-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 Mar 2022 16:40:47 +0100
Source: linux-signed-arm64
Architecture: source
Version: 5.10.106+1
Distribution: bullseye-proposed-updates
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-arm64 (5.10.106+1) bullseye; urgency=medium
.
* Sign kernel from linux 5.10.106-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- [arm*] i2c: bcm2835: Avoid clock stretching timeouts
- ASoC: rt5682: do not block workqueue if card is unbound
- regulator: core: fix false positive in regulator_late_cleanup()
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- [arm64] KVM: arm64: vgic: Read HW interrupt pending state from the HW
- tipc: fix a bit overflow in tipc_crypto_key_rcv()
- cifs: fix double free race when mount fails in cifs_get_root()
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
- usb: gadget: clear related members when goto fail (CVE-2022-24958)
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
- exfat: fix i_blocks for files truncated over 4 GiB
- tracing: Add test for user space strings when filtering on string pointers
- [armhf] serial: stm32: prevent TDR register overwrite when sending x_char
- ata: pata_hpt37x: fix PCI clock detection
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
- tracing: Add ustring operation to filtering string pointers
- [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- [amd64] iommu/amd: Recover from event log overflow
- [x86] drm/i915: s/JSP2/ICP2/ PCH
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- bpf, sockmap: Do not ignore orig_len parameter
- xfrm: fix the if_id check in changelink
- xfrm: enforce validity of offload input flags
- e1000e: Correct NVM checksum verification flow
- net: fix up skbs delta_truesize in UDP GRO frag_list
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- netfilter: nf_queue: handle socket prefetch
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: ipv6: ensure we call ipv6_mc_down() at most once
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix connection leak
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- rcu/nocb: Fix missed nocb_timer requeue
- ice: Fix race conditions between virtchnl handling and VF ndo ops
- ice: fix concurrent reset and removal of VFs
- sched/topology: Make sched_init_numa() use a set for the deduplicating
sort
- sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- mac80211: treat some SAE auth steps as final
- iavf: Fix missing check for running netdev
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- igc: igc_read_phy_reg_gpy: drop premature return
- [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
functions
- [arm64,armhf] pinctrl: sunxi: Use unique lockdep classes for IRQs
- igc: igc_write_phy_reg_gpy: drop premature return
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- [armhf] dts: switch timer config to common devkit8000 devicetree
- [armhf] dts: Use 32KiHz oscillator on devkit8000
- [arm64] soc: fsl: guts: Revert commit 3c0d64e867ed
- [arm64] soc: fsl: guts: Add a missing memory allocation failure check
- [armhf] tegra: Move panels to AUX bus
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- iavf: Refactor iavf state machine tracking
- nl80211: Handle nla_memdup failures in handle_nan_filter
- drm/amdgpu: fix suspend/resume hang regression
- net: dcb: disable softirqs in dcbnl_flush_dev()
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_DICTATE
- HID: add mapping for KEY_ALL_APPLICATIONS
- tracing/histogram: Fix sorting on old "cpu" value
- tracing: Fix return value of __setup handlers
- btrfs: fix lost prealloc extents beyond eof after full fsync
- btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
- btrfs: add missing run of delayed items after unlink during log replay
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
- hamradio: fix macro redefine warning
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.105
- [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
- [armhf] report Spectre v2 status through sysfs
- [armel,armhf] early traps initialisation
- [armel,armhf] use LOADADDR() to get load address of sections
- [armel,armhf] Spectre-BHB workaround
- [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
- [arm64] cputype: Add CPU implementor & types for the Apple M1 cores
- [arm64] Add Neoverse-N2, Cortex-A710 CPU part definition
- [arm64] Add Cortex-X2 CPU part definition
- [arm64] Add Cortex-A510 CPU part definition
- [arm64] Add HWCAP for self-synchronising virtual counter
- [arm64] add ID_AA64ISAR2_EL1 sys register
- [arm64] cpufeature: add HWCAP for FEAT_AFP
- [arm64] cpufeature: add HWCAP for FEAT_RPRES
- [arm64] entry.S: Add ventry overflow sanity checks
- [arm64] spectre: Rename spectre_v4_patch_fw_mitigation_conduit
- [arm64] entry: Make the trampoline cleanup optional
- [arm64] entry: Free up another register on kpti's tramp_exit path
- [arm64] entry: Move the trampoline data page before the text page
- [arm64] entry: Allow tramp_alias to access symbols after the 4K boundary
- [arm64] entry: Don't assume tramp_vectors is the start of the vectors
- [arm64] entry: Move trampoline macros out of ifdef'd section
- [arm64] entry: Make the kpti trampoline's kpti sequence optional
- [arm64] entry: Allow the trampoline text to occupy multiple pages
- [arm64] entry: Add non-kpti __bp_harden_el1_vectors for mitigations
- [arm64] entry: Add vectors that have the bhb mitigation sequences
- [arm64] entry: Add macro for reading symbol addresses from the trampoline
- [arm64] Add percpu vectors for EL1
- [arm64] proton-pack: Report Spectre-BHB vulnerabilities as part of
Spectre-v2
- [arm64] KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
- [arm64] Mitigate spectre style branch history side channels
- [arm64] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
migrated
- [arm64] Use the clearbhb instruction in mitigations
- [arm64] proton-pack: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- [armel,armhf] fix co-processor register typo
- [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
- [armhf] fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
(CVE-2022-23040, XSA-396)
- xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
CVE-2022-23038, XSA-396)
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23036, XSA-396)
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23037, XSA-396)
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23038, XSA-396)
- xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
XSA-396)
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
(CVE-2022-23041, XSA-396)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
(CVE-2022-23042, XSA-396)
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106
- [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay
- [arm64] dts: armada-3720-turris-mox: Add missing ethernet0 alias
- tipc: fix kernel panic when enabling bearer
- mISDN: Remove obsolete PIPELINE_DEBUG debugging information
- mISDN: Fix memory leak in dsp_pipeline_build()
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare()
- esp: Fix BEET mode inter address family tunneling on GSO
- qed: return status of qed_iov_get_link
- i40e: stop disabling VFs due to PF error responses
- ice: stop disabling VFs due to PF error responses
- ice: Align macro names to the specification
- ice: Remove unnecessary checker loop
- ice: Rename a couple of variables
- ice: Fix curr_link_speed advertised speed
- tipc: fix incorrect order of state message data sanity check
- [armhf] net: ethernet: ti: cpts: Handle error for clk_enable
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
- net/mlx5: Fix size field in bufferx_reg struct
- net/mlx5: Fix a race on command flush flow
- net/mlx5e: Lag, Only handle events from highest priority multipath entry
- NFC: port100: fix use-after-free in port100_send_complete
- net: phy: DP83822: clear MISR2 register to disable interrupts
- sctp: fix kernel-infoleak for SCTP sockets
- [arm64] net: bcmgenet: Don't claim WOL when its not available
- [arm64,armhf] spi: rockchip: Fix error in getting num-cs property
- [arm64,armhf] spi: rockchip: terminate dma transmission when slave abort
- net-sysfs: add check for netdevice being present to speed_show
- [armhf] hwmon: (pmbus) Clear pmbus fault/warning bits after read
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL
- Revert "xen-netback: remove 'hotplug-status' once it has served its
purpose"
- Revert "xen-netback: Check for hotplug-status existence before watching"
- ipv6: prevent a possible race condition with lifetimes
- tracing: Ensure trace buffer is at least 4096 bytes large
- fuse: fix pipe buffer lifetime for direct_io
- staging: rtl8723bs: Fix access-point mode deadlock
- [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
- [arm64] mmc: meson: Fix usage of meson_mmc_post_req()
- [arm64] dts: marvell: armada-37xx: Remap IO space to bus address 0x0
- virtio: unexport virtio_finalize_features
- virtio: acknowledge all features before access
- watch_queue, pipe: Free watchqueue state after clearing pipe ring
(CVE-2022-0995)
- watch_queue: Fix to release page in ->release() (CVE-2022-0995)
- watch_queue: Fix to always request a pow-of-2 pipe ring size
(CVE-2022-0995)
- watch_queue: Fix the alloc bitmap size to reflect notes allocated
(CVE-2022-0995)
- watch_queue: Free the alloc bitmap when the watch_queue is torn down
(CVE-2022-0995)
- watch_queue: Fix lack of barrier/sync/lock between post and read
(CVE-2022-0995)
- watch_queue: Make comment about setting ->defunct more accurate
(CVE-2022-0995)
- [x86] boot: Fix memremap of setup_indirect structures
- [x86] boot: Add setup_indirect support in early_memremap_is_setup_data()
- [x86] traps: Mark do_int3() NOKPROBE_SYMBOL
- ext4: add check to prevent attempting to resize an fs with sparse_super2
- [armel,armhf] fix Thumb2 regression with Spectre BHB
- watch_queue: Fix filter limit check ((CVE-2022-0995)
.
[ Salvatore Bonaccorso ]
* Bump ABI to 13
* [rt] Update to 5.10.104-rt63
* [rt] Update to 5.10.106-rt64
* sctp: fix the processing for INIT chunk (CVE-2021-3772)
* tcp: make tcp_read_sock() more robust
* io_uring: return back safer resurrect
* [arm64] kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
Checksums-Sha1:
d6338d46391eac130bc20a77aac53fba21134d8c 7340 linux-signed-arm64_5.10.106+1.dsc
7e45ebb8e68c6d7181211224fb23e1e6f9de6798 2489828 linux-signed-arm64_5.10.106+1.tar.xz
Checksums-Sha256:
bdfed295d319f1e48e778e020fb186057ad2af97f07e9390055ecd799166ce36 7340 linux-signed-arm64_5.10.106+1.dsc
1f7d0ffd89430e418df51d830dab2c2694ecf74f701db986a937387cca1354ca 2489828 linux-signed-arm64_5.10.106+1.tar.xz
Files:
77d6fc66a418270b066ddf0ef7446df9 7340 kernel optional linux-signed-arm64_5.10.106+1.dsc
6960684dcdf2e254de41f37c2a4c221e 2489828 kernel optional linux-signed-arm64_5.10.106+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmI0kLgACgkQi0FRiLdO
NzYZeQ/9Gej1PN0nMUSUDZmA1fBT8d637JAb4Eslwd+bOxp8hJkbDWUT1z1bCs2Q
AjvCdvQM1j0W/t677IBTmgSyMqy6LBgMNcXinObZchL+SgYqoXfBKaWyPg2MvK4V
/TGenBF2S43CeIf7MjAXO4PgwQBK2Bf77xFVhDm5kSXE8HvP3lcKJc9gIjDEYlDh
SADji/i35Ajx+LOvJgnRiDp8mQ64Kw6y3wS1hI+tyA3XGd83WtVUe7a688/0yTZ5
ZlNWv5Kms5SZsazRLFIEpkRybOXSz0e0F8WGF4QTIfAxJ+I9Fycg/yuKtfvrJts+
MWa7iLkYTrotsvNGOMaOCu2WCHdeEa+KuETIws+RN73MwqjfHwKnDOdhPiGPBeP8
poyWXrpucAGXkB/Lmp0tjj4zli9P/EJHHLE9Mav88SJK1faytSMKzfs9gzIhjTC4
R0T5y5kupJ7klYSXnQEKrVFhPhU2ZjB6eOE+r3K57hHIpQKDGYdrew5Xn3ZUeCYY
ryE6uit4niq9tJ1nbWcrLhJ777ILHbhIXdixmg8N03mfjye3E6wkdtteSzJV2eit
QWXleaAbn2++Us0wU6ZWSEfZfwqjPLhOyV7q1XQ++edaa/WiXEY9QDw8Uly29Nyo
UukGX2h20AOauXVmiFjcIhuR6/jxIxG/0+ad5jX0b0u1OpnxXog=
=Hlnr
-----END PGP SIGNATURE-----
