-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Mar 2022 22:13:16 +0100 Source: linux Architecture: source Version: 4.19.232-1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 988044 989285 990411 994050 Changes: linux (4.19.232-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_<PERMS> with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT Checksums-Sha1: fe0a2f4bc0b9b634f23b8c40a3d3997187316390 191330 linux_4.19.232-1.dsc c94d8f642538de9d8f98a87993105e6d5c5ef021 107634972 linux_4.19.232.orig.tar.xz 0489e12227396fb56f38f21361e1e2cc96bf568b 1528664 linux_4.19.232-1.debian.tar.xz 49677d7715628ec947cc421cda0d80d15b675679 6460 linux_4.19.232-1_source.buildinfo Checksums-Sha256: 44c2356ba2ee59faa8748ae851f3862b4a369732bd2b1485d11c5c5565d3ae31 191330 linux_4.19.232-1.dsc efb63eb40947f9c1be7f17c89c61fe803e922a2046fc80c66f68cdc15f0f1be0 107634972 linux_4.19.232.orig.tar.xz e24c7e82fb82300269ebf3ec87bacd25f2d5449273487df4b936127bd802f7a6 1528664 linux_4.19.232-1.debian.tar.xz b79c8158e1d1eac42280b8a1d3fcd2804fe91c49569e21b4ded2f67f63cb0af6 6460 linux_4.19.232-1_source.buildinfo Files: a304d502e40128318be0242cc1a7fbbc 191330 kernel optional linux_4.19.232-1.dsc 12c69b3e24579704d33d3823804ca71b 107634972 kernel optional linux_4.19.232.orig.tar.xz 01d8b6ab09f3a04b44bbb2cec6e5d834 1528664 kernel optional linux_4.19.232-1.debian.tar.xz b8414cf5f538b368359f73b7355dc670 6460 kernel optional linux_4.19.232-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmImdc9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFZwP/0Wc40Dvc5P/XK2KOSF08VEXkEmz50q+ 66NrHK7i2y69KGTWVfyOn3Bg9rKw/kt8KKDGlYomRvAJJ2QbWQzP5sdEcYHtMYc4 By1UiG/fsiGxStLrWKeU9wnFczkTwaMgfs1cwleMm01vm/VADY4Us2Ds63cr+KVl /yYAbB3OYFMREw4n+64wT7/62f4RtigiGyeX72BYFNrOaPun8/NB3sfDwZohqBR4 TxHn3z2CYrB3YA8AexH7L8HP8WHkaI44HmSjYq9/b7TT0n6xBlnGmTYai69dzbbq p/MAU498Ez0vrCxgDCYvq5D9/xSVcOVxdVQ02p1SewC6DW2t0G7pKXWJBq92kIl0 /XY9Q70MLF2CP7FyaodJkX1C3yRX9pn7loZ89BbZ8uTvNhdM6yhhNb1zLjNIHkil SStwhK1eqGirgzcIAZ6LnMOrpaHetTbPK/7TE6o/o5PuEJYPscdVKeEGxHD+J0x2 kgxNOoWE81DONW3CmeX/NyGItSaeFJrGVhxh9W+mjD+wHzvWxC1lnUnprW9xpG0K ChyrN5Z3leG81BTQ2mfVZlJP5KyywbMEajtHUbcE+4K9/erCFUq6aK++a7pyMyws Sb+b2nAdKy+IwHmc2m4JhE27XUpbvKAu3fTVEkBC+S2IVzn4Lq3kPyoL25bzNiLc +lTL5SBlVek1 =9F+I -----END PGP SIGNATURE-----