-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 02 Sep 2022 15:54:53 +0200 Source: linux Architecture: source Version: 5.10.140-1 Distribution: bullseye Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1017425 1018752 Changes: linux (5.10.140-1) bullseye; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137 - Makefile: link with -z noexecstack --no-warn-rwx-segments - [x86] link vdso and boot with -z noexecstack --no-warn-rwx-segments - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" - ALSA: bcd2000: Fix a UAF bug on the error path of probing - ALSA: hda/realtek: Add quirk for Clevo NV45PZ - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx - wifi: mac80211_hwsim: fix race condition in pending packet - wifi: mac80211_hwsim: add back erroneously removed cast - wifi: mac80211_hwsim: use 32-bit skb cookie - add barriers to buffer_uptodate and set_buffer_uptodate - HID: wacom: Only report rotation for art pen - HID: wacom: Don't register pad_input for touch switch - [x86] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case - [x86] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case - [x86] KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 - [s390x] KVM: s390: pv: don't present the ecall interrupt twice - [x86] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value - [x86] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks - [x86] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP - [x86] KVM: x86: Tag kvm_mmu_x86_module_init() with __init - mm: Add kvrealloc() - xfs: only set IOMAP_F_SHARED when providing a srcmap to a write - xfs: fix I_DONTCACHE - mm/mremap: hold the rmap lock in write mode when moving page table entries. - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model - ALSA: hda/cirrus - support for iMac 12,1 model - ALSA: hda/realtek: Add quirk for another Asus K42JZ model - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED - tty: vt: initialize unicode screen buffer - vfs: Check the truncate maximum size in inode_newsize_ok() - fs: Add missing umask strip in vfs_tmpfile - thermal: sysfs: Fix cooling_device_stats_setup() error code path - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters - fbcon: Fix accelerated fbdev scrolling while logo is still shown - usbnet: Fix linkwatch use-after-free on disconnect - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error - [arm*] drm/vc4: hdmi: Disable audio if dmas property is present but empty - drm/nouveau: fix another off-by-one in nvbios_addr - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains - iio: light: isl29028: Fix the warning in isl29028_remove() - scsi: sg: Allow waiting for commands to complete on removed device - scsi: qla2xxx: Fix incorrect display of max frame size - scsi: qla2xxx: Zero undefined mailbox IN registers - fuse: limit nsec - [arm64] serial: mvebu-uart: uart2 error bits clearing - md-raid: destroy the bitmap after destroying the thread - md-raid10: fix KASAN warning - PCI: Add defines for normal and subtractive PCI bridges - [powerpc*] powernv: Avoid crashing if rng is NULL - [mips64el,mipsel] cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion - USB: HCD: Fix URB giveback issue in tasklet function - [arm64,armhf] usb: dwc3: gadget: refactor dwc3_repare_one_trb - [arm64,armhf] usb: dwc3: gadget: fix high speed multiplier setting - netfilter: nf_tables: fix null deref due to zeroed list head - epoll: autoremove wakers even more aggressively - [x86] Handle idle=nomwait cmdline properly for x86_idle - [arm64] Do not forget syscall when starting a new thread. - [arm64] fix oops in concurrently setting insn_emulation sysctls - genirq: Don't return error on missing optional irq_request_resources() - [mips64el,mipsel] irqchip/mips-gic: Only register IPI domain when SMP is enabled - genirq: GENERIC_IRQ_IPI depends on SMP - [mips64el,mipsel] irqchip/mips-gic: Check the return value of ioremap() in gic_of_init() - wait: Fix __wait_event_hrtimeout for RT/DL tasks - [armhf] OMAP2+: display: Fix refcount leak bug - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk - ACPI: PM: save NVS memory for Lenovo G40-45 - ACPI: LPSS: Fix missing check in register_device_clock() - [arm64] dts: allwinner: a64: orangepi-win: Fix LED node name - PM: hibernate: defer device probing when resuming from hibernation - selinux: Add boundary check in put_entry() - [armel,armhf] findbit: fix overflowing offset - [arm64,armhf] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init - ACPI: processor/idle: Annotate more functions to live in cpuidle section - Input: atmel_mxt_ts - fix up inverted RESET handler - [arm64] soc: amlogic: Fix refcount leak in meson-secure-pwrc.c - [x86] pmem: Fix platform-device leak in error path - [armhf] dts: ast2500-evb: fix board compatible - [armhf] dts: ast2600-evb: fix board compatible - [arm64] cpufeature: Allow different PMU versions in ID_DFR0_EL1 - locking/lockdep: Fix lockdep_init_map_*() confusion - [arm64] soc: fsl: guts: machine variable might be unset - block: fix infinite loop for invalid zone append - [armhf] OMAP2+: Fix refcount leak in omapdss_init_of - [armhf] OMAP2+: Fix refcount leak in omap3xxx_prm_late_init - [arm64] regulator: qcom_smd: Fix pm8916_pldo range - [arm64] ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP - [arm64] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() - erofs: avoid consecutive detection for Highmem memory - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created - hwmon: (drivetemp) Add module alias - block: remove the request_queue to argument request based tracepoints - blktrace: Trace remapped requests correctly - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() - dm: return early from dm_pr_call() if DM device is suspended - ath10k: do not enforce interrupt trigger type - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() - ath11k: fix netdev open race - drm/mipi-dbi: align max_chunk to 2 in spi_transfer - ath11k: Fix incorrect debug_mask mappings - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() - virtio-gpu: fix a missing check to avoid NULL dereference - [arm64] drm: adv7511: override i2c address of cec before accessing it - net: fix sk_wmem_schedule() and sk_rmem_schedule() errors - i2c: Fix a potential use after free - media: tw686x: Register the irq at the end of probe - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() - drm/radeon: fix incorrrect SPDX-License-Identifiers - [amd64] crypto: ccp - During shutdown, check SEV data pointer before using - [arm64] drm: bridge: adv7511: Add check for mipi_dsi_driver_register - media: hdpvr: fix error value returns in hdpvr_read - [arm64,armhf] media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set - media: tw686x: Fix memory leak in tw686x_video_init - [arm*] drm/vc4: plane: Remove subpixel positioning check - [arm*] drm/vc4: plane: Fix margin calculations for the right/bottom edges - [arm*] drm/vc4: dsi: Correct DSI divider calculations - [arm*] drm/vc4: dsi: Correct pixel order for DSI0 - [arm*] drm/vc4: drv: Remove the DSI pointer in vc4_drv - [arm*] drm/vc4: dsi: Use snprintf for the PHY clocks instead of an array - [arm*] drm/vc4: dsi: Introduce a variant structure - [arm*] drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type - [arm*] drm/vc4: dsi: Fix dsi0 interrupt support - [arm*] drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration - [arm*] drm/vc4: hdmi: Remove firmware logic for MAI threshold setting - [arm*] drm/vc4: hdmi: Avoid full hdmi audio fifo writes - [arm*] drm/vc4: hdmi: Don't access the connector state in reset if kmalloc fails - [arm*] drm/vc4: hdmi: Limit the BCM2711 to the max without scrambling - [arm*] drm/vc4: hdmi: Fix timings for interlaced modes - [arm*] drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes - [arm64,armhf] drm/rockchip: vop: Don't crash for invalid duplicate_state() - [arm64,armhf] drm/rockchip: Fix an error handling path rockchip_dp_probe() - lib: bitmap: order includes alphabetically - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() - hinic: Use the bitmap API when applicable - net: hinic: fix bug that ethtool get wrong stats - net: hinic: avoid kernel hung in hinic_get_stats64() - [arm64] drm/msm/mdp5: Fix global state lock backoff - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() - tcp: make retransmitted SKB fit into the send window - bpf: Fix subprog names in stack traces. - fs: check FMODE_LSEEK to control internal pipe splicing - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() - [i386] can: pch_can: do not report txerr and rxerr during bus-off - can: sja1000: do not report txerr and rxerr during bus-off - [armhf] can: sun4i_can: do not report txerr and rxerr during bus-off - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off - can: usb_8dev: do not report txerr and rxerr during bus-off - can: error: specify the values of data[5..7] of CAN error frames - [i386] can: pch_can: pch_can_error(): initialize errc before using it - Bluetooth: hci_intel: Add check for platform_driver_register - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue - wifi: libertas: Fix possible refcount leak in if_usb_probe() - [arm64,armhf] media: cedrus: hevc: Add check for invalid timestamp - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS - [arm64] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of - inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH() - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() - ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH() - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. - net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set - iavf: Fix max_rate limiting - net: rose: fix netdev reference changes - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock - wireguard: ratelimiter: use hrtimer in selftest - wireguard: allowedips: don't corrupt stack when detecting overflow - HID: cp2112: prevent a buffer overflow in cp2112_xfer() - mtd: partitions: Fix refcount leak in parse_redboot_of - [arm64,armhf] usb: xhci: tegra: Fix error check - netfilter: xtables: Bring SPDX identifier back - [arm64,armhf] platform/chrome: cros_ec: Always expose last resume result - KVM: Don't set Accessed/Dirty bits for ZERO_PAGE - mwifiex: Ignore BTCOEX events from the 88W8897 firmware - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv - misc: rtsx: Fix an error handling path in rtsx_pci_probe() - driver core: fix potential deadlock in __driver_attach - usb: host: xhci: use snprintf() in xhci_decode_trb() - [arm64,armhf] PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() - [arm64,armhf] PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists - soundwire: bus_type: fix remove and shutdown support - [arm64] KVM: arm64: Don't return from void function - [x86] intel_th: Fix a resource leak in an error handling path - [x86] intel_th: msu-sink: Potential dereference of null pointer - [x86] intel_th: msu: Fix vmalloced buffers - [x86] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback - [arm64] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch - mmc: block: Add single read for 4k sector cards - [s390x] KVM: s390: pv: leak the topmost page table when destroy fails - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() - [arm64] PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks - scsi: smartpqi: Fix DMA direction for RAID requests - [armhf] usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() - [arm64,armhf] usb: dwc3: core: Deprecate GCTL.CORESOFTRESET - [arm64,armhf] usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup - [arm64,armhf] usb: dwc3: qcom: fix missing optional irq warnings - RDMA/qedr: Improve error logs for rdma_alloc_tid error return - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() - [arm64] RDMA/hns: Fix incorrect clearing of interrupt status register - [amd64] RDMA/hfi1: fix potential memory leak in setup_base_ctxt() - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() - [mips64el,mipsel] mmc: cavium-octeon: Add of_node_put() when breaking out of loop - HID: alps: Declare U1_UNICORN_LEGACY support - USB: serial: fix tty-port initialized comments - [armhf,i386] platform/olpc: Fix uninitialized data in debugfs write - RDMA/srpt: Duplicate port name members - RDMA/srpt: Introduce a reference count in struct srpt_device - RDMA/srpt: Fix a use-after-free - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region - RDMA/mlx5: Add missing check for return value in get namespace flow - RDMA/rxe: Fix error unwind in rxe_create_qp() - null_blk: fix ida error handling in null_add_dev() - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() - ext4: recover csum seed of tmp_inode after migrating to extents - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted - opp: Fix error check in dev_pm_opp_attach_genpd() - serial: 8250: Export ICR access helpers for internal use - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() - profiling: fix shift too large makes kernel panic - tty: n_gsm: Delete gsmtty open SABM frame when config requester - tty: n_gsm: fix user open not possible at responder until initiator open - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() - tty: n_gsm: fix non flow control frames during mux flow off - tty: n_gsm: fix packet re-transmission without open control channel - tty: n_gsm: fix race condition in gsmld_write() - [arm64] ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() - vfio: Remove extra put/gets around vfio_device->group - vfio: Simplify the lifetime logic for vfio_device - vfio: Split creation of a vfio_device into init and register ops - tty: n_gsm: fix wrong T1 retry count handling - tty: n_gsm: fix DM command - tty: n_gsm: fix missing corner cases in gsmld_poll() - kfifo: fix kfifo_to_user() return type - lib/smp_processor_id: fix imbalanced instrumentation_end() call - [arm64] mfd: max77620: Fix refcount leak in max77620_initialise_fps - [arm64] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop - [s390x] dump: fix old lowcore virtual vs physical address confusion - fuse: Remove the control interface for virtio-fs - [armhf] ASoC: audio-graph-card: Add of_node_put() in fail path - [arm64] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() - [arm64,armhf] video: fbdev: amba-clcd: Fix refcount leak bugs - video: fbdev: sis: fix typos in SiS_GetModeID() - [powerpc*] pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias - f2fs: don't set GC_FAILURE_PIN for background GC - f2fs: write checkpoint during FG_GC - f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time - [powerpc*] xive: Fix refcount leak in xive_get_max_prio - kprobes: Forbid probing on trampoline and BPF code areas - [powerpc*] pci: Fix PHB numbering when using opal-phbid - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed - [amd64] x86/numa: Use cpumask_available instead of hardcoded NULL check - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() - sched: Fix the check of nr_running at queue wakelist - video: fbdev: vt8623fb: Check the size of screen before memset_io() - video: fbdev: arkfb: Check the size of screen before memset_io() - video: fbdev: s3fb: Check the size of screen before memset_io() - [s390x] scsi: zfcp: Fix missing auto port scan and thus missing target ports - scsi: qla2xxx: Fix discovery issues in FC-AL topology - scsi: qla2xxx: Turn off multi-queue for 8G adapters - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests - [x86] bugs: Enable STIBP for IBPB mitigated RETBleed - [x86] ftrace/x86: Add back ftrace_expected assignment - __follow_mount_rcu(): verify that mount_lock remains unchanged - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions - [x86] drm/i915/dg1: Update DMC_DEBUG3 register - HID: Ignore battery for Elan touchscreen on HP Spectre X360 15-df0xxx - HID: hid-input: add Surface Go battery quirk - [arm*] drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component - usbnet: smsc95xx: Don't clear read-only PHY interrupt - usbnet: smsc95xx: Avoid link settings race on interrupt reception - [x86] intel_th: pci: Add Meteor Lake-P support - [x86] intel_th: pci: Add Raptor Lake-S PCH support - [x86] intel_th: pci: Add Raptor Lake-S CPU support - [x86] KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors - [x86] KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) - [amd64] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) - PCI/AER: Write AER Capability only when we control it - PCI/ERR: Bind RCEC devices to the Root Port driver - PCI/ERR: Rename reset_link() to reset_subordinates() - PCI/ERR: Simplify by using pci_upstream_bridge() - PCI/ERR: Simplify by computing pci_pcie_type() once - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() - PCI/ERR: Avoid negated conditional for clarity - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() - PCI/ERR: Recover from RCEC AER errors - PCI/AER: Iterate over error counters instead of error strings - serial: 8250: Dissociate 4MHz Titan ports from Oxford ports - serial: 8250: Correct the clock for OxSemi PCIe devices - serial: 8250_pci: Refactor the loop in pci_ite887x_init() - serial: 8250_pci: Replace dev_*() by pci_*() macros - serial: 8250: Fold EndRun device support into OxSemi Tornado code - dm writecache: set a default MAX_WRITEBACK_JOBS - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback - timekeeping: contribute wall clock to rng on time change - btrfs: reject log replay if there is unsupported RO compat flag - btrfs: reset block group chunk force if we have to wait - [amd64,arm64] ACPI: CPPC: Do not prevent CPPC from working in the future - [x86] KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() - [x86] KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4() - [x86] KVM: SVM: Drop VMXE check from svm_set_cr4() - [x86] KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops hook - [x86] KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 - [x86] KVM: x86/pmu: preserve IA32_PERF_CAPABILITIES across CPUID refresh - [x86] KVM: x86/pmu: Use binary search to check filtered events - [x86] KVM: x86/pmu: Use different raw event masks for AMD and Intel - [x86] KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter - [x86] KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU - [x86] KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl - xen-blkback: fix persistent grants negotiation - xen-blkback: Apply 'feature_persistent' parameter when connect - xen-blkfront: Apply 'feature_persistent' parameter when connect - KEYS: asymmetric: enforce SM2 signature use pkey algo - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH - tracing: Use a struct alignof to determine trace event field alignment - ext4: check if directory block is within i_size (CVE-2022-1184) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h - ext4: fix warning in ext4_iomap_begin as race between bmap and write - ext4: make sure ext4_append() always allocates new block - ext4: fix use-after-free in ext4_xattr_set_entry - ext4: update s_overhead_clusters in the superblock during an on-line resize - ext4: fix extent status tree race in writeback error recovery path - ext4: correct max_inline_xattr_value_size computing - ext4: correct the misjudgment in ext4_iget_extra_inode - dm raid: fix address sanitizer warning in raid_resume - dm raid: fix address sanitizer warning in raid_status - KVM: Add infrastructure and macro to mark VM as bugged - [x86] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (CVE-2022-2153) - [x86] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (CVE-2022-2153) - mac80211: fix a memory leak where sta_info is not freed - tcp: fix over estimation in sk_forced_mem_schedule() - Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv" - [arm*] drm/vc4: change vc4_dma_range_matches from a global to static - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - [x86] kvm: x86/pmu: Fix the compare function used by the pmu event filter - [arm64] tee: add overflow check in register_shm_helper() - net/9p: Initialize the iounit field during fid creation - net_sched: cls_route: disallow handle of 0 - sched/fair: Fix fault in reweight_entity - btrfs: only write the sectors in the vertical stripe which has data stripes - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.138 - ALSA: info: Fix llseek return value when using callback - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU - [x86] mm: Use proper mask when setting PUD mapping - rds: add missing barrier to release_refill - ata: libata-eh: Add missing command name - [arm64] mmc: meson-gx: Fix an error handling path in meson_mmc_probe() - btrfs: fix lost error handling when looking up extended ref on log replay - tracing: Have filter accept "common_cpu" to be consistent - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II - can: ems_usb: fix clang's -Wunaligned-access warning - apparmor: fix quiet_denied for file rules - apparmor: fix absroot causing audited secids to begin with = - apparmor: Fix failed mount permission check error message - apparmor: fix aa_label_asxprint return check - apparmor: fix setting unconfined mode on a loaded profile - apparmor: fix overlapping attachment computation - apparmor: fix reference count leak in aa_pivotroot() - apparmor: Fix memleak in aa_simple_write_to_buffer() - Documentation: ACPI: EINJ: Fix obsolete example - NFSv4.1: Don't decrease the value of seq_nr_highest_sent - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly - NFSv4: Fix races in the legacy idmapper upcall - NFSv4.1: RECLAIM_COMPLETE must handle EACCES - NFSv4/pnfs: Fix a use-after-free bug in open - bpf: Acquire map uref in .init_seq_private for array map iterator - bpf: Acquire map uref in .init_seq_private for hash map iterator - bpf: Acquire map uref in .init_seq_private for sock local storage map iterator - bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator - bpf: Check the validity of max_rdwr_access for sock local storage map iterator - can: mcp251x: Fix race condition on receive interrupt - [amd64,arm64] net: atlantic: fix aq_vec index out of range error - sunrpc: fix expiry of auth creds - SUNRPC: Reinitialise the backchannel request buffers before reuse - virtio_net: fix memory leak inside XPD_TX with mergeable - devlink: Fix use-after-free after a failed reload - [arm64] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed - [arm64,armhf] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool - geneve: do not use RT_TOS for IPv6 flowlabel - ipv6: do not use RT_TOS for IPv6 flowlabel - [x86] plip: avoid rcu debug splat - vsock: Fix memory leak in vsock_connect() - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources - ceph: use correct index when encoding client supported features - ceph: don't leak snap_rwsem in handle_cap_grant - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` - xen/xenbus: fix return type in xenbus_file_read() - atm: idt77252: fix use-after-free bugs caused by tst_timer - geneve: fix TOS inheriting for ipv4 - [arm64] dpaa2-eth: trace the allocated address instead of page struct - iavf: Fix adminq error handling - netfilter: nf_tables: really skip inactive sets when allocating name - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified - [powerpc*] pci: Fix get_phb_number() locking - [arm64,armhf] spi: meson-spicc: add local pow2 clock ops to preserve rate between messages - [arm64,armhf] net: dsa: mv88e6060: prevent crash on an unused port - [arm64] net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters - net: genl: fix error path memory leak in policy dumping - ice: Ignore EEXIST when setting promisc mode - [arm64,armhf] i2c: imx: Make sure to unregister adapter on remove() - regulator: pca9450: Remove restrictions for regulator-name - i40e: Fix to stop tx_timeout recovery if GLOBR fails - [arm64,armhf] fec: Fix timer capture timing in `fec_ptp_enable_pps()` - [x86] stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() - igb: Add lock to avoid data race - kbuild: fix the modules order between drivers and libs - locking/atomic: Make test_and_*_bit() ordered on failure - [x86] ASoC: SOF: intel: move sof_intel_dsp_desc() forward - [arm64] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() - audit: log nftables configuration change events once per table - netfilter: nftables: add helper function to set the base sequence number - netfilter: add helper function to set up the nfnetlink header and use it - [armhf] drm/sun4i: dsi: Prevent underflow when computing packet sizes - PCI: Add ACS quirk for Broadcom BCM5750x NICs - [arm64,armhf] platform/chrome: cros_ec_proto: don't show MKBP version if unsupported - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info - [arm64,armhf] irqchip/tegra: Fix overflow implicit truncation warnings - [arm64] drm/meson: Fix overflow implicit truncation warnings - [armhf] clk: ti: Stop using legacy clkctrl names for omap4 and 5 - [arm*] usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch - [x86] vboxguest: Do not use devm for irq - uacce: Handle parent device removal or parent driver module rmmod - zram: do not lookup algorithm in backends table - [arm64] clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input - gadgetfs: ep_io - wait until IRQ finishes - [x86] pinctrl: intel: Check against matching data instead of ACPI companion - [powerpc*] cxl: Fix a memory leak in an error handling path - [arm64] PCI/ACPI: Guard ARM64-specific mcfg_quirks - RDMA/rxe: Limit the number of calls to each tasklet - md: Notify sysfs sync_completed in md_reap_sync_thread() - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown - drivers:md:fix a potential use-after-free bug - ext4: avoid remove directory when directory is corrupted - ext4: avoid resizing to a partial cluster size - lib/list_debug.c: Detect uninitialized lists - vfio: Clear the caps->buf to NULL after free - [mips64el,mipsel] cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start - modules: Ensure natural alignment for .altinstructions and __bug_table sections - watchdog: export lockup_detector_reconfigure - ALSA: core: Add async signal helpers - ALSA: timer: Use deferred fasync helper - ALSA: control: Use deferred fasync helper - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() - f2fs: fix to do sanity check on segment type in build_sit_entries() - smb3: check xattr value length earlier - [powerpc*] 64: Init jump labels before parse_early_param() - netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect() - netfilter: nf_tables: fix audit memory leak in nf_tables_commit - tracing/probes: Have kprobes and uprobes use $COMM too - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() - can: j1939: j1939_session_destroy(): fix memory leak of skbs - PCI/ERR: Retain status from error notification - qrtr: Convert qrtr_ports from IDR to XArray - bpf: Fix KASAN use-after-free Read in compute_effective_progs - [arm64] tee: fix memory leak in tee_shm_register() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.139 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.140 - audit: fix potential double free on error path from fsnotify_add_inode_mark - pinctrl: amd: Don't save/restore interrupt status and wake status bits - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* - fs: remove __sync_filesystem - vfs: make sync_filesystem return errors from ->sync_fs - xfs: return errors in xfs_fs_sync_fs - xfs: only bother with sync_filesystem during readonly remount - kernel/sched: Remove dl_boosted flag comment - xfrm: fix refcount leak in __xfrm_policy_check() - xfrm: clone missing x->lastused in xfrm_do_migrate - af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028) - xfrm: policy: fix metadata dst->dev xmit null pointer dereference - NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() - NFSv4.2 fix problems with __nfs42_ssc_open - SUNRPC: RPC level errors should set task->tk_rpc_status - mm/huge_memory.c: use helper function migration_entry_to_page() - mm/smaps: don't access young/dirty bit if pte unpresent - rose: check NULL rose_loopback_neigh->loopback - ice: xsk: Force rings to be sized to power of 2 - ice: xsk: prohibit usage of non-balanced queue id - net/mlx5e: Properly disable vlan strip on non-UL reps - bonding: 802.3ad: fix no transmission of LACPDUs - net: ipvtap - add __init/__exit annotations to module init/exit funcs - netfilter: ebtables: reject blobs that don't provide all entry points - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips - netfilter: nft_payload: report ERANGE for too long offset and length - netfilter: nft_payload: do not truncate csum_offset and csum_type - netfilter: nf_tables: do not leave chain stats enabled on error - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families - netfilter: nft_tunnel: restrict it to netdev family - netfilter: nftables: remove redundant assignment of variable err - netfilter: nf_tables: consolidate rule verdict trace call - netfilter: nft_cmp: optimize comparison for 16-bytes - netfilter: bitwise: improve error goto labels - netfilter: nf_tables: upfront validation of data via nft_data_init() - netfilter: nf_tables: disallow jump to implicit chain from set element - netfilter: nf_tables: disallow binding to already bound chain (CVE-2022-39190) - tcp: tweak len/truesize ratio for coalesce candidates - net: Fix data-races around sysctl_[rw]mem(_offset)?. - net: Fix data-races around sysctl_[rw]mem_(max|default). - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. - net: Fix data-races around netdev_max_backlog. - net: Fix data-races around netdev_tstamp_prequeue. - ratelimit: Fix data-races in ___ratelimit(). - bpf: Folding omem_charge() into sk_storage_charge() - net: Fix data-races around sysctl_optmem_max. - net: Fix a data-race around sysctl_tstamp_allow_data. - net: Fix a data-race around sysctl_net_busy_poll. - net: Fix a data-race around sysctl_net_busy_read. - net: Fix a data-race around netdev_budget. - net: Fix a data-race around netdev_budget_usecs. - net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. - net: Fix data-races around sysctl_devconf_inherit_init_net. - net: Fix a data-race around sysctl_somaxconn. - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter - rxrpc: Fix locking in rxrpc's sendmsg - btrfs: fix silent failure when deleting root reference - btrfs: replace: drop assert for suspended replace - btrfs: add info when mount fails due to stale replace target - btrfs: check if root is readonly while setting security xattr - [x86] perf/x86/lbr: Enable the branch type for the Arch LBR by default - [amd64] x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry - [x86] bugs: Add "unknown" reporting for MMIO Stale Data - loop: Check for overflow while configuring loop - asm-generic: sections: refactor memory_intersects - [s390x] fix double free of GS and RI CBs on fork() failure - [x86] ACPI: processor: Remove freq Qos request for all CPUs - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() - mm/hugetlb: fix hugetlb not supporting softdirty tracking - Revert "md-raid: destroy the bitmap after destroying the thread" - md: call __md_stop_writes in md_stop - [arm64] Fix match_list for erratum 1286807 on Arm Cortex-A76 - Documentation/ABI: Mention retbleed vulnerability info file for sysfs - blk-mq: fix io hung due to missing commit_rqs - [x86] perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU - [x86] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq - bpf: Don't use tnum_range on array range checking for poke descriptors (CVE-2022-2905) . [ Salvatore Bonaccorso ] * Bump ABI to 18 * certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux" certificate (Closes: #1018752) * [x86] nospec: Unwreck the RSB stuffing * [x86] nospec: Fix i386 RSB stuffing (Closes: #1017425) * mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188) * Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" * bpf: Don't redirect packets with invalid pkt_len * mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse * net/af_packet: check len when min_header_len equals to 0 Checksums-Sha1: da8a3ce54cecda0fa219615633b45fa95844185c 197238 linux_5.10.140-1.dsc 7b7094516d52b3a4c8efd978811791825a6b7063 121772956 linux_5.10.140.orig.tar.xz bce8bedd068111a657d385d994e31bd64cb367c3 1541552 linux_5.10.140-1.debian.tar.xz 078ac96711bcf47d48a27e7f8fd4c1f5833cccae 6983 linux_5.10.140-1_source.buildinfo Checksums-Sha256: 6f6e4648f0d42cf3bab38de16c0f8fe3a93772ebcd899631ef0417027dc6c3fe 197238 linux_5.10.140-1.dsc 9ba969f17730d0ac57adf9d9dda5e2da39bec6785058fd50bd4499766c44ae52 121772956 linux_5.10.140.orig.tar.xz 0a8e5f111f6766cf31942239255dc6093906ec1725796bbe561f503b3ad6c113 1541552 linux_5.10.140-1.debian.tar.xz 361a4717a24d8a51ce34039cb7f3eaeb84de80311db891a01c1f28877a696aef 6983 linux_5.10.140-1_source.buildinfo Files: 84ab224b073f97978802d9f998248fcc 197238 kernel optional linux_5.10.140-1.dsc 925a4af3dffcc9e2838d223e413d6ebb 121772956 kernel optional linux_5.10.140.orig.tar.xz 9813a002af43da3a5be05f3d31e85328 1541552 kernel optional linux_5.10.140-1.debian.tar.xz cb85a709658fdd8a8d9121e182241b8f 6983 kernel optional linux_5.10.140-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMSC9xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyV0P/R4ny06zlTg+hqGsKeqSzJc7R1sKWgqj PcmmT8Ik7VRAvV7a4Zv2+XwgCuWHp/+4KYbJ3OVunnjwOMFI8J0H5+ND/soFP8mt k6VxYNmo/LJYOk1KqpMbMnfSTC7JJjPvgnP27qAQklaIsm/buLuEInCWlTgtWCWQ fxMXGXFPM+pIPNVLpTXFV0ACFj9qK6vN8F4+9LMVdfvypUama2gU31diewq9rbJk PzcJUdXH5dMd/GefeEqSh/Y2CCLzeLoGmeG3inVxxGnqpP2qLBkeeGZfUcXkJO+1 D1AQx6UL23MdUnjnz1r2UH9GYGBMqWCiNybx8o66bbB4zyndgoOgy4MD7fOP80E4 mYlNVW31TiKEmU1AQVZKsdV5WrWap9lU5M/NCaGU8IoFGswTomYxMLmt6biqcktT 1KrsY53pl8YP0G/L9c5QgvTwI6nOaQhG7AfsM4QfGYzVzDQUKZMzh9zXUUTa31G4 kbh2TdD6twv4+H06u0FmD6l5p3mQqEDNtZ+NbuWu5XoqScS/VTNzu7qupGCx1zJa XYb/XsmkTypRGPAhoxm1flo9KFewuESQGTWyB4ykSA++cZIdXgTwvQn2pwpa706F lQ48jwluXfquv+i/TXShwr/JhDOd9Bb8YngHa4OEAcviQYksXSsxup9rCpsuUUyL Cq6Cqmft/9nH =YNAB -----END PGP SIGNATURE-----