/rxe: Fix "kernel NULL pointer dereference" error - RDMA/rxe: Fix the error caused by qp->sk - dyndbg: let query-modname override actual module name - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() - ata: fix ata_id_has_devslp() - ata: fix ata_id_has_ncq_autosense() - ata: fix ata_id_has_dipm() - md/raid5: Ensure stripe_fill happens on non-read IO with journal - xhci: Don't show warning for reinit on known broken suspend (regression in 4.19.232) - usb: gadget: function: fix dangling pnp_string in f_printer.c - [x86] drivers: serial: jsm: fix some leaks in probe - [arm64] phy: qualcomm: call clk_disable_unprepare in the error handling - serial: 8250: Fix restoring termios speed after suspend - [amd64] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() - [arm64] spmi: pmic-arb: correct duplicate APID to PPID mapping logic - [armhf] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe - [i386] hyperv: Fix 'struct hv_enlightened_vmcs' definition - [arm64] crypto: cavium - prevent integer overflow loading firmware - f2fs: fix race condition on setting FI_NO_EXTENT flag - [x86] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk - [x86] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue - [x86] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data - wifi: brcmfmac: fix invalid address access when enabling SCAN log level - openvswitch: Fix double reporting of drops in dropwatch - openvswitch: Fix overreporting of drops in dropwatch - tcp: annotate data-race around tcp_md5sig_pool_populated - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() - xfrm: Update ipcomp_scratches with NULL when freed - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times - can: bcm: check the result of can_send() in bcm_can_tx() - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 - wifi: rt2x00: set SoC wmac clock register - wifi: rt2x00: correctly set BBP register 86 for MT7620 - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory - Bluetooth: L2CAP: Fix user-after-free - r8152: Rate limit overflow messages (CVE-2022-3594) - drm: Prevent drm_copy_field() to attempt copying a NULL pointer - [arm64,armh] drm/vc4: vec: Fix timings for VEC modes - [x86] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 - [x86] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading - drm/amdgpu: fix initial connector audio value - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() - scsi: 3w-9xxx: Avoid disabling device if failing to enable it - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() - ata: libahci_platform: Sanity check the DT child nodes number - HID: roccat: Fix use-after-free in roccat_read() (CVE-2022-41850) - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() - [arm64,armhf] usb: musb: Fix musb_gadget.c rxstate overflow bug - Revert "usb: storage: Add quirk for Samsung Fit flash" - nvme: copy firmware_rev on each init - usb: idmouse: fix an uninit-value in idmouse_open - [arm64,armhf] clk: bcm2835: Make peripheral PLLC critical - net: ieee802154: return -EINVAL for unknown addr type - net/ieee802154: don't warn zero-sized raw_sendmsg() - ext4: continue to expand file system when the target size doesn't reach - md: Replace snprintf with scnprintf - [arm64,armhf] efi: libstub: drop pointless get_memory_map() call - inet: fully convert sk->sk_rx_dst to RCU rules - [x86] thermal: intel_powerclamp: Use first online CPU as control_cpu https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.263 - once: fix section mismatch on clang builds https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.264 - ocfs2: clear dinode links count in case of error - ocfs2: fix BUG when iput after ocfs2_mknod fails - [x86] microcode/AMD: Apply the patch early on every logical thread - [x86] hwmon/coretemp: Handle large core ID value - [armhf] ata: ahci-imx: Fix MODULE_ALIAS - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS - [arm64,armhf] KVM: arm64: vgic: Fix exit condition in scan_its_table() - [arm64] media: venus: dec: Handle the case where find_format fails - [arm64] errata: Remove AES hwcap for COMPAT tasks - r8152: add PID for the Lenovo OneLink+ Dock - btrfs: fix processing of delayed data refs during backref walking - btrfs: fix processing of delayed tree block refs during backref walking - [x86] ACPI: extlog: Handle multiple records - tipc: Fix recognition of trial period - tipc: fix an information leak in tipc_topsrv_kern_subscr - HID: magicmouse: Do not set BTN_MOUSE on double report - net/atm: fix proc_mpc_write incorrect return value - net: sched: cake: fix null pointer access issue when cake_init() fails - [amd64] iommu/vt-d: Clean up si_domain in the init_dmars() error path - [arm64,armhf] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (CVE-2022-20369) - [x86] ACPI: video: Force backlight native for more TongFang devices - [x86] hv_netvsc: Fix race between VF offering and VF association message from host - mm: /proc/pid/smaps_rollup: fix no vma's null-deref - can: kvaser_usb: Fix possible completions during init_completion - [x86] ALSA: Use del_timer_sync() before freeing timer - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM - [arm64,armhf] usb: dwc3: gadget: Stop processing more requests on IMI - [arm64,armhf] usb: dwc3: gadget: Don't set IMI for no_interrupt - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller - [x86] xhci: Remove device endpoints from bandwidth list when freeing the device - [x86] iio: light: tsl2583: Fix module unloading - fbdev: smscufx: Fix several use-after-free bugs - mac802154: Fix LQI recording - [arm64] drm/msm/dsi: fix memory corruption with too many bridges - [arm64] drm/msm/hdmi: fix memory corruption with too many bridges - mmc: core: Fix kernel panic when remove non-standard SDIO card - kernfs: fix use-after-free in __kernfs_remove - perf auxtrace: Fix address filter symbol name match for modules - Xen/gntdev: don't ignore kernel unmapping error - xen/gntdev: Prevent leaking grants - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages - net: ieee802154: fix error return code in dgram_bind() - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() - tipc: fix a null-ptr-deref in tipc_topsrv_accept - [arm64] net: netsec: fix error handling in netsec_register_mdio() - [amd64,arm64] amd-xgbe: fix the SFP compliance codes check for DAC cables - [amd64,arm64] amd-xgbe: add the bit rate quirk for Molex cables - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed - tcp: fix indefinite deferral of RTO with SACK reneging - PM: hibernate: Allow hybrid sleep to work with s2idle - media: vivid: s_fbuf: add more sanity checks - media: vivid: dev->bitmap_cap wasn't freed in all cases - media: v4l2-dv-timings: add sanity checks for blanking values - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' - i40e: Fix ethtool rx-flow-hash setting for X722 - i40e: Fix VF hang when reset is triggered on another VF - i40e: Fix flow-type by setting GL_HASH_INSET registers - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() - PM: domains: Fix handling of unavailable/disabled idle states - openvswitch: switch from WARN to pr_warn https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.265 - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot - nfs4: Fix kmemleak when allocate slot failed - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() - [armhf] net: fec: fix improper use of NETDEV_TX_BUSY - [i386] ata: pata_legacy: fix pdc20230_set_piomode() - net: sched: Fix use after free in red_enqueue() - net: tun: fix bugs for oversize packet when napi frags enabled - [arm64,armhf] ipvs: use explicitly signed chars - ipvs: fix WARNING in __ip_vs_cleanup_batch() - ipvs: fix WARNING in ip_vs_app_net_cleanup() - [x86] rose: Fix NULL pointer dereference in rose_send_frame() - [x86] mISDN: fix possible memory leak in mISDN_register_device() - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() - btrfs: fix ulist leaks in error paths of qgroup self tests - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (CVE-2022-3564) - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640) - net: mdio: fix undefined behavior in bit shift for __mdiobus_register - net, neigh: Fix null-ptr-deref in neigh_table_clear() - ipv6: fix WARNING in ip6_route_net_exit_late() - media: dvb-frontends/drxk: initialize err to 0 - HID: saitek: add madcatz variant of MMO7 mouse device ID - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (CVE-2022-42895) - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' - btrfs: fix type of parameter generation in btrfs_get_dentry - tcp/udp: Make early_demux back namespacified. - kprobe: reverse kp->flags when arm_kprobe failed - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices - efi: random: reduce seed size to 32 bytes - ext4: fix warning in 'ext4_da_release_space' - [x86] KVM: x86: Mask off reserved bits in CPUID.80000008H - [x86] KVM: x86: emulator: em_sysexit should update ctxt->mode - [x86] KVM: x86: emulator: introduce emulator_recalc_and_set_mode - [x86] KVM: x86: emulator: update the emulation mode after CR0 write - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (CVE-2022-3628) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.266 - [amd64] Preparation for mitigating RETbleed: + x86/cpufeature: Add facility to check for min microcode revisions + x86/cpufeature: Fix various quality problems in the header + x86/devicetable: Move x86 specific macro out of generic code + x86/cpu: Add consistent CPU match macros - [amd64] Add mitigation for RETbleed on Intel processors (CVE-2022-29901): + x86/cpufeatures: Move RETPOLINE flags to word 11 + x86/bugs: Report AMD retbleed vulnerability + x86/bugs: Add AMD retbleed= boot parameter + x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value + x86/entry: Remove skip_r11rcx + x86/entry: Add kernel IBRS implementation + x86/bugs: Optimize SPEC_CTRL MSR writes + x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS + x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() + x86/bugs: Report Intel retbleed vulnerability + intel_idle: Disable IBRS during long idle + x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n + x86/speculation: Fix firmware entry SPEC_CTRL handling + x86/speculation: Fix SPEC_CTRL write on SMT state change + x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit + x86/speculation: Remove x86_spec_ctrl_mask + KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS + KVM: VMX: Fix IBRS handling after vmexit + x86/speculation: Fill RSB on vmexit for IBRS + x86/common: Stamp out the stepping madness + x86/cpu/amd: Enumerate BTC_NO + x86/bugs: Add Cannon lake to RETBleed affected CPU list + x86/speculation: Disable RRSBA behavior + x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current + x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.267 - wifi: cfg80211: fix memory leak in query_regdb_file() - [x86] HID: hyperv: fix possible memory leak in mousevsc_probe() - net: gso: fix panic on frag_list with mixed head alloc types - net: tun: Fix memory leaks of napi_get_frags - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK - [x86] hamradio: fix issue of dev reference count leakage in bpq_device_event() - [arm64,armhf] drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network - tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header - [arm64] drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() - ethernet: s2io: disable napi when start nic failed in s2io_card_up() - [armhf] net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() - net: macvlan: fix memory leaks of macvlan_common_newlink - [arm64] efi: Fix handling of misaligned runtime regions and drop warning - [x86] ALSA: hda/ca0132: add quirk for EVGA Z390 DARK - ALSA: usb-audio: Add quirk entry for M-Audio Micro - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 - vmlinux.lds.h: Fix placement of '.data..decrypted' section - nilfs2: fix deadlock in nilfs_count_free_blocks() - nilfs2: fix use-after-free bug of ns_writer on remount - [x86] drm/i915/dmabuf: fix sg_table handling in map_dma_buf - [x86] platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() - net: tun: call napi_schedule_prep() to ensure we own a napi - [x86] cpu: Restore AMD's DE_CFG MSR after resume - NFSv4: Retry LOCK on OLD_STATEID during delegation return - btrfs: remove pointless and double ulist frees in error paths of qgroup tests - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm - ASoC: core: Fix use-after-free in snd_soc_exit() - [armhf] serial: imx: Add missing .thaw_noirq hook - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() - block: sed-opal: kmalloc the cmd/resp buffers - [x86] parport_pc: Avoid FIFO port location truncation - ata: libata-transport: fix double ata_host_put() in ata_tport_add() - [x86] mISDN: fix possible memory leak in mISDN_dsp_element_register() - [x86] mISDN: fix misuse of put_device() in mISDN_register_device() - bnxt_en: Remove debugfs when pci_register_driver failed - [x86] xen/pcpu: fix possible memory leak in register_pcpu() - drbd: use after free in drbd_create_device() - cifs: Fix wrong return value checking when GETFLAGS - [x86] net: thunderbolt: Fix error handling in tbnet_init() - ftrace: Optimize the allocation for mcount entries - ftrace: Fix null pointer dereference in ftrace_add_mod() - ring_buffer: Do not deactivate non-existant pages - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() - speakup: fix a segfault caused by switching consoles - USB: serial: option: add Sierra Wireless EM9191 - USB: serial: option: remove old LARA-R6 PID - USB: serial: option: add u-blox LARA-R6 00B modem - USB: serial: option: add u-blox LARA-L6 modem - USB: serial: option: add Fibocom FM160 0x0111 composition - usb: add NO_LPM quirk for Realforce 87U Keyboard - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() - dm ioctl: fix misbehavior if list_versions races with module loading - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs - mmc: core: properly select voltage range without power cycle - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() - [x86] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() - serial: 8250: Flush DMA Rx on RLSI - macvlan: enforce a consistent minimal mtu - tcp: cdg: allow tcp_cdg_release() to be called multiple times - kcm: avoid potential race in kcm_tx_work (CVE-2022-3521) - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() - 9p: trans_fd/p9_conn_cancel: drop client lock earlier - gfs2: Check sb_bsize_shift after reading superblock - gfs2: Switch from strlcpy to strscpy - 9p/trans_fd: always use O_NONBLOCK read/write - mm: fs: initialize fsdata passed to write_begin/write_end interface https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.268 - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support - audit: fix undefined behavior in bit shift for AUDIT_BIT - wifi: mac80211: Fix ack frame idr leak when mesh has no route - [x86] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) - af_key: Fix send_acquire race with pfkey_register - [armhf] dts: am335x-pcm-953: Define fixed regulators in root node - [armhf] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove - [arm64,armhf] bus: sunxi-rsb: Support atomic transfers - [i386] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() - 9p/fd: fix issue of list_del corruption in p9_fd_cancel() - net/mlx4: Check retval of mlx4_bitmap_init - net/qla3xxx: fix potential memleak in ql3xxx_send() - [x86] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() - net/mlx5: Fix FW tracer timestamp calculation - tipc: set con sock in tipc_conn_alloc - tipc: add an extra conn_get in tipc_conn_alloc - tipc: check skb_linearize() return value in tipc_disc_rcv() - xfrm: Fix ignored return value in xfrm6_init() - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() - dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). - [arm64] net: thunderx: Fix the ACPI memory leak - [arm64] dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails - ceph: do not update snapshot context when there is no new snapshot - ceph: avoid putting the realm twice when decoding snaps fails - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode - [x86] xen/platform-pci: add missing free_irq() in error path - [x86] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() - [x86] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) - [x86] platform/x86: hp-wmi: Ignore Smart Experience App event - tcp: configurable source port perturb table size - net: usb: qmi_wwan: add Telit 0x103a composition - dm integrity: flush the journal on suspend - btrfs: free btrfs_path before copying root refs to userspace - btrfs: free btrfs_path before copying fspath to userspace - btrfs: free btrfs_path before copying subvol info to userspace - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN - drm/amdgpu: always register an MMU notifier for userptr - btrfs: free btrfs_path before copying inodes to userspace - [armhf] spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock - proc: avoid integer type confusion in get_proc_long (CVE-2022-4378) - proc: proc_skip_spaces() shouldn't think it is working on C strings (CVE-2022-4378) - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails - [x86] hwmon: (i5500_temp) fix missing pci_disable_device() - [x86] hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails - of: property: decrement node refcount in of_fwnode_get_reference_args() - net/mlx5: Fix uninitialized variable bug in outlen_write() - qlcnic: fix sleep-in-atomic-context bugs caused by msleep - net: phy: fix null-ptr-deref while probe() failed - net/9p: Fix a potential socket leak in p9_socket_open - net: tun: Fix use-after-free in tun_detach() - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE - [x86] hwmon: (coretemp) Check for null before removing sysfs attrs - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() - error-injection: Add prompt for function error injection - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() - [x86] bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 - [x86] pinctrl: intel: Save and restore pins in "direct IRQ" mode - [arm64] Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors - [arm64] errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 - ASoC: ops: Fix bounds check for _sx controls - [amd64] iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() - tcp/udp: Fix memory leak in ipv6_renew_options(). (CVE-2022-3524) - nvme: restrict management ioctls to admin - [x86] tsx: Add a feature bit for TSX control MSR support - [x86] pm: Add enumeration check before spec MSRs save/restore setup (regression in 4.19.238) - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (CVE-2022-42896) - [x86] ioremap: Fix page aligned size calculation in __ioremap_caller() - mmc: sdhci: use FIELD_GET for preset value bit masks - mmc: sdhci: Fix voltage switch delay - ipc/sem: Fix dangling sem_array access in semtimedop race https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269 - [armhf] dts: rockchip: fix node name for hym8563 rtc - [armhf] dts: rockchip: fix ir-receiver node names - [armhf] dts: rockchip: disable arm_global_timer on rk3066 and rk3188 - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event - ASoC: soc-pcm: Add NULL check in BE reparenting - [armhf] regulator: twl6030: fix get status of twl6032 regulators - fbcon: Use kzalloc() in fbcon_prepare_logo() - 9p/xen: check logical size for buffer size - net: usb: qmi_wwan: add u-blox 0x1342 composition - xen/netback: Ensure protocol headers don't fall in the non-linear area (CVE-2022-3643) - xen/netback: don't call kfree_skb() with interrupts disabled (CVE-2022-42328, CVE-2022-42329) - media: v4l2-dv-timings.c: fix too strict blanking sanity checks - memcg: fix possible use-after-free in memcg_write_event_control() - HID: hid-lg4ff: Add check for empty lbuf - HID: core: fix shift-out-of-bounds in hid_report_raw_event - ieee802154: cc2520: Fix error return code in cc2520_hw_init() - e1000e: Fix TX dispatch condition - igb: Allocate MSI-X vector when testing - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() - Bluetooth: Fix not cleanup led when bt_init fails - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() - xen-netfront: Fix NULL sring after live migration - [arm64,armhf] net: mvneta: Prevent out of bounds read in mvneta_config_rss() - i40e: Fix not setting default xps_cpus after reset - i40e: Fix for VF MAC address 0 - i40e: Disallow ip4 and ip6 l4_4_bytes - nvme initialize core quirks before calling nvme_init_subsystem - [arm64,armhf] net: stmmac: fix "snps,axi-config" node property parsing - [arm64] net: hisilicon: Fix potential use-after-free in hisi_femac_rx() - [arm64] net: hisilicon: Fix potential use-after-free in hix5hd2_rx() - tipc: Fix potential OOB in tipc_link_proto_rcv() - xen/netback: fix build warning - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() - ipv6: avoid use-after-free in ip6_fragment() - [arm64,armhf] net: mvneta: Fix an out of bounds check - can: esd_usb: Allow REC and TEC to return to zero [ Ben Hutchings ] * Bump ABI to 23 * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.9.265-rt117: - Revert "random: Use local locks for crng context access" - random: Bring back the local_locks - local_lock: Provide INIT_LOCAL_LOCK(). - Revert "workqueue: Use local irq lock instead of irq disable regions" - timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers - rcu: Update rcuwait - workqueue: Use rcuwait for wq_manager_wait - timers: Prepare support for PREEMPT_RT - timers: Move clearing of base::timer_running under base:: Lock - timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers * efi: random: Properly limit the size of the random seed * [rt] Revert "percpu: include irqflags.h for raw_local_irq_save()" which now causes an #include loop * [x86] debug: Keep FUNCTION_ERROR_INJECTION enabled -- Ben Hutchings Tue, 20 Dec 2022 23:56:34 +0100 linux (4.19.260-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.250 - vt: drop old FONT ioctls (CVE-2021-33656) - random: schedule mix_interrupt_randomness() less often (regression in 4.19.249) - ALSA: hda/via: Fix missing beep setup - ALSA: hda/conexant: Fix missing beep setup - [x86] ALSA: hda/realtek: Add quirk for Clevo PD70PNT - dm era: commit metadata in postsuspend after worker stops - random: quiet urandom warning ratelimit suppression message - USB: serial: option: add Telit LE910Cx 0x1250 composition - USB: serial: option: add Quectel EM05-G modem - USB: serial: option: add Quectel RM500K module support - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms - erspan: do not assume transport header is always set - [x86] xen: Remove undefined behavior in setup_features() - afs: Fix dynamic root getattr (regression in 4.19.245) - igb: Make DMA faster when CPU is active on the PCIe link - virtio_net: fix xdp_rxq_info bug after suspend/resume - [arm64,armhf] usb: chipidea: udc: check request status before setting device address - [armhf] iio: accel: mma8452: ignore the return value of reset operation - iio: trigger: sysfs: fix use-after-free on remove - [arm64,armhf] iio: adc: axp288: Override TS pin bias current for some models - [armhf] dts: imx6qdl: correct PU regulator ramp delay - modpost: fix section mismatch check for exported init/exit sections - drm: remove drm_fb_helper_modinit - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() - fdt: Update CRC check for rng-seed (regression in 4.19.249) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.251 - [amd64] nvdimm: Fix badblocks clear off-by-one error - dm raid: fix accesses beyond end of raid member array - dm raid: fix KASAN warning in raid5_add_disks - SUNRPC: Fix READ_PLUS crasher - net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318) - net: usb: ax88179_178a: Fix packet receiving (regression in 4.19.231) - virtio-net: fix race between ndo_open() and virtio_device_ready() - net: tun: unlink NAPI from device on destruction - net: tun: stop NAPI when detaching queues - RDMA/qedr: Fix reporting QP timeout attribute - usbnet: fix memory allocation in helpers - net: ipv6: unexport __init-annotated seg6_hmac_net_init() - caif_virtio: fix race between virtio_device_ready() and ndo_open() - netfilter: nft_dynset: restore set element counter when failing to update - net: bonding: fix possible NULL deref in rlb code - net: bonding: fix use-after-free after 802.3ad slave unbind - net: tun: avoid disabling NAPI twice - xen/gntdev: Avoid blocking in unmap_grant_pages() - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails - [armhf] net: dsa: bcm_sf2: force pause link settings - ipv6/sit: fix ipip6_tunnel_get_prl return value - xen/blkfront: fix leaking data in shared pages (CVE-2022-26365) - xen/netfront: fix leaking data in shared pages (CVE-2022-33740) - xen/netfront: force data bouncing when backend is untrusted (CVE-2022-33741) - xen/blkfront: force data bouncing when backend is untrusted (CVE-2022-33742) - [arm64,armhf] xen/arm: Fix race in RB-tree based P2M accounting (CVE-2022-33744) - net: usb: qmi_wwan: add Telit 0x1060 composition - net: usb: qmi_wwan: add Telit 0x1070 composition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.252 - esp: limit skb_page_frag_refill use to a single page - mm/slub: add missing TID updates on slab deactivation - can: bcm: use call_rcu() instead of costly synchronize_rcu() (regression in 4.19.198) - can: gs_usb: gs_usb_open/close(): fix memory leak - usbnet: fix memory leak in error case - net: rose: fix UAF bug caused by rose_t0timer_expiry - [amd64] iommu/vt-d: Fix PCI bus rescan device hot add - fbcon: Disallow setting font bigger than screen size (CVE-2021-33655) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits - xfs: remove incorrect ASSERT in xfs_rename - [armhf] meson: Fix refcount leak in meson_smp_prepare_cpus - [armhf] pinctrl: sunxi: a83t: Fix NAND function name for some pins - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer - misc: rtsx_usb: use separate command and response buffers - misc: rtsx_usb: set return value in rsp_buf alloc err path - ida: don't use BUG_ON() for debugging - [arm64,armhf] dmaengine: pl330: Fix lockdep warning about non-static key - [armhf] dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate - [armhf] dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.253 - [x86] ALSA: hda - Add fixup for Dell Latitidue E5430 - [x86] ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model - [x86] ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue - tracing/histograms: Fix memory leak problem (regression in 4.19.149) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer - [armhf] 9213/1: Print message about disabled Spectre workarounds only once - [armel,armhf] 9214/1: alignment: advance IT state after emulating Thumb instruction - cgroup: Use separate src/dst nodes when preloading css_sets for migration - nilfs2: fix incorrect masking of permission flags for symlinks - [armhf] dts: imx6qdl-ts7970: Fix ngpio typo and count - [armhf] 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle - [arm64,armhf] ASoC: sgtl5000: Fix noise on shutdown/remove - inetpeer: Fix data-races around sysctl. - net: Fix data-races around sysctl_mem. - cipso: Fix data-races around sysctl. - icmp: Fix data-races around sysctl. - [armhf] dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero - icmp: Fix a data-race around sysctl_icmp_ratelimit. - icmp: Fix a data-race around sysctl_icmp_ratemask. - ipv4: Fix data-races around sysctl_ip_dynaddr. - sfc: fix use after free when disabling sriov - seg6: fix skb checksum evaluation in SRH encapsulation/insertion - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() - sfc: fix kernel panic when creating VF - virtio_mmio: Add missing PM calls to freeze/restore - virtio_mmio: Restore guest page size on resume - netfilter: br_netfilter: do not skip all hooks with 0 priority - [x86] platform/x86: hp-wmi: Ignore Sanitization Mode event - net: tipc: fix possible refcount leak in tipc_sk_create() - net: sfp: fix memory leak in sfp_probe() - ASoC: ops: Fix off by one in range control validation - [amd64] Clear .brk area at early boot - signal handling: don't use BUG_ON() for debugging - USB: serial: ftdi_sio: add Belimo device ids - usb: typec: add missing uevent when partner support PD - [arm64,armhf] usb: dwc3: gadget: Fix event pending check - [armhf] tty: serial: samsung_tty: set dma burst_size to 1 - serial: 8250: fix return error code in serial8250_request_std_resource() - [arm*] serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.254 - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (CVE-2022-36879) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. - ip: Fix data-races around sysctl_ip_nonlocal_bind. - ip: Fix a data-race around sysctl_fwmark_reflect. - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. - tcp: Fix data-races around sysctl_tcp_mtu_probing. - tcp: Fix a data-race around sysctl_tcp_probe_threshold. - tcp: Fix a data-race around sysctl_tcp_probe_interval. - [arm64,armhf] net: stmmac: fix dma queue left shift overflow issue - igmp: Fix data-races around sysctl_igmp_llm_reports. - igmp: Fix a data-race around sysctl_igmp_max_memberships. - tcp: Fix data-races around sysctl_tcp_reordering. - tcp: Fix data-races around some timeout sysctl knobs. - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. - tcp: Fix a data-race around sysctl_tcp_tw_reuse. - tcp: Fix data-races around sysctl_tcp_fastopen. - be2net: Fix buffer overflow in be_get_module_eeprom - tcp: Fix a data-race around sysctl_tcp_early_retrans. - tcp: Fix data-races around sysctl_tcp_recovery. - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. - tcp: Fix a data-race around sysctl_tcp_stdurg. - tcp: Fix a data-race around sysctl_tcp_rfc1337. - tcp: Fix data-races around sysctl_tcp_max_reordering. - Revert "Revert "char/random: silence a lockdep splat with printk()"" - mm/mempolicy: fix uninit-value in mpol_rebind_policy() - bpf: Make sure mac_header was set before using it - [armhf] drm/tilcdc: Remove obsolete crtc_mode_valid() hack - [armhf] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator - HID: multitouch: simplify the application retrieval - [x86] HID: multitouch: Lenovo X1 Tablet Gen3 trackpoint and buttons - HID: multitouch: add support for the Smart Tech panel - HID: add ALWAYS_POLL quirk to lenovo pixart mouse - dlm: fix pending remove if msg allocation fails - ALSA: memalloc: Align buffer allocations in page size - Bluetooth: Add bt_skb_sendmsg helper - Bluetooth: Add bt_skb_sendmmsg helper - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg - Bluetooth: Fix passing NULL to PTR_ERR - Bluetooth: SCO: Fix sco_send_frame returning skb->len - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks - [arm64] serial: mvebu-uart: correctly report configured baudrate value - tty: drivers/tty/, stop using tty_schedule_flip() - tty: the rest, stop using tty_schedule_flip() - tty: drop tty_schedule_flip() - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (regression in 4.19.153) (CVE-2022-1462) - net: usb: ax88179_178a needs FLAG_SEND_ZLP - [amd64] PCI: hv: Fix multi-MSI to allow more than one MSI vector - [amd64] PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI - [amd64] PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() - [amd64] PCI: hv: Fix interrupt mapping for multi-MSI https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.255 - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put - tcp: Fix data-races around sysctl_tcp_dsack. - tcp: Fix a data-race around sysctl_tcp_app_win. - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. - tcp: Fix a data-race around sysctl_tcp_frto. - tcp: Fix a data-race around sysctl_tcp_nometrics_save. - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. - net: ping6: Fix memleak in ipv6_renew_options(). - igmp: Fix data-races around sysctl_igmp_qrv. - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. - tcp: Fix a data-race around sysctl_tcp_autocorking. - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. - Documentation: fix sctp_wmem in ip-sysctl.rst - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. - i40e: Fix interface init with MSI interrupts (no MSI-X) - sctp: fix sleep in atomic context bug in timer handlers - netfilter: nf_queue: do not allow packet truncation below transport header offset (CVE-2022-36946) - perf symbol: Correct address for bss symbols - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. - scsi: core: Fix race between handling STS_RESOURCE and completion - [x86] ACPI: video: Force backlight native for some TongFang devices - [x86] ACPI: video: Shortening quirk list by identifying Clevo by board_name only - [x86] speculation: Add RSB VM Exit protections (CVE-2022-26373) - [x86] speculation: Add LFENCE to RSB fill sequence https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.256 - Makefile: link with -z noexecstack --no-warn-rwx-segments - [x86] link vdso and boot with -z noexecstack --no-warn-rwx-segments - ALSA: bcd2000: Fix a UAF bug on the error path of probing - wifi: mac80211_hwsim: fix race condition in pending packet - wifi: mac80211_hwsim: add back erroneously removed cast - wifi: mac80211_hwsim: use 32-bit skb cookie - add barriers to buffer_uptodate and set_buffer_uptodate - HID: wacom: Don't register pad_input for touch switch - [x86] KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 - [x86] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks - [x86] KVM: x86: Set error code to segment selector on LLDT/LTR non- canonical #GP - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model - ALSA: hda/cirrus - support for iMac 12,1 model - tty: vt: initialize unicode screen buffer - vfs: Check the truncate maximum size in inode_newsize_ok() - fs: Add missing umask strip in vfs_tmpfile - thermal: sysfs: Fix cooling_device_stats_setup() error code path - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters - usbnet: Fix linkwatch use-after-free on disconnect - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() - drm/nouveau: fix another off-by-one in nvbios_addr - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (CVE-2021-4159) - fuse: limit nsec - [arm64] serial: mvebu-uart: uart2 error bits clearing - md-raid10: fix KASAN warning - PCI: Add defines for normal and subtractive PCI bridges - USB: HCD: Fix URB giveback issue in tasklet function - netfilter: nf_tables: do not allow SET_ID to refer to another table (CVE-2022-2586) - netfilter: nf_tables: fix null deref due to zeroed list head - [arm64] Do not forget syscall when starting a new thread. - [arm64] fix oops in concurrently setting insn_emulation sysctls - [armhf] dts: imx6ul: add missing properties for sram - [armhf] dts: imx6ul: change operating-points to uint32-matrix - [armhf] dts: imx6ul: fix lcdif node compatible - [armhf] dts: imx6ul: fix qspi node compatible - [x86] ACPI: PM: save NVS memory for Lenovo G40-45 - ACPI: LPSS: Fix missing check in register_device_clock() - [arm64] dts: qcom: ipq8074: fix NAND node name - PM: hibernate: defer device probing when resuming from hibernation - selinux: Add boundary check in put_entry() - [armhf] findbit: fix overflowing offset - [arm*] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init - [arm64] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() - [arm64] dts: qcom: msm8916: Fix typo in pronto remoteproc node - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() - dm: return early from dm_pr_call() if DM device is suspended - ath10k: do not enforce interrupt trigger type - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function - i2c: Fix a potential use after free - media: tw686x: Register the irq at the end of probe - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() - [arm64] drm: bridge: adv7511: Add check for mipi_dsi_driver_register - media: hdpvr: fix error value returns in hdpvr_read - [arm*] drm/vc4: dsi: Correct DSI divider calculations - [arm*] drm/rockchip: vop: Don't crash for invalid duplicate_state() - [arm64] drm/msm/mdp5: Fix global state lock backoff - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() - tcp: make retransmitted SKB fit into the send window - libbpf: Fix the name of a reused map - fs: check FMODE_LSEEK to control internal pipe splicing - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() - wifi: p54: Fix an error handling path in p54spi_probe() - wifi: p54: add missing parentheses in p54_flush() - [i386] can: pch_can: do not report txerr and rxerr during bus-off - can: sja1000: do not report txerr and rxerr during bus-off - [armhf] can: sun4i_can: do not report txerr and rxerr during bus-off - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off - can: usb_8dev: do not report txerr and rxerr during bus-off - [i386] can: pch_can: pch_can_error(): initialize errc before using it - Bluetooth: hci_intel: Add check for platform_driver_register - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` - wifi: libertas: Fix possible refcount leak in if_usb_probe() - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS - [x86] net: rose: fix netdev reference changes - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock - HID: cp2112: prevent a buffer overflow in cp2112_xfer() - [x86] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback - memstick/ms_block: Fix some incorrect memory allocation - memstick/ms_block: Fix a memory leak - scsi: smartpqi: Fix DMA direction for RAID requests - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() - HID: alps: Declare U1_UNICORN_LEGACY support - USB: serial: fix tty-port initialized comments - [i386] platform/olpc: Fix uninitialized data in debugfs write - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region - RDMA/rxe: Fix error unwind in rxe_create_qp() - null_blk: fix ida error handling in null_add_dev() - ext4: recover csum seed of tmp_inode after migrating to extents - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() - profiling: fix shift too large makes kernel panic - tty: n_gsm: fix non flow control frames during mux flow off - tty: n_gsm: fix packet re-transmission without open control channel - tty: n_gsm: fix race condition in gsmld_write() - tty: n_gsm: fix wrong T1 retry count handling - tty: n_gsm: fix DM command - tty: n_gsm: fix missing corner cases in gsmld_poll() - [arm64] rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge - kfifo: fix kfifo_to_user() return type - [arm*] video: fbdev: amba-clcd: Fix refcount leak bugs - [x86] video: fbdev: sis: fix typos in SiS_GetModeID() - kprobes: Forbid probing on trampoline and BPF code areas - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO - [x86] numa: Use cpumask_available instead of hardcoded NULL check - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() - video: fbdev: vt8623fb: Check the size of screen before memset_io() - video: fbdev: arkfb: Check the size of screen before memset_io() - video: fbdev: s3fb: Check the size of screen before memset_io() - [i386] olpc: fix 'logical not is only applied to the left hand side' - ext4: make sure ext4_append() always allocates new block - ext4: fix use-after-free in ext4_xattr_set_entry - ext4: update s_overhead_clusters in the superblock during an on-line resize - ext4: fix extent status tree race in writeback error recovery path - ext4: correct max_inline_xattr_value_size computing - ext4: correct the misjudgment in ext4_iget_extra_inode - [x86] intel_th: pci: Add Raptor Lake-S CPU support - [x86] intel_th: pci: Add Raptor Lake-S PCH support - [x86] intel_th: pci: Add Meteor Lake-P support - dm raid: fix address sanitizer warning in raid_resume - dm raid: fix address sanitizer warning in raid_status - dm writecache: set a default MAX_WRITEBACK_JOBS - ACPI: CPPC: Do not prevent CPPC from working in the future - net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588) - btrfs: reject log replay if there is unsupported RO compat flag - KVM: Add infrastructure and macro to mark VM as bugged - [x86] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (CVE-2022-2153) - [x86] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (CVE-2022-2153) - tcp: fix over estimation in sk_forced_mem_schedule() - scsi: sg: Allow waiting for commands to complete on removed device - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - net/9p: Initialize the iounit field during fid creation - net_sched: cls_route: disallow handle of 0 - ALSA: info: Fix llseek return value when using callback - rds: add missing barrier to release_refill - ata: libata-eh: Add missing command name - btrfs: fix lost error handling when looking up extended ref on log replay - tracing: Have filter accept "common_cpu" to be consistent - can: ems_usb: fix clang's -Wunaligned-access warning - apparmor: fix quiet_denied for file rules - apparmor: fix absroot causing audited secids to begin with = - apparmor: Fix failed mount permission check error message - apparmor: fix aa_label_asxprint return check - apparmor: fix overlapping attachment computation - apparmor: fix reference count leak in aa_pivotroot() - apparmor: Fix memleak in aa_simple_write_to_buffer() - NFSv4: Fix races in the legacy idmapper upcall - NFSv4.1: RECLAIM_COMPLETE must handle EACCES - NFSv4/pnfs: Fix a use-after-free bug in open - SUNRPC: Reinitialise the backchannel request buffers before reuse - [arm64] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool - geneve: do not use RT_TOS for IPv6 flowlabel - vsock: Fix memory leak in vsock_connect() - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() - tools build: Switch to new openssl API for test-libcrypto - xen/xenbus: fix return type in xenbus_file_read() - [x86] atm: idt77252: fix use-after-free bugs caused by tst_timer - netfilter: nf_tables: really skip inactive sets when allocating name - i40e: Fix to stop tx_timeout recovery if GLOBR fails - igb: Add lock to avoid data race - locking/atomic: Make test_and_*_bit() ordered on failure - PCI: Add ACS quirk for Broadcom BCM5750x NICs - [x86] vboxguest: Do not use devm for irq - [arm64] clk: qcom: ipq8074: dont disable gcc_sleep_clk_src - gadgetfs: ep_io - wait until IRQ finishes - drivers:md:fix a potential use-after-free bug - ext4: avoid remove directory when directory is corrupted - ext4: avoid resizing to a partial cluster size - lib/list_debug.c: Detect uninitialized lists - vfio: Clear the caps->buf to NULL after free - ALSA: timer: Use deferred fasync helper - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() - smb3: check xattr value length earlier - [arm64] tee: add overflow check in register_shm_helper() - tracing/probes: Have kprobes and uprobes use $COMM too - btrfs: only write the sectors in the vertical stripe which has data stripes - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.257 - audit: fix potential double free on error path from fsnotify_add_inode_mark - [x86] pinctrl: amd: Don't save/restore interrupt status and wake status bits - sched/deadline: Unthrottle PI boosted threads while enqueuing - sched/deadline: Fix stale throttling on de-/boosted tasks - sched/deadline: Fix priority inheritance with multiple scheduling classes - kernel/sched: Remove dl_boosted flag comment - xfrm: fix refcount leak in __xfrm_policy_check() - af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028) - [x86] rose: check NULL rose_loopback_neigh->loopback - bonding: 802.3ad: fix no transmission of LACPDUs - netfilter: ebtables: reject blobs that don't provide all entry points - netfilter: nft_payload: report ERANGE for too long offset and length - netfilter: nft_payload: do not truncate csum_offset and csum_type - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families - netfilter: nft_tunnel: restrict it to netdev family - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. - net: Fix data-races around netdev_tstamp_prequeue. - ratelimit: Fix data-races in ___ratelimit(). - net: Fix a data-race around sysctl_tstamp_allow_data. - net: Fix a data-race around sysctl_net_busy_poll. - net: Fix a data-race around sysctl_net_busy_read. - net: Fix a data-race around netdev_budget. - net: Fix a data-race around netdev_budget_usecs. - net: Fix a data-race around sysctl_somaxconn. - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter - btrfs: check if root is readonly while setting security xattr - [amd64] unwind/orc: Unwind ftrace trampolines with correct ORC entry - loop: Check for overflow while configuring loop - asm-generic: sections: refactor memory_intersects - mm/hugetlb: fix hugetlb not supporting softdirty tracking - md: call __md_stop_writes in md_stop - [x86] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188) - [arm64] map FDT as RW for early_init_dt_scan() - [x86] bugs: Add "unknown" reporting for MMIO Stale Data - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report - media: pvrusb2: fix memory leak in pvr_probe - HID: hidraw: fix memory leak in hidraw_release() - [x86] fbdev: fb_pm2fb: Avoid potential divide by zero error - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse - drm/amd/display: clear optc underflow before turn off odm clock - neigh: fix possible DoS due to net iface start/stop loop - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y - kprobes: don't call disarm_kprobe() for disabled kprobes - net: neigh: don't call kfree_skb() under spin_lock_irqsave() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.258 - driver core: Don't probe devices after bus_type.match() probe deferral - efi: capsule-loader: Fix use-after-free in efi_capsule_write (CVE-2022-40307) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() - fs: only do a memory barrier for the first set_buffer_uptodate() - net: dp83822: disable false carrier interrupt - [arm64] drm/msm/dsi: fix the inconsistent indenting - [arm64] drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg - [x86] platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask - ieee802154/adf7242: defer destroy_workqueue call - tcp: annotate data-race around challenge_timestamp - net/smc: Remove redundant refcount increase - staging: rtl8712: fix use after free bugs - vt: Clear selection before changing the font - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id - binder: fix UAF of ref->proc caused by race condition - clk: core: Fix runtime PM sequence in clk_core_unprepare() - [armhf] hwmon: (gpio-fan) Fix array out of bounds access - [x86] thunderbolt: Use the actual buffer in tb_async_error() - xhci: Add grace period after xHC start to prevent premature runtime suspend. - USB: serial: cp210x: add Decagon UCA device id - USB: serial: option: add support for OPPO R11 diag port - USB: serial: option: add Quectel EM060K modem - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode - [arm64,armhf] usb: dwc2: fix wrong order of phy_power_on and phy_init - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) - usb-storage: Add ignore-residue quirk for NXP PN7462AU - USB: core: Prevent nested device-reset calls - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected - net: mac802154: Fix a condition in the receive path - ALSA: seq: oss: Fix data-race for max_midi_devs access - ALSA: seq: Fix data-race at module auto-loading - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. - drm/radeon: add a force flush to delay work when radeon - [arm64] cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly - [x86] ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() - ALSA: aloop: Fix random zeros in capture data when using jiffies timer - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() - [amd64,armhf] kprobes: Prohibit probes in gate area - scsi: mpt3sas: Fix use-after-free warning - netfilter: br_netfilter: Drop dst references before setting. - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663) - sch_sfb: Don't assume the skb is still around after enqueueing to child - tipc: fix shift wrapping bug in map_get() - i40e: Fix kernel crash during module removal - ipv6: sr: fix out-of-bounds read when setting HMAC data. - RDMA/mlx5: Set local port to one when accessing counters - tcp: fix early ETIMEDOUT after spurious non-SACK RTO - sch_sfb: Also store skb len before calling child enqueue - [arm64,armhf] usb: dwc3: fix PHY disable sequence - USB: serial: ch341: fix lost character on LCR updates - USB: serial: ch341: fix disabled rx timer on older devices - [arm64] usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup - [i386] nospec: Fix i386 RSB stuffing - SUNRPC: use _bh spinlocking on ->transport_lock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.259 - [arm64] drm/msm/rd: Fix FIFO-full deadlock - tg3: Disable tg3 device on system reboot to avoid triggering AER - ieee802154: cc2520: add rc code in cc2520_tx() - [x86] Input: iforce - add support for Boeder Force Feedback Wheel - [arm64,armhf] perf/arm_pmu_platform: fix tests for platform_get_irq() failure - [x86] platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() - net: dp83822: disable rx error interrupt - tracefs: Only clobber mode/uid/gid on remount if asked https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.260 - of: fdt: fix off-by-one error in unflatten_dt_nodes() - [arm64] drm/meson: Correct OSD1 global alpha value - nvmet: fix a use-after-free - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM - [x86] ASoC: nau8824: Fix semaphore unbalance at error paths - [armhf] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() - rxrpc: Fix local destruction being repeated - ALSA: hda/sigmatel: Keep power up while beep is enabled - net: usb: qmi_wwan: add Quectel RM520N - wifi: mac80211: Fix UAF in ieee80211_scan_rx() - USB: serial: option: add Quectel BG95 0x0203 composition - USB: serial: option: add Quectel RM520N - [arm64,armhf] ALSA: hda/tegra: set depop delay for tegra - [x86] ALSA: hda: add Intel 5 Series / 3400 PCI DID - [x86] ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop - efi: libstub: check Shim mode using MokSBStateRT - mm/slub: fix to return errno if kmalloc() fails - [arm64] dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz - [arm64] dts: rockchip: Remove 'enable-active-low' from rk3399-puma - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663) - iavf: Fix cached head and tail value for iavf_get_tx_pending - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header - net: team: Unsync device addresses on ndo_stop - i40e: Fix VF set max MTU size - i40e: Fix set max_tx_rate when it is lower than 1 Mbps - [arm64] of: mdio: Add of_node_put() when breaking out of for_each_xx - netfilter: ebtables: fix memory leak when blob is malformed - can: gs_usb: gs_can_open(): fix race dev->can.state condition - perf jit: Include program header in ELF files - perf kcore_copy: Do not check /proc/modules is unchanged - [arm64] serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting - [x86] Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region - drm/amd/display: Limit user regamma to a valid value - [arm64] drm/rockchip: Fix return type of cdn_dp_connector_mode_valid - ext4: make directory inode spreading reflect flexbg size [ Ben Hutchings ] * Bump ABI to 22 * [rt] Update to 4.19.255-rt113: - random: Use local locks for crng context access * debian/bin/genpatch-rt: Change argument parsing to use argparse * debian/bin/genpatch-rt: Add option to disable signature verification [ Salvatore Bonaccorso ] * certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux" certificate (Closes: #1018752) -- Ben Hutchings Thu, 29 Sep 2022 02:47:06 +0200 linux (4.19.249-2) buster-security; urgency=medium * swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in 4.19.249) -- Ben Hutchings Thu, 30 Jun 2022 14:52:02 +0200 linux (4.19.249-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.236 - Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" - xfrm: Check if_id in xfrm_migrate - xfrm: Fix xfrm migrate issues when address family changes - [x86] atm: firestream: check the return value of ioremap() in fs_init() - nl80211: Update bss channel on channel switch for P2P_CLIENT - tcp: make tcp_read_sock() more robust - sfc: extend the locking on mcdi->seqno - sched/topology: Make sched_init_numa() use a set for the deduplicating sort - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() - cpuset: Fix unsafe lock order between cpuset lock and cpuslock - mm: fix dereference a null pointer in migrate[_huge]_page_move_mapping() - fs: sysfs_emit: Remove PAGE_SIZE alignment check - [arm64] Preparation for mitigating Spectre-BHB: + Add part number for Arm Cortex-A77 + Add Neoverse-N2, Cortex-A710 CPU part definition + Add Cortex-X2 CPU part definition + entry.S: Add ventry overflow sanity checks - [arm64] Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-23960): + entry: Make the trampoline cleanup optional + entry: Free up another register on kpti's tramp_exit path + entry: Move the trampoline data page before the text page + entry: Allow tramp_alias to access symbols after the 4K boundary + entry: Don't assume tramp_vectors is the start of the vectors + entry: Move trampoline macros out of ifdef'd section + entry: Make the kpti trampoline's kpti sequence optional + entry: Allow the trampoline text to occupy multiple pages + entry: Add non-kpti __bp_harden_el1_vectors for mitigations + entry: Add vectors that have the bhb mitigation sequences + entry: Add macro for reading symbol addresses from the trampoline + Add percpu vectors for EL1 + proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 + KVM: arm64: Add templates for BHB mitigation sequences + Mitigate spectre style branch history side channels + KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated + add ID_AA64ISAR2_EL1 sys register + Use the clearbhb instruction in mitigations - [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled - ocfs2: fix crash when initialize filecheck kobj fails - efi: fix return value of __setup handlers - net/packet: fix slab-out-of-bounds access in packet_recvmsg() - atm: eni: Add check for dma_map_single - [x86] hv_netvsc: Add check for kvmalloc_array - [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() - [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of - usb: gadget: rndis: prevent integer overflow in rndis_set_response() - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver - Input: aiptek - properly check endpoint type - perf symbols: Fix symbol size calculation condition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.237 - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490) - net: ipv6: fix skb_over_panic in __ip6_append_data - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666) - [x86] thermal: int340x: fix memory leak in int3400_notify() - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356) - ALSA: oss: Fix PCM OSS buffer allocation overflow - ALSA: pcm: Add stream lock during PCM reset ioctl operations - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB - ALSA: cmipci: Restore aux vol on suspend/resume - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec - [arm64] drivers: net: xgene: Fix regression in CRC stripping - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016) - [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board - [x86] ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 - [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU - [x86] crypto: qat - disable registration of algorithms - mac80211: fix potential double free on mesh join - llc: only change llc->dev when bind() succeeds https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238 - USB: serial: pl2303: add IBM device IDs - USB: serial: simple: add Nokia phone driver - netdevice: add the case if dev is NULL - xfrm: fix tunnel model fragmentation behavior - virtio_console: break out of buf poll on remove - ethernet: sun: Free the coherent when failing in probing - spi: Fix invalid sgs value - spi: Fix erroneous sgs value with min_t() - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353) - fuse: fix pipe buffer lifetime for direct_io (CVE-2022-1011) - tpm: fix reference counting for struct tpm_chip - block: Add a helper to validate the block size - virtio-blk: Use blk_validate_block_size() to validate block size - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c - xhci: make xhci_handshake timeout for xhci_reset() adjustable - iio: inkern: apply consumer scale on IIO_VAL_INT cases - iio: inkern: apply consumer scale when no channel scale is available - iio: inkern: make a best effort on offset calculation - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594) - Documentation: add link to stable release candidate tree - Documentation: update stable tree link - SUNRPC: avoid race between mod_timer() and del_timer_sync() - NFSD: prevent underflow in nfssvc_decode_writeargs() - NFSD: prevent integer overflow on 32 bit systems - f2fs: fix to unlock page correctly in error path of is_alive() - [armhf] pinctrl: samsung: drop pin banks references on error paths - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390) - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem - jffs2: fix memory leak in jffs2_do_mount_fs - jffs2: fix memory leak in jffs2_scan_medium - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node - mm: invalidate hwpoison page cache page in fault path - mempolicy: mbind_range() set_policy() after vma_merge() - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands - qed: display VF trust config - qed: validate and restrict untrusted VFs vlan promisc mode - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" - [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 - mm,hwpoison: unmap poisoned page before invalidation - drbd: fix potential silent data corruption - [powerpc*] kvm: Fix kvm_use_magic_page - ACPI: properties: Consistently return -ENOENT if there are no more references - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198) - block: don't merge across cgroup boundaries if blkcg is enabled - drm/edid: check basic audio support on CEA extension block - [armhf] dts: exynos: add missing HDMI supplies on SMDK5250 - [armhf] dts: exynos: add missing HDMI supplies on SMDK5420 - carl9170: fix missing bit-wise or operator for tx_params - [x86] thermal: int340x: Increase bitmap size - brcmfmac: firmware: Allocate space for default boardrev in nvram - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio - PCI: pciehp: Clear cmd_busy bit in polling mode - [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings - crypto: authenc - Fix sleep in atomic context in decrypt_tail - [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe - [arm64] spi: pxa2xx-pci: Balance reference count for PCI DMA device - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING - block: don't delete queue kobject before its children - PM: hibernate: fix __setup handler error handling - PM: suspend: fix return value of __setup handler - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() - ACPI: APEI: fix return value of __setup handlers - [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels - [x86] clocksource: acpi_pm: fix return value of __setup handler - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa - perf/core: Fix address filter parser for multiple filters - [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() - media: em28xx: initialize refcount before kref_get - media: usb: go7007: s2250-board: fix leak in probe() - [x86] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() - printk: fix return value of printk.devkmsg __setup handler - [armhf] memory: emif: Add check for setup_interrupts - [armhf] memory: emif: check the pointer temp in get_device_details() - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED - [arm*] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback - [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern - Bluetooth: hci_serdev: call init_rwsem() before p->open() - drm/edid: Don't clear formats if using deep color - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() - ath9k_htc: fix uninit value bugs - [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation - [x86] ray_cs: Check ioremap return value - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports - iwlwifi: Fix -EIO error code that is never returned - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() - scsi: pm8001: Fix abort all task initialization - TOMOYO: fix __setup handlers return values - [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe - [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return - [powerpc*] Makefile: Don't pass -mcpu=powerpc64 when building 32-bit - [x86] KVM: x86: Fix emulation in writing cr8 - [x86] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() - [x86] hv_balloon: rate-limit "Unhandled message" warning - PCI: Reduce warnings on possible RW1C corruption - [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request - vxcan: enable local echo for sent CAN frames - USB: storage: ums-realtek: fix error code in rts51x_read_mem() - af_netlink: Fix shift out of bounds in group mask calculation - tcp: ensure PMTU updates are processed during fastopen - [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff - [x86] serial: 8250_mid: Balance reference count for PCI DMA device - serial: 8250: Fix race condition in RTS-after-send handling - [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock - [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver - NFS: remove unneeded check in decode_devicenotify_args() - [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe - [s390x] tty: hvc: fix return value of __setup handler - jfs: fix divide error in dbNextAG - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options - xen: fix is_xen_pmu() - net: phy: broadcom: Fix brcm_fet_config_init() - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head - selinux: use correct type for context length - loop: use sysfs_emit() in the sysfs xxx show() - Fix incorrect type in assignment of ipv6 port for audit - bfq: fix use-after-free in bfq_dispatch_request - ACPICA: Avoid walking the ACPI Namespace if it is not there - Revert "Revert "block, bfq: honor already-setup queue merges"" - ACPI/APEI: Limit printable size of BERT table data - PM: core: keep irq flags in device_pm_check_callbacks() - [arm64] spi: tegra20: Use of_device_get_match_data() - ext4: don't BUG if someone dirty pages without asking ext4 first - video: fbdev: cirrusfb: check pixclock to avoid divide by zero - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit - ASoC: soc-core: skip zero num_dai component in searching dai name - media: cx88-mpeg: clear interrupt status register before streaming video - media: Revert "media: em28xx: add missing em28xx_close_extension" - media: hdpvr: initialize dev->worker at hdpvr_register_videodev - mmc: host: Return an error when ->enable_sdio_irq() ops is missing - [powerpc*] lib/sstep: Fix 'sthcx' instruction - scsi: qla2xxx: Fix stuck session in gpdb - scsi: qla2xxx: Fix warning for missing error code - scsi: qla2xxx: Check for firmware dump already collected - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() - scsi: qla2xxx: Fix incorrect reporting of task management failure - scsi: qla2xxx: Fix hang due to session stuck - scsi: qla2xxx: Reduce false trigger to login - scsi: qla2xxx: Use correct feature type field during RFF_ID processing - KVM: Prevent module exit until all VMs are freed - [x86] KVM: x86: fix sending PV IPI - ubifs: rename_whiteout: Fix double free for whiteout_ui->data - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() - ubifs: rename_whiteout: correct old_dir size computing - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389) - can: mcba_usb: properly check endpoint type - gfs2: Make sure FITRIM minlen is rounded up to fs block size - pinctrl: pinconf-generic: Print arguments for bias-pull-* - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl - [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data - mm/mmap: return 1 from stack_guard_gap __setup() handler - mm/memcontrol: return 1 from cgroup.memory __setup() handler - mm/usercopy: return 1 from hardened_usercopy __setup() handler - bpf: Fix comment for helper bpf_current_task_under_cgroup() - [x86] ASoC: topology: Allow TLV control to be either read or write - openvswitch: Fixed nd target mask field in the flow dump. - [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (CVE-2022-2153) - ubifs: Rectify space amount budget for mkdir/tmpfile operations - [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs - drm: Add orientation quirk for GPD Win Max - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj - ptp: replace snprintf with sysfs_emit - scsi: mvsas: Replace snprintf() with sysfs_emit() - scsi: bfa: Replace snprintf() with sysfs_emit() - [arm64,armhf] power: supply: axp20x_battery: properly report current when discharging - [powerpc*] Set crashkernel offset to mid of RMA region - [arm64] PCI: aardvark: Fix support for MSI interrupts - [arm64] iommu/arm-smmu-v3: fix event handling soft lockup - usb: ehci: add pci device support for Aspeed platforms - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum - ipv4: Invalidate neighbour for broadcast address upon address addition - dm ioctl: prevent potential spectre v1 gadget - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() - scsi: aha152x: Fix aha152x_setup() __setup handler return value - net/smc: correct settings of RMB window update limit - macvtap: advertise link netns via netlink - bnxt_en: Eliminate unintended link toggle during FW reset - [mips*] fix fortify panic when copying asm exception handlers - scsi: libfc: Fix use after free in fc_exch_abts_resp() - [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm - Bluetooth: Fix use after free in hci_send_acl - init/main.c: return 1 from handled __setup() functions - minix: fix bug when opening a file with O_DIRECT - w1: w1_therm: fixes w1_seq for ds28ea00 sensors - NFSv4: Protect the state recovery thread against direct reclaim - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 - clk: Enforce that disjoints limits are invalid - SUNRPC/call_alloc: async tasks mustn't block waiting for memory - NFS: swap IO handling is slightly different for O_DIRECT IO - NFS: swap-out must always use STABLE writes. - [armhf] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() - virtio_console: eliminate anonymous module_init & module_exit - jfs: prevent NULL deref in diFree - net: add missing SOF_TIMESTAMPING_OPT_ID support - mm: fix race between MADV_FREE reclaim and blkdev direct IO read - [arm64] KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() - [x86] Drivers: hv: vmbus: Fix potential crash on module unload - [arm64,armhf] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms - [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes - net: openvswitch: don't send internal clone attribute to the userspace. - rxrpc: fix a race in rxrpc_exit_net() - qede: confirm skb is allocated before using - drbd: Fix five use after free bugs in get_initial_state - [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) - mm/mempolicy: fix mpol_new leak in shared_policy_replace - [x86] pm: Save the MSR validity status at context setup - [x86] speculation: Restore speculation related MSRs during S3 resume - btrfs: fix qgroup reserve overflow the qgroup limit - [arm64] patch_text: Fixup last cpu should be master - [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator - [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling - mm: don't skip swap entry even if zap_details specified - [arm64] module: remove (NOLOAD) from linker script - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning - cgroup: Use open-time credentials for process migraton perm checks (CVE-2021-4197) - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (CVE-2021-4197) - cgroup: Use open-time cgroup namespace for process migration perm checks (CVE-2021-4197) - xfrm: policy: match with both mark and mask on user interfaces - drm/amdgpu: Check if fd really is an amdgpu fd. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239 - net/sched: flower: fix parsing of ethertype following VLAN header - veth: Ensure eth header is in skb's linear part - gpiolib: acpi: use correct format characters - [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link - sctp: Initialize daddr on peeled off socket - cifs: potential buffer overflow in handling symlinks - drm/amd: Add USBC connector ID - [amd64] drm/amdkfd: Check for potential null return of kmalloc_array() - [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer - scsi: target: tcmu: Fix possible page UAF - [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs - [armhf] gpu: ipu-v3: Fix dev_dbg frequency output - [arm64] alternatives: mark patch_alternative() as `noinstr` - drm/amd/display: Fix allocate_mst_payload assert on resume - scsi: mvsas: Add PCI ID of RocketRaid 2640 - drivers: net: slip: fix NPD bug in sl_tx_timeout() - mm, page_alloc: fix build_zonerefs_node() - ALSA: hda/realtek: Add quirk for Clevo PD50PNT - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" - ipv6: fix panic when forwarding a pkt with no in6 dev - smp: Fix offline cpu check in flush_smp_call_function_queue() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.240 - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead - mm: page_alloc: fix building error on -Werror=array-compare - tracing: Dump stacktrace trigger to the corresponding instance - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388) - dm integrity: fix memory corruption when tag_size is less than digest size - gfs2: assign rgrp glock before compute_bitstructs - ALSA: usb-audio: Clear MIDI port active flag after draining - tcp: fix race condition when creating child sockets from syncookies - tcp: Fix potential use-after-free due to double kfree() - [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap - rxrpc: Restore removed timer deletion - net/packet: fix packet_sock xmit return value checking - net/sched: cls_u32: fix possible leak in u32_init_knode() - netlink: reset network and mac headers in netlink_dump() - [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant - vxlan: fix error return code in vxlan_fdb_append - cifs: Check the IOCB_DIRECT flag, not O_DIRECT - mt76: Fix undefined behavior due to shift overflowing the constant - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant - [arm64] drm/msm/mdp5: check the return of kzalloc() - [arm64] net: macb: Restart tx only if queue pointer is lagging - stat: fix inconsistency between struct stat and struct compat_stat - ata: pata_marvell: Check the 'bmdma_addr' beforing reading - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare - [powerpc*] perf: Fix power9 event alternatives - openvswitch: fix OOB access in reserve_sfa_size() - ASoC: soc-dapm: fix two incorrect uses of list iterator - e1000e: Fix possible overflow in LTR decoding - [arm*] arm_pmu: Validate single/group leader events - ext4: fix symlink file size not match to file content - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole - ext4: fix overhead calculation to account for the reserved gdt blocks - ext4: force overhead calculation if the s_overhead_cluster makes no sense - block/compat_ioctl: fix range check in BLKGETSIZE - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204) - ax25: fix reference count leaks of ax25_dev (CVE-2022-1204) - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1204) - ax25: Fix refcount leaks caused by ax25_cb_del() - ax25: fix UAF bug in ax25_send_control() (CVE-2022-1204) - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199) - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205) - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.241 - floppy: disable FDRAWCMD by default (CVE-2022-33981) - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195) - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195) - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581) - [powerpc*] 64/interrupt: Temporarily save PPR on stack to fix register corruption due to SLB miss - [powerpc*] 64s: Unmerge EX_LR and EX_DAR - [armhf] Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.242 - USB: quirks: add a Realtek card reader - USB: quirks: add STRING quirk for VCOM device - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions - xhci: stop polling roothubs after shutdown - iio: dac: ad5446: Fix read_raw not returning set value - [x86] iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() - usb: misc: fix improper handling of refcount in uss720_probe() - usb: gadget: uvc: Fix crash when encoding data for usb request - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() - [arm64,armhf] usb: dwc3: core: Fix tx/rx threshold settings - [arm64,armhf] usb: dwc3: gadget: Return proper request status - [armhf] serial: imx: fix overrun interrupts in DMA mode - serial: 8250: Also set sticky MCR bits in console restoration - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device - hex2bin: make the function hex_to_bin constant-time - hex2bin: fix access beyond string end - USB: Fix xhci event ring dequeue pointer ERDP update issue - [armhf] phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe - [armhf] phy: samsung: exynos5250-sata: fix missing device put in probe error paths - [armhf] ARM: OMAP2+: Fix refcount leak in omap_gic_of_init - [armhf] dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 - ipvs: correctly print the memory size of ip_vs_conn_tab - tcp: md5: incorrect tcp_header_len for incoming connections - sctp: check asoc strreset_chunk in sctp_generate_reconf_event - [arm64] net: hns3: add validity check for message data length - ip_gre: Make o_seqno start from 0 in native mode - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT - [arm64,armhf] bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() - [arm64,armhf] clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() - bnx2x: fix napi API usage sequence - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() - [amd64] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 - cifs: destage any unwritten data to the server before calling copychunk_write - [x86] drivers: net: hippi: Fix deadlock in rr_close() - [x86] cpu: Load microcode during restore_processor_state() - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 - tty: n_gsm: fix malformed counter for out of frame data - netfilter: nft_socket: only do sk lookups when indev is available - tty: n_gsm: fix insufficient txframe size - tty: n_gsm: fix missing explicit ldisc flush - tty: n_gsm: fix wrong command retry handling - tty: n_gsm: fix wrong command frame length field encoding - tty: n_gsm: fix incorrect UA handling - drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419) - [mips*] Fix CP0 counter erratum detection for R4k CPUs - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' - Revert "SUNRPC: attempt AF_LOCAL connect on setup" - firewire: fix potential uaf in outbound_phy_packet_callback() - firewire: remove check of list iterator against head past the loop body - firewire: core: extend card->lock in fw_core_handle_bus_reset - genirq: Synchronize interrupt thread startup - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975) - hwmon: (adt7470) Fix warning on module removal - [arm*] ASoC: dmaengine: Restore NULL prepare_slave_config() callback - [arm64,armhf] net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() - [arm64,armhf] smsc911x: allow using IRQ0 - btrfs: always log symlinks in full mode - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() - [x86] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU - mm: fix unexpected zeroed page mapping with zram swap - tcp: make sure treq->af_specific is initialized - dm: fix mempool NULL pointer race when completing IO - dm: interlock pending dm_io and dm_wait_for_bios_completion - [arm64] PCI: aardvark: Clear all MSIs at setup - [arm64] PCI: aardvark: Fix reading MSI interrupt number - mmc: rtsx: add 74 Clocks in power on flow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.243 - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - nfp: bpf: silence bitwise vs. logical OR warning - Bluetooth: Fix the creation of hdev->name - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() - VFS: Fix memory leak caused by concurrently mounting fs with subtype https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.244 - batman-adv: Don't skb_split skbuffs with frag_list - hwmon: (tmp401) Add OF device ID table - net: Fix features skip in for_each_netdev_feature() - ipv4: drop dst in multicast routing path - netlink: do not reset transport header in netlink_recvmsg() - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - [s390x] ctcm: fix variable dereferenced before check - [s390x] ctcm: fix potential memory leak - [s390x] lcs: fix variable dereferenced before check - net/sched: act_pedit: really ensure the skb is writable - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - gfs2: Fix filesystem block deallocation for short writes - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - tcp: resalt the secret every 10 seconds (CVE-2022-1012) - usb: cdc-wdm: fix reading stuck on device close - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - [x86] drm/vmwgfx: Initialize drm_mode_fb_cmd2 - ping: fix address binding wrt vrf https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.245 - floppy: use a statically allocated error counter (CVE-2022-1652) - Input: add bounds checking to input_set_capability() - drbd: remove usage of list iterator variable after loop - nilfs2: fix lockdep warnings in page operations for btree nodes - nilfs2: fix lockdep warnings during disk space reclamation - [i386] ALSA: wavefront: Proper check of get_user() error - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729) - Fix double fget() in vhost_net_set_backend() - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold - [arm64] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() - mmc: core: Cleanup BKOPS support - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() - [arm64] net: macb: Increment rx bd head after allocating skb and buffer - net/sched: act_pedit: sanitize shift argument before usage - [x86] net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() - [x86] net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() - net/qla3xxx: Fix a test in ql_reset_work() - net/mlx5e: Properly block LRO when XDP is enabled - [armhf] 9196/1: spectre-bhb: enable for Cortex-A15 - [armel,armhf] 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 - igb: skip phy status check where unavailable - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. - [arm*] gpio: mvebu/pwm: Refuse requests with inverted polarity - scsi: qla2xxx: Fix missed DMA unmap for aborted commands - mac80211: fix rx reordering with non explicit / psmp ack policy - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() - [amd64] net: atlantic: verify hw_head_ lies within TX buffer ring - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854) - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854) - afs: Fix afs_getattr() to refetch file status if callback break occurred https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246 - [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Closes: #1006346) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() - tcp: change source port randomizarion at connect() time - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012) - ACPI: sysfs: Make sparse happy about address space in use - ACPI: sysfs: Fix BERT error region memory mapping - net: af_key: check encryption module availability consistency - [x86] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging - [arm64] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers - assoc_array: Fix BUG_ON during garbage collect - cfg80211: set custom regdomain after wiphy registration - [x86] drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (CVE-2022-0494) - exec: Force single empty string when argv is empty - netfilter: conntrack: re-fetch conntrack after insertion - zsmalloc: fix races between asynchronous zspage free and page migration - dm integrity: fix error code in dm_integrity_ctr() - dm crypt: make printing of the key constant-time - dm stats: add cond_resched when looping over entries - dm verity: set DM_TARGET_IMMUTABLE feature flag - HID: multitouch: Add support for Google Whiskers Touchpad - tpm: Fix buffer access in tpm2_get_tpm_pt() - NFSD: Fix possible sleep during nfsd4_release_lockowner() - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.247 - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS - USB: serial: option: add Quectel BG95 modem - USB: new quirk for Dell Gen 2 devices - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL - btrfs: add "0x" prefix for unsupported optional features - btrfs: repair super block num_devices automatically - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue - b43legacy: Fix assigning negative value to unsigned variable - b43: Fix assigning negative value to unsigned variable - ipw2x00: Fix potential NULL dereference in libipw_xmit() - ipv6: fix locking issues with loops over idev->addr_list - fbcon: Consistently protect deferred_takeover with console_lock() - ACPICA: Avoid cache flush inside virtual machines - ALSA: jack: Access input_dev under mutex - drm/amd/pm: fix double free in si_parse_power_table() - ath9k: fix QCA9561 PA bias level - [arm64] media: venus: hfi: avoid null dereference in deinit - media: pci: cx23885: Fix the error handling in cx23885_initdev() - md/bitmap: don't set sb values if can't pass sanity check - scsi: megaraid: Fix error check return value of register_chrdev() - drm/plane: Move range check for format_count earlier - drm/amd/pm: fix the compile warning - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL - ASoC: dapm: Don't fold register value changes into notifications - ipmi:ssif: Check for NULL msg when handling events and messages - rtlwifi: Use pr_warn instead of WARN_ONCE - media: cec-adap.c: fix is_configuring state - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags - ASoC: rt5645: Fix errorenous cleanup order - net: phy: micrel: Allow probing without .driver_data - rxrpc: Return an error to sendmsg if call failed - [arm64] PM / devfreq: rk3399_dmc: Disable edev on remove() - fs: jfs: fix possible NULL pointer dereference in dbFree() - fat: add ratelimit to fat*_ent_bread() - [armhf] dts: exynos: add atmel,24c128 fallback to Samsung EEPROM - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate - [powerpc*] xics: fix refcount leak in icp_opal_init() - [amd64] RDMA/hfi1: Prevent panic when SDMA is disabled - drm: fix EDID struct for old ARM OABI format - ath9k: fix ar9003_get_eepmisc - drm/edid: fix invalid EDID extension block filtering - [arm64] drm/bridge: adv7511: clean up CEC adapter when probe fails - [x86] delay: Fix the wrong asm constraint in delay_loop() - [arm*] drm/vc4: txp: Don't set TXP_VSTART_AT_EOF - [arm*] drm/vc4: txp: Force alpha to be 0xff if it's disabled - nl80211: show SSID for P2P_GO interfaces - [armhf] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout - NFC: NULL out the dev->rfkill to prevent UAF - efi: Add missing prototype for efi_capsule_setup_info - HID: hid-led: fix maximum brightness for Dream Cheeky - HID: elan: Fix potential double free in elan_input_configured - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix - inotify: show inotify mask flags in proc fdinfo - fsnotify: fix wrong lockdep annotations - scsi: ufs: core: Exclude UECxx from SFR dump list - [x86] pm: Fix false positive kmemleak report in msr_build_context() - [x86] speculation: Add missing prototype for unpriv_ebpf_notify() - [arm64] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume - [arm64] drm/msm/dsi: fix error checks and return values for DSI xmit functions - [arm64] drm/msm/hdmi: check return value after calling platform_get_resource_byname() - [arm64,armhf] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() - [x86] Fix return value of __setup handlers - [x86] mm: Cleanup the control_va_addr_alignment() __setup handler - [arm64] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected - [arm64] drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected - [arm64] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() - media: uvcvideo: Fix missing check to determine if element is found in list - [x86] perf/amd/ibs: Use interrupt regs ip for stack unwinding - [armhf] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt - scripts/faddr2line: Fix overlapping text section failures - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - sctp: read sk->sk_bound_dev_if once in sctp_rcv() - ext4: reject the 'commit' option on ext2 filesystems - [arm64] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() - rxrpc: Fix listen() setting the bar too high for the prealloc rings - rxrpc: Don't try to resend the request if we're receiving the reply - [armel,armhf] dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT - [armel,armhf] dts: bcm2835-rpi-b: Fix GPIO line names - [arm*] crypto: marvell/cesa - ECB does not IV - [arm64] pinctrl: mvebu: Fix irq_of_parse_and_map() return value - drivers/base/node.c: fix compaction sysfs file leak - dax: fix cache flush on PMD-mapped pages - [powerpc*] idle: Fix return value of __setup() handler - proc: fix dentry/inode overinstantiating under /proc/${pid}/net - tty: fix deadlock caused by calling printk() under tty_port->lock - [amd64] RDMA/hfi1: Prevent use of lock before it is initialized - f2fs: fix dereference of stale list iterator after loop body - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout - [arm64,armhf] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup - [amd64] iommu/amd: Increase timeout waiting for GA log enablement - f2fs: fix deadloop in foreground GC - wifi: mac80211: fix use-after-free in chanctx code - iwlwifi: mvm: fix assert 1F04 upon reconfig - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-32250) - ext4: fix use-after-free in ext4_rename_dir_prepare - ext4: fix bug_on in ext4_writepages - ext4: verify dir block before splitting it (CVE-2022-1184) - ext4: avoid cycles in directory h-tree (CVE-2022-1184) - tracing: Fix potential double free in create_var_ref() - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 - [arm64] PCI: qcom: Fix runtime PM imbalance on probe errors - [arm64] PCI: qcom: Fix unbalanced PHY init on probe errors - dlm: fix plock invalid read - dlm: fix missing lkb refcount handling - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock - scsi: dc395x: Fix a missing check on list iterator - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. - drm/nouveau/clk: Fix an incorrect NULL check on list iterator - [arm64,armhf] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX - md: fix an incorrect NULL check in does_sb_need_changing - md: fix an incorrect NULL check in md_reload_sb - [amd64] RDMA/hfi1: Fix potential integer multiplication overflow errors - [armhf] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx - hugetlb: fix huge_pmd_unshare address update - rtl818x: Prevent using not initialized queues - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control - carl9170: tx: fix an incorrect use of list iterator - [x86] gma500: fix an incorrect NULL check on list iterator - [arm64] phy: qcom-qmp: fix struct clk leak on probe errors - blk-iolatency: Fix inflight count imbalances and IO hangs on offline - [arm64] phy: qcom-qmp: fix reset-controller leak on probe errors - RDMA/rxe: Generate a completion for unsupported/invalid opcode - md: bcache: check the return value of kzalloc() in detached_dev_do_request() - usb: usbip: fix a refcount leak in stub_probe() - usb: usbip: add missing device lock on tweak configuration cmd - USB: storage: karma: fix rio_karma_init return - [armhf] usb: musb: Fix missing of_node_put() in omap2430_probe - [arm64] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking - [arm64,armhf] soc: rockchip: Fix refcount leak in rockchip_grf_init - [arm64,armhf] serial: meson: acquire port->lock in startup() - [x86] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle - [armhf] bus: ti-sysc: Fix warnings for unbind for serial - [s390x] crypto: fix scatterwalk_unmap() callers in AES-GCM - [arm64,armhf] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register - jffs2: fix memory leak in jffs2_do_fill_super - ubi: ubi_create_volume: Fix use-after-free when volume creation failed - nfp: only report pause frame configuration for physical device - net/mlx5e: Update netdev features after changing XDP state - tcp: tcp_rtx_synack() can be called from process context - afs: Fix infinite loop found by xfstest generic/676 - tipc: check attribute length for bearer name - [mips*] cpc: Fix refcount leak in mips_cpc_default_phys_base - tracing: Fix sleeping function called from invalid context on RT kernel - tracing: Avoid adding tracer option before update_tracer_options - NFSv4: Don't hold the layoutget locks across multiple RPC calls - xprtrdma: treat all calls not a bcall when bc_serv is NULL - [mips*/octeon] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). - [arm64] bpf, arm64: Clear prog->jited_len along prog->jited - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() - net: mdio: unexport __init-annotated mdio_bus_init() - net: xfrm: unexport __init-annotated xfrm4_protocol_init() - net: ipv6: unexport __init-annotated seg6_hmac_init() - net/mlx5: Rearm the FW tracer after each tracer event - ip_gre: test csum_start instead of transport header - [x86] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() - [x86] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() - [x86] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() - [mips*] USB: host: isp116x: check return value after calling platform_get_resource() - USB: hcd-pci: Fully suspend across freeze/thaw cycle - [arm*] usb: dwc2: gadget: don't reset gadget's driver->bus - misc: rtsx: set NULL intfdata when probe fails - extcon: Modify extcon device to be created after driver data is set - [arm*] clocksource/drivers/sp804: Avoid error on multiple instances - staging: rtl8712: fix uninit-value in r871xu_drv_init() - [arm64] serial: msm_serial: disable interrupts in __msm_console_write() - kernfs: Separate kernfs_pr_cont_buf and rename_lock. - md: protect md_unregister_thread from reentrancy - ceph: allow ceph.dir.rctime xattr to be updatable - drm/radeon: fix a possible null pointer dereference - nbd: call genl_unregister_family() first in nbd_cleanup() - nbd: fix race between nbd_alloc_config() and module removal - nbd: fix io hung while disconnecting device - nodemask: Fix return values to be unsigned - [amd64] vringh: Fix loop descriptors check in the indirect cases - ALSA: hda/conexant - Fix loopback issue with CX20632 - cifs: return errors during session setup during reconnects - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files - mmc: block: Fix CQE recovery reset success - ixgbe: fix bcast packets Rx on VF after promisc removal - ixgbe: fix unexpected VLAN Rx in promisc mode on VF - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag - [powerpc*] 32: Fix overread/overwrite of thread_struct via ptrace (CVE-2022-32981) - md/raid0: Ignore RAID0 layout if the second zone has only one device - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.248 - [x86] cpu: Add Elkhart Lake to Intel family - cpu/speculation: Add prototype for cpu_show_srbds() - [x86] cpu: Add Jasper Lake to Intel family - [x86] cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family - [x86] cpu: Add another Alder Lake CPU to the Intel family - [x86] Mitigate Processor MMIO Stale Data vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166): + Documentation: Add documentation for Processor MMIO Stale Data + x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug + x86/speculation: Add a common function for MD_CLEAR mitigation update + x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data + x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations + x86/speculation/mmio: Enable CPU Fill buffer clearing on idle + x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data + x86/speculation/srbds: Update SRBDS mitigation selection + x86/speculation/mmio: Reuse SRBDS mitigation for SBDS + KVM: x86/speculation: Disable Fill buffer clear within guests + x86/speculation/mmio: Print SMT warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.249 - 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" - crypto: blake2s - generic C library implementation and selftest - lib/crypto: blake2s: move hmac construction into wireguard - lib/crypto: sha1: re-roll loops to reduce code size - random: Backport from 5.19, fixing several weaknesses and peformance issues, including: + fdt: add support for rng-seed + random: add GRND_INSECURE to return best-effort non-cryptographic bytes + random: ignore GRND_RANDOM in getentropy(2) + random: make /dev/random be almost like /dev/urandom + random: use BLAKE2s instead of SHA1 in extraction + random: avoid superfluous call to RDRAND in CRNG extraction + random: continually use hwgenerator randomness + random: use computational hash for entropy extraction + random: use RDSEED instead of RDRAND in entropy extraction + random: do not xor RDRAND when writing into /dev/random + random: absorb fast pool into input pool after fast load + random: use hash function for crng_slow_load() + random: zero buffer after reading entropy from userspace + random: defer fast pool mixing to worker + random: do crng pre-init loading in worker rather than irq + random: don't let 644 read-only sysctls be written to + random: use SipHash as interrupt entropy accumulator + random: reseed more often immediately after booting + random: check for signal and try earlier when generating entropy + random: treat bootloader trust toggle the same way as cpu trust toggle + random: do not allow user to keep crng key around on stack + random: check for signal_pending() outside of need_resched() check + random: check for signals every PAGE_SIZE chunk of /dev/[u]random + init: call time_init() before rand_initialize() + [ppc64el,s390x] define get_cycles macro for arch-override + timekeeping: Add raw clock fallback for random_get_entropy() + [armel,armhf,mips*] use fallback for random_get_entropy() instead of just c0 random + [x86] tsc: Use fallback for random_get_entropy() instead of zero + random: do not use batches when !crng_ready() + random: do not pretend to handle premature next security model + random: do not use input pool from hard IRQs + random: avoid initializing twice in credit race + random: wire up fops->splice_{read,write}_iter() + random: credit cpu and bootloader seeds by default - crypto: drbg - add FIPS 140-2 CTRNG for noise source - crypto: drbg - always seeded with SP800-90B compliant noise source - crypto: drbg - prepare for more fine-grained tracking of seeding state - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() - crypto: drbg - always try to free Jitter RNG instance - crypto: drbg - make reseeding from get_random_bytes() synchronous - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() - [armhf] ASoC: es8328: Fix event generation for deemphasis control - [x86] scsi: vmw_pvscsi: Expand vcpuHint to 16 bits - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology - scsi: ipr: Fix missing/incorrect resource cleanup in error case - scsi: pmcraid: Fix missing resource cleanup in error case - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE - i40e: Fix adding ADQ filter to TC0 - i40e: Fix call trace in setup_tx_descriptors - [arm64] ftrace: fix branch range checks - [arm64,armhf] irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions - [x86] comedi: vmk80xx: fix expression for tx buffer size - USB: serial: option: add support for Cinterion MV31 with new baseline - USB: serial: io_ti: add Agilent E5805A support - [arm*] usb: dwc2: Fix memory leak in dwc2_hcd_init - serial: 8250: Store to lsr_save_flags after lsr read - ext4: fix bug_on ext4_mb_use_inode_pa - ext4: make variable "count" signed - ext4: add reserved GDT blocks check - virtio-pci: Remove wrong address verification in vp_del_vqs() - net: openvswitch: fix misuse of the cached connection on tuple changes - net: openvswitch: fix leak of nested actions - [s390x] mm: use non-quiescing sske for KVM switch to keyed guest - usb: gadget: u_ether: fix regression in setting fixed MAC address (regression in 4.19.223) - xprtrdma: fix incorrect header size calculations - tcp: Improve source port randomisation (CVE-2022-1012, CVE-2022-32296): + tcp: add some entropy in __inet_hash_connect() + tcp: use different parts of the port_offset for index and offset + tcp: add small random increments to the source port + tcp: dynamically allocate the perturb table used by source ports + tcp: increase source port perturb table to 2^16 + tcp: drop the hash_32() part from the index calculation [ Salvatore Bonaccorso ] * Bump ABI to 21 * [rt] Update to 4.19.237-rt107 * Refresh "powerpc: Fix -mcpu= options for SPE-only compiler" * [rt] Refresh "buffer_head: Replace bh_uptodate_lock for -rt" * [rt] Update to 4.19.240-rt108 * [rt] Update to 4.19.245-rt109 * [rt] Update to 4.19.246-rt110: - genirq: Add lost hunk to irq_forced_thread_fn(). (regression in 4.19.184-rt75) [ Ben Hutchings ] * [rt] Drop "random: Make it work on rt", since the upstream version is now RT-aware * random: Enable RANDOM_TRUST_BOOTLOADER. This can be reverted using the kernel parameter: random.trust_bootloader=off * [armhf] Enable KERNEL_MODE_NEON (Closes: #922204) * [armel,armhf] crypto: Enable optimised implementations (see #922204): - Enable ARM_CRYPTO - Enable CRYPTO_SHA1_ARM, CRYPTO_SHA256_ARM, CRYPTO_SHA512_ARM, CRYPTO_AES_ARM as modules - [armhf] Enable SHA1_ARM_NEON, CRYPTO_SHA1_ARM_CE, CRYPTO_SHA2_ARM_CE, CRYPTO_AES_ARM_BS, CRYPTO_AES_ARM_CE, CRYPTO_GHASH_ARM_CE, CRYPTO_CRCT10DIF_ARM_CE, CRYPTO_CRC32_ARM_CE, CRYPTO_CHACHA20_NEON as modules [ Diederik de Haas ] * net_sched: let qdisc_put() accept NULL pointer (Closes: #1013299) -- Ben Hutchings Wed, 29 Jun 2022 21:24:38 +0200 linux (4.19.235-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) -- Salvatore Bonaccorso Thu, 17 Mar 2022 20:48:39 +0100 linux (4.19.232-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT -- Salvatore Bonaccorso Mon, 07 Mar 2022 22:13:16 +0100 linux (4.19.208-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter -- Salvatore Bonaccorso Wed, 29 Sep 2021 20:53:57 +0200 linux (4.19.194-3) buster-security; urgency=high * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) -- Salvatore Bonaccorso Sun, 18 Jul 2021 08:52:00 +0200 linux (4.19.194-2) buster; urgency=medium * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) -- Salvatore Bonaccorso Mon, 21 Jun 2021 10:46:20 +0200 linux (4.19.194-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 - [arm64] KVM: nvhe: Save the SPE context early - [armhf] net: dsa: b53: Support setting learning on port https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 - ALSA: hda: generic: Fix the micmute led init state - Revert "PM: runtime: Update device status before letting suppliers suspend" - vmlinux.lds.h: Create section for protection against instrumentation - btrfs: fix race when cloning extent buffer during rewind of an old root (CVE-2021-28964) - btrfs: fix slab cache flags for free space tree bitmap - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode - nvmet: don't check iosqes,iocqes for discovery controllers - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. - svcrdma: disable timeouts on rdma backchannel - sunrpc: fix refcount leak for rpc auth modules - scsi: lpfc: Fix some error codes in debugfs - nvme-rdma: fix possible hang when failing to set io queues - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure - usb-storage: Add quirk to defeat Kindle's automatic unload - usbip: Fix incorrect double assignment to udc->ud.tcp_rx - USB: replace hardcode maximum usb string length by definition - usb: gadget: configfs: Fix KASAN use-after-free - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel - iio: hid-sensor-prox: Fix scale not correct issue - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store functions (CVE-2021-28972) - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971) - [x86] ioapic: Ignore IRQ2 again - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() - [x86] Move TS_COMPAT back to asm/thread_info.h - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() - ext4: find old entry again if failed to rename whiteout - ext4: do not try to set xattr into ea_inode if value is empty - ext4: fix potential error in ext4_do_update_inode - genirq: Disable interrupts for force threaded handlers - [x86] apic/of: Fix CPU devicetree-node lookups - cifs: Fix preauth hash corruption https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled - [powerpc*] 4xx: Fix build errors from mfdcr() - atm: eni: dont release is never initialized - atm: lanai: dont run lanai_dev_close if not open - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" - ixgbe: Fix memleak in ixgbe_configure_clsu32 - net: tehuti: fix error return code in bdx_probe() - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) - gpiolib: acpi: Add missing IRQF_ONESHOT - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default - NFS: Correct size calculation for create reply length - [arm64] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() - [x86] atm: uPD98402: fix incorrect allocation - atm: idt77252: fix null-ptr-dereference - u64_stats,lockdep: Fix u64_stats_init() vs lockdep - nfs: we don't support removing system.nfs4_acl - block: Suppress uevent for hidden device when removed - [arm64] netsec: restore phy power state after controller reset - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events - squashfs: fix inode lookup sanity checks - squashfs: fix xattr id and id lookup sanity checks - dm ioctl: fix out of bounds array access when no devices (CVE-2021-31916) - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD - veth: Store queue_mapping independently of XDP prog presence - libbpf: Fix INSTALL flag order - macvlan: macvlan_count_rx() needs to be aware of preemption - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port - e1000e: add rtnl_lock() to e1000_reset_task - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template - netfilter: ctnetlink: fix dump of the expect mask attribute - can: peak_usb: add forgotten supported devices - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate - mac80211: fix rate mask reset - net: cdc-phonet: fix data-interface release on probe failure - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind - net/mlx5e: Fix error path for ethtool set-priv-flag - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) - Revert "netfilter: x_tables: Update remaining dereference to RCU" - ACPI: scan: Rearrange memory allocation in acpi_device_add() - ACPI: scan: Use unique number for instance_no - dm verity: add root hash pkcs#7 signature verification - scsi: qedi: Fix error return code of qedi_alloc_global_queues() - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() - locking/mutex: Fix non debug version of mutex_lock_io_nested() - can: dev: Move device back to init netns on owning netns delete - net: sched: validate stab values - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) - mac80211: fix double free in ibss_leave - ext4: add reclaim checks to xattr code - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" - xen-blkback: don't leak persistent grants from xen_blkbk_map() (CVE-2021-28688) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 - selinux: vsock: Set SID for socket returned by accept() - tcp: relookup sock for RST+ACK packets handled by obsolete req sock - ipv6: weaken the v4mapped source check - ext4: fix bh ref count on error paths - rpc: fix NULL dereference on kmalloc failure - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table - vhost: Fix vhost_vq_reset() - scsi: st: Fix a use after free in st_open() - scsi: qla2xxx: Fix broken #endif placement - [x86] staging: comedi: cb_pcidas: fix request_irq() warn - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn - thermal/core: Add NULL pointer check before using cooling device stats - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling - ext4: do not iput inode under running transaction in ext4_rename() - brcmfmac: clear EAP/association status bits on linkdown events - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open - appletalk: Fix skb allocation size in loopback case - [x86] net: wan/lmc: unregister device when no matching device is found - bpf: Remove MTU check in __bpf_skb_max_len - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook - PM: runtime: Fix race getting/putting suppliers at probe - PM: runtime: Fix ordering in pm_runtime_get_suppliers() - tracing: Fix stack trace event size - mm: fix race by making init_zero_pfn() early_initcall - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() - drm/amdgpu: check alignment on CPU page for bo map - reiserfs: update reiserfs_xattrs_initialized() condition - [arm64,armhf] pinctrl: rockchip: fix restore error in resume - extcon: Add stubs for extcon_register_notifier_all() functions - extcon: Fix error handling in extcon_dev_register - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 - cdc-acm: fix BREAK rx code path adding necessary calls - USB: cdc-acm: untangle a circular dependency between callback and softint - USB: cdc-acm: downgrade message to debug - USB: cdc-acm: fix double free on probe failure - USB: cdc-acm: fix use-after-free after probe failure - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. - [x86] staging: rtl8192e: Fix incorrect source in memcpy() - staging: rtl8192e: Change state information from u16 to u8 - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 - mISDN: fix crash in fritzpci - mac80211: choose first enabled channel for monitor - [arm64] drm/msm: Ratelimit invalid-fence message - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() - cifs: revalidate mapping when we open files for SMB1 POSIX - cifs: Silently ignore unknown oplock break handle - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 (CVE-2021-29154) - [i386] bpf, x86: Validate computation of branch displacements for x86-32 (CVE-2021-29154) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 - ALSA: aloop: Fix initialization of controls - [x86] ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - net: hso: fix null-ptr-deref during tty device unregistration - net: ensure mac header is set in virtio_net_hdr_to_skb() - net: sched: sch_teql: fix null-pointer dereference - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - i2c: turn recovery error on init to debug - virtio_net: Add XDP meta data support - xfrm: interface: fix ipv4 pmtu check to honor ip header df - net: xfrm: Localize sequence counter per network namespace - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - sch_red: fix off-by-one checks in red_check_params() - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - [s390x] cpcmd: fix inline assembly register clobbering - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit - net: sched: bump refcount for new action in ACT replace mode - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." (Closes: #988352) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 - [arm64] KVM: Hide system instruction access to Trace registers - [arm64] KVM: Disable guest access to trace filter controls - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz - block: only update parent bi_status when bio fail - net: phy: broadcom: Only advertise EEE for supported modes - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) - netfilter: x_tables: fix compat match/target pad out-of-bound write - driver core: Fix locking bug in deferred_probe_timeout_work_func() - xen/events: fix setting irq affinity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 - net/sctp: fix race condition in sctp_destroy_sock - gpio: sysfs: Obey valid_mask - neighbour: Disregard DEAD dst in neigh_update - [arm64] drm/msm: Fix a5xx/a6xx timestamps - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - readdir: make sure to verify directory entry for legacy interfaces too - [arm64] fix inline asm in load_unaligned_zeropad() - [arm64] alternatives: Move length validation in alternative_{insn, endif} - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: conntrack: do not print icmpv6 as unknown via /proc - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - i40e: fix the panic when running bpf in xdpdrv mode - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions - net: phy: marvell: fix detection of PHY on Topaz switches - gup: document and work around "COW can break either way" issue (CVE-2020-29374) - [x86] pinctrl: lewisburg: Update number of pins in community - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - net: geneve: check skb is large enough for IPv4/IPv6 header - [s390x] entry: save the caller of psw_idle - xen-netback: Check for hotplug-status existence before watching - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - net: usb: ax88179_178a: initialize local variables before use - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - [mips*] Do not include hi and lo in clobber list for R6 - bpf: Fix masking negation logic upon negative dst register (CVE-2021-31829) - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet - USB: Add reset-resume quirk for WD19's Realtek Hub - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation - ovl: allow upperdir inside lowerdir https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 - [s390x] disassembler: increase ebpf disasm buffer size - ftrace: Handle commands when closing set_ftrace_filter file - ecryptfs: fix kernel panic with null dev_name - [armhf] spi: spi-ti-qspi: Free DMA resources - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers - mmc: block: Update ext_csd.cache_ctrl if it was written - mmc: block: Issue a cache flush only when it's enabled - mmc: core: Do a power cycle when the CMD11 fails - mmc: core: Set read only for SD cards with permanent write protect bit - cifs: Return correct error code from smb2_get_enc_key - btrfs: fix metadata extent leak after failure to create subvolume - [x86] intel_th: pci: Add Rocket Lake CPU support - fbdev: zero-fill colormap in fbcmap.c - staging: wimax/i2400m: fix byte-order issue - crypto: api - check for ERR pointers in crypto_destroy_tfm() - usb: gadget: uvc: add bInterval checking for HS mode - [x86] genirq/matrix: Prevent allocation counter corruption - usb: gadget: f_uac1: validate input parameters - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset - usb: xhci: Fix port minor revision - PCI: PM: Do not read power state in pci_enable_device_flags() - [arm64] tee: optee: do not check memref size on return from Secure World - [arm*] perf/arm_pmu_platform: Fix error handling - xhci: check control context is valid before dereferencing it. - xhci: fix potential array out of bounds with several interrupters - [x86] intel_th: Consistency and off-by-one fix - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe - scsi: lpfc: Fix pt2pt connection does not recover after LOGO - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() - [x86] media: ite-cir: check for receive overflow - power: supply: bq27xxx: fix power_avg for newer ICs - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs - media: gspca/sq905.c: fix uninitialized variable - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() - scsi: qla2xxx: Fix use after free in bsg - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() - media: em28xx: fix memory leak - media: vivid: update EDID - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return - media: dvb-usb: fix memory leak in dvb_usb_adapter_init - media: gscpa/stv06xx: fix memory leak - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal - drm/amdgpu: fix NULL pointer dereference - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic - scsi: libfc: Fix a format specifier - [s390x] archrandom: add parameter check for s390_arch_random_generate - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer - ALSA: hda/conexant: Re-order CX5066 quirk table entries - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build - ALSA: usb-audio: Explicitly set up the clock selector - ALSA: usb-audio: More constifications - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx - btrfs: fix race when picking most recent mod log operation for an old root - [arm64] vdso: Discard .note.gnu.property sections in vDSO - ubifs: Only check replay with inode type to judge if inode linked - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) - openvswitch: fix stack OOB read while fragmenting IPv4 packets - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure - NFS: Don't discard pNFS layout segments that are marked for return - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() - jffs2: Fix kasan slab-out-of-bounds problem - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. - [x86] intel_th: pci: Add Alder Lake-M support - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual device - md/raid1: properly indicate failure when ending a failed write request - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences - security: commoncap: fix -Wstringop-overread warning - jffs2: check the validity of dstlen in jffs2_zlib_compress() - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") - posix-timers: Preserve return value in clock_adjtime32() - [arm64] vdso: remove commas between macro name and arguments - ext4: fix check to prevent false positive report of incorrect used inodes - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() - ext4: fix error code in ext4_commit_super - media: dvbdev: Fix memory leak in dvb_media_device_free() - usb: gadget: Fix double free of device descriptor pointers - usb: gadget/function/f_fs string table fix for multiple languages - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check - [arm*] usb: dwc2: Fix session request interrupt handler - tty: fix memory leak in vc_deallocate - tracing: Map all PIDs to command lines - tracing: Restructure trace_clock_global() to never block - dm space map common: fix division bug in sm_ll_find_free_block() - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails - modules: mark ref_module static - modules: mark find_symbol static - modules: mark each_symbol_section static - modules: unexport __module_text_address - modules: unexport __module_address - modules: rename the licence field in struct symsearch to license - modules: return licensing information from find_symbol - modules: inherit TAINT_PROPRIETARY_MODULE - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) - bluetooth: eliminate the potential race condition when removing the HCI controller (CVE-2021-32399) - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR - misc: lis3lv02d: Fix false-positive WARN on various HP models - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload - md/bitmap: wait for external bitmap writes to complete during tear down - md-cluster: fix use-after-free issue when removing rdev - md: split mddev_find - md: factor out a mddev_find_locked helper from mddev_find - md: md_open returns -EBUSY when entering racing area - md: Fix missing unused status line of /proc/mdstat - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() - cfg80211: scan: drop entry from hidden_list on overflow - drm/radeon: fix copy of uninitialized variable back to userspace - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported - [s390x] KVM: split kvm_s390_logical_to_effective - [s390x] KVM: fix guarded storage control register handling - [s390x] KVM: split kvm_s390_real_to_abs - ovl: fix missing revert_creds() on error path - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 - regmap: set debugfs_name to NULL after it is freed - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() - [x86] microcode: Check for offline CPUs before requesting new microcode - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() - [x86] usb: gadget: pch_udc: Check if driver is present before calling ->setup() - [x86] usb: gadget: pch_udc: Check for DMA mapping error - [x86] crypto: qat - don't release uninitialized resources - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init - mtd: require write permissions for locking and badblock ioctls - [arm64] bus: qcom: Put child node before return - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling - [x86] staging: rtl8192u: Fix potential infinite loop - spi: Fix use-after-free with devm_spi_alloc_* - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute - [x86] crypto: qat - Fix a double free in adf_create_ring - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency - USB: cdc-acm: fix unprivileged TIOCCSERIAL - tty: actually undefine superseded ASYNC flags - tty: fix return value for unsupported ioctls - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. - [arm*] usb: dwc2: Fix hibernation between host and device modes. - ttyprintk: Add TTY hangup callback. - media: vivid: fix assignment of dev->fbuf_out_flags - media: m88rs6000t: avoid potential out-of-bounds reads on arrays - [x86] kprobes: Fix to check non boostable prefixes correctly - sata_mv: add IRQ checks - ata: libahci_platform: fix IRQ check - nvme: retrigger ANA log update if group descriptor isn't found - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch - sched/debug: Fix cgroup_path[] serialization - drivers/block/null_blk/main: Fix a double free in null_init. - HID: plantronics: Workaround for double volume key presses - [powerpc*] prom: Mark identical_pvr_fixup as __init - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect - bug: Remove redundant condition check in report_bug - nfc: pn533: prevent potential memory corruption - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls - [powerpc*] 64s: Fix pte update for kernel memory on radix - [powerpc*] perf: Fix PMU constraint check for EBB events - mac80211: bail out if cipher schemes are invalid - mt7601u: fix always true expression - [amd64] IB/hfi1: Fix error return code in parse_platform_config() - [arm64] net: thunderx: Fix unintentional sign extension issue - RDMA/srpt: Fix error return code in srpt_cm_req_recv() - [mips*] pci-legacy: stop using of_pci_range_to_resource - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal - rtlwifi: 8821ae: upgrade PHY and RF parameters - mwl8k: Fix a double Free in mwl8k_probe_hw - [x86] vsock/vmci: log once the failed queue pair allocation - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error channel - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req - mm/sparse: add the missing sparse_buffer_fini() in error branch - mm/memory-failure: unnecessary amount of unmapping - net: Only allow init netns to set default tcp cong to a restricted algo - smp: Fix smp_call_function_single_async prototype - Revert "net/sctp: fix race condition in sctp_destroy_sock" - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) - Revert "of/fdt: Make sure no-map does not remove already reserved regions" - Revert "fdt: Properly handle "no-map" field in the memory region" - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() - fs: dlm: fix debugfs dump - tipc: convert dest node's address to network order - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - [arm64] net: stmmac: Set FIFO sizes for ipq806x - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - i2c: Add I2C_AQ_NO_REP_START adapter quirk - mac80211: clear the beacon's CRC after channel switch - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos - cuse: prevent clone - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - [powerpc*] smp: Set numa node before updating mask - [x86] ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - [powerpc*] pseries: Stop calling printk in rtas_stop_self() - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - [powerpc*] iommu: Annotate nested lock for lockdep - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - PCI: Release OF node in pci_scan_device()'s error path - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - [arm64] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - rtc: ds1307: Fix wday settings for rx8130 - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - ksm: fix potential missing rmap_item for stable_node - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - sched/fair: Fix unfairness caused by missing load decay - [amd64] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: Fix use-after-free in i40e_client_subtask() - [powerpc*] 64s: Fix crashes when toggling stf barrier - [powerpc*] 64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path - blk-mq: Swap two calls in blk_mq_exit_queue() - [armhf] usb: dwc3: omap: improve extcon initialization - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - [arm*] usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer in ep queue - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - [x86] iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - [x86] KVM: Cancel pvclock_gtod_work on module removal - thermal/core/fair share: Lock the thermal zone while looping over instances - kobject_uevent: remove warning in init_uevent_argv() - netfilter: conntrack: Make global sysctls readonly in non-init netns - nvme: do not try to reconfigure APST when the controller is not live - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes - usb: sl811-hcd: improve misleading indentation - cxgb4: Fix the -Wmisleading-indentation warning - isdn: capi: fix mismatched prototypes - [arm64] PCI: thunder: Fix compile testing - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls - ceph: fix fscache invalidation - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP - block: reexpand iov_iter after read/write - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels - iomap: fix sub-page uptodate handling - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it - tweewide: Fix most Shebang lines - scripts: switch explicitly to Python 3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 - RDMA/rxe: Clear all QP fields if creation failed - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() - RDMA/mlx5: Recover from fatal event in dual port mode - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly - nvmet: seset ns->file when open fails - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal - cifs: fix memory leak in smb2_copychunk_range - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency - ALSA: line6: Fix racy initialization of LINE6 MIDI - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 - ALSA: usb-audio: Validate MS endpoint descriptors - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro - [i386] Revert "ALSA: sb8: add a check for request_region" - ALSA: hda/realtek: reset eapd coeff to default value for alc287 - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" - [x86] xen-pciback: reconfigure also from backend watch handler - dm snapshot: fix crash with transient storage and zero chunk size - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" - [armhf] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" - Revert "ecryptfs: replace BUG_ON with error handling code" - Revert "rtlwifi: fix a potential NULL pointer dereference" - Revert "qlcnic: Avoid potential NULL pointer dereference" - Revert "niu: fix missing checks of niu_pci_eeprom_read" - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init - net: rtlwifi: properly check for alloc_workqueue() failure - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup code - qlcnic: Add null check after calling netdev_alloc_skb - [x86] video: hgafb: fix potential NULL pointer dereference - vgacon: Record video mode changes with VT_RESIZEX - vt: Fix character height handling with VT_RESIZEX - tty: vt: always invoke vc->vc_sw->con_resize callback - [x86] video: hgafb: correctly handle card detect failure during probe - Bluetooth: SMP: Fail if remote and local public keys are identical (CVE-2020-26558, CVE-2021-0129) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 - mm, vmstat: drop zone->lock in /proc/pagetypeinfo - [arm64,armhf] usb: dwc3: gadget: Enable suspend events - NFC: nci: fix memory leak in nci_allocate_device - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() - proc: Check /proc/$pid/attr/ writes against file opener - net: hso: fix control-request directions - mac80211: assure all fragments are encrypted (CVE-2020-26147) - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - ath10k: Validate first subframe of A-MSDU before processing the list - dm snapshot: properly fix a crash when an origin has no snapshots - misc/uss720: fix memory leak in uss720_probe - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue - [x86] mei: request autosuspend after sending rx flow control - USB: trancevibrator: fix control-request direction - USB: usbfs: Don't WARN about excessively large memory allocations - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' - USB: serial: ti_usb_3410_5052: add startech.com device id - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 - USB: serial: ftdi_sio: add IDs for IDS GmbH Products - USB: serial: pl2303: add device id for ADLINK ND-6530 GC - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG - net: usb: fix memory leak in smsc75xx_bind - bpf: extend is_branch_taken to registers - bpf: Test_verifier, bpf_get_stack return value add <0 - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) - bpf: Ensure off_reg has no mixed signed bounds for all types (CVE-2021-29155) - bpf: Rework ptr_limit into alu_limit and add common error path (CVE-2021-29155) - bpf: Improve verifier error messages for users (CVE-2021-29155) - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) - bpf: Update selftests to reflect new error states - bpf: Fix leakage of uninitialized bpf stack under speculation (CVE-2021-31829) - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates - [armhf] spi: gpio: Don't leak SPI master in probe error path - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails - NFS: fix an incorrect limit in filelayout_decode_layout() - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - [arm64] drm/meson: fix shutdown crash when component not probed - net/mlx4: Fix EEPROM dump support - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" - tipc: skb_linearize the head skb when reassembling msgs - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message after write - [x86] i2c: i801: Don't generate an interrupt on bus reset - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume - [x86] net: fujitsu: fix potential null-ptr-deref - [x86] char: hpet: add checks after calling ioremap - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call - libertas: register sysfs groups properly - media: dvb: Add check on sp8870_readreg return - media: gspca: properly check for errors in po1030_probe() - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic - btrfs: do not BUG_ON in link_to_fixup_dir - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported list - SMB3: incorrect file id in requests compounded with open - drm/amd/amdgpu: fix refcount leak - drm/amdgpu: Fix a use-after-free - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count - [armhf] net: fec: fix the potential memory leak in fec_enet_init() - [arm64] net: mdio: thunder: Fix a double free issue in the .remove function - [mips*] net: mdio: octeon: Fix some double free issues - openvswitch: meter: fix race when getting now_ms. - net: bnx2: Fix error return code in bnx2_init_board() - mld: fix panic in mld_newpack() - bpf: Set mac_len in bpf_skb_change_head - ixgbe: fix large MTU request from VF - scsi: libsas: Use _safe() loop in sas_resume_port() - ipv6: record frag_max_size in atomic fragments in input path - sch_dsmark: fix a NULL deref in qdisc_reset() - hugetlbfs: hugetlb_fault_mutex_hash() cleanup - drivers/net/ethernet: clean up unused assignments - [arm64] net: hns3: check the return of skb_checksum_help() - usb: core: reduce power-on-good delay time of root hub https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) - ALSA: usb: update old-style static const declaration - nl80211: validate key indexes for cfg80211_registered_device - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() - vfio/pci: Fix error return code in vfio_ecap_init() - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service - HID: pidff: fix error return code in hid_pidff_init() - [arm64,x86] HID: i2c-hid: fix format string mismatch - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches - ieee802154: fix error return code in ieee802154_add_iface() - ieee802154: fix error return code in ieee802154_llsec_getparams() - ixgbevf: add correct exception tracing for XDP - tipc: add extack messages for bearer/media failure - tipc: fix unique bearer names sanity check - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) - HID: multitouch: require Finger field to mark Win8 reports as MT - ALSA: timer: Fix master timer notification - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed - [arm*] usb: dwc2: Fix build in periphal-only mode - pid: take a reference when initializing `cad_pid` - ocfs2: fix data corruption by fallocate - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-3587) - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing - btrfs: mark ordered extent and inode with error if we fail to finish - btrfs: fix error handling in btrfs_del_csums - btrfs: return errors from btrfs_del_csums in cleanup_ref_head - btrfs: fixup error handling in fixup_inode_link_counts - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY - bpf: Add BPF_F_ANY_ALIGNMENT. - bnxt_en: Remove the setting of dev_port. - perf/cgroups: Don't rotate events for cgroups unnecessarily - perf/core: Fix corner case in perf_rotate_context() - btrfs: fix unmountable seed device after fstrim - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode - [arm64] KVM: Fix debug register indexing - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of module-level code flag - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() - sched/fair: Optimize select_idle_cpu - [x86] xen-pciback: redo VF placement in the virtual topology [ Salvatore Bonaccorso ] * [rt] Update to 4.19.182-rt74 * [rt] Add new signing key for Clark Williams * [rt] Update to 4.19.184-rt75 * Bump ABI to 17 * [rt] Refresh "workqueue: Use normal rcu" * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" * [rt] Refresh "workqueue: rework" * [rt] Update to 4.19.188-rt77 * [rt] Update to 4.19.190-rt79 * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" * [rt] Update to 4.19.193-rt81 * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" -- Salvatore Bonaccorso Thu, 10 Jun 2021 20:49:34 +0200 linux (4.19.181-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.178 - HID: make arrays usage and value to be the same - USB: quirks: sort quirk entries - usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable - block: add helper for checking if queue is registered - block: split .sysfs_lock into two locks - block: fix race between switching elevator and removing queues - block: don't release queue's sysfs lock during switching elevator - NET: usb: qmi_wwan: Adding support for Cinterion MV31 - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath. - jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations - locking/static_key: Fix false positive warnings on concurrent dec/inc - vmlinux.lds.h: add DWARF v5 sections - [arm64] PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 - bfq: Avoid false bfq queue merging - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode - [mips*] vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section - random: fix the RNDRESEEDCRNG ioctl - [arm64] Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function - Bluetooth: Fix initializing response id after clearing struct - [armhf] dts: exynos: correct PMIC interrupt trigger level on Spring - [armhf] dts: exynos: correct PMIC interrupt trigger level on Arndale Octa - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args - [arm64] dts: allwinner: A64: properly connect USB PHY to port 0 - [arm64] dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz - ACPICA: Fix exception code class checks - usb: gadget: u_audio: Free requests only after callback - Bluetooth: drop HCI device reference before return - Bluetooth: Put HCI device if inquiry procedure interrupts - [arm*] usb: dwc2: Do not update data length if it is 0 on inbound transfers - [arm*] usb: dwc2: Abort transaction after errors with unknown reason - [arm*] usb: dwc2: Make "trimming xfer length" a debug message - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules - [armhf] dts: armada388-helios4: assign pinctrl to LEDs - [armhf] dts: armada388-helios4: assign pinctrl to each fan - bpf_lru_list: Read double-checked variable once without lock - bnxt_en: reverse order of TX disable and carrier off - xen/netback: fix spurious event detection for common event case - mac80211: fix potential overflow when multiplying to u32 integers - bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx - tcp: fix SO_RCVLOWAT related hangs under mem pressure - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case - [amd64,arm64] net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout - [amd64,arm64] net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning - [amd64,arm64] net: amd-xgbe: Reset link when the link never comes back - [amd64,arm64] net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP - [arm64,armhf] net: mvneta: Remove per-cpu queue mapping for Armada 3700 - [x86] drm/gma500: Fix error return code in psb_driver_load() - [x86] gma500: clean up error handling in init - [armhf] crypto: sun4i-ss - fix kmap usage - [mips*] c-r4k: Fix section mismatch for loongson2_sc_init - media: em28xx: Fix use-after-free in em28xx_alloc_urbs - media: media/pci: Fix memleak in empress_init - [x86] media: tm6000: Fix memleak in tm6000_start_stream - media: lmedm04: Fix misuse of comma - media: qm1d1c0042: fix error return code in qm1d1c0042_init() - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values - f2fs: fix to avoid inconsistent quota data - drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() - [x86] Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() - btrfs: clarify error returns values in __load_free_space_cache - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() - fs/jfs: fix potential integer overflow on shift of a int - jffs2: fix use after free in jffs2_sum_write_data() - capabilities: Don't allow writing ambiguous v3 file capabilities - [arm64,armhf] clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL - quota: Fix memory leak when handling corrupted quota file - [arm64] clk: sunxi-ng: h6: Fix CEC clock - HID: core: detect and skip invalid inputs to snto32() - fdt: Properly handle "no-map" field in the memory region - of/fdt: Make sure no-map does not remove already reserved regions - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation - [arm64] clk: sunxi-ng: h6: Fix clock divider range on some clocks - [arm64,armhf] regulator: axp20x: Fix reference cout leak - certs: Fix blacklist flag type confusion - [armhf] regulator: s5m8767: Drop regulators OF node reference - isofs: release buffer head before return - IB/umad: Return EIO in case of when device disassociated - IB/umad: Return EPOLLERR in case of when device disassociated - [ppc64el] KVM: Make the VMX instruction emulation routines static - [armel,armhf] 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores - [arm*] amba: Fix resource leak for drivers without .remove - tracepoint: Do not fail unregistering a probe due to memory failure - perf tools: Fix DSO filtering when not finding a map for a sampled address - RDMA/rxe: Fix coding error in rxe_recv.c - RDMA/rxe: Correct skb on loopback path - [powerpc*] pseries/dlpar: handle ibm, configure-connector delay status - [amd64] spi: pxa2xx: Fix the controller numbering for Wildcat Point - Input: sur40 - fix an error code in sur40_probe() - perf intel-pt: Fix missing CYC processing in PSB - Input: elo - fix an error code in elo_connect() - [arm64,armhf] pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() - [x86] VMCI: Use set_page_dirty_lock() when unregistering guest memory - PCI: Align checking of syscall user config accessors - [arm64] drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) - ext4: fix potential htree index checksum corruption - i40e: Fix flow for IPv6 next header (extension header) - i40e: Add zero-initialization of AQ command structures - i40e: Fix overwriting flow control settings during driver loading - i40e: Fix VFs not created - i40e: Fix add TC filter for IPv6 - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() - vxlan: move debug check after netdev unregister - ocfs2: fix a use after free on error - mm/memory.c: fix potential pte_unmap_unlock pte error - mm/hugetlb: fix potential double free in hugetlb_register_node() error path - r8169: fix jumbo packet handling on RTL8168e - [arm64] Add missing ISB after invalidating TLB in __primary_switch - mm/rmap: fix potential pte_unmap on an not mapped pte - blk-settings: align max_sectors on "logical_block_size" boundary - ACPI: property: Fix fwnode string properties matching - HID: wacom: Ignore attempts to overwrite the touch_max value from HID - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S - Input: joydev - prevent potential read overflow in ioctl - USB: serial: option: update interface mapping for ZTE P685M - [arm64,armhf] usb: musb: Fix runtime PM race in musb_queue_resume_work - [arm64,armhf] usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 - [arm64,armhf] usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt - USB: serial: ftdi_sio: fix FTX sub-integer prescaler - USB: serial: mos7840: fix error code in mos7840_write() - USB: serial: mos7720: fix error code in mos7720_write() - ALSA: hda/realtek: modify EAPD in the ALC886 - tpm_tis: Fix check_locality for correct locality acquisition - tpm_tis: Clean up locality release - KEYS: trusted: Fix migratable=1 failing - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root - btrfs: fix reloc root leak with 0 ref reloc roots on recovery - btrfs: fix extent buffer leak on failure to copy root - [arm64] crypto: arm64/sha - add missing module aliases - [armhf] crypto: sun4i-ss - checking sg length is not sufficient - [armhf] crypto: sun4i-ss - handle BigEndian for cipher - seccomp: Add missing return in non-void function - misc: rtsx: init of rts522a add OCP power off when no card is present - [x86] drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table - [x86] reboot: Force all cpus to exit VMX root if VMX is supported - floppy: reintroduce O_NDELAY fix - [arm64] uprobe: Return EOPNOTSUPP for AARCH32 instruction probing - [x86] watchdog: mei_wdt: request stop on unregister - [arm64] mtd: spi-nor: hisi-sfc: Put child node np on error path - fs/affs: release old buffer head on error path - seq_file: document how per-entry resources are managed. - [x86] fix seq_file iteration for pat/memtype.c - hugetlb: fix copy_huge_page_from_user contig page struct assumption - libnvdimm/dimm: Avoid race between probe and available_slots_show() - [arm64] Extend workaround for erratum 1024718 to all versions of Cortex-A55 - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols - [armhf] mmc: sdhci-esdhc-imx: fix kernel panic when remove module - [armhf] gpio: pcf857x: Fix missing first interrupt - printk: fix deadlock when kernel panic - [x86] cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available - f2fs: fix out-of-repair __setattr_copy() - gfs2: Don't skip dlm unlock if glock has an lvb - dm: fix deadlock when swapping to encrypted device - dm era: Recover committed writeset after crash - dm era: Verify the data block size hasn't changed - dm era: Fix bitset memory leaks - dm era: Use correct value size in equality function of writeset tree - dm era: Reinitialize bitset cache before digesting a new writeset - dm era: only resize metadata in preresume - icmp: introduce helper for nat'd source address in network device context - icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n - gtp: use icmp_ndo_send helper - xfrm: interface: use icmp_ndo_send helper - ipv6: icmp6: avoid indirect call for icmpv6_send() - ipv6: silence compilation warning for non-IPV6 builds - net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending - dm era: Update in-core bitset after committing the metadata https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.179 - net: usb: qmi_wwan: support ZTE P685M modem - hugetlb: fix update_and_free_page contig page struct assumption - drm/virtio: use kvmalloc for large allocations - [s390x] virtio/s390: implement virtio-ccw revision 2 correctly - [arm64] module: set plt* section addresses to 0x0 - [arm64] Avoid redundant type conversions in xchg() and cmpxchg() - [arm64] cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint - [arm64] Use correct ll/sc atomic constraints - JFS: more checks for invalid superblock - udlfb: Fix memory leak in dlfb_usb_probe - media: mceusb: sanity check for prescaler value - xfs: Fix assert failure in xfs_setattr_size() - net: fix up truesize of cloned skb in skb_prepare_for_shift() - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing - net: bridge: use switchdev for port flags set through sysfs too - dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/ - rsi: Fix TX EAPOL packet handling against iwlwifi AP - rsi: Move card interrupt handling to RX thread - [x86] reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk - vt/consolemap: do font sum unsigned - [arm64,armhf] wlcore: Fix command execute failure 19 for wl12xx - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() - ath10k: fix wmi mgmt tx queue full due to race condition - [x86] build: Treat R_386_PLT32 relocation as R_386_PC32 - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data - crypto: tcrypt - avoid signed overflow in byte count - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse - media: uvcvideo: Allow entities with no pads - f2fs: handle unallocated section and zone on pinned/atgc - f2fs: fix to set/clear I_LINKABLE under i_lock - btrfs: fix error handling in commit_fs_roots - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet - scsi: iscsi: Restrict sessions and handles to admin capabilities (CVE-2021-27363, CVE-2021-27364) - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (CVE-2021-27365) - scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365) - Xen/gnttab: handle p2m update errors on a per-slot basis (CVE-2021-28038) - xen-netback: respect gnttab_map_refs()'s return value (CVE-2021-28038) - zsmalloc: account the number of compacted pages correctly - swap: fix swapfile read/write offset - media: v4l: ioctl: Fix memory leak in video_usercopy - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.180 - btrfs: raid56: simplify tracking of Q stripe presence - btrfs: fix raid6 qstripe kmap - btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl - btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata - btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors - PM: runtime: Update device status before letting suppliers suspend - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie - usbip: tools: fix build error for multiple definition - Revert "zram: close udev startup race condition as default groups" - block: genhd: add 'groups' argument to device_add_disk - nvme: register ns_id attributes as default sysfs groups - aoe: register default groups with device_add_disk() - zram: register default groups with device_add_disk() - virtio-blk: modernize sysfs attribute creation - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits - rsxx: Return -EFAULT if copy_to_user() fails - r8169: fix resuming from suspend on RTL8105e if machine runs on battery - [arm64,armhf] net: dsa: add GRO support via gro_cells - dm table: fix iterate_devices based device capability checks - dm table: fix DAX iterate_devices based device capability checks - dm table: fix zoned iterate_devices based device capability checks - [amd64] iommu/amd: Fix sleeping in atomic in increase_address_space() - mwifiex: pcie: skip cancel_work_sync() on reset failure path - [x86] platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines - [x86] platform/x86: acer-wmi: Cleanup accelerometer device handling - [x86] platform/x86: acer-wmi: Add new force_caps module parameter - [x86] platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag - [x86] platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices - [x86] platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter - media: cx23885: add more quirks for reset DMA on some AMD IOMMU - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom - [arm64] drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.181 - uapi: nfnetlink_cthelper.h: fix userspace compilation error - ethernet: alx: fix order of calls on resume (Closes: #983595) - ath9k: fix transmitting to stations in dynamic SMPS mode - net: Fix gro aggregation for udp encaps with zero csum - net: Introduce parse_protocol header_ops callback - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership - [armhf] can: flexcan: assert FRZ bit in flexcan_chip_freeze() - [armhf] can: flexcan: enable RX FIFO after FRZ/HALT valid - netfilter: x_tables: gpf inside xt_find_revision() - mt76: dma: do not report truncated frames to mac80211 - tcp: annotate tp->copied_seq lockless reads - tcp: annotate tp->write_seq lockless reads - tcp: add sanity tests to TCP_QUEUE_SEQ - cifs: return proper error code in statfs(2) - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names - Revert "mm, slub: consider rest of partial list if acquire_slab() fails" - net: check if protocol extracted by virtio_net_hdr_set_proto is correct - net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 - net/mlx4_en: update moderation when config reset - [arm64,armhf] net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 - net: sched: avoid duplicates in classes dump - net: usb: qmi_wwan: allow qmimux add/del with master up - [arm64,armhf] net: stmmac: stop each tx channel independently - [arm64,armhf] net: stmmac: fix watchdog timeout during suspend/resume stress test - drm/compat: Clear bounce structures - [arm64] drm: meson_drv add shutdown function - media: usbtv: Fix deadlock on suspend - net: phy: fix save wrong speed and duplex problem if autoneg is on - udf: fix silent AED tagLocation corruption - [powerpc*] pci: Add ppc_md.discover_phbs() - [powerpc*] improve handling of unrecoverable system reset - [powerpc*] perf: Record counter overflow always if SAMPLE_IP is unset - [arm64] PCI: xgene-msi: Fix race in installing chained irq handler - PCI: Fix pci_register_io_range() memory leak - i40e: Fix memory leak in i40e_probe - [s390x] smp: __smp_rescan_cpus() - move cpumask away from stack - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling - scsi: target: core: Add cmd length set before cmd complete - scsi: target: core: Prevent underflow for service actions - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk - ALSA: hda/hdmi: Cancel pending works before suspend - ALSA: hda: Drop the BATCH workaround for AMD controllers - ALSA: hda: Avoid spurious unsol event handling during S3/S4 - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar - ALSA: usb-audio: Apply the control quirk to Plantronics headsets - Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") - [s390x] dasd: fix hanging DASD driver unbind - [s390x] dasd: fix hanging IO request during DASD driver unbind - mmc: core: Fix partition switch time for eMMC - mmc: cqhci: Fix random crash when remove mmc module/card - Goodix Fingerprint device is not a modem - USB: gadget: u_ether: Fix a configfs return code - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot - usb: gadget: f_uac1: stop playback on function disable - [arm64] usb: dwc3: qcom: Honor wakeup enabled/disabled state - USB: usblp: fix a hang in poll() if disconnected - xhci: Improve detection of device initiated wake signal. - usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing - USB: serial: io_edgeport: fix memory leak in edge_startup - USB: serial: ch341: add new Product ID - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter - USB: serial: cp210x: add some more GE USB IDs - usbip: fix stub_dev to check for stream socket - usbip: fix vhci_hcd to check for stream socket - usbip: fix vudc to check for stream socket - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf - usbip: fix vhci_hcd attach_store() races leading to gpf - usbip: fix vudc usbip_sockfd_store races leading to gpf - [x86] staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (CVE-2021-28660) - staging: rtl8712: unterminated string leads to read overflow - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd - [x86] staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan - [x86] staging: comedi: addi_apci_1032: Fix endian problem for COS sample - [x86] staging: comedi: addi_apci_1500: Fix endian problem for command sample - [x86] staging: comedi: adv_pci1710: Fix endian problem for AI command data - [i386] staging: comedi: das6402: Fix endian problem for AI command data - [i386] staging: comedi: das800: Fix endian problem for AI command data - [i386] staging: comedi: dmm32at: Fix endian problem for AI command data - [x86] staging: comedi: me4000: Fix endian problem for AI command data - [i386] staging: comedi: pcl711: Fix endian problem for AI command data - [i386] staging: comedi: pcl818: Fix endian problem for AI command data - NFSv4.2: fix return value of _nfs4_get_security_label() - block: rsxx: fix error return code of rsxx_pci_probe() - configfs: fix a use-after-free in __configfs_open_file - hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() - stop_machine: mark helpers __always_inline - include/linux/sched/mm.h: use rcu_dereference in in_vfork() - [powerpc*] 64s: Fix instruction encoding for lis in ppc_function_entry() - binfmt_misc: fix possible deadlock in bm_register_write - [amd64] x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2 - hwmon: (lm90) Fix max6658 sporadic wrong temperature reading - [arm64] KVM: Fix exclusive limit for IPA size - xen/events: reset affinity of 2-level event when tearing it down - xen/events: don't unmask an event channel when an eoi is pending - xen/events: avoid handling the same event on two cpus at the same time [ Salvatore Bonaccorso ] * Bump ABI to 16 * ext4: check journal inode extents more carefully (CVE-2021-3428) * bpf: Prohibit alu ops for pointer types not defining ptr_limit (CVE-2020-27170) * bpf: Fix off-by-one for area size in creating mask to left (CVE-2020-27171) * bpf: Simplify alu_limit masking for pointer arithmetic * bpf: Add sanity check for upper ptr_limit -- Salvatore Bonaccorso Fri, 19 Mar 2021 15:29:57 +0100 linux (4.19.177-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.172 - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions - dm integrity: conditionally disable "recalculate" feature - writeback: Drop I_DIRTY_TIME_EXPIRE - fs: fix lazytime expiration handling in __writeback_single_inode() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.173 - nbd: freeze the queue while we're adding connections (CVE-2021-3348) - ACPI: sysfs: Prefer "compatible" modalias - kernel: kexec: remove the lock operation of system_transition_mutex - xen/privcmd: allow fetching resource sizes - ALSA: hda/via: Apply the workaround generically for Clevo machines - media: rc: ensure that uevent can be read directly after rc device register - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family - PM: hibernate: flush swap writer after marking - [x86] KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] - [x86] KVM: get smi pending status correctly - leds: trigger: fix potential deadlock with libata - mt7601u: fix kernel crash unplugging the device - mt7601u: fix rx buffer refcounting - xen-blkfront: allow discard-* nodes to be optional - [armhf] imx: build suspend-imx6.S with arm instruction set - netfilter: nft_dynset: add timeout extension to template - xfrm: Fix oops in xfrm_replay_advance_bmp - xfrm: fix disable_xfrm sysctl when used on xfrm interfaces - RDMA/cxgb4: Fix the reported max_recv_sge value - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() - iwlwifi: pcie: use jiffies for memory read spin time limit - iwlwifi: pcie: reschedule in long-running memory reads - mac80211: pause TX while changing interface type - net/mlx5: Fix memory leak on flow table creation error flow - can: dev: prevent potential information leak in can_fill_info() - [amd64] iommu/vt-d: Gracefully handle DMAR units with no supported address widths - [amd64] iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built - rxrpc: Fix memory leak in rxrpc_lookup_local - NFC: fix resource leak when target index is invalid - NFC: fix possible resource leak - team: protect features update by RCU to avoid deadlock - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.174 - [armhf] net: dsa: bcm_sf2: put device node before return - ACPI: thermal: Do not call acpi_thermal_check() directly - sysctl: handle overflow in proc_get_long - net_sched: gen_estimator: support large ewma log - [x86] platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 - [x86] __always_inline __{rd,wr}msr() - scsi: scsi_transport_srp: Don't block target in failfast state - scsi: libfc: Avoid invoking response handler twice if ep is already completed - mac80211: fix fast-rx encryption check - [ppc64el] scsi: ibmvfc: Set default timeout to avoid crash during migration - objtool: Don't fail on missing symbol table - kthread: Extract KTHREAD_IS_PER_CPU - workqueue: Restrict affinity change to rescuer https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.175 - USB: serial: cp210x: add pid/vid for WSDA-200-USB - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 - USB: serial: option: Adding support for Cinterion MV31 - Input: i8042 - unbreak Pegatron C15B - rxrpc: Fix deadlock around release of dst cached on udp tunnel - net: lapb: Copy the skb before sending a packet - [arm64,armhf] net: mvpp2: TCAM entry enable should be written after SRAM data - memblock: do not start bottom-up allocations with kernel_end - USB: gadget: legacy: fix an error code in eth_bind() - USB: usblp: don't call usb_set_interface if there's a single alt - [arm*] usb: dwc2: Fix endpoint direction check in ep_from_windex - [arm64,armhf] usb: dwc3: fix clock issue during resume in OTG mode - ovl: fix dentry leak in ovl_get_redirect - mac80211: fix station rate table updates on assoc - kretprobe: Avoid re-registration of the same kretprobe earlier - genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set - xhci: fix bounce buffer usage for non-sg list case - cifs: report error instead of invalid when revalidating a dentry fails - smb3: Fix out-of-bounds bug in SMB2_negotiate() - mmc: core: Limit retries when analyse of SDIO tuples fails - nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs - [x86] KVM: SVM: Treat SVM as unsupported when running as an SEV guest - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page - mm: hugetlb: fix a race between freeing and dissolving the page - mm: hugetlb: fix a race between isolating and freeing page - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active - mm: thp: fix MADV_REMOVE deadlock on shmem THP - [x86] build: Disable CET instrumentation in the kernel - [x86] apic: Add extra serialization for non-serializing MSRs - Input: xpad - sync supported devices with fork on GitHub - [amd64] iommu/vt-d: Do not use flush-queue when caching-mode is on - md: Set prev_flush_start and flush_bio in an atomic way - net: ip_tunnel: fix mtu calculation - [arm64,armhf] net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.176 - tracing/kprobe: Fix to support kretprobe events on unloaded modules - block: fix NULL pointer dereference in register_disk - fgraph: Initialize tracing_graph_pause at task creation - af_key: relax availability checks for skb size calculation - regulator: core: avoid regulator_resolve_supply() race condition - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap - iwlwifi: pcie: fix context info memory leak - iwlwifi: mvm: guard against device removal in reprobe - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header - SUNRPC: Handle 0 length opaque XDR object data properly - lib/string: Add strscpy_pad() function - include/trace/events/writeback.h: fix -Wstringop-truncation warnings - memcg: fix a crash in wb_workfn when a device disappears - [x86] Fix unsynchronized access to sev members through svm_register_enc_region - block: don't hold q->sysfs_lock in elevator_init_mq - blk-mq: don't hold q->sysfs_lock in blk_mq_map_swqueue - squashfs: add more sanity checks in id lookup - squashfs: add more sanity checks in inode lookup - squashfs: add more sanity checks in xattr id lookup - regulator: core: enable power when setting up constraints - regulator: core: Clean enabling always-on regulators + their supplies - regulator: Fix lockdep warning resolving supplies https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.177 - tracing: Do not count ftrace events in top level enable output - tracing: Check length before giving out the filter buffer - [armhf] xen: Don't probe xenbus as part of an early initcall - [x86] platform/x86: hp-wmi: Disable tablet-mode reporting by default - ovl: perform vfs_getxattr() with mounter creds - cap: fix conversions on getxattr - ovl: skip getxattr of security labels - bfq-iosched: Revert "bfq: Fix computation of shallow depth" - [armel,armhf] ensure the signal page contains defined contents - [armel,armhf] kexec: fix oops after TLB are invalidated - mt76: dma: fix a possible memory leak in mt76_add_fragment() - bpf: Check for integer overflow when using roundup_pow_of_two() - netfilter: xt_recent: Fix attempt to update deleted entry - netfilter: flowtable: fix tcp and udp header checksum update - xen/netback: avoid race in xenvif_rx_ring_slots_available() - [arm64,armhf] net: stmmac: set TxQ mode back to DCB after disabling CBS - netfilter: conntrack: skip identical origin tuple in same zone only - [arm64] net: hns3: add a check for queue_id in hclge_reset_vf_queue() - [arm64] usb: dwc3: ulpi: fix checkpatch warning - [arm64] usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one - net: fix iteration for sctp transport seq_files - net/vmw_vsock: improve locking in vsock_connect_timeout() - net: watchdog: hold device global xmit lock during tx disable - vsock/virtio: update credit only if socket is not closed - vsock: fix locking in vsock_shutdown() - net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS - ovl: expand warning in ovl_d_real() - [x86] KVM: SEV: fix double locking due to incorrect backport - [x86] Xen/x86: don't bail early from clear_foreign_p2m_mapping() (CVE-2021-26932) - [x86] Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (CVE-2021-26932) - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (CVE-2021-26932) - Xen/gntdev: correct error checking in gntdev_map_grant_pages() (CVE-2021-26932) - [armhf] xen/arm: don't ignore return errors from set_phys_to_machine (CVE-2021-26932) - xen-blkback: don't "handle" error by BUG() (CVE-2021-26931) - xen-netback: don't "handle" error by BUG() (CVE-2021-26931) - xen-scsiback: don't "handle" error by BUG() (CVE-2021-26931) - xen-blkback: fix error handling in xen_blkbk_map() (CVE-2021-26930) - scsi: qla2xxx: Fix crash during driver load on big endian machines - kvm: check tlbs_dirty directly [ Salvatore Bonaccorso ] * [rt] Update to 4.19.173-rt72 * certs: Rotate to use the "Debian Secure Boot Signer 2021 - linux" certificate * Bump ABI to 15 -- Salvatore Bonaccorso Wed, 03 Mar 2021 13:48:46 +0100 linux (4.19.171-2) buster-security; urgency=high * xen: Fix XenStore initialisation for XS_LOCAL -- Salvatore Bonaccorso Sat, 30 Jan 2021 10:35:46 +0100 linux (4.19.171-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161 - perf event: Check ref_reloc_sym before using it - netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177) - btrfs: don't access possibly stale fs_info data for printing duplicate device - btrfs: fix lockdep splat when reading qgroup config on mount - wireless: Use linux/stddef.h instead of stddef.h - [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace - [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint - [x86] KVM: Fix split-irqchip vs interrupt injection window request - [arm64] pgtable: Fix pte_accessible() - [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Closes: #977615) - drm/atomic_helper: Stop modesets on unregistered connectors harder - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close - HID: cypress: Support Varmilo Keyboards' media hotkeys - HID: add support for Sega Saturn - Input: i8042 - allow insmod to succeed on devices without an i8042 controller - HID: hid-sensor-hub: Fix issue with devices with no report ID - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices - [x86] xen: don't unbind uninitialized lock_kicker_irq - HID: Add Logitech Dinovo Edge battery quirk - proc: don't allow async path resolution of /proc/self components - nvme: free sq/cq dbbuf pointers when dbbuf set fails - [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size - scsi: libiscsi: Fix NOP race condition - scsi: target: iscsi: Fix cmd abort fabric stop race - [x86] perf/x86: fix sysfs type mismatches - [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure - scsi: ufs: Fix race between shutdown and runtime resume flow - bnxt_en: fix error return code in bnxt_init_one() - bnxt_en: fix error return code in bnxt_init_board() - [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM - bnxt_en: Release PCI regions when DMA mask setup fails during probe. - cxgb4: fix the panic caused by non smac rewrite - [s390x] qeth: fix tear down of async TX buffers - IB/mthca: fix return value of error branch in mthca_init_cq() - net: ena: set initial DMA width to avoid intel iommu issue - [arm64] optee: add writeback to valid memory type - [arm64,armhf,x86] efivarfs: revert "fix memory leak in efivarfs_create()" (Closes: #977048) - can: gs_usb: fix endianess problem with candleLight firmware - [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time - [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment - USB: core: Change %pK for __user pointers to %px - usb: gadget: f_midi: Fix memleak in f_midi_alloc - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card - usb: gadget: Fix memleak in gadgetfs_fill_super - [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb - USB: core: Fix regression in Hercules audio card https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162 - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init - [s390x] net/af_iucv: set correct sk_protocol for child sockets - rose: Fix Null pointer dereference in rose_send_frame() - sock: set sk_err to ee_errno on dequeue from errq - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control - tun: honor IOCB_NOWAIT flag - i40e: Fix removing driver while bare-metal VFs pass traffic - bonding: wait for sysfs kobject destruction before freeing struct slave - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal - ipv4: Fix tos mask in inet_rtm_getroute() - geneve: pull IP header before ECN decapsulation - net: ip6_gre: set dev->hard_header_len when using header_ops - cxgb3: fix error return code in t3_sge_alloc_qset() - [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open() - net/mlx5: Fix wrong address reclaim when command interface is down - dt-bindings: net: correct interrupt flags in examples - ALSA: usb-audio: US16x08: fix value count for level meters - Input: xpad - support Ardwiino Controllers - Input: i8042 - add ByteSpeed touchpad to noloop table - tracing: Remove WARN_ON in start_thread() - RDMA/i40iw: Address an mmap handler exploit in i40iw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 - [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output - [x86] pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) - usb: gadget: f_fs: Use local copy of descriptors for userspace copy - USB: serial: kl5kusb105: fix memleak on open - USB: serial: ch341: add new Product ID for CH341A - USB: serial: ch341: sort device-id entries - USB: serial: option: add Fibocom NL668 variants - USB: serial: option: add support for Thales Cinterion EXS82 - USB: serial: option: fix Quectel BG96 matching - tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661) - tty: Fix ->session locking (CVE-2020-29660) - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 - ALSA: hda/realtek - Add new codec supported for ALC897 - ALSA: hda/generic: Add option to enforce preferred_dacs pairs - ftrace: Fix updating FTRACE_FL_TRAMP - cifs: fix potential use-after-free in cifs_echo_request() - [armhf] i2c: imx: Don't generate STOP condition if arbitration has been lost - scsi: mpt3sas: Fix ioctl timeout - dm writecache: fix the maximum number of arguments - dm: remove invalid sparse __acquires and __releases annotations - mm: list_lru: set shrinker map bit when child nr_items is not zero - mm/swapfile: do not sleep with a spin lock held - [x86] uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes - [armhf] i2c: imx: Fix reset of I2SR_IAL flag - [armhf] i2c: imx: Check for I2SR_IAL after every byte - speakup: Reject setting the speakup line discipline outside of speakup (CVE-2020-27830) - [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs - spi: Introduce device-managed SPI controller allocation - [arm*] spi: bcm2835: Fix use-after-free on unbind - [arm*] spi: bcm2835: Release the DMA channel if probe fails after dma_init - tracing: Fix userstacktrace option for instances - gfs2: check for empty rgrp tree in gfs2_ri_update - [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() - dm writecache: remove BUG() and fail gracefully instead - Input: i8042 - fix error return code in i8042_setup_aux() - netfilter: nf_tables: avoid false-postive lockdep splat - [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes - Revert "geneve: pull IP header before ECN decapsulation" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164 - [x86] lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S - [arm*] spi: bcm2835aux: Fix use-after-free on unbind - [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe - iwlwifi: pcie: limit memory read spin time - iwlwifi: mvm: fix kernel panic in case of assert during CSA - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE - [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend - [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen - [x86] platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC - Input: cm109 - do not stomp on control URB - Input: i8042 - add Acer laptops to the i8042 reset list - pinctrl: amd: remove debounce filter setting in IRQ type setting - mmc: block: Fixup condition for CMD13 polling for RPMB requests - kbuild: avoid static_assert for genksyms - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" - [x86] membarrier: Get rid of a dubious optimization - [x86] apic/vector: Fix ordering in vector assignment - [arm64] PCI: qcom: Add missing reset for ipq806x - mac80211: mesh: fix mesh_pathtbl_init() error path - [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume() - tcp: select sane initial rcvq_space.space for big MSS - tcp: fix cwnd-limited bug for TSO deferral where we send nothing - net/mlx4_en: Avoid scheduling restart task if it is already running - lan743x: fix for potential NULL pointer dereference with bare card - net/mlx4_en: Handle TX error CQE - [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled - [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux - net: bridge: vlan: fix error return code in __vlan_add() - USB: add RESET_RESUME quirk for Snapscan 1212 - ALSA: usb-audio: Fix potential out-of-bounds shift - ALSA: usb-audio: Fix control 'access overflow' errors from chmap - xhci: Give USB2 ports time to enter U3 in bus suspend - USB: UAS: introduce a quirk to set no_write_same - ALSA: pcm: oss: Fix potential out-of-bounds shift - [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi - [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it off - [arm*] gpio: mvebu: fix potential user-after-free on probe - scsi: bnx2i: Requires MMU - xsk: Fix xsk_poll()'s return type - can: softing: softing_netdev_open(): fix error handling - block: factor out requeue handling from dispatch code - netfilter: x_tables: Switch synchronization to RCU - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait - ixgbe: avoid premature Rx buffer reuse - [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base() - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling - [arm64,armhf] drm/tegra: sor: Disable clocks on error in tegra_sor_init() - [arm64] syscall: exit userspace before unmasking exceptions - vxlan: Add needed_headroom for lower device - vxlan: Copy needed_tailroom from lowerdev - scsi: mpt3sas: Increase IOCInit request timeout to 30s - dm table: Remove BUG_ON(in_interrupt()) - [arm64] soc/tegra: fuse: Fix index bug in get_process_id - USB: serial: option: add interface-number sanity check to flag handling - USB: gadget: f_acm: add support for SuperSpeed Plus - USB: gadget: f_midi: setup SuperSpeed Plus descriptors - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above - [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul - [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU - [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU - scsi: megaraid_sas: Check user-provided offsets - HID: i2c-hid: add Vero K147 to descriptor override - serial_core: Check for port state when tty is in error state - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() - quota: Sanity-check quota file headers on load - media: msi2500: assign SPI bus number dynamically - crypto: af_alg - avoid undefined behavior accessing salg_name - md: fix a warning caused by a race between concurrent md_ioctl()s - perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata - perf cs-etm: Move definition of 'traceid_list' global variable from header file - [x86] drm/gma500: fix double free of gma_connector - selinux: fix error initialization in inode_doinit_with_dentry() - RDMA/rxe: Compute PSN windows correctly - [x86] mm/ident_map: Check for errors from ident_pud_init() - [armel,armhf] p2v: fix handling of LPAE translation in BE mode - [x86] apic: Fix x2apic enablement without interrupt remapping - sched/deadline: Fix sched_dl_global_validate() - sched: Reenable interrupts in do_sched_yield() - [arm64] crypto: inside-secure - Fix sizeof() mismatch - [powerpc*] 64: Set up a kernel stack for secondaries before cpu_restore() - [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state - ASoC: pcm: DRAIN support reactivation - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling - Bluetooth: Fix null pointer dereference in hci_event_packet() - Bluetooth: hci_h5: fix memory leak in h5_close - [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup - [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20 - [arm64,armhf] spi: tegra20-sflash: fix reference leak in tegra_sflash_resume - [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure - RDMa/mthca: Work around -Wenum-conversion warning - [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() - [x86] media: tm6000: Fix sizeof() mismatches - scsi: core: Fix VPD LUN ID designator priorities - media: solo6x10: fix missing snd_card_free in error handling case - [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() - Input: ads7846 - fix race that causes missing releases - Input: ads7846 - fix integer overflow on Rt calculation - Input: ads7846 - fix unaligned access on 7845 - spi: fix resource leak for drivers without .remove callback - [armhf] Input: omap4-keypad - fix runtime PM error handling - RDMA/cxgb4: Validate the number of CQEs - memstick: fix a double-free bug in memstick_check - orinoco: Move context allocation after processing the skb - [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() - media: siano: fix memory leak of debugfs members in smsdvb_hotplug - [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() - [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc - [x86] power: supply: bq24190_charger: fix reference leak - genirq/irqdomain: Don't try to free an interrupt that has no mapping - PCI: Bounds-check command-line resource alignment requests - PCI: Fix overflow in command-line resource alignment requests - [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2 - [x86] platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init - ath10k: Fix the parsing error in service available event - ath10k: Fix an error handling path - ath10k: Release some resources in an error handling path - NFSv4.2: condition READDIR's mask for security label based on LSM state - SUNRPC: xprt_load_transport() needs to support the netid "rdma6" - lockd: don't use interval-based rebinding over TCP - NFS: switch nfsiod to be an UNBOUND workqueue. - vfio-pci: Use io_remap_pfn_range() for PCI IO memory - media: saa7146: fix array overflow in vidioc_s_audio() - memstick: r592: Fix error return in r592_probe() - net/mlx5: Properly convey driver version to firmware - dm ioctl: fix error return code in target_message - [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI - [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe - scsi: pm80xx: Fix error return in pm8001_pci_probe() - seq_buf: Avoid type mismatch for seq_buf_init - [x86] scsi: fnic: Fix error return code in fnic_probe() - [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from suspend ops - [powerpc*] pseries/hibernation: remove redundant cacheinfo update - [armhf] usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe - speakup: fix uninitialized flush_lock - nfsd: Fix message level for normal termination - nfs_common: need lock during iterate through the list - [x86] kprobes: Restore BTF if the single-stepping is cancelled - [arm64,armhf] clk: tegra: Fix duplicated SE clock entry - mac80211: don't set set TDLS STA bandwidth wider than possible - watchdog: Fix potential dereferencing of null pointer - [armhf] net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function - [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in __blk_label_update - [arm64] watchdog: qcom: Avoid context switch in restart handler - [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup - qlcnic: Fix error code in probe - [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the probe function - [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel - [armhf] sunxi: Add machine match for the Allwinner V3 SoC - cfg80211: initialize rekey_data - lwt: Disable BH too in run_lwt_bpf() - [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key events - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet - media: gspca: Fix memory leak in probe - [armhf] media: sunxi-cir: ensure IR is handled when it is continuous - media: netup_unidvb: Don't leak SPI master in probe error path - [x86] Input: cyapa_gen6 - fix out-of-bounds stack access - ALSA: hda/ca0132 - Change Input Source enum strings. - PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" - ACPI: PNP: compare the string length in the matching_id() - ALSA: hda: Fix regressions on clear and reconfig sysfs - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 - ALSA: pcm: oss: Fix a few more UBSAN fixes - ALSA: hda/realtek: Add quirk for MSI-GP73 - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices - ALSA: usb-audio: Disable sample read check if firmware doesn't give back - [s390x] smp: perform initial CPU reset also for SMT siblings - [s390x] dasd: fix hanging device offline processing - [s390x] dasd: prevent inconsistent LCU device data - [s390x] dasd: fix list corruption of pavgroup group list - [s390x] dasd: fix list corruption of lcu list - [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection - [powerpc*] perf: Exclude kernel samples while counting events in user space. - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() - [x86] EDAC/amd64: Fix PCI component registration - USB: serial: mos7720: fix parallel-port state restore - USB: serial: digi_acceleport: fix write-wakeup deadlocks - USB: serial: keyspan_pda: fix dropped unthrottle interrupts - USB: serial: keyspan_pda: fix write deadlock - USB: serial: keyspan_pda: fix stalled writes - USB: serial: keyspan_pda: fix write-wakeup use-after-free - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free - USB: serial: keyspan_pda: fix write unthrottling - ext4: fix a memory leak of ext4_free_data - ext4: fix deadlock with fs freezing and EA inodes - [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps - [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES - [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at - [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter - [powerpc*] xmon: Change printk() to pr_cont() - ceph: fix race in concurrent __ceph_remove_cap invocations - SMB3: avoid confusing warning message on mount to Azure - SMB3.1.1: do not log warning message if server doesn't populate salt - ubifs: wbuf: Don't leak kernel memory to flash - jffs2: Fix GC exit abnormally - jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() - [armel] mtd: parser: cmdline: Fix parsing of part-names with colons - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() - iio: buffer: Fix demux update - [arm64,armhf] iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume - md/cluster: block reshape with remote resync job - md/cluster: fix deadlock when node is doing resync job - [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler - [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (CVE-2020-29569) - xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568) - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (CVE-2020-29568) - xen/xenbus/xen_bus_type: Support will_handle watch callback (CVE-2020-29568) - xen/xenbus: Count pending messages for each watch (CVE-2020-29568) - xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568) - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels - [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 - PCI: Fix pci_slot_release() NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165 - md/raid10: initialize r10_bio->read_slot before use. - fscrypt: add fscrypt_is_nokey_name() - ext4: prevent creating duplicate encrypted filenames - f2fs: prevent creating duplicate encrypted filenames - ubifs: prevent creating duplicate encrypted filenames - vfio/pci: Move dummy_resources_list init in vfio_pci_probe() - ext4: don't remount read-only with errors=continue on reboot - uapi: move constants from to - [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses - [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits - [powerpc*] bitops: Fix possible undefined behaviour with fls() and fls64() - xen/gntdev.c: Mark pages as dirty - null_blk: Fix zone size initialization - of: fix linker-section match-table corruption - Bluetooth: hci_h5: close serdev device and free hu in h5_close - reiserfs: add check for an invalid ih_entry_count - [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() - media: gp8psk: initialize stats at power control logic - ALSA: seq: Use bool for snd_seq_queue internal flags - ALSA: rawmidi: Access runtime->avail always in spinlock - fcntl: Fix potential deadlock in send_sig{io, urg}() - [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init - module: set MODULE_STATE_GOING state when a module fails to load - quota: Don't overflow quota file offsets - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode - module: delay kobject uevent until after module init call - ALSA: pcm: Clear the full allocated memory at hw_params - dm verity: skip verity work if I/O error when system is shutting down https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166 - kdev_t: always inline major/minor helper functions - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167 - workqueue: Kick a worker based on the actual activation of delayed works - scsi: ufs: Fix wrong print message in dev_err() - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands - lib/genalloc: fix the overflow when size is too big - proc: change ->nlink under proc_subdir_lock - proc: fix lookup in /proc/net subdirectories after setns(2) - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs - [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause frames - [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse - atm: idt77252: call pci_disable_device() on error path - [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control configurations - qede: fix offload for IPIP tunnel packets - virtio_net: Fix recursive call to cpus_read_lock() - net-sysfs: take the rtnl lock when storing xps_cpus - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() - [arm64] net: hns: fix return value check in __lb_other_process() - erspan: fix version 1 check in gre_parse_header() - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running - CDC-NCM: remove "connected" log message - net: usb: qmi_wwan: add Quectel EM160R-GL - r8169: work around power-saving bug on some chip versions - vhost_net: fix ubuf refcount incorrectly when sendmsg fails - net: sched: prevent invalid Scell_log shift count - net-sysfs: take the rtnl lock when storing xps_rxqs - net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close - [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() - usb: gadget: enable super speed plus - USB: cdc-acm: blacklist another IR Droid device - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). - [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion - [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set - usb: usbip: vhci_hcd: protect shift size - USB: serial: iuu_phoenix: fix DMA from stack - USB: serial: option: add LongSung M5710 module support - USB: serial: option: add Quectel EM160R-GL - USB: yurex: fix control-URB timeout handling - USB: usblp: fix DMA to stack - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks - usb: gadget: f_uac2: reset wMaxPacketSize - usb: gadget: function: printer: Fix a memory leak for interface descriptor - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size - usb: gadget: Fix spinlock lockup on usb_function_deactivate - usb: gadget: configfs: Preserve function ordering after bind failure - usb: gadget: configfs: Fix use-after-free issue with udc_name - USB: serial: keyspan_pda: remove unused variable - [x86] mm: Fix leak of pmd ptlock - ALSA: hda/via: Fix runtime PM for Clevo W35xSS - ALSA: hda/conexant: add a new hda codec CX11970 - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 - btrfs: send: fix wrong file path when there is an inode with a pending rmdir - Revert "device property: Keep secondary firmware node secondary by type" - [x86] xen/pvh: correctly setup the PV EFI interface for dom0 - netfilter: x_tables: Update remaining dereference to RCU - netfilter: ipset: fix shift-out-of-bounds in htable_bits() - netfilter: xt_RATEEST: reject non-null terminated string from userspace - [x86] mtrr: Correct the range check before performing MTRR type lookups - scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168 - net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736) - [arm64] net: hns3: fix the number of queues actually used by ARQ - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource references - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power - net: vlan: avoid leaks on register_vlan_dev() failures - net: ip: always refragment ip defragmented packets - net: fix pmtu check in nopmtudisc mode - net: ipv6: fib: flush exceptions when purging route - vmlinux.lds.h: Add PGO and AutoFDO input sections - [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert - [amd64] spi: pxa2xx: Fix use-after-free on unbind - HID: wacom: Fix memory leakage caused by kfifo_alloc - [armhf] OMAP2+: omap_device: fix idling of devices during probe - [x86] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() - [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups - net/mlx5e: Fix two double free cases - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev - [arm64] KVM: Don't access PMCR_EL0 when no PMU is available - block: fix use-after-free in disk_part_iter_next - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169 - ASoC: dapm: remove widget from dirty list on free - [x86] hyperv: check cpu mask after interrupt has been disabled - [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB - ACPI: scan: Harden acpi_device_add() against device ID overflows - mm/hugetlb: fix potential missing huge page size info - dm snapshot: flush merged data before committing metadata - dm integrity: fix the maximum number of arguments - r8152: Add Lenovo Powered USB-C Travel Hub - ext4: fix bug for rename with RENAME_WHITEOUT - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan - bfq: Fix computation of shallow depth - [arm64] drm/msm: Call msm_init_vram before binding the gpu - dump_common_audit_data(): fix racy accesses to ->d_name - [x86] ASoC: Intel: fix error code cnl_set_dsp_D0() - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock - pNFS: Mark layout for return if return-on-close was not sent - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter - NFS: nfs_igrab_and_active must first reference the superblock - ext4: fix superblock checksum failure when setting password salt - [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp - RDMA/mlx5: Fix wrong free of blue flame register on error - mm, slub: consider rest of partial list if acquire_slab() fails - net: sunrpc: interpret the return value of kstrtou32 correctly - dm: eliminate potential source of excessive kernel log noise - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() - ALSA: fireface: Fix integer overflow in transmit_midi_msg() - netfilter: conntrack: fix reading nf_conntrack_buckets - netfilter: nf_nat: Fix memleak in nf_nat_init https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170 - usb: ohci: Make distrust_firmware param default to false - dm integrity: fix flush with external metadata device - nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178) - udp: Prevent reuseport_select_sock from reading uninitialized socks - netxen_nic: fix MSI/MSI-x interrupts - [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request - esp: avoid unneeded kmap_atomic call - net: dcb: Validate netlink message in DCB handler - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands - rxrpc: Call state should be read with READ_ONCE() under some circumstances - [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned - net: sit: unregister_netdevice on newlink's error path - net: avoid 32 x truesize under-estimation for tiny skbs - rxrpc: Fix handling of an unsupported token type in rxrpc_read() - tipc: fix NULL deref in tipc_link_xmit() - net: introduce skb_list_walk_safe for skb segment walking - net: skbuff: disambiguate argument and member for skb_list_walk_safe helper - net: ipv6: Validate GSO SKB before finish IPv6 processing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171 - ALSA: hda/via: Add minimum mute flag - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error - btrfs: fix lockdep splat in btrfs_recover_relocation - mmc: core: don't initialize block size from ext_csd if not present - [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization - dm: avoid filesystem lookup in dm_get_dev_t() - dm integrity: fix a crash if "recalculate" used without "internal_hash" - drm/atomic: put state on error path - [x86] ASoC: Intel: haswell: Add missing pm_ops - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback - scsi: qedi: Correct max length of CHAP secret - HID: Ignore battery for Elan touchscreen on ASUS UX550 - xen: Fix event channel callback via INTX/GSI - drm/nouveau/bios: fix issue shadowing expansion ROMs - drm/nouveau/privring: ack interrupts the same way as RM - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields - drm/nouveau/mmu: fix vram heap sizing - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression - i2c: octeon: check correct size of maximum RECV_LEN packet - [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list - can: dev: can_restart: fix use after free bug - can: vxcan: vxcan_xmit: fix use after free bug - can: peak_usb: fix use after free bugs - [mips*] irqchip/mips-cpu: Set IPI domain parent chip - [x86] intel_th: pci: Add Alder Lake-P support - [arm64] serial: mvebu-uart: fix tx lost characters at power off - ehci: fix EHCI host controller initialization sequence - usb: udc: core: Use lock when write to soft_connect - xhci: make sure TRB is fully written before giving it to the controller - [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector - driver core: Extend device_is_dependent() - netfilter: rpfilter: mask ecn bits before fib lookup - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too - udp: mask TOS bits in udp_v4_early_demux() - ipv6: create multicast route with RTPROT_KERNEL - net_sched: avoid shift-out-of-bounds in tcindex_set_parms() - net_sched: reject silly cell_log in qdisc_get_rtab() - ipv6: set multicast flag on the multicast route - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled - [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid" [ Salvatore Bonaccorso ] * [rt] Update to 4.19.165-rt70 * Bump ABI to 14 * [rt] Refresh "net/core: protect users of napi_alloc_cache against reentrance" * futex: Move futex exit handling into futex code * futex: Replace PF_EXITPIDONE with a state * exit/exec: Seperate mm_release() * futex: Split futex_mm_release() for exit/exec * futex: Set task::futex_state to DEAD right after handling futex exit * futex: Mark the begin of futex exit explicitly * futex: Sanitize exit state handling * futex: Provide state handling for exec() as well * futex: Add mutex around futex exit * futex: Provide distinct return value when owner is exiting * futex: Prevent exit livelock * [rt] Refresh "softirq: Split softirq locks" * [arm*] gpio: mvebu: fix pwm .get_state period calculation * Revert "mm/slub: fix a memory leak in sysfs_slab_add()" * futex: Ensure the correct return value from futex_lock_pi() * futex: Replace pointless printk in fixup_owner() * futex: Provide and use pi_state_update_owner() * rtmutex: Remove unused argument from rt_mutex_proxy_unlock() * futex: Use pi_state_update_owner() in put_pi_state() * futex: Simplify fixup_pi_state_owner() * futex: Handle faults correctly for PI futexes * [rt] Refresh "rtmutex: Handle the various new futex race conditions" * [rt] Refresh "rtmutex: add sleeping lock implementation" * [rt] Refresh "Revert "rtmutex: Handle the various new futex race conditions"" * [rt] Refresh "futex: Make the futex_hash_bucket lock raw" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring back its old state" * HID: wacom: Correct NULL dereference on AES pen proximity * tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825) [ Uwe Kleine-König ] * [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345) -- Salvatore Bonaccorso Fri, 29 Jan 2021 23:03:16 +0100 linux (4.19.160-2) buster; urgency=medium * net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS) -- Salvatore Bonaccorso Sat, 28 Nov 2020 08:47:24 +0100 linux (4.19.160-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - [ppc64el] ibmveth: Switch order of ibmveth_helper calls. - [ppc64el] ibmveth: Identify ingress large send packets. - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route - mlx4: handle non-napi callers to napi_poll - [armhf] net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() - [armhf] net: fec: Fix PHY init after phy_reset_after_clk_enable() - net: fix pos incrementment in ipv6_route_seq_next - net/smc: fix valid DMBE buffer sizes - net: usb: qmi_wwan: add Cellient MPL200 card - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - [arm*] binder: fix UAF when releasing todo list (CVE-2020-0423) - ALSA: bebob: potential info leak in hwdep_read() - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - [x86,ppc64el] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - r8169: fix operation under forced interrupt threading - icmp: randomize the global rate limiter (CVE-2020-25705) - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 - cifs: remove bogus debug code - cifs: Return the error from crypt_message when enc/dec key not found. - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages - [x86] KVM: SVM: Initialize prev_ga_tag before use - crypto: algif_aead - Do not set MAY_BACKLOG on the async path - [x86] EDAC/i5100: Fix error handling order in i5100_init_one() - [x86] fpu: Allow multiple bits in clearcpuid= parameter - [arm64] drivers/perf: xgene_pmu: Fix uninitialized resource struct - [x86] nmi: Fix nmi_handle() duration miscalculation - [amd64] x86/events/amd/iommu: Fix sizeof mismatch - crypto: algif_skcipher - EBUSY on aio should be an error - media: tuner-simple: fix regression in simple_set_radio_freq - media: uvcvideo: Set media controller entity functions - media: uvcvideo: Silence shift-out-of-bounds warning - [armhf] media: omap3isp: Fix memleak in isp_probe - [armhf] media: ti-vpe: Fix a missing check and reference count leak - regulator: resolve supply after creating regulator - ath10k: provide survey info as accumulated data - Bluetooth: hci_uart: Cancel init work before unregistering - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path - [arm64] wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - [arm64] ASoC: qcom: lpass-platform: fix memory leak - [arm64] ASoC: qcom: lpass-cpu: fix concurrency issue - brcmfmac: check ndev pointer - mwifiex: Do not use GFP_KERNEL in atomic context - [x86] staging: rtl8192u: Do not use GFP_KERNEL in atomic context - [x86] drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - [x86] VMCI: check return value of get_user_pages_fast() for errors - [ppc64el] tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() - pty: do tty_flip_buffer_push without port->lock in pty_write - [x86] pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() - [x86] pwm: lpss: Add range limit check for the base_unit register value - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - video: fbdev: radeon: Fix memleak in radeonfb_pci_register - HID: roccat: add bounds checking in kone_sysfs_write_settings() - [armhf] pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser - [armhf] pinctrl: mcp23s08: Fix mcp23x17 precious range - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow - [arm64,armhf] net: stmmac: use netif_tx_start|stop_all_queues() function - [arm64] cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - [amd64] misc: mic: scif: Fix error handling path - [arm*] usb: dwc2: Fix parameter type in function pointer prototype - quota: clear padding in v2r1_mem2diskdqb() - HID: hid-input: fix stylus battery reporting - net: enic: Cure the enic api locking trainwreck - [mips*] mfd: sm501: Fix leaks in probe() - iwlwifi: mvm: split a print to avoid a WARNING in ROC - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - [arm*] usb: dwc2: Fix INTR OUT transfers in DDMA mode. - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() - mwifiex: fix double free - ipvs: clear skb->tstamp in forwarding path - netfilter: nf_log: missing vlan offload tag and proto - mm/memcg: fix device private memcg accounting - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - IB/mlx4: Fix starvation in paravirt mux/demux - IB/mlx4: Adjust delayed work when a dup is observed - [powerpc*] pseries: Fix missing of_node_put() in rng_init() - [powerpc*] icp-hv: Fix missing of_node_put() in success path - RDMA/ucma: Fix locking for ctx->events_reported - RDMA/ucma: Add missing locking around rdma_leave_multicast() - [powerpc*] pseries: explicitly reschedule during drmem_lmb list traversal - mtd: mtdoops: Don't write panic data twice - [armel,armhf] ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - xfs: limit entries returned when counting fsmap records - xfs: fix high key handling in the rt allocator's query_range function - RDMA/qedr: Fix use of uninitialized field - RDMA/qedr: Fix inline size returned for iWARP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154 - [powerpc*] 64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm - RDMA/cma: Remove dead code for kernel rdmacm multicast - RDMA/cma: Consolidate the destruction of a cma_multicast in one place - [arm64] RDMA/hns: Set the unsupported wr opcode - [arm64] RDMA/hns: Fix missing sq_sig_type when querying QP - overflow: Include header file with SIZE_MAX declaration - [powerpc*] perf: Exclude pmc5/6 from the irrelevant PMU group constraints - [poerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - IB/rdmavt: Fix sizeof mismatch - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info - lib/crc32.c: fix trivial typo in preprocessor condition - rapidio: fix error handling path - rapidio: fix the missed put_device() for rio_mport_add_riodev - mailbox: avoid timer start from callback - [arm64,armhf] clk: rockchip: Initialize hw to error to avoid undefined behavior - [arm*] clk: bcm2835: add missing release if devm_clk_hw_register fails - watchdog: Fix memleak in watchdog_cdev_register - watchdog: Use put_device on error - svcrdma: fix bounce buffers for unaligned offsets and multiple pages - ext4: limit entries returned when counting fsmap records - vfio/pci: Clear token on bypass registration failure - [amd64,arm64] vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error - [x86] KVM: emulating RDPID failure shall return #UD rather than #GP - netfilter: conntrack: connection timeout after re-register - netfilter: nf_fwd_netdev: clear timestamp in forwarding path - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator - [armhf] memory: omap-gpmc: Fix a couple off by ones - [powerpc*] powernv/dump: Fix race while processing OPAL dump - nvmet: fix uninitialized work for zero kato - [x86,arm64] i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs - block: ratelimit handle_bad_sector() message - [x86] crypto: ccp - fix error handling - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - fs: dlm: fix configfs memory leak - [arm64] media: venus: core: Fix runtime PM imbalance in venus_probe - ip_gre: set dev->hard_header_len and dev->needed_headroom properly - mac80211: handle lack of sband->bitrates in rates - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - [amd64] mic: vop: copy data to kernel space then write to io memory - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - USB: cdc-acm: handle broken union descriptors - [arm64,armhf] usb: dwc3: simple: add support for Hikey 970 - [armhf] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - [ppc64el] scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - scsi: qedi: Protect active command list to avoid list corruption - scsi: qedi: Fix list_del corruption while removing active I/O - [x86] tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - mwifiex: don't call del_timer_sync() on uninitialized timer - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - eeprom: at25: set minimum read/write access stride to 1 - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155 - scripts/setlocalversion: make git describe output more reliable - [arm64] Run ARCH_WORKAROUND_1 enabling code on all CPUs - [arm64] link with -z norelro regardless of CONFIG_RELOCATABLE - [x86,arm64,armhf] efivarfs: Replace invalid slashes with exclamation marks in dentries. - gtp: fix an use-before-init in gtp_newlink() - netem: fix zero division in tabledist - tcp: Prevent low rmem stalls with SO_RCVLOWAT. - tipc: fix memory leak caused by tipc_buf_append() - r8169: fix issue with forced threading in combination with shared interrupts - cxgb4: set up filter action after rewrites - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch - [x86] xen: disable Firmware First mode for correctable memory errors - fuse: fix page dereference after free - bpf: Fix comment for helper bpf_current_task_under_cgroup() - p54: avoid accessing the data mapped to streaming DMA - [powerpc*] cxl: Rework error message for incompatible slots - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() - mtd: lpddr: Fix bad logic in print_drs_error - [arm*] serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir - fscrypt: clean up and improve dentry revalidation - fscrypt: fix race allowing rename() and link() of ciphertext dentries - fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory - fscrypt: only set dentry_operations on ciphertext dentries - fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext - Revert "block: ratelimit handle_bad_sector() message" - xen/events: don't use chip_data for legacy IRQs - xen/events: avoid removing an event channel while handling it (CVE-2020-27675) - xen/events: add a proper barrier to 2-level uevent unmasking (CVE-2020-27673) - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) - xen/blkback: use lateeoi irq binding (CVE-2020-27673) - xen/netback: use lateeoi irq binding (CVE-2020-27673) - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) - xen/pciback: use lateeoi irq binding (CVE-2020-27673) - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) - xen/events: use a common cpu hotplug hook for event channels (CVE-2020-27673) - xen/events: defer eoi in case of excessive number of events (CVE-2020-27673) - xen/events: block rogue events for some time (CVE-2020-27673) - RDMA/qedr: Fix memory leak in iWARP CM - ata: sata_nv: Fix retrieving of active qcs - futex: Fix incorrect should_fail_futex() handling - [powerpc*] powernv/smp: Fix spurious DBG() warning - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM - f2fs: add trace exit in exception path - f2fs: fix uninit-value in f2fs_lookup - f2fs: fix to check segment boundary during SIT page readahead - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses - power: supply: bq27xxx: report "not charging" on all types - xfs: fix realtime bitmap/summary file truncation when growing rt volume - ath10k: fix VHT NSS calculation when STBC is enabled - media: videodev2.h: RGB BT2020 and HSV are always full range - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart - media: tw5864: check status of tw5864_frameinterval_get - mmc: via-sdmmc: Fix data race bug - [arm64] topology: Stop using MPIDR for topology information - media: uvcvideo: Fix dereference of out-of-bound list iterator - USB: adutux: fix debugging - uio: free uio id after uio file node is freed - usb: xhci: omit duplicate actions when suspending a runtime suspended host. - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE - xfs: don't free rt blocks when we're doing a REMAP bunmapi call - ACPI: Add out of bounds and numa_off protections to pxm_to_node() - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values - btrfs: fix replace of seed device - md/bitmap: md_bitmap_get_counter returns wrong blocks - bnxt_en: Log unknown link speed appropriately. - [arm64] rpmsg: glink: Use complete_all for open states - [armhf] clk: ti: clockdomain: fix static checker warning - net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid - ext4: Detect already used quota file early - gfs2: add validation checks for size of superblock - cifs: handle -EINTR in cifs_setattr - [armhf] memory: emif: Remove bogus debugfs error handling - nbd: make the config put is called before the notifying the waiter - sgl_alloc_order: fix memory leak - nvme-rdma: fix crash when connect rejected - md/raid5: fix oops during stripe resizing - [x86,arm64] mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN - [x86] perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect - fs: Don't invalidate page buffers in block_write_full_page() - NFS: fix nfs_path in case of a rename retry - ACPI: button: fix handling lid state changes when input device closed - [x86] ACPI / extlog: Check for RDMSR failure (Closes: #971058) - [x86] ACPI: video: use ACPI backlight for HP 635 Notebook - [x86] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() - scsi: qla2xxx: Fix crash on session cleanup with unload - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode - btrfs: improve device scanning messages - btrfs: reschedule if necessary when logging directory items - btrfs: send, recompute reference path after orphanization of a directory - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() - btrfs: cleanup cow block on error - btrfs: fix use-after-free on readahead extent after failure to create it - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove driver - usb: cdc-acm: fix cooldown mechanism - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect - [x86] drm/i915: Force VT'd workarounds when running as a guest OS - vt: keyboard, simplify vt_kdgkbsent - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery - udf: Fix memory leak when mounting - [powerpc*] drmem: Make lmb_size 64 bit - [s390x] stp: add locking to sysfs functions - [powerpc*] rtas: Restrict RTAS requests from userspace (CVE-2020-27777) - [powerpc*] Warn about use of smt_snooze_delay - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load emulation - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag - NFSD: Add missing NFSv2 .pc_func methods - ubifs: dent: Fix some potential memory leaks while iterating entries - perf python scripting: Fix printable strings in python3 scripts - ubi: check kthread_should_stop() after the setting of task state - [armhf] i2c: imx: Fix external abort on interrupt in exit paths - drm/amdgpu: don't map BO in reserved region - ceph: promote to unsigned long long before shifting - libceph: clear con->out_msg on Policy::stateful_server faults - 9P: Cast to loff_t before multiplying - ring-buffer: Return 0 on success from ring_buffer_resize() - [amd64] vringh: fix __vringh_iov() when riov and wiov are different - ext4: fix leaking sysfs kobject after failed mount - ext4: fix error handling code in add_new_gdb - ext4: fix invalid inode checksum - drm/ttm: fix eviction valuable range check. - tty: make FONTX ioctl use the tty pointer they were actually passed (CVE-2020-25668) - cachefiles: Handle readpage error correctly - device property: Keep secondary firmware node secondary by type - device property: Don't clear secondary pointer for shared primary firmware node - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice - [mips*] staging: octeon: repair "fixed-link" support - [mips*] staging: octeon: Drop on uncorrectable alignment or FCS error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156 - [x86] drm/i915: Break up error capture compression loops with cond_resched() - tipc: fix use-after-free in tipc_bcast_get_mode - ptrace: fix task_join_group_stop() for the case when current is traced - [arm64] cadence: force nonlinear buffers to be cloned - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms - [arm64,armhf] sfp: Fix error handing in sfp_probe() - blktrace: fix debugfs use after free (CVE-2019-19770) - btrfs: extent_io: Kill the forward declaration of flush_write_bio - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up - Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" - btrfs: flush write bio if we loop in extent_write_cache_pages - btrfs: extent_io: Handle errors better in extent_write_full_page() - btrfs: extent_io: Handle errors better in btree_write_cache_pages() - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts - btrfs: Don't submit any btree write bio if the fs has errors (CVE-2019-19039, CVE-2019-19377) - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it - btrfs: tree-checker: Make chunk item checker messages more readable - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO - btrfs: tree-checker: Check chunk item at tree block read time - btrfs: tree-checker: Verify dev item - btrfs: tree-checker: Fix wrong check on max devid - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (CVE-2019-19816) - btrfs: tree-checker: Verify inode item - btrfs: tree-checker: fix the error message for transid error - Fonts: Replace discarded const qualifier - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 - ALSA: usb-audio: Add implicit feedback quirk for MODX - mm: mempolicy: fix potential pte_unmap_unlock pte error - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled - mm: always have io_remap_pfn_range() set pgprot_decrypted() - gfs2: Wake up when sd_glock_disposal becomes zero - ring-buffer: Fix recursion protection transitions between interrupt context - ftrace: Fix recursion check for NMI test - ftrace: Handle tracing when switching between context - tracing: Fix out of bounds write in get_trace_buf - futex: Handle transient "ownerless" rtmutex state correctly - [amd64] x86/kexec: Use up-to-dated screen_info copy to fill boot params - of: Fix reserved-memory overlap detection - blk-cgroup: Fix memleak on error path - blk-cgroup: Pre-allocate tree node on blkg_conf_prep - scsi: core: Don't start concurrent async scan on same host - vsock: use ns_capable_noaudit() on socket create - [arm*] drm/vc4: drv: Add error handding for bind - [amd64,arm64] ACPI: NFIT: Fix comparison to '-ENXIO' - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974) - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent - USB: serial: cyberjack: fix write-URB completion race - USB: serial: option: add Quectel EC200T module support - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 - USB: serial: option: add Telit FN980 composition 0x1055 - USB: Add NO_LPM quirk for Kingston flash drive - PM: runtime: Resume the device earlier in __device_release_driver() - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (CVE-2020-25704) - tools: perf: Fix build error in v4.19.y - [arm64,armhf] net: dsa: read mac address from DT for slave device - [arm64] dts: marvell: espressobin: Add ethernet switch aliases https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157 - [x86] powercap: restrict energy meter to root access (CVE-2020-8694) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158 - regulator: defer probe when trying to get voltage from unresolved supply - time: Prevent undefined behaviour in timespec64_to_ns() - nbd: don't update block size after device is started - [arm64,armhf] usb: dwc3: gadget: Continue to process pending requests - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request completion - btrfs: sysfs: init devices outside of the chunk_mutex - btrfs: reschedule when cloning lots of extents - [x86] hv_balloon: disable warning when floor reached - net: xfrm: fix a race condition during allocing spi - xfs: set xefi_discard when creating a deferred agfl free log intent item - netfilter: ipset: Update byte and packet counters regardless of whether they match - perf tools: Add missing swap for ino_generation - [x86] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() - can: rx-offload: don't call kfree_skb() from IRQ context - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() - can: peak_usb: add range checking in decode operations - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on - [armhf] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A - xfs: flush new eof page on truncate to avoid post-eof corruption - [arm64,x86] tpm: efi: Don't create binary_bios_measurements file for an empty log - Btrfs: fix missing error return if writeback for extent buffer never started - ath9k_htc: Use appropriate rs_datalen type - netfilter: use actual socket sk rather than skb sk when routing harder - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free - gfs2: Add missing truncate_inode_pages_final for sd_aspace - gfs2: check for live vs. read-only file system in gfs2_fitrim - scsi: hpsa: Fix memory leak in hpsa_init_one() - drm/amdgpu: perform srbm soft reset always on SDMA resume - mac80211: fix use of skb payload instead of header - cfg80211: regulatory: Fix inconsistent format argument - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() - [s390x] smp: move rcu_cpu_starting() earlier - [x86] tpm_tis: Disable interrupts on ThinkPad T490s - tick/common: Touch watchdog in tick_unfreeze() on all CPUs - [x86] pinctrl: intel: Set default bias in case no particular value given - [armel,armhf] 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template - nbd: fix a block_device refcount leak in nbd_release - xfs: fix flags argument to rmap lookup when converting shared file rmaps - xfs: fix rmap key and record comparison functions - lan743x: fix "BUG: invalid wait context" when setting rx mode - xfs: fix a missing unlock on error in xfs_fs_map_blocks - of/address: Fix of_node memory leak in of_dma_is_coherent - [i386] cosa: Add missing kfree in error path of cosa_write - perf: Fix get_recursion_context() - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() - btrfs: dev-replace: fail mount if we don't have replace item with target device - [x86] thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() - [x86] thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() - uio: Fix use-after-free in uio_unregister_device() - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode - futex: Don't enable IRQs unconditionally in put_pi_state() - ocfs2: initialize ip_next_orphan - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch - selinux: Fix error return code in sel_ib_pkey_sid_slow() - gpio: pcie-idio-24: Fix irq mask when masking - gpio: pcie-idio-24: Fix IRQ Enable Register value - gpio: pcie-idio-24: Enable PEX8311 interrupts - don't dump the threads that had been already exiting when zapped. - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] - pinctrl: amd: use higher precision for 512 RtcClk - pinctrl: amd: fix incorrect way to disable debounce filter - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" - IPv6: Set SIT tunnel hard_header_len to zero - [s390x] net/af_iucv: fix null pointer dereference on shutdown - net: Update window_clamp if SOCK_RCVBUF is set - tipc: fix memory leak in tipc_topsrv_start() - vrf: Fix fast path output packet handling with async Netfilter rules - r8169: fix potential skb double free in an error path - random32: make prandom_u32() output unpredictable - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351) - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" - reboot: fix overflow parsing reboot cpu number - net: sch_generic: fix the missing new qdisc assignment bug - Convert trailing spaces and periods in path components https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159 - [powerpc*] 64s: move some exception handlers out of line - [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788) - [powerpc*] Add a framework for user access tracking - [powerpc*] Implement user_access_begin and friends - [powerpc*] Fix __clear_user() with KUAP enabled - [powerpc*] uaccess: Evaluate macro arguments once, before user access is allowed - [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788) - Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669) - mac80211: always wind down STA state - can: proc: can_remove_proc(): silence remove_proc_entry warning - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation - [arm64] ACPI: GED: fix -Wformat https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160 - ah6: fix error return code in ah6_input() - atm: nicstar: Unmap DMA on send error - bnxt_en: read EEPROM A2h address using page 0 - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() - lan743x: fix issue causing intermittent kernel log warnings - lan743x: prevent entire kernel HANG on open, for some platforms - net: b44: fix error return code in b44_init_one() - net: bridge: add missing counters to ndo_get_stats64 callback - [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 - net: Have netpoll bring-up DSA management interface - net/mlx4_core: Fix init_hca fields offset - page_frag: Recover from memory pressure - qed: fix error return code in qed_iwarp_ll2_start() - qlcnic: fix error return code in qlcnic_83xx_restart_hw() - sctp: change to hold/put transport for proto_unreach_timer - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate - [arm64,armhf] net/mlx5: Disable QoS when min_rates on all VFs are zero - net: usb: qmi_wwan: Set DTR quirk for MR400 - [arm64,armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() - [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T - [arm64] psci: Avoid printing in cpu_psci_cpu_die() - vfs: remove lockdep bogosity in __sb_start_write - [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node - [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node - [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" - [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY - [armhf] dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY - [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY - [mips*] export has_transparent_hugepage() for modules - [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node - perf lock: Don't free "lock_seq_stat" if read_count isn't zero - ip_tunnels: Set tunnel option flag when tunnel metadata is present - can: af_can: prevent potential access of uninitialized member in can_rcv() - can: af_can: prevent potential access of uninitialized member in canfd_rcv() - can: dev: can_restart(): post buffer from the right context - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() - can: peak_usb: fix potential integer overflow on shift of a int - [arm64] ASoC: qcom: lpass-platform: Fix memory leak - [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits - [armhf] regulator: ti-abb: Fix array out of bound read access on the first transition - xfs: revert "xfs: fix rmap key and record comparison functions" - [amd64] efi/x86: Free efi_pgd with free_pages() - libfs: fix error cast of negative value in simple_attr_write() - speakup: Do not let the line discipline be used several times (CVE-2020-28941) - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() - ALSA: usb-audio: Add delay quirk for all Logitech USB devices - ALSA: ctl: fix error path at adding user-defined element set - ALSA: mixart: Fix mutex deadlock - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) - [armhf] tty: serial: imx: keep console clocks always on - [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create() - [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids - ext4: fix bogus warning in ext4_update_dx_flag() - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum - [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode - [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} - regulator: fix memory leak with repeated set_machine_constraints() - regulator: avoid resolve_supply() infinite recursion - regulator: workaround self-referent regulators - mac80211: minstrel: remove deferred sampling code - mac80211: minstrel: fix tx status processing corner case - mac80211: free sta in sta_info_insert_finish() on errors - [s390x] cpum_sf.c: fix file permission for cpum_sfb_size - [s390x] dasd: fix null pointer dereference for ERP requests - ptrace: Set PF_SUPERPRIV when checking capability - seccomp: Set PF_SUPERPRIV when checking capability - [x86] microcode/intel: Check patch signature before saving microcode for early loading - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() [ Salvatore Bonaccorso ] * net: Enable NET_SWITCHDEV; disable on armel/marvell (Closes: #949863) * Bump ABI to 13 * [rt] Update to 4.19.152-rt65 * [rt] Refresh "mm: Protect activate_mm() by preempt_[disable&enable]_rt()" * [rt] Refresh "kthread: convert worker lock to raw spinlock" * [rt] Refresh "signals: Allow rt tasks to cache one sigqueue struct" * [rt] Refresh "tpm_tis: fix stall after iowrite*()s" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again" * [rt] Update to 4.19.152-rt66 - mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() - ptrace: fix ptrace_unfreeze_traced() race with rt-lock * [rt] Update to 4.19.160-rt69 [ Noah Meyerhans ] * Backport upstream fix for PCI bridge firmware configuration preservation (Closes: #968623) [ John L. Villalovos ] * Backport support for USB Host Controllers with local memory to avoid crashes. In particular the Renesas USB 3.0 controller (PD720201/PD720202) which is used on the Ampere's Mt Jade platform which is part of their Altra product line: - lib/genalloc: add gen_pool_dma_zalloc() for zeroed DMA allocations - USB: use genalloc for USB HCs with local memory - USB: drop HCD_LOCAL_MEM flag - usb: don't create dma pools for HCDs with a localmem_pool - usb: add a hcd_uses_dma helper - usb: host: ohci-sm501: init genalloc for local memory - usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() * [arm64] config/arm64/config: Set NODES_SHIFT to 4 [ Yves-Alexis Perez ] * usbnet: ipheth: fix connectivity with iOS 14 -- Salvatore Bonaccorso Thu, 26 Nov 2020 21:23:20 +0100 linux (4.19.152-1) buster-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.147 - [arm64,armhf] dsa: Allow forwarding of redirected IGMP traffic - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed - scsi: qla2xxx: Move rport registration out of internal work_list - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up - net: handle the return value of pskb_carve_frag_list() correctly - [x86] hv_netvsc: Remove "unlikely" from netvsc_select_queue - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: libfc: Fix for double free() - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - [arm64] regulator: pwm: Fix machine constraints application - NFS: Zero-stateid SETATTR should first return delegation - SUNRPC: stop printk reading past end of string - nvme-fc: cancel async events before freeing event struct - nvme-rdma: cancel async events before freeing event struct - f2fs: fix indefinite loop scanning for free nid - f2fs: Return EOF on unaligned end of file DIO read - i2c: algo: pca: Reapply i2c bus settings after reset - spi: Fix memory leak on splited transfers - [arm64,armhf] clk: rockchip: Fix initialization of mux_pll_src_4plls_p - [arm64] ASoC: qcom: Set card->owner to avoid warnings - [x86] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload - fbcon: Fix user font detection test at fbcon_resize(). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - [x86] i2c: i801: Fix resume bug - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" - percpu: fix first chunk size calculation for populated bitmap - Input: trackpoint - add new trackpoint variant IDs - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - [powerpc*] dma: Fix dma_map_ops::get_required_mask https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - mm/thp: fix __split_huge_pmd_locked() for migration PMD - cxgb4: Fix offset when clearing filter byte counters - geneve: add transport ports in route lookup for geneve (CVE-2020-25645) - [x86,ppc64el] hdlc_ppp: add range checks in ppp_cp_parse_cr() (CVE-2020-25643) - ip: fix tos reflection in ack and reset packets - ipv6: avoid lockdep issue in fib6_del() - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc - nfp: use correct define to return NONE fec - tipc: Fix memory leak in tipc_group_create_member() - tipc: fix shutdown() of connection oriented socket - tipc: use skb_unshare() instead in tipc_buf_append() - bnxt_en: return proper error codes in bnxt_show_temp - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. - net: phy: Avoid NPD upon phy_detach() when driver is unbound - net: add __must_check to skb_put_padto() - ipv4: Update exception handling for multipath routes via same device - kbuild: add OBJSIZE variable for the size tool - mm: memcg: fix memcg reclaim soft lockup - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning - tcp_bbr: adapt cwnd based on ack aggregation estimation - serial: 8250: Avoid error message on reprobe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.149 - selinux: allow labeling before policy is loaded - media: mc-device.c: fix memleak in media_device_register_entity - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) - ath10k: fix array out-of-bounds access - ath10k: fix memory leak for tpc_stats_final - mm: fix double page fault on arm64 if PTE_AF is cleared - scsi: aacraid: fix illegal IO beyond last LBA - [x86] gma/gma500: fix a memory disclosure bug due to uninitialized bytes - [armel,armhf] ASoC: kirkwood: fix IRQ error handling - [amd64] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback - [x86] ioapic: Unbreak check_timer() - ALSA: usb-audio: Add delay quirk for H570e USB headsets - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 - lib/string.c: implement stpcpy - [armhf] PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - [x86] scsi: fnic: fix use after free - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce - net: silence data-races on sk_backlog.tail - [armhf] clk/ti/adpll: allocate room for terminating null - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - [x86] tpm_crb: fix fTPM on AMD Zen+ CPUs - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - RDMA/qedr: Fix potential use after free - RDMA/i40iw: Fix potential use after free - fix dget_parent() fastpath race - xfs: fix attr leaf header freemap.size underflow - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' - ubi: Fix producing anchor PEBs - mmc: core: Fix size overflow for mmc partitions - gfs2: clean up iopen glock mess in gfs2_create_inode - scsi: pm80xx: Cleanup command when a reset times out - CIFS: Properly process SMB3 lease breaks - ASoC: max98090: remove msleep in PLL unlocked workaround - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - [arm64,armhf] KVM: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() - xfs: fix log reservation overflows when allocating large rt extents - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - ipv6_route_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - sctp: move trace_sctp_probe_path into sctp_outq_sack - [arm64,x86] ACPI: EC: Reference count query handlers under lock - scsi: ufs: Make ufshcd_add_command_trace() easier to read - scsi: ufs: Fix a race condition in the tracing code - [s390x] /cpum_sf: Use kzalloc and minor changes - [powerpc*] eeh: Only dump stack once if an MMIO loop is detected - Bluetooth: btrtl: Use kvmalloc for FW allocations - [armel,armhf] ARM: 8948/1: Prevent OOB access in stacktrace - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - ceph: ensure we have a new cap before continuing in fill_inode - Bluetooth: Fix refcount use-after-free issue - mm/swapfile.c: swap_next should increase position index - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - KVM: fix overflow of zero page refcount with ksm running - ALSA: hda: Clear RIRB status before reading WP - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - scsi: lpfc: Fix coverity errors in fmdi attribute handling - [armhf] drm/omap: fix possible object reference leak - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup - ALSA: usb-audio: Don't create a mixer element with bogus volume range - [s390x] perf test: Fix test trace+probe_vfs_getname.sh on s390 - RDMA/rxe: Fix configuration of atomic queue pair attributes - [x86] KVM: x86: fix incorrect comparison in trace event - [x86] pkeys: Add check for pkey "overflow" - bpf: Remove recursion prevention from rcu free callback - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions on channel's freeing - random: fix data races at timer_rand_state - [arm64] bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - timekeeping: Prevent 32bit truncation in scale64_check_overflow() - ext4: fix a data race at inode->i_disksize - mm: avoid data corruption on CoW fault into PFN-mapped VMA - drm/amdgpu: increase atombios cmd timeout - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read - scsi: aacraid: Disabling TM path and only processing IOP reset - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - xfs: don't ever return a stale pointer from __xfs_dir3_free_read - xfs: mark dir corrupt when lookup-by-hash fails - ext4: mark block bitmap corrupted when found instead of BUGON - nfsd: Don't add locks to closed or closing open stateids - RDMA/cm: Remove a race freeing timewait_info - [powerpc*] KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones - [arm64] drm/msm: fix leaks if initialization fails - [arm64] drm/msm/a5xx: Always set an OPP supported hardware value - serial: 8250_port: Don't service RX FIFO if throttled - [powerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn - nvme-multipath: do not reset on unknown status - nvme: Fix controller creation races with teardown flow - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices - scsi: hpsa: correct race condition in offload enabled - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - svcrdma: Fix leak of transport addresses - PCI: Use ioremap(), not phys_to_virt() for platform ROM - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - PCI: pciehp: Fix MSI interrupt race - NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() - mm/kmemleak.c: use address-of operator on section symbols - mm/filemap.c: clear page error before actual read - mm/vmscan.c: fix data races using kswapd_classzone_idx - nvmet-rdma: fix double free of rdma queue - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - scsi: qedi: Fix termination timeouts in session logout - [arm64] serial: uartps: Wait for tx_empty in console setup - [x86] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - [x86] drivers: char: tlclk.c: Avoid data race between init and interrupt handler - [arm64] KVM: vgic-its: Fix memory leak on the error path of vgic_add_lpi() - net: openvswitch: use u64 for meter bucket - scsi: aacraid: Fix error handling paths in aac_probe_one() - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion - [arm64] cpufeature: Relax checks for AArch32 support at EL[0-2] - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - tipc: fix memory leak in service subscripting - [armhf] tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - [powerpc*] traps: Make unrecoverable NMIs die instead of panic - fuse: don't check refcount after stealing page - [powerpc*] scsi: cxlflash: Fix error return code in cxlflash_probe() - [arm64] cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register - e1000: Do not perform reset in reset_task if we are already down - drm/nouveau/debugfs: fix runtime pm imbalance on error - drm/nouveau: fix runtime pm imbalance on error - drm/nouveau/dispnv50: fix runtime pm imbalance on error - printk: handle blank console arguments passed in. - [arm64,armhf] usb: dwc3: Increase timeout for CmdAct cleared by device controller - btrfs: don't force read-only after error in drop snapshot - vfio/pci: fix memory leaks of eventfd ctx - perf trace: Fix the selection for architectures to generate the errno name tables - [arm64,armhf] wlcore: fix runtime pm imbalance in wl1271_tx_work - [arm64,armhf] wlcore: fix runtime pm imbalance in wlcore_regdomain_config - [arm64,armhf] PCI: tegra: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mm/swap_state: fix a data race in swapin_nr_pages - [armel] mtd: parser: cmdline: Support MTD names containing one or more colons - [x86] speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - cifs: Fix double add page to memcg when cifs_readpages - nvme: fix possible deadlock when I/O is blocked - scsi: libfc: Handling of extra kref - scsi: libfc: Skip additional kref updating work event - vfio/pci: fix racy on error and request eventfd ctx - btrfs: qgroup: fix data leak caused by race between writeback and truncate - net: openvswitch: use div_u64() for 64-by-32 divisions - nvme: explicitly update mpath disk capacity on revalidation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 - [s390x] init: add missing __init annotations - lockdep: fix order in trace_hardirqs_off_caller() - [amd64] drm/amdkfd: fix a memory leak issue - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() - mwifiex: Increase AES key storage size to 256 bits - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - mac802154: tx: fix use-after-free - bpf: Fix clobbering of r2 in bpf_gen_ld_abs - [arm*] drm/vc4/vc4_hdmi: fill ASoC card owner - net: qed: RDMA personality shouldn't fail VF load - batman-adv: Add missing include for in_interrupt() - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh - bpf: Fix a rcu warning for bpffs map pretty-print - [x86] ALSA: asihpi: fix iounmap in error handler - regmap: fix page selection for noinc reads - [x86] KVM: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE - [x86] KVM: SVM: Add a dedicated INVD intercept routine - tracing: fix double free - [s390x] dasd: Fix zero write for FBA devices - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - mm, THP, swap: fix allocating cluster for swapfile by mistake - [s390x] zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - [arm64] KVM: Assume write fault on S1PTW permission fault on instruction fetch https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.150 - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models - USB: gadget: f_ncm: Fix NDP16 datagram validation - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock - vsock/virtio: stop workers during the .remove() - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() - net: virtio_vsock: Enhance connection semantics - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - ftrace: Move RCU is watching check after recursion check - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices - [armhf] drm/sun4i: mixer: Extend regmap max_register - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() - [x86,ppc64el] drivers/net/wan/hdlc: Set skb->protocol before transmitting - mac80211: do not allow bigger VHT MPDUs than the hardware supports - nvme-fc: fail new connections to a deleted host or remote port - [armhf] pinctrl: mvebu: Fix i2c sda definition for 98DX3236 - nfs: Fix security label length not being reset - [armhf] clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - Input: trackpoint - enable Synaptics trackpoints - random32: Restore __latent_entropy attribute on net_rand_state - mm: replace memmap_context by meminit_context - mm: don't rely on system state to detect hot-plug operations - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.151 - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - drm/nouveau/mem: guard against NULL pointer access in mem_del - usermodehelper: reset umask to default before executing user process - [x86] platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 - [x86] platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - [x86] platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting - [x86] platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - [x86] i2c: i801: Exclude device from suspend direct complete optimization - [armhf] mtd: rawnand: sunxi: Fix the probe error path - nvme-core: put ctrl ref when module ref get fail - macsec: avoid use-after-free in macsec_handle_frame() - mm/khugepaged: fix filemap page_to_pgoff(page) != offset - xfrmi: drop ignore_df check before updating pmtu - cifs: Fix incomplete memory allocation on setxattr path - [arm64,armhf] i2c: meson: fix clock setting overwrite - [arm64,armhf] i2c: meson: fixup rate calculation with filter delay - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - openvswitch: handle DNAT tuple collision - drm/amdgpu: prevent double kfree ttm->sg - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - [arm64,armhf] net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - net: usb: ax88179_178a: fix missing stop entry in driver_info - net/mlx5e: Fix VLAN cleanup flow - net/mlx5e: Fix VLAN create flow - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix some missing _bh annotations on locking conn->state_lock - rxrpc: Fix server keyring leak - perf: Fix task_function_call() error handling - mmc: core: don't set limits.discard_granularity as 0 - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.152 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352) - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (CVE-2020-12351) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - [x86] staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - [arm*] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (Closes: #908712) - [x86] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA [ Salvatore Bonaccorso ] * [rt] Update to 4.19.148-rt64 * Bump ABI to 12 * Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" -- Salvatore Bonaccorso Sun, 18 Oct 2020 10:43:18 +0200 linux (4.19.146-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133 - [s390x] KVM: s390: reduce number of IO pins to 1 - regmap: fix alignment issue - [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group - [arm64,armhf] gpu: host1x: Detach driver on unregister - spi: spidev: fix a race between spidev_release and spidev_remove - spi: spidev: fix a potential use-after-free in spidev_release() - ixgbe: protect ring accesses with READ- and WRITE_ONCE - i40e: protect ring accesses with READ- and WRITE_ONCE - [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel - [x86] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 - cifs: update ctime and mtime during truncate - [armhf] imx6: add missing put_device() call in imx6q_suspend_init() - scsi: mptscsih: Fix read sense data size - [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work - block: release bip in a right way in error path - nvme-rdma: assign completion vector correctly - [x86] entry: Increase entry_stack size to a full page - net: cxgb4: fix return error value in t4_prep_fw - smsc95xx: check return value of smsc95xx_reset - smsc95xx: avoid memory leak in smsc95xx_bind - [arm64] net: hns3: fix use-after-free when doing self test - [x86] ALSA: compress: fix partial_drain completion state - nbd: Fix memory leak in nbd_add_socket - cxgb4: fix all-mask IP address comparison - bnxt_en: fix NULL dereference in case SR-IOV configuration fails - [arm64] net: macb: mark device wake capable when "magic-packet" property present - ALSA: opl3: fix infoleak in opl3 - ALSA: hda - let hs_mic be picked ahead of hp_mic - ALSA: usb-audio: add quirk for MacroSilicon MS2109 - [arm64] KVM: Fix definition of PAGE_HYP_DEVICE - [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART - [x86] KVM: bit 8 of non-leaf PDPEs is not reserved - [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode - [x86] KVM: Mark CR4.TSD as being possibly owned by the guest - kallsyms: Refactor kallsyms_show_value() to take cred - kernel: module: Use struct_size() helper - module: Refactor section attr into bin attribute - module: Do not expose section addresses to non-CAP_SYSLOG - kprobes: Do not expose probe addresses to non-CAP_SYSLOG - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() - btrfs: fix fatal extent_buffer readahead vs releasepage race - drm/radeon: fix double free - dm: use noio when sending kobject event - [s390x] mm: fix huge pte soft dirty copying https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134 - perf: Make perf able to build with latest libbfd - genetlink: remove genl_bind - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg - l2tp: remove skb_dst_set() from l2tp_xmit_skb() - llc: make sure applications use ARPHRD_ETHER - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb - net_sched: fix a memory leak in atm_tc_init() - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure - tcp: make sure listeners don't initialize congestion-control state - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() - tcp: md5: do not send silly options in SYNCOOKIES - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers - tcp: md5: allow changing MD5 keys in all socket states - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356) (Closes: #966846) - cgroup: Fix sock_cgroup_data on big-endian. - sched: consistently handle layer3 header accesses in the presence of VLANs - vlan: consolidate VLAN parsing code and limit max parsing depth - [arm64] drm/msm: fix potential memleak in error branch - [arm64] alternatives: use subsections for replacement sequences - [arm64,x86] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init - gfs2: read-only mounts should grab the sd_freeze_gl glock - [i386] i2c: eg20t: Load module automatically if ID matches - [arm64] alternatives: don't patch up internal branches - [armhf] iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() - [armhf] net: dsa: bcm_sf2: Fix node reference count - of: of_mdio: Correct loop scanning logic - Revert "usb/ohci-platform: Fix a warning when hibernating" - [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume" - Revert "usb/ehci-platform: Set PM runtime as active on resume" - [arm64,armhf] net: sfp: add support for module quirks - [arm64,armhf] net: sfp: add some quirks for GPON modules - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) - mmc: sdhci: do not enable card detect interrupt for gpio cd type - ALSA: usb-audio: Rewrite registration quirk handling - [x86] ACPI: video: Use native backlight on Acer Aspire 5783z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S - [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S - [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked - [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate - [x86] staging: comedi: verify array index is correct before using it - regmap: debugfs: Don't sleep while atomic for fast_io regmaps - [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression - apparmor: ensure that dfa state tables have entries - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode - [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered - [armhf] mtd: rawnand: marvell: Fix probe error path - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings - HID: magicmouse: do not set up autorepeat - HID: quirks: Always poll Obins Anne Pro 2 keyboard - HID: quirks: Ignore Simply Automated UPB PIM - ALSA: line6: Perform sanity check for each URB creation - ALSA: line6: Sync the pending work cancel at disconnection - ALSA: usb-audio: Fix race against the error recovery URB submission - [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform - [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 - [arm*] usb: dwc2: Fix shutdown callback in platform - [arm64,armhf] usb: chipidea: core: add wakeup support for extcon - USB: serial: iuu_phoenix: fix memory corruption - USB: serial: cypress_m8: enable Simply Automated UPB PIM - USB: serial: ch341: add new Product ID for CH340 - USB: serial: option: add GosunCn GM500 series - USB: serial: option: add Quectel EG95 LTE modem - [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - [x86] virt: vbox: Fix guest capabilities mask check - [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial - ovl: inode reference leak in ovl_is_inuse true case. - ovl: relax WARN_ON() when decoding lower directory file handle - ovl: fix unneeded call to ovl_change_flags() - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (CVE-2020-10781) - [x86] mei: bus: don't clean driver pointer - timer: Prevent base->clk from moving backward - timer: Fix wheel index calculation on last level - [mips*] Fix build for LTS kernel caused by backporting lpj adjustment - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute - [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey - [x86] intel_th: pci: Add Jasper Lake CPU support - [x86] intel_th: pci: Add Tiger Lake PCH-H support - [x86] intel_th: pci: Add Emmitsburg PCH support - [x86] intel_th: Fix a NULL dereference when hub driver is not loaded - [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power - [arm64] ptrace: Override SPSR.SS when single-stepping is enabled - [arm64] ptrace: Consistently use pseudo-singlestep exceptions - [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return - sched: Fix unreliable rseq cpu_id for new tasks - sched/fair: handle case of task_h_load() returning 0 - genirq/affinity: Handle affinity setting on inactive interrupts correctly - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - libceph: don't omit recovery_deletes in target_copy() - rxrpc: Fix trace string https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135 - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - fuse: fix weird page warning - [x86] irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - tipc: clean up skb list lock handling on send path - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - ieee802154: fix one possible memleak in adf7242_probe - [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result - [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - qed: suppress "don't support RoCE & iWARP" flooding on HW init - ipvs: fix the connection sync failed in some cases - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: alps: support devices with report id 2 - HID: steam: fixes race in handling device list. - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - [amd64] dmaengine: ioat setting ioat timeout as module parameter - [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - [arm*] binder: Don't use mmput() from shrinker function. - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." (Closes: #966917) - [x86] staging: wlan-ng: properly check endpoint types - [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - mm/memcg: fix refcount error while moving and swapping - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy - io-mapping: indicate mapping failure - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers - [x86] vmlinux.lds: Page-align end of ..page_aligned sections - [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 - dm integrity: fix integrity recalculation that is improperly skipped - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - ath9k: Fix regression with Atheros 9271 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136 - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - rtnetlink: Fix memory(net_device) leak when ->newlink fails - regmap: debugfs: check count when read regmap file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137 - [x86] crypto: ccp - Release all allocated memory if sha type is invalid (CVE-2019-18808) - media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054) - iio: imu: adis16400: fix memory leak (CVE-2019-19061) - [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init (CVE-2019-19067) - tracing: Have error path in predicate_parse() free its allocated memory (CVE-2019-19072) - ath9k_htc: release allocated buffer if timed out (CVE-2019-19073) - ath9k: release allocated buffer if timed out (CVE-2019-19074) - drm/amd/display: prevent memory leak (CVE-2019-19082) - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (CVE-2019-19813, CVE-2019-19816) - sctp: implement memory accounting on tx path (CVE-2019-3874) - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - wireless: Use offsetof instead of custom macro. - [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - xfrm: Fix crash when the hold queue is used. - net/mlx5: Verify Hardware supports requested ptp function on a given pin - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - [arm64] alternatives: move length validation inside the subsection - [arm64] csum: Fix handling of bad packets - Bluetooth: fix kernel oops in store_pending_adv_report - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq - qed: Disable "MFW indication via attention" SPAM every 5 minutes - [amd64] x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - [x86] i8259: Use printk_deferred() to prevent deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138 - random32: update the net random state on interrupt and activity (CVE-2020-16166) - [armel] ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139 - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - [arm*] staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - [arm*] binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling (CVE-2020-14331) - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - [x86] hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c - i40e: Memory leak in i40e_config_iwarp_qvlist https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 - tracepoint: Mark __tracepoint_string's __used - HID: input: Fix devices that return multiple bytes in battery report - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() - [x86] mce/inject: Fix a wrong assignment of i_mce.status - sched/fair: Fix NOHZ next idle balance - sched: correct SD_flags returned by tl->sd_flags() - EDAC: Fix reference count leaks - [x86] platform/x86: intel-hid: Fix return value check in check_acpi_dev() - [x86] platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() - [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - loop: be paranoid on exit and prevent new additions / removals - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/amdgpu: avoid dereferencing a NULL pointer - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - [x86] crypto: aesni - Fix build with LLVM_IAS=1 - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - md-cluster: fix wild pointer of unlock_all_bitmaps() - [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding - [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - drm/radeon: disable AGP by default - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: keep SDIO watchdog running when console_interval is non-zero - brcmfmac: To fix Bss Info flag definition Bug - brcmfmac: set state of hanger slot to FREE when flushing PSQ - iwlegacy: Check the return value of pcie_capability_read_*() - [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting messages simultaneously - usb: gadget: net2280: fix memory leak on probe error handling paths - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - [arm64,x86] ACPICA: Do not increment operation_region reference counts for field units - [arm64] drm/msm: ratelimit crtc event overflow error - [x86] agp/intel: Fix a memory leak on module initialisation failure - ath10k: Acquire tx_lock in tx error paths - [armhf] drm/etnaviv: Fix error path on failure to enable bus clk - [arm64] drm/arm: fix unintentional integer overflow on left shift - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline - [powerpc*] cxl: Fix kobject memleak - drm/radeon: fix array out-of-bounds read and write issues - ipvs: allow connection reuse for unconfirmed conntrack - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork - xfs: fix reflink quota reservation accounting error - RDMA/rxe: Skip dgid check in loopback mode - PCI: Fix pci_cfg_wait queue locking problem - leds: core: Flush scheduled work for system suspend - [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel - [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY - scsi: scsi_debug: Add check for sdebug_max_queue during module init - mwifiex: Prevent memory corruption handling keys - [powerpc*] vdso: Fix vdso cpu truncation - RDMA/qedr: SRQ's bug fixes - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue - [x86] staging: rtl8192u: fix a dubious looking mask before a shift - PCI/ASPM: Add missing newline in sysfs 'policy' - [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature - USB: serial: iuu_phoenix: fix led-activity helpers - usb: core: fix quirks_param_set() writing to a const pointer - [armhf] thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() - [mips*] OCTEON: add missing put_device() call in dwc3_octeon_device_init() - [arm*] usb: dwc2: Fix error path in gadget registration - [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration - RDMA/core: Fix return error value in _ib_modify_qp() to negative - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags - Bluetooth: hci_serdev: Only unregister device if it was registered - [x86] PCI: Release IVRS table in AMD ACS quirk - [s390x] qeth: don't process empty bridge port events - [arm64,armhf] wl1251: fix always return 0 error - [amd64] net: ethernet: aquantia: Fix wrong return value - liquidio: Fix wrong return value in cn23xx_get_pf_num() - dlm: Fix kobject memleak - ocfs2: fix unbalanced locking - [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() - [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task - [amd64] crypto: aesni - add compatibility with IAS - af_packet: TPACKET_V3: fix fill status rwlock imbalance - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - net: refactor bind_bucket fastreuse into helper - net: initialize fastreuse on inet_inherit_port - USB: serial: cp210x: re-enable auto-RTS on open - USB: serial: cp210x: enable usb generic throttle/unthrottle - [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list - [x86] crypto: ccp - Fix use of merged scatterlists - [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified - bitfield.h: don't compile-time validate _val in FIELD_FIT - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - 9p: Fix memory leak in v9fs_mount - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. - NFS: Don't move layouts to plh_return_segs list while in use - NFS: Don't return layout segments that are in use - [arm64] cpufreq: dt: fix oops on armada37xx - include/asm-generic/vmlinux.lds.h: align ro_after_init - spi: spidev: Align buffers for DMA - [x86] irqdomain/treewide: Free firmware node after domain removal - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141 - smb3: warn on confusing error scenario with sec=krb5 - genirq/affinity: Make affinity setting if activated opt-in - [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken - PCI: Add device even if driver attach failed - [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC - [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0 - PCI: Probe bridge window attributes once at enumeration-time - btrfs: free anon block device right after subvolume deletion - btrfs: don't allocate anonymous block device for user invisible roots - btrfs: ref-verify: fix memory leak in add_block_entry - btrfs: don't traverse into the seed devices in show_devname - btrfs: open device without device_list_mutex - btrfs: fix messages after changing compression level by remount - btrfs: only search for left_info if there is no right_info in try_merge_free_space (CVE-2019-19448) - btrfs: fix memory leaks after failure to lookup checksums during inode logging - btrfs: fix return value mixup in btrfs_get_extent - cifs: Fix leak when handling lease break for cached root fid - [powerpc*] Allow 4224 bytes of stack expansion for the signal frame - [powerpc*] Fix circular dependency between percpu.h and mmu.h - [arm64] net: ethernet: stmmac: Disable hardware multicast filter - [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback - net/compat: Add missing sock updates for SCM_RIGHTS - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - bcache: fix overflow in offset_to_stripe() - mac80211: fix misplaced while instead of if - driver core: Avoid binding drivers to dead devices - [mips*] CPU#0 is not hotpluggable - ocfs2: change slot number type s16 to u16 - mm/page_counter.c: fix protection usage propagation - ftrace: Setup correct FTRACE_FL_REGS flags for module - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - tracing/hwlat: Honor the tracing_cpumask - tracing: Use trace_sched_process_free() instead of exit() for pid tracing - [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options - [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option - [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag - [powerpc*] pseries: Fix 64 bit logical memory block panic - module: Correctly truncate sysfs sections output - [armhf] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() - RDMA/ipoib: Return void from ipoib_ib_dev_stop() - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() - [amd64] iommu/vt-d: Enforce PASID devTLB field mask - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport - watchdog: initialize device before misc_register - Input: sentelic - fix error return when fsp_reg_write fails - [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer - [x86] drm/vmwgfx: Fix two list_for_each loop exit tests - [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init - nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212) - fs/minix: set s_maxbytes correctly - fs/minix: fix block limit check for V1 filesystems - fs/minix: remove expected error message in block_to_path() - fs/ufs: avoid potential u32 multiplication overflow - khugepaged: retract_page_tables() remember to test exit - [arm64] dts: marvell: espressobin: add ethernet alias - [x86] drm: Added orientation quirk for ASUS tablet model T103HAF https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142 - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() - perf probe: Fix memory leakage when the probe point is not found - khugepaged: khugepaged_test_exit() check mmget_still_valid() - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() - btrfs: export helpers for subvolume name/id resolution - btrfs: don't show full path of bind mounts in subvol= - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression - btrfs: sysfs: use NOFS for device creation - romfs: fix uninitialized memory leak in romfs_dev_read() - kernel/relay.c: fix memleak on destroy relay channel - mm: include CMA pages in lowmem_reserve at boot - mm, page_alloc: fix core hung in free_pcppages_bulk() - ext4: fix checking of directory entry validity for inline directories - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() - [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers - kthread: Do not preempt current task if it is going to call schedule() - spi: Prevent adding devices below an unregistering controller - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices - [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM - media: budget-core: Improve exception handling in budget_register() - Input: psmouse - add a newline when printing 'proto' by sysfs - svcrdma: Fix another Receive buffer leak - xfs: fix inode quota reservation checks - jffs2: fix UAF problem - ceph: fix use-after-free for fsc->mdsc - [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases - virtio_ring: Avoid loop when vq is broken in virtqueue_poll - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init - fs/signalfd.c: fix inconsistent return codes for signalfd4 - ext4: fix potential negative array index in do_split() (CVE-2020-14314) - ext4: don't allow overlapping system zones - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN - i40e: Fix crash during removing i40e driver - [armhf] net: fec: correct the error path for regulator disable in probe - bonding: show saner speed for broadcast mode - bonding: fix a potential double-unregister - [s390x] runtime_instrumentation: fix storage key handling - [s390x] ptrace: fix storage key handling - [x86] ASoC: intel: Fix memleak in sst_media_open - [amd64,arm64] vfio/type1: Add proper error unwind for vfio_iommu_replay() - [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode - [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode - efi: avoid error message when booting under Xen - afs: Fix NULL deref in afs_dynroot_depopulate() - bonding: fix active-backup failover for current ARP slave - net: ena: Prevent reset after device destruction - [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() - [armhf] net: dsa: b53: check for timeout - [powerpc*] pseries: Do not initiate shutdown when system is running on UPS - efi: add missed destroy_workqueue when efisubsys_init fails - epoll: Keep a reference on files added to the check list - do_epoll_ctl(): clean the failure exits up a bit - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible - xen: don't reschedule in preemption off sections - clk: Evict unregistered clks from parent caches - KVM: Pass MMU notifier range flags to kvm_unmap_hva_range() - [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143 - [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR() - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY - net: Fix potential wrong skb->protocol in skb_vlan_untag() - net/smc: Prevent kernel-infoleak in __smc_diag_dump() - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() - net: ena: Make missed_tx stat incremental - ipvlan: fix device features - [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs - [powerpc*] xive: Ignore kmemleak false positives - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() - blktrace: ensure our debugfs dir exists - scsi: target: tcmu: Fix crash on ARM during cmd completion - [arm*] iommu/iova: Don't BUG on invalid PFNs - [amd64] drm/amdkfd: Fix reference count leaks. - drm/radeon: fix multiple reference count leak - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails - scsi: lpfc: Fix shost refcount mismatch when deleting vport - xfs: Don't allow logging of XFS_ISTALE inodes - f2fs: fix error path in do_recover_data() - PCI: Fix pci_create_slot() reference count leak - rtlwifi: rtl8192cu: Prevent leaking urb - [mips*] vdso: Fix resource leaks in genvdso.c - cec-api: prevent leaking memory through hole in structure - HID: quirks: add NOGET quirk for Logitech GROUP - f2fs: fix use-after-free issue - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit - drm/nouveau: Fix reference count leak in nouveau_connector_detect - btrfs: file: reserve qgroup space after the hole punch range is locked - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() - ceph: fix potential mdsc use-after-free crash - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() - [x86] EDAC/ie31200: Fallback if host bridge device is already initialized - [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value - [arm64] drm/msm/adreno: fix updating ring fence - nvme-fc: Fix wrong return value in __nvme_fc_init_request() - null_blk: fix passing of REQ_FUA flag in null_handle_rq - jbd2: make sure jh have b_transaction set in refile/unfile_buffer - ext4: don't BUG on inconsistent journal feature - ext4: handle read only external journal device - jbd2: abort journal if free a async write error metadata buffer - ext4: handle option set by mount flags correctly - ext4: handle error of ext4_setup_system_zone() on remount - ext4: correctly restore system zone info when remount fails - fs: prevent BUG_ON in submit_bh_wbc() - [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop - scsi: fcoe: Fix I/O path allocation - scsi: ufs: Fix possible infinite loop in ufshcd_hold - scsi: ufs: Improve interrupt handling for shared interrupts - scsi: ufs: Clean up completed request without interrupt notification - scsi: qla2xxx: Check if FW supports MQ before enabling - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" - macvlan: validate setting of multiple remote source MAC addresses - [powerpc*] perf: Fix soft lockups due to missed interrupt accounting - block: loop: set discard granularity and alignment for block device backed loop - [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART - btrfs: reset compression level for lzo on remount - btrfs: fix space cache memory leak after transaction abort - fbcon: prevent user font height or width change from causing potential out-of-bounds access - vt: defer kfree() of vc_screenbuf in vc_do_resize() - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() - [armhf] serial: samsung: Removes the IRQ not found warning - [arm*] serial: pl011: Fix oops on -EPROBE_DEFER - [arm*] serial: pl011: Don't leak amba_ports entry on driver register error - serial: 8250_exar: Fix number of ports for Commtech PCIe cards - serial: 8250: change lock order in serial8250_do_startup() - writeback: Protect inode->i_io_list with inode->i_lock - writeback: Avoid skipping inode writeback - writeback: Fix sync livelock due to b_dirty_time processing - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information. - usb: host: xhci: fix ep context print mismatch in debugfs - xhci: Do warm-reset when both CAS and XDEV_RESUME are set - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed - PM: sleep: core: Fix the handling of pending runtime resume requests - device property: Fix the secondary firmware node handling in set_primary_fwnode() - [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP - drm/amdgpu: Fix buffer overflow in INFO ioctl - USB: yurex: Fix bad gfp argument - USB: quirks: Add no-lpm quirk for another Raydium touchscreen - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D - [armhf] usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() - USB: cdc-acm: rework notification_buffer resizing - btrfs: check the right error variable in btrfs_del_dir_entries_in_log - [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested - [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP - [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests - [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144 - HID: core: Correctly handle ReportSize being zero - HID: core: Sanitize event code and type when mapping input - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range - scsi: target: tcmu: Optimize use of flush_dcache_page - [arm64] drm/msm: add shutdown support for display platform_driver - [x86] hwmon: (applesmc) check status earlier. - nvmet: Disable keep-alive timer when kato is cleared to 0h - [arm64] drm/msm/a6xx: fix gmu start on newer firmware - ceph: don't allow setlease on cephfs - cpuidle: Fixup IRQ state - [s390x] don't trace preemption in percpu macros - xen/xenbus: Fix granting of vmalloc'd memory - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling - batman-adv: Avoid uninitialized chaddr when handling DHCP - batman-adv: bla: use netif_rx_ni when not in interrupt context - [mips*] mm: BMIPS5000 has inclusive physical caches - netfilter: nf_tables: add NFTA_SET_USERDATA if not null - netfilter: nf_tables: incorrect enum nft_list_attributes definition - netfilter: nf_tables: fix destination register zeroing - [arm64] net: hns: Fix memleak in hns_nic_dev_probe - [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is smaller than bus width - gtp: add GTPA_LINK info to msg sent to userspace - bnxt_en: Don't query FW when netif_running() is false. - bnxt_en: Check for zero dir entries in NVRAM. - bnxt_en: Fix PCI AER error recovery flow - bnxt_en: fix HWRM error when querying VF temperature - xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385) - bnxt: don't enable NAPI until rings are ready - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS - nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() - fix regression in "epoll: Keep a reference on files added to the check list" - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files - tg3: Fix soft lockup when tg3_reset_task() fails. - [amd64] x86, fakenuma: Fix invalid starting node ID - [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications - [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 - xfs: don't update mtime on COW faults - btrfs: drop path before adding new uuid tree entry - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (CVE-2020-12888) - btrfs: Remove redundant extent_buffer_get in get_old_root - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind - btrfs: set the lockdep class for log tree extent buffers - uaccess: Add non-pagefault user-space read functions - uaccess: Add non-pagefault user-space write function - btrfs: fix potential deadlock in the search ioctl - net: usb: qmi_wwan: add Telit 0x1050 composition - usb: qmi_wwan: add D-Link DWM-222 A2 device ID - ALSA: ca0106: fix error code handling - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check - [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection - [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO - media: rc: do not access device via sysfs after rc_unregister_device() - media: rc: uevent sysfs file races with rc_unregister_device() - affs: fix basic permission bits to actually work - block: allow for_each_bvec to support zero len bvec - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks - dm writecache: handle DAX to partitions on persistent memory correctly - dm cache metadata: Avoid returning cmd->bm wild pointer on error - dm thin metadata: Avoid returning cmd->bm wild pointer on error - mm: slub: fix conversion of freelist_corrupted() - [arm64] KVM: Add kvm_extable for vaxorcism code - [arm64] KVM: Defer guest entry when an asynchronous exception is pending - [arm64] KVM: Survive synchronous exceptions caused by AT instructions - [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception - vfio/pci: Fix SR-IOV VF handling with MMIO blocking - checkpatch: fix the usage of capture group ( ... ) - mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285) - cfg80211: regulatory: reject invalid hints - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145 - ALSA; firewire-tascam: exclude Tascam FE-8 from detection - block: ensure bdi->io_pages is always initialized - net: usb: dm9601: Add USB ID of Keenetic Plus DSL - sctp: not disable bh in the whole sctp_get_port_local() - tipc: fix shutdown() of connectionless socket - net: disable netpoll on fresh napis - [arm64,armhf] net/mlx5e: Don't support phys switch id if not in switchdev mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146 - RDMA/rxe: Fix memleak in rxe_mem_init_user - RDMA/rxe: Drop pointless checks in rxe_init_ports - [armhf] drm/sun4i: Fix dsi dcs long write function - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - RDMA/core: Fix reported speed and width - [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found valid - [arm64,x86] dmaengine: acpi: Put the CSRT table after using it - netfilter: conntrack: allow sctp hearbeat after connection re-use - [x86] firestream: Fix memleak in fs_open - [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra - xfs: initialize the shortform attr header padding entry - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance - nvme-rdma: serialize controller teardown sequences - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices - [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len - HID: elan: Fix memleak in elan_input_configured - [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled - [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active - [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues. - [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: require only sector size alignment for parent eb bytenr - btrfs: fix lockdep splat in add_missing_dev - btrfs: fix wrong address when faulting in pages in the search ioctl - regulator: push allocation in set_consumer_device_supply() out of lock - scsi: target: iscsi: Fix data digest calculation - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - [arm64] drm/msm: Disable preemption on all 5xx targets - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (CVE-2020-25284) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars - vgacon: remove software scrollback support - fbcon: remove soft scrollback code (CVE-2020-14390) - fbcon: remove now unusued 'softback_lines' cursor() argument - [x86] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - [x86] video: fbdev: fix OOB read in vga_8planes_imageblit() - [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init - usb: core: fix slab-out-of-bounds Read in read_descriptors - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: support dynamic Quectel USB compositions - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies [ Salvatore Bonaccorso ] * Bump ABI to 11 * Drop 'Revert "mips: Add udelay lpj numbers adjustment"' * [rt] Update to 4.19.135-rt60 * [rt] Refresh "net: Use skbufhead with raw lock" for context changes in 4.19.136 * [rt] Refresh "timers: Prepare for full preemption" for context changes in 4.19.138 * [rt] Refresh "timers: Redo the notification of canceling timers on -RT" for context changes in 4.19.138 * [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for context changes in 4.19.141 * Refresh "net: ena: fix crash during ena_remove()" for context changes in 4.19.142 * [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP list #1" for context changes in 4.19.142 * ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) * debian/tests/python: pycodestyle: Increase max-line-length to 100. * gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567) -- Salvatore Bonaccorso Thu, 17 Sep 2020 23:42:03 +0200 linux (4.19.132-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132 - btrfs: fix a block group ref counter leak after failure to remove block group - mm: fix swap cache node allocation mask - [x86] EDAC/amd64: Read back the scrub rate PCI register on F15h - usbnet: smsc95xx: Fix use-after-free after removal - mm/slub.c: fix corrupted freechain in deactivate_slab() - mm/slub: fix stack overruns with SLUB_STATS - [s390x] debug: avoid kernel warning on too large number of pages - nvme-multipath: set bdi capabilities once - nvme-multipath: fix deadlock between ana_work and scan_work - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() - [arm64] drm/msm/dpu: fix error return code in dpu_encoder_init - cxgb4: use unaligned conversion for fetching timestamp - cxgb4: parse TC-U32 key values and masks natively - cxgb4: use correct type for all-mask IP address comparison - cxgb4: fix SGE queue dump destination buffer context - [x86] hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() - [arm64,armhf] drm: sun4i: hdmi: Remove extra HPD polling - virtio-blk: free vblk-vqs in error path of virtblk_probe() - SMB3: Honor 'posix' flag for multiuser mounts - nvme: fix a crash in nvme_mpath_add_disk - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 - Revert "ALSA: usb-audio: Improve frames size computation" - SMB3: Honor 'seal' flag for multiuser mounts - SMB3: Honor persistent/resilient handle flags for multiuser mounts - SMB3: Honor lease disabling for multiuser mounts - cifs: Fix the target file was deleted when rename failed. - [mips*] Add missing EHB in mtc0 -> mfc0 sequence for DSPen - [arm64,armhf] irqchip/gic: Atomically update affinity - dm zoned: assign max_io_len correctly - efi: Make it possible to disable efivar_ssdt entirely [ Salvatore Bonaccorso ] * [rt] Update to 4.19.132-rt59 * Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" (Closes: #964153, #964480) * efi: Restrict efivar_ssdt_load when the kernel is locked down (CVE-2019-20908) * certs: Rotate to use the Debian Secure Boot Signer 2020 certificate * e1000e: Add support for Comet Lake (Closes: #965365) -- Salvatore Bonaccorso Fri, 24 Jul 2020 20:46:18 +0200 linux (4.19.131-2) buster; urgency=medium [ Aurelien Jarno ] * Revert "mips: Add udelay lpj numbers adjustment", since it causes the build to fail with CONFIG_CPU_FREQ=y. -- Salvatore Bonaccorso Sat, 11 Jul 2020 15:44:13 +0200 linux (4.19.131-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119 - ext4: fix extent_status fragmentation for plain files - [arm64] drm/msm: Use the correct dma_sync calls harder - vti4: removed duplicate log message. - [arm64] Add part number for Neoverse N1 - [arm64] errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 - [arm64] Fake the IminLine size on systems affected by Neoverse-N1 #1542419 - [arm64] compat: Workaround Neoverse-N1 #1542419 for compat user-space - watchdog: reset last_hw_keepalive time at start - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG - ceph: return ceph_mdsc_do_request() errors from __get_parent() - ceph: don't skip updating wanted caps when cap is stale - scsi: iscsi: Report unbind session event when the target has been removed - [x86] ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() - nvme: fix deadlock caused by ANA update wrong locking - ipc/util.c: sysvipc_find_ipc() should increase position index - [s390x] cio: avoid duplicated 'ADD' uevents - loop: Better discard support for block devices - [powerpc*] Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled" - [arm*] pwm: bcm2835: Dynamically allocate base - perf/core: Disable page faults when getting phys address - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet - xhci: Ensure link state is U3 after setting USB_SS_PORT_LS_U3 - virtio-blk: improve virtqueue error to BLK_STS - scsi: smartpqi: fix call trace in device discovery - PCI/ASPM: Allow re-enabling Clock PM - [x86] KVM: VMX: Zero out *all* general purpose registers after VM-Exit - cxgb4: fix adapter crash due to wrong MC size - cxgb4: fix large delays in PTP synchronization - ipv6: fix restrict IPV6_ADDRFORM operation - macsec: avoid to set wrong mtu - macvlan: fix null dereference in macvlan_device_event() - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node - [arm64,armhf] net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array - sched: etf: do not assume all sockets are full blown - tcp: cache line align MAX_TCP_HEADER - team: fix hang in team_mode_get() - vrf: Fix IPv6 with qdisc and xfrm - [armhf] net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled - [armhf] net: dsa: b53: Fix ARL register definitions - [armhf] net: dsa: b53: Rework ARL bin logic - [armhf] net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish - vrf: Check skb for XFRM_TRANSFORMED flag - KEYS: Avoid false positive ENOMEM error on key read - ALSA: hda: Remove ASUS ROG Zenith from the blacklist - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos - ALSA: usb-audio: Add connector notifier delegation - [armhf] iio: st_sensors: rely on odr mask to know if odr can be set - USB: sisusbvga: Change port variable from signed to unsigned - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE - USB: early: Handle AMD's spec-compliant identifiers, too - USB: hub: Fix handling of connect changes during sleep - vmalloc: fix remap_vmalloc_range() bounds checks - mm/hugetlb: fix a addressing exception caused by huge_pte_offset - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled - ALSA: hda/realtek - Fix unexpected init_amp override - ALSA: hda/realtek - Add new codec supported for ALC245 - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices - tpm/tpm_tis: Free IRQ if probing fails - [s390x] KVM: Return last valid slot if approx index is out-of-bounds - KVM: Check validity of resolved slot when searching memslots - [x86] KVM: VMX: Enable machine check support for 32bit targets - tty: hvc: fix buffer overflow during hvc_alloc(). - [x86] tty: rocket, avoid OOB access - usb-storage: Add unusual_devs entry for JMicron JMS566 - audit: check the length of userspace generated audit records - ASoC: dapm: fixup dapm kcontrol widget - iwlwifi: pcie: actually release queue memory in TVQM - iwlwifi: mvm: beacon statistics shouldn't go backwards - [armel,armhf] ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y - [powerpc*] setup_64: Set cache-line-size based on cache-block-size - [i386] staging: comedi: dt2815: fix writing hi byte of analog output - [x86] staging: comedi: Fix comedi_device refcnt leak in comedi_open - vt: don't hardcode the mem allocation upper bound - vt: don't use kmalloc() for the unicode screen buffer - [x86] staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default. - [x86] staging: vt6656: Fix calling conditions of vnt_set_bss_mode - [x86] staging: vt6656: Fix drivers TBTT timing counter. - [x86] staging: vt6656: Fix pairwise key entry save. - [x86] staging: vt6656: Power save stop wake_up_count wrap around. - cdc-acm: close race betrween suspend() and acm_softint - cdc-acm: introduce a cool down - UAS: no use logging any details in case of ENODEV - UAS: fix deadlock in error handling and PM flushing work - [arm64,armhf] usb: dwc3: gadget: Fix request completion check - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() - xhci: prevent bus suspend if a roothub port detected a over-current condition - xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.120 - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer - [arm*] binder: take read mode of mmap_sem in binder_alloc_free_page() - [arm64,armhf] usb: dwc3: gadget: Do link recovery for SS and SSP - nfsd: memory corruption in nfsd4_lock() - rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket - net/cxgb4: Check the return from t4_query_params properly - xfs: acquire superblock freeze protection on eofblocks scans - svcrdma: Fix trace point use-after-free race - svcrdma: Fix leak of svc_rdma_recv_ctxt objects - PCI: Avoid ASMedia XHCI USB PME# from D0 defect - [s390x] net/mlx5: Fix failing fw tracer allocation on s390 - perf/core: fix parent pid/tid in task exit events - [i386] bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension - mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path - xfs: clear PF_MEMALLOC before exiting xfsaild thread - [x86] bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B - [armhf] net: fec: set GPR bit on suspend by DT configuration. - [x86] hyperv: report value of misc_features - xfs: fix partially uninitialized structure in xfs_reflink_remap_extent - ALSA: hda: Keep the controller initialization even if no codecs found - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported - scsi: target: fix PR IN / READ FULL STATUS for FC - scsi: target: tcmu: reset_ring should reset TCMU_DEV_BIT_BROKEN - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status - ALSA: hda: call runtime_allow() for all hda controllers - [arm64] Delete the space separator in __emit_inst - ext4: use matching invalidatepage in ext4_writepage - ext4: increase wait time needed before reuse of deleted inode numbers - ext4: convert BUG_ON's to WARN_ON's in mballoc.c - hwmon: (jc42) Fix name to have no illegal characters - [i386] bpf, x86_32: Fix clobbering of dst for BPF_JSET - qed: Fix use after free in qed_chain_free - ext4: check for non-zero journal inum in ext4_calculate_overhead https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.121 - drm/edid: Fix off-by-one in DispID DTD pixel clock - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() - drm/qxl: qxl_release use after free - btrfs: fix block group leak when removing fails - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID - ALSA: hda/hdmi: fix without unlocked before return - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (Closes: #960493) - PM: ACPI: Output correct message on target power state - PM: hibernate: Freeze kernel threads in software_resume() - dm writecache: fix data corruption when reloading the target - dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath - scsi: qla2xxx: set UNLOADING before waiting for session deletion - scsi: qla2xxx: check UNLOADING before posting async work - RDMA/mlx5: Set GRH fields in query QP on RoCE - RDMA/mlx4: Initialize ib_spec on the stack - RDMA/core: Prevent mixed use of FDs between shared ufiles - RDMA/core: Fix race between destroy and release FD object - [amd64,arm64] vfio: avoid possible overflow in vfio_iommu_type1_pin_pages - [amd64,arm64] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() - [arm64] iommu/qcom: Fix local_base status check - scsi: target/iblock: fix WRITE SAME zeroing - [amd64] iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl - btrfs: fix partial loss of prealloc extent past i_size after fsync - btrfs: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop - [arm64] mmc: sdhci-xenon: fix annoying 1.8V regulator warning - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers - [arm64] mmc: sdhci-msm: Enable host capabilities pertains to R1b response - [armhf] mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY - [armhf] mmc: meson-mx-sdio: remove the broken ->card_busy() op https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.122 - vhost: vsock: kick send_pkt worker once device is started - [powerpc*] pci/of: Parse unassigned resources - [x86] ASoC: topology: Check return value of pcm_new_ver - [armhf] ASoC: sgtl5000: Fix VAG power-on handling - [arm64,armhf] usb: dwc3: gadget: Properly set maxpacket limit - [x86] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry - wimax/i2400m: Fix potential urb refcnt leak - [armhf] net: stmmac: fix enabling socfpga's ptp_ref_clock - [armhf] net: stmmac: Fix sub-second increment - cifs: protect updating server->dstaddr with a spinlock - [s390x] ftrace: fix potential crashes when switching tracers - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event - lib: devres: add a helper function for ioremap_uc - [x86] mfd: intel-lpss: Use devm_ioremap_uc for MMIO - ALSA: hda: Match both PCI ID and SSID for driver blacklist - [x86] platform: GPD pocket fan: Fix error message when temp-limits are out of range - mac80211: add ieee80211_is_any_nullfunc() - cgroup, netclassid: remove double cond_resched - drm/atomic: Take the atomic toys away from X https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.123 - USB: serial: qcserial: Add DW5816e support - tracing/kprobes: Fix a double initialization typo - vt: fix unicode console freeing with a common interface - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks - net: macsec: preserve ingress frame ordering - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() - net_sched: sch_skbprio: add message validation to skbprio_change() - net: usb: qmi_wwan: add support for DW5816e - sch_choke: avoid potential panic in choke_reset() - sch_sfq: validate silly quantum values - tipc: fix partial topology connection closure - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). - net/mlx5: Fix forced completion access non initialized command entry - net/mlx5: Fix command entry leak in Internal Error State - bnxt_en: Improve AER slot reset. - bnxt_en: Fix VF anti-spoof filter setup. - net: stricter validation of untrusted gso packets - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices - sctp: Fix bundling of SHUTDOWN with COOKIE-ACK - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() - USB: uas: add quirk for LaCie 2Big Quadra - USB: serial: garmin_gps: add sanity checking for data length - tracing: Add a vmalloc_sync_mappings() for safe measure - [arm64,armhf] KVM: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER - [arm64] KVM: Fix 32bit PC wrap-around - [arm64] hugetlb: avoid potential NULL dereference - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() - [x86] KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs - [x86] KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob - batman-adv: fix batadv_nc_random_weight_tq - batman-adv: Fix refcnt leak in batadv_show_throughput_override - batman-adv: Fix refcnt leak in batadv_store_throughput_override - batman-adv: Fix refcnt leak in batadv_v_ogm_process - [amd64] x86/entry/64: Fix unwind hints in register clearing code - [amd64] x86/entry/64: Fix unwind hints in kernel exit path - [amd64] x86/entry/64: Fix unwind hints in rewind_stack_do_exit() - [amd64] x86/unwind/orc: Don't skip the first frame for inactive tasks - [amd64] x86/unwind/orc: Prevent unwinding before ORC initialization - [amd64] x86/unwind/orc: Fix error path for bad ORC entry type - [amd64] x86/unwind/orc: Fix premature unwind stoppage due to IRET frames - netfilter: nat: never update the UDP checksum when it's 0 - netfilter: nf_osf: avoid passing pointer to local var - scripts/decodecode: fix trapping instruction formatting - ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.124 - [arm64,armhf] net: dsa: Do not make user port errors fatal - shmem: fix possible deadlocks on shmlock_user_lock - virtio-blk: handle block_device_operations callbacks after hot unplug - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040 - net: fix a potential recursive NETDEV_FEAT_CHANGE - net: phy: fix aneg restart in phy_ethtool_set_eee - pppoe: only process PADT targeted at local interfaces - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" - tcp: fix error recovery in tcp_zerocopy_receive() - virtio_net: fix lockdep warning on 32 bit - [x86,arm64] hinic: fix a bug of ndo_stop - net: ipv4: really enforce backoff for redirects - netprio_cgroup: Fix unlimited memory leak of v2 cgroups - net: tcp: fix rx timestamp behavior for tcp_recvmsg - tcp: fix SO_RCVLOWAT hangs with fat skbs - [i386] dmaengine: pch_dma.c: Avoid data race between probe and irq handler - [x86] cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once - ALSA: hda/hdmi: fix race in monitor detection during probe - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse - gfs2: Another gfs2_walk_metadata fix - [x86] pinctrl: baytrail: Enable pin configuration setting for GPIO chip - [x86] pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler - i40iw: Fix error handling in i40iw_manage_arp_cache() - mmc: core: Check request type before completing the request - mmc: block: Fix request completion in the CQE timeout path - NFS: Fix fscache super_cookie index_key from changing after umount - nfs: fscache: use timespec64 in inode auxdata - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included - [arm64] fix the flush_icache_range arguments in machine_kexec - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() - IB/mlx4: Test return value of calls to ib_get_cached_pkey - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B - [arm64,armhf] usb: host: xhci-plat: keep runtime active when removing host - usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list - cifs: fix leaked reference on requeued write - exec: Move would_dump into flush_old_exec - [arm64,armhf] clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks - [arm64,armhf] dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() - Revert "ALSA: hda/realtek: Fix pop noise on ALC225" - clk: Unlink clock if failed to prepare or enable - [arm64] dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards - [x86] KVM: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.125 - i2c: dev: Fix the race between the release of i2c_dev and cdev - fix multiplication overflow in copy_fdtable() - ubifs: remove broken lazytime support - [amd64] iommu/amd: Fix over-read of ACPI UID from IVRS table - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file - HID: multitouch: add eGalaxTouch P80H84 support - HID: alps: Add AUI1657 device ID - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV - scsi: qla2xxx: Delete all sessions before unregister local nvme port - configfs: fix config_item refcnt leak in configfs_rmdir() - vhost/vsock: fix packet delivery order to monitoring devices - [amd64] aquantia: Fix the media type of AQC100 ethernet controller in the driver - component: Silence bind error on -EPROBE_DEFER - [ppc64el] scsi: ibmvscsi: Fix WARN_ON during event pool release - HID: i2c-hid: reset Synaptics SYNA2393 on resume - [x86] apic: Move TSC deadline timer debug printk - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock - ceph: fix double unlock in handle_cap_export() - [arm64,armhf] stmmac: fix pointer check after utilization in stmmac_interrupt - USB: core: Fix misleading driver bug report - [x86] platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA - padata: Replace delayed timer with immediate workqueue in padata_reorder - padata: initialize pd->cpu with effective cpumask - padata: purge get_cpu and reorder_via_wq from padata_do_serial - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option - ALSA: pcm: fix incorrect hw_base increase - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme - ALSA: hda/realtek - Add more fixup entries for Clevo machines - [armhf] drm/etnaviv: fix perfmon domain interation - apparmor: Fix use-after-free in aa_audit_rule_init - apparmor: fix potential label refcnt leak in aa_change_profile - apparmor: Fix aa_label refcnt leak in policy_update - [arm64] dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' - [powerpc*] Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE - [powerpc*] 64s: Disable STRICT_KERNEL_RWX - [amd64,arm64] nfit: Add Hyper-V NVDIMM DSM command set to white list - [x86,arm64] libnvdimm/btt: Remove unnecessary code in btt_freelist_init - [x86,arm64] libnvdimm/btt: Fix LBA masking during 'free list' population - [x86] thunderbolt: Drop duplicated get_switch_at_route() - cxgb4: free mac_hlist properly - cxgb4/cxgb4vf: Fix mac_hlist initialization and free - brcmfmac: abort and release host after error - Revert "gfs2: Don't demote a glock until its revokes are written" - misc: rtsx: Add short delay after exit from ASPM - [x86] mei: release me_cl object reference - rxrpc: Fix a memory leak in rxkad_verify_response() - rxrpc: Trace discarded ACKs - rxrpc: Fix ack discard https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.126 - ax25: fix setsockopt(SO_BINDTODEVICE) - __netif_receive_skb_core: pass skb by reference - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* - net: ipip: fix wrong address family in init error path - net/mlx5: Add command entry handling completion - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" - net sched: fix reporting the first-time use timestamp - r8152: support additional Microsoft Surface Ethernet Adapter variant - sctp: Don't add the shutdown timer if its already been added - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed - net/mlx5e: Update netdev txq on completions during closure - net/mlx5: Annotate mutex destroy for root ns - net: sun: fix missing release regions in cas_init_one(). - net/mlx4_core: fix a memory leak bug. - [armhf] dts: rockchip: fix phy nodename for rk3228-evb - [arm64] dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts - [arm64,armhf] gpio: tegra: mask GPIO IRQs during IRQ shutdown - ALSA: usb-audio: add mapping for ASRock TRX40 Creator - gfs2: move privileged user check to gfs2_quota_lock_check - cachefiles: Fix race between read_waiter and read_copier involving op->to_do - [arm64] usb: dwc3: pci: Enable extcon driver for Intel Merrifield - usb: gadget: legacy: fix redundant initialization warnings - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() - cifs: Fix null pointer check in cifs_read - Input: usbtouchscreen - add support for BonXeon TP - Input: evdev - call input_flush_device() on release(), not flush() - Input: xpad - add custom init packet for Xbox One S controllers - Input: i8042 - add ThinkPad S230u to i8042 reset list - Input: synaptics-rmi4 - really fix attn_data use-after-free - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() - [armel,armhf] 8970/1: decompressor: increase tag size - [arm*] 8843/1: use unified assembler in headers - gpio: exar: Fix bad handling for ida_simple_get error path - IB/qib: Call kobject_put() when kobject_init_and_add() fails - [armhf] dts/imx6q-bx50v3: Set display interface clock parents - [armel,armhf] dts: bcm2835-rpi-zero-w: Fix led polarity - mmc: block: Fix use-after-free issue for rpmb - ALSA: hwdep: fix a left shifting 1 by 31 UB bug - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC - exec: Always set cap_ambient in cap_bprm_set_creds - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio - ALSA: hda/realtek - Add new codec supported for ALC287 - libceph: ignore pool overlay and cache logic on redirects - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() - include/asm-generic/topology.h: guard cpumask_of_node() macro argument - iommu: Fix reference count leak in iommu_group_alloc. - mmc: core: Fix recursive locking issue in CQE recovery path - RDMA/core: Fix double destruction of uobject - mac80211: mesh: fix discovery timer re-arming issue / crash - [x86] dma: Fix max PFN arithmetic overflow on 32 bit systems - [x86] copy_xstate_to_kernel(): don't leave parts of destination uninitialized - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output - xfrm interface: fix oops when deleting a x-netns interface - xfrm: fix a warning in xfrm_policy_insert_list - xfrm: fix a NULL-ptr deref in xfrm_local_error - xfrm: fix error in comment - vti4: eliminated some duplicate code. - ip_vti: receive ipip packet by calling ip_tunnel_rcv - netfilter: nft_reject_bridge: enable reject with bridge vlan - netfilter: ipset: Fix subcounter update skip - netfilter: nfnetlink_cthelper: unbreak userspace helper support - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code - esp6: get the right proto for transport mode in esp6_gso_encap - bnxt_en: Fix accumulation of bp->net_stats_prev. - xsk: Add overflow check for u64 division, stored into u32 - qlcnic: fix missing release in qlcnic_83xx_interrupt_test. - bonding: Fix reference count leak in bond_sysfs_slave_add. - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build - mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.127 - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" - libnvdimm: Fix endian conversion issues  - HID: sony: Fix for broken buttons on DS3 USB dongles - HID: i2c-hid: add Schneider SCL142ALM to descriptor override - p54usb: add AirVasT USB stick device-id - mmc: fix compilation of user API - scsi: ufs: Release clock if DMA map fails - airo: Fix read overflows sending packets - [x86] drm/i915: fix port checks for MST support on gen >= 11 - [arm64] scsi: hisi_sas: Check sas_port before using it - [powerpc*] powernv: Avoid re-registration of imc debugfs directory - [s390x] ftrace: save traced function caller - drm/edid: Add Oculus Rift S to non-desktop list - [s390x] mm: fix set_huge_pte_at() for empty ptes - null_blk: return error for invalid zone size - [arm64] net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x - [arm64,armhf] net: smsc911x: Fix runtime PM imbalance on error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.128 - devinet: fix memleak in inetdev_init() - l2tp: add sk_family checks to l2tp_validate_socket - l2tp: do not use inet_hash()/inet_unhash() - net: usb: qmi_wwan: add Telit LE910C1-EUX composition - vsock: fix timeout in vsock_accept() - net: check untrusted gso_size at kernel entry - USB: serial: qcserial: add DW5816e QDL support - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors - USB: serial: option: add Telit LE910C1-EUX compositions - [arm64,armhf] usb: musb: start session in resume for host port - [arm64,armhf] usb: musb: Fix runtime PM imbalance on error - vt: keyboard: avoid signed integer overflow in k_ascii (CVE-2020-13974) - tty: hvc_console, fix crashes on parallel open/close - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - [arm64] nvmem: qfprom: remove incorrect write support - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned - Revert "net/mlx5: Annotate mutex destroy for root ns" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.129 - ipv6: fix IPV6_ADDRFORM operation logic - net_failover: fixed rollback in net_failover_open() - bridge: Avoid infinite loop when suppressing NS messages with invalid options - vxlan: Avoid infinite loop when suppressing NS messages with invalid options - tun: correct header offsets in napi frags mode - make 'user_access_begin()' do 'access_ok()' (CVE-2018-20669) - [x86] uaccess: Inhibit speculation past access_ok() in user_access_begin() - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() - btrfs: merge btrfs_find_device and find_device (CVE-2019-18885) - btrfs: Detect unbalanced tree with empty leaf before crashing btree operations - [armel,armhf] 8977/1: ptrace: Fix mask for thumb breakpoint hook - sched/fair: Don't NUMA balance for kthreads - Input: synaptics - add a second working PNP_ID for Lenovo T470s - [powerpc*] xive: Clear the page tables for the ESB IO mapping - ath9k_htc: Silence undersized packet warnings - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated - [x86] cpu/amd: Make erratum #1054 a legacy erratum - perf probe: Accept the instance number of kretprobe event - mm: add kvfree_sensitive() for freeing sensitive data objects - aio: fix async fsync creds - btrfs: tree-checker: Check level for leaves and nodes - [x86] Fix jiffies ODR violation - [x86] PCI: Mark Intel C620 MROMs as having non-compliant BARs - [x86] speculation: Prevent rogue cross-process SSBD shutdown (CVE-2020-10766) - [x86] reboot/quirks: Add MacBook6,1 reboot quirk - efi/efivars: Add missing kobject_put() in sysfs entry creation error path - [i386] ALSA: es1688: Add the missed snd_card_free() - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines - ALSA: usb-audio: Fix inconsistent card PM state after resume - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock - [arm64,x86] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() - [amd64,arm64] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() - [arm64] ACPI: GED: add support for _Exx / _Lxx handler methods - [arm64,x86] ACPI: PM: Avoid using power resources if there are none for D0 - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() - [arm*] spi: bcm2835aux: Fix controller unregister order - PM: runtime: clk: Fix clk_pm_runtime_get() error path - [arm64] crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated - ALSA: pcm: disallow linking stream to itself - [x86] {mce,mm}: Unmap the entire page if the whole page is affected and poisoned - [x86] KVM: Fix APIC page invalidation race - [x86] kvm: Fix L1TF mitigation for shadow MMU - [x86] KVM: x86/mmu: Consolidate "is MMIO SPTE" code - [x86] KVM: only do L1TF workaround on affected processors - [x86] speculation: Change misspelled STIPB to STIBP - [x86] speculation: Add support for STIBP always-on preferred mode - [x86] speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (CVE-2020-10767) - [x86] speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. (CVE-2020-10768) - spi: No need to assign dummy value in spi_unregister_controller() - spi: Fix controller unregister order - [amd64] spi: pxa2xx: Fix controller unregister order - [arm*] spi: bcm2835: Fix controller unregister order - [amd64] spi: pxa2xx: Balance runtime PM enable/disable on error - [amd64] spi: pxa2xx: Fix runtime PM ref imbalance on probe error - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() - ovl: initialize error in ovl_copy_xattr - proc: Use new_inode not new_inode_pseudo - [x86] KVM: nSVM: fix condition for filtering async PF - [x86] KVM: nSVM: leave ASID aside in copy_vmcb_control_area - [x86] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit - [arm64] KVM: Make vcpu_cp1x() work on Big Endian hosts - scsi: megaraid_sas: TM command refire leads to controller firmware crash - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - mm/slub: fix a memory leak in sysfs_slab_add() - fat: don't allow to mount if the FAT length == 0 - perf: Add cond_resched() to task_function_call() - [x86] agp/intel: Reinforce the barrier after GTT updates - [arm64] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() - xen/pvcalls-back: test for errors when calling backend_connect() - [arm64] KVM: Synchronize sysreg state on injecting an AArch32 exception - [arm64] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling - [arm64] drm: bridge: adv7511: Extend list of audio sample rates - [x86] crypto: ccp -- don't "select" CONFIG_DMADEVICES - media: si2157: Better check for running tuner in init - [amd64] spi: pxa2xx: Apply CS clk quirk to BXT - [amd64] net: atlantic: make hw_get_regs optional - net: ena: fix error returning in ena_com_get_hash_function() - [arm64] insn: Fix two bugs in encoding 32-bit logical immediates - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K - Bluetooth: Add SCO fallback for invalid LMP parameters error - [armhf] clocksource: dw_apb_timer: Make CPU-affiliation being optional - [armhf] clocksource: dw_apb_timer_of: Fix missing clockevent timers - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" - [armhf] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error - [x86] kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit - [x86] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() - brcmfmac: fix wrong location to get firmware feature - e1000: Distribute switch variables for initialization - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage - audit: fix a net reference leak in audit_send_reply() - media: dvb: return -EREMOTEIO on i2c transfer failure. - [mips*] Make sparse_init() using top-down allocation - Bluetooth: btbcm: Add 2 missing models to subver tables - audit: fix a net reference leak in audit_list_rules_send() - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported - exit: Move preemption fixup up, move blocking operations down - sched/core: Fix illegal RCU from offline CPUs - drivers/perf: hisi: Fix typo in events attribute array - [armhf] net: allwinner: Fix use correct return type for ndo_start_xmit() - xfs: clean up the error handling in xfs_swap_extents - Crypto/chcr: fix for ccm(aes) failed test - [mips*] cm: Fix an invalid error code of INTVN_*_ERR - xfs: reset buffer write failure state on successful completion - xfs: fix duplicate verification from xfs_qm_dqflush() - [x86] platform/x86: intel-vbtn: Use acpi_evaluate_integer() - [x86] platform/x86: intel-vbtn: Split keymap into buttons and switches parts - [x86] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there - [x86] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types - nvme: refine the Qemu Identify CNS quirk - ath10k: Remove msdu from idr when management pkt send fails - [arm64] wcn36xx: Fix error handling path in 'wcn36xx_probe()' - net: qed*: Reduce RX and TX default ring count when running inside kdump kernel - mt76: avoid rx reorder buffer overflow - md: don't flush workqueue unconditionally in md_open - veth: Adjust hard_start offset on redirect XDP frames - net/mlx5e: IPoIB, Drop multicast packets that this interface sent - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() - mwifiex: Fix memory corruption in dump_station - [x86] boot: Correct relocation destination on old linkers - [x86] mm: Stop printing BRK addresses - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup - macvlan: Skip loopback packets in RX handler - PCI: Don't disable decoding when mmio_always_on is set - [mips*] Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() - bcache: fix refcount underflow in bcache_device_free() - [arm64] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core - ixgbe: fix signed-integer-overflow warning - [armhf] mmc: sdhci-esdhc-imx: fix the mask for tuning start point - cpuidle: Fix three reference count leaks - [x86] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() - [x86] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) - [x86] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type - btrfs: include non-missing as a qualifier for the latest_bdev - btrfs: send: emit file capabilities after chown - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() - mm: initialize deferred pages with interrupts enabled - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max - ext4: fix error pointer dereference - ext4: fix race between ext4_sync_parent() and rename() - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 - PCI: Avoid FLR for AMD Starship USB 3.0 - PCI: Add ACS quirk for iProc PAXB - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints - PCI: Remove unused NFP32xx IDs - [x86] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs - [x86] amd_nb: Add PCI device IDs for family 17h, model 30h - PCI: add USR vendor id and use it in r8169 and w6692 driver - PCI: Move Synopsys HAPS platform device IDs - PCI: Move Rohm Vendor ID to generic list - misc: pci_endpoint_test: Add the layerscape EP device support - misc: pci_endpoint_test: Add support to test PCI EP in AM654x - PCI: Add Synopsys endpoint EDDA Device ID - PCI: Add NVIDIA GPU multi-function power dependencies - PCI: Enable NVIDIA HDA controllers - [x86] amd_nb: Add PCI device IDs for family 17h, model 70h - ALSA: lx6464es - add support for LX6464ESe pci express variant - PCI: Add Genesys Logic, Inc. Vendor ID - PCI: Add Amazon's Annapurna Labs vendor ID - PCI: vmd: Add device id for VMD device 8086:9A0B - [x86] amd_nb: Add Family 19h PCI IDs - PCI: Add Loongson vendor ID - serial: 8250_pci: Move Pericom IDs to pci_ids.h - PCI: Make ACS quirk implementations more uniform - PCI: Unify ACS quirk desired vs provided checking - PCI: Generalize multi-function power dependency device links - btrfs: fix error handling when submitting direct I/O bio - btrfs: fix wrong file range cleanup after an error filling dealloc range - PCI: Program MPS for RCiEP devices - e1000e: Disable TSO for buffer overrun workaround - e1000e: Relax condition to trigger reset for ME workaround - carl9170: remove P2P_GO support - media: go7007: fix a miss of snd_card_free (CVE-2019-20810) - Bluetooth: hci_bcm: fix freeing not-requested IRQ - b43legacy: Fix case where channel status is corrupted - b43: Fix connection problem with WPA3 - b43_legacy: Fix connection problem with WPA3 - igb: Report speed and duplex as unknown when device is runtime suspended - [arm64,armhf] power: vexpress: add suppress_bind_attrs to true - [armhf] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 - [armhf] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs - gnss: sirf: fix error return code in sirf_probe() - dm crypt: avoid truncating the logical block size - kernel/cpu_pm: Fix uninitted local in cpu_pm - [armhf] tegra: Correct PL310 Auxiliary Control Register initialization - [powerpc*] 64s: Don't let DT CPU features set FSCR_DSCR - [powerpc*] 64s: Save FSCR to init_task.thread.fscr after feature init - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. - sunrpc: clean up properly in gss_mech_unregister() - [armhf] w1: omap-hdq: cleanup to add missing newline for some dev_dbg - perf probe: Do not show the skipped events - perf probe: Fix to check blacklist address correctly - perf probe: Check address correctness by map instead of _etext - perf symbols: Fix debuginfo search for Ubuntu https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.130 - [arm64,armhf] clk: sunxi: Fix incorrect usage of round_down() - [arm64,armhf] ASoC: tegra: tegra_wm8903: Support nvidia, headset property - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets - [x86] iio: pressure: bmp280: Tolerate IRQ before registering - [arm64] clk: qcom: msm8916: Fix the address location of pll->config_reg - [arm64] backlight: lp855x: Ensure regulators are disabled on probe failure - [armhf] ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type - [armel] integrator: Add some Kconfig selections - scsi: qedi: Check for buffer overflow in qedi_set_path() - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO - [i386] ALSA: isa/wavefront: prevent out of bounds write in ioctl - PCI: Allow pci_resize_resource() for devices on root bus - scsi: qla2xxx: Fix issue with adapter's stopping state - [x86] iio: bmp280: fix compensation of humidity - f2fs: report delalloc reserve as non-free in statfs for project quota - [x86] i2c: pxa: clear all master action bits in i2c_pxa_stop_message() - [armhf] clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical - usblp: poison URBs upon disconnect - serial: 8250: Fix max baud limit in generic 8250 port - dm mpath: switch paths in dm_blk_ioctl() code path - [arm64] PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register - vfio/pci: fix memory leaks in alloc_perm_bits() - RDMA/mlx5: Add init2init as a modify command - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event - [powerpc*] perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run - nfsd: Fix svc_xprt refcnt leak when setup callback client failed - [amd64] PCI: vmd: Filter resource type bits from shadow register - [powerpc*] crashkernel: Take "mem=" option into account - yam: fix possible memory leak in yam_init_driver - apparmor: fix introspection of of task mode for unconfined tasks - apparmor: check/put label on apparmor_sk_clone_security() - scsi: sr: Fix sr_probe() missing deallocate of device minor - [powerpc*] scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM - apparmor: fix nnp subset test for unconfined - [x86] purgatory: Disable various profiling and sanitizing options - scsi: qedi: Do not flush offload work if ARP not resolved - [armhf] dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity - scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing - [arm64] firmware: qcom_scm: fix bogous abuse of dma-direct internals - ALSA: usb-audio: Improve frames size computation - ALSA: usb-audio: Fix racy list management in output queue - [s390x] qdio: put thinint indicator after early error - tty: hvc: Fix data abort due to race in hvc_open - [armhf] thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR - [arm64,armhf] usb: dwc3: gadget: Properly handle failed kick_transfer - [mips64el,mipsel] staging: sm750fb: add missing case while setting FB_VISUAL - [arm64,i386] i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output - [arm*] serial: amba-pl011: Make sure we initialize the port.lock spinlock - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges - scsi: qla2xxx: Fix warning after FC target reset - scsi: mpt3sas: Fix double free warnings - [arm64,armhf] pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map - [armhf] clk: ti: composite: fix memory leak - PCI: Fix pci_register_host_bridge() device_register() error handling - [powerpc*] Don't initialise init_task->thread.regs - tty: n_gsm: Fix SOF skipping - tty: n_gsm: Fix waking up upper tty layer when room available - HID: Add quirks for Trust Panora Graphic Tablet - ipmi: use vzalloc instead of kmalloc for user creation - [powerpc*] pseries/ras: Fix FWNMI_VALID off by one - vfio-pci: Mask cap zero - usb/ohci-platform: Fix a warning when hibernating - [arm64] drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet - [armhf] USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() - tty: n_gsm: Fix bogus i++ in gsm_data_kick - scsi: target: tcmu: Userspace must not complete queued commands - [powerpc*] 64s/pgtable: fix an undefined behaviour - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port - [arm64,armhf] PCI: dwc: Fix inner MSI IRQ domain registration - IB/cma: Fix ports memory leak in cma_configfs - [arm*] usb: dwc2: gadget: move gadget resume after the core is in L0 state - usb: gadget: Fix issue with config_ep_by_speed function - RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove - [x86] apic: Make TSC deadline timer detection message visible - scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd() - [arm*] clk: bcm2835: Fix return type of bcm2835_register_gate - [ppc64el] KVM: Book3S HV: Ignore kmemleak false positives - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION - of: Fix a refcounting bug in __of_attach_node_sysfs() - rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID - gfs2: Allow lock_nolock mount to specify jid=X - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj - scsi: ufs: Don't update urgent bkops level when toggling auto bkops - [armhf] pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' - geneve: change from tx_error to tx_dropped on missing metadata - lib/zlib: remove outdated and incorrect pre-increment optimization - blktrace: use errno instead of bi_status - blktrace: fix endianness in get_pdu_int() - blktrace: fix endianness for blk_log_remap() - gfs2: fix use-after-free on transaction ail lists - drivers/perf: hisi: Fix wrong value for all counters enable - afs: Fix memory leak in afs_put_sysnames() - ASoC: core: only convert non DPCM link to DPCM link - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet - ASoC: rt5645: Add platform-data for Asus T101HA - [arm64,armhf] drm/sun4i: hdmi ddc clk: Fix size of m divider - [x86] idt: Keep spurious entries unset in system_vectors - net/filter: Permit reading NET in load_bytes_relative when MAC not set - xdp: Fix xsk_generic_xmit errno - [arm64,armhf] usb/xhci-plat: Set PM runtime as active on resume - usb: host: ehci-platform: add a quirk to avoid stuck - usb/ehci-platform: Set PM runtime as active on resume - perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() - ext4: stop overwrite the errcode in ext4_setup_super - bcache: fix potential deadlock problem in btree_gc_coalesce (CVE-2020-12771) - afs: Fix non-setting of mtime when writing into mmap - afs: afs_write_end() should change i_size under the right lock - block: Fix use-after-free in blkdev_get() - [arm64] hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - libata: Use per port sync for detach - drm: encoder_slave: fix refcouting error for modules - drm/dp_mst: Reformat drm_dp_check_act_status() a bit - drm/qxl: Use correct notify port address when creating cursor ring - selinux: fix double free - ext4: fix partial cluster initialization when splitting extent - ext4: avoid race conditions when remounting with options that change dax - drm/dp_mst: Increase ACT retry timeout to 3s - block: nr_sects_write(): Disable preemption on seqcount write - mtd: rawnand: Pass a nand_chip object to nand_scan() - mtd: rawnand: Pass a nand_chip object to nand_release() - mtd: rawnand: diskonchip: Fix the probe error path - [armel,armhf] mtd: rawnand: orion: Fix the probe error path - [s390x] fix syscall_get_error for compat processes - [x86] drm/i915: Whitelist context-local timestamp in the gen9 cmdparser - [x86] drm/i915/icl+: Fix hotplug interrupt disabling after storm detection - crypto: algif_skcipher - Cap recv SG list at ctx->used - crypto: algboss - don't wait during notifier callback - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex - e1000e: Do not wake up the system via WOL if device wakeup is disabled - [mips*] net: octeon: mgmt: Repair filling of RX ring - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task - sched/rt, net: Use CONFIG_PREEMPTION.patch - net: core: device_rename: Use rwsem instead of a seqcount - md: add feature flag MD_FEATURE_RAID0_LAYOUT - [x86] kvm: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c - [x86] kvm: Fix reserved bits related calculation errors caused by MKTME - [x86] KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.131 - net: be more gentle about silly gso requests coming from user - block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed - fanotify: fix ignore mask logic for events on child and on dir - [armhf] mtd: rawnand: marvell: Fix the condition on a return code - net: sched: export __netdev_watchdog_up() - [x86] EDAC/amd64: Add Family 17h Model 30h PCI IDs - [arm64,armhf] i2c: tegra: Cleanup kerneldoc comments - [arm64,armhf] i2c: tegra: Add missing kerneldoc for some fields - [arm64,armhf] i2c: tegra: Fix Maximum transfer size - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 - ALSA: hda/realtek: Enable mute LED on an HP system - ALSA: hda/realtek - Enable micmute LED on and HP system - apparmor: don't try to replace stale label in ptraceme check (Closes: #963493) - [ppc64el] ibmveth: Fix max MTU limit - mld: fix memory leak in ipv6_mc_destroy_dev() - net: bridge: enfore alignment for ethernet address - net: fix memleak in register_netdevice() - net: place xmit recursion in softnet data - net: use correct this_cpu primitive in dev_recursion_level - net: increment xmit_recursion level in dev_direct_xmit() - net: usb: ax88179_178a: fix packet alignment padding - rxrpc: Fix notification call on completion of discarded calls - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket - tcp: don't ignore ECN CWR on pure ACK - tcp: grow window for OOO packets only for SACK flows - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() - net: phy: Check harder for errors in get_phy_id() - ip_tunnel: fix use-after-free in ip_tunnel_lookup() - sch_cake: don't try to reallocate or unshare skb unconditionally - sch_cake: fix a few style nits - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT - sch_cake: don't call diffserv parsing code when it is not needed - net: Fix the arp error in some cases - net: Do not clear the sock TX queue in sk_set_socket() - net: core: reduce recursion limit value - [arm*] usb: dwc2: Postponed gadget registration to the udc class driver - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 - USB: ehci: reopen solution for Synopsys HC bug - xhci: Poll for U0 after disabling USB2 LPM - [armhf] usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() - ALSA: usb-audio: add quirk for Denon DCD-1500RE - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) - ALSA: usb-audio: Fix OOB access of mixer element list - [s390x] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action - xhci: Fix incorrect EP_STATE_MASK - xhci: Fix enumeration issue when setting max packet size for FS devices. - xhci: Return if xHCI doesn't support LPM - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip - loop: replace kill_bdev with invalidate_bdev - IB/mad: Fix use after free when destroying MAD agent - cifs/smb3: Fix data inconsistent when punch hole - cifs/smb3: Fix data inconsistent when zero file range - xfrm: Fix double ESP trailer insertion in IPsec crypto offload. - efi/esrt: Fix reference count leak in esre_create_sysfs_entry. - [armhf] regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 - [armhf] ASoC: fsl_ssi: Fix bclk calculation for mono channel - [armhf] dts: Fix duovero smsc interrupt for suspend - regmap: Fix memory leak from regmap_register_patch - rxrpc: Fix handling of rwind from an ACK packet - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 - RDMA/cma: Protect bind_list and listen_list while finding matching cm id - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() - net: qed: fix left elements count calculation - net: qed: fix NVMe login fails over VFs - net: qed: fix excessive QM ILT lines consumption - cxgb4: move handling L2T ARP failures to caller - [armhf] imx5: add missing put_device() call in imx_suspend_alloc_ocram() - netfilter: ipset: fix unaligned atomic access - i2c: core: check returned size of emulated smbus block read - sched/deadline: Initialize ->dl_boosted - sched/core: Fix PI boosting between RT and DEADLINE tasks - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function - net: alx: fix race condition in alx_remove - [s390x] ptrace: fix setting syscall number - [s390x] vdso: fix vDSO clock_getres() - kbuild: improve cc-option to clean up all temporary files - blktrace: break out of blktrace setup on concurrent calls - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table - ALSA: hda/realtek - Add quirk for MSI GE63 laptop - [x86,arm64] ACPI: sysfs: Fix pm_profile_attr type - [x86] KVM: Fix MSR range of APIC registers in X2APIC mode - [x86] KVM: nVMX: Plumb L2 GPA through to PML emulation - [amd64] x86/asm/64: Align start of __clear_user() loop to 16-bytes - btrfs: fix data block group relocation failure due to concurrent scrub - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof - mm/slab: use memzero_explicit() in kzfree() - ocfs2: avoid inode removal while nfsd is accessing it - ocfs2: load global_inode_alloc - ocfs2: fix value of OCFS2_INVALID_SLOT - ocfs2: fix panic on nfs server over ocfs2 - [arm64] perf: Report the PC value in REGS_ABI_32 mode - tracing: Fix event trigger to accept redundant spaces - ring-buffer: Zero out time extend if it is nested and not absolute - drm/radeon: fix fb_div check in ni_init_smc_spll_table() - [x86,arm64] Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() - sunrpc: fixed rollback in rpc_gssd_dummy_populate() - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() - pNFS/flexfiles: Fix list corruption if the mirror count changes - NFSv4 fix CLOSE not waiting for direct IO compeletion - dm writecache: correct uncommitted_block when discarding uncommitted entry - dm writecache: add cond_resched to loop in persistent_memory_claim() - xfs: add agf freeblocks verify in xfs_agf_verify (CVE-2020-12655) - Revert "tty: hvc: Fix data abort due to race in hvc_open" [ Salvatore Bonaccorso ] * [rt] Add new signing key for Tom Zanussi * nfsd: apply umask on fs without ACL support (Closes: #962254) * [rt] Update to 4.19.120-rt52: - tasklet: Address a race resulting in double-enqueue - hrtimer: fix logic for when grabbing softirq_expiry_lock can be elided * [rt] Update to 4.19.124-rt53 * [rt] Update to 4.19.127-rt55: - fs/dcache: Include swait.h header - mm: slub: Always flush the delayed empty slubs in flush_all() - tasklet: Fix UP case for tasklet CHAINED state * usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect (CVE-2020-15393) [ Ben Hutchings ] * [rt] Update "net: move xmit_recursion to per-task variable on -RT" to apply on top of "net: place xmit recursion in softnet data" * [rt] Drop "net: Add a mutex around devnet_rename_seq", redundant with "net: Introduce net_rwsem to protect net_namespace_list" * [rt] Drop idle task related parts of "sched: Move mmdrop to RCU on RT", redundant with "sched/core: Fix illegal RCU from offline CPUs" * Bump ABI to 10 [ YunQiang Su ] * [mips*]: Do not enable MIPS_O32_FP64_SUPPORT, since golang hasn't been migrated to FPXX yet and this breaks the golang packages on Octeon hardware. In turns this disables MSA on 32-bit kernels. [ Luca Boccassi ] * [cloud] Enable INFINIBAND configs for HyperV/Azure (Closes: #958300) -- Salvatore Bonaccorso Thu, 09 Jul 2020 04:45:56 +0200 linux (4.19.118-2+deb10u1) buster-security; urgency=high [ Salvatore Bonaccorso ] * selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751) * fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114) * USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464) * [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768) * scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770) * USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143) * netlabel: cope with NULL catmap (CVE-2020-10711) * fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732) * kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462) * mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757) * [x86] KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01 * KVM: Introduce a new guest mapping API * [arm64] kvm: fix compilation on aarch64 * [s390x] kvm: fix compilation on s390 * [s390x] kvm: fix compile on s390 part 2 * KVM: Properly check if "page" is valid in kvm_vcpu_unmap * [x86] kvm: Introduce kvm_(un)map_gfn() (CVE-2019-3016) * [x86] kvm: Cache gfn to pfn translation (CVE-2019-3016) * [x86] KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (CVE-2019-3016) * [x86] KVM: Clean up host's steal time structure (CVE-2019-3016) * include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap (Closes: #960271) [ Ben Hutchings ] * propagate_one(): mnt_set_mountpoint() needs mount_lock * [x86] Add support for mitigation of Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543): - x86/cpu: Add 'table' argument to cpu_matches() - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - x86/speculation: Add SRBDS vulnerability and mitigation documentation - x86/speculation: Add Ivy Bridge to affected list * [x86] speculation: Do not match steppings, to avoid an ABI change -- Salvatore Bonaccorso Sun, 07 Jun 2020 17:42:22 +0200 linux (4.19.118-2) buster; urgency=medium * Merge changes from 4.19.67-2+deb10u2 to include all security fixes from DSA 4667-1. -- Salvatore Bonaccorso Wed, 29 Apr 2020 11:38:41 +0200 linux (4.19.118-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.99 - Revert "efi: Fix debugobjects warning on 'efi_rts_work'" - xfs: Sanity check flags of Q_XQUOTARM call - [x86] mfd: intel-lpss: Add default I2C device properties for Gemini Lake - SUNRPC: Fix svcauth_gss_proxy_init() - [powerpc*] pseries: Enable support for ibm,drc-info property - tipc: update mon's self addr when node addr generated - tipc: fix wrong timeout input for tipc_wait_for_cond() - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready - [armhf] crypto: sun4i-ss - fix big endian issues - perf map: No need to adjust the long name of modules - ipmi: Fix memory leak in __ipmi_bmc_register (CVE-2019-19046) - ixgbe: don't clear IPsec sa counters on HW clearing - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() - iio: fix position relative kernel version - apparmor: Fix network performance issue in aa_label_sk_perm - ALSA: hda: fix unused variable warning - apparmor: don't try to replace stale label in ptrace access check - firmware: coreboot: Let OF core populate platform device - bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER - [arm64] drm/hisilicon: hibmc: Don't overwrite fb helper surface depth - IB/rxe: replace kvfree with vfree - [amd64] IB/hfi1: Add mtu check for operational data VLs - genirq/debugfs: Reinstate full OF path for domain name - [arm64] usb: dwc3: add EXTCON dependency for qcom - cfg80211: regulatory: make initialization more robust - [x86] mei: replace POLL* with EPOLL* for write queues. - [arm64] drm/msm: fix unsigned comparison with less than zero - ALSA: usb-audio: update quirk for B&W PX to remove microphone - iwlwifi: nvm: get num of hw addresses from firmware - netfilter: nft_osf: usage from output path is not valid - [x86] pwm: lpss: Release runtime-pm reference from the driver's remove callback - [powerpc*] pseries/memory-hotplug: Fix return value type of find_aa_index - rtlwifi: rtl8821ae: replace _rtl8821ae_mrate_idx_to_arfr_id with generic version - netfilter: nf_flow_table: do not remove offload when other netns's interface is down - tipc: eliminate message disordering during binding table update - [arm64] net: socionext: Add dummy PHY register read in phy_write() - [arm64,armhf] drm/sun4i: hdmi: Fix double flag assignation - [arm64] net: hns3: add error handler for hns3_nic_init_vector_data() - pcrypt: use format specifier in kobject_add - [armhf] ASoC: sun8i-codec: add missing route for ADC - [arm64] pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins - [armhf] bus: ti-sysc: Add mcasp optional clocks flag - exportfs: fix 'passing zero to ERR_PTR()' warning - net: always initialize pagedlen - net: phy: Fix not to call phy_resume() if PHY is not attached - [amd64] IB/hfi1: Correctly process FECN and BECN in packets - IB/rxe: Fix incorrect cache cleanup in error flow - ipv6: add missing tx timestamping on IPPROTO_RAW - [arm64] net: hns3: fix error handling int the hns3_get_vector_ring_chain - vxlan: changelink: Fix handling of default remotes - fork,memcg: fix crash in free_thread_stack on memcg charge fail - [armhf] clk: highbank: fix refcount leak in hb_clk_init() - [armhf] clk: ti: fix refcount leak in ti_dt_clocks_register() - [armhf] clk: socfpga: fix refcount leak - [armhf] clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() - [armhf] clk: imx6q: fix refcount leak in imx6q_clocks_init() - [armhf] clk: imx6sx: fix refcount leak in imx6sx_clocks_init() - [armhf] clk: armada-370: fix refcount leak in a370_clk_init() - [armel] clk: kirkwood: fix refcount leak in kirkwood_clk_init() - [armhf] clk: armada-xp: fix refcount leak in axp_clk_init() - [armhf] clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() - [armhf] clk: dove: fix refcount leak in dove_clk_init() - drm: Fix error handling in drm_legacy_addctx - [armhf] drm/etnaviv: fix some off by one bugs - drm/fb-helper: generic: Fix setup error path - fork, memcg: fix cached_stacks case - [amd64] IB/usnic: Fix out of bounds index check in query pkey - RDMA/ocrdma: Fix out of bounds index check in query pkey - RDMA/qedr: Fix out of bounds index check in query pkey - RDMA/iw_cxgb4: Fix the unchecked ep dereference - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 - [armhf] memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 - [armhf] drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() - kbuild: mark prepare0 as PHONY to fix external module build - crypto: tgr192 - fix unaligned memory access - [armhf] ASoC: imx-sgtl5000: put of nodes if finding codec fails - IB/iser: Pass the correct number of entries for dma mapped SGL - [arm64] net: hns3: fix wrong combined count returned by ethtool -l - IB/mlx5: Don't override existing ip_protocol - rtc: cmos: ignore bogus century byte - [i386] spi/topcliff_pch: Fix potential NULL dereference on allocation error - [arm64] net: hns3: fix bug of ethtool_ops.get_channels for VF - [armhf] clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it - iwlwifi: mvm: avoid possible access out of array. - net/mlx5: Take lock with IRQs disabled to avoid deadlock - ip_tunnel: Fix route fl4 init in ip_md_tunnel_xmit - iwlwifi: mvm: fix A-MPDU reference assignment - [armhf] bus: ti-sysc: Fix timer handling with drop pm_runtime_irq_safe() - [x86] tty: ipwireless: Fix potential NULL pointer dereference - driver: uio: fix possible memory leak in __uio_register_device - driver: uio: fix possible use-after-free in __uio_register_device - driver core: Fix DL_FLAG_AUTOREMOVE_SUPPLIER device link flag handling - driver core: Avoid careless re-use of existing device links - driver core: Do not resume suppliers under device_links_write_lock() - driver core: Fix handling of runtime PM flags in device_link_add() - driver core: Do not call rpm_put_suppliers() in pm_runtime_drop_link() - drm/xen-front: Fix mmap attributes for display buffers - iwlwifi: mvm: fix RSS config command - [mips*] rtc: ds1672: fix unintended sign extension - ath10k: fix dma unmap direction for management frames - net: phy: fixed_phy: Fix fixed_phy not checking GPIO - rtc: ds1307: rx8130: Fix alarm handling - net/smc: original socket family in inet_sock_diag - [arm64] rtc: pm8xxx: fix unintended sign extension - iw_cxgb4: use tos when importing the endpoint - iw_cxgb4: use tos when finding ipv6 routes - xsk: add missing smp_rmb() in xsk_mmap - [armhf] drm/etnaviv: potential NULL dereference - RDMA/mlx5: Fix memory leak in case we fail to add an IB device - driver core: Fix possible supplier PM-usage counter imbalance - [armhf] usb: phy: twl6030-usb: fix possible use-after-free on remove - block: don't use bio->bi_vcnt to figure out segment number - keys: Timestamp new keys - [armhf] net: dsa: b53: Fix default VLAN ID - [armhf] net: dsa: b53: Properly account for VLAN filtering - [armhf] net: dsa: b53: Do not program CPU port's PVID - mt76: usb: fix possible memory leak in mt76u_buf_free - vfio_pci: Enable memory accesses before calling pci_map_rom - mdio_bus: Fix PTR_ERR() usage after initialization to constant - [powerpc*] KVM: Release all hardware TCE tables attached to a group - [x86] staging: r8822be: check kzalloc return or bail - [arm*] dmaengine: mv_xor: Use correct device for DMA API - cdc-wdm: pass return value of recover_from_urb_loss - brcmfmac: create debugfs files for bus-specific layer - net/mlx5: Delete unused FPGA QPN variable - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON - drm/nouveau/pmu: don't print reply values if exec is false - drm/nouveau: fix missing break in switch statement - driver core: Fix PM-runtime for links added during consumer probe - [arm64] ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() - [arm64,armhf] net: dsa: fix unintended change of bridge interface STP state - fs/nfs: Fix nfs_parse_devname to not modify it's argument - [x86] staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx - [ppc64el] 64s: Fix logic when handling unknown CPU features - NFS: Fix a soft lockup in the delegation recovery code - perf: Copy parent's address filter offsets on clone - perf, pt, coresight: Fix address filters for vmas with non-zero offset - [armhf] clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable - [armhf] clocksource/drivers/exynos_mct: Fix error path in timer resources initialization - [x86] platform/x86: wmi: fix potential null pointer dereference - NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount - ath10k: Fix length of wmi tlv command for protected mgmt frames - netfilter: nft_set_hash: fix lookups with fixed size hash on big endian - netfilter: nft_set_hash: bogus element self comparison from deactivation path - net: sched: act_csum: Fix csum calc for tagged packets - [arm*] hwrng: bcm2835 - fix probe as platform device - [amd64] iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() - NFS: Add missing encode / decode sequence_maxsz to v4.2 operations - NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() - [amd64] net: aquantia: fixed instack structure overflow - media: dvb/earth-pt1: fix wrong initialization for demod blocks - rbd: clear ->xferred on error from rbd_obj_issue_copyup() - PCI: Fix "try" semantics of bus and slot reset - scsi: megaraid_sas: reduce module load time - xen, cpu_hotplug: Prevent an out of bounds access - net/mlx5: Fix multiple updates of steering rules in parallel - net/mlx5e: IPoIB, Fix RX checksum statistics update - [arm64,armhf] soc: amlogic: gx-socinfo: Add mask for each SoC packages - media: ivtv: update *pos correctly in ivtv_read_pos() - media: cx18: update *pos correctly in cx18_read_pos() - [armhf] media: wl128x: Fix an error code in fm_download_firmware() - media: cx23885: check allocation return - jfs: fix bogus variable self-initialization - [armhf] dts: sun9i: optimus: Fix fixed-regulators - net: phy: don't clear BMCR in genphy_soft_reset - [armhf] OMAP2+: Fix potentially uninitialized return value for _setup_reset() - [arm64,armhf] net: dsa: Avoid null pointer when failing to connect to PHY - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame - [arm64,armhf] spi: tegra114: clear packed bit for unpacked mode - [arm64,armhf] spi: tegra114: fix for unpacked mode transfers - [arm64,armhf] spi: tegra114: terminate dma and reset on transfer timeout - [arm64,armhf] spi: tegra114: flush fifos - [arm64,armhf] spi: tegra114: configure dma burst size to fifo trig level - [armhf] bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated - [arm*] spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios - drm/fb-helper: generic: Call drm_client_add() after setup is done - [arm64] vdso: don't leak kernel addresses - rtc: Fix timestamp value for RTC_TIMESTAMP_BEGIN_1900 - bpf: Add missed newline in verifier verbose log - [x86] drm/vmwgfx: Remove set but not used variable 'restart' - scsi: qla2xxx: Unregister chrdev if module initialization fails - net/sched: cbs: fix port_rate miscalculation - ACPI: button: reinitialize button state upon resume - [arm64,armhf] firmware: arm_scmi: fix of_node leak in scmi_mailbox_check - rxrpc: Fix detection of out of order acks - scsi: target/core: Fix a race condition in the LUN lookup code - brcmfmac: fix leak of mypkt on error return path - [arm64] net: hns3: fix for vport->bw_limit overflow problem - [x86] hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses - perf/core: Fix the address filtering fix - [arm64,armhf] soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask - [x86] platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer - tipc: set sysctl_tipc_rmem and named_timeout right range - usb: typec: tcpm: Notify the tcpc to start connection-detection for SRPs - [arm64] net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() - 6lowpan: Off by one handling ->nexthdr - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() - afs: Fix AFS file locking to allow fine grained locks - afs: Further fix file locking - NFS: Don't interrupt file writeout due to fatal errors - scsi: qla2xxx: Fix a format specifier - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory - [ppc64el] KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest - netfilter: nft_flow_offload: add entry to flowtable after confirmation - packet: in recvmsg msg_name return at least sizeof sockaddr_ll - ASoC: fix valid stream condition - [arm*] dwc2: gadget: Fix completed transfer size calculation in DDMA - IB/mlx5: Add missing XRC options to QP optional params mask - RDMA/rxe: Consider skb reserve space based on netdev of GID - [amd64] iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU - [arm64] dmaengine: tegra210-adma: restore channel status - mmc: core: fix possible use after free of host - ath10k: Fix encoding for protected management frames - afs: Fix the afs.cell and afs.volume xattr handlers - l2tp: Fix possible NULL pointer dereference - [x86] platform/x86: alienware-wmi: printing the wrong error code - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule - [arm64,armhf] pwm: meson: Consider 128 a valid pre-divider - [arm64,armhf] pwm: meson: Don't disable PWM when setting duty repeatedly - nfp: bpf: fix static check error through tightening shift amount adjustment - netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value - [arm*] thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power - EDAC/mc: Fix edac_mc_find() in case no device is found - afs: Fix key leak in afs_release() and afs_evict_inode() - afs: Don't invalidate callback if AFS_VNODE_DIR_VALID not set - afs: Fix lock-wait/callback-break double locking - afs: Fix double inc of vnode->cb_break - [armhf] dts: sun8i-h3: Fix wifi in Beelink X2 DT - [arm64] clk: meson: gxbb: no spread spectrum on mpll0 - [arm64] clk: meson: axg: spread spectrum is on mpll2 - [arm64] dmaengine: tegra210-adma: Fix crash during probe - [arm64] dts: meson: libretech-cc: set eMMC as removable - RDMA/qedr: Fix incorrect device rate. - [x86] crypto: ccp - fix AES CFB error exposed by new test vectors - [x86] crypto: ccp - Fix 3DES complaint from ccp-crypto module - iommu: Add missing new line for dma type - iommu: Use right function to get group for device - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig - inet: frags: call inet_frags_fini() after unregister_pernet_subsys() - [arm64] net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector - [x86] netvsc: unshare skb in VF rx handler - net: core: support XDP generic on stacked devices. - RDMA/uverbs: check for allocation failure in uapi_add_elm() - net: don't clear sock->sk early to avoid trouble in strparser - [arm64] phy: qcom-qusb2: fix missing assignment of ret when calling clk_prepare_enable - [arm64] clk: sunxi-ng: sun50i-h6-r: Fix incorrect W1 clock gate register - media: vivid: fix incorrect assignment operation when setting video mode - [arm64] crypto: inside-secure - fix zeroing of the request in ahash_exit_inv - [arm64] crypto: inside-secure - fix queued len computation - mpls: fix warning with multi-label encap - [arm64] dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node - [arm64] dts: meson-gxm-khadas-vim2: fix Bluetooth support - [amd64] iommu/vt-d: Duplicate iommu_resv_region objects per device list - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state - qed: iWARP - fix uninitialized callback - [powerpc*] cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild - [powerpc*] pseries/mobility: rebuild cacheinfo hierarchy post-migration - bpf: fix the check that forwarding is enabled in bpf_ipv6_fib_lookup - [amd64] IB/hfi1: Handle port down properly in pio - [arm64] drm/msm/mdp5: Fix mdp5_cfg_init error return - net: netem: fix backlog accounting for corrupted GSO frames - net/udp_gso: Allow TX timestamp with UDP GSO - [s390x] net/af_iucv: build proper skbs for HiperTransport - [s390x] net/af_iucv: always register net_device notifier - [armhf] ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs - rtc: pcf8563: Fix interrupt trigger method - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq - net/sched: cbs: Fix error path of cbs_module_init - [arm64] drm/msm/a3xx: remove TPL1 regs from snapshot - ip6_fib: Don't discard nodes with valid routing information in fib6_locate_1() - perf/ioctl: Add check for the sample_period value - [x86] dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" - tools: bpftool: use correct argument in cgroup errors - fork,memcg: alloc_thread_stack_node needs to set tsk->stack - bnxt_en: Fix ethtool selftest crash under error conditions. - bnxt_en: Suppress error messages when querying DSCP DCB capabilities. - [amd64] iommu: Make iommu_disable safer - [x86] mfd: intel-lpss: Release IDA resources - rxrpc: Fix uninitialized error code in rxrpc_send_data_packet() - xprtrdma: Fix use-after-free in rpcrdma_post_recvs - PM: ACPI/PCI: Resume all devices during hibernation - ACPI: PM: Simplify and fix PM domain hibernation callbacks - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS - devres: allow const resource arguments - [arm64] RDMA/hns: Fixs hw access invalid dma memory error - ceph: fix "ceph.dir.rctime" vxattr value - xdp: fix possible cq entry leak - scsi: libfc: fix null pointer dereference on a null lport - xfrm interface: ifname may be wrong in logs - [armhf] clk: sunxi-ng: v3s: add the missing PLL_DDR1 - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() - libertas_tf: Use correct channel range in lbtf_geo_init - qed: reduce maximum stack frame size - usb: host: xhci-hub: fix extra endianness conversion - [x86] crypto: ccp - Reduce maximum stack usage - tipc: reduce risk of wakeup queue starvation - net/mlx5: Fix mlx5_ifc_query_lag_out_bits - cifs: fix rmmod regression in cifs.ko caused by force_sig changes - net: fix bpf_xdp_adjust_head regression for generic-XDP - cxgb4: smt: Add lock for atomic_dec_and_test - ext4: set error return correctly when ext4_htree_store_dirent fails - [arm64] RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver - [arm64] RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver - net/rds: Add a few missing rds_stat_names entries - tools: bpftool: fix arguments for p_err() in do_event_pipe() - tools: bpftool: fix format strings and arguments for jsonw_printf() - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails - signal: Allow cifs and drbd to receive their terminating signals - [ppc64el] 64s/radix: Fix memory hot-unplug page table split - [x86] dmaengine: dw: platform: Switch to acpi_dma_controller_register() - mac80211: minstrel_ht: fix per-group max throughput rate initialization - i40e: reduce stack usage in i40e_set_fc - [armhf] 8896/1: VDSO: Don't leak kernel addresses - [mips*] avoid explicit UB in assignment of mips_io_port_base - media: em28xx: Fix exception handling in em28xx_alloc_urbs() - ahci: Do not export local variable ahci_em_messages - rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" - hwmon: (lm75) Fix write operations for negative temperatures - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate - power: supply: Init device wakeup after device_add() - [x86] perf: Fix the dependency of the x86 insn decoder selftest - irqdomain: Add the missing assignment of domain->fwnode for named fwnode - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA - bcache: Fix an error code in bch_dump_read() - netfilter: ctnetlink: honor IPS_OFFLOAD flag - [arm64] wcn36xx: use dynamic allocation for large variables - xsk: avoid store-tearing when assigning queues - xsk: avoid store-tearing when assigning umem - led: triggers: Fix dereferencing of null pointer - [arm64] net: hns3: fix error VF index when setting VLAN offload - rtlwifi: Fix file release memory leak - f2fs: fix wrong error injection path in inc_valid_block_count() - f2fs: fix error path of f2fs_convert_inline_page() - [x86] scsi: fnic: fix msix interrupt allocation - Btrfs: fix hang when loading existing inode cache off disk - Btrfs: fix inode cache waiters hanging on failure to start caching thread - Btrfs: fix inode cache waiters hanging on path allocation failure - btrfs: use correct count in btrfs_file_write_iter() - ixgbe: sync the first fragment unconditionally - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet - RDMA/cma: Fix false error message - net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands - f2fs: fix to avoid accessing uninitialized field of inode page in is_alive() - [powerpc*] mm/mce: Keep irqs disabled during lockless page table walk - bpf: fix BTF limits - [amd64] iommu: Wait for completion of IOTLB flush in attach_device - [amd64] net: aquantia: Fix aq_vec_isr_legacy() return value - cxgb4: Signedness bug in init_one() - [arm64] net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() - [arm64] net: netsec: Fix signedness bug in netsec_probe() - [arm64,armhf] net: stmmac: dwmac-meson8b: Fix signedness bug in probe - of: mdio: Fix a signedness bug in of_phy_get_and_connect() - [arm64] net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() - net: sched: cbs: Avoid division by zero when calculating the port rate - nvme: retain split access workaround for capability reads - [arm64,armhf] net: stmmac: gmac4+: Not all Unicast addresses may be available - rxrpc: Fix trace-after-put looking at the put connection record - mac80211: accept deauth frames in IBSS mode - llc: fix another potential sk_buff leak in llc_ui_sendmsg() - llc: fix sk_buff refcounting in llc_conn_state_process() - ip6erspan: remove the incorrect mtu limit for ip6erspan - [arm64,armhf] net: stmmac: fix length of PTP clock's name string - [arm64,armhf] net: stmmac: fix disabling flexible PPS output - sctp: add chunks to sk_backlog when the newsk sk_socket is not set - [s390x] qeth: Fix error handling during VNICC initialization - [s390x] qeth: Fix initialization of vnicc cmd masks during set online - act_mirred: Fix mirred_init_module error handling - net: avoid possible false sharing in sk_leave_memory_pressure() - net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head - tcp: annotate lockless access to tcp_memory_pressure - net/smc: receive returns without data - net/smc: receive pending data after RCV_SHUTDOWN - [arm64] drm/msm/dsi: Implement reset correctly - [armhf] dmaengine: imx-sdma: fix size check for sdma script_number - [arm64] hibernate: check pgd table allocation - net: netem: fix error path for corrupted GSO frames - net: netem: correct the parent's backlog when corrupted packet was dropped - xsk: Fix registration of Rx-only sockets - bpf, offload: Unlock on error in bpf_offload_dev_create() - afs: Fix missing timeout reset - [x86] hv_netvsc: Fix offset usage in netvsc_send_table() - [x86] hv_netvsc: Fix send_table offset in case of a host bug - afs: Fix large file support - [armhf] hwrng: omap3-rom - Fix missing clock by probing with device tree - [mips64el,mipsel] Loongson: Fix return value of loongson_hwmon_init - [x86] hv_netvsc: flag software created hash value - net: neigh: use long type to store jiffies delta - packet: fix data-race in fanout_flow_is_huge() - affs: fix a memory leak in affs_remount - afs: Remove set but not used variables 'before', 'after' - [armhf] dmaengine: ti: edma: fix missed failure handling - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 - [arm64] dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.100 - can, slip: Protect tty->disc_data in write_wakeup and close with RCU - [x86] firestream: fix memory leaks - gtp: make sure only SOCK_DGRAM UDP sockets are accepted - ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM - net: ip6_gre: fix moving ip6gre between namespaces - net, ip6_tunnel: fix namespaces move - net, ip_tunnel: fix namespaces move - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() - net_sched: fix datalen for ematch - net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject - net-sysfs: fix netdev_queue_add_kobject() breakage - net-sysfs: Call dev_hold always in netdev_queue_add_kobject - net-sysfs: Call dev_hold always in rx_queue_add_kobject - net-sysfs: Fix reference count leak - net: usb: lan78xx: Add .ndo_features_check - Revert "udp: do rmem bulk free even if the rx sk queue is empty" - tcp_bbr: improve arithmetic division in bbr_update_bw() - tcp: do not leave dangling pointers in tp->highest_sack - tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() - afs: Fix characters allowed into cell names - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input - hwmon: (core) Do not use device managed functions for memory allocations - PCI: Mark AMD Navi14 GPU rev 0xc5 ATS as broken - tracing: trigger: Replace unneeded RCU-list traversals - Input: keyspan-remote - fix control-message timeouts - [x86] Revert "Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers" - [arm64,armhf] mmc: tegra: fix SDR50 tuning override - mmc: sdhci: fix minimum clock rate for v3 controller - [arm64] Documentation: Document arm64 kpti control - Input: sur40 - fix interface sanity checks - Input: gtco - fix endpoint sanity check - Input: aiptek - fix endpoint sanity check - Input: pegasus_notetaker - fix endpoint sanity check - [armhf] Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register - netfilter: nft_osf: add missing check for DREG attribute - hwmon: (nct7802) Fix voltage limits to wrong registers - do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) - sd: Fix REQ_OP_ZONE_REPORT completion handling - [i386] crypto: geode-aes - switch to skcipher for cbc(aes) fallback - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func - netfilter: ipset: use bitmap infrastructure completely - netfilter: nf_tables: add __nft_chain_type_get() - mm/memory_hotplug: make remove_memory() take the device_hotplug_lock - mm, sparse: drop pgdat_resize_lock in sparse_add/remove_one_section() - mm, sparse: pass nid instead of pgdat to sparse_add_one_section() - drivers/base/memory.c: remove an unnecessary check on NR_MEM_SECTIONS - mm, memory_hotplug: add nid parameter to arch_remove_memory - mm/memory_hotplug: release memory resource after arch_remove_memory() - drivers/base/memory.c: clean up relics in function parameters - mm, memory_hotplug: update a comment in unregister_memory() - mm/memory_hotplug: make unregister_memory_section() never fail - mm/memory_hotplug: make __remove_section() never fail - [powerpc*] mm: Fix section mismatch warning - mm/memory_hotplug: make __remove_pages() and arch_remove_memory() never fail - [s390x] mm: implement arch_remove_memory() - mm/memory_hotplug: allow arch_remove_memory() without CONFIG_MEMORY_HOTREMOVE - drivers/base/memory: pass a block_id to init_memory_block() - mm/memory_hotplug: create memory block devices after arch_add_memory() - mm/memory_hotplug: remove memory block devices before arch_remove_memory() - mm/memory_hotplug: make unregister_memory_block_under_nodes() never fail - mm/memory_hotplug: remove "zone" parameter from sparse_remove_one_section - mm/hotplug: kill is_dev_zone() usage in __remove_pages() - drivers/base/node.c: simplify unregister_memory_block_under_nodes() - mm/memunmap: don't access uninitialized memmap in memunmap_pages() - mm/memory_hotplug: fix try_offline_node() - mm/memory_hotplug: shrink zones when offlining memory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.101 - orinoco_usb: fix interface sanity check - rsi_91x_usb: fix interface sanity check - USB: serial: ir-usb: add missing endpoint sanity check - USB: serial: ir-usb: fix link-speed handling - USB: serial: ir-usb: fix IrLAP framing - [arm64,armhf] usb: dwc3: turn off VBUS when leaving host mode - staging: wlan-ng: ensure error return is actually returned - [x86] staging: vt6656: correct packet types for CTS protect, mode. - [x86] staging: vt6656: use NULLFUCTION stack on mac80211 - [x86] staging: vt6656: Fix false Tx excessive retries reporting. - [arm64,armel] serial: 8250_bcm2835aux: Fix line mismatch on driver unbind - component: do not dereference opaque pointer in debugfs - [x86] mei: me: add comet point (lake) H device ids - crypto: chelsio - fix writing tfm flags to wrong place - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() - ath9k: fix storage endpoint lookup - brcmfmac: fix interface sanity check - rtl8xxxu: fix interface sanity check - zd1211rw: fix storage endpoint lookup - net_sched: ematch: reject invalid TCF_EM_SIMPLE - net_sched: fix ops->bind_class() implementations - HID: multitouch: Add LG MELF0410 I2C touchscreen support - HID: Add quirk for Xin-Mo Dual Controller - HID: ite: Add USB id match for Acer SW5-012 keyboard dock - [x86] HID: Add quirk for incorrect input length on Lenovo Y720 - drivers/hid/hid-multitouch.c: fix a possible null pointer access. - [arm64] phy: qcom-qmp: Increase PHY ready timeout - drivers/net/b44: Change to non-atomic bit operations on pwol_mask - [i386] net: wan: sdla: Fix cast from pointer to integer of different size - [arm64] gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP - atm: eni: fix uninitialized variable warning - HID: steam: Fix input device disappearing - [x86] platform/x86: dell-laptop: disable kbd backlight on Inspiron 10xx - [amd64] PCI: Add DMA alias quirk for Intel VCA NTB - [amd64] iommu: Support multiple PCI DMA aliases in IRQ Remapping - usb-storage: Disable UAS on JMicron SATA enclosure - sched/fair: Add tmp_alone_branch assertion - sched/fair: Fix insertion in rq->leaf_cfs_rq_list - rsi: fix use-after-free on probe errors - rsi: fix memory leak on failed URB submission - rsi: fix non-atomic allocation in completion handler - crypto: af_alg - Use bh_lock_sock in sk_destruct - block: cleanup __blkdev_issue_discard() - block: fix 32 bit overflow in __blkdev_issue_discard() - [arm64] KVM: Write arch.mdcr_el2 changes since last vcpu_load on VHE https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.102 - vfs: fix do_last() regression - crypto: pcrypt - Fix user-after-free on module unload - perf c2c: Fix return type for histogram sorting comparision functions - PM / devfreq: Add new name attribute for sysfs - tools lib: Fix builds when glibc contains strlcpy() - ext4: validate the debug_want_extra_isize mount option at parse time - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() - reiserfs: Fix memory leak of journal device string - media: digitv: don't continue if remote control state can't be read - media: af9005: uninitialized variable printked - media: vp7045: do not read uninitialized values if usb transfer fails - media: gspca: zero usb_buf - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 - tomoyo: Use atomic_t for statistics counter - ttyprintk: fix a potential deadlock in interrupt context issue - Bluetooth: Fix race condition in hci_release_sock() - cgroup: Prevent double killing of css when enabling threaded cgroup - [armhf] dts: sun8i: a83t: Correct USB3503 GPIOs polarity - [armhf] dts: am57xx-beagle-x15/am57xx-idk: Remove "gpios" for endpoint dt nodes - [armhf] dts: beagle-x15-common: Model 5V0 regulator - [arm64] clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order - mac80211: mesh: restrict airtime metric to peered established plinks - ASoC: rt5640: Fix NULL dereference on module unload - ixgbevf: Remove limit of 10 entries for unicast filter list - ixgbe: Fix calculation of queue with VFs and flow director on interface flap - igb: Fix SGMII SFP module discovery for 100FX/LX. - [x86] platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits - qmi_wwan: Add support for Quectel RM500Q - wireless: fix enabling channel 12 for custom regulatory domain - cfg80211: Fix radar event during another phy CAC - mac80211: Fix TKIP replay protection immediately after key setup - netfilter: nft_tunnel: ERSPAN_VERSION must not be null - [armhf] net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec - bnxt_en: Fix ipv6 RFS filter matching logic. - iwlwifi: Don't ignore the cap field upon mcc update - [armhf] dts: am335x-boneblack-common: fix memory size - vti[6]: fix packet tx through bpf_redirect() - xfrm interface: fix packet tx through bpf_redirect() - xfrm: interface: do not confirm neighbor when do pmtu update - scsi: fnic: do not queue commands during fwreset - [armhf] 8955/1: virt: Relax arch timer version check during early boot - [arm64] tee: optee: Fix compilation issue with nommu - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE - r8152: get default setting of WOL before initializing - qlcnic: Fix CPU soft lockup while collecting firmware dump - seq_tab_next() should increase position index - l2t_seq_next should increase position index - net: Fix skb->csum update in inet_proto_csum_replace16(). - btrfs: do not zero f_bavail if we have available space - perf report: Fix no libunwind compiled warning break s390 issue - mm/migrate.c: also overwrite error when it is bigger than zero https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.103 - [armhf] Revert "drm/sun4i: dsi: Change the start delay calculation" - ovl: fix lseek overflow on 32bit - kernel/module: Fix memleak in module_add_modinfo_attrs() - media: iguanair: fix endpoint sanity check - ocfs2: fix oops when writing cloned file - [x86] cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR - udf: Allow writing to 'Rewritable' partitions - printk: fix exclusive_console replaying - iwlwifi: mvm: fix NVM check for 3168 devices - gtp: use __GFP_NOWARN to avoid memalloc warning - l2tp: Allow duplicate session creation with UDP - net_sched: fix an OOB access in cls_tcindex - [arm64,armhf] net: stmmac: Delete txtimer in suspend() - bnxt_en: Fix TC queue mapping. - tcp: clear tp->total_retrans in tcp_disconnect() - tcp: clear tp->delivered in tcp_disconnect() - tcp: clear tp->data_segs{in|out} in tcp_disconnect() - tcp: clear tp->segs_{in|out} in tcp_disconnect() - rxrpc: Fix use-after-free in rxrpc_put_local() - rxrpc: Fix insufficient receive notification generation - rxrpc: Fix missing active use pinning of rxrpc_local object - rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors - ipc/msg.c: consolidate all xxxctl_down() functions - tracing: Fix sched switch start/stop refcount racy updates - rcu: Avoid data-race in rcu_gp_fqs_check_wake() - brcmfmac: Fix memory leak in brcmf_usbdev_qinit - usb: gadget: f_ncm: Use atomic_t to track in-flight request - usb: gadget: f_ecm: Use atomic_t to track in-flight request - ALSA: usb-audio: Fix endianess in descriptor validation - ALSA: dummy: Fix PCM format loop in proc output - mm/memory_hotplug: fix remove_memory() lockdep splat - mm: move_pages: report the number of non-attempted pages - media/v4l2-core: set pages dirty upon releasing DMA buffers - media: v4l2-core: compat: ignore native command codes - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments - irqdomain: Fix a memory leak in irq_domain_push_irq() - [x86] platform/x86: intel_scu_ipc: Fix interrupt support - [x86] ALSA: hda: Add Clevo W65_67SB the power_save blacklist - [arm64] KVM: Correct PSTATE on exception entry - [arm64,armhf] KVM: Correct CPSR on exception entry - [arm64,armhf] KVM: Correct AArch32 SPSR on exception entry - [arm64] KVM: Only sign-extend MMIO up to register width - [s390x] mm: fix dynamic pagetable upgrade for hugetlbfs - [powerpc*] pseries: Advance pfn if section is not present in lmb_is_removable() - smb3: fix signing verification of large reads - [arm64,armhf] PCI: tegra: Fix return value check of pm_runtime_get_sync() - [arm64,armhf] mmc: spi: Toggle SPI polarity, do not hardcode it - [x86] ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards - [x86] ACPI / battery: Deal with design or full capacity being reported as -1 - [x86] ACPI / battery: Use design-cap for capacity calculations if full-cap is not available - [x86] ACPI / battery: Deal better with neither design nor full capacity not being reported - alarmtimer: Unregister wakeup source when module get fails - ubifs: Reject unsupported ioctl flags explicitly - ubifs: don't trigger assertion on invalid no-key filename - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag - ubifs: Fix deadlock in concurrent bulk-read and writepage - [i386] crypto: geode-aes - convert to skcipher API and make thread-safe - [x86] hv_balloon: Balloon up according to request page number - mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile - crypto: api - Check spawn->alg under lock in crypto_drop_spawn - scsi: qla2xxx: Fix mtcp dump collection failure - ovl: fix wrong WARN_ON() in ovl_cache_update_ino() - f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project() - f2fs: fix miscounted block limit in f2fs_statfs_project() - f2fs: code cleanup for f2fs_statfs_project() - PM: core: Fix handling of devices deleted during system-wide resume - dm zoned: support zone sizes smaller than 128MiB - dm space map common: fix to ensure new block isn't already in use - dm crypt: fix benbi IV constructor crash if used in authenticated mode - dm: fix potential for q->make_request_fn NULL pointer - dm writecache: fix incorrect flush sequence when doing SSD mode commit - padata: Remove broken queue flushing - tracing: Annotate ftrace_graph_hash pointer with __rcu - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu - ftrace: Add comment to why rcu_dereference_sched() is open coded - ftrace: Protect ftrace_graph_hash with ftrace_sync - [x86] crypto: ccp - set max RSA modulus size for v3 platform devices as well - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request - crypto: api - Fix race condition in crypto_spawn_alg - scsi: qla2xxx: Fix unbound NVME response length - NFS: Fix memory leaks and corruption in readdir - NFS: Directory page cache pages need to be locked when read - jbd2_seq_info_next should increase position index - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES - btrfs: set trans->drity in btrfs_commit_transaction - Btrfs: fix race between adding and putting tree mod seq elements and nodes - [armhf] tegra: Enable PLLP bypass during Tegra124 LP1 - iwlwifi: don't throw error when trying to remove IGTK - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() - sunrpc: expiry_time should be seconds not timeval - gfs2: move setting current->backing_dev_info - gfs2: fix O_SYNC write handling - drm/rect: Avoid division by zero - media: rc: ensure lirc is initialized before registering input device - xen/balloon: Support xend-based toolstack take two - watchdog: fix UAF in reboot notifier handling in watchdog core code - bcache: add readahead cache policy options via sysfs interface - eventfd: track eventfd_signal() recursion depth - aio: prevent potential eventfd recursion on poll - [x86] KVM: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks - [x86] KVM: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks - [x86] KVM: Protect pmu_intel.c from Spectre-v1/L1TF attacks - [x86] KVM: Protect DR-based index computations from Spectre-v1/L1TF attacks - [x86] KVM: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks - [x86] KVM: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks - [x86] KVM: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks - [x86] KVM: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks - [x86] KVM: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks - [x86] KVM: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c - [x86] KVM: Protect x86_decode_insn from Spectre-v1/L1TF attacks - [x86] KVM: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks - [x86] KVM: Fix potential put_fpu() w/o load_fpu() on MPX platform - [ppc64el] KVM: Book3S HV: Uninit vCPU if vcore creation fails - [ppc64el] KVM: Book3S PR: Free shared page if mmu initialization fails - [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (CVE-2019-3016) - [x86] KVM: Don't let userspace set host-reserved cr4 bits - [x86] KVM: Free wbinvd_dirty_mask if vCPU creation fails - [s390x] KVM: do not clobber registers during guest reset/store status - [arm64,armhf] clk: tegra: Mark fuse clock as critical - percpu: Separate decrypted varaibles anytime encryption can be enabled - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type - scsi: csiostor: Adjust indentation in csio_device_reset - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free - scsi: ufs: Recheck bkops level if bkops is disabled - [arm64] phy: qualcomm: Adjust indentation in read_poll_timeout - ext2: Adjust indentation in ext2_fill_super - [arm64] drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable - IB/mlx5: Fix outstanding_pi index for GSI qps - IB/core: Fix ODP get user pages flow - nfsd: fix delay timer on 32-bit architectures - nfsd: fix jiffies/time_t mixup in LRU list - nfsd: Return the correct number of bytes written to the file - ubi: fastmap: Fix inverted logic in seen selfcheck - ubi: Fix an error pointer dereference in error handling code - bonding/alb: properly access headers in bond_alb_xmit() - [armhf] net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port - [arm64,armhf] net: mvneta: move rx_dropped and rx_errors in per-cpu stats - net_sched: fix a resource leak in tcindex_set_parms() - net/mlx5: IPsec, Fix esp modify function attribute - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx - [arm64] net: macb: Remove unnecessary alignment check for TSO - [arm64] net: macb: Limit maximum GEM TX length in TSO - [armhf] net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() - ext4: fix deadlock allocating crypto bounce page from mempool - btrfs: use bool argument in free_root_pointers() - btrfs: free block groups after free'ing fs trees - btrfs: flush write bio if we loop in extent_write_cache_pages - [x86] KVM: mmu: Apply max PA check for MMIO sptes to 32-bit KVM - [x86] KVM: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM - [x86] KVM: nVMX: vmread should not set rflags to specify success in case of #PF - KVM: Use vcpu-specific gva->hva translation when querying host page size - KVM: Play nice with read-only memslots when querying host page size - mm: zero remaining unavailable struct pages - mm: return zero_resv_unavail optimization - mm/page_alloc.c: fix uninitialized memmaps on a partially populated last section - cifs: fail i/o on soft mounts if sessionsetup errors out - [x86] apic/msi: Plug non-maskable MSI affinity race - clocksource: Prevent double add_timer_on() for watchdog_timer - perf/core: Fix mlock accounting in perf_mmap() - rxrpc: Fix service call disconnection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.104 - ASoC: pcm: update FE/BE trigger order based on the command - [x86] hv_sock: Remove the accept port restriction - IB/mlx4: Fix memory leak in add_gid error flow - RDMA/netlink: Do not always generate an ACK for some netlink operations - RDMA/core: Fix locking in ib_uverbs_event_read - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe - PCI: Don't disable bridge BARs when assigning bus resources - nfs: NFS_SWAP should depend on SWAP - NFS: Revalidate the file size on a fatal write error - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() - NFSv4: try lease recovery on NFS4ERR_EXPIRED - [arm64] serial: uartps: Add a timeout to the tx empty wait - [arm64] gpio: zynq: Report gpio direction at boot - spi: spi-mem: Add extra sanity checks on the op param - spi: spi-mem: Fix inverted logic in op sanity check - rtc: cmos: Stop using shared IRQ - [x86] platform/x86: intel_mid_powerbtn: Take a copy of ddata - [powerpc*] pseries/vio: Fix iommu_table use-after-free refcount warning - [powerpc*] pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW - [arm64] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA - [arm64,armhf] KVM: vgic-its: Fix restoration of unmapped collections - [armel,armhf] 8949/1: mm: mark free_memmap as __init - [arm64] cpufeature: Fix the type of no FP/SIMD capability - [arm64] ptrace: nofpsimd: Fail FP/SIMD regset operations - [arm64,armhf] KVM: Fix young bit from mmu notifier - [arm64,armhf] KVM: Fix DFSR setting for non-LPAE aarch32 guests - [arm64,armhf] KVM: Make inject_abt32() inject an external abort instead - [arm64] KVM: pmu: Don't increment SW_INCR if PMCR.E is unset - mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() - libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held - libertas: make lbs_ibss_join_existing() return error code on rates overflow - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state - [x86] stackframe: Move ENCODE_FRAME_POINTER to asm/frame.h - [x86] x86/stackframe, x86/ftrace: Add pt_regs frame annotations - [arm64] serial: uartps: Move the spinlock after the read of the tx empty - padata: fix null pointer deref of pd->pinst https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.105 - Input: synaptics - switch T470s to RMI4 by default - Input: synaptics - enable SMBus on ThinkPad L470 - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list - ALSA: usb-audio: Fix UAC2/3 effect unit parsing - ALSA: hda/realtek - Fix silent output on MSI-GL73 - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 - [arm64] cpufeature: Set the FP/SIMD compat HWCAP bits properly - [arm64] nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly - ALSA: usb-audio: sound: usb: usb true/false for bool return type - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 - ext4: don't assume that mmp_nodename/bdevname have NUL - ext4: fix support for inode sizes > 1024 bytes - ext4: fix checksum errors with indexed dirs - ext4: add cond_resched() to ext4_protect_reserved_inode (CVE-2020-8992) - ext4: improve explanation of a mount failure caused by a misconfigured kernel - Btrfs: fix race between using extent maps and merging them - btrfs: ref-verify: fix memory leaks - btrfs: print message when tree-log replay starts - btrfs: log message when rw remount is attempted with unclean tree-log - [arm64] ssbs: Fix context-switch when SSBS is present on all CPUs - [x86] perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info - [amd64] IB/hfi1: Acquire lock to release TID entries when user file is closed - [amd64] IB/hfi1: Close window for pq and request coliding - IB/rdmavt: Reset all QPs when the device is shut down - RDMA/core: Fix invalid memory access in spec_filter_size - [amd64] RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq - RDMA/core: Fix protection fault in get_pkey_idx_qp_list - [s390x] time: Fix clk type in get_tod_clock - [x86] perf/x86/intel: Fix inaccurate period in context switch for auto- reload - NFSv4.1 make cachethis=no for writes - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer - [x86] KVM: mmu: Fix struct guest_walker arrays for 5-level paging https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.106 - core: Don't skip generic XDP program execution for cloned SKBs - enic: prevent waking up stopped tx queues over watchdog reset - net/smc: fix leak of kernel memory to user space - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS - [x86] KVM: nVMX: Use correct root level for nested EPT shadow page tables - [x86] drm/gma500: Fixup fbdev stolen size usage evaluation - cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order - brcmfmac: Fix use after free in brcmf_sdio_readframes() - ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT - ALSA: ctl: allow TLV read operation for callback type of element in locked case - [powerpc*] powernv/iov: Ensure the pdn for VFs always contains a valid PE number - [amd64] iommu/vt-d: Fix off-by-one in PASID allocation - [x86] pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins - [x86] efi: Map the entire EFI vendor string before copying it - [mips64el,mipsel] Loongson: Fix potential NULL dereference in loongson3_platform_init() - [arm*] usb: dwc2: Fix IN FIFO allocation - [armel,armhf] clocksource/drivers/bcm2835_timer: Fix memory leak of timer - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal - [armhf] pwm: omap-dmtimer: Simplify error handling - [s390x] pci: Fix possible deadlock in recover_store() - [powerpc*] iov: Move VF pdev fixup into pcibios_fixup_iov() - tracing: Fix tracing_stat return values in error handling paths - tracing: Fix very unlikely race of registering two stat tracers - ext4, jbd2: ensure panic when aborting with zero errno - ath10k: Correct the DMA direction for management tx buffers - nbd: add a flush_workqueue in nbd_start_device - [s390x] KVM: ENOTSUPP -> EOPNOTSUPP fixups - [arm64] clk: qcom: rcg2: Don't crash if our parent can't be found; return an error - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table - [arm64,armhf] regulator: rk808: Lower log level on optional GPIOs being not available - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). - selinux: fall back to ref-walk if audit is required - selinux: ensure we cleanup the internal AVC counters on error in avc_insert() - media: cx23885: Add support for AVerMedia CE310B - PCI: Add generic quirk for increasing D3hot delay - PCI: Increase D3 delay for AMD Ryzen5/7 XHCI controllers - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling - fore200e: Fix incorrect checks of NULL pointer dereference - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status - orinoco: avoid assertion in case of NULL pointer - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 - scsi: ufs: Complete pending requests in host reset and restore path - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate - selinux: ensure we cleanup the internal AVC counters on error in avc_update() - dmaengine: Store module owner in dma_device struct - [arm64] clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock - tools lib api fs: Fix gcc9 stringop-truncation compilation error - [x86] ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch - mlx5: work around high stack usage with gcc - drm: remove the newline for CRC source name. - usbip: Fix unsafe unaligned pointer usage - udf: Fix free space reporting for metadata and virtual partitions - staging: rtl8188: avoid excessive stack usage - [amd64] IB/hfi1: Add software counter for ctxt0 seq drop - [armhf] soc/tegra: fuse: Correct straps' address for older Tegra124 device trees - [x86] efi: Don't panic or BUG() on non-critical error conditions - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls - [x86] nmi: Remove irq_work from the long duration NMI handler - driver core: platform: Prevent resouce overflow from causing infinite loops - driver core: Print device when resources present in really_probe() - bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler - drm/nouveau/fault/gv100-: fix memory leak on module unload - [x86] drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add - [armhf] usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue - [arm64] iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE - f2fs: set I_LINKABLE early to avoid wrong access by vfs - f2fs: free sysfs kobject - scsi: iscsi: Don't destroy session if there are outstanding connections - watchdog/softlockup: Enforce that timestamp is valid on boot - f2fs: fix memleak of kobject - [x86] mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd - [armhf] pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional - btrfs: fix possible NULL-pointer dereference in integrity checks - btrfs: safely advance counter when looking up bio csums - btrfs: device stats, log when stats are zeroed - module: avoid setting info->name early in case we can fall back to info->mod->name - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() - driver core: platform: fix u32 greater or equal to zero comparison - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s - drm/nouveau/mmu: fix comptag memory leak - [powerpc*] sriov: Remove VF eeh_dev state when disabling SR-IOV - bcache: cached_dev_free needs to put the sb page - [amd64] iommu/vt-d: Remove unnecessary WARN_ON_ONCE() - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop - cifs: fix NULL dereference in match_prepath - bpf: map_seq_next should always increase position index - ceph: check availability of mds cluster on mount after wait timeout - [arm64,armhf] irqchip/gic-v3: Only provision redistributors that are enabled in ACPI - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided - ftrace: fpid_next() should increase position index - trigger_next should increase position index - radeon: insert 10ms sleep in dce5_crtc_load_lut - ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() - bcache: explicity type cast in bset_bkey_last() - [arm64,armhf] irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL - iwlwifi: mvm: Fix thermal zone registration - brd: check and limit max_part par - NFS: Fix memory leaks - help_next should increase position index - cifs: log warning message (once) if out of disk space - virtio_balloon: prevent pfn array overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.107 - [arm64] iommu/qcom: Fix bogus detach logic - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs - [x86] ALSA: hda/realtek - Apply quirk for MSI GP63, too - [x86] ALSA: hda/realtek - Apply quirk for yet another MSI laptop - [armhf] ASoC: sun8i-codec: Fix setting DAI data format - ecryptfs: fix a memory leak bug in parse_tag_1_packet() - ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() - [x86] thunderbolt: Prevent crash if non-active NVMem file is read - USB: misc: iowarrior: add support for 2 OEMed devices - USB: misc: iowarrior: add support for the 28 and 28L devices - USB: misc: iowarrior: add support for the 100 device - floppy: check FDC index for errors before assigning it (CVE-2020-9383) - vt: fix scrollback flushing on background consoles - vt: selection, handle pending signals in paste_selection - vt: vt_ioctl: fix race in VT_RESIZEX - [arm*] staging: android: ashmem: Disallow ashmem memory from being remapped (CVE-2020-0009) - [x86] staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range. - xhci: fix runtime pm enabling for quirky Intel hosts - xhci: Fix memory leak when caching protocol extended capability PSI tables - take 2 - usb: host: xhci: update event ring dequeue pointer on purpose - USB: core: add endpoint-blacklist quirk - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 - usb: uas: fix a plug & unplug racing - USB: Fix novation SourceControl XL after suspend - USB: hub: Don't record a connect-change event during reset-resume - USB: hub: Fix the broken detection of USB3 device in SMSC hub - [arm*] usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows - [arm64,armhf] usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields - staging: rtl8188eu: Fix potential security hole - staging: rtl8188eu: Fix potential overuse of kernel memory - staging: rtl8723bs: Fix potential security hole - staging: rtl8723bs: Fix potential overuse of kernel memory - [powerpc*] tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery - jbd2: fix ocfs2 corrupt when clearing block group bits - [x86] mce/amd: Publish the bank pointer only after setup has succeeded - [x86] mce/amd: Fix kobject lifetime - [x86] cpu/amd: Enable the fixed Instructions Retired counter IRPERF - serial: 8250: Check UPF_IRQ_SHARED in advance - [armhf] tty: serial: imx: setup the correct sg entry for tx dma - serdev: ttyport: restore client ops on deregistration - Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() - nvme-multipath: Fix memory leak with ana_log_buf - genirq/irqdomain: Make sure all irq domain flags are distinct - mm/vmscan.c: don't round up scan size for online memory cgroup - drm/amdgpu/soc15: fix xclk for raven - [x86] xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms - [x86] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) - [x86] KVM: don't notify userspace IOAPIC on edge-triggered interrupt EOI - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets - ext4: fix a data race in EXT4_I(inode)->i_disksize - ext4: add cond_resched() to __ext4_find_entry() - ext4: fix potential race between online resizing and write operations - ext4: fix potential race between s_group_info online resizing and access - ext4: fix potential race between s_flex_groups online resizing and access - ext4: fix mount failure with quota configured as module - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL - [x86] KVM: nVMX: Refactor IO bitmap checks into helper function - [x86] KVM: nVMX: Check IO instruction VM-exit conditions - [x86] KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 - [x86] KVM: apic: avoid calculating pending eoi from an uninitialized val - btrfs: fix bytes_may_use underflow in prealloc error condtition - btrfs: reset fs_root to NULL on error in open_ctree - btrfs: do not check delayed items are empty for single transaction cleanup - Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" - usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus - [arm*] usb: dwc2: Fix in ISOC request length checking - staging: rtl8723bs: fix copy of overlapping memory - ecryptfs: replace BUG_ON with error handling code - genirq/proc: Reject invalid affinity masks (again) - bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill - ALSA: seq: Avoid concurrent access to queue flags - ALSA: seq: Fix concurrent access to queue current tick/time - netfilter: xt_hashlimit: limit the max size of hashtable - rxrpc: Fix call RCU cleanup using non-bh-safe locks - ata: ahci: Add shutdown to freeze hardware resources of ahci - xen: Enable interrupts when calling _cond_resched() - [s390x] mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.108 - [arm64,armhf] irqchip/gic-v3-its: Fix misuse of GENMASK macro - iwlwifi: pcie: fix rb_allocator workqueue allocation - ipmi:ssif: Handle a possible NULL pointer reference - [arm64] drm/msm: Set dma maximum segment size for mdss - dax: pass NOWAIT flag to iomap_apply - mac80211: consider more elements in parsing CRC - cfg80211: check wiphy driver existence for drvinfo report - [s390x] zcrypt: fix card and queue total counter wrap - qmi_wwan: re-add DW5821e pre-production variant - qmi_wwan: unconditionally reject 2 ep interfaces - [arm64] soc/tegra: fuse: Fix build with Tegra194 configuration - net: ena: fix potential crash when rxfh key is NULL - net: ena: fix uses of round_jiffies() - net: ena: add missing ethtool TX timestamping indication - net: ena: fix incorrect default RSS key - net: ena: rss: fix failure to get indirection table - net: ena: rss: store hash function as values and not bits - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table - net: ena: ethtool: use correct value for crc32 hash - net: ena: ena-com.c: prevent NULL pointer dereference - cifs: Fix mode output in debugging statements - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE - sysrq: Restore original console_loglevel when sysrq disabled - sysrq: Remove duplicated sysrq message - net: fib_rules: Correctly set table field when table number exceeds 8 bits - net: sched: correct flower port blocking - sctp: move the format error check out of __sctp_sf_do_9_1_abort - ipv6: Fix route replacement with dev-only route - ipv6: Fix nlmsg_flags when splitting a multipath route - qede: Fix race between rdma destroy workqueue and link change event - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() - audit: fix error handling in audit_data_to_entry() - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro - [arm64,x86] ACPI: watchdog: Fix gas->access_width usage - [x86] KVM: VMX: check descriptor table exits on instruction emulation - HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock - HID: core: fix off-by-one memset in hid_report_raw_event() - HID: core: increase HID report buffer size to 8KiB - tracing: Disable trace_printk() on post poned tests - Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" - amdgpu/gmc_v9: save/restore sdpif regs during S3 - vhost: Check docket sk_family instead of call getname (CVE-2020-10942) - HID: alps: Fix an error handling path in 'alps_input_configured()' - HID: hiddev: Fix race in in hiddev_disconnect() - [x86] hv_netvsc: Fix unwanted wakeup in netvsc_attach() - [s390x] qeth: vnicc Fix EOPNOTSUPP precedence - net: netlink: cap max groups which will be considered in netlink_bind() - [amd64] net: atlantic: fix use after free kasan warn - [amd64] net: atlantic: fix potential error handling - net/smc: no peer ID in CLC decline for SMCD - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE - namei: only return -ECHILD from follow_dotdot_rcu() - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() - [x86] KVM: SVM: Override default MMIO mask if memory encryption is enabled - KVM: Check for a bad hva before dropping into the ghc slow path - sched/fair: Optimize update_blocked_averages() - sched/fair: Fix O(nr_cgroups) in the load balancing path - perf stat: Use perf_evsel__is_clocki() for clock events - perf stat: Fix shadow stats for clock events - [arm64] drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' - kprobes: Set unoptimized flag after unoptimizing code - [armhf] pwm: omap-dmtimer: put_device() after of_find_device_by_node() - perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc - [x86] KVM: Remove spurious kvm_mmu_unload() from vcpu destruction path - [x86] KVM: Remove spurious clearing of async #PF MSR - netfilter: nft_tunnel: no need to call htons() when dumping ports - mm/huge_memory.c: use head to check huge zero page - mm, thp: fix defrag setting if newline is not used - audit: always check the netlink payload length in audit_receive_msg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.109 - [x86] EDAC/amd64: Set grain per DIMM - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 - [armhf] net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec - kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic - [x86] ALSA: hda: do not override bus codec_mask in link_get() - usb: gadget: composite: Support more than 500mA MaxPower - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags - usb: gadget: serial: fix Tx stall after buffer overflow - [arm64] drm/msm/mdp5: rate limit pp done timeout warnings - [arm64] drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI - scsi: megaraid_sas: silence a warning - [arm64] drm/msm/dsi: save pll state before dsi host is powered off - [arm64] drm/msm/dsi/pll: call vco set rate explicitly - [armhf] net: dsa: b53: Ensure the default VID is untagged - [s390x] cio: cio_ignore_proc_seq_next should increase position index - [s390x] qdio: fill SL with absolute addresses - ice: Don't tell the OS that link is going down - [arm64] net: thunderx: workaround BGX TX Underflow issue - ALSA: hda/realtek - Add Headset Mic supported - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master - cifs: don't leak -EAGAIN for stat() during reconnect - usb: storage: Add quirk for Samsung Fit flash - usb: quirks: add NO_LPM quirk for Logitech Screen Share - [arm64,armhf] usb: dwc3: gadget: Update chain bit correctly when using sg list - usb: core: hub: fix unhandled return by employing a void function - usb: core: hub: do error out if usb_autopm_get_interface() fails - usb: core: port: do error out if usb_autopm_get_interface() fails - vgacon: Fix a UAF in vgacon_invert_region (CVE-2020-8647, CVE-2020-8649) - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() - fat: fix uninit-memory access for partial initialized inode - [arm64] tty:serial:mvebu-uart:fix a wrong return - serial: 8250_exar: add support for ACCES cards - vt: selection, close sel_buffer race (CVE-2020-8648) - vt: selection, push console lock down - vt: selection, push sel_lock up - [arm64,armhf] media: v4l2-mem2mem.c: fix broken links - [x86] pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes - [arm64,armhf] dmaengine: tegra-apb: Fix use-after-free - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list - dm cache: fix a crash due to incorrect work item cancelling - dm: report suspended device during destroy - dm writecache: verify watermark during resume - [x86] ASoC: topology: Fix memleak in soc_tplg_link_elems_load() - [x86] ASoC: topology: Fix memleak in soc_tplg_manifest_load() - [x86] ASoC: intel: skl: Fix pin debug prints - [x86] ASoC: intel: skl: Fix possible buffer overflow in debug outputs - [armhf] dmaengine: imx-sdma: remove dma_slave_config direction usage and leave sdma_event_enable() - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output - ASoC: dapm: Correct DAPM handling of active widgets during shutdown - [armhf] drm/sun4i: Fix DE2 VI layer format support - [armhf] drm/sun4i: de2/de3: Remove unsupported VI layer formats - RDMA/iwcm: Fix iwcm work deallocation - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() - [amd64] IB/hfi1, qib: Ensure RCU is locked when accessing list - [armhf] ARM: imx: build v7_cpu_resume() unconditionally - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() - [powerpc*] fix hardware PMU exception bug on PowerVM compatibility mode systems - [amd64] efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper - [amd64] efi/x86: Handle by-ref arguments covering multiple pages in mixed mode - dm integrity: fix a deadlock due to offloading to an incorrect workqueue - scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.110 - [x86] KVM: SVM: fix up incorrect backport https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.111 - phy: Revert toggling reset changes. - net: phy: Avoid multiple suspends - cgroup, netclassid: periodically release file_lock on classid updating - gre: fix uninit-value in __iptunnel_pull_header - inet_diag: return classid for all socket types - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface - ipvlan: add cond_resched_rcu() while processing muticast backlog - ipvlan: do not add hardware address of master to its unicast filter list - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() - ipvlan: don't deref eth hdr before checking it's set - net/ipv6: use configured metric when add peer route - netlink: Use netlink header as base to calculate bad attribute offset - net: macsec: update SCI upon MAC address change. - net: nfc: fix bounds checking bugs on "pipe" - net/packet: tpacket_rcv: do not increment ring index on drop - [arm64,armhf] net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used - r8152: check disconnect status after long sleep - sfc: detach from cb_page in efx_copy_channel() - bnxt_en: reinitialize IRQs when MTU is modified - cgroup: memcg: net: do not associate sock with unrelated cgroup - net: memcg: late association of sock to memcg - net: memcg: fix lockdep splat in inet_csk_accept() - devlink: validate length of param values - nl802154: add missing attribute validation - nl802154: add missing attribute validation for dev_type - can: add missing attribute validation for termination - macsec: add missing attribute validation for port - net: fq: add missing attribute validation for orphan mask - team: add missing attribute validation for port ifindex - team: add missing attribute validation for array index - nfc: add missing attribute validation for SE API - nfc: add missing attribute validation for deactivate target - nfc: add missing attribute validation for vendor subcommand - net: phy: fix MDIO bus PM PHY resuming - net/ipv6: need update peer route when modify metric - net/ipv6: remove the old peer route if change it to a new one - tipc: add missing attribute validation for MTU property - devlink: validate length of region addr/len - bonding/alb: make sure arp header is pulled before accessing it - slip: make slhc_compress() more robust against malicious packets - [armhf] net: fec: validate the new settings in fec_enet_set_coalesce() - macvlan: add cond_resched() during multicast processing - cgroup: cgroup_procs_next should increase position index - cgroup: Iterate tasks that did not finish do_exit() - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices - virtio-blk: fix hw_queue stopped on arbitrary error - [amd64] iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint - netfilter: nf_conntrack: ct_cpu_seq_next should increase position index - netfilter: synproxy: synproxy_cpu_seq_next should increase position index - netfilter: xt_recent: recent_seq_next should increase position index - netfilter: x_tables: xt_mttg_seq_next should increase position index - workqueue: don't use wq_select_unbound_cpu() for bound works - drm/amd/display: remove duplicated assignment to grph_obj_type - cifs_atomic_open(): fix double-put on late allocation failure - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache - [x86] KVM: clear stale x86_emulate_ctxt->intercept value - efi: Fix a race and a buffer overflow while reading efivars via sysfs - efi: Make efi_rts_work accessible to efi page fault handler - mt76: fix array overflow on receiving too many fragments for a packet - [x86] mce: Fix logic and comments around MSR_PPIN_CTL - [arm64] iommu/dma: Fix MSI reservation allocation - [amd64] iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint - [amd64] iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page - batman-adv: Don't schedule OGM for disabled interface - [arm64] pinctrl: meson-gxl: fix GPIOX sdio pins - pinctrl: core: Remove extra kref_get which blocks hogs being freed - [arm64,armhf] i2c: gpio: suppress error on probe defer - nl80211: add missing attribute validation for critical protocol indication - nl80211: add missing attribute validation for beacon report scanning - nl80211: add missing attribute validation for channel switch - perf bench futex-wake: Restore thread count default to online CPU count - netfilter: cthelper: add missing attribute validation for cthelper - netfilter: nft_payload: add missing attribute validation for payload csum flags - netfilter: nft_tunnel: add missing attribute validation for tunnels - [amd64] iommu/vt-d: Fix the wrong printing in RHSA parsing - [amd64] iommu/vt-d: Ignore devices with out-of-spec domain number - [arm64,x86] i2c: acpi: put device when verifying client fails - ipv6: restrict IPV6_ADDRFORM operation - net/smc: check for valid ib_client_data - net/smc: cancel event worker during device removal - efi: Add a sanity check to efivar_store_raw() - batman-adv: Avoid free/alloc race when handling OGM2 buffer https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.112 - [x86] perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag - [armhf] mmc: sdhci-omap: Add platform specific reset callback - [armhf] mmc: sdhci-omap: Workaround errata regarding SDR104/HS200 tuning failures (i929) - ACPI: watchdog: Allow disabling WDAT at boot - HID: apple: Add support for recent firmware on Magic Keyboards - [x86] HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override - cfg80211: check reg_rule for NULL in handle_channel_custom() - scsi: libfc: free response frame from GPN_ID - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch - mac80211: rx: avoid RCU list traversal under mutex - signal: avoid double atomic counter increments for user accounting - slip: not call free_netdev before rtnl_unlock in slip_open - [x86,arm64] hinic: fix a irq affinity bug - [x86,arm64] hinic: fix a bug of setting hw_ioctxt - sfc: fix timestamp reconstruction at 16-bit rollover points - jbd2: fix data races at struct journal_head - [armhf] mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning - [armhf] mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C - driver core: Remove the link if there is no driver with AUTO flag - driver core: Fix adding device links to probing suppliers - driver core: Make driver core own stateful device links - driver core: Add device link flag DL_FLAG_AUTOPROBE_CONSUMER - driver core: Remove device link creation limitation - driver core: Fix creation of device links with PM-runtime flags - mm: slub: add missing TID bump in kmem_cache_alloc_bulk() - efi: Fix debugobjects warning on 'efi_rts_work' https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.113 - [arm64] spi: qup: call spi_qup_pm_resume_runtime before suspending - [amd64] spi: pxa2xx: Add CS control clock quirk - [armhf] drm/exynos: dsi: fix workaround for the legacy clock name - [arm64] drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer - dm bio record: save/restore bi_end_io and bi_integrity - dm integrity: use dm_bio_record and dm_bio_restore - xenbus: req->body should be updated before req->state - xenbus: req->err should be updated before req->state - block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() - USB: Disable LPM on WD19's Realtek Hub - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters - USB: serial: option: add ME910G1 ECM composition 0x110b - [arm64,armhf] usb: host: xhci-plat: add a shutdown - USB: serial: pl2303: add device-id for HP LD381 - [x86] usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c - ALSA: line6: Fix endless MIDI read loop - ALSA: seq: virmidi: Fix running status after receiving sysex - ALSA: seq: oss: Fix running status after receiving sysex - ALSA: pcm: oss: Avoid plugin buffer overflow - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks - [armhf] iio: st_sensors: remap SMO8840 to LIS2DH12 - mmc: rtsx_pci: Fix support for speed-modes that relies on tuning - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 - staging/speakup: fix get_word non-space look-ahead - [x86] intel_th: Fix user-visible error codes - [x86] intel_th: pci: Add Elkhart Lake CPU support - xhci: Do not open code __print_symbolic() in xhci trace events - btrfs: fix log context list corruption after rename whiteout error - drm/amd/amdgpu: Fix GPR read from debugfs (v2) - drm/lease: fix WARNING in idr_destroy - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event - mm: slub: be more careful about the double cmpxchg of freelist - mm, slub: prevent kmalloc_node crashes and memory leaks - page-flags: fix a crash at SetPageError(THP_SWAP) - [x86] mm: split vmalloc_sync_all() (Closes: #953017) - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL - USB: cdc-acm: fix rounding error in TIOCSSERIAL - futex: Fix inode life-time issue - futex: Unbreak futex hashing - Revert "vrf: mark skb for multicast or link-local as enslaved to VRF" - Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF" - ALSA: hda/realtek: Fix pop noise on ALC225 - [arm64] smp: fix smp_send_stop() behaviour - [arm64] smp: fix crash_smp_send_stop() behaviour - [arm64,armhf] drm/bridge: dw-hdmi: fix AVI frame colorimetry https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.114 - mmc: core: Allow host controllers to require R1B for CMD6 - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard - mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command - [armhf] mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY - [arm64,armhf] mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY - geneve: move debug check after netdev unregister - macsec: restrict to ethernet devices - net: cbs: Fix software cbs to consider packet sending time - [armhf] net: dsa: Fix duplicate frames flooded by learning - [arm64,armhf] net: mvneta: Fix the case where the last poll did not process all rx - net/packet: tpacket_rcv: avoid a producer race condition - net: qmi_wwan: add support for ASKEY WWHC050 - net_sched: cls_route: remove the right filter from hashtable - net_sched: keep alloc_hash updated after hash allocation - [arm64,armhf] net: stmmac: dwmac-rk: fix error path in rk_gmac_probe - slcan: not call free_netdev before rtnl_unlock in slcan_open - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() - bnxt_en: Reset rings if ring reservation fails during open() - net: ip_gre: Separate ERSPAN newlink / changelink callbacks - net: ip_gre: Accept IFLA_INFO_DATA-less configuration - r8169: re-enable MSI on RTL8168c - tcp: repair: fix TCP_QUEUE_SEQ implementation - vxlan: check return value of gro_cells_init() - cgroup-v1: cgroup_pidlist_next should update position index - nfs: add minor version to nfs_server_key for fscache - drivers/of/of_mdio.c:fix of_mdiobus_register() - cgroup1: don't call release_agent when it is "" - [s390x] qeth: handle error when backing RX buffer - scsi: ipr: Fix softlockup when rescanning devices in petitboot - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled - [x86] ftrace: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare() - [x86] Input: synaptics - enable RMI on HP Envy 13-ad105ng - Input: avoid BIT() macro usage in the serio.h UAPI header - ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL - perf probe: Do not depend on dwfl_module_addrsym() - scsi: sd: Fix optimal I/O size for devices that change reported values - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type - mac80211: mark station unauthorized before key removal - [x86] gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option - [x86] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model - genirq: Fix reference leaks on irq affinity notifiers - xfrm: handle NETDEV_UNREGISTER for xfrm device - vti[6]: fix packet tx through bpf_redirect() in XinY cases - RDMA/mlx5: Block delay drop to unprivileged users - xfrm: fix uctx len check in verify_sec_ctx_len - xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire - xfrm: policy: Fix doulbe free in xfrm_policy_timer - afs: Fix some tracing details - netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} - netfilter: nft_fwd_netdev: validate family and chain type - bpf/btf: Fix BTF verification of enum members in struct/union - vti6: Fix memory leak of skb if input policy check fails - mac80211: add option for setting control flags - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX - USB: serial: option: add support for ASKEY WWHC050 - USB: serial: option: add BroadMobi BM806U - USB: serial: option: add Wistron Neweb D19Q1 - USB: cdc-acm: restore capability check order - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback - [arm64,armhf] usb: musb: fix crash with highmen PIO and usbmon - media: flexcop-usb: fix endpoint sanity check - media: usbtv: fix control-message timeouts - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table - [x86] ahci: Add Intel Comet Lake H RAID PCI ID - libfs: fix infoleak in simple_attr_read() - media: ov519: add missing endpoint sanity checks (CVE-2020-11608) - media: dib0700: fix rc endpoint lookup - media: stv06xx: add missing descriptor sanity checks (CVE-2020-11609) - media: xirlink_cit: add missing descriptor sanity checks (CVE-2020-11668) - mac80211: Check port authorization in the ieee80211_tx_dequeue() case - mac80211: fix authentication with iwlwifi/mvm - vt: selection, introduce vc_is_sel - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines - vt: switch vt_dont_switch to bool - vt: vt_ioctl: remove unnecessary console allocation checks - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console - vt: vt_ioctl: fix use-after-free in vt_in_use() - [x86] platform: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table - bpf: Explicitly memset the bpf_attr structure - bpf: Explicitly memset some bpf info structures declared on the stack - [x86] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model - perf map: Fix off by one in strncpy() size argument - [armel] bcm2835-rpi-zero-w: Add missing pinctrl name - [armhf] dts: N900: fix onenand timings https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.115 - ipv4: fix a RCU-list lock in fib_triestat_seq_show - net, ip_tunnel: fix interface lookup with no key - sctp: fix refcount bug in sctp_wfree - sctp: fix possibly using a bad saddr with a given dst - nvme-rdma: Avoid double freeing of async event data - drm/bochs: downgrade pci_request_region failure from error to warning - drm/amdgpu: fix typo for vcn1 idle check - [x86] tools/power turbostat: Fix gcc build warnings - [x86] tools/power turbostat: Fix missing SYS_LPI counter on some Chromebooks - [armhf] drm/etnaviv: replace MMU flush marker with flush sequence - media: rc: IR signal for Panasonic air conditioner too long - misc: rtsx: set correct pcr_ops for rts522A - [x86] mei: me: add cedar fork device ids - ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard - rxrpc: Fix sendmsg(MSG_WAITALL) handling - net: Fix Tx hash bound checking - padata: always acquire cpu_hotplug_lock before pinst->lock - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) - ipv6: don't auto-add link-local address to lag ports - [armhf] net: dsa: bcm_sf2: Do not register slave MDIO bus with OF - [armhf] net: dsa: bcm_sf2: Ensure correct sub-node is parsed - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers - [arm64,armhf] net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting - slcan: Don't transmit uninitialized stack data in padding (CVE-2020-11494) - random: always use batched entropy for get_random_u{32,64} - [arm64,armhf] usb: dwc3: gadget: Wrap around when skip TRBs - [armhf] hwrng: imx-rngc - fix an error path - [amd64] IB/hfi1: Call kobject_put() when kobject_init_and_add() fails - [amd64] IB/hfi1: Fix memory leaks in sysfs registration and unregistration - ceph: remove the extra slashes in the server path - ceph: canonicalize server path in place - RDMA/ucma: Put a lock around every call to the rdma_cm layer - RDMA/cma: Teach lockdep about the order of rtnl and lock - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow - fbcon: fix null-ptr-deref in fbcon_switch - [arm64] clk: qcom: rcg: Return failure for RCG update - [arm64] drm/msm: stop abusing dma_map/unmap for cache - [arm64] Fix size of __early_cpu_boot_status - [arm64] rpmsg: glink: Remove chunk size word align warning - [arm64,armhf] usb: dwc3: don't set gadget->is_otg flag - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() - [arm64] drm/msm: Use the correct dma_sync calls in msm_gem https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.116 - [armhf] dts: sun8i-a83t-tbs-a711: HM5065 doesn't like such a high voltage - [arm64,armhf] bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads - [x86,arm64] hinic: fix a bug of waitting for IO stopped - [x86,arm64] hinic: fix wrong para of wait_for_completion_timeout - cxgb4/ptp: pass the sign of offset delta in FW CMD - qlcnic: Fix bad kzalloc null test - [armhf] cpufreq: imx6q: Fixes unwanted cpu overclocking on i.MX6ULL - [arm64] media: venus: hfi_parser: Ignore HEVC encoding for V1 - null_blk: Fix the null_add_dev() error path - null_blk: Handle null_add_dev() failures properly - null_blk: fix spurious IO errors after failed past-wp access - xhci: bail out early if driver can't accress host in resume - [x86] Don't let pgprot_modify() change the page encryption bit - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices - sched: Avoid scale real weight down to zero - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() - [amd64,x86] pstore/platform: fix potential mem leak if pstore_init_fs failed - gfs2: Don't demote a glock until its revokes are written - [i386] efi/x86: Ignore the memory attributes table on i386 - genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy() - block: Fix use-after-free issue accessing struct io_cq - [arm64,armhf] usb: dwc3: core: add support for disabling SS instances in park mode - [arm64,armhf] irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency - md: check arrays is suspended in mddev_detach before call quiesce operations - firmware: fix a double abort case with fw_load_sysfs_fallback - block, bfq: fix use-after-free in bfq_idle_slice_timer_body - btrfs: qgroup: ensure qgroup_rescan_running is only set when the worker is at least queued - btrfs: remove a BUG_ON() from merge_reloc_roots() - btrfs: track reloc roots based on their commit root bytenr - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads - uapi: rename ext2_swab() to swab() and share globally in swab.h - slub: improve bit diffusion for freelist ptr obfuscation - ASoC: fix regwmask - ASoC: dapm: connect virtual mux with default value - ASoC: dpcm: allow start or stop during pause for backend - [x86] ASoC: topology: use name_prefix for new kcontrol - usb: gadget: f_fs: Fix use after free issue as part of queue failure - usb: gadget: composite: Inform controller driver of self-powered - ALSA: hda: Add driver blacklist - ALSA: hda: Fix potential access overflow in beep helper - ALSA: ice1724: Fix invalid access for enumerated ctl items - ALSA: pcm: oss: Fix regression by buffer overflow fix - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 - [x86] ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups - [x86] ALSA: hda/realtek - Add quirk for MSI GL63 - [x86] acpi: ignore unspecified bit positions in the ACPI global lock field - nvme-fc: Revert "add module to ops template to allow module references" - nvme: Treat discovery subsystems as unique subsystems - PCI: pciehp: Fix indefinite wait on sysfs requests - PCI/ASPM: Clear the correct bits when enabling L1 substates - PCI: Add boot interrupt quirk mechanism for Xeon chipsets - tpm: Don't make log failures fatal - tpm: tpm1_bios_measurements_next should increase position index - tpm: tpm2_bios_measurements_next should increase position index - KEYS: reaching the keys quotas correctly - [amd64,x86] pstore: pstore_ftrace_seq_next should increase position index - [mips*el] tlbex: Fix LDDIR usage in setup_pw() for Loongson-3 - [mips*/octeon] irq: Fix potential NULL pointer dereference - ath9k: Handle txpower changes even when TPC is disabled - signal: Extend exec_id to 64bits - [i386] x86/entry/32: Add missing ASM_CLAC to general_protection entry - [x86] KVM: nVMX: Properly handle userspace interrupt window request - [s390x] KVM: vsie: Fix region 1 ASCE sanity shadow address checks - [s390x] KVM: vsie: Fix delivery of addressing exceptions - [x86] KVM: Allocate new rmap and large page tracking when moving memslot - [x86] KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support - [x86] KVM: Gracefully handle __vmalloc() failure during VM allocation - [x86] KVM: VMX: fix crash cleanup when KVM wasn't used - CIFS: Fix bug which the return value by asynchronous read is error - Btrfs: fix crash during unmount due to race with delayed inode workers - btrfs: set update the uuid generation as soon as possible - btrfs: drop block from cache on error in relocation - btrfs: fix missing file extent item for hole after ranged fsync - btrfs: fix missing semaphore unlock in btrfs_sync_file - [powerpc*] pseries: Drop pointless static qualifier in vpa_debugfs_init() - [x86] speculation: Remove redundant arch_smt_update() invocation - mm: Use fixed constant in page_frag_alloc instead of size + 1 - dm writecache: add cond_resched to avoid CPU hangs - [s390x] scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point - [arm64] armv8_deprecated: Fix undef_hook mask for thumb setend - [armhf] drm/etnaviv: rework perfmon query infrastructure - [powerpc*] pseries: Avoid NULL pointer dereference when drmem is unavailable - NFS: Fix a page leak in nfs_destroy_unlinked_subrequests() - ext4: fix a data race at inode->i_blocks - fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() - ocfs2: no need try to truncate file beyond i_size - [s390x] diag: fix display of diagnose call statistics - [x86] Input: i8042 - add Acer Aspire 5738z to nomux list - kmod: make request_module() return an error when autoloading is disabled - [powerpc*] cpufreq: powernv: Fix use-after-free - hfsplus: fix crash and filesystem corruption when deleting files - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set - ipmi: fix hung processes in __get_guid() - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() - [powerpc*] powernv/idle: Restore AMR/UAMOR/AMOR after idle (CVE-2020-11669) - [powerpc*] 64/tm: Don't let userspace set regs->trap via sigreturn - [powerpc*] hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries - [powerpc*] xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs - [powerpc*] kprobes: Ignore traps that happened in real mode - scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug - [powerpc*] Add attributes for setjmp/longjmp - [powerpc*] Make setjmp/longjmp signature standard - btrfs: use nofs allocations for running delayed items - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() - drm/dp_mst: Fix clearing payload state on topology disable - drm: Remove PageReserved manipulation from drm_pci_alloc - ftrace/kprobe: Show the maxactive number on kprobe_events - [armhf] etnaviv: perfmon: fix total and idle HI cyleces readout - [amd64] efi/x86: Fix the deletion of variables in mixed mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.117 - [amd64,arm64] amd-xgbe: Use __napi_schedule() in BH context - net: ipv6: do not consider routes via gateways for anycast address check - net: revert default NAPI poll timeout to 2 jiffies - [arm64,armhf] net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes - ovl: fix value of i_ino for lower hardlink corner case - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic - jbd2: improve comments about freeing data buffers whose page mapping is NULL - ext4: fix incorrect group count in ext4_fill_super error message - ext4: fix incorrect inodes per group in error message - [x86] ASoC: Intel: mrfld: fix incorrect check on p->sink - [x86] ASoC: Intel: mrfld: return error codes when an error occurs - ALSA: usb-audio: Filter error from connector kctl ops, too - ALSA: usb-audio: Don't override ignore_ctl_error value from the map - ALSA: usb-audio: Don't create jack controls for PCM terminals - ALSA: usb-audio: Check mapping at creating connector controls, too - keys: Fix proc_keys_next to increase position index - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation - btrfs: check commit root generation in should_ignore_root - mac80211_hwsim: Use kstrndup() in place of kasprintf() - [arm64,armhf] usb: dwc3: gadget: don't enable interrupt when disabling endpoint - [arm64,armhf] usb: dwc3: gadget: Don't clear flags before transfer ended - ext4: do not zeroout extents beyond i_disksize - [x86] kvm: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD - scsi: target: fix hang when multiple threads try to destroy the same iscsi session - [x86] microcode/AMD: Increase microcode PATCH_MAX_SIZE - wil6210: check rx_buff_mgmt before accessing it - wil6210: ignore HALP ICR if already handled - wil6210: add general initialization/size checks - wil6210: make sure Rx ring sizes are correlated - wil6210: remove reset file from debugfs - mm/vmalloc.c: move 'area->pages' after if statement https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.118 - [armel,armhf] bpf: Fix offset overflow for BPF_MEM BPF_DW - scsi: sg: add sg_remove_request in sg_common_write - ext4: use non-movable memory for superblock readahead - [arm64,armhf] watchdog: sp805: fix restart handler - [armel,armhf] arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0 - netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type - [arm64] irqchip/mbigen: Free msi_desc on device teardown - ALSA: hda: Don't release card at firmware loading error - of: overlay: kmemleak in dup_and_fixup_symbol_prop() - [x86] Hyper-V: Report crash register data or kmsg before running crash kernel - rbd: avoid a deadlock on header_rwsem when flushing notifies - rbd: call rbd_dev_unprobe() after unwatching and flushing notifies - xsk: Add missing check on user supplied headroom size - [x86] Hyper-V: Unload vmbus channel in hv panic callback - [x86] Hyper-V: Free hv_panic_page when fail to register kmsg dump - [x86] Hyper-V: Trigger crash enlightenment only once during system crash. - [x86] Hyper-V: Report crash register data when sysctl_record_panic_msg is not set - [x86] Hyper-V: Report crash data in die() when panic_on_oops is set - power: supply: bq27xxx_battery: Silence deferred-probe error - [arm64,armhf] clk: tegra: Fix Tegra PMC clock out parents - [armhf] soc: imx: gpc: fix power up sequencing - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails - [s390x] cpuinfo: fix wrong output when CPU0 is offline - [s390x] cpum_sf: Fix wrong page count in error message - ext4: do not commit super on read-only bdev - cifs: Allocate encryption header through kmalloc - include/linux/swapops.h: correct guards for non_swap_entry() - percpu_counter: fix a data race at vm_committed_as - [s390x] KVM: vsie: Fix possible race when shadowing region 3 tables - [x86] ACPI: fix CPU hotplug deadlock - [amd64] drm/amdkfd: kfree the wrong pointer - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() - f2fs: fix NULL pointer dereference in f2fs_write_begin() - [arm*] drm/vc4: Fix HDMI mode validation - [amd64] iommu/vt-d: Fix mm reference leak - power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks. - libnvdimm: Out of bounds read in __nd_ioctl() - f2fs: fix to wait all node page writeback - [armhf] net: dsa: bcm_sf2: Fix overflow checks - fbdev: potential information leak in do_fb_ioctl() - mtd: lpddr: Fix a double free in probe() - mtd: phram: fix a double free issue in error path - KEYS: Don't write out to userspace while holding key semaphore - bpf: fix buggy r0 retval refinement for tracing helpers [ Salvatore Bonaccorso ] * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" for context changes in 4.19.99 * Refresh "ARM: dts: bcm283x: Correct vchiq compatible string" for context changes in 4.19.99 * Drop "tools/lib/api/fs/fs.c: Fix misuse of strncpy()" * Refresh "net: ena: add MAX_QUEUES_EXT get feature admin command" for context changes in 4.19.108 * [rt] Update to 4.19.115-rt48: - Revert "genirq: Do not invoke the affinity callback via a workqueue on RT" * [rt] Refresh "pci/switchtec: Don't use completion's wait queue" for context changes in 4.19.116 * Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118 * f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067) * net: ipv6: add net argument to ip6_dst_lookup_flow * net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749) * blktrace: Protect q->blk_trace with RCU (CVE-2019-19768) * blktrace: fix dereference after null check [ Ben Hutchings ] * [x86] Drop "Add a SysRq option to lift kernel lockdown" (Closes: #947021) - This patch allowed remotely disabling lockdown using usbip - Lockdown can be disabled by running "mokutil --disable-validation", rebooting, and confirming the change when prompted * debian/README.source: Refer to upload checklist in kernel-team.git * Bump ABI to 9 [ YunQiang Su ] * [mips*] enable CONFIG_MIPS_O32_FP64_SUPPORT. * [mips*] enable CONFIG_CPU_HAS_MSA except octeon. [ Steve McIntyre ] * [arm64] Include the Hisilicon Hibmc drm driver in fb-modules (Closes: #951274) [ Noah Meyerhans ] * [cloud] Enable CONFIG_KSM (Closes: #955366) -- Ben Hutchings Sun, 26 Apr 2020 14:04:11 +0100 linux (4.19.98-1+deb10u1) buster-security; urgency=high * [x86] KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) * do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) * vfs: fix do_last() regression * vhost: Check docket sk_family instead of call getname (CVE-2020-10942) * mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) * [s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884) -- Salvatore Bonaccorso Mon, 27 Apr 2020 07:05:39 +0200 linux (4.19.98-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.88 - [arm64] clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate - ASoC: compress: fix unsigned integer overflow check - reset: Fix memory leak in reset_control_array_put() - [armhf] clk: samsung: exynos5433: Fix error paths - [armel/marvell,armhf] ASoC: kirkwood: fix external clock probe defer - [armel/marvell,armhf] ASoC: kirkwood: fix device remove ordering - [armhf] clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume - [x86] pinctrl: cherryview: Allocate IRQ chip dynamic - [armhf] dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts - reset: fix reset_control_ops kerneldoc comment - [armhf,arm64] clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup - [armhf] clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 - [armhf] dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend - [ppc64el] bpf: Fix tail call implementation - idr: Fix integer overflow in idr_for_each_entry - idr: Fix idr_alloc_u32 on 32-bit systems - [x86] resctrl: Prevent NULL pointer dereference when reading mondata - [armhf] clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call - [armhf] clk: ti: clkctrl: Fix failed to enable error with double udelay timeout - bridge: ebtables: don't crash when using dnat target in output chains - can: peak_usb: report bus recovery as well - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error - [armhf] can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails - [arm64] watchdog: meson: Fix the wrong value of left time - ceph: return -EINVAL if given fsc mount option on kernel w/o support - net/fq_impl: Switch to kvmalloc() for memory allocation - mac80211: fix station inactive_time shortly after boot - block: drbd: remove a stray unlock in __drbd_send_protocol() - scsi: target/tcmu: Fix queue_cmd_ring() declaration - scsi: lpfc: Fix kernel Oops due to null pring pointers - scsi: lpfc: Fix dif and first burst use in write commands - tracing: Lock event_mutex before synth_event_mutex - [armhf] dts: imx*: Fix memory node duplication - [armhf] dts: Fix hsi gdd range for omap4 - [arm64] mm: Prevent mismatched 52-bit VA support - [arm64] smp: Handle errors reported by the firmware - [armhf] bus: ti-sysc: Check for no-reset and no-idle flags at the child level - [arm64] RDMA/hns: Fix the bug while use multi-hop of pbl - [x86] RDMA/vmw_pvrdma: Use atomic memory allocation in create AH - [armhf] PM / AVS: SmartReflex: NULL check before some freeing functions is not needed - xfs: zero length symlinks are not valid - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value - scsi: lpfc: Enable Management features for IF_TYPE=6 - scsi: qla2xxx: Fix NPIV handling for FC-NVMe - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port - nvme: provide fallback for discard alloc failure - [s390x] zcrypt: make sysfs reset attribute trigger queue reset - crypto: user - support incremental algorithm dumps - mwifiex: fix potential NULL dereference and use after free - mwifiex: debugfs: correct histogram spacing, formatting - brcmfmac: set F2 watermark to 256 for 4373 - brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 - rtl818x: fix potential use after free - bcache: do not check if debug dentry is ERR or NULL explicitly on remove - bcache: do not mark writeback_running too early - xfs: require both realtime inodes to mount - nvme: fix kernel paging oops - ubifs: Fix default compression selection in ubifs - ubi: Put MTD device after it is not used - ubi: Do not drop UBI device reference before using - iwlwifi: move iwl_nvm_check_version() into dvm - iwlwifi: mvm: force TCM re-evaluation on TCM resume - iwlwifi: pcie: fix erroneous print - iwlwifi: pcie: set cmd_len in the correct place - [armhf,arm64] gpio: pca953x: Fix AI overflow on PCAL6524 - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB - [x86] kvm: vmx: Set IA32_TSC_AUX for legacy mode guests - [x86] Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" - [x86] Revert "KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode()" - VSOCK: bind to random port for VMADDR_PORT_ANY - [amd64] mmc: meson-gx: make sure the descriptor is stopped on errors - [armhf] mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET - [armhf] usb: ehci-omap: Fix deferred probe for phy handling - btrfs: Check for missing device before bio submission in btrfs_map_bio - btrfs: fix ncopies raid_attr for RAID56 - btrfs: dev-replace: set result code of cancel by status of scrub - Btrfs: allow clear_extent_dirty() to receive a cached extent state record - btrfs: only track ref_heads in delayed_ref_updates - [x86] HID: intel-ish-hid: fixes incorrect error handling - serial: 8250: Rate limit serial port rx interrupts during input overruns - [x86] kprobes/xen: blacklist non-attachable xen interrupt functions - xen/pciback: Check dev_data before using it - kprobes: Blacklist symbols in arch-defined prohibited area - [amd64] kprobes: Show x86-64 specific blacklisted symbols correctly - [armhf] memory: omap-gpmc: Get the header of the enum - net/mlx5: Continue driver initialization despite debugfs failure - netfilter: nf_nat_sip: fix RTP/RTCP source port translations - exofs_mount(): fix leaks on failure exits - bnxt_en: Return linux standard errors in bnxt_ethtool.c - bnxt_en: Save ring statistics before reset. - bnxt_en: query force speeds before disabling autoneg mode. - [s390x] KVM: unregister debug feature on failing arch init - dm flakey: Properly corrupt multi-page bios. - gfs2: take jdata unstuff into account in do_grow - dm raid: fix false -EBUSY when handling check/repair message - xfs: Align compat attrlist_by_handle with native implementation. - xfs: Fix bulkstat compat ioctls on x32 userspace. - IB/qib: Fix an error code in qib_sdma_verbs_send() - vxlan: Fix error path in __vxlan_dev_create() - [ppc64el] xmon: fix dump_segments() - drivers/regulator: fix a missing check of return value - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading - RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer - scsi: qla2xxx: deadlock by configfs_depend_item - scsi: csiostor: fix incorrect dma device in case of vport - brcmfmac: Fix access point mode - ath6kl: Only use match sets when firmware supports it - ath6kl: Fix off by one error in scan completion - [ppc64el] perf: Fix unit_sel/cache_sel checks - [ppc64el] prom: fix early DEBUG messages - [ppc64el] mm: Make NULL pointer deferences explicit on bad page faults. - [ppc64el] vfio/spapr_tce: Get rid of possible infinite loop - [ppc64el] powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status - drbd: ignore "all zero" peer volume sizes in handshake - drbd: reject attach of unsuitable uuids even if connected - drbd: do not block when adjusting "disk-options" while IO is frozen - drbd: fix print_st_err()'s prototype to match the definition - IB/rxe: Make counters thread safe - bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't - [armhf] regulator: tps65910: fix a missing check of return value - [ppc64el] powerpc/pseries: Fix node leak in update_lmb_associativity_index() - net/netlink_compat: Fix a missing check of nla_parse_nested - net/net_namespace: Check the return value of register_pernet_subsys() - f2fs: fix block address for __check_sit_bitmap - f2fs: fix to dirty inode synchronously - [armhf] net: dsa: bcm_sf2: Propagate error value from mdio_write - atl1e: checking the status of atl1e_write_phy_reg - tipc: fix a missing check of genlmsg_put - net: marvell: fix a missing check of acpi_match_device - ocfs2: clear journal dirty flag after shutdown journal - vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n - mm/page_alloc.c: free order-0 pages through PCP in page_frag_free() - mm/page_alloc.c: use a single function to free page - mm/page_alloc.c: deduplicate __memblock_free_early() and memblock_free() - netfilter: nf_tables: fix a missing check of nla_put_failure - xprtrdma: Prevent leak of rpcrdma_rep objects - infiniband/qedr: Potential null ptr dereference of qp - lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk - lib/genalloc.c: use vzalloc_node() to allocate the bitmap - drivers/base/platform.c: kmemleak ignore a known leak - lib/genalloc.c: include vmalloc.h - mtd: Check add_mtd_device() ret code - tipc: fix memory leak in tipc_nl_compat_publ_dump - net/core/neighbour: tell kmemleak about hash tables - [armhf,arm64] ata: ahci: mvebu: do Armada 38x configuration only on relevant SoCs - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() - net/core/neighbour: fix kmemleak minimal reference count for hash tables - serial: 8250: Fix serial8250 initialization crash - [armhf] gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change - sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe - ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel - decnet: fix DN_IFREQ_SIZE - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() - net/smc: don't wait for send buffer space when data was already sent - mm/hotplug: invalid PFNs from pfn_to_online_page() - xfs: end sync buffer I/O properly on shutdown error - net/smc: fix sender_free computation - blktrace: Show requests without sector - net/smc: fix byte_order for rx_curs_confirmed - tipc: fix skb may be leaky in tipc_link_input - sfc: initialise found bitmap in efx_ef10_mtd_probe - geneve: change NET_UDP_TUNNEL dependency to select - net: fix possible overflow in __sk_mem_raise_allocated() - net: ip_gre: do not report erspan_ver for gre or gretap - net: ip6_gre: do not report erspan_ver for ip6gre or ip6gretap - sctp: don't compare hb_timer expire date before starting it - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() - mmc: core: align max segment size with logical block size - net: dev: Use unsigned integer as an argument to left-shift - kvm: properly check debugfs dentry before using it - bpf: drop refcount if bpf_map_new_fd() fails in map_create() - [arm64] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED - [arm64] net: hns3: fix PFC not setting problem for DCB module - [arm64] net: hns3: fix an issue for hclgevf_ae_get_hdev - [arm64] net: hns3: fix an issue for hns3_update_new_int_gl - [x86] iommu/amd: Fix NULL dereference bug in match_hid_uid - apparmor: delete the dentry in aafs_remove() to avoid a leak - scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery - ACPI / APEI: Don't wait to serialise with oops messages when panic()ing - ACPI / APEI: Switch estatus pool to use vmalloc memory - [arm64] scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned - scsi: libsas: Check SMP PHY control function result - [arm64] RDMA/hns: Fix the bug with updating rq head pointer when flush cqe - [arm64] RDMA/hns: Bugfix for the scene without receiver queue - [arm64] RDMA/hns: Fix the state of rereg mr - [arm64] RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp - ASoC: rt5645: Headphone Jack sense inverts on the LattePanda board - [ppc64el] pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (CVE-2019-12614) - xdp: fix cpumap redirect SKB creation bug - mtd: Remove a debug trace in mtdpart.c - [s390x] mm, gup: add missing refcount overflow checks on s390 - [armhf,arm64] usb: dwc2: use a longer core rest timeout in dwc2_core_reset() - staging: rtl8192e: fix potential use after free - staging: rtl8723bs: Drop ACPI device ids - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P - [x86] mei: bus: prefix device names on bus with the bus name - [x86] mei: me: add comet point V device id - thunderbolt: Power cycle the router if NVM authentication fails - xfrm: Fix memleak on xfrm state destroy - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE - [arm64] net: macb: fix error format in dev_err() - pwm: Clear chip_data in pwm_put() - macvlan: schedule bc_work even if error - net: psample: fix skb_over_panic - openvswitch: fix flow command message size - sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook - slip: Fix use-after-free Read in slip_open - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() - openvswitch: remove another BUG_ON() - tipc: fix link name length check - sctp: cache netns in sctp_ep_common - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues - [arm64] net: macb: add missed tasklet_kill - ext4: add more paranoia checking in ext4_expand_extra_isize handling (CVE-2019-19767) - [arm64] net: macb: Fix SUBNS increment and increase resolution - [arm64] net: macb driver, check for SKBTX_HW_TSTAMP - mtd: spi-nor: cast to u64 to avoid uint overflows - tcp: exit if nothing to retransmit on RTO timeout - HID: core: check whether Usage Page item is after Usage ID items - [x86] platform: hp-wmi: Fix ACPI errors caused by too small buffer - [x86] platform: hp-wmi: Fix ACPI errors caused by passing 0 as input size https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.89 - rsi: release skb if rsi_prepare_beacon fails (CVE-2019-19071) - [arm64] tegra: Fix 'active-low' warning for Jetson TX1 regulator - usb: gadget: u_serial: add missing port entry locking - [arm64] tty: serial: msm_serial: Fix flow control - [armhf,arm64] serial: pl011: Fix DMA ->flush_buffer() - serial: serial_core: Perform NULL checks for break_ctl ops - autofs: fix a leak in autofs_expire_indirect() - [arm64] RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN - iwlwifi: pcie: don't consider IV len in A-MSDU - exportfs_decode_fh(): negative pinned may become positive without the parent locked - audit_get_nd(): don't unlock parent too early - xfrm: release device reference for invalid state - sched/core: Avoid spurious lock dependencies - perf/core: Consistently fail fork on allocation failures - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() - [armhf,arm64] drm/sun4i: tcon: Set min division of TCON0_DCLK to 1. - rsxx: add missed destroy_workqueue calls in remove - i2c: core: fix use after free in of_i2c_notify - serial: core: Allow processing sysrq at port unlock time - cxgb4vf: fix memleak in mac_hlist initialization - iwlwifi: mvm: synchronize TID queue removal - iwlwifi: trans: Clear persistence bit when starting the FW - iwlwifi: mvm: Send non offchannel traffic via AP sta - [armhf] 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ - audit: Embed key into chunk - netfilter: nf_tables: don't use position attribute on rule replacement - net/mlx5: Release resource on error flow - [arm64] clk: sunxi-ng: a64: Fix gate bit of DSI DPHY - ice: Fix NVM mask defines - dlm: fix possible call to kfree() for non-initialized pointer - [armhf] dts: exynos: Fix LDO13 min values on Odroid XU3/XU4/HC1 - [armhf,arm64] rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()' - i40e: don't restart nway if autoneg not supported - virtchnl: Fix off by one error - [armhf] clk: rockchip: fix rk3188 sclk_smc gate data - [armhf] clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering - [armhf] dts: rockchip: Fix rk3288-rock2 vcc_flash name - dlm: fix missing idr_destroy for recover_idr - [armhf,arm64] net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 - [s390x] scsi: zfcp: update kernel message for invalid FCP_CMND length, it's not the CDB - [s390x] scsi: zfcp: drop default switch case which might paper over missing case - [armhf] bus: ti-sysc: Fix getting optional clocks in clock_roles - [armhf] dts: imx6: RDU2: fix eGalax touchscreen node - crypto: ecc - check for invalid values in the key verification test - crypto: bcm - fix normal/non key hash algorithm failure - [arm64] dts: zynqmp: Fix node names which contain "_" - [arm64] pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues - [arm*] firmware: raspberrypi: Fix firmware calls with large buffers - mm/vmstat.c: fix NUMA statistics updates - [arm64] clk: rockchip: fix I2S1 clock gate register for rk3328 - [arm64] clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 - sctp: count sk_wmem_alloc by skb truesize in sctp_packet_transmit - regulator: Fix return value of _set_load() stub - USB: serial: f81534: fix reading old/new IC config - xfs: extent shifting doesn't fully invalidate page cache - net-next/hinic:fix a bug in set mac address - net-next/hinic: fix a bug in rx data flow - ice: Fix return value from NAPI poll - ice: Fix possible NULL pointer de-reference - iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents - iomap: sub-block dio needs to zeroout beyond EOF - iomap: dio data corruption and spurious errors when pipes fill - iomap: readpages doesn't zero page tail beyond EOF - iw_cxgb4: only reconnect with MPAv1 if the peer aborts - [mips*/octeon] octeon-platform: fix typing - net/smc: use after free fix in smc_wr_tx_put_slot() - [armhf] dts: exynos: Use Samsung SoC specific compatible for DWC2 module - media: pulse8-cec: return 0 when invalidating the logical address - media: cec: report Vendor ID after initialization - iwlwifi: fix cfg structs for 22000 with different RF modules - net/ipv6: re-do dad when interface has IFF_NOARP flag change - [x86] dmaengine: dw-dmac: implement dma protection control setting - [armhf,arm64] usb: dwc3: debugfs: Properly print/set link state for HS - [armhf,arm64] usb: dwc3: don't log probe deferrals; but do log other error codes - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() - f2fs: fix to account preflush command for noflush_merge mode - f2fs: fix count of seg_freed to make sec_freed correct - f2fs: change segment to section in f2fs_ioc_gc_range - [armhf] dts: rockchip: Fix the PMU interrupt number for rv1108 - [armhf] dts: rockchip: Assign the proper GPIO clocks for rv1108 - f2fs: fix to allow node segment for GC by ioctl path - nvme: Free ctrl device name on init failure - dma-mapping: fix return type of dma_set_max_seg_size() - [armhf] serial: imx: fix error handling in console_setup - [armhf] i2c: imx: don't print error message on probe defer - [arm64] clk: meson: Fix GXL HDMI PLL fractional bits width - [armhf,arm64] gpu: host1x: Fix syncpoint ID field size on Tegra186 - lockd: fix decoding of TEST results - sctp: increase sk_wmem_alloc when head->truesize is increased - [x86] iommu/amd: Fix line-break in error log reporting - [armhf] dts: sun8i: a23/a33: Fix OPP DTC warnings - [armhf] dts: sun8i: v3s: Change pinctrl nodes to avoid warning - nfsd: fix a warning in __cld_pipe_upcall() - bpf: btf: implement btf_name_valid_identifier() - bpf: btf: check name validity for various types - [armhf] OMAP1/2: fix SoC name printing - [arm64] dts: meson-gxl-libretech-cc: fix GPIO lines names - [arm64] dts: meson-gxbb-nanopi-k2: fix GPIO lines names - [arm64] dts: meson-gxbb-odroidc2: fix GPIO lines names - [arm64] dts: meson-gxl-khadas-vim: fix GPIO lines names - net/x25: fix called/calling length calculation in x25_parse_address_block - net/x25: fix null_x25_address handling - tcp: make tcp_space() aware of socket backlog - tcp: fix off-by-one bug on aborting window-probing socket - tcp: fix SNMP under-estimation on failed retransmission - tcp: fix SNMP TCP timeout under-estimation - kbuild: fix single target build for external module - mtd: fix mtd_oobavail() incoherent returned value - [arm64] clk: meson: meson8b: fix the offset of vid_pll_dco's N value - [armhf,arm64] clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent - [arm64] clk: qcom: Fix MSM8998 resets - dlm: fix invalid cluster name warning - net/mlx4_core: Fix return codes of unsupported operations - pstore/ram: Avoid NULL deref in ftrace merging failure path - [mips*/octeon] cvmx_pko_mem_debug8: use oldest forward compatible definition - nfsd: Return EPERM, not EACCES, in some SETATTR cases - media: uvcvideo: Abstract streaming object lifetime - [armhf] dts: sun8i: h3: Fix the system-control register range - tty: Don't block on IO when ldisc change is pending - media: stkwebcam: Bugfix for wrong return values - sctp: frag_point sanity check - IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state - IB/hfi1: Close VNIC sdma_progress sleep window - mlx4: Use snprintf instead of complicated strcpy - [armhf] dts: sunxi: Fix PMU compatible strings - [armhf] dts: am335x-pdu001: Fix polarity of card detection input - net: aquantia: fix RSS table and key sizes - sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision - fuse: verify nlink - fuse: verify attributes - [x86] ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC - [x86] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop - [x86] ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 - ALSA: pcm: oss: Avoid potential buffer overflows - [x86] ALSA: hda - Add mute led support for HP ProBook 645 G4 - [x86] Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus - [x86] Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash - [x86] Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers - [x86] Input: goodix - add upside-down quirk for Teclast X89 tablet - Input: Fix memory leak in psxpad_spi_probe - [i386] mm: Sync only to VMALLOC_END in vmalloc_sync_all() - [x86] PCI: Avoid AMD FCH XHCI USB PME# from D0 defect - xfrm interface: fix memory leak on creation - xfrm interface: avoid corruption on changelink - xfrm interface: fix list corruption for x-netns - xfrm interface: fix management of phydev - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks - CIFS: Fix SMB2 oplock break processing - tty: vt: keyboard: reject invalid keycodes - can: slcan: Fix use-after-free Read in slcan_open - kernfs: fix ino wrap-around detection - jbd2: Fix possible overflow in jbd2_log_space_left() - [arm64] drm/msm: fix memleak on release - [i386] drm/i810: Prevent underflow in ioctl - [armhf,arm64] KVM: vgic: Don't rely on the wrong pending table - [x86] KVM: do not modify masked bits of shared MSRs - [x86] KVM: fix presentation of TSX feature in ARCH_CAPABILITIES - [x86] KVM: Grab KVM's srcu lock when setting nested state - crypto: af_alg - cast ki_complete ternary op to int - [x86] crypto: ccp - fix uninitialized list head - crypto: ecdh - fix big endian bug in ECC library - crypto: user - fix memory leak in crypto_report (CVE-2019-19062) - mwifiex: update set_mac_address logic - can: ucan: fix non-atomic allocation in completion handler - RDMA/qib: Validate ->show()/store() callbacks before calling them - iomap: Fix pipe page leakage during splicing - thermal: Fix deadlock in thermal thermal_zone_device_check - vcs: prevent write access to vcsu devices (CVE-2019-19252) - binder: Fix race between mmap() and binder_alloc_print_pages() - binder: Handle start==NULL in binder_update_page_range() - ALSA: hda - Fix pending unsol events at shutdown - perf script: Fix invalid LBR/binary mismatch error - splice: don't read more than available pipe space - iomap: partially revert 4721a601099 (simulated directio short read on EFAULT) - xfs: add missing error check in xfs_prepare_shift() - ASoC: rsnd: fixup MIX kctrl registration - [x86] KVM: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) - net: qrtr: fix memort leak in qrtr_tun_write_iter (CVE-2019-19079) - appletalk: Fix potential NULL pointer dereference in unregister_snap_client (CVE-2019-19227) - appletalk: Set error code if register_snap_client failed https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.90 - usb: gadget: configfs: Fix missing spin_lock_init() - [x86] usb: gadget: pch_udc: fix use after free - scsi: qla2xxx: Fix driver unload hang - [arm64] media: venus: remove invalid compat_ioctl32 handler - USB: uas: honor flag to avoid CAPACITY16 - USB: uas: heed CAPACITY_HEURISTICS - usb: Allow USB device to be warm reset in suspended state - staging: rtl8188eu: fix interface sanity check - staging: rtl8712: fix interface sanity check - staging: gigaset: fix general protection fault on probe - staging: gigaset: fix illegal free on probe errors - staging: gigaset: add endpoint-type sanity check - usb: xhci: only set D3hot for pci device - xhci: Fix memory leak in xhci_add_in_port() - xhci: Increase STS_HALT timeout in xhci_suspend() - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. - [armhf] dts: pandora-common: define wl1251 as child node of mmc3 - [x86] iio: imu: inv_mpu6050: fix temperature reporting using bad unit - USB: atm: ueagle-atm: add missing endpoint check - USB: idmouse: fix interface sanity checks - USB: serial: io_edgeport: fix epic endpoint lookup - usb: roles: fix a potential use after free - USB: adutux: fix interface sanity check - usb: core: urb: fix URB structure initialization function - usb: mon: Fix a deadlock in usbmon between mmap and read - tpm: add check after commands attribs tab allocation - virtio-balloon: fix managed page counts when migrating pages between zones - [armhf,arm64] usb: dwc3: gadget: Fix logical condition - [armhf,arm64] usb: dwc3: ep0: Clear started flag on completion - btrfs: check page->mapping when loading free space cache - btrfs: use refcount_inc_not_zero in kill_all_nodes - Btrfs: fix metadata space leak on fixup worker failure to set range as delalloc - Btrfs: fix negative subv_writers counter and data space leak after buffered write - btrfs: Avoid getting stuck during cyclic writebacks - btrfs: Remove btrfs_bio::flags member - Btrfs: send, skip backreference walking for extents with many references - btrfs: record all roots for rename exchange on a subvol - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer - rtlwifi: rtl8192de: Fix missing enable interrupt flag - ovl: fix corner case of non-unique st_dev;st_ino - ovl: relax WARN_ON() on rename to self - [armhf] hwrng: omap - Fix RNG wait loop timeout - dm writecache: handle REQ_FUA - dm zoned: reduce overhead of backing device checks - workqueue: Fix spurious sanity check failures in destroy_workqueue() - workqueue: Fix pwq ref leak in rescuer_thread() - ASoC: rt5645: Fixed buddy jack support. - ASoC: rt5645: Fixed typo for buddy jack support. - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() - blk-mq: avoid sysfs buffer overflow with too many CPU cores - cgroup: pids: use atomic64_t for pids->limit - ar5523: check NULL before memcpy() in ar5523_cmd() - [s390x] mm: properly clear _PAGE_NOEXEC bit when it is not supported - media: cec.h: CEC_OP_REC_FLAG_ values were swapped - cpuidle: Do not unset the driver if it is there already - erofs: zero out when listxattr is called with no xattr - [x86] intel_th: Fix a double put_device() in error path - [x86] intel_th: pci: Add Ice Lake CPU support - [x86] intel_th: pci: Add Tiger Lake CPU support - PM / devfreq: Lock devfreq in trans_stat_show - [ppc64el] cpufreq: powernv: fix stack bloat and hard limit on number of CPUs - ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge - ACPI: OSL: only free map once in osl.c - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() - ACPI: PM: Avoid attaching ACPI PM domain to certain devices - [arm64] pinctrl: armada-37xx: Fix irq mask access in armada_37xx_irq_set_type() - [armhf] pinctrl: samsung: Add of_node_put() before return in error path - [armhf] pinctrl: samsung: Fix device node refcount leaks in Exynos wakeup controller init - [armhf] pinctrl: samsung: Fix device node refcount leaks in init code - [armhf] mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card - [armhf] dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity - ppdev: fix PPGETTIME/PPSETTIME ioctls - [ppc64el] Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB - [ppc64el] xive: Prevent page fault issues in the machine crash handler - [ppc64el] Allow flush_icache_range to work across ranges >4GB - [ppc64el] xive: Skip ioremap() of ESB pages for LSI interrupts - video/hdmi: Fix AVI bar unpack - quota: Check that quota is not dirty before release - ext2: check err when partial != NULL - quota: fix livelock in dquot_writeback_dquots - ext4: Fix credit estimate for final inode freeing - reiserfs: fix extended attributes on the root directory - block: fix single range discard merge - [s390x] scsi: zfcp: trace channel log even for FCP command responses - scsi: qla2xxx: Fix DMA unmap leak - scsi: qla2xxx: Fix hang in fcport delete path - scsi: qla2xxx: Fix session lookup in qlt_abort_work() - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value - scsi: qla2xxx: Fix message indicating vectors used by driver - scsi: qla2xxx: Fix SRB leak on switch command timeout - xhci: make sure interrupts are restored to correct state - usb: typec: fix use after free in typec_register_port() - [armhf] omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 - scsi: lpfc: Cap NPIV vports to 256 - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE - scsi: lpfc: Correct topology type reporting on G7 adapters - sch_cake: Correctly update parent qlen when splitting GSO packets - net/smc: do not wait under send_lock - [arm64] net: hns3: clear pci private data when unload hns3 driver - [arm64] net: hns3: change hnae3_register_ae_dev() to int - [arm64] net: hns3: Check variable is valid before assigning it to another - [arm64] scsi: hisi_sas: send primitive NOTIFY to SSP situation only - [arm64] scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G - [x86] MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models - [x86] MCE/AMD: Carve out the MC4_MISC thresholding quirk - ath10k: fix fw crash by moving chip reset after napi disabled - [ppc64el] Fix vDSO clock_getres() - ext4: work around deleting a file with i_nlink == 0 safely (CVE-2019-19447) - mm/shmem.c: cast the type of unmap_start to u64 - rtc: disable uie before setting time and enable after - splice: only read in as much information as there is pipe buffer space - ext4: fix a bug in ext4_wait_for_tail_page_commit - [armhf,arm64] mfd: rk808: Fix RK818 ID template - mm, thp, proc: report THP eligibility for each vma - [s390x] smp,vdso: fix ASCE handling - blk-mq: make sure that line break can be printed - workqueue: Fix missing kfree(rescuer) in destroy_workqueue() - perf callchain: Fix segfault in thread__resolve_callchain_sample() - gre: refetch erspan header from skb->data after pskb_may_pull() - sunrpc: fix crash when cache_head become valid before update - net/mlx5e: Fix SFF 8472 eeprom length - leds: trigger: netdev: fix handling on interface rename - gfs2: fix glock reference problem in gfs2_trans_remove_revoke - of: overlay: add_changeset_property() memory leak - kernel/module.c: wakeup processes in module_wq on module unload - cifs: Fix potential softlockups while refreshing DFS cache - [x86] gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist - raid5: need to set STRIPE_HANDLE for batch head - scsi: qla2xxx: Change discovery state before PLOGI - [x86] iio: imu: mpu6050: add missing available scan masks - idr: Fix idr_get_next_ul race with idr_remove - of: unittest: fix memory leak in attach_node_and_children https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.91 - inet: protect against too small mtu values. - mqprio: Fix out-of-bounds access in mqprio_dump - net: bridge: deny dev_set_mac_address() when unregistering - net: dsa: fix flow dissection on Tx path - net: ethernet: ti: cpsw: fix extra rx interrupt - net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues - [arm64] net: thunderx: start phy before starting autonegotiation - openvswitch: support asymmetric conntrack - tcp: md5: fix potential overestimation of TCP option space - tipc: fix ordering of tipc module init and exit routine - net/mlx5e: Query global pause state before setting prio2buffer - tcp: fix rejected syncookies due to stale timestamps - tcp: tighten acceptance of ACKs not matching a child socket - tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE() - [arm64] Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly" - mmc: block: Make card_busy_detect() a bit more generic - mmc: block: Add CMD13 polling for MMC IOCTLS with R1B response - PCI/PM: Always return devices to D0 when thawing - PCI: pciehp: Avoid returning prematurely from sysfs requests - [x86] PCI: Fix Intel ACS quirk UPDCR register address - PCI/MSI: Fix incorrect MSI-X masking on resume - [arm64] PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 - [arm64] rpmsg: glink: Set tail pointer to 0 at end of FIFO - [arm64] rpmsg: glink: Fix reuse intents memory leak issue - [arm64] rpmsg: glink: Fix use after free in open_ack TIMEOUT case - [arm64] rpmsg: glink: Put an extra reference during cleanup - [arm64] rpmsg: glink: Fix rpmsg_register_device err handling - [arm64] rpmsg: glink: Don't send pending rx_done during remove - [arm64] rpmsg: glink: Free pending deferred work on remove - cifs: smbd: Return -EAGAIN when transport is reconnecting - cifs: smbd: Add messages on RDMA session destroy and reconnection - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE - cifs: Don't display RDMA transport on reconnect - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect - CIFS: Close open handle after interrupted close - [armhf] tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume() - vfio/pci: call irq_bypass_unregister_producer() before freeing irq - dma-buf: Fix memory leak in sync_file_merge() - [arm64] drm: meson: venc: cvbs: fix CVBS mode matching - dm mpath: remove harmful bio-based optimization - dm btree: increase rebalance threshold in __rebalance2() - scsi: iscsi: Fix a potential deadlock in the timeout handler - scsi: qla2xxx: Change discovery state before PLOGI - drm/radeon: fix r1xx/r2xx register checker for POT textures - xhci: fix USB3 device initiated resume race with roothub autosuspend https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.92 - af_packet: set defaule value for tmo - [amd64] fjes: fix missed check in fjes_acpi_add - [arm64] net: hisilicon: Fix a BUG trigered by wrong bytes_compl - net: qlogic: Fix error paths in ql_alloc_large_buffers() - net: usb: lan78xx: Fix suspend/resume PHY register access error - qede: Disable hardware gro when xdp prog is installed - qede: Fix multicast mac configuration - sctp: fully initialize v4 addr in some functions - btrfs: don't double lock the subvol_sem for rename exchange - btrfs: do not call synchronize_srcu() in inode_tree_del - Btrfs: fix missing data checksums after replaying a log tree - btrfs: send: remove WARN_ON for readonly mount - btrfs: abort transaction after failed inode updates in create_subvol - btrfs: skip log replay on orphaned roots - btrfs: do not leak reloc root if we fail to read the fs root - btrfs: handle ENOENT in btrfs_uuid_tree_iterate - Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues - ALSA: pcm: Avoid possible info leaks from PCM stream buffers - ALSA: hda/ca0132 - Keep power on during processing DSP response - ALSA: hda/ca0132 - Avoid endless loop - ALSA: hda/ca0132 - Fix work handling in delayed HP detection - [arm64,armhf] drm/panel: Add missing drm_panel_init() in panel drivers - drm/amdgpu: grab the id mgr lock while accessing passid_mapping - spi: Add call to spi_slave_abort() function when spidev driver is released - [x86] staging: rtl8192u: fix multiple memory leaks on error path - staging: rtl8188eu: fix possible null dereference - rtlwifi: prevent memory leak in rtl_usb_probe (CVE-2019-19063) - libertas: fix a potential NULL pointer dereference - ath10k: fix backtrace on coredump - IB/iser: bound protection_sg size by data_sg size - [arm64] media: venus: core: Fix msm8996 frequency table - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq - pinctrl: devicetree: Avoid taking direct reference to device name string - [amd64] drm/amdkfd: fix a potential NULL pointer dereference - [arm64] media: venus: Fix occasionally failures to suspend - [armhf] hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() - [arm64,armhf] drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the internal I2C controller - block: Fix writeback throttling W=1 compiler warnings - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (CVE-2019-19057) - drm/drm_vblank: Change EINVAL by the correct errno - media: cx88: Fix some error handling path in 'cx8800_initdev()' - [armhf] media: ti-vpe: vpe: Fix Motion Vector vpdma stride - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number - [armhf] media: ti-vpe: vpe: Make sure YUYV is set as default format - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic - [armhf] media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage - [x86] syscalls/x86: Use the correct function type in SYSCALL_DEFINE0 - [x86] mm: Use the correct function type for native_set_fixmap() - ath10k: Correct error handling of dma_map_single() - [arm64,armhf] drm/bridge: dw-hdmi: Restore audio when setting a mode - perf report: Add warning when libunwind not compiled in - usb: usbfs: Suppress problematic bind and unbind uevents. - Bluetooth: missed cpu_to_le16 conversion in hci_init4_req - Bluetooth: Workaround directed advertising bug in Broadcom controllers - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL - [x86] mce: Lower throttling MCE messages' priority to warning - [x86] drm/gma500: fix memory disclosures due to uninitialized bytes - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot - ipmi: Don't allow device module unload when in use - [x86] ioapic: Prevent inconsistent state when moving an interrupt - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit - [arm64] psci: Reduce the waiting time for cpu_psci_cpu_kill() - i40e: initialize ITRN registers with correct values - net: phy: dp83867: enable robust auto-mdix - [arm64,armhf] drm/tegra: sor: Use correct SOR index on Tegra210 - ACPI: button: Add DMI quirk for Medion Akoya E2215T - RDMA/qedr: Fix memory leak in user qp and mr - [arm64,armhf] gpu: host1x: Allocate gather copy for host1x - [arm64,armhf] net: dsa: LAN9303: select REGMAP when LAN9303 enable - [arm64] phy: qcom-usb-hs: Fix extcon double register after power cycle - [s390x] time: ensure get_clock_monotonic() returns monotonic values - [s390x] mm: add mm_pxd_folded() checks to pxd_free() - [arm64] net: hns3: add struct netdev_queue debug info for TX timeout - libata: Ensure ata_port probe has completed before detach - loop: fix no-unmap write-zeroes request behavior - Bluetooth: Fix advertising duplicated flags - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() - ixgbe: protect TX timestamping from API misuse - media: rcar_drif: fix a memory disclosure (CVE-2019-18786) - media: v4l2-core: fix touch support in v4l_g_fmt - rfkill: allocate static minor - bnx2x: Fix PF-VF communication over multi-cos queues. - ALSA: timer: Limit max amount of slave instances - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() - perf probe: Fix to find range-only function instance - perf probe: Fix to list probe event with correct line number - perf jevents: Fix resource leak in process_mapfile() and main() - perf probe: Walk function lines in lexical blocks - perf probe: Fix to probe an inline function which has no entry pc - perf probe: Fix to show ranges of variables in functions without entry_pc - perf probe: Fix to show inlined function callsite without entry_pc - perf probe: Fix to probe a function which has no entry pc - perf tools: Splice events onto evlist even on error - perf parse: If pmu configuration fails free terms - perf probe: Skip overlapped location on searching variables - perf probe: Return a better scope DIE if there is no best scope - perf probe: Fix to show calling lines of inlined functions - perf probe: Skip end-of-sequence and non statement lines - perf probe: Filter out instances except for inlined subroutine and subprogram - ath10k: fix get invalid tx rate for Mesh metric - media: pvrusb2: Fix oops on tear-down when radio support is not present - ice: delay less - [amd64] spi: pxa2xx: Add missed security checks - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile - iio: dac: ad5446: Add support for new AD5600 DAC - [x86] ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format constraint - [s390x] disassembler: don't hide instruction addresses - nvme: Discard workaround for non-conformant devices - parport: load lowlevel driver if ports not found - bcache: fix static checker warning in bcache_device_free() - cpufreq: Register drivers only after CPU devices have been registered - tracing: use kvcalloc for tgid_map array allocation - tracing/kprobe: Check whether the non-suffixed symbol is notrace - bcache: fix deadlock in bcache_allocator - iwlwifi: mvm: fix unaligned read of rx_pkt_status - [arm64] spi: tegra20-slink: add missed clk_unprepare - tun: fix data-race in gro_normal_list() - crypto: virtio - deal with unsupported input sizes - btrfs: don't prematurely free work in end_workqueue_fn() - btrfs: don't prematurely free work in run_ordered_work() - [x86] ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012 2-in-1 - [x86] insn: Add some Intel instructions to the opcode map - brcmfmac: remove monitor interface when detaching - iwlwifi: check kasprintf() return value - [armhf] net: ethernet: ti: ale: clean ale tbl on init and intf restart - [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings - [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED - net: phy: initialise phydev speed and duplex sanely - btrfs: don't prematurely free work in reada_start_machine_worker() - btrfs: don't prematurely free work in scrub_missing_raid56_worker() - Revert "mmc: sdhci: Fix incorrect switch to HS mode" - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices (CVE-2019-19947) - usb: xhci: Fix build warning seen with CONFIG_PM=n - [s390x] ftrace: fix endless recursion in function_graph tracer - btrfs: return error pointer from alloc_test_extent_buffer - usbip: Fix receive error in vhci-hcd when using scatter-gather - usbip: Fix error path of vhci_recv_ret_submit() - cpufreq: Avoid leaving stale IRQ work items during CPU offline - [x86] intel_th: pci: Add Comet Lake PCH-V support - [x86] intel_th: pci: Add Elkhart Lake SOC support - [x86] platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes - [x86] staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value - ext4: fix ext4_empty_dir() for directories with holes (CVE-2019-19037) - ext4: check for directory entries too close to block end - ext4: unlock on error in ext4_expand_extra_isize() - [arm64] KVM: Ensure 'params' is initialised when looking up sys register - [x86] MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() - [x86] MCE/AMD: Allow Reserved types to be overwritten in smca_banks[] - [powerpc*] irq: fix stack overflow verification - [arm64] mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register - mmc: sdhci: Update the tuning failed messages to pr_debug level - mmc: sdhci: Workaround broken command queuing on Intel GLK - mmc: sdhci: Add a quirk for broken command queuing - nbd: fix shutdown and recv work deadlock - perf probe: Fix to show function entry line as probe-able https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.93 - scsi: lpfc: Fix discovery failures when target device connectivity bounces - scsi: mpt3sas: Fix clear pending bit in ioctl status - scsi: lpfc: Fix locking on mailbox command completion - Input: atmel_mxt_ts - disable IRQ across suspend - f2fs: fix to update time in lazytime mode - [arm64,armhf] iommu: rockchip: Free domain on .domain_free - [arm64,armhf] iommu/tegra-smmu: Fix page tables in > 4 GiB memory - scsi: target: compare full CHAP_A Algorithm strings - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices - scsi: csiostor: Don't enable IRQs too early - [arm64] scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() - [ppc64el] pseries: Mark accumulate_stolen_time() as notrace - [ppc64el] pseries: Don't fail hash page table insert for bolted mapping - clocksource/drivers/timer-of: Use unique device name instead of timer - [ppc64el] security/book3s64: Report L1TF status in sysfs - [ppc64el] book3s64/hash: Add cond_resched to avoid soft lockup warning - ext4: update direct I/O read lock pattern for IOCB_NOWAIT - ext4: iomap that extends beyond EOF should be marked dirty - jbd2: Fix statistics for the number of logged blocks - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow - f2fs: fix to update dir's i_pino during cross_rename - [arm64] clk: qcom: Allow constant ratio freq tables for rcg - clk: clk-gpio: propagate rate change to parent - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences - [ppc64el] PCI: rpaphp: Fix up pointer to first drc-info entry - scsi: ufs: fix potential bug which ends in system hang - [ppc64el] PCI: rpaphp: Don't rely on firmware feature to imply drc-info support - [ppc64el] PCI: rpaphp: Annotate and correctly byte swap DRC properties - [ppc64el] PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info - [ppc64el] powerpc/security: Fix wrong message when RFI Flush is disable - bcache: at least try to shrink 1 node in bch_mca_scan() - HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors - [armhf] 8937/1: spectre-v2: remove Brahma-B53 from hardening - libnvdimm/btt: fix variable 'rc' set but not used - HID: Improve Windows Precision Touchpad detection. - HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device - watchdog: Fix the race between the release of watchdog_core_data and cdev - scsi: pm80xx: Fix for SATA device discovery - scsi: ufs: Fix error handing during hibern8 enter - scsi: scsi_debug: num_tgts must be >= 0 - scsi: iscsi: Don't send data to unbound connection - scsi: target: iscsi: Wait for all commands to finish before freeing a session - apparmor: fix unsigned len comparison with less than zero - scripts/kallsyms: fix definitely-lost memory leak - cdrom: respect device capabilities during opening action - perf script: Fix brstackinsn for AUXTRACE - perf regs: Make perf_reg_name() return "unknown" instead of NULL - [s390x] zcrypt: handle new reply code FILTERED_BY_HYPERVISOR - [s390x] cpum_sf: Check for SDBT and SDB consistency - ocfs2: fix passing zero to 'PTR_ERR' warning - kernel: sysctl: make drop_caches write-only - userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK - [x86] mce: Fix possibly incorrect severity calculation on AMD - net, sysctl: Fix compiler warning when only cBPF is present - netfilter: nf_queue: enqueue skbs with NULL dst - ALSA: hda - Downgrade error message for single-cmd fallback - bonding: fix active-backup transition after link failure - perf strbuf: Remove redundant va_end() in strbuf_addv() - Make filldir[64]() verify the directory entry filename is valid (CVE-2019-10220) - filldir[64]: remove WARN_ON_ONCE() for bad directory entries (CVE-2019-10220) - netfilter: ebtables: compat: reject all padding in matches/watchers - 6pack,mkiss: fix possible deadlock - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() - inetpeer: fix data-race in inet_putpeer / inet_putpeer - net: add a READ_ONCE() in skb_peek_tail() - net: icmp: fix data-race in cmp_global_allow() - hrtimer: Annotate lockless access to timer->state - net: ena: fix napi handler misbehavior when the napi budget is zero - net/mlxfw: Fix out-of-memory error in mfa2 flash burning - [arm64,armhf] net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs - ptp: fix the race between the release of ptp_clock and cdev - tcp: Fix highest_sack and highest_sack_seq - udp: fix integer overflow while computing available space in sk_rcvbuf - vhost/vsock: accept only packets with the right dst_cid - net: add bool confirm_neigh parameter for dst_ops.update_pmtu - ip6_gre: do not confirm neighbor when do pmtu update - gtp: do not confirm neighbor when do pmtu update - net/dst: add new function skb_dst_update_pmtu_no_confirm - tunnel: do not confirm neighbor when do pmtu update - vti: do not confirm neighbor when do pmtu update - sit: do not confirm neighbor when do pmtu update - net/dst: do not confirm neighbor for vxlan and geneve pmtu update - gtp: do not allow adding duplicate tid and ms_addr pdp context - [arm64,armhf] net: marvell: mvpp2: phylink requires the link interrupt - tcp/dccp: fix possible race __inet_lookup_established() - tcp: do not send empty skb from tcp_write_xmit() - gtp: fix wrong condition in gtp_genl_dump_pdp() - gtp: fix an use-after-free in ipv4_pdp_find() - gtp: avoid zero size hashtable - [arm64,armhf] pinctrl: baytrail: Really serialize all register accesses https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.94 - nvme_fc: add module to ops template to allow module references - nvme-fc: fix double-free scenarios on hw queues - drm/amdgpu: add check before enabling/disabling broadcast mode - drm/amdgpu: add cache flush workaround to gfx8 emit_fence - PM / devfreq: Fix devfreq_notifier_call returning errno - PM / devfreq: Set scaling_max_freq to max on OPP notifier error - PM / devfreq: Don't fail devfreq_dev_release if not in list - afs: Fix afs_find_server lookups for ipv4 peers - afs: Fix SELinux setting security label on /afs - RDMA/cma: add missed unregister_pernet_subsys in init failure - rxe: correctly calculate iCRC for unaligned payloads - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work - scsi: qla2xxx: Don't call qlt_async_event twice - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length - scsi: qla2xxx: Configure local loop for N2N target - scsi: qla2xxx: Send Notify ACK after N2N PLOGI - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI - scsi: iscsi: qla4xxx: fix double free in probe - scsi: libsas: stop discovering if oob mode is disconnected (CVE-2019-19965) - drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit - usb: gadget: fix wrong endpoint desc - net: make socket read/write_iter() honor IOCB_NOWAIT - afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP - md: raid1: check rdev before reference in raid1_sync_request func - [s390x] cpum_sf: Adjust sampling interval to avoid hitting sample limits - [s390x] cpum_sf: Avoid SBD overflow condition in irq handler - IB/mlx4: Follow mirror sequence of device add during device removal - IB/mlx5: Fix steering rule of drop and count - xen-blkback: prevent premature module unload - xen/balloon: fix ballooned page accounting without hotplug enabled - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen - xfs: fix mount failure crash on invalid iclog memory access - taskstats: fix data-race - drm: limit to INT_MAX in create_blob ioctl - netfilter: nft_tproxy: Fix port selector on Big Endian - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code - ALSA: usb-audio: fix set_format altsetting sanity check - ALSA: usb-audio: set the interface format after resume on Dell WD19 - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 - [arm64,armhf] drm/sun4i: hdmi: Remove duplicate cleanup calls - [mips*] Avoid VDSO ABI breakage due to global register variable - media: pulse8-cec: fix lost cec_transmit_attempt_done() call - media: cec: CEC 2.0-only bcast messages were ignored - media: cec: avoid decrementing transmit_queue_sz if it is 0 - media: cec: check 'transmit_in_progress', not 'transmitting' - mm/zsmalloc.c: fix the migrated zspage statistics. - memcg: account security cred as well to kmemcg - mm: move_pages: return valid node id in status if the page is already on the target node - [x86,arm64] pstore/ram: Write new dumps to start of recycled zones - locks: print unsigned ino in /proc/locks - compat_ioctl: block: handle Persistent Reservations - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE - ata: libahci_platform: Export again ahci_platform_able_phys() - libata: Fix retrieving of active qcs - gpiolib: fix up emulated open drain outputs - tracing: Fix lock inversion in trace_event_enable_tgid_record() - tracing: Avoid memory leak in process_system_preds() - tracing: Have the histogram compare functions convert to u64 first - tracing: Fix endianness bug in histogram trigger - apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock - [i386] ALSA: cs4236: fix error return comparison of an unsigned integer - ALSA: firewire-motu: Correct a typo in the clock proc string - exit: panic before exit_mm() on global init exit - [arm64] Revert support for execute-only user mappings - ftrace: Avoid potential division by zero in function profiler - [arm64] drm/msm: include linux/sched/task.h - PM / devfreq: Check NULL governor in available_governors_show - nfsd4: fix up replay_matches_cache() - [x86,arm64] HID: i2c-hid: Reset ALPS touchpads on resume - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 - xfs: don't check for AG deadlock for realtime files in bunmapi - [x86] platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table - Bluetooth: btusb: fix PM leak in error case of setup - Bluetooth: delete a stray unlock - Bluetooth: Fix memory leak in hci_connect_le_scan - media: flexcop-usb: ensure -EIO is returned on error condition - media: usb: fix memory leak in af9005_identify_state (CVE-2019-18809) - [arm64] dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning - [arm64] tty: serial: msm_serial: Fix lockup for sysrq and oops - fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP - bdev: Factor out bdev revalidation into a common helper - bdev: Refresh bdev size for disks without partitioning - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails - drm/mst: Fix MST sideband up-reply failure handling - [ppc64el] pseries/hvconsole: Fix stack overread via udbg - [ppc64el] KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag - rxrpc: Fix possible NULL pointer access in ICMP handling - tcp: annotate tp->rcv_nxt lockless reads - net: core: limit nested device depth - ath9k_htc: Modify byte order for an error message - ath9k_htc: Discard undersized packets - xfs: periodically yield scrub threads to the scheduler - net: add annotations on hh->hh_len lockless accesses - ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps - [s390x] smp: fix physical to logical CPU map for SMT - xen/blkback: Avoid unmapping unmapped grant pages - [x86] perf/x86/intel/bts: Fix the use of page_private() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.95 - bpf: Fix passing modified ctx to ld/abs/ind instruction - regulator: fix use after free issue - ASoC: max98090: fix possible race conditions - netfilter: ctnetlink: netns exit must wait for callbacks - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (CVE-2019-14901) - [x86] efi: Update e820 with reserved EFI boot services data to fix kexec breakage - [x86] ASoC: Intel: bytcr_rt5640: Update quirk for Teclast X89 - efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs - efi/gop: Return EFI_SUCCESS if a usable GOP was found - efi/gop: Fix memory leak in __gop_query32/64() - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets - netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END - netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() - [arm64] spi: spi-cavium-thunderx: Add missing pci_release_regions() - ASoC: topology: Check return value for soc_tplg_pcm_create() - bnxt_en: Return error if FW returns more data than dump length - [mips*] bpf, mips: Limit to 33 tail calls - [armhf] spi: spi-ti-qspi: Fix a bug when accessing non default CS - [powerpc*] Ensure that swiotlb buffer is allocated from low memory - btrfs: Fix error messages in qgroup_rescan_init - bpf: Clear skb->tstamp in bpf_redirect when necessary - bnx2x: Do not handle requests from VFs after parity - bnx2x: Fix logic to get total no. of PFs per engine - cxgb4: Fix kernel panic while accessing sge_info - net: usb: lan78xx: Fix error message format specifier - rfkill: Fix incorrect check to avoid NULL pointer dereference - iommu/iova: Init the struct iova to fix the possible memleak - [x86] perf/x86/intel: Fix PT PMI handling - fs: avoid softlockups in s_inodes iterators - [arm64,armhf] net: stmmac: Do not accept invalid MTU values - [arm64,armhf] net: stmmac: xgmac: Clear previous RX buffer size - [arm64,armhf] net: stmmac: RX buffer size must be 16 byte aligned - [arm64,armhf] net: stmmac: Always arm TX Timer at end of transmission start - [s390x] dasd/cio: Interpret ccw_device_get_mdc return value correctly - [s390x] dasd: fix memleak in path handling error case - block: fix memleak when __blk_rq_map_user_iov() is failed - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) - [x86] hv_netvsc: Fix unwanted rx_table reset - [powerpc*] vcpu: Assume dedicated processors as non-preempt - [powerpc*] spinlocks: Include correct header for static key - [armhf] cpufreq: imx6q: read OCOTP through nvmem for imx6ul/imx6ull - gtp: fix bad unlock balance in gtp_encap_enable_socket - macvlan: do not assume mac_header is set in macvlan_broadcast() - [arm64,armhf] net: dsa: mv88e6xxx: Preserve priority when setting CPU port. - [arm64,armhf] net: stmmac: dwmac-sun8i: Allow all RGMII modes - [arm64,armhf] net: stmmac: dwmac-sunxi: Allow all RGMII modes - net: usb: lan78xx: fix possible skb leak - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM - sch_cake: avoid possible divide by zero in cake_enqueue() - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK - vxlan: fix tos value before xmit - vlan: fix memory leak in vlan_dev_set_egress_priority - vlan: vlan_changelink() should propagate errors - net: sch_prio: When ungrafting, replace with FIFO - [arm64,armhf] usb: dwc3: gadget: Fix request complete check - USB: core: fix check for duplicate endpoints - USB: serial: option: add Telit ME910G1 0x110a composition - usb: missing parentheses in USE_NEW_SCHEME https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.96 - chardev: Avoid potential use-after-free in 'chrdev_open()' - i2c: fix bus recovery stop mode timing - [arm64,armhf] usb: chipidea: host: Disable port power only if previously enabled - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 - ALSA: hda/realtek - Add new codec supported for ALCS1200A - ALSA: hda/realtek - Set EAPD control to default for ALC222 - [x86] ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined - tracing: Change offset type to s32 in preempt/irq tracepoints - HID: Fix slab-out-of-bounds read in hid_field_extract - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll - HID: hid-input: clear unmapped usages - Input: add safety guards to input_set_keycode() - [arm64,armhf] drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model - drm/fb-helper: Round up bits_per_pixel if possible - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ - can: kvaser_usb: fix interface sanity check - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism - [x86] staging: vt6656: set usb_set_intfdata on driver fail. - USB: serial: option: add ZLP support for 0x1bc7/0x9010 - [arm64,armhf] usb: musb: fix idling for suspend after disconnect interrupt - [arm64,armhf] usb: musb: Disable pullup at init - [arm64,armhf] usb: musb: dma: Correct parameter passed to IRQ handler - [x86] staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 - serdev: Don't claim unsupported ACPI serial devices - tty: link tty and port before configuring it as console - tty: always relink the port - mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (CVE-2019-14895) - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (CVE-2019-19056) - scsi: bfa: release allocated memory in case of error (CVE-2019-19066) - rtl8xxxu: prevent leaking urb (CVE-2019-19068) - ath10k: fix memory leak (CVE-2019-19078) - HID: hiddev: fix mess in hiddev_open() - USB: Fix: Don't skip endpoint descriptors with maxpacket=0 - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct - netfilter: conntrack: dccp, sctp: handle null timeout argument - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present - [x86] drm/i915/gen9: Clear residual context state on context switch (CVE-2019-14615) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.97 - hidraw: Return EPOLLOUT from hidraw_poll - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll - HID: hidraw, uhid: Always report EPOLLOUT - cfg80211/mac80211: make ieee80211_send_layer2_update a public function - mac80211: Do not send Layer 2 Update frame before authorization (CVE-2019-5108) - f2fs: Move err variable to function scope in f2fs_fill_dentries() - f2fs: check memory boundary by insane namelen - f2fs: check if file namelen exceeds max value (CVE-2019-9445) - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (CVE-2019-15217) - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (CVE-2019-19058) - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (CVE-2019-19059) - RDMA: Fix goto target to release the allocated memory (CVE-2019-19077) - dccp: Fix memleak in __feat_register_sp (CVE-2019-20096) - [x86] drm/i915: Fix use-after-free when destroying GEM context - ASoC: soc-core: Set dpcm_playback / dpcm_capture - [armhf] mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy - [arm64] gpio: zynq: Fix for bug in zynq_gpio_restore_context API - iommu: Remove device link to group on failure - gpio: Fix error message on out-of-range GPIO in lookup table - [s390x] qeth: fix false reporting of VNIC CHAR config failure - [s390x] qeth: Fix vnicc_is_in_use if rx_bcast not set - cifs: Adjust indentation in smb2_open_file - afs: Fix missing cell comparison in afs_test_super() - drm/ttm: fix start page for huge page check in ttm_put_pages() (CVE-2019-19927) - drm/ttm: fix incrementing the page pointer for huge pages (CVE-2019-19927) - btrfs: simplify inode locking for RWF_NOWAIT - RDMA/mlx5: Return proper error value - RDMA/srpt: Report the SCSI residual to the initiator - scsi: enclosure: Fix stale device oops with hot replug - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI - [x86] platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 - [x86] platform/x86: GPD pocket fan: Use default values when wrong modparams are given - xprtrdma: Fix completion wait during device removal - crypto: virtio - implement missing support for output IVs - NFSv2: Fix a typo in encode_sattr() - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn - mei: fix modalias documentation - [armhf] clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume - [armhf] pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call - [x86] pinctrl: lewisburg: Update pin list according to v1.1v6 - scsi: sd: enable compat ioctls for sed-opal - af_unix: add compat_ioctl support - compat_ioctl: handle SIOCOUTQNSD - [arm64,armhf] PCI: dwc: Fix find_next_bit() usage - PCI/PTM: Remove spurious "d" from granularity message - [powerpc*] powernv: Disable native PCIe port management - [armhf] tty: serial: imx: use the sg count from dma_map_sg - [i386] tty: serial: pch_uart: correct usage of dma_unmap_sg - mtd: spi-nor: fix silent truncation in spi_nor_read() - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() - rtlwifi: Remove unnecessary NULL check in rtl_regd_init - f2fs: fix potential overflow - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() - [mips*] cacheinfo: report shared CPU map - [arm64] drm/arm/mali: make malidp_mw_connector_helper_funcs static - [arm64] dmaengine: k3dma: Avoid null pointer traversal - [amd64] ioat: ioat_alloc_ring() failure handling. - ocfs2: call journal flush to mark journal as empty after journal recovery when mount https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.98 - clk: Don't try to enable critical clocks if prepare failed - iio: buffer: align the size of scan bytes to size of the largest element - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx - USB: serial: option: Add support for Quectel RM500Q - USB: serial: opticon: fix control-message timeouts - USB: serial: option: add support for Quectel RM500Q in QDL mode - USB: serial: suppress driver bind attributes - USB: serial: ch341: handle unbound port at reset_resume - USB: serial: io_edgeport: handle unbound ports on URB completion - USB: serial: io_edgeport: add missing active-port sanity check - USB: serial: keyspan: handle unbound ports - USB: serial: quatech2: handle unbound ports - [x86] scsi: fnic: fix invalid stack access - scsi: mptfusion: Fix double fetch bug in ioctl - [armhf] dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection - ALSA: dice: fix fallback from protocol extension into limited functionality - ALSA: seq: Fix racy access for queue timer in proc read - ALSA: usb-audio: fix sync-ep altsetting sanity check - [arm64] dts: allwinner: a64: olinuxino: Fix SDIO supply regulator - block: fix an integer overflow in logical block size - [armhf] dts: am571x-idk: Fix gpios property to have the correct gpio number - LSM: generalize flag passing to security_capable - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() - usb: core: hub: Improved device recognition on remote wakeup - [x86] resctrl: Fix an imbalance in domain_remove_cpu() - [x86] CPU/AMD: Ensure clearing of SME/SEV features is maintained - [amd64] x86/efistub: Disable paging at mixed mode entry - [x86] resctrl: Fix potential memory leak - perf hists: Fix variable name's inconsistency in hists__for_each() macro - perf report: Fix incorrectly added dimensions as switch perf data file - mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment - mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid - btrfs: rework arguments of btrfs_unlink_subvol - btrfs: fix invalid removal of root ref - btrfs: do not delete mismatched root refs - btrfs: fix memory leak in qgroup accounting - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() - [armhf] dts: imx6qdl: Add Engicam i.Core 1.5 MX6 - [armhf] dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL - [arm64,armhf] net: stmmac: 16KB buffer must be 16 byte aligned - [arm64,armhf] net: stmmac: Enable 16KB buffer size - mm/huge_memory.c: make __thp_get_unmapped_area static - mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment - bpf: Fix incorrect verifier simulation of ARSH under ALU32 - cfg80211: fix deadlocks in autodisconnect work - cfg80211: fix memory leak in cfg80211_cqm_rssi_update - cfg80211: fix page refcount issue in A-MSDU decap - netfilter: fix a use-after-free in mtype_destroy() - netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct - netfilter: nft_tunnel: fix null-attribute check - netfilter: nf_tables: remove WARN and add NLA_STRING upper limits - netfilter: nf_tables: store transaction list locally while requesting module - netfilter: nf_tables: fix flowtable list del corruption - NFC: pn533: fix bulk-message timeout - batman-adv: Fix DAT candidate selection on little endian systems - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() - [x86] hv_netvsc: Fix memory leak when removing rndis device - [arm64] net: hns: fix soft lockup when there is not enough memory - net: usb: lan78xx: limit size of local TSO packets - ptp: free ptp device pin descriptors properly - r8152: add missing endpoint sanity check - tcp: fix marked lost packets not being retransmitted - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk - tcp: refine rule to allow EPOLLOUT generation under mem pressure - [arm64] dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node - cfg80211: check for set_wiphy_params - tick/sched: Annotate lockless access to last_jiffies_update - drm/nouveau/bar/nv50: check bar1 vmm return value - drm/nouveau/bar/gf100: ensure BAR is mapped - drm/nouveau/mmu: qualify vmm during dtor - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() - scsi: qla4xxx: fix double free bug - scsi: bnx2i: fix potential use after free - scsi: target: core: Fix a pr_debug() argument - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan - scsi: core: scsi_trace: Use get_unaligned_be*() - perf probe: Fix wrong address verification [ Joe Richey ] * [cloud-amd64] tpm: Enable TPM drivers for Cloud (Closes: #946237) [ Salvatore Bonaccorso ] * Refresh powerpc-fix-mcpu-options-for-spe-only-compiler.patch (Context changes in 4.19.88) * Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch * Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch * [rt] Refresh 0199-net-move-xmit_recursion-to-per-task-variable-on-RT.patch (Context changes in 4.19.88) * [rt] Update to 4.19.90-rt35: - Update "workqueue: rework" for workqueue changes in 4.19.90 * [rt] Drop 0245-Revert-arm64-preempt-Fix-big-endian-when-checking-pr.patch * Refresh 0013-scsi-hisi_sas-Relocate-some-codes-to-avoid-an-unused.patch for context changes in 4.19.93. * [rt] Refresh 0253-watchdog-prevent-deferral-of-watchdogd-wakeup-on-RT.patch (Context changes in 4.19.93) * [rt] Refresh 0199-net-move-xmit_recursion-to-per-task-variable-on-RT.patch (Context changes in 4.19.97) [ Ben Hutchings ] * [rt] Update to 4.19.94-rt38: - Refresh "x86/ioapic: Don't let setaffinity unmask threaded EOI interrupt too early" which was partly included in 4.19.92 * aufs: Update support patchset to aufs4.19.63+ 20200113; no functional changes * Bump ABI to 8 * libertas: Fix two buffer overflows at parsing bss descriptor (CVE-2019-14896, CVE-2019-14897) * wimax: i2400: fix memory leak (CVE-2019-19051) * wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle (CVE-2019-19051) * [amd64/cloud-amd64] hwrandom: Enable HW_RANDOM_VIRTIO (Closes: #914511) [ Noah Meyerhans ] * random: try to actively add entropy rather than passively wait for it (Closes: #948519) [ Aurelien Jarno ] * [mips*/malta] Enable POWER_RESET_PIIX4_POWEROFF. -- Salvatore Bonaccorso Sun, 26 Jan 2020 21:01:13 +0100 linux (4.19.87-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.68 - seq_file: fix problem when seeking mid-record - mm/hmm: fix bad subpage pointer in try_to_unmap_one - mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and MPOL_MF_STRICT were specified - mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind - mm/memcontrol.c: fix use after free in mem_cgroup_iter() - mm/usercopy: use memory range to be accessed for wraparound check - Revert "pwm: Set class for exported channels in sysfs" - cpufreq: schedutil: Don't skip freq update when limits change - [x86] ALSA: hda/realtek - Add quirk for HP Envy x360 - ALSA: hda - Apply workaround for another AMD chip 1022:1487 - ALSA: hda - Fix a memory leak bug - ALSA: hda - Add a generic reboot_notify - ALSA: hda - Let all conexant codec enter D3 when rebooting - HID: holtek: test for sanity of intfdata - HID: hiddev: avoid opening a disconnected device - HID: hiddev: do cleanup in failure of opening a device - Input: kbtab - sanity check for endpoint type - Input: iforce - add sanity checks - net: usb: pegasus: fix improper read if get_registers() fail - netfilter: ebtables: also count base chain policies - xen/pciback: remove set but not used variable 'old_state' - [armhf,arm64] irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail - perf header: Fix divide by zero error if f_header.attr_size==0 - perf header: Fix use of unitialized value warning - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() - Btrfs: fix deadlock between fiemap and transaction commits - scsi: hpsa: correct scsi command status issue after reset - scsi: qla2xxx: Fix possible fcport null-pointer dereferences - drm/amdgpu: fix a potential information leaking bug - ata: libahci: do not complain in case of deferred probe - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules - [arm64] efi: fix variable 'si' set but not used - [arm64] unwind: Prohibit probing on return_address() - [arm64] mm: fix variable 'pud' set but not used - IB/core: Add mitigation for Spectre V1 - IB/mlx5: Fix MR registration flow to use UMR properly - IB/mad: Fix use-after-free in ib mad completion handling - [arm64] drm: msm: Fix add_gpu_components - [armhf] drm/exynos: fix missing decrement of retry counter - ocfs2: remove set but not used variable 'last_hash' - asm-generic: fix -Wtype-limits compiler warnings - [arm64] KVM: regmap: Fix unexpected switch fall-through - [armhf,arm64] KVM: Sync ICH_VMCR_EL2 back when about to block - [x86] staging: comedi: dt3000: Fix signed integer overflow 'divider * base' - [x86] staging: comedi: dt3000: Fix rounding up of timer divisor - USB: core: Fix races in character device registration and deregistraion - usb: cdc-acm: make sure a refcount is taken early enough - USB: CDC: fix sanity checks in CDC union parser - USB: serial: option: add D-Link DWM-222 device ID - USB: serial: option: Add support for ZTE MF871A - USB: serial: option: add the BroadMobi BM818 card - USB: serial: option: Add Motorola modem UARTs - [x86] drm/i915/cfl: Add a new CFL PCI ID. - [arm64] ftrace: Ensure module ftrace trampoline is coherent with I-side - Input: psmouse - fix build error of multiple definition - bnx2x: Fix VF's VLAN reconfiguration in reload. - bonding: Add vlan tx offload to hw_enc_features - net: dsa: Check existence of .port_mdb_add callback before calling it - net/mlx4_en: fix a memory leak bug - net/packet: fix race in tpacket_snd() - sctp: fix memleak in sctp_send_reset_streams - sctp: fix the transport error_count check - team: Add vlan tx offload to hw_enc_features - tipc: initialise addr_trail_end when setting node addresses - xen/netback: Reset nr_frags before freeing skb - net/mlx5e: Only support tx/rx pause setting for port owner - net/mlx5e: Use flow keys dissector to parse packets for ARFS - [arm64] mmc: sdhci-of-arasan: Do now show error message in case of deffered probe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.69 - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT - [mips*] kernel: only use i8253 clocksource with periodic clockevent - [mips*] fix cacheinfo - netfilter: ebtables: fix a memory leak bug in compat - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks - bonding: Force slave speed check after link state recovery for 802.3ad - [armhf,arm64] net: mvpp2: Don't check for 3 consecutive Idle frames for 10G links - can: dev: call netif_carrier_off() in register_candev() - can: gw: Fix error path of cgw_module_init - [armhf,arm64] ASoC: rockchip: Fix mono capture - [armhf] ASoC: ti: davinci-mcasp: Correct slot_width posed constraint - net: usb: qmi_wwan: Add the BroadMobi BM818 card - qed: RDMA - Fix the hw_ver returned in device attributes - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and hash:ip,mac sets - netfilter: ipset: Fix rename concurrency with listing - rxrpc: Fix potential deadlock - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in phy_led_trigger_change_speed() - can: sja1000: force the string buffer NULL-terminated - can: peak_usb: force the string buffer NULL-terminated - net/ethernet/qlogic/qed: force the string buffer NULL-terminated - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts - HID: quirks: Set the INCREMENT_USAGE_ON_DUPLICATE quirk on Saitek X52 - HID: input: fix a4tech horizontal wheel custom usage - [armhf,arm64] drm/rockchip: Suspend DP late - SMB3: Fix potential memory leak when processing compound chain - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL - [s390x] put _stext and _etext into .text section - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' - [armhf,arm64] net: stmmac: Fix issues when number of Queues >= 4 - [armhf,arm64] net: stmmac: tc: Do not return a fragment entry - [arm64] net: hisilicon: make hip04_tx_reclaim non-reentrant - [arm64] net: hisilicon: fix hip04-xmit never return TX_BUSY - [arm64] net: hisilicon: Fix dma_map_single failed on arm64 - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests - libata: add SG safety checks in SFF pio transfers - [x86] lib/cpu: Address missing prototypes warning - [x86] drm/vmwgfx: fix memory leak when too many retries have occurred - block, bfq: handle NULL return value by bfq_init_rq() - perf ftrace: Fix failure to set cpumask when only one cpu is present - perf cpumap: Fix writing to illegal memory in handling cpumap mask - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event - [arm64] KVM: Don't write junk to sysregs on reset - [armhf] KVM: Don't write junk to CP15 registers on reset - HID: wacom: correct misreported EKR ring values - HID: wacom: Correct distance scale for 2nd-gen Intuos devices - Revert "dm bufio: fix deadlock with loop device" (regression in 4.19.61) - ceph: clear page dirty before invalidate page - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply - libceph: fix PG split vs OSD (re)connect race - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX - gpiolib: never report open-drain/source lines as 'input' to user-space - [x86] Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx - [i386] retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 - [x86] apic: Handle missing global clockevent gracefully - [x86] CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h - [x86] boot: Save fields explicitly, zero out everything else - [x86] boot: Fix boot regression caused by bootparam sanitizing - dm kcopyd: always complete failed jobs - dm btree: fix order of block initialization in btree_split_beneath - dm integrity: fix a crash due to BUG_ON in __journal_read_write() - dm raid: add missing cleanup in raid_ctr() - dm space map metadata: fix missing store of apply_bops() return value - dm table: fix invalid memory accesses with too high sector number - dm zoned: improve error handling in reclaim - dm zoned: improve error handling in i/o map code - dm zoned: properly handle backing device failure - genirq: Properly pair kobject_del() with kobject_add() - mm, page_owner: handle THP splits correctly - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely - mm/zsmalloc.c: fix race condition in zs_destroy_pool - xfs: don't trip over uninitialized buffer on extent read of corrupted inode - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h - xfs: Add helper function xfs_attr_try_sf_addname - xfs: Add attibute set and helper functions - xfs: Add attibute remove and helper functions - xfs: always rejoin held resources during defer roll - dm zoned: fix potential NULL dereference in dmz_do_reclaim() - [ppc64el] Allow flush_(inval_)dcache_range to work across ranges >4GB - rxrpc: Fix local endpoint refcounting - rxrpc: Fix read-after-free in rxrpc_queue_local() - rxrpc: Fix local endpoint replacement - rxrpc: Fix local refcounting https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.70 - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns - afs: Fix the CB.ProbeUuid service handler to reply correctly - afs: Fix loop index mixup in afs_deliver_vl_get_entry_by_name_u() - fs: afs: Fix a possible null-pointer dereference in afs_put_read() - afs: Only update d_fsdata if different in afs_d_revalidate() - nvmet-loop: Flush nvme_delete_wq when removing the port - nvme: fix a possible deadlock when passthru commands sent to a multipath device - nvme-pci: Fix async probe remove race - [armhf] omap-dma/omap_vout_vrfb: fix off-by-one fi value - iommu/dma: Handle SG length overflow better - usb: gadget: composite: Clear "suspended" on reset/disconnect - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt - xen/blkback: fix memory leaks - [arm64] cpufeature: Don't treat granule sizes as strict - drm/ast: Fixed reboot test may cause system hanged - [x86] tools: hv: fix KVP and VSS daemons exit code - [x86] drm/i915: fix broadwell EU computation - [arm*] watchdog: bcm2835_wdt: Fix module autoload - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value - [armhf] drm/tilcdc: Register cpufreq notifier after we have initialized crtc - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set - ipv6: Default fib6_type to RTN_UNICAST when not set - net/smc: make sure EPOLLOUT is raised - tcp: make sure EPOLLOUT wont be missed - ipv4/icmp: fix rt dst dev null pointer dereference - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n - ALSA: usb-audio: Check mixer unit bitmap yet more strictly - ALSA: line6: Fix memory leak at line6_init_pcm() error path - ALSA: hda - Fixes inverted Conexant GPIO mic mute led - ALSA: seq: Fix potential concurrent access to the deleted pool - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 - [x86] kvm: skip populating logical dest map if apic is not sw enabled - [x86] KVM: Don't update RIP or do single-step on faulting emulation - [amd64] uprobes: Fix detection of 32-bit user mode - [x86] apic: Do not initialize LDR and DFR for bigsmp - ftrace: Fix NULL pointer dereference in t_probe_next() - ftrace: Check for successful allocation of hash - ftrace: Check for empty hash and comment the race with registering probes - usb-storage: Add new JMS567 revision to unusual_devs - USB: cdc-wdm: fix race between write and disconnect due to flag abuse - usb: hcd: use managed device resources - [armhf,arm64] usb: chipidea: udc: don't do hardware access if gadget has stopped - usb: host: ohci: fix a race condition between shutdown and irq - usb: host: xhci: rcar: Fix typo in compatible string matching - USB: storage: ums-realtek: Update module parameter description for auto_delink_en - USB: storage: ums-realtek: Whitelist auto-delink support - [x86] mei: me: add Tiger Lake point LP device ID - mmc: core: Fix init of SD cards reporting an invalid VDD range - stm class: Fix a double free of stm_source_device - [x86] intel_th: pci: Add support for another Lewisburg PCH - [x86] intel_th: pci: Add Tiger Lake support - [x86] typec: tcpm: fix a typo in the comparison of pdo_max_voltage - lib: logic_pio: Fix RCU usage - lib: logic_pio: Avoid possible overlap for unregistering regions - lib: logic_pio: Add logic_pio_unregister_range() - [x86] drm/amdgpu: Add APTX quirk for Dell Latitude 5495 - [x86] drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest - [x86] drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() - [arm64] bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free - [arm64] bus: hisi_lpc: Add .remove method to avoid driver unbind crash - [x86] VMCI: Release resource if the work is already queued - [x86] crypto: ccp - Ignore unconfigured CCP device on suspend/resume - Revert "cfg80211: fix processing world regdomain when non modular" - mac80211: fix possible sta leak - mac80211: Don't memset RXCB prior to PAE intercept - mac80211: Correctly set noencrypt for PAE frames - [ppc64el] KVM: Book3S: Fix incorrect guest-to-user-translation error handling - [armhf,arm64] KVM: vgic: Fix potential deadlock when ap_list is long - [armhf,arm64] KVM: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI - NFS: Clean up list moves of struct nfs_page - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() - NFS: Pass error information to the pgio error cleanup routine - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 - [x86] i2c: piix4: Fix port selection for AMD Family 16h Model 30h - mt76: mt76x0u: do not reset radio on resume https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.71 - Revert "Input: elantech - enable SMBus on new (2018+) systems" (regression in 4.19.67) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.72 - mld: fix memory leak in mld_del_delrec() - net: fix skb use after free in netpoll - net: sched: act_sample: fix psample group handling on overwrite - net_sched: fix a NULL pointer deref in ipt action - [armhf,arm64] net: stmmac: dwmac-rk: Don't fail if phy regulator is absent - tcp: inherit timestamp on mtu probe - tcp: remove empty skb from write queue in error cases - net/rds: Fix info leak in rds6_inc_info_copy() (CVE-2019-16714) - [x86] boot: Preserve boot_params.secure_boot from sanitizing - [arm*] spi: bcm2835aux: unifying code between polling and interrupt driven code - [arm*] spi: bcm2835aux: remove dangerous uncontrolled read of fifo - [arm*] spi: bcm2835aux: fix corruptions for longer spi transfers - netfilter: nf_tables: use-after-free in failing rule with bound set - [x86] hv_netvsc: Fix a warning of suspicious RCU usage - Bluetooth: btqca: Add a short delay before downloading the NVM - [ppc64el] ibmveth: Convert multicast list size for little-endian system - gpio: Fix build error of function redefinition - netfilter: nft_flow_offload: skip tcp rst and fin packets - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure - scsi: target: tcmu: avoid use-after-free after command timeout - cxgb4: fix a memory leak bug - liquidio: add cleanup in octeon_setup_iq() - net: myri10ge: fix memory leaks - lan78xx: Fix memory leaks - vfs: fix page locking deadlocks when deduping files - cx82310_eth: fix a memory leak bug - net: kalmia: fix memory leaks - net: cavium: fix driver name - wimax/i2400m: fix a memory leak bug - kprobes: Fix potential deadlock in kprobe_optimizer() - HID: cp2112: prevent sleeping function called from invalid context - [amd64] boot/compressed: Fix boot on machines with broken E820 table - [x86] Input: hyperv-keyboard: Use in-place iterator API in the channel callback - [x86] Tools: hv: kvp: eliminate 'may be used uninitialized' warning - nvme-multipath: fix possible I/O hang when paths are updated - IB/mlx4: Fix memory leaks - infiniband: hfi1: fix a memory leak bug - infiniband: hfi1: fix memory leaks - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() - ceph: fix buffer free while holding i_ceph_lock in fill_inode() - [armhf,arm64] KVM: Only skip MMIO insn once - afs: Fix leak in afs_lookup_cell_rcu() - [armhf,arm64] KVM: VGIC: Properly initialise private IRQ affinity - [amd64] boot/compressed: Fix missing initialization in find_trampoline_placement() - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.73 - ALSA: hda - Fix potential endless loop at applying quirks - ALSA: hda/realtek - Fix overridden device-specific initialization - [x86] ALSA: hda/realtek - Add quirk for HP Pavilion 15 - [x86] ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL - [x86] ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre - sched/fair: Don't assign runtime for throttled cfs_rq - [x86] drm/vmwgfx: Fix double free in vmw_recv_msg() - [ppc64el] tm: Fix FP/VMX unavailable exceptions inside a transaction (CVE-2019-15030) - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() - batman-adv: Only read OGM tvlv_len after buffer len check - [x86] hv_sock: Fix hang when a connection is closed - Blk-iolatency: warn on negative inflight IO counter - blk-iolatency: fix STS_AGAIN handling - {nl,mac}80211: fix interface combinations on crypto controlled devices - timekeeping: Use proper ktime_add when adding nsecs in coarse offset - selftests: fib_rule_tests: use pre-defined DEV_ADDR - [x86] ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() - [ppc64el] mark start_here_multiplatform as __ref - [arm64] dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 - nvme-fc: use separate work queue to avoid warning - [armhf] clk: s2mps11: Add used attribute to s2mps11_dt_match - [arm64] remoteproc: qcom: q6v5: shore up resource probe handling - modules: always page-align module section allocations - kernel/module: Fix mem leak in module_add_modinfo_attrs - [x86] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" - scsi: qla2xxx: Move log messages before issuing command to firmware - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h - [x86] Drivers: hv: kvp: Fix two "this statement may fall through" warnings - [x86] hibernate: Fix nosave_regions setup for hibernation - [arm64] remoteproc: qcom: q6v5-mss: add SCM probe dependency - drm/amdgpu/gfx9: Update gfx9 golden settings. - drm/amdgpu: Update gc_9_0 golden settings. - [x86] KVM: hyperv: enforce vp_index < KVM_MAX_VCPUS - [x86] KVM: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables - [x86] KVM: hyperv: keep track of mismatched VP indexes - [x86] KVM: hyperv: define VP assist page helpers - [x86] kvm/lapic: preserve gfn_to_hva_cache len on cache reinit - [x86] drm/i915: Fix intel_dp_mst_best_encoder() - [x86] drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE - [x86] drm/i915/gen9+: Fix initial readout for Y tiled framebuffers - drm/atomic_helper: Disallow new modesets on unregistered connectors - [x86] Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up - powerplay: Respect units on max dcfclk watermark - drm/amd/pp: Fix truncated clock value when set watermark - drm/amd/dm: Understand why attaching path/tile properties are needed - [s390x] zcrypt: reinit ap queue state machine during device probe - [x86] drm/i915: Restore sane defaults for KMS on GEM error load - [x86] drm/i915: Cleanup gt powerstate from gem - [ppc64el] KVM: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch - Btrfs: clean up scrub is_dev_replace parameter - Btrfs: fix deadlock with memory reclaim during scrub - btrfs: Remove extent_io_ops::fill_delalloc - btrfs: Fix error handling in btrfs_cleanup_ordered_extents - scsi: megaraid_sas: Fix combined reply queue mode detection - scsi: megaraid_sas: Add check for reset adapter bit - scsi: megaraid_sas: Use 63-bit DMA addressing - [ppc64el] pkeys: Fix handling of pkey state across fork() - btrfs: volumes: Make sure no dev extent is beyond device boundary - btrfs: Use real device structure to verify dev extent - IB/uverbs: Fix OOPs upon device disassociation - drm/vblank: Allow dynamic per-crtc max_vblank_count - [x86] drm/i915/ilk: Fix warning when reading emon_status with no output - tpm: Fix some name collisions with drivers/char/tpm.h - bcache: replace hard coded number with BUCKET_GC_GEN_MAX - bcache: treat stale && dirty keys as bad keys - [x86] KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run - [armhf] iio: adc: exynos-adc: Add S5PV210 variant - [armhf] iio: adc: exynos-adc: Use proper number of channels for Exynos4x12 - mt76: fix corrupted software generated tx CCMP PN - drm/nouveau: Don't WARN_ON VCPI allocation failures - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules - iwlwifi: add new card for 9260 series - spi: spi-gpio: fix SPI_CS_HIGH capability - [ppc64el] kvm: Save and restore host AMR/IAMR/UAMOR - btrfs: scrub: pass fs_info to scrub_setup_ctx - btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex - btrfs: scrub: fix circular locking dependency warning - btrfs: init csum_list before possible free - [arm64] PCI: qcom: Fix error handling in runtime PM support - [arm64] PCI: qcom: Don't deassert reset GPIO during probe - CIFS: Fix error paths in writeback code - CIFS: Fix leaking locked VFS cache pages in writeback retry - [x86] drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set - [x86] drm/i915: Sanity check mmap length against object size - [x86] usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps - IB/mlx5: Reset access mask when looping inside page fault handler - kvm: mmu: Fix overflow on kvm mmu page limit calculation - [x86] kvm: move kvm_load/put_guest_xcr0 into atomic context - [x86] KVM: Always use 32-bit SMRAM save state for 32-bit kernels - cifs: Fix lease buffer length error (CVE-2019-15918) - ext4: protect journal inode's blocks using block_validity - [x86] PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary - dm mpath: fix missing call of path selector type->end_io - blk-mq: free hw queue's resource in hctx's release handler - mmc: sdhci-pci: Add support for Intel CML - PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code - cifs: smbd: take an array of reqeusts when sending upper layer data - dm crypt: move detailed message into debug level - [x86] drm/amdkfd: Add missing Polaris10 ID - kvm: Check irqchip mode before assign irqfd - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc - Btrfs: fix race between block group removal and block group allocation - cifs: add spinlock for the openFileList to cifsInodeInfo - [arm64] clk: tegra: Fix maximum audio sync clock for Tegra124/210 - [arm64] clk: tegra210: Fix default rates for HDA clocks - IB/hfi1: Avoid hardlockup with flushlist_lock - apparmor: reset pos on failure to unpack for various functions - scsi: target/core: Use the SECTOR_SHIFT constant - scsi: target/iblock: Fix overrun in WRITE SAME emulation - [s390x] scsi: zfcp: fix request object use-after-free in send path causing wrong traces - cifs: Properly handle auto disabling of serverino option - [x86] ALSA: hda - Don't resume forcibly i915 HDMI/DP codec - [x86] KVM: optimize check for valid PAT value - [x86] KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value - [x86] KVM: VMX: Fix handling of #MC that occurs during VM-Entry - [x86] KVM: VMX: check CPUID before allowing read/write of IA32_XSS - [ppc64el] KVM: Use ccr field in pt_regs struct embedded in vcpu struct - [ppc64el] KVM: Book3S HV: Fix CR0 setting in TM emulation - RDMA/srp: Document srp_parse_in() arguments - RDMA/srp: Accept again source addresses that do not have a port number - btrfs: correctly validate compression type - resource: Include resource end in walk_*() interfaces - resource: Fix find_next_iomem_res() iteration issue - resource: fix locking in find_next_iomem_res() - pstore: Fix double-free in pstore_mkfile() failure path - dm thin metadata: check if in fail_io mode when setting needs_check - [armhf,arm64] drm/panel: Add support for Armadeus ST0700 Adapt - [x86] ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips - [ppc64el] mm: Limit rma_size to 1TB when running without HV mode - iommu/iova: Remove stale cached32_node - gpio: don't WARN() on NULL descs if gpiolib is disabled - mm/migrate.c: initialize pud_entry in migrate_vma() - NFSv4: Fix delegation state recovery - bcache: only clear BTREE_NODE_dirty bit when it is set - bcache: add comments for mutex_lock(&b->write_lock) - bcache: fix race in btree_flush_write() - [x86] drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV - [s390x] virtio: fix race on airq_areas[] - drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors - ext4: don't perform block validity checks on the journal inode - ext4: fix block validity checks for journal inodes using indirect blocks - ext4: unsigned int compared against zero - [x86] PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround - [ppc64el] tm: Remove msr_tm_active() - [ppc64el] tm: Fix restoring FP/VMX facility incorrectly on interrupts (CVE-2019-15031) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.74 - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - net: Fix null de-reference of device refcount - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list - net: phylink: Fix flow control resolution - net: sched: fix reordering issues - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist - gpio: fix line flag validation in linehandle_create - Btrfs: fix assertion failure during fsync and use of stale transaction - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us - genirq: Prevent NULL pointer dereference in resend_irqs() - [s390x] KVM: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset() - [s390x] KVM: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - [x86] KVM: work around leak of uninitialized stack contents - [x86] KVM: nVMX: handle page fault in vmread - [x86] purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors - [ppc64el] Add barrier_nospec to raw_copy_in_user() - [arm64] drm/meson: Add support for XBGR8888 & ABGR8888 formats - [armhf,arm64] clk: rockchip: Don't yell about bad mmc phases when getting - PCI: Always allow probing with driver_override - gpio: fix line flag validation in lineevent_create - ubifs: Correctly use tnc_next() in search_dh_cookie() - driver core: Fix use-after-free and double free on glue directory - firmware: ti_sci: Always request response from firmware - [x86] drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" - modules: fix BUG when load module with rodata=n - rsi: fix a double free bug in rsi_91x_deinit() (CVE-2019-15504) - nvmem: Use the same permissions for eeprom as for nvmem https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.75 - netfilter: nf_flow_table: set default timeout after successful insertion - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report - RDMA/restrack: Release task struct which was hold by CM_ID object - [x86] Input: elan_i2c - remove Lenovo Legion Y7000 PnpID - [ppc64el] mm/radix: Use the right page size for vmemmap mapping - USB: usbcore: Fix slab-out-of-bounds bug during device reset - media: tm6000: double free if usb disconnect while streaming - ip6_gre: fix a dst leak in ip6erspan_tunnel_xmit - udp: correct reuseport selection with connected sockets - xen-netfront: do not assume sk_buff_head list is empty in error handling - net_sched: let qdisc_put() accept NULL pointer - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds - ieee802154: hwsim: Fix error handle path in hwsim_init_module - ieee802154: hwsim: unregister hw while hwsim_subscribe_all_others fails - [armhf] dts: am57xx: Disable voltage switching for SD card - [armhf] OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss - [armhf] bus: ti-sysc: Fix using configured sysc mask value - [s390x] bpf: fix lcgr instruction encoding - [armhf] OMAP2+: Fix omap4 errata warning on other SoCs - [armhf] dts: dra74x: Fix iodelay configuration for mmc3 - [armhf] bus: ti-sysc: Simplify cleanup upon failures in sysc_probe() - [s390x] bpf: use 32-bit index for tail calls - netfilter: ebtables: Fix argument order to ADD_COUNTER - netfilter: nft_flow_offload: missing netlink attribute policy - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info - NFSv4: Fix return values for nfs4_file_open() - NFSv4: Fix return value in nfs_finish_open() - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup - xdp: unpin xdp umem pages in error path - qed: Add cleanup in qed_slowpath_start() - [armel,armhf] 8874/1: mm: only adjust sections of valid mm structures - batman-adv: Only read OGM2 tvlv_len after buffer len check - bpf: allow narrow loads of some sk_reuseport_md fields with offset > 0 - r8152: Set memory to all 0xFFs on failed reg reads - [x86] apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check - netfilter: nf_conntrack_ftp: Fix debug output - NFSv2: Fix eof handling - NFSv2: Fix write regression - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol - cifs: set domainName when a domain-key is used in multiuser - cifs: Use kzfree() to zero out the password - [armhf,arm64] usb: host: xhci-tegra: Set DMA mask correctly - [armel,armhf] 8901/1: add a criteria for pfn_valid of arm - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) - i2c: designware: Synchronize IRQs when unregistering slave client - [x86] perf/intel: Restrict period on Nehalem - [x86] perf/amd/ibs: Fix sample bias for dispatched micro-ops - amd-xgbe: Fix error path in xgbe_mod_init() - [x86] tools/power x86_energy_perf_policy: Fix argument parsing - [x86] tools/power turbostat: fix buffer overrun - net: aquantia: fix out of memory condition on rx side - [armhf] dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() - [x86] uaccess: Don't leak the AC flags into __get_user() argument evaluation - [x86] hyper-v: Fix overflow bug in fill_gva_list() - keys: Fix missing null pointer check in request_key_auth_describe() - [x86] iommu/amd: Flush old domains in kdump kernel - [x86] iommu/amd: Fix race in increase_address_space() - [arm64] PCI: kirin: Fix section mismatch warning - ovl: fix regression caused by overlapping layers detection - floppy: fix usercopy direction - binfmt_elf: move brk out of mmap when doing direct loader exec - [arm64] kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field - media: technisat-usb2: break out of loop at end of buffer (CVE-2019-15505) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.76 - Revert "Bluetooth: validate BLE connection interval updates" - RDMA/restrack: Protect from reentry to resource return path - [ppc64el] xive: Fix bogus error code returned by OPAL - IB/core: Add an unbound WQ type to the new CQ API - HID: prodikeys: Fix general protection fault during probe - HID: sony: Fix memory corruption issue on cleanup. - HID: logitech: Fix general protection fault caused by Logitech driver - HID: hidraw: Fix invalid read in hidraw_ioctl - HID: Add quirk for HP X500 PIXART OEM mouse - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() - CIFS: fix deadlock in cached root handling - net/mlx5e: Set ECN for received packets using CQE indication - net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets - mlx5: fix get_ip_proto() - net/mlx5e: Allow reporting of checksum unnecessary - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding - net/mlx5e: Rx, Check ip headers sanity - iwlwifi: mvm: send BCAST management frames to the right station - iwlwifi: mvm: always init rs_fw with 20MHz bandwidth rates - media: tvp5150: fix switch exit in set control handler - [x86] ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support - ALSA: usb-audio: Add DSD support for EVGA NU Audio - ALSA: dice: fix wrong packet parameter for Alesis iO26 - [x86] ALSA: hda - Add laptop imic fixup for ASUS M9V laptop - [x86] ALSA: hda - Apply AMD controller workaround for Raven platform - objtool: Clobber user CFLAGS variable - power: supply: sysfs: ratelimit property read error message - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion - scsi: qla2xxx: Remove all rports if fabric scan retry fails - scsi: qla2xxx: Return switch command on a timeout - Revert "drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD" - bpf: libbpf: retry loading program on EAGAIN - [armhf,arm64] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices - f2fs: check all the data segments against all node ones - [x86] PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() - initramfs: don't free a non-existent initrd - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs - blk-mq: move cancel of requeue_work to the front of blk_exit_queue - Revert "f2fs: avoid out-of-range memory access" - dm zoned: fix invalid memory access - f2fs: fix to do sanity check on segment bitmap of LFS curseg - drm: Flush output polling on shutdown - net: don't warn in inet diag when IPV6 is disabled - Bluetooth: btrtl: HCI reset on close for Realtek BT chip - [x86] ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling - xfs: don't crash on null attr fork xfs_bmapi_read - netfilter: nft_socket: fix erroneous socket assignment - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices - net_sched: check cops->tcf_block in tc_bind_tclass() - net/rds: An rds_sock is added too early to the hash table - net/rds: Check laddr_check before calling it - f2fs: use generic EFSBADCRC/EFSCORRUPTED https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.77 - arcnet: provide a buffer big enough to actually receive packets - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize - macsec: drop skb sk before calling gro_cells_receive - net/phy: fix DP83865 10 Mbps HDX loopback disable function - net/sched: act_sample: don't push mac header on ip6gre ingress - net_sched: add max len check for TCA_KIND - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs (CVE-2019-19081) - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC - ppp: Fix memory leak in ppp_write - sch_netem: fix a divide by zero in tabledist() - skge: fix checksum byte order - usbnet: ignore endpoints with invalid wMaxPacketSize - usbnet: sanity checking of packet sizes and device mtu - net: sched: fix possible crash in tcf_action_destroy() - tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state - net/mlx5: Add device ID of upcoming BlueField-2 - mISDN: enforce CAP_NET_RAW for raw sockets (CVE-2019-17055) - appletalk: enforce CAP_NET_RAW for raw sockets (CVE-2019-17054) - ax25: enforce CAP_NET_RAW for raw sockets (CVE-2019-17052) - ieee802154: enforce CAP_NET_RAW for raw sockets (CVE-2019-17053) - nfc: enforce CAP_NET_RAW for raw sockets (CVE-2019-17056) - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs (CVE-2019-19080) - ALSA: hda: Flush interrupts on disabling - [armhf] ASoC: sgtl5000: Fix of unmute outputs on probe - [armhf] ASoC: sgtl5000: Fix charge pump source assignment - [arm*] dmaengine: bcm2835: Print error in case setting DMA mask fails - media: dib0700: fix link error for dibx000_i2c_set_speed - media: hdpvr: Add device num check and handling - time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint - sched/fair: Fix imbalance due to CPU affinity - sched/core: Fix CPU controller for !RT_GROUP_SCHED - [x86] apic: Make apic_pending_intr_clear() more robust - sched/deadline: Fix bandwidth accounting at all levels after offline migration - [x86] reboot: Always use NMI fallback when shutdown via reboot vector IPI fails - [x86] apic: Soft disable APIC before initializing it - ALSA: hda - Show the fatal CORB/RIRB error more clearly - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() - EDAC/mc: Fix grain_bits calculation - media: iguanair: add sanity checks - base: soc: Export soc_device_register/unregister APIs - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid - [arm64] prefetch: fix a -Wtype-limits warning - md/raid1: end bio when the device faulty - md: don't call spare_active in md_reap_sync_thread if all member devices can't work - md: don't set In_sync if array is frozen - ACPI / processor: don't print errors for processorIDs == 0xff - loop: Add LOOP_SET_DIRECT_IO to compat ioctl - [x86] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() - efi: cper: print AER info of PCIe fatal error - sched/fair: Use rq_lock/unlock in online_fair_sched_group - idle: Prevent late-arriving interrupts from disrupting offline - media: gspca: zero usb_buf on error - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig - perf test vfs_getname: Disable ~/.perfconfig to get default output - media: em28xx: modules workqueue not inited for 2nd device - media: rc: imon: Allow iMON RC protocol for ffdc 7e device - [arm64] perf record: Support aarch64 random socket_id assignment - [armhf] media: omap3isp: Don't set streaming state on random subdevs - media: radio/si470x: kill urb on error - media: hdpvr: add terminating 0 at end of string - led: triggers: Fix a memory leak bug - nbd: add missing config put - media: mceusb: fix (eliminate) TX IR signal length limit - media: dvb-frontends: use ida for pll number - posix-cpu-timers: Sanitize bogus WARNONS - media: dvb-core: fix a memory leak bug - libperf: Fix alignment trap with xyarray contents in 'perf stat' - [amd64] EDAC/amd64: Recognize DRAM device type ECC capability - [amd64] EDAC/amd64: Decode syndrome before translating address - PM / devfreq: passive: Use non-devm notifiers - PM / devfreq: exynos-bus: Correct clock enable sequence - media: cec-notifier: clear cec_adap in cec_notifier_unregister - media: saa7146: add cleanup in hexium_attach() - media: cpia2_usb: fix memory leaks - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() - perf trace beauty ioctl: Fix off-by-one error in cmd->string table - [x86] ASoC: es8316: fix headphone mixer volume table - ACPI / CPPC: do not require the _PSD method - sched/cpufreq: Align trace event behavior of fast switching - [x86] apic/vector: Warn when vector space exhaustion breaks affinity - [arm64] kpti: ensure patched kernel text is fetched from PoU - [x86] mm/pti: Do not invoke PTI functions when PTI is disabled - [x86] mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() - nvmet: fix data units read and written counters in SMART log - nvme-multipath: fix ana log nsid lookup when nsid is not found - ALSA: firewire-motu: add support for MOTU 4pre - iommu/amd: Silence warnings under memory pressure - libata/ahci: Drop PCS quirk for Denverton and beyond - iommu/iova: Avoid false sharing on fq_timer_on - libtraceevent: Change users plugin directory - [armhf] dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks - ACPI: custom_method: fix memory leaks - ACPI / PCI: fix acpi_pci_irq_enable() memory leak - closures: fix a race on wakeup from closure_sync - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' - md/raid1: fail run raid1 array when active disk less than one - dmaengine: ti: edma: Do not reset reserved paRAM slots - kprobes: Prohibit probing on BUG() and WARN() address - [s390x] crypto: xts-aes-s390 fix extra run-time crypto self tests finding - [x86] cpu: Add Tiger Lake to Intel family - [x86] platform: intel_pmc_core: Do not ioremap RAM - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set - raid5: don't set STRIPE_HANDLE to stripe which is in batch list - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD - mmc: sdhci: Fix incorrect switch to HS mode - mmc: core: Add helper function to indicate if SDIO IRQs is enabled - [armhf,arm64] mmc: dw_mmc: Re-store SDIO IRQs mask at system resume - raid5: don't increment read_errors on EILSEQ return - libertas: Add missing sentinel at end of if_usb.c fw_table - e1000e: add workaround for possible stalled packet - ALSA: hda - Drop unsol event handler for Intel HDMI codecs - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() - [x86] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 - [x86] iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems - btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type - [armhf] media: omap3isp: Set device on omap3isp subdevs - PM / devfreq: passive: fix compiler warning - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36 - ALSA: firewire-tascam: handle error code when getting current source of clock - ALSA: firewire-tascam: check intermediate state of clock status and retry - scsi: scsi_dh_rdac: zero cdb in send_mode_select() - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag - printk: Do not lose last line in kmsg buffer dump - IB/mlx5: Free mpi in mp_slave mode - IB/hfi1: Define variables as unsigned long to fix KASAN warning - randstruct: Check member structs in is_pure_ops_struct() - ceph: use ceph_evict_inode to cleanup inode's resource - [x86] ALSA: hda/realtek - PCI quirk for Medion E4254 - blk-mq: add callback of .cleanup_rq - scsi: implement .cleanup_rq callback - [ppc64el] imc: Dont create debugfs files for cpu-less nodes - fuse: fix missing unlock_page in fuse_writepage() - [x86] KVM: always stop emulation on page fault - [x86] KVM: set ctxt->have_exception in x86_decode_insn() - [x86] KVM: Manually calculate reserved bits when loading PDPTRS - [x86] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table - media: don't drop front-end reference count for ->detach - binfmt_elf: Do not move brk for INTERP-less ET_EXEC - [x86] ASoC: Intel: NHLT: Fix debug print format - [x86] ASoC: Intel: Skylake: Use correct function to access iomem space - [x86] ASoC: Intel: Fix use of potentially uninitialized variable - [arm64] Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" - [arm64] tlb: Ensure we execute an ISB following walk cache invalidation - [arm64] dts: rockchip: limit clock rate of MMC controllers for RK3328 - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP - regulator: Defer init completion for a while after late_initcall - efifb: BGRT: Improve efifb_bgrt_sanity_check - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer - memcg, kmem: do not fail __GFP_NOFAIL charges - i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask - block: fix null pointer dereference in blk_mq_rq_timed_out() - smb3: allow disabling requesting leases - ovl: Fix dereferencing possible ERR_PTR() - ovl: filter of trusted xattr results in audit - btrfs: fix allocation of free space cache v1 bitmap pages - Btrfs: fix use-after-free when using the tree modification log - btrfs: Relinquish CPUs in btrfs_compare_trees - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls - Btrfs: fix race setting up and completing qgroup rescan workers - md/raid6: Set R5_ReadError when there is read failure on parity disk - md: don't report active array_state until after revalidate_disk() completes. - md: only call set_in_sync() when it is expected to succeed. - cfg80211: Purge frame registrations on iftype change - /dev/mem: Bail out upon SIGKILL. - ext4: fix warning inside ext4_convert_unwritten_extents_endio - ext4: fix punch hole for inline_data file systems - quota: fix wrong condition in is_quota_modification() - hwrng: core - don't wait on add_early_randomness() - CIFS: fix max ea value size - CIFS: Fix oplock handling for SMB 2.1+ protocols - md/raid0: avoid RAID0 data corruption due to layout confusion. - fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone - drm/amd/display: Restore backlight brightness after system resume https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.78 - tpm: use tpm_try_get_ops() in tpm-sysfs.c. - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations - [armhf,arm64] drm/panel: simple: fix AUO g185han01 horizontal blanking - [armhf,arm64] drm/panel: check failure cases in the probe func - [armhf,arm64] drm/rockchip: Check for fast link training before enabling psr - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() - [ppc64el] PCI: rpaphp: Avoid a sometimes-uninitialized warning - ipmi_si: Only schedule continuously in the thread in maintenance mode - [armhf,arm64] clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks - drm/amd/display: fix issue where 252-255 values are clipped - drm/amd/display: reprogram VM config when system resume - [ppc64el] powernv/ioda2: Allocate TCE table levels on demand for default DMA window - [ppc64el] xmon: Check for HV mode when dumping XIVE info from OPAL - [ppc64el] rtas: use device model APIs and serialization during LPM - [ppc64el] futex: Fix warning: 'oldval' may be used uninitialized in this function - [ppc64el] pseries/mobility: use cond_resched when updating device tree - [armhf,arm64] pinctrl: tegra: Fix write barrier placement in pmx_writel - [ppc64el] eeh: Clear stale EEH_DEV_NO_HANDLER flag - vfio_pci: Restore original state on release - drm/nouveau/volt: Fix for some cards having 0 maximum voltage - [x86] pinctrl: amd: disable spurious-firing GPIO IRQs - drm/amd/display: support spdif - drm/amdgpu/si: fix ASIC tests - [ppc64el] exception: machine check use correct cfar for late handler - pstore: fs superblock limits - [ppc64el] pseries: correctly track irq state in default idle - [arm64] pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c - [ppc64el] dump kernel log before carrying out fadump or kdump - [arm64] mbox: qcom: add APCS child device for QCS404 - scsi: core: Reduce memory required for SCSI logging - dma-buf/sw_sync: Synchronize signal vs syncpt free - ext4: fix potential use after free after remounting with noblock_validity - [mips*] tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean - [x86] i2c-cht-wc: Fix lockdep warning - [x86] mfd: intel-lpss: Remove D3cold delay - HID: wacom: Fix several minor compiler warnings - [armel,armhf] 8898/1: mm: Don't treat faults reported from cache maintenance as writes - [armhf] rtc: snvs: fix possible race condition - HID: apple: Fix stuck function keys when using FN - [arm64] PCI: rockchip: Propagate errors for optional regulators - [armhf] PCI: imx6: Propagate errors for optional regulators - [armel,armhf] 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address - fat: work around race with userspace's read via blockdev while mounting - pktcdvd: remove warning on attempting to register non-passthrough dev - [s390x] hypfs: Fix error number left in struct pointer member - ocfs2: wait for recovering done after direct unlock request - [arm64] consider stack randomization for mmap base only when necessary - [mips*] properly account for stack randomization and stack guard gap - [armel,armhf] properly account for stack randomization and stack guard gap - [armel,armhf] use STACK_TOP when computing mmap base address - block: mq-deadline: Fix queue restart handling - bpf: fix use after free in prog symbol exposure - cxgb4:Fix out-of-bounds MSI-X info array access - erspan: remove the incorrect mtu limit for erspan - hso: fix NULL-deref on tty open - ipv6: drop incoming packets having a v4mapped source address - ipv6: Handle missing host route in __ipv6_ifa_notify - net: ipv4: avoid mixed n_redirects and rate_tokens usage - net: qlogic: Fix memory leak in ql_alloc_large_buffers - net: Unpublish sk from sk_reuseport_cb before call_rcu - nfc: fix memory leak in llcp_sock_bind() - qmi_wwan: add support for Cinterion CLS8 devices - rxrpc: Fix rxrpc_recvmsg tracepoint - sch_dsmark: fix potential NULL deref in dsmark_init() - udp: fix gso_segs calculations - vsock: Fix a lockdep warning in __vsock_release() - udp: only do GSO if # of segs > 1 - net/rds: Fix error handling in rds_ib_add_one() - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() - tipc: fix unlimited bundling of small messages - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash - NFC: fix attrs checks in netlink interface - kexec: bail out upon SIGKILL when allocating memory. - 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.79 - [s390x] process: avoid potential reading of freed stack - [s390x] KVM: Test for bad access register and size at the start of S390_MEM_OP - [s390x] topology: avoid firing events before kobjs are created - [s390x] cio: exclude subchannels with no parent from pseudo check - [ppc64el] KVM: Book3S HV: Fix race in re-enabling XIVE escalation interrupts - [ppc64el] KVM: Book3S HV: Check for MMU ready on piggybacked virtual cores - [ppc64el] KVM: Book3S HV: Don't lose pending doorbell request on migration on P9 - [x86] KVM: Fix userspace set invalid CR4 - [x86] KVM: nVMX: handle page fault in vmread fix - nbd: fix max number of supported devs - PM / devfreq: tegra: Fix kHz to Hz conversion - ASoC: Define a set of DAPM pre/post-up events - [armhf] ASoC: sgtl5000: Improve VAG power and mute control - [ppc64el] mce: Fix MCE handling for huge pages - [ppc64el] mce: Schedule work from irq_work - [ppc64el] powernv: Restrict OPAL symbol map to only be readable by root - [ppc64el] powernv/ioda: Fix race in TCE level allocation - [ppc64el] book3s64/mm: Don't do tlbie fixup for some hardware revisions - tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file - [x86] crypto: qat - Silence smp_processor_id() warning - crypto: skcipher - Unmap pages after an external error - [mips*el/loongson-3] Treat Loongson Extensions as ASEs - power: supply: sbs-battery: use correct flags field - power: supply: sbs-battery: only return health when battery present - tracing: Make sure variable reference alias has correct var_ref_idx - usercopy: Avoid HIGHMEM pfn warning - timer: Read jiffies once when forwarding base clk - [x86] PCI: vmd: Fix shadow offsets to reflect spec changes - PCI: Restore Resizable BAR size bits correctly for 1MB BARs - [armhf] watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout - perf stat: Fix a segmentation fault when using repeat forever - [armhf] drm/omap: fix max fclk divider for omap36xx - [arm64] drm/msm/dsi: Fix return value check for clk_get_parent - drm/nouveau/kms/nv50-: Don't create MSTMs for eDP connectors - [x86] drm/i915/gvt: update vgpu workload head pointer correctly - mmc: sdhci: improve ADMA error reporting - Revert "locking/pvqspinlock: Don't wait if vCPU is preempted" - xen/xenbus: fix self-deadlock after killing user process - ieee802154: atusb: fix use-after-free at disconnect - [s390x] cio: avoid calling strlen on null pointer - cfg80211: initialize on-stack chandefs - [arm64] cpufeature: Detect SSBS and advertise to userspace - ima: always return negative code for error - ima: fix freeing ongoing ahash_request - fs: nfs: Fix possible null-pointer dereferences in encode_attrs() - 9p: Transport error uninitialized - 9p: avoid attaching writeback_fid on mmap with type PRIVATE - xen/pci: reserve MCFG areas earlier - ceph: fix directories inode i_blkbits initialization - ceph: reconnect connection if session hang in opening state - watchdog: aspeed: Add support for AST2600 - netfilter: nf_tables: allow lookups in dynamic sets - drm/amdgpu: Fix KFD-related kernel oops on Hawaii - drm/amdgpu: Check for valid number of registers to read - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors - [x86] purgatory: Disable the stackleak GCC plugin for the purgatory - ntb: point to right memory window index - thermal: Fix use-after-free when unregistering thermal zone device - thermal_hwmon: Sanitize thermal_zone type - libnvdimm/region: Initialize bad block for volatile namespaces - fuse: fix memleak in cuse_channel_open - libnvdimm/nfit_test: Fix acpi_handle redefinition - sched/membarrier: Call sync_core only before usermode for same mm - sched/membarrier: Fix private expedited registration check - sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() - kernel/elfcore.c: include proper prototypes - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed - [ppc64el] KVM: HV: XIVE: Free escalation interrupts before disabling the VP - [x86] KVM: nVMX: Fix consistency check on injected exception error code - nbd: fix crash when the blksize is zero - [ppc64el] pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() - [ppc64el] radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure - tick: broadcast-hrtimer: Fix a race in bc_set_next - perf tools: Fix segfault in cpu_cache_level__read() - perf stat: Reset previous counts on repeat with interval - [arm64] ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 - [arm64] KVM: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe - [arm64] docs: Document SSBS HWCAP - [arm64] fix SSBS sanitization - [arm64] Add sysfs vulnerability show for spectre-v1 - [arm64] add sysfs vulnerability show for meltdown - [arm64] enable generic CPU vulnerabilites support - [arm64] Always enable ssb vulnerability detection - [arm64] Provide a command line to disable spectre_v2 mitigation - [arm64] Advertise mitigation of Spectre-v2, or lack thereof - [arm64] Always enable spectre-v2 vulnerability detection - [arm64] add sysfs vulnerability show for spectre-v2 - [arm64] add sysfs vulnerability show for speculative store bypass - [arm64] ssbs: Don't treat CPUs with SSBS as unaffected by SSB - [arm64] Force SSBS on context switch - [arm64] Use firmware to detect CPUs that are not affected by Spectre-v2 - [arm64] speculation: Support 'mitigations=' cmdline option - vfs: Fix EOVERFLOW testing in put_compat_statfs64 - cfg80211: add and use strongly typed element iteration macros - cfg80211: Use const more consistently in for_each_element macros - nl80211: validate beacon head (CVE-2019-16746) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.80 - panic: ensure preemption is disabled during panic() - f2fs: use EINVAL for superblock with invalid magic - USB: rio500: Remove Rio 500 kernel driver - USB: yurex: Don't retry on unexpected errors - USB: yurex: fix NULL-derefs on disconnect - USB: usb-skeleton: fix runtime PM after driver unbind - USB: usb-skeleton: fix NULL-deref on disconnect - xhci: Fix false warning message about wrong bounce buffer write length - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long - xhci: Check all endpoints for LPM timeout - xhci: Fix USB 3.1 capability detection on early xHCI 1.1 spec based hosts - usb: xhci: wait for CNR controller not ready bit in xhci resume - xhci: Prevent deadlock when xhci adapter breaks during init - xhci: Increase STS_SAVE timeout in xhci_suspend() - USB: adutux: fix use-after-free on disconnect - USB: adutux: fix NULL-derefs on disconnect - USB: adutux: fix use-after-free on release - USB: iowarrior: fix use-after-free on disconnect - USB: iowarrior: fix use-after-free on release - USB: iowarrior: fix use-after-free after driver unbind - USB: usblp: fix runtime PM after driver unbind - USB: chaoskey: fix use-after-free on release - USB: ldusb: fix NULL-derefs on driver unbind - serial: uartlite: fix exit path null pointer - USB: serial: keyspan: fix NULL-derefs on open() and write() - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 - USB: serial: option: add Telit FN980 compositions - USB: serial: option: add support for Cinterion CLS8 devices - USB: serial: fix runtime PM after driver unbind - USB: usblcd: fix I/O after disconnect - USB: microtek: fix info-leak at probe - USB: dummy-hcd: fix power budget for SuperSpeed mode - USB: legousbtower: fix slab info leak at probe - USB: legousbtower: fix deadlock on disconnect - USB: legousbtower: fix potential NULL-deref on disconnect - USB: legousbtower: fix open after failed reset request - USB: legousbtower: fix use-after-free on release - [x86] mei: me: add comet point (lake) LP device ids - [x86] mei: avoid FW version request on Ibex Peak and earlier - [armhf,arm64] iio: adc: axp288: Override TS pin bias current for some models - efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified - perf llvm: Don't access out-of-scope array - perf inject jit: Fix JIT_CODE_MOVE filename - blk-wbt: fix performance regression in wbt scale_up/scale_down - CIFS: Gracefully handle QueryInfo errors during open - CIFS: Force revalidate inode when dentry is stale - CIFS: Force reval dentry if LOOKUP_REVAL flag is set - kernel/sysctl.c: do not override max_threads provided by userspace - mm/vmpressure.c: fix a signedness bug in vmpressure_register_event() - gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic - btrfs: fix incorrect updating of log root tree - btrfs: fix uninitialized ret in ref-verify - NFS: Fix O_DIRECT accounting of number of bytes read/written - [mips*] elf_hwcap: Export userspace ASEs - ACPICA: ACPI 6.3: PPTT add additional fields in Processor Structure Flags - ACPI/PPTT: Add support for ACPI 6.3 thread flag - [arm64] topology: Use PPTT to determine if PE is a thread - vfs: Fix the locking in dcache_readdir() and friends - media: stkwebcam: fix runtime PM after driver unbind - [arm64] sve: Fix wrong free for task->thread.sve_state - [rt] tracing/hwlat: Report total time spent in all NMIs during the sample - [rt] tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency - ftrace: Get a reference counter for the trace_array on filter files - tracing: Get trace_array reference for available_tracers files - hwmon: Fix HWMON_P_MIN_ALARM mask - [x86] asm: Fix MWAITX C-state hint value - [x86] PCI: vmd: Fix config addressing when using bus offsets - perf/hw_breakpoint: Fix arch_hw_breakpoint use-before-initialization https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.81 - nvme-pci: Fix a race in controller removal - scsi: ufs: skip shutdown if hba is not powered - scsi: megaraid: disable device when probe failed after enabled device - scsi: qla2xxx: Fix unbound sleep in fcport delete path. - [armhf] OMAP2+: Fix missing reset done flag for am3 and am43 - [armhf] OMAP2+: Fix warnings with broken omap2_set_init_voltage() - xen/efi: Set nonblocking callbacks - nl80211: fix null pointer dereference - mac80211: fix txq null pointer dereference - netfilter: nft_connlimit: disable bh on garbage collection - [mips*el/loongson-3] Fix the link time qualifier of 'serial_exit()' - [arm64] net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() - lib: textsearch: fix escapes in example code - r8152: Set macpassthru in reset_resume callback - libata/ahci: Fix PCS quirk application - md/raid0: fix warning message for parameter default_layout - ocfs2: fix panic due to ocfs2_wq is null - ipv4: fix race condition between route lookup and invalidation - net: avoid potential infinite loop in tc_ctl_action() - net: ipv6: fix listify ip6_rcv_finish in case of forwarding - [armhf,arm64] net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow - sctp: change sctp_prot .no_autobind with true - memfd: Fix locking when tagging pins - USB: legousbtower: fix memleak on disconnect - ALSA: hda/realtek - Add support for ALC711 - [x86] ALSA: hda/realtek - Enable headset mic on Asus MJ401TA - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers - ALSA: hda - Force runtime PM on Nvidia HDMI codecs - USB: serial: ti_usb_3410_5052: fix port-close races - USB: ldusb: fix memleak on disconnect - USB: usblp: fix use-after-free on disconnect - USB: ldusb: fix read info leaks - [mips*] tlbex: Fix build_restore_pagemask KScratch restore - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS - [s390x] scsi: zfcp: fix reaction on bit error threshold notification - scsi: sd: Ignore a failure to sync cache due to lack of authorization - scsi: core: save/restore command resid for error handling - scsi: core: try to get module before removing device - scsi: ch: Make it possible to open a ch device multiple times again - Input: synaptics-rmi4 - avoid processing unknown IRQs - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() - cfg80211: wext: avoid copying malformed SSIDs (CVE-2019-17133) - mac80211: Reject malformed SSID elements - [x86] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 - drm/ttm: Restore ttm prefaulting - drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1 - drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store() - fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c - mm/memory-failure.c: don't access uninitialized memmaps in memory_failure() - mm/slub: fix a deadlock in show_slab_objects() - mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo - hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic() - mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once - EDAC/ghes: Fix Use after free in ghes_edac remove path - [arm64] Enable workaround for Cavium TX2 erratum 219 when running SMT - CIFS: avoid using MID 0xFFFF - CIFS: Fix use after free of file info structures - perf/aux: Fix AUX output stopping - tracing: Fix race in perf_trace_buf initialization - dm cache: fix bugs when a GFP_NOWAIT allocation fails - [amd64] boot: Make level2_kernel_pgt pages invalid outside kernel area - [x86] apic/x2apic: Fix a NULL pointer deref when handling a dying cpu - [x86] pinctrl: cherryview: restore Strago DMI workaround for all versions - [arm64] pinctrl: armada-37xx: fix control of pins 32 and up - [arm64] pinctrl: armada-37xx: swap polarity on LED group - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() - Btrfs: add missing extents release on file extent cluster relocation error - Btrfs: check for the full sync flag while holding the inode lock during fsync - btrfs: tracepoints: Fix bad entry members of qgroup events - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown - xen/netback: fix error path of xenvif_connect_data() - PCI: PM: Fix pci_power_up() - blk-rq-qos: fix first node deletion of rq_qos_del() - RDMA/cxgb4: Do not dma memory off of the stack (CVE-2019-17075) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.82 - zram: fix race between backing_dev_show and backing_dev_store - dm snapshot: introduce account_start_copy() and account_end_copy() - dm snapshot: rework COW throttling to fix deadlock - Btrfs: fix inode cache block reserve leak on failure to allocate data space - Btrfs: fix memory leak due to concurrent append writes with fiemap - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() - btrfs: tracepoints: Fix wrong parameter order for qgroup events - wil6210: fix freeing of rx buffers in EDMA mode - f2fs: flush quota blocks after turnning it off - scsi: lpfc: Fix a duplicate 0711 log message number. - f2fs: fix to recover inode's i_gc_failures during POR - f2fs: fix to recover inode->i_flags of inode block during POR - [x86] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override - [arm64,armel,armhf] usb: dwc2: fix unbalanced use of external vbus-supply - [x86] tools/power turbostat: fix goldmont C-state limit decoding - [x86] cpu: Add Atom Tremont (Jacobsville) - [arm64] drm/msm/dpu: handle failures while initializing displays - bcache: fix input overflow to writeback_rate_minimum - PCI: Fix Switchtec DMA aliasing quirk dmesg noise - Btrfs: fix deadlock on tree root leaf when finding free extent - netfilter: ipset: Make invalid MAC address checks consistent - HID: i2c-hid: Disable runtime PM for LG touchscreen - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels - HID: i2c-hid: Add Odys Winbook 13 to descriptor override - [x86] platform/x86: Add the VLV ISP PCI ID to atomisp2_pm - [x86] platform/x86: Fix config space access for intel_atomisp2_pm - ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 - HID: Add ASUS T100CHI keyboard dock battery quirks - NFSv4: Ensure that the state manager exits the loop on SIGKILL - HID: steam: fix boot loop with bluetooth firmware - HID: steam: fix deadlock with input devices. - [arm64,armhf] usb: dwc3: gadget: early giveback if End Transfer already completed - [arm64,armhf] usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete - ALSA: usb-audio: Cleanup DSD whitelist - usb: handle warm-reset port requests on hub resume - [armhf] rtc: pcf8523: set xtal load capacitance from DT - [arm64] Add MIDR encoding for HiSilicon Taishan CPUs - [arm64] kpti: Whitelist HiSilicon Taishan v110 CPUs - scsi: lpfc: Correct localport timeout duration error - CIFS: Respect SMB2 hdr preamble size in read responses - cifs: add credits from unmatched responses/messages - ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume - ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT - exec: load_script: Do not exec truncated interpreter path - [arm64,armhf] net: dsa: mv88e6xxx: Release lock while requesting IRQ - PCI/PME: Fix possible use-after-free on remove - [arm64,armhf] iio: adc: meson_saradc: Fix memory allocation order - [x86] iio: fix center temperature of bmc150-accel-core - perf map: Fix overlapped map handling - perf script brstackinsn: Fix recovery from LBR/binary mismatch - perf jevents: Fix period for Intel fixed counters - perf tools: Propagate get_cpuid() error - perf annotate: Propagate perf_env__arch() error - perf annotate: Fix the signedness of failure returns - perf annotate: Propagate the symbol__annotate() error return - perf annotate: Return appropriate error code for allocation failures - staging: rtl8188eu: fix null dereference when kzalloc fails - RDMA/hfi1: Prevent memory leak in sdma_init (CVE-2019-19065) - RDMA/iwcm: Fix a lock inversion issue - [x86] HID: hyperv: Use in-place iterator API in the channel callback - nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request - [arm64] ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 - [arm64] gpio: max77620: Use correct unit for debounce times - fs: cifs: mute -Wunused-const-variable message - [armhf] serial: mctrl_gpio: Check for NULL pointer - efi/cper: Fix endianness of PCIe class code - [x86] efi/x86: Do not clean dummy variable in kexec path - [x86] xen: Return from panic notifier - ocfs2: clear zero in unaligned direct IO - fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() - [arm64] armv8_deprecated: Checking return value for memory allocation - [x86] cpu: Add Comet Lake to the Intel CPU models header - sched/vtime: Fix guest/system mis-accounting on task switch - [x86] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp - drm/amdgpu: fix memory leak - iio: imu: adis16400: release allocated memory on failure (CVE-2019-19060) - [x86] virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr (CVE-2019-19048) - NFSv4: Fix leak of clp->cl_acceptor string - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 - iwlwifi: exclude GEO SAR support for 3168 - nbd: verify socket is supported during setup - USB: legousbtower: fix a signedness bug in tower_probe() - [x86] thunderbolt: Use 32-bit writes when writing ring producer/consumer - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() (CVE-2019-15098) - fuse: flush dirty data/metadata before non-truncate setattr - fuse: truncate pending writes on O_TRUNC - ALSA: bebob: Fix prototype of helper function to return negative value - ALSA: hda/realtek - Fix 2 front mics of codec 0x623 - ALSA: hda/realtek - Add support for ALC623 - UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") - USB: gadget: Reject endpoints with 0 maxpacket value - usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") - USB: ldusb: fix ring-buffer locking - USB: ldusb: fix control-message timeout - usb: xhci: fix __le32/__le64 accessors in debugfs code - USB: serial: whiteheat: fix potential slab corruption - USB: serial: whiteheat: fix line-speed endianness - scsi: target: cxgbit: Fix cxgbit_fw4_ack() - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override - HID: Fix assumption that devices have inputs - HID: fix error message in hid_open_report() - nl80211: fix validation of mesh path nexthop - [s390x] cmm: fix information leak in cmm_timeout_handler() - [s390x] idle: fix cpu idle time calculation - [arm64] Ensure VM_WRITE|VM_SHARED ptes are clean by default - rtlwifi: Fix potential overflow on P2P code (CVE-2019-17666) - [arm64] dmaengine: qcom: bam_dma: Fix resource leak - [armhf] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() - batman-adv: Avoid free/alloc race when handling OGM buffer - llc: fix sk_buff leak in llc_sap_state_process() - llc: fix sk_buff leak in llc_conn_service() - rxrpc: Fix call ref leak - rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record - rxrpc: Fix trace-after-put looking at the put peer record - NFC: pn533: fix use-after-free and memleaks - bonding: fix potential NULL deref in bond_update_slave_arr - net: usb: sr9800: fix uninitialized local variable - sch_netem: fix rcu splat in netem_enqueue() - ALSA: timer: Simplify error path in snd_timer_open() - ALSA: timer: Fix mutex deadlock at releasing card - ALSA: usb-audio: DSD auto-detection for Playback Designs - ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel - ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface - [ppc64el] powerpc/powernv: Fix CPU idle to be called with IRQs disabled - Revert "ALSA: hda: Flush interrupts on disabling" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.83 - regulator: of: fix suspend-min/max-voltage parsing - [arm64] dts: allwinner: a64: pine64-plus: Add PHY regulator delay - [arm64] arm64: dts: allwinner: a64: sopine-baseboard: Add PHY regulator delay - [armhf] regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone - [x86] ASoC: rt5682: add NULL handler to set_jack function - [armhf] regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized - [arm64,armhf] ASoc: rockchip: i2s: Fix RPM imbalance - [armel,armhf] mm: fix alignment handler faults under memory pressure - scsi: qla2xxx: fix a potential NULL pointer dereference - scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions - drm/amdgpu: fix potential VM faults - scsi: target: core: Do not overwrite CDB byte 1 - tracing: Fix "gfp_t" format for synthetic events - of: unittest: fix memory leak in unittest_data_add (CVE-2019-19049) - [arm64,armhf] irqchip/gic-v3-its: Use the exact ITSList for VMOVP - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs - nbd: protect cmd->status with cmd->lock - nbd: handle racing with error'ed out commands - cxgb4: fix panic when attaching to ULD fail - dccp: do not leak jiffies on the wire - erspan: fix the tun_info options_len check for erspan - inet: stop leaking jiffies on the wire - net: annotate accesses to sk->sk_incoming_cpu - net: annotate lockless accesses to sk->sk_napi_id - [armhf] net: dsa: bcm_sf2: Fix IMP setup for port different than 8 - net: fix sk_page_frag() recursion from memory reclaim - [arm64] net: hisilicon: Fix ping latency when deal with high throughput - net/mlx4_core: Dynamically set guaranteed amount of counters per VF - netns: fix GFP flags in rtnl_net_notifyid() - net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() - udp: fix data-race in udp_set_dev_scratch() - vxlan: check tun_info options_len properly - net: add skb_queue_empty_lockless() - udp: use skb_queue_empty_lockless() - net: use skb_queue_empty_lockless() in poll() handlers - net: use skb_queue_empty_lockless() in busy poll contexts - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() - ipv4: fix route update on metric change. - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget - r8169: fix wrong PHY ID issue with RTL8168dp - net/mlx5e: Fix ethtool self test: link speed - [armhf] net: dsa: b53: Do not clear existing mirrored port mask - [armhf] net: phy: bcm7xxx: define soft_reset for 40nm EPHY - net: usb: lan78xx: Connect PHY before registering MAC - [arm64,armhf] net: dsa: fix switch tree list - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 - net/flow_dissector: switch to siphash - wireless: Skip directory when generating certificates - [x86] platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table - [ppc64el] powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 - usb: gadget: udc: core: Fix segfault if udc_bind_to_driver() for pending driver fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.84 - bonding: fix state transition issue in link monitoring - CDC-NCM: handle incomplete transfer of MTU - ipv4: Fix table id reference in fib_sync_down_addr - [mips*] net: ethernet: octeon_mgmt: Account for second possible VLAN header - net: fix data-race in neigh_event_send() - net: usb: qmi_wwan: add support for DW5821e with eSIM support - nfc: netlink: fix double device reference drop - qede: fix NULL pointer deref in __qede_remove() - ipv6: fixes rt6_probe() and fib6_nh->last_probe init - [arm64] net: hns: Fix the stray netpoll locks causing deadlock in NAPI path - ALSA: timer: Fix in