-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jun 2022 22:46:49 +0200 Source: linux Architecture: source Version: 5.10.120-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <benh@debian.org> Closes: 1006346 1007799 1008299 Changes: linux (5.10.120-1~bpo10+1) buster-backports; urgency=high . * Rebuild for buster-backports: - Change ABI number to 0.bpo.15 . linux (5.10.120-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.114 - USB: quirks: add a Realtek card reader - USB: quirks: add STRING quirk for VCOM device - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions - xhci: Enable runtime PM on second Alderlake controller - xhci: stop polling roothubs after shutdown - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms - iio: dac: ad5592r: Fix the missing return value. - iio: dac: ad5446: Fix read_raw not returning set value - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() - iio: imu: inv_icm42600: Fix I2C init possible nack - usb: misc: fix improper handling of refcount in uss720_probe() - [arm64,x86] usb: typec: ucsi: Fix reuse of completion structure - [arm64,x86] usb: typec: ucsi: Fix role swapping - usb: gadget: uvc: Fix crash when encoding data for usb request - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() - [arm64,armhf] usb: dwc3: Try usb-role-switch first in dwc3_drd_init - [arm64,armhf] usb: dwc3: core: Fix tx/rx threshold settings - [arm64,armhf] usb: dwc3: core: Only handle soft-reset in DCTL - [arm64,armhf] usb: dwc3: gadget: Return proper request status - [arm*] usb: phy: generic: Get the vbus supply - [arm64,armhf] serial: imx: fix overrun interrupts in DMA mode - serial: 8250: Also set sticky MCR bits in console restoration - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device - [arm64,armhf] arch_topology: Do not set llc_sibling if llc_id is invalid - hex2bin: make the function hex_to_bin constant-time - hex2bin: fix access beyond string end - iocost: don't reset the inuse weight of under-weighted debtors - video: fbdev: udlfb: properly check endpoint type - iio:imu:bmi160: disable regulator in error path - USB: Fix xhci event ring dequeue pointer ERDP update issue - [armhf] phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe - [armhf] phy: samsung: exynos5250-sata: fix missing device put in probe error paths - [armhf] OMAP2+: Fix refcount leak in omap_gic_of_init - [armhf] bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific - [armhf] phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks - [armhf] dts: am3517-evm: Fix misc pinmuxing - [armhf] dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 - ipvs: correctly print the memory size of ip_vs_conn_tab - [armhf] pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI - [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_link_register_of - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook - [arm64,armhf] pinctrl: rockchip: fix RK3308 pinmux bits - tcp: md5: incorrect tcp_header_len for incoming connections - [armhf] pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested - tcp: ensure to use the most recently sent skb when filling the rate sample - wireguard: device: check for metadata_dst with skb_valid_dst() - sctp: check asoc strreset_chunk in sctp_generate_reconf_event - [arm64] dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock - [arm64] net: hns3: modify the return code of hclge_get_ring_chain_from_mbx - [arm64] net: hns3: add validity check for message data length - [arm64] net: hns3: add return value for mailbox handling in PF - net/smc: sync err code when tcp connection was refused - ip_gre: Make o_seqno start from 0 in native mode - ip6_gre: Make o_seqno start from 0 in native mode - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT - tcp: make sure treq->af_specific is initialized - [arm64,armhf] bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() - [arm64,armhf] clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() - [arm64] net: bcmgenet: hide status block before TX timestamping - net: phy: marvell10g: fix return value on error - bnx2x: fix napi API usage sequence - [arm64,armhf] net: fec: add missing of_node_put() in fec_enet_init_stop_mode() - ixgbe: ensure IPsec VF<->PF compatibility - tcp: fix F-RTO may not work correctly when receiving DSACK - [x86] ASoC: Intel: soc-acpi: correct device endpoints for max98373 - ext4: fix bug_on in start_this_handle during umount filesystem - [amd64] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 - cifs: destage any unwritten data to the server before calling copychunk_write - [x86] drivers: net: hippi: Fix deadlock in rr_close() - zonefs: Fix management of open zones - zonefs: Clear inode information flags on inode creation - [x86] drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses - [armhf] net: ethernet: stmmac: fix write to sgmii_adapter_base - [x86] thermal: int340x: Fix attr.show callback prototype - [x86] cpu: Load microcode during restore_processor_state() - tty: n_gsm: fix restart handling via CLD command - tty: n_gsm: fix decoupled mux resource - tty: n_gsm: fix mux cleanup after unregister tty device - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 - tty: n_gsm: fix malformed counter for out of frame data - netfilter: nft_socket: only do sk lookups when indev is available - tty: n_gsm: fix insufficient txframe size - tty: n_gsm: fix wrong DLCI release order - tty: n_gsm: fix missing explicit ldisc flush - tty: n_gsm: fix wrong command retry handling - tty: n_gsm: fix wrong command frame length field encoding - tty: n_gsm: fix reset fifo race condition - tty: n_gsm: fix incorrect UA handling - tty: n_gsm: fix software flow control handling https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115 - [mips*] Fix CP0 counter erratum detection for R4k CPUs - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes - [arm64] mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC - mmc: core: Set HS clock speed before sending HS CMD13 - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' - [x86] KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id - [amd64] iommu/vt-d: Calculate mask for non-aligned flushes - Revert "SUNRPC: attempt AF_LOCAL connect on setup" - firewire: fix potential uaf in outbound_phy_packet_callback() - firewire: remove check of list iterator against head past the loop body - firewire: core: extend card->lock in fw_core_handle_bus_reset - net: stmmac: disable Split Header (SPH) for Intel platforms - genirq: Synchronize interrupt thread startup - ASoC: da7219: Fix change notifications for tone generator frequency - [s390x] dasd: fix data corruption for ESE devices - [s390x] dasd: prevent double format of tracks for ESE devices - [s390x] dasd: Fix read for ESE with blksize < 4k - [s390x] dasd: Fix read inconsistency for ESE DASD devices - can: isotp: remove re-binding of bound socket - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975) - [arm64,armhf] gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) - hwmon: (adt7470) Fix warning on module removal - [arm*] ASoC: dmaengine: Restore NULL prepare_slave_config() callback - net/mlx5e: Fix trust state reset in reload - net/mlx5e: Don't match double-vlan packets if cvlan is not set - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release - net/mlx5e: Fix the calling of update_buffer_lossy() API - net/mlx5: Avoid double clear or set of sync reset requested - NFSv4: Don't invalidate inode attributes on delegation return - [arm64,armhf] net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() - [armhf] net: cpsw: add missing of_node_put() in cpsw_probe_dt() - hinic: fix bug of wq out of bound access - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag - bnxt_en: Fix unnecessary dropping of RX packets - [arm64,armhf] smsc911x: allow using IRQ0 - btrfs: always log symlinks in full mode - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() - [x86] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu - [x86] kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume - [x86] KVM: x86: Do not change ICR on write to APIC_SELF_IPI - [x86] KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs - [x86] KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised - rcu: Fix callbacks processing time limit retaining cond_resched() - rcu: Apply callbacks processing time limit only on softirq - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (CVE-2022-0494) - dm: interlock pending dm_io and dm_wait_for_bios_completion - [arm64] PCI: aardvark: Clear all MSIs at setup - [arm64] PCI: aardvark: Fix reading MSI interrupt number - mmc: rtsx: add 74 Clocks in power on flow https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.116 - regulator: consumer: Add missing stubs to regulator/consumer.h - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - nfp: bpf: silence bitwise vs. logical OR warning - Bluetooth: Fix the creation of hdev->name - mm: fix missing cache flush for all tail pages of compound page - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.117 - batman-adv: Don't skb_split skbuffs with frag_list - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing - hwmon: (tmp401) Add OF device ID table - mac80211: Reset MBSSID parameters upon connection - net: Fix features skip in for_each_netdev_feature() - [arm64] net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted - [arm64] net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups - [arm64] net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 - [arm64] net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters - ipv4: drop dst in multicast routing path - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() - netlink: do not reset transport header in netlink_recvmsg() - sfc: Use swap() instead of open coding it - net: sfc: fix memory leak due to ptp channel - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - nfs: fix broken handling of the softreval mount option - dim: initialize all struct fields - [s390x] ctcm: fix variable dereferenced before check - [s390x] ctcm: fix potential memory leak - [s390x] lcs: fix variable dereferenced before check - net/sched: act_pedit: really ensure the skb is writable - [arm64] net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral - [armhf] net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - gfs2: Fix filesystem block deallocation for short writes - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT - tcp: resalt the secret every 10 seconds (CVE-2022-1012) - firmware_loader: use kernel credentials when reading firmware - tty: n_gsm: fix mux activation issues in gsm_config() - usb: cdc-wdm: fix reading stuck on device close - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - ceph: fix setting of xattrs on async created inodes - drm/nouveau/tegra: Stop using iommu_present() - i40e: i40e_main: fix a missing check on list iterator - [amd64,arm64] net: atlantic: always deep reset on pm op, fixing up my null deref regression - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - [x86] drm/vmwgfx: Initialize drm_mode_fb_cmd2 - SUNRPC: Clean up scheduling of autoclose - SUNRPC: Prevent immediate close+reconnect - SUNRPC: Don't call connect() more than once on a TCP socket - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (CVE-2022-28893) - net: phy: Fix race condition on link status change - [arm*] arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map - ping: fix address binding wrt vrf - usb: gadget: uvc: rename function to be more consistent - usb: gadget: uvc: allow for application to cleanly shutdown - io_uring: always use original task when preparing req identity (CVE-2022-1786) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.118 - io_uring: always grab file table for deferred statx - floppy: use a statically allocated error counter - [x86] Revert "drm/i915/opregion: check port number bounds for SWSCI display power state" - igc: Remove _I_PHY_ID checking - igc: Remove phy->type checking - igc: Update I226_K device ID - rtc: fix use-after-free on device removal - [arm64] rtc: pcf2127: fix bug when reading alarm registers - Input: add bounds checking to input_set_capability() - nvme-pci: add quirks for Samsung X5 SSDs - gfs2: Disable page faults during lockless buffered reads - [arm64,armhf] rtc: sun6i: Fix time overflow handling - [armhf] crypto: stm32 - fix reference leak in stm32_crc_remove - [amd64] crypto: x86/chacha20 - Avoid spurious jumps to other functions - ALSA: hda/realtek: Enable headset mic on Lenovo P360 - [s390x] pci: improve zpci_dev reference counting - nvme-multipath: fix hang when disk goes live over reconnect - rtc: mc146818-lib: Fix the AltCentury for AMD platforms - fs: fix an infinite loop in iomap_fiemap - drbd: remove usage of list iterator variable after loop - [arm64] platform/chrome: cros_ec_debugfs: detach log reader wq from devm - [armel,armhf] 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() - nilfs2: fix lockdep warnings in page operations for btree nodes - nilfs2: fix lockdep warnings during disk space reclamation - Revert "swiotlb: fix info leak with DMA_FROM_DEVICE" - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854) - ALSA: usb-audio: Restore Rane SL-1 quirk - [i386] ALSA: wavefront: Proper check of get_user() error - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729) - selinux: fix bad cleanup on error in hashtab_duplicate() - Fix double fget() in vhost_net_set_backend() - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold - [x86] KVM: x86/mmu: Update number of zapped pages even if page list is stable - [arm64] paravirt: Use RCU read locks to guard stolen_time - [arm64] mte: Ensure the cleared tags are visible before setting the PTE - [arm64] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ - libceph: fix potential use-after-free on linger ping and resends - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace - [armhf] pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl - [arm64] net: macb: Increment rx bd head after allocating skb and buffer - net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm - xfrm: Add possibility to set the default to block if we have no policy - net: xfrm: fix shift-out-of-bounce - xfrm: make user policy API complete - xfrm: notify default policy on update - xfrm: fix dflt policy check when there is no policy configured - xfrm: rework default policy structure - xfrm: fix "disable_policy" flag use when arriving from different devices - net/sched: act_pedit: sanitize shift argument before usage - [x86] net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() - [x86] net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() - ice: fix possible under reporting of ethtool Tx and Rx statistics - net/qla3xxx: Fix a test in ql_reset_work() - net/mlx5e: Properly block LRO when XDP is enabled - net: af_key: add check for pfkey_broadcast in function pfkey_process - [armhf] 9196/1: spectre-bhb: enable for Cortex-A15 - [armel,armhf] 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 - igb: skip phy status check where unavailable - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. - [arm*] gpio: mvebu/pwm: Refuse requests with inverted polarity - scsi: qla2xxx: Fix missed DMA unmap for aborted commands - mac80211: fix rx reordering with non explicit / psmp ack policy - nl80211: validate S1G channel width - nl80211: fix locking in nl80211_set_tx_bitrate_mask() - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() - [amd64,arm64] net: atlantic: fix "frag[0] not initialized" - [amd64,arm64] net: atlantic: reduce scope of is_rsc_complete - [amd64,arm64] net: atlantic: add check for MAX_SKB_FRAGS - [amd64,arm64] net: atlantic: verify hw_head_ lies within TX buffer ring - [arm64] Enable repeat tlbi workaround on KRYO4XX gold CPUs - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group - afs: Fix afs_getattr() to refetch file status if callback break occurred - include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.119 - lockdown: also lock down previous kgdb use (CVE-2022-21499) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() - [x86] KVM: x86: Properly handle APF vs disabled LAPIC situation - [x86] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789) - tcp: change source port randomizarion at connect() time - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012) - ACPI: sysfs: Make sparse happy about address space in use - ACPI: sysfs: Fix BERT error region memory mapping - random: avoid arch_get_random_seed_long() when collecting IRQ randomness - random: remove dead code left over from blocking pool - MAINTAINERS: co-maintain random.c - MAINTAINERS: add git tree for random.c - crypto: lib/blake2s - Move selftest prototype into header file - crypto: blake2s - define shash_alg structs using macros - [amd64] crypto: x86/blake2s - define shash_alg structs using macros - crypto: blake2s - remove unneeded includes - crypto: blake2s - move update and final logic to internal/blake2s.h - crypto: blake2s - share the "shash" API boilerplate code - crypto: blake2s - optimize blake2s initialization - crypto: blake2s - add comment for blake2s_state fields - crypto: blake2s - adjust include guard naming - crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> - lib/crypto: blake2s: include as built-in - lib/crypto: blake2s: move hmac construction into wireguard - lib/crypto: sha1: re-roll loops to reduce code size - lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI - random: document add_hwgenerator_randomness() with other input functions - random: remove unused irq_flags argument from add_interrupt_randomness() - random: use BLAKE2s instead of SHA1 in extraction - random: do not sign extend bytes for rotation when mixing - random: do not re-init if crng_reseed completes before primary init - random: mix bootloader randomness into pool - random: harmonize "crng init done" messages - random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs - random: early initialization of ChaCha constants - random: avoid superfluous call to RDRAND in CRNG extraction - random: don't reset crng_init_cnt on urandom_read() - random: fix typo in comments - random: cleanup poolinfo abstraction - random: cleanup integer types - random: remove incomplete last_data logic - random: remove unused extract_entropy() reserved argument - random: rather than entropy_store abstraction, use global - random: remove unused OUTPUT_POOL constants - random: de-duplicate INPUT_POOL constants - random: prepend remaining pool constants with POOL_ - random: cleanup fractional entropy shift constants - random: access input_pool_data directly rather than through pointer - random: selectively clang-format where it makes sense - random: simplify arithmetic function flow in account() - random: continually use hwgenerator randomness - random: access primary_pool directly rather than through pointer - random: only call crng_finalize_init() for primary_crng - random: use computational hash for entropy extraction - random: simplify entropy debiting - random: use linear min-entropy accumulation crediting - random: always wake up entropy writers after extraction - random: make credit_entropy_bits() always safe - random: remove use_input_pool parameter from crng_reseed() - random: remove batched entropy locking - random: fix locking in crng_fast_load() - random: use RDSEED instead of RDRAND in entropy extraction - random: get rid of secondary crngs - random: inline leaves of rand_initialize() - random: ensure early RDSEED goes through mixer on init - random: do not xor RDRAND when writing into /dev/random - random: absorb fast pool into input pool after fast load - random: use simpler fast key erasure flow on per-cpu keys - random: use hash function for crng_slow_load() - random: make more consistent use of integer types - random: remove outdated INT_MAX >> 6 check in urandom_read() - random: zero buffer after reading entropy from userspace - random: fix locking for crng_init in crng_reseed() - random: tie batched entropy generation to base_crng generation - random: remove ifdef'd out interrupt bench - random: remove unused tracepoints - random: add proper SPDX header - random: deobfuscate irq u32/u64 contributions - random: introduce drain_entropy() helper to declutter crng_reseed() - random: remove useless header comment - random: remove whitespace and reorder includes - random: group initialization wait functions - random: group crng functions - random: group entropy extraction functions - random: group entropy collection functions - random: group userspace read/write functions - random: group sysctl functions - random: rewrite header introductory comment - random: defer fast pool mixing to worker - random: do not take pool spinlock at boot - random: unify early init crng load accounting - random: check for crng_init == 0 in add_device_randomness() - random: pull add_hwgenerator_randomness() declaration into random.h - random: clear fast pool, crng, and batches in cpuhp bring up - random: round-robin registers as ulong, not u32 - random: only wake up writers after zap if threshold was passed - random: cleanup UUID handling - random: unify cycles_t and jiffies usage and types - random: do crng pre-init loading in worker rather than irq - random: give sysctl_random_min_urandom_seed a more sensible value - random: don't let 644 read-only sysctls be written to - random: replace custom notifier chain with standard one - random: use SipHash as interrupt entropy accumulator - random: make consistent usage of crng_ready() - random: reseed more often immediately after booting - random: check for signal and try earlier when generating entropy - random: skip fast_init if hwrng provides large chunk of entropy - random: treat bootloader trust toggle the same way as cpu trust toggle - random: re-add removed comment about get_random_{u32,u64} reseeding - random: mix build-time latent entropy into pool at init - random: do not split fast init input in add_hwgenerator_randomness() - random: do not allow user to keep crng key around on stack - random: check for signal_pending() outside of need_resched() check - random: check for signals every PAGE_SIZE chunk of /dev/[u]random - random: allow partial reads if later user copies fail - random: make random_get_entropy() return an unsigned long - random: document crng_fast_key_erasure() destination possibility - random: fix sysctl documentation nits - init: call time_init() before rand_initialize() - [s390x] define get_cycles macro for arch-override - [powerpc*] define get_cycles macro for arch-override - timekeeping: Add raw clock fallback for random_get_entropy() - [mips*] use fallback for random_get_entropy() instead of just c0 random - [arm*] use fallback for random_get_entropy() instead of zero - [x86] tsc: Use fallback for random_get_entropy() instead of zero - random: insist on random_get_entropy() existing in order to simplify - random: do not use batches when !crng_ready() - random: use first 128 bits of input as fast init - random: do not pretend to handle premature next security model - random: order timer entropy functions below interrupt functions - random: do not use input pool from hard IRQs - random: help compiler out with fast_mix() by using simpler arguments - siphash: use one source of truth for siphash permutations - random: use symbolic constants for crng_init states - random: avoid initializing twice in credit race - random: move initialization out of reseeding hot path - random: remove ratelimiting for in-kernel unseeded randomness - random: use proper jiffies comparison macro - random: handle latent entropy and command line from random_init() - random: credit architectural init the exact amount - random: use static branch for crng_ready() - random: remove extern from functions in header - random: use proper return types on get_random_{int,long}_wait() - random: make consistent use of buf and len - random: move initialization functions out of hot pages - random: move randomize_page() into mm where it belongs - random: unify batched entropy implementations - random: convert to using fops->read_iter() - random: convert to using fops->write_iter() - random: wire up fops->splice_{read,write}_iter() - random: check for signals after page of pool writes - ALSA: ctxfi: Add SB046x PCI ID https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.120 - percpu_ref_init(): clean ->percpu_count_ref on failure - net: af_key: check encryption module availability consistency - nfc: pn533: Fix buggy cleanup order - [armhf] net: ftgmac100: Disable hardware checksum on AST2600 - [x86] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging - [arm64] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-1966) - pipe: make poll_usage boolean and annotate its access - pipe: Fix missing lock in pipe_resize_ring() (ZDI-CAN-17291) - cfg80211: set custom regdomain after wiphy registration - assoc_array: Fix BUG_ON during garbage collect - io_uring: don't re-import iovecs from callbacks - io_uring: fix using under-expanded iters - xfs: detect overflows in bmbt records - xfs: show the proper user quota options - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks - xfs: fix an ABBA deadlock in xfs_rename - xfs: Fix CIL throttle hang when CIL space used going backwards - exfat: check if cluster num is valid - crypto: drbg - prepare for more fine-grained tracking of seeding state - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() - crypto: drbg - make reseeding from get_random_bytes() synchronous - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (CVE-2022-1972) - netfilter: conntrack: re-fetch conntrack after insertion - [x86] kvm: Alloc dummy async #PF token outside of raw spinlock - [x86] kvm: use correct GFP flags for preemption disabled - [x86] KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852) - [arm64] crypto: caam - fix i.MX6SX entropy delay value - crypto: ecrdsa - Fix incorrect use of vli_cmp - zsmalloc: fix races between asynchronous zspage free and page migration - Bluetooth: hci_qca: Use del_timer_sync() before freeing - dm integrity: fix error code in dm_integrity_ctr() - dm crypt: make printing of the key constant-time - dm stats: add cond_resched when looping over entries - dm verity: set DM_TARGET_IMMUTABLE feature flag - raid5: introduce MD_BROKEN - HID: multitouch: Add support for Google Whiskers Touchpad - HID: multitouch: add quirks to enable Lenovo X12 trackpoint - tpm: Fix buffer access in tpm2_get_tpm_pt() - docs: submitting-patches: Fix crossref to 'The canonical patch format' - NFS: Memory allocation failures are not server fatal errors - NFSD: Fix possible sleep during nfsd4_release_lockowner() - bpf: Fix potential array overflow in bpf_trampoline_get_progs() - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes . [ Salvatore Bonaccorso ] * [rt] Update to 5.10.115-rt67 * Bump ABI to 15 * [rt] Drop "random: Make it work on rt" . [ Mateusz Łukasik ] * [armhf] drivers/thermal: Enable SUN8I_THERMAL as module (Closes: #1007799) . linux (5.10.113-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.107 - Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" (Closes: #1008299) - xfrm: Check if_id in xfrm_migrate - xfrm: Fix xfrm migrate issues when address family changes - mac80211: refuse aggregations sessions before authorized - [mips64el,mipsel] smp: fill in sibling and core maps earlier - [x86] atm: firestream: check the return value of ioremap() in fs_init() - iwlwifi: don't advertise TWT support - drm/vrr: Set VRR capable prop only if it is attached to connector - nl80211: Update bss channel on channel switch for P2P_CLIENT - sfc: extend the locking on mcdi->seqno https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.108 - [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled - ocfs2: fix crash when initialize filecheck kobj fails - mm: swap: get rid of livelock in swapin readahead - efi: fix return value of __setup handlers - vsock: each transport cycles only on its own sockets - esp6: fix check on ipv6_skip_exthdr's return value - net: phy: marvell: Fix invalid comparison in the resume and suspend functions - net/packet: fix slab-out-of-bounds access in packet_recvmsg() - atm: eni: Add check for dma_map_single - [x86] hv_netvsc: Add check for kvmalloc_array - [armhf] drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() - [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() - [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of - net: phy: mscc: Add MODULE_FIRMWARE macros - bnx2x: fix built-in kernel driver load failure - [arm64] net: bcmgenet: skip invalid partial checksums - [arm64] net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload - usb: gadget: rndis: prevent integer overflow in rndis_set_response() - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver - usb: usbtmc: Fix bug in pipe direction for control transfers - scsi: mpt3sas: Page fault in reply q processing - Input: aiptek - properly check endpoint type - perf symbols: Fix symbol size calculation condition - net: usb: Correct PHY handling of smsc95xx - net: usb: Correct reset handling of smsc95xx - smsc95xx: Ignore -ENODEV errors when device is unplugged - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.109 - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490) - net: ipv6: fix skb_over_panic in __ip6_append_data - exfat: avoid incorrectly releasing for root inode - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (CVE-2021-4197) - cgroup: Use open-time cgroup namespace for process migration perm checks (CVE-2021-4197) - cgroup-v1: Correct privileges check in release_agent writes - tpm: Fix error handling in async work - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356) - ALSA: oss: Fix PCM OSS buffer allocation overflow - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 - ALSA: hda/realtek: Add quirk for ASUS GA402 - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048) - ALSA: pcm: Add stream lock during PCM reset ioctl operations - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB - ALSA: cmipci: Restore aux vol on suspend/resume - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec - [arm64] drivers: net: xgene: Fix regression in CRC stripping - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016) - [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 - [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU - [x86] crypto: qat - disable registration of algorithms - Revert "ath: add support for special 0x0 regulatory domain" - rcu: Don't deboost before reporting expedited quiescent state - mac80211: fix potential double free on mesh join - tpm: use try_get_ops() in tpm-space.c - [arm64] wcn36xx: Differentiate wcn3660 from wcn3620 - llc: only change llc->dev when bind() succeeds https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110 - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854) - USB: serial: pl2303: add IBM device IDs - USB: serial: simple: add Nokia phone driver - netdevice: add the case if dev is NULL - HID: logitech-dj: add new lightspeed receiver id - xfrm: fix tunnel model fragmentation behavior - virtio_console: break out of buf poll on remove - ethernet: sun: Free the coherent when failing in probing - gpio: Revert regression in sysfs-gpio (gpiolib.c) - spi: Fix invalid sgs value - Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)" - spi: Fix erroneous sgs value with min_t() - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353) - [arm*] iommu/iova: Improve 32-bit free space estimate - tpm: fix reference counting for struct tpm_chip - virtio-blk: Use blk_validate_block_size() to validate block size - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c - xhci: fix garbage USBSTS being logged in some cases - xhci: fix runtime PM imbalance in USB2 resume - xhci: make xhci_handshake timeout for xhci_reset() adjustable - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() - [x86] mei: me: add Alder Lake N device id. - [x86] mei: avoid iterator usage outside of list_for_each_entry - iio: inkern: apply consumer scale on IIO_VAL_INT cases - iio: inkern: apply consumer scale when no channel scale is available - iio: inkern: make a best effort on offset calculation - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE - KEYS: fix length validation in keyctl_pkey_params_get_2() - Documentation: add link to stable release candidate tree - Documentation: update stable tree link - firmware: stratix10-svc: add missing callback parameter on RSU - SUNRPC: avoid race between mod_timer() and del_timer_sync() - NFSD: prevent underflow in nfssvc_decode_writeargs() - NFSD: prevent integer overflow on 32 bit systems - f2fs: fix to unlock page correctly in error path of is_alive() - f2fs: quota: fix loop condition at f2fs_quota_sync() - f2fs: fix to do sanity check on .cp_pack_total_block_count - [armhf] remoteproc: Fix count check in rproc_coredump_write() - [armhf] pinctrl: samsung: drop pin banks references on error paths - mtd: rawnand: protect access to rawnand devices while in suspend - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390) - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem - jffs2: fix memory leak in jffs2_do_mount_fs - jffs2: fix memory leak in jffs2_scan_medium - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node - mm: invalidate hwpoison page cache page in fault path - mempolicy: mbind_range() set_policy() after vma_merge() - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands - qed: display VF trust config - qed: validate and restrict untrusted VFs vlan promisc mode - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" - cifs: prevent bad output lengths in smb2_ioctl_query_info() - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168) - [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator - ALSA: hda: Avoid unsol event during RPM suspending - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 - mm: madvise: skip unmapped vma holes passed to process_madvise - mm: madvise: return correct bytes advised with process_madvise - Revert "mm: madvise: skip unmapped vma holes passed to process_madvise" - mm,hwpoison: unmap poisoned page before invalidation - dm integrity: set journal entry unused when shrinking device - drbd: fix potential silent data corruption - can: isotp: sanitize CAN ID checks in isotp_bind() - [powerpc*] kvm: Fix kvm_use_magic_page - udp: call udp_encap_enable for v6 sockets when enabling encap - [arm64] signal: nofpsimd: Do not allocate fp/simd context when not available - ACPI: properties: Consistently return -ENOENT if there are no more references - coredump: Also dump first pages of non-executable ELF libraries - ext4: fix ext4_fc_stats trace point - ext4: fix fs corruption when tring to remove a non-empty directory with IO error - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198) - block: limit request dispatch loop duration - block: don't merge across cgroup boundaries if blkcg is enabled - drm/edid: check basic audio support on CEA extension block - [armhf] dts: exynos: add missing HDMI supplies on SMDK5250 - [armhf] dts: exynos: add missing HDMI supplies on SMDK5420 - [x86] mgag200 fix memmapsl configuration in GCTL6 register - carl9170: fix missing bit-wise or operator for tx_params - pstore: Don't use semaphores in always-atomic-context code - [x86] thermal: int340x: Increase bitmap size - exec: Force single empty string when argv is empty - crypto: rsa-pkcs1pad - only allow with rsa - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist - crypto: rsa-pkcs1pad - restore signature length check - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() - bcache: fixup multiple threads crash - DEC: Limit PMAX memory probing to R3k systems - brcmfmac: firmware: Allocate space for default boardrev in nvram - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio - brcmfmac: pcie: Fix crashes due to early IRQs - [x86] drm/i915/opregion: check port number bounds for SWSCI display power state - [x86] drm/i915/gem: add missing boundary check in vm_access - PCI: pciehp: Clear cmd_busy bit in polling mode - [arm64] PCI: xgene: Revert "PCI: xgene: Fix IB window setup" - [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings - selinux: check return value of sel_make_avc_files - [arm64] hwrng: cavium - Check health status while reading random data - [arm64] hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER - crypto: authenc - Fix sleep in atomic context in decrypt_tail - [x86] thermal: int340x: Check for NULL after calling kmemdup() - [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe - [arm64] mm: avoid fixmap race condition when create pud mapping - audit: log AUDIT_TIME_* records only from rules - spi: pxa2xx-pci: Balance reference count for PCI DMA device - [armhf] hwmon: (pmbus) Add mutex to regulator ops - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING - nvme: cleanup __nvme_check_ids - block: don't delete queue kobject before its children - PM: hibernate: fix __setup handler error handling - PM: suspend: fix return value of __setup handler - [arm64] crypto: sun8i-ce - call finalize with bh disabled - [arm64,armhf] crypto: amlogic - call finalize with bh disabled - [armhf] clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix - [armhf] clocksource/drivers/exynos_mct: Refactor resources allocation - [armhf] clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() - ACPI: APEI: fix return value of __setup handlers - [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels - [arm*] amba: Make the remove callback return void - [armhf] hwmon: (pmbus) Add Vin unit off handling - [x86] clocksource: acpi_pm: fix return value of __setup handler - io_uring: terminate manual loop iterator loop correctly for non-vecs - watch_queue: Fix NULL dereference in error cleanup - watch_queue: Actually free the watch - f2fs: fix to enable ATGC correctly via gc_idle sysfs interface - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa - sched/core: Export pelt_thermal_tp - rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs() - rseq: Remove broken uapi field layout on 32-bit little endian - perf/core: Fix address filter parser for multiple filters - [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel - f2fs: fix missing free nid in f2fs_handle_failed_inode - nfsd: more robust allocation failure handling in nfsd_file_cache_init - f2fs: fix to avoid potential deadlock - btrfs: fix unexpected error path when reflinking an inline extent - f2fs: compress: remove unneeded read when rewrite whole cluster - f2fs: fix compressed file start atomic write may cause data corruption - [arm64,armhf] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls - media: bttv: fix WARNING regression on tunerless devices - [arm*] ASoC: generic: simple-card-utils: remove useless assignment - [armhf] media: coda: Fix missing put_device() call in coda_get_vdoa_data - [armhf] media: aspeed: Correct value for h-total-pixels - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() - [arm64] firmware: qcom: scm: Remove reassignment to desc following initializer - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined - [armhf] dts: imx: Add missing LVDS decoder on M53Menlo - media: em28xx: initialize refcount before kref_get - media: usb: go7007: s2250-board: fix leak in probe() - [arm64,armhf] media: cedrus: H265: Fix neighbour info buffer size - [arm64,armhf] media: cedrus: h264: Fix neighbour info buffer size - [x86] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() - printk: fix return value of printk.devkmsg __setup handler - [x86] ASoC: soc-compress: prevent the potentially use of null pointer - [armhf] memory: emif: Add check for setup_interrupts - [armhf] memory: emif: check the pointer temp in get_device_details() - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction - [arm64] dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED - media: saa7134: convert list_for_each to entry variant - media: saa7134: fix incorrect use to determine if list is empty - ivtv: fix incorrect device_caps for ivtvfb - [arm64,armhf] ASoC: rockchip: i2s: Use devm_platform_get_and_ioremap_resource() - [arm64,armhf] ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback - [armhf] ASoC: fsl_spdif: Disable TX clock when stop - [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() - [arm64] drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops - [arm64,armhf] drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe - [arm64] drm: bridge: adv7511: Fix ADV7535 HPD enablement - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern - [arm64,armhf] drm/panfrost: Check for error num after setting mask - Bluetooth: hci_serdev: call init_rwsem() before p->open() - [armhf] mtd: rawnand: gpmi: fix controller timings setting - drm/edid: Don't clear formats if using deep color - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function - ath9k_htc: fix uninit value bugs - RDMA/core: Set MR type in ib_reg_user_mr - [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb - i40e: respect metadata on XSK Rx to skb - [x86] ray_cs: Check ioremap return value - [powerpc*] KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init - [powerpc*] perf: Don't use perf_hw_context for trace IMC PMU - [arm64,armhf] net: dsa: mv88e6xxx: Enable port policy support on 6097 - [arm64] PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge - [arm64,armhf] drm/bridge: dw-hdmi: use safe format when first in bridge chain - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports - drm/amd/pm: enable pm sysfs write for one VF mode - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug - IB/cma: Allow XRC INI QPs to set their local ACK timeout - dax: make sure inodes are flushed before destroy cache - iwlwifi: Fix -EIO error code that is never returned - iwlwifi: mvm: Fix an error code in iwl_mvm_up() - [arm64] drm/msm/dp: populate connector of struct dp_panel - [arm64] drm/msm/dpu: add DSPP blocks teardown - [arm64] drm/msm/dpu: fix dp audio condition - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() - scsi: pm8001: Fix NCQ NON DATA command task initialization - scsi: pm8001: Fix NCQ NON DATA command completion handling - scsi: pm8001: Fix abort all task initialization - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR - drm/amd/display: Remove vupdate_int_entry definition - TOMOYO: fix __setup handlers return values - [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe - [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return - [arm64] scsi: hisi_sas: Change permission of parameter prot_mask - [arm64] bpf, arm64: Call build_prologue() first in first JIT pass - [arm64] bpf, arm64: Feed byte-offset into bpf line info - [arm64,armhf] gpu: host1x: Fix a memory leak in 'host1x_remove()' - [powerpc*] mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() - [x86] KVM: x86: Fix emulation in writing cr8 - [x86] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() - [x86] hv_balloon: rate-limit "Unhandled message" warning - [amd64] IB/hfi1: Allow larger MTU without AIP - PCI: Reduce warnings on possible RW1C corruption - [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request - [x86] platform/x86: huawei-wmi: check the return value of device_create_file() - vxcan: enable local echo for sent CAN frames - ath10k: Fix error handling in ath10k_setup_msa_resources - [mips*] pgalloc: fix memory leak caused by pgd_free() - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine - bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full - bpf, sockmap: Fix more uncharged while msg has more_data - bpf, sockmap: Fix double uncharge the mem of sk_msg - USB: storage: ums-realtek: fix error code in rts51x_read_mem() - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket - can: isotp: support MSG_TRUNC flag when reading from socket - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed - ipv4: Fix route lookups when handling ICMP redirects and PMTU updates - af_netlink: Fix shift out of bounds in group mask calculation - [arm64,armhf] i2c: meson: Fix wrong speed use from probe - PCI: Avoid broken MSI on SB600 USB devices - [arm64] net: bcmgenet: Use stronger register read/writes to assure ordering - tcp: ensure PMTU updates are processed during fastopen - openvswitch: always update flow key after nat - tipc: fix the timer expires after interval 100ms - [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff - [armhf] fsi: aspeed: convert to devm_platform_ioremap_resource - [armhf] fsi: Aspeed: Fix a potential double free - soundwire: intel: fix wrong register name in intel_shim_wake - iio: mma8452: Fix probe failing when an i2c_device_id is used - [arm64,armhf] phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) - [x86] serial: 8250_mid: Balance reference count for PCI DMA device - [x86] serial: 8250_lpss: Balance reference count for PCI DMA device - NFS: Use of mapping_set_error() results in spurious errors - serial: 8250: Fix race condition in RTS-after-send handling - NFS: Return valid errors from nfs2/3_decode_dirent() - [arm64] clk: qcom: clk-rcg2: Update logic to calculate D value for RCG - [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock - nvdimm/region: Fix default alignment for small regions - [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver - NFS: remove unneeded check in decode_devicenotify_args() - [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe - [s390x] tty: hvc: fix return value of __setup handler - serial: 8250: fix XOFF/XON sending when DMA is used - driver core: dd: fix return value of __setup handler - jfs: fix divide error in dbNextAG - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error - kdb: Fix the putarea helper function - clk: Initialize orphan req_rate - [amd64] xen: fix is_xen_pmu() - [arm64] net: enetc: report software timestamping via SO_TIMESTAMPING - [arm64] net: hns3: fix bug when PF set the duplicate MAC address for VFs - net: phy: broadcom: Fix brcm_fet_config_init() - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head - [armhf] net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator - fs: fd tables have to be multiples of BITS_PER_LONG - fs: fix fd table size alignment properly - LSM: general protection fault in legacy_parse_param - block, bfq: don't move oom_bfqq - selinux: use correct type for context length - selinux: allow FIOCLEX and FIONCLEX with policy capability - loop: use sysfs_emit() in the sysfs xxx show() - Fix incorrect type in assignment of ipv6 port for audit - fs/binfmt_elf: Fix AT_PHDR for unusual ELF files - bfq: fix use-after-free in bfq_dispatch_request - ACPICA: Avoid walking the ACPI Namespace if it is not there - Revert "Revert "block, bfq: honor already-setup queue merges"" - ACPI/APEI: Limit printable size of BERT table data - PM: core: keep irq flags in device_pm_check_callbacks() - nvme-tcp: lockdep: annotate in-kernel sockets - [arm64] spi: tegra20: Use of_device_get_match_data() - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit - ext4: don't BUG if someone dirty pages without asking ext4 first - f2fs: fix to do sanity check on curseg->alloc_type - NFSD: Fix nfsd_breaker_owns_lease() return values - f2fs: compress: fix to print raw data size in error path of lz4 decompression - video: fbdev: cirrusfb: check pixclock to avoid divide by zero - [armel,armhf] ftrace: avoid redundant loads or clobbering IP - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit - ASoC: soc-core: skip zero num_dai component in searching dai name - media: cx88-mpeg: clear interrupt status register before streaming video - uaccess: fix type mismatch warnings from access_ok() - media: Revert "media: em28xx: add missing em28xx_close_extension" - media: hdpvr: initialize dev->worker at hdpvr_register_videodev - mmc: host: Return an error when ->enable_sdio_irq() ops is missing - ALSA: hda/realtek: Add alc256-samsung-headphone fixup - [x86] KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU - [powerpc*] lib/sstep: Fix 'sthcx' instruction - [powerpc*] lib/sstep: Fix build errors with newer binutils - scsi: qla2xxx: Fix stuck session in gpdb - scsi: qla2xxx: Fix scheduling while atomic - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter - scsi: qla2xxx: Fix warning for missing error code - scsi: qla2xxx: Fix device reconnect in loop topology - scsi: qla2xxx: Add devids and conditionals for 28xx - scsi: qla2xxx: Check for firmware dump already collected - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() - scsi: qla2xxx: Fix disk failure to rediscover - scsi: qla2xxx: Fix incorrect reporting of task management failure - scsi: qla2xxx: Fix hang due to session stuck - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests - scsi: qla2xxx: Fix N2N inconsistent PLOGI - scsi: qla2xxx: Reduce false trigger to login - scsi: qla2xxx: Use correct feature type field during RFF_ID processing - [arm64] platform: chrome: Split trace include file - [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated - KVM: Prevent module exit until all VMs are freed - [x86] KVM: x86: fix sending PV IPI - [x86] KVM: SVM: fix panic on out-of-bounds guest IRQ - [x86] ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM - ubifs: rename_whiteout: Fix double free for whiteout_ui->data - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() - ubifs: Fix to add refcount once page is set private - ubifs: rename_whiteout: correct old_dir size computing - wireguard: queueing: use CFI-safe ptr_ring cleanup function - wireguard: socket: free skb in send6 when ipv6 is disabled - wireguard: socket: ignore v6 endpoints when ipv6 is disabled - XArray: Fix xas_create_range() when multi-order entry present - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389) - can: mcba_usb: properly check endpoint type - XArray: Update the LRU list in xas_split() - rtc: check if __rtc_read_time was successful - gfs2: Make sure FITRIM minlen is rounded up to fs block size - [arm64] net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware - rxrpc: Fix call timer start racing with call destruction - [arm64] mailbox: imx: fix wakeup failure from freeze mode - watch_queue: Free the page array when watch_queue is dismantled - pinctrl: pinconf-generic: Print arguments for bias-pull-* - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl - [arm*] iop32x: offset IRQ numbers by 1 - io_uring: fix memory leak of uid in files registration - [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data - [arm64] platform/chrome: cros_ec_typec: Check for EC device - can: isotp: restore accidentally removed MSG_PEEK feature - proc: bootconfig: Add null pointer check - [x86] ASoC: soc-compress: Change the check for codec_dai - batman-adv: Check ptr for NULL before reducing its refcnt - mm/mmap: return 1 from stack_guard_gap __setup() handler - mm/memcontrol: return 1 from cgroup.memory __setup() handler - mm/usercopy: return 1 from hardened_usercopy __setup() handler - bpf: Adjust BPF stack helper functions to accommodate skip > 0 - bpf: Fix comment for helper bpf_current_task_under_cgroup() - dt-bindings: mtd: nand-controller: Fix the reg property description - dt-bindings: mtd: nand-controller: Fix a comment in the examples - dt-bindings: spi: mxic: The interrupt property is not mandatory - [x86] ASoC: topology: Allow TLV control to be either read or write - docs: sysctl/kernel: add missing bit to panic_print - openvswitch: Fixed nd target mask field in the flow dump. - [x86] KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158) - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388) - coredump: Snapshot the vmas in do_coredump - coredump: Remove the WARN_ON in dump_vma_snapshot - coredump/elf: Pass coredump_params into fill_note_info - coredump: Use the vma snapshot in fill_files_note - [arm64] Do not defer reserve_crashkernel() for platforms with no DMA memory zones - [arm64] PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup" https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.111 - ubifs: Rectify space amount budget for mkdir/tmpfile operations - gfs2: Check for active reservation in gfs2_release - gfs2: Fix gfs2_release for non-writers regression - gfs2: gfs2_setattr_size error path fix - [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs - [x86] KVM: x86/emulator: Emulate RDPID only if it is enabled in guest - drm: Add orientation quirk for GPD Win Max - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 - drm/amd/display: Add signal type check when verify stream backends same - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj - ptp: replace snprintf with sysfs_emit - [armhf] ath11k: fix kernel panic during unload/load ath11k modules - ath11k: mhi: use mhi_sync_power_up() - bpf: Make dst_port field in struct bpf_sock 16-bit wide - scsi: mvsas: Replace snprintf() with sysfs_emit() - scsi: bfa: Replace snprintf() with sysfs_emit() - [arm64,armhf] power: supply: axp20x_battery: properly report current when discharging - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill - cfg80211: don't add non transmitted BSS to 6GHz scanned channels - ipv6: make mc_forwarding atomic - [powerpc*] Set crashkernel offset to mid of RMA region - drm/amdgpu: Fix recursive locking warning - [arm64] PCI: aardvark: Fix support for MSI interrupts - [arm64] iommu/arm-smmu-v3: fix event handling soft lockup - usb: ehci: add pci device support for Aspeed platforms - tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH. - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum - iwlwifi: mvm: Correctly set fragmented EBS - ipv4: Invalidate neighbour for broadcast address upon address addition - dm ioctl: prevent potential spectre v1 gadget - dm: requeue IO if mapping table not yet available - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() - scsi: pm8001: Fix task leak in pm8001_send_abort_all() - scsi: pm8001: Fix tag leaks on error - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() - scsi: aha152x: Fix aha152x_setup() __setup handler return value - [arm64] scsi: hisi_sas: Free irq vectors in order for v3 HW - net/smc: correct settings of RMB window update limit - macvtap: advertise link netns via netlink - tuntap: add sanity checks about msg_controllen in sendmsg - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} - Bluetooth: use memset avoid memory leaks - bnxt_en: Eliminate unintended link toggle during FW reset - [mps64el,mipsel] fix fortify panic when copying asm exception handlers - scsi: libfc: Fix use after free in fc_exch_abts_resp() - can: isotp: set default value for N_As to 50 micro seconds - net: account alternate interface name memory - net: limit altnames to 64k total - net: sfp: add 2500base-X quirk for Lantech SFP module - [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm - Bluetooth: Fix use after free in hci_send_acl - netlabel: fix out-of-bounds memory accesses - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error - init/main.c: return 1 from handled __setup() functions - minix: fix bug when opening a file with O_DIRECT - [arm*] staging: vchiq_core: handle NULL result of find_service_by_handle - [arm64,armhf] phy: amlogic: meson8b-usb2: Use dev_err_probe() - w1: w1_therm: fixes w1_seq for ds28ea00 sensors - NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() - NFSv4: Protect the state recovery thread against direct reclaim - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 - [armhf] clk: ti: Preserve node in ti_dt_clocks_register() - clk: Enforce that disjoints limits are invalid - SUNRPC/call_alloc: async tasks mustn't block waiting for memory - SUNRPC/xprt: async tasks mustn't block waiting for memory - SUNRPC: remove scheduling boost for "SWAPPER" tasks. - NFS: swap IO handling is slightly different for O_DIRECT IO - NFS: swap-out must always use STABLE writes. - [armhf] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() - virtio_console: eliminate anonymous module_init & module_exit - jfs: prevent NULL deref in diFree - SUNRPC: Fix socket waits for write buffer space - NFS: nfsiod should not block forever in mempool_alloc() - NFS: Avoid writeback threads getting stuck in mempool_alloc() - mm: fix race between MADV_FREE reclaim and blkdev direct IO read - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() - [x86] Drivers: hv: vmbus: Fix potential crash on module unload - Revert "NFSv4: Handle the special Linux file open access mode" - NFSv4: fix open failure with O_ACCMODE flag - ice: Clear default forwarding VSI during VSI release - net: ipv4: fix route with nexthop object delete warning - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms - [armhf] drm/imx: imx-ldb: Check for null pointer after calling kmemdup - [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes - sfc: Do not free an empty page_ring - RDMA/mlx5: Don't remove cache MRs when a delay is needed - [amd64] IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition - [arm64] dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe - ice: Set txq_teid to ICE_INVAL_TEID on ring creation - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg - ipv6: Fix stats accounting in ip6_pkt_drop - ice: synchronize_rcu() when terminating rings - net: openvswitch: don't send internal clone attribute to the userspace. - net: openvswitch: fix leak of nested actions - rxrpc: fix a race in rxrpc_exit_net() - qede: confirm skb is allocated before using - bpf: Support dual-stack sockets in bpf_tcp_check_syncookie - drbd: Fix five use after free bugs in get_initial_state - io_uring: don't touch scm_fp_list after queueing skb - SUNRPC: Handle ENOMEM in call_transmit_status() - SUNRPC: Handle low memory situations in call_status() - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() - [armhf] iommu/omap: Fix regression in probe for NULL pointer dereference - [arm64] Add part number for Arm Cortex-A78AE - [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" - [arm64,armhf] mmc: mmci: stm32: correctly check all elements of sg list - lz4: fix LZ4_decompress_safe_partial read out of bound - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) - mm/mempolicy: fix mpol_new leak in shared_policy_replace - io_uring: fix race between timeout flush and removal (CVE-2022-29582) - [x86] pm: Save the MSR validity status at context setup - [x86] speculation: Restore speculation related MSRs during S3 resume - btrfs: fix qgroup reserve overflow the qgroup limit - btrfs: prevent subvol with swapfile from being deleted - [arm64] patch_text: Fixup last cpu should be master - [amd64] RDMA/hfi1: Fix use-after-free bug for mm struct - gpio: Restrict usage of GPIO chip irq members before initialization - [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator - [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling - drm/nouveau/pmu: Add missing callbacks for Tegra devices - mm: don't skip swap entry even if zap_details specified - cgroup: Use open-time credentials for process migraton perm checks (CVE-2021-4197) - [x86] Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() - [arm64,armhf] irqchip/gic, gic-v3: Prevent GSI to SGI translations - [powerpc*] Fix virt_addr_valid() for 64-bit Book3E & 32-bit https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.112 - [amd64] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195) - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195) - [arm64] cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function - ACPI: processor idle: Check for architectural support for LPI - btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups() - [arm64] drm/msm: Add missing put_task_struct() in debugfs path - SUNRPC: Fix the svc_deferred_event trace class - net/sched: flower: fix parsing of ethertype following VLAN header - veth: Ensure eth header is in skb's linear part - gpiolib: acpi: use correct format characters - net: mdio: Alphabetically sort header inclusion - net/sched: fix initialization order when updating chain 0 head - [arm64] net: dsa: felix: suppress -EPROBE_DEFER errors - [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link - net/sched: taprio: Check if socket flags are valid - cfg80211: hold bss_lock while updating nontrans_list - [arm64] drm/msm: Fix range size vs end confusion - [arm64] drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 - scsi: pm80xx: Enable upper inbound, outbound queues - scsi: iscsi: Stop queueing during ep_disconnect - scsi: iscsi: Force immediate failure during shutdown - scsi: iscsi: Use system_unbound_wq for destroy_work - scsi: iscsi: Rel ref after iscsi_lookup_endpoint() - scsi: iscsi: Fix in-kernel conn failure handling - scsi: iscsi: Move iscsi_ep_disconnect() - scsi: iscsi: Fix offload conn cleanup when iscsid restarts - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart - sctp: Initialize daddr on peeled off socket - cifs: potential buffer overflow in handling symlinks - [arm64] net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" - drm/amd: Add USBC connector ID - btrfs: fix fallocate to use file_modified to update permissions consistently - btrfs: do not warn for free space inode in cow_file_range - drm/amd/display: fix audio format not updated after edid updated - drm/amd/display: FEC check in timing validation - drm/amd/display: Update VTEM Infopacket definition - drm/amdkfd: Fix Incorrect VMIDs passed to HWS - drm/amdgpu/vcn: improve vcn dpg stop procedure - [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer - scsi: target: tcmu: Fix possible page UAF - scsi: lpfc: Fix queue failures when recovering from PCI parity error - [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs - [armhf] gpu: ipu-v3: Fix dev_dbg frequency output - [arm64] alternatives: mark patch_alternative() as `noinstr` - tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup - myri10ge: fix an incorrect free for skb in myri10ge_sw_tso - drm/amd/display: Revert FEC check in validation - drm/amd/display: Fix allocate_mst_payload assert on resume - scsi: mvsas: Add PCI ID of RocketRaid 2640 - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan - drivers: net: slip: fix NPD bug in sl_tx_timeout() - mm, page_alloc: fix build_zonerefs_node() - mm: fix unexpected zeroed page mapping with zram swap - [x86] KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded - ath9k: Properly clear TX status area before reporting to mac80211 - ath9k: Fix usage of driver-private space in tx_info - btrfs: fix root ref counts in error handling in btrfs_get_root_ref - btrfs: mark resumed async balance as writing - ALSA: hda/realtek: Add quirk for Clevo PD50PNT - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size - ipv6: fix panic when forwarding a pkt with no in6 dev - drm/amd/display: don't ignore alpha property on pre-multiplied mode - drm/amdgpu: Enable gfxoff quirk on MacBook Pro - genirq/affinity: Consider that CPUs on nodes can be unbalanced - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation - dm integrity: fix memory corruption when tag_size is less than digest size - smp: Fix offline cpu check in flush_smp_call_function_queue() - timers: Fix warning condition in __run_timers() - dma-direct: avoid redundant memory sync for swiotlb - scsi: iscsi: Fix endpoint reuse regression - scsi: iscsi: Fix unbound endpoint error handling - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204) - ax25: fix reference count leaks of ax25_dev (CVE-2022-1204) - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1204) - ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1204) - ax25: fix UAF bug in ax25_send_control() - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199) - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205) - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.113 - tracing: Dump stacktrace trigger to the corresponding instance - gfs2: assign rgrp glock before compute_bitstructs - net/sched: cls_u32: fix netns refcount changes in u32_change() - ALSA: usb-audio: Clear MIDI port active flag after draining - ALSA: hda/realtek: Add quirk for Clevo NP70PNP - dm: fix mempool NULL pointer race when completing IO - [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap - esp: limit skb_page_frag_refill use to a single page - igc: Fix infinite loop in release_swfw_sync - igc: Fix BUG: scheduling while atomic - rxrpc: Restore removed timer deletion - net/smc: Fix sock leak when release after smc_shutdown() - net/packet: fix packet_sock xmit return value checking - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() - ip6_gre: Fix skb_under_panic in __gre6_xmit() - net/sched: cls_u32: fix possible leak in u32_init_knode() - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu - ipv6: make ip6_rt_gc_expire an atomic_t - netlink: reset network and mac headers in netlink_dump() - net: stmmac: Use readl_poll_timeout_atomic() in atomic state - [arm64] mm: Remove [PUD|PMD]_TABLE_BIT from [pud|pmd]_bad() - [arm64] mm: fix p?d_leaf() - [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant - vxlan: fix error return code in vxlan_fdb_append - cifs: Check the IOCB_DIRECT flag, not O_DIRECT - [amd64,arm64] net: atlantic: Avoid out-of-bounds indexing - mt76: Fix undefined behavior due to shift overflowing the constant - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant - [arm64] drm/msm/mdp5: check the return of kzalloc() - [arm64] net: macb: Restart tx only if queue pointer is lagging - scsi: qedi: Fix failed disconnect handling - stat: fix inconsistency between struct stat and struct compat_stat - nvme: add a quirk to disable namespace identifiers - nvme-pci: disable namespace identifiers for Qemu controllers - mm, hugetlb: allow for "high" userspace addresses - oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() - ata: pata_marvell: Check the 'bmdma_addr' beforing reading - [amd64,arm64] net: atlantic: invert deep par in pm functions, preventing null derefs - openvswitch: fix OOB access in reserve_sfa_size() - gpio: Request interrupts after IRQ is initialized - ASoC: soc-dapm: fix two incorrect uses of list iterator - e1000e: Fix possible overflow in LTR decoding - [arm*] arm_pmu: Validate single/group leader events - sched/pelt: Fix attach_entity_load_avg() corner case - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare - [powerpc*] KVM: PPC: Fix TCE handling for VFIO - [arm*] drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage - [powerpc*] perf: Fix power9 event alternatives - ext4: fix fallocate to use file_modified to update permissions consistently - ext4: fix symlink file size not match to file content - ext4: fix use-after-free in ext4_search_dir - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole - ext4, doc: fix incorrect h_reserved size - ext4: fix overhead calculation to account for the reserved gdt blocks - ext4: force overhead calculation if the s_overhead_cluster makes no sense - can: isotp: stop timeout monitoring when no first frame was sent - jbd2: fix a potential race while discarding reserved buffers after an abort - block/compat_ioctl: fix range check in BLKGETSIZE . [ Salvatore Bonaccorso ] * Bump ABI to 14 * [rt] Drop "tcp: Remove superfluous BH-disable around" * [rt] Update "tracing: Merge irqflags + preempt counter." for upstream changes in 5.10.113 * [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Closes: #1006346) * floppy: disable FDRAWCMD by default . linux (5.10.106-1) bullseye; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - ASoC: rt5682: do not block workqueue if card is unbound - regulator: core: fix false positive in regulator_late_cleanup() - Input: clear BTN_RIGHT/MIDDLE on buttonpads - [arm64] KVM: arm64: vgic: Read HW interrupt pending state from the HW - tipc: fix a bit overflow in tipc_crypto_key_rcv() - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() - exfat: fix i_blocks for files truncated over 4 GiB - tracing: Add test for user space strings when filtering on string pointers - [armhf] serial: stm32: prevent TDR register overwrite when sending x_char - ata: pata_hpt37x: fix PCI clock detection - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag - tracing: Add ustring operation to filtering string pointers - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - [amd64] iommu/amd: Recover from event log overflow - [x86] drm/i915: s/JSP2/ICP2/ PCH - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - bpf, sockmap: Do not ignore orig_len parameter - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - e1000e: Correct NVM checksum verification flow - net: fix up skbs delta_truesize in UDP GRO frag_list - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - netfilter: nf_queue: handle socket prefetch - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: ipv6: ensure we call ipv6_mc_down() at most once - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix connection leak - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - rcu/nocb: Fix missed nocb_timer requeue - ice: Fix race conditions between virtchnl handling and VF ndo ops - ice: fix concurrent reset and removal of VFs - sched/topology: Make sched_init_numa() use a set for the deduplicating sort - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() - mac80211: fix forwarded mesh frames AC & queue selection - net: stmmac: fix return value of __setup handler - mac80211: treat some SAE auth steps as final - iavf: Fix missing check for running netdev - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - igc: igc_read_phy_reg_gpy: drop premature return - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - [arm64,armhf] pinctrl: sunxi: Use unique lockdep classes for IRQs - igc: igc_write_phy_reg_gpy: drop premature return - memfd: fix F_SEAL_WRITE after shmem huge page allocated - [armhf] dts: switch timer config to common devkit8000 devicetree - [armhf] dts: Use 32KiHz oscillator on devkit8000 - [arm64] soc: fsl: guts: Revert commit 3c0d64e867ed - [arm64] soc: fsl: guts: Add a missing memory allocation failure check - [armhf] tegra: Move panels to AUX bus - net: chelsio: cxgb3: check the return value of pci_find_capability() - iavf: Refactor iavf state machine tracking - nl80211: Handle nla_memdup failures in handle_nan_filter - drm/amdgpu: fix suspend/resume hang regression - net: dcb: disable softirqs in dcbnl_flush_dev() - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_DICTATE - HID: add mapping for KEY_ALL_APPLICATIONS - tracing/histogram: Fix sorting on old "cpu" value - tracing: Fix return value of __setup handlers - btrfs: fix lost prealloc extents beyond eof after full fsync - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup - btrfs: add missing run of delayed items after unlink during log replay - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.105 - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [arm64] cputype: Add CPU implementor & types for the Apple M1 cores - [arm64] Add Neoverse-N2, Cortex-A710 CPU part definition - [arm64] Add Cortex-X2 CPU part definition - [arm64] Add Cortex-A510 CPU part definition - [arm64] Add HWCAP for self-synchronising virtual counter - [arm64] add ID_AA64ISAR2_EL1 sys register - [arm64] cpufeature: add HWCAP for FEAT_AFP - [arm64] cpufeature: add HWCAP for FEAT_RPRES - [arm64] entry.S: Add ventry overflow sanity checks - [arm64] spectre: Rename spectre_v4_patch_fw_mitigation_conduit - [arm64] entry: Make the trampoline cleanup optional - [arm64] entry: Free up another register on kpti's tramp_exit path - [arm64] entry: Move the trampoline data page before the text page - [arm64] entry: Allow tramp_alias to access symbols after the 4K boundary - [arm64] entry: Don't assume tramp_vectors is the start of the vectors - [arm64] entry: Move trampoline macros out of ifdef'd section - [arm64] entry: Make the kpti trampoline's kpti sequence optional - [arm64] entry: Allow the trampoline text to occupy multiple pages - [arm64] entry: Add non-kpti __bp_harden_el1_vectors for mitigations - [arm64] entry: Add vectors that have the bhb mitigation sequences - [arm64] entry: Add macro for reading symbol addresses from the trampoline - [arm64] Add percpu vectors for EL1 - [arm64] proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 - [arm64] KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A - [arm64] Mitigate spectre style branch history side channels - [arm64] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated - [arm64] Use the clearbhb instruction in mitigations - [arm64] proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) - Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE" https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106 - [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay - [arm64] dts: armada-3720-turris-mox: Add missing ethernet0 alias - tipc: fix kernel panic when enabling bearer - mISDN: Remove obsolete PIPELINE_DEBUG debugging information - mISDN: Fix memory leak in dsp_pipeline_build() - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - esp: Fix BEET mode inter address family tunneling on GSO - qed: return status of qed_iov_get_link - i40e: stop disabling VFs due to PF error responses - ice: stop disabling VFs due to PF error responses - ice: Align macro names to the specification - ice: Remove unnecessary checker loop - ice: Rename a couple of variables - ice: Fix curr_link_speed advertised speed - tipc: fix incorrect order of state message data sanity check - [armhf] net: ethernet: ti: cpts: Handle error for clk_enable - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - net/mlx5: Fix a race on command flush flow - net/mlx5e: Lag, Only handle events from highest priority multipath entry - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - [arm64] net: bcmgenet: Don't claim WOL when its not available - [arm64,armhf] spi: rockchip: Fix error in getting num-cs property - [arm64,armhf] spi: rockchip: terminate dma transmission when slave abort - net-sysfs: add check for netdevice being present to speed_show - [armhf] hwmon: (pmbus) Clear pmbus fault/warning bits after read - gpio: Return EPROBE_DEFER if gc->to_irq is NULL - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - ipv6: prevent a possible race condition with lifetimes - tracing: Ensure trace buffer is at least 4096 bytes large - fuse: fix pipe buffer lifetime for direct_io - staging: rtl8723bs: Fix access-point mode deadlock - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - [arm64] mmc: meson: Fix usage of meson_mmc_post_req() - [arm64] dts: marvell: armada-37xx: Remap IO space to bus address 0x0 - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995) - watch_queue: Fix to release page in ->release() (CVE-2022-0995) - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995) - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995) - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995) - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995) - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995) - [x86] boot: Fix memremap of setup_indirect structures - [x86] boot: Add setup_indirect support in early_memremap_is_setup_data() - [x86] traps: Mark do_int3() NOKPROBE_SYMBOL - ext4: add check to prevent attempting to resize an fs with sparse_super2 - [armel,armhf] fix Thumb2 regression with Spectre BHB - watch_queue: Fix filter limit check ((CVE-2022-0995) . [ Salvatore Bonaccorso ] * Bump ABI to 13 * [rt] Update to 5.10.104-rt63 * [rt] Update to 5.10.106-rt64 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * tcp: make tcp_read_sock() more robust * io_uring: return back safer resurrect * [arm64] kvm: Fix copy-and-paste error in bhb templates for v5.10 stable Checksums-Sha1: d230e489d2a5e0e64648faacdf8bd25c02f13398 210309 linux_5.10.120-1~bpo10+1.dsc 6343dc2477db5e1f24851259b8b5abdd68366753 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz 8f6571ef2bc1e1fade31393ede05824a6483a09f 54771 linux_5.10.120-1~bpo10+1_source.buildinfo Checksums-Sha256: 4d2fb2bb0dbf7225e9efda1a1ef11fa86e1a1cc11dc8ba7ba3a31e80a96c63f2 210309 linux_5.10.120-1~bpo10+1.dsc 47b7750c64c215a8dd7c4f3ba430a6d1c532a9131f65bc7bbce63d5acafceb62 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz 805e93cc023e94faacfbf2a098dcdfb7a632d1b68dc9fb7d1c95178ba1b64e7b 54771 linux_5.10.120-1~bpo10+1_source.buildinfo Files: 6b9a0705430e2cd450be51af485468f1 210309 kernel optional linux_5.10.120-1~bpo10+1.dsc 87dd4d0064c1ab5b7433b9fda7a260c0 1508012 kernel optional linux_5.10.120-1~bpo10+1.debian.tar.xz 26ce5000121028a550280ed5e95bdaf0 54771 kernel optional linux_5.10.120-1~bpo10+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmKocwAACgkQ57/I7JWG EQk/Kw/+Pmdj1oeLN+TzKMf9OxF+nnQ095g5xXdagzxAOyXT/UaFWwFfabq6U9kF cTCbp5/jHhsz8ezRI9KLV69shRt/VEnSdcltdvkSR6n3v3m8hZ6WcYBuvLxsc64J neihFI1mJpInkxETlJqQ4Iwq2p1fWnc7Ti6hf4bmDKyra4lMQZsShffbpdnBksjE SkWtvr8o8vtEU/OCQNuUtyzFrUM/zo0c5eBpKz8rp2XoYTv6S2FGfnbBHXjfRo+G JJA5b0FrK62jd44k9iNC4uWMB/o4wHeBen1k6iNps6mRAsz5EIAUcvpeC9iazTMI m7nToZR8UsQ0bCZj9U79Sj0xKnC6h4Ri+1SRSS3xnlKimBuM4qg73KNu9+5P9JMu VROfK8W5PX7xjs9PaduApq7Z8ETfmFBi0vj6QP3O+iE5GUjhuNOBjcNI2Y9AUj2k CPK7l+EQKIsJ/FosZHvTuvpO4505cCzSr1VKL2zUM2sukaArlBOzwCIdC8D/WQU5 Nz/2thIMU0jF+F0hIjmICba9z8sZqopdVgdE9sTzrzVIU+HZX9CUAV5LkwxrkrUp USArtovkNcZpcseFNE8PwjsQAmnMxchJN527zriNOMrRbdP73CPuy4/wBKaLMgPW Nb2BEbla8Jh4PQ3CO4xeZcICuBCltULDxODWN4BQNmvO8a/fzvY= =tVev -----END PGP SIGNATURE-----
