-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Oct 2022 23:03:33 +0200 Source: linux-5.10 Architecture: source Version: 5.10.149-2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <benh@debian.org> Closes: 1017425 1018752 1019248 1022025 Changes: linux-5.10 (5.10.149-2~deb10u1) buster-security; urgency=high . * Rebuild for buster: - Change ABI number to 0.deb10.19 . linux (5.10.149-2) bullseye-security; urgency=high . * Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega" (Closes: #1022025) * Revert "drm/amdgpu: make sure to init common IP before gmc" (Closes: #1022025) . linux (5.10.149-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.149 - Revert "fs: check FMODE_LSEEK to control internal pipe splicing" . [ Salvatore Bonaccorso ] * Replace patch for "io_uring/af_unix: defer registered files gc to io_uring release" with queued version . linux (5.10.148-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.141 - [s390x] mm: do not trigger write fault when vma does not allow VM_WRITE - kbuild: Fix include path in scripts/Makefile.modpost - Bluetooth: L2CAP: Fix build errors in some archs - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report - media: pvrusb2: fix memory leak in pvr_probe - HID: hidraw: fix memory leak in hidraw_release() - net: fix refcount bug in sk_psock_get (2) - fbdev: fb_pm2fb: Avoid potential divide by zero error - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead - drm/amd/display: Avoid MPC infinite loop - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" - drm/amd/display: clear optc underflow before turn off odm clock - neigh: fix possible DoS due to net iface start/stop loop - [s390x] hypfs: avoid error message under KVM - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid - drm/amd/display: Fix pixel clock programming - drm/amdgpu: Increase tlb flush timeout for sriov - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y - lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline() - kprobes: don't call disarm_kprobe() for disabled kprobes - io_uring: disable polling pollfree files - xfs: remove infinite loop when reserving free block pool - xfs: always succeed at setting the reserve pool size - xfs: fix overfilling of reserve pool - xfs: fix soft lockup via spinning in filestream ag selection loop - xfs: revert "xfs: actually bump warning counts when we send warnings" - net: neigh: don't call kfree_skb() under spin_lock_irqsave() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.142 - [arm64] drm/msm/dsi: fix the inconsistent indenting - [arm64] drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 - [arm64] drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg - [arm64] drm/msm/dsi: Fix number of regulators for SDM660 - [x86] platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask - iio: adc: mcp3911: make use of the sign bit - bpf, cgroup: Fix kernel BUG in purge_effective_progs - ieee802154/adf7242: defer destroy_workqueue call - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() - Revert "xhci: turn off port power in shutdown" - net: sched: tbf: don't call qdisc_put() while holding tree lock - net/sched: fix netdevice reference leaks in attach_default_qdiscs() - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb - tcp: annotate data-race around challenge_timestamp - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" - net/smc: Remove redundant refcount increase - [arm64] serial: fsl_lpuart: RS485 RTS polariy is inverse - staging: rtl8712: fix use after free bugs - [powerpc*] align syscall table for ppc32 - vt: Clear selection before changing the font - [arm64] tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag - iio: ad7292: Prevent regulator double disable - iio: adc: mcp3911: use correct formula for AD conversion - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id - [arm*] binder: fix UAF of ref->proc caused by race condition (CVE-2022-20421) - [x86] drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" - clk: core: Fix runtime PM sequence in clk_core_unprepare() - [arm64,armhf] clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate - [arm64,armhf] clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() - [arm64,armhf] clk: bcm: rpi: Prevent out-of-bounds access - [arm64,armhf] clk: bcm: rpi: Add missing newline - [armel,armhf] hwmon: (gpio-fan) Fix array out of bounds access - [arm64,armhf] gpio: pca953x: Add mutex_lock for regcache sync in PM - [x86] KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() - mm: pagewalk: Fix race between unmap and page walker - xen-blkback: Advertise feature-persistent as user requested - xen-blkfront: Advertise feature-persistent as user requested - [x86] thunderbolt: Use the actual buffer in tb_async_error() - media: mceusb: Use new usb_control_msg_*() routines - xhci: Add grace period after xHC start to prevent premature runtime suspend. - USB: serial: cp210x: add Decagon UCA device id - USB: serial: option: add support for OPPO R11 diag port - USB: serial: option: add Quectel EM060K modem - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles - [arm*] usb: dwc2: fix wrong order of phy_power_on and phy_init - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) - usb-storage: Add ignore-residue quirk for NXP PN7462AU - [s390x] hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages - [s390x] fix nospec table alignments - USB: core: Prevent nested device-reset calls - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS - driver core: Don't probe devices after bus_type.match() probe deferral - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected - wifi: mac80211: Fix UAF in ieee80211_scan_rx() - ip: fix triggering of 'icmp redirect' - net: Use u64_stats_fetch_begin_irq() for stats fetch. - net: mac802154: Fix a condition in the receive path - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 - ALSA: seq: oss: Fix data-race for max_midi_devs access - ALSA: seq: Fix data-race at module auto-loading - [x86] drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk - btrfs: harden identification of a stale device - mmc: core: Fix UHS-I SD 1.8V workaround branch - [arm64,armhf] usb: dwc3: fix PHY disable sequence - [arm64,armhf] usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup - [arm64,armhf] usb: dwc3: disable USB core PHY management - USB: serial: ch341: fix lost character on LCR updates - USB: serial: ch341: fix disabled rx timer on older devices https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143 - NFSD: Fix verifier returned in stable WRITEs - xen-blkfront: Cache feature_persistent value before advertisement - tty: n_gsm: initialize more members at gsm_alloc_mux() - tty: n_gsm: avoid call of sleeping functions from atomic context - efi: capsule-loader: Fix use-after-free in efi_capsule_write (CVE-2022-40307) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() - fs: only do a memory barrier for the first set_buffer_uptodate() - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX - scsi: megaraid_sas: Fix double kfree() - drm/gem: Fix GEM handle release errors - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. - drm/radeon: add a force flush to delay work when radeon - [arm64] cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level - net/core/skbuff: Check the return value of skb_copy_bits() - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() - ALSA: aloop: Fix random zeros in capture data when using jiffies timer - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() - kprobes: Prohibit probes in gate area - debugfs: add debugfs_lookup_and_remove() - nvmet: fix a use-after-free - [x86] drm/i915: Implement WaEdpLinkRateDataReload - scsi: mpt3sas: Fix use-after-free warning - scsi: lpfc: Add missing destroy_workqueue() in error path - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() - smb3: missing inode locks in punch hole - regulator: core: Clean up on enable failure - [arm64] tee: fix compiler warning in tee_shm_register() - RDMA/cma: Fix arguments order in net device validation - [arm64] RDMA/hns: Fix supported page size - [arm64] RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift - netfilter: br_netfilter: Drop dst references before setting. - netfilter: nf_tables: clean up hook list when offload flags check fails - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663) - ALSA: usb-audio: Inform the delayed registration more properly - ALSA: usb-audio: Register card again for iface over delayed_register option - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() - afs: Use the operation issue time instead of the reply time for callbacks - sch_sfb: Don't assume the skb is still around after enqueueing to child - tipc: fix shift wrapping bug in map_get() - ice: use bitmap_free instead of devm_kfree - i40e: Fix kernel crash during module removal - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed - ipv6: sr: fix out-of-bounds read when setting HMAC data. - IB/core: Fix a nested dead lock as part of ODP flow - RDMA/mlx5: Set local port to one when accessing counters - nvme-tcp: fix UAF when detecting digest errors - nvme-tcp: fix regression that causes sporadic requests to time out - tcp: fix early ETIMEDOUT after spurious non-SACK RTO - sch_sfb: Also store skb len before calling child enqueue - swiotlb: avoid potential left shift overflow - [amd64] iommu/amd: use full 64-bit value in build_completion_wait() - [arm64] errata: add detection for AMEVCNTR01 incrementing incorrectly https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.144 - [armhf] dts: imx: align SPI NOR node name with dtschema - [amd64] iommu/vt-d: Correctly calculate sagaw value of IOMMU - tracefs: Only clobber mode/uid/gid on remount if asked - Input: goodix - add support for GT1158 - [arm64] drm/msm/rd: Fix FIFO-full deadlock - [amd64] hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message - tg3: Disable tg3 device on system reboot to avoid triggering AER - ieee802154: cc2520: add rc code in cc2520_tx() - Input: iforce - add support for Boeder Force Feedback Wheel - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 - [arm*] perf/arm_pmu_platform: fix tests for platform_get_irq() failure - [x86] platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() - [x86] Revert "x86/ftrace: Use alternative RET encoding" - [x86] ibt,ftrace: Make function-graph play nice - [x86] ftrace: Use alternative RET encoding - Input: goodix - add compatible string for GT1158 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.145 - [ppc64el] KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs - [ppc64el] KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling - serial: 8250: Fix reporting real baudrate value in c_ospeed field - [powerpc*] pseries/mobility: refactor node lookup during DT update - [powerpc*] pseries/mobility: ignore ibm, platform-facilities updates - [x86] platform/x86/intel: hid: add quirk to support Surface Go 3 - [arm64,armhf] net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports - of: fdt: fix off-by-one error in unflatten_dt_nodes() - [arm64] pinctrl: sunxi: Fix name for A100 R_PIO - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 - [arm64] gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx - [arm64] drm/meson: Correct OSD1 global alpha value - [arm64] drm/meson: Fix OSD1 RGB to YCbCr coefficient - tracing: hold caller_addr to hardirq_{enable,disable}_ip - of/device: Fix up of_dma_configure_id() stub - cifs: revalidate mapping when doing direct writes - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM - video: fbdev: i740fb: Error out if 'pixclock' equals zero (CVE-2022-3061) - Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field" - [x86] ASoC: nau8824: Fix semaphore unbalance at error paths - [armhf] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() - rxrpc: Fix local destruction being repeated - rxrpc: Fix calc of resend age - wifi: mac80211_hwsim: check length for virtio packets - ALSA: hda/sigmatel: Keep power up while beep is enabled - [arm64,armhf] ALSA: hda/tegra: Align BDL entry to 4KB boundary - net: usb: qmi_wwan: add Quectel RM520N - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked - [misp64el,mipsel] OCTEON: irq: Fix octeon_irq_force_ciu_mapping() - mksysmap: Fix the mismatch of 'L0' symbols in System.map - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (CVE-2022-39842) - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() - ALSA: hda/sigmatel: Fix unused variable warning for beep power change https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.146 - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega - drm/amdgpu: indirect register access for nv12 sriov - drm/amdgpu: Separate vf2pf work item init from virt data exchange - drm/amdgpu: make sure to init common IP before gmc - [arm64,armhf] usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind - [arm64,armhf] usb: dwc3: Issue core soft reset before enabling run/stop - [arm64,armhf] usb: dwc3: gadget: Prevent repeat pullup() - [arm64,armhf] usb: dwc3: gadget: Refactor pullup() - [arm64,armhf] usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() - [arm64,armhf] usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure - vfio/type1: Change success value of vaddr_get_pfn() - vfio/type1: Prepare for batched pinning with struct vfio_batch - vfio/type1: Unpin zero pages - USB: core: Fix RST error in hub.c - USB: serial: option: add Quectel BG95 0x0203 composition - USB: serial: option: add Quectel RM520N - ALSA: hda/tegra: set depop delay for tegra - ALSA: hda: add Intel 5 Series / 3400 PCI DID - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop - ALSA: hda/realtek: Re-arrange quirk table entries - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop - [amd64] iommu/vt-d: Check correct capability for sagaw determination - media: flexcop-usb: fix endpoint type check - [x86] efi: x86: Wipe setup_data on pure EFI boot - efi: libstub: check Shim mode using MokSBStateRT - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully - [arm64,armhf] can: flexcan: flexcan_mailbox_read() fix return value for drop = true - mm/slub: fix to return errno if kmalloc() fails - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171) - xfs: fix up non-directory creation in SGID directories (CVE-2021-4037) - xfs: reorder iunlink remove operation in xfs_ifree - xfs: validate inode fork size against fork format - [arm64] dts: rockchip: Pull up wlan wake# on Gru-Bob - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663) - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() - iavf: Fix cached head and tail value for iavf_get_tx_pending - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header - net: let flow have same hash in two directions - net: core: fix flow symmetric hash - net: phy: aquantia: wait for the suspend/resume operations to finish - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region - scsi: mpt3sas: Fix return value check of dma_get_required_mask() - net: bonding: Share lacpdu_mcast_addr definition - net: bonding: Unsync device addresses on ndo_stop - net: team: Unsync device addresses on ndo_stop - [arm64,armhf] drm/panel: simple: Fix innolux_g121i1_l01 bus_format - iavf: Fix bad page state - iavf: Fix set max MTU size with port VLAN and jumbo frames - i40e: Fix VF set max MTU size - i40e: Fix set max_tx_rate when it is lower than 1 Mbps - sfc: fix TX channel offset when using legacy interrupts - sfc: fix null pointer dereference in efx_hard_start_xmit - of: mdio: Add of_node_put() when breaking out of for_each_xx - wireguard: ratelimiter: disable timings test by default - wireguard: netlink: avoid variable-sized memcpy on sockaddr - [arm64] net: enetc: move enetc_set_psfp() out of the common enetc_set_features() - net: socket: remove register_gifconf - net/sched: taprio: avoid disabling offload when it was never enabled - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs - netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() - netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() - netfilter: ebtables: fix memory leak when blob is malformed - can: gs_usb: gs_can_open(): fix race dev->can.state condition - net/smc: Stop the CLC flow if no link to map buffers on - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD - net: sched: fix possible refcount leak in tc_new_tfilter() - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV - serial: Create uart_xmit_advance() - [arm64,armhf] serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting - [s390x] dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup - vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external() - drm/amdgpu: Fix check for RAS support - cifs: use discard iterator to discard unneeded network data more efficiently - cifs: always initialize struct msghdr smb_msg completely - [x86] Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region - [x86] drm/gma500: Fix BUG: sleeping function called from invalid context errors - drm/amdgpu: use dirty framebuffer helper - drm/amd/display: Limit user regamma to a valid value - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage - [arm64] drm/rockchip: Fix return type of cdn_dp_connector_mode_valid - workqueue: don't skip lockdep work dependency in cancel_work_sync() - [arm64,armhf] i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible - [amd64,arm64] devdax: Fix soft-reservation memory description - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 - ext4: limit the number of retries after discarding preallocations blocks - ext4: make directory inode spreading reflect flexbg size https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.147 - [x86] thunderbolt: Add support for Intel Maple Ridge - [x86] thunderbolt: Add support for Intel Maple Ridge single port controller - [arm64,armhf] ALSA: hda/tegra: Use clk_bulk helpers - [arm64,armhf] ALSA: hda/tegra: Reset hardware - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically - ALSA: hda: Fix Nvidia dp infoframe - btrfs: fix hang during unmount when stopping a space reclaim worker - [arm64,x86] usb: typec: ucsi: Remove incorrect warning - [x86] thunderbolt: Explicitly reset plug events delay back to USB4 spec value - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 - mm/page_alloc: fix race condition between build_all_zonelists and page allocation - mm: prevent page_frag_alloc() from corrupting the memory - mm/migrate_device.c: flush TLB while holding PTL - mm: fix madivse_pageout mishandling on non-LRU page - swiotlb: max mapping size takes min align mask into account - [arm64] scsi: hisi_sas: Revert "scsi: hisi_sas: Limit max hw sectors for v3 HW" - [arm64,armhf] soc: sunxi: sram: Actually claim SRAM regions - [arm64,armhf] soc: sunxi: sram: Prevent the driver from being unbound - [arm64,armhf] soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() - [arm64,armhf] soc: sunxi: sram: Fix probe function ordering issues - [arm64,armhf] soc: sunxi: sram: Fix debugfs info for A64 SRAM C - [arm64,armhf] Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" - usbnet: Fix memory leak in usbnet_disconnect() - net: sched: act_ct: fix possible refcount leak in tcf_ct_init() - cxgb4: fix missing unlock on ETHOFLD desc collect fail path - nvme: add new line after variable declatation - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices - net: stmmac: power up/down serdes in stmmac_open/release - [armhf] clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks - [x86] KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest - [x86] alternative: Fix race in try_get_desc() - ALSA: hda/hdmi: fix warning about PCM count when used with SOF https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.148 - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() - nilfs2: fix use-after-free bug of struct nilfs_root - nilfs2: fix leak of nilfs_root in case of writer thread creation failure - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - docs: update mediator information in CoC docs - xsk: Inherit need_wakeup flag for shared sockets - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303) - mm: gup: fix the fast GUP race against THP collapse - [powerpc*] 64s/radix: don't need to broadcast IPI for radix pmd collapse flush - fs: fix UAF/GPF bug in nilfs_mdt_destroy - compiler_attributes.h: move __compiletime_{error|warning} - scsi: qedf: Fix a UAF bug in __qedf_probe() - net/ieee802154: fix uninit value bug in dgram_sendmsg - ALSA: hda/hdmi: Fix the converter reuse for the silent stream - net: atlantic: fix potential memory leak in aq_ndev_close() - drm/amd/display: update gamut remap if plane has changed - drm/amd/display: skip audio setup when audio stream is enabled - mmc: core: Replace with already defined values for readability - mmc: core: Terminate infinite loop in SD-UHS voltage switch - usb: mon: make mmapped memory read only - USB: serial: ftdi_sio: fix 300 bps rate for SIO - [arm64] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() - Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5" - random: restore O_NONBLOCK support - random: clamp credited irq bits to maximum mixed - ALSA: hda: Fix position reporting on Poulsbo - efi: Correct Macmini DMI match in uefi cert quirk - scsi: stex: Properly zero out the passthrough command structure - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - random: avoid reading two cache lines on irq randomness - random: use expired timer rather than wq for mixing fast pool - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) - wifi: cfg80211/mac80211: reject bad MBSSID elements - wifi: cfg80211: ensure length byte is present before access - wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720) - wifi: cfg80211: avoid nontransmitted BSS list corruption (CVE-2022-42721) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate - wifi: mac80211: fix crash in beacon protection for P2P-device (CVE-2022-42722) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON - Input: xpad - add supported devices as contributed on github - Input: xpad - fix wireless 360 controller breaking after suspend . [ Aurelien Jarno ] * [arm64] Add support for misalignment fixups for multiword loads from next branch. Enable COMPAT_ALIGNMENT_FIXUPS. . [ Salvatore Bonaccorso ] * [x86] drivers/edac: Enable EDAC_I10NM as module (Closes: #1019248) * Bump ABI to 19 * Refresh "Export symbols needed by Android drivers" * [rt] Update to 5.10.140-rt73 * io_uring/af_unix: defer registered files gc to io_uring release (CVE-2022-2602) * ext4: fix check for block being out of directory size (CVE-2022-1184) . [ Uwe Kleine-König ] * mac80211: mlme: find auth challenge directly * wifi: mac80211: don't parse mbssid in assoc response * wifi: mac80211: fix MBSSID parsing use-after-free (CVE-2022-42719) . linux (5.10.140-1) bullseye; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137 - Makefile: link with -z noexecstack --no-warn-rwx-segments - [x86] link vdso and boot with -z noexecstack --no-warn-rwx-segments - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" - ALSA: bcd2000: Fix a UAF bug on the error path of probing - ALSA: hda/realtek: Add quirk for Clevo NV45PZ - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx - wifi: mac80211_hwsim: fix race condition in pending packet - wifi: mac80211_hwsim: add back erroneously removed cast - wifi: mac80211_hwsim: use 32-bit skb cookie - add barriers to buffer_uptodate and set_buffer_uptodate - HID: wacom: Only report rotation for art pen - HID: wacom: Don't register pad_input for touch switch - [x86] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case - [x86] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case - [x86] KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 - [s390x] KVM: s390: pv: don't present the ecall interrupt twice - [x86] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value - [x86] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks - [x86] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP - [x86] KVM: x86: Tag kvm_mmu_x86_module_init() with __init - mm: Add kvrealloc() - xfs: only set IOMAP_F_SHARED when providing a srcmap to a write - xfs: fix I_DONTCACHE - mm/mremap: hold the rmap lock in write mode when moving page table entries. - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model - ALSA: hda/cirrus - support for iMac 12,1 model - ALSA: hda/realtek: Add quirk for another Asus K42JZ model - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED - tty: vt: initialize unicode screen buffer - vfs: Check the truncate maximum size in inode_newsize_ok() - fs: Add missing umask strip in vfs_tmpfile - thermal: sysfs: Fix cooling_device_stats_setup() error code path - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters - fbcon: Fix accelerated fbdev scrolling while logo is still shown - usbnet: Fix linkwatch use-after-free on disconnect - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error - [arm*] drm/vc4: hdmi: Disable audio if dmas property is present but empty - drm/nouveau: fix another off-by-one in nvbios_addr - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains - iio: light: isl29028: Fix the warning in isl29028_remove() - scsi: sg: Allow waiting for commands to complete on removed device - scsi: qla2xxx: Fix incorrect display of max frame size - scsi: qla2xxx: Zero undefined mailbox IN registers - fuse: limit nsec - [arm64] serial: mvebu-uart: uart2 error bits clearing - md-raid: destroy the bitmap after destroying the thread - md-raid10: fix KASAN warning - PCI: Add defines for normal and subtractive PCI bridges - [powerpc*] powernv: Avoid crashing if rng is NULL - [mips64el,mipsel] cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion - USB: HCD: Fix URB giveback issue in tasklet function - [arm64,armhf] usb: dwc3: gadget: refactor dwc3_repare_one_trb - [arm64,armhf] usb: dwc3: gadget: fix high speed multiplier setting - netfilter: nf_tables: fix null deref due to zeroed list head - epoll: autoremove wakers even more aggressively - [x86] Handle idle=nomwait cmdline properly for x86_idle - [arm64] Do not forget syscall when starting a new thread. - [arm64] fix oops in concurrently setting insn_emulation sysctls - genirq: Don't return error on missing optional irq_request_resources() - [mips64el,mipsel] irqchip/mips-gic: Only register IPI domain when SMP is enabled - genirq: GENERIC_IRQ_IPI depends on SMP - [mips64el,mipsel] irqchip/mips-gic: Check the return value of ioremap() in gic_of_init() - wait: Fix __wait_event_hrtimeout for RT/DL tasks - [armhf] OMAP2+: display: Fix refcount leak bug - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk - ACPI: PM: save NVS memory for Lenovo G40-45 - ACPI: LPSS: Fix missing check in register_device_clock() - [arm64] dts: allwinner: a64: orangepi-win: Fix LED node name - PM: hibernate: defer device probing when resuming from hibernation - selinux: Add boundary check in put_entry() - [armel,armhf] findbit: fix overflowing offset - [arm64,armhf] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init - ACPI: processor/idle: Annotate more functions to live in cpuidle section - Input: atmel_mxt_ts - fix up inverted RESET handler - [arm64] soc: amlogic: Fix refcount leak in meson-secure-pwrc.c - [x86] pmem: Fix platform-device leak in error path - [armhf] dts: ast2500-evb: fix board compatible - [armhf] dts: ast2600-evb: fix board compatible - [arm64] cpufeature: Allow different PMU versions in ID_DFR0_EL1 - locking/lockdep: Fix lockdep_init_map_*() confusion - [arm64] soc: fsl: guts: machine variable might be unset - block: fix infinite loop for invalid zone append - [armhf] OMAP2+: Fix refcount leak in omapdss_init_of - [armhf] OMAP2+: Fix refcount leak in omap3xxx_prm_late_init - [arm64] regulator: qcom_smd: Fix pm8916_pldo range - [arm64] ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP - [arm64] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() - erofs: avoid consecutive detection for Highmem memory - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created - hwmon: (drivetemp) Add module alias - block: remove the request_queue to argument request based tracepoints - blktrace: Trace remapped requests correctly - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() - dm: return early from dm_pr_call() if DM device is suspended - ath10k: do not enforce interrupt trigger type - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() - ath11k: fix netdev open race - drm/mipi-dbi: align max_chunk to 2 in spi_transfer - ath11k: Fix incorrect debug_mask mappings - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() - virtio-gpu: fix a missing check to avoid NULL dereference - [arm64] drm: adv7511: override i2c address of cec before accessing it - net: fix sk_wmem_schedule() and sk_rmem_schedule() errors - i2c: Fix a potential use after free - media: tw686x: Register the irq at the end of probe - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() - drm/radeon: fix incorrrect SPDX-License-Identifiers - [amd64] crypto: ccp - During shutdown, check SEV data pointer before using - [arm64] drm: bridge: adv7511: Add check for mipi_dsi_driver_register - media: hdpvr: fix error value returns in hdpvr_read - [arm64,armhf] media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set - media: tw686x: Fix memory leak in tw686x_video_init - [arm*] drm/vc4: plane: Remove subpixel positioning check - [arm*] drm/vc4: plane: Fix margin calculations for the right/bottom edges - [arm*] drm/vc4: dsi: Correct DSI divider calculations - [arm*] drm/vc4: dsi: Correct pixel order for DSI0 - [arm*] drm/vc4: drv: Remove the DSI pointer in vc4_drv - [arm*] drm/vc4: dsi: Use snprintf for the PHY clocks instead of an array - [arm*] drm/vc4: dsi: Introduce a variant structure - [arm*] drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type - [arm*] drm/vc4: dsi: Fix dsi0 interrupt support - [arm*] drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration - [arm*] drm/vc4: hdmi: Remove firmware logic for MAI threshold setting - [arm*] drm/vc4: hdmi: Avoid full hdmi audio fifo writes - [arm*] drm/vc4: hdmi: Don't access the connector state in reset if kmalloc fails - [arm*] drm/vc4: hdmi: Limit the BCM2711 to the max without scrambling - [arm*] drm/vc4: hdmi: Fix timings for interlaced modes - [arm*] drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes - [arm64,armhf] drm/rockchip: vop: Don't crash for invalid duplicate_state() - [arm64,armhf] drm/rockchip: Fix an error handling path rockchip_dp_probe() - lib: bitmap: order includes alphabetically - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() - hinic: Use the bitmap API when applicable - net: hinic: fix bug that ethtool get wrong stats - net: hinic: avoid kernel hung in hinic_get_stats64() - [arm64] drm/msm/mdp5: Fix global state lock backoff - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() - tcp: make retransmitted SKB fit into the send window - bpf: Fix subprog names in stack traces. - fs: check FMODE_LSEEK to control internal pipe splicing - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() - [i386] can: pch_can: do not report txerr and rxerr during bus-off - can: sja1000: do not report txerr and rxerr during bus-off - [armhf] can: sun4i_can: do not report txerr and rxerr during bus-off - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off - can: usb_8dev: do not report txerr and rxerr during bus-off - can: error: specify the values of data[5..7] of CAN error frames - [i386] can: pch_can: pch_can_error(): initialize errc before using it - Bluetooth: hci_intel: Add check for platform_driver_register - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue - wifi: libertas: Fix possible refcount leak in if_usb_probe() - [arm64,armhf] media: cedrus: hevc: Add check for invalid timestamp - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS - [arm64] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of - inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH() - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() - ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH() - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. - net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set - iavf: Fix max_rate limiting - net: rose: fix netdev reference changes - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock - wireguard: ratelimiter: use hrtimer in selftest - wireguard: allowedips: don't corrupt stack when detecting overflow - HID: cp2112: prevent a buffer overflow in cp2112_xfer() - mtd: partitions: Fix refcount leak in parse_redboot_of - [arm64,armhf] usb: xhci: tegra: Fix error check - netfilter: xtables: Bring SPDX identifier back - [arm64,armhf] platform/chrome: cros_ec: Always expose last resume result - KVM: Don't set Accessed/Dirty bits for ZERO_PAGE - mwifiex: Ignore BTCOEX events from the 88W8897 firmware - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv - misc: rtsx: Fix an error handling path in rtsx_pci_probe() - driver core: fix potential deadlock in __driver_attach - usb: host: xhci: use snprintf() in xhci_decode_trb() - [arm64,armhf] PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() - [arm64,armhf] PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists - soundwire: bus_type: fix remove and shutdown support - [arm64] KVM: arm64: Don't return from void function - [x86] intel_th: Fix a resource leak in an error handling path - [x86] intel_th: msu-sink: Potential dereference of null pointer - [x86] intel_th: msu: Fix vmalloced buffers - [x86] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback - [arm64] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch - mmc: block: Add single read for 4k sector cards - [s390x] KVM: s390: pv: leak the topmost page table when destroy fails - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() - [arm64] PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks - scsi: smartpqi: Fix DMA direction for RAID requests - [armhf] usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() - [arm64,armhf] usb: dwc3: core: Deprecate GCTL.CORESOFTRESET - [arm64,armhf] usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup - [arm64,armhf] usb: dwc3: qcom: fix missing optional irq warnings - RDMA/qedr: Improve error logs for rdma_alloc_tid error return - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() - [arm64] RDMA/hns: Fix incorrect clearing of interrupt status register - [amd64] RDMA/hfi1: fix potential memory leak in setup_base_ctxt() - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() - [mips64el,mipsel] mmc: cavium-octeon: Add of_node_put() when breaking out of loop - HID: alps: Declare U1_UNICORN_LEGACY support - USB: serial: fix tty-port initialized comments - [armhf,i386] platform/olpc: Fix uninitialized data in debugfs write - RDMA/srpt: Duplicate port name members - RDMA/srpt: Introduce a reference count in struct srpt_device - RDMA/srpt: Fix a use-after-free - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region - RDMA/mlx5: Add missing check for return value in get namespace flow - RDMA/rxe: Fix error unwind in rxe_create_qp() - null_blk: fix ida error handling in null_add_dev() - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() - ext4: recover csum seed of tmp_inode after migrating to extents - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted - opp: Fix error check in dev_pm_opp_attach_genpd() - serial: 8250: Export ICR access helpers for internal use - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() - profiling: fix shift too large makes kernel panic - tty: n_gsm: Delete gsmtty open SABM frame when config requester - tty: n_gsm: fix user open not possible at responder until initiator open - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() - tty: n_gsm: fix non flow control frames during mux flow off - tty: n_gsm: fix packet re-transmission without open control channel - tty: n_gsm: fix race condition in gsmld_write() - [arm64] ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() - vfio: Remove extra put/gets around vfio_device->group - vfio: Simplify the lifetime logic for vfio_device - vfio: Split creation of a vfio_device into init and register ops - tty: n_gsm: fix wrong T1 retry count handling - tty: n_gsm: fix DM command - tty: n_gsm: fix missing corner cases in gsmld_poll() - kfifo: fix kfifo_to_user() return type - lib/smp_processor_id: fix imbalanced instrumentation_end() call - [arm64] mfd: max77620: Fix refcount leak in max77620_initialise_fps - [arm64] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop - [s390x] dump: fix old lowcore virtual vs physical address confusion - fuse: Remove the control interface for virtio-fs - [armhf] ASoC: audio-graph-card: Add of_node_put() in fail path - [arm64] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() - [arm64,armhf] video: fbdev: amba-clcd: Fix refcount leak bugs - video: fbdev: sis: fix typos in SiS_GetModeID() - [powerpc*] pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias - f2fs: don't set GC_FAILURE_PIN for background GC - f2fs: write checkpoint during FG_GC - f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time - [powerpc*] xive: Fix refcount leak in xive_get_max_prio - kprobes: Forbid probing on trampoline and BPF code areas - [powerpc*] pci: Fix PHB numbering when using opal-phbid - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed - [amd64] x86/numa: Use cpumask_available instead of hardcoded NULL check - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() - sched: Fix the check of nr_running at queue wakelist - video: fbdev: vt8623fb: Check the size of screen before memset_io() - video: fbdev: arkfb: Check the size of screen before memset_io() - video: fbdev: s3fb: Check the size of screen before memset_io() - [s390x] scsi: zfcp: Fix missing auto port scan and thus missing target ports - scsi: qla2xxx: Fix discovery issues in FC-AL topology - scsi: qla2xxx: Turn off multi-queue for 8G adapters - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests - [x86] bugs: Enable STIBP for IBPB mitigated RETBleed - [x86] ftrace/x86: Add back ftrace_expected assignment - __follow_mount_rcu(): verify that mount_lock remains unchanged - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions - [x86] drm/i915/dg1: Update DMC_DEBUG3 register - HID: Ignore battery for Elan touchscreen on HP Spectre X360 15-df0xxx - HID: hid-input: add Surface Go battery quirk - [arm*] drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component - usbnet: smsc95xx: Don't clear read-only PHY interrupt - usbnet: smsc95xx: Avoid link settings race on interrupt reception - [x86] intel_th: pci: Add Meteor Lake-P support - [x86] intel_th: pci: Add Raptor Lake-S PCH support - [x86] intel_th: pci: Add Raptor Lake-S CPU support - [x86] KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors - [x86] KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) - [amd64] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) - PCI/AER: Write AER Capability only when we control it - PCI/ERR: Bind RCEC devices to the Root Port driver - PCI/ERR: Rename reset_link() to reset_subordinates() - PCI/ERR: Simplify by using pci_upstream_bridge() - PCI/ERR: Simplify by computing pci_pcie_type() once - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() - PCI/ERR: Avoid negated conditional for clarity - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() - PCI/ERR: Recover from RCEC AER errors - PCI/AER: Iterate over error counters instead of error strings - serial: 8250: Dissociate 4MHz Titan ports from Oxford ports - serial: 8250: Correct the clock for OxSemi PCIe devices - serial: 8250_pci: Refactor the loop in pci_ite887x_init() - serial: 8250_pci: Replace dev_*() by pci_*() macros - serial: 8250: Fold EndRun device support into OxSemi Tornado code - dm writecache: set a default MAX_WRITEBACK_JOBS - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback - timekeeping: contribute wall clock to rng on time change - btrfs: reject log replay if there is unsupported RO compat flag - btrfs: reset block group chunk force if we have to wait - [amd64,arm64] ACPI: CPPC: Do not prevent CPPC from working in the future - [x86] KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() - [x86] KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4() - [x86] KVM: SVM: Drop VMXE check from svm_set_cr4() - [x86] KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops hook - [x86] KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 - [x86] KVM: x86/pmu: preserve IA32_PERF_CAPABILITIES across CPUID refresh - [x86] KVM: x86/pmu: Use binary search to check filtered events - [x86] KVM: x86/pmu: Use different raw event masks for AMD and Intel - [x86] KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter - [x86] KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU - [x86] KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl - xen-blkback: fix persistent grants negotiation - xen-blkback: Apply 'feature_persistent' parameter when connect - xen-blkfront: Apply 'feature_persistent' parameter when connect - KEYS: asymmetric: enforce SM2 signature use pkey algo - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH - tracing: Use a struct alignof to determine trace event field alignment - ext4: check if directory block is within i_size (CVE-2022-1184) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h - ext4: fix warning in ext4_iomap_begin as race between bmap and write - ext4: make sure ext4_append() always allocates new block - ext4: fix use-after-free in ext4_xattr_set_entry - ext4: update s_overhead_clusters in the superblock during an on-line resize - ext4: fix extent status tree race in writeback error recovery path - ext4: correct max_inline_xattr_value_size computing - ext4: correct the misjudgment in ext4_iget_extra_inode - dm raid: fix address sanitizer warning in raid_resume - dm raid: fix address sanitizer warning in raid_status - KVM: Add infrastructure and macro to mark VM as bugged - [x86] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (CVE-2022-2153) - [x86] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (CVE-2022-2153) - mac80211: fix a memory leak where sta_info is not freed - tcp: fix over estimation in sk_forced_mem_schedule() - Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv" - [arm*] drm/vc4: change vc4_dma_range_matches from a global to static - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - [x86] kvm: x86/pmu: Fix the compare function used by the pmu event filter - [arm64] tee: add overflow check in register_shm_helper() - net/9p: Initialize the iounit field during fid creation - net_sched: cls_route: disallow handle of 0 - sched/fair: Fix fault in reweight_entity - btrfs: only write the sectors in the vertical stripe which has data stripes - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.138 - ALSA: info: Fix llseek return value when using callback - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU - [x86] mm: Use proper mask when setting PUD mapping - rds: add missing barrier to release_refill - ata: libata-eh: Add missing command name - [arm64] mmc: meson-gx: Fix an error handling path in meson_mmc_probe() - btrfs: fix lost error handling when looking up extended ref on log replay - tracing: Have filter accept "common_cpu" to be consistent - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II - can: ems_usb: fix clang's -Wunaligned-access warning - apparmor: fix quiet_denied for file rules - apparmor: fix absroot causing audited secids to begin with = - apparmor: Fix failed mount permission check error message - apparmor: fix aa_label_asxprint return check - apparmor: fix setting unconfined mode on a loaded profile - apparmor: fix overlapping attachment computation - apparmor: fix reference count leak in aa_pivotroot() - apparmor: Fix memleak in aa_simple_write_to_buffer() - Documentation: ACPI: EINJ: Fix obsolete example - NFSv4.1: Don't decrease the value of seq_nr_highest_sent - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly - NFSv4: Fix races in the legacy idmapper upcall - NFSv4.1: RECLAIM_COMPLETE must handle EACCES - NFSv4/pnfs: Fix a use-after-free bug in open - bpf: Acquire map uref in .init_seq_private for array map iterator - bpf: Acquire map uref in .init_seq_private for hash map iterator - bpf: Acquire map uref in .init_seq_private for sock local storage map iterator - bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator - bpf: Check the validity of max_rdwr_access for sock local storage map iterator - can: mcp251x: Fix race condition on receive interrupt - [amd64,arm64] net: atlantic: fix aq_vec index out of range error - sunrpc: fix expiry of auth creds - SUNRPC: Reinitialise the backchannel request buffers before reuse - virtio_net: fix memory leak inside XPD_TX with mergeable - devlink: Fix use-after-free after a failed reload - [arm64] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed - [arm64,armhf] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool - geneve: do not use RT_TOS for IPv6 flowlabel - ipv6: do not use RT_TOS for IPv6 flowlabel - [x86] plip: avoid rcu debug splat - vsock: Fix memory leak in vsock_connect() - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources - ceph: use correct index when encoding client supported features - ceph: don't leak snap_rwsem in handle_cap_grant - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` - xen/xenbus: fix return type in xenbus_file_read() - atm: idt77252: fix use-after-free bugs caused by tst_timer - geneve: fix TOS inheriting for ipv4 - [arm64] dpaa2-eth: trace the allocated address instead of page struct - iavf: Fix adminq error handling - netfilter: nf_tables: really skip inactive sets when allocating name - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified - [powerpc*] pci: Fix get_phb_number() locking - [arm64,armhf] spi: meson-spicc: add local pow2 clock ops to preserve rate between messages - [arm64,armhf] net: dsa: mv88e6060: prevent crash on an unused port - [arm64] net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters - net: genl: fix error path memory leak in policy dumping - ice: Ignore EEXIST when setting promisc mode - [arm64,armhf] i2c: imx: Make sure to unregister adapter on remove() - regulator: pca9450: Remove restrictions for regulator-name - i40e: Fix to stop tx_timeout recovery if GLOBR fails - [arm64,armhf] fec: Fix timer capture timing in `fec_ptp_enable_pps()` - [x86] stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() - igb: Add lock to avoid data race - kbuild: fix the modules order between drivers and libs - locking/atomic: Make test_and_*_bit() ordered on failure - [x86] ASoC: SOF: intel: move sof_intel_dsp_desc() forward - [arm64] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() - audit: log nftables configuration change events once per table - netfilter: nftables: add helper function to set the base sequence number - netfilter: add helper function to set up the nfnetlink header and use it - [armhf] drm/sun4i: dsi: Prevent underflow when computing packet sizes - PCI: Add ACS quirk for Broadcom BCM5750x NICs - [arm64,armhf] platform/chrome: cros_ec_proto: don't show MKBP version if unsupported - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info - [arm64,armhf] irqchip/tegra: Fix overflow implicit truncation warnings - [arm64] drm/meson: Fix overflow implicit truncation warnings - [armhf] clk: ti: Stop using legacy clkctrl names for omap4 and 5 - [arm*] usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch - [x86] vboxguest: Do not use devm for irq - uacce: Handle parent device removal or parent driver module rmmod - zram: do not lookup algorithm in backends table - [arm64] clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input - gadgetfs: ep_io - wait until IRQ finishes - [x86] pinctrl: intel: Check against matching data instead of ACPI companion - [powerpc*] cxl: Fix a memory leak in an error handling path - [arm64] PCI/ACPI: Guard ARM64-specific mcfg_quirks - RDMA/rxe: Limit the number of calls to each tasklet - md: Notify sysfs sync_completed in md_reap_sync_thread() - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown - drivers:md:fix a potential use-after-free bug - ext4: avoid remove directory when directory is corrupted - ext4: avoid resizing to a partial cluster size - lib/list_debug.c: Detect uninitialized lists - vfio: Clear the caps->buf to NULL after free - [mips64el,mipsel] cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start - modules: Ensure natural alignment for .altinstructions and __bug_table sections - watchdog: export lockup_detector_reconfigure - ALSA: core: Add async signal helpers - ALSA: timer: Use deferred fasync helper - ALSA: control: Use deferred fasync helper - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() - f2fs: fix to do sanity check on segment type in build_sit_entries() - smb3: check xattr value length earlier - [powerpc*] 64: Init jump labels before parse_early_param() - netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect() - netfilter: nf_tables: fix audit memory leak in nf_tables_commit - tracing/probes: Have kprobes and uprobes use $COMM too - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() - can: j1939: j1939_session_destroy(): fix memory leak of skbs - PCI/ERR: Retain status from error notification - qrtr: Convert qrtr_ports from IDR to XArray - bpf: Fix KASAN use-after-free Read in compute_effective_progs - [arm64] tee: fix memory leak in tee_shm_register() https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.139 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.140 - audit: fix potential double free on error path from fsnotify_add_inode_mark - pinctrl: amd: Don't save/restore interrupt status and wake status bits - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* - fs: remove __sync_filesystem - vfs: make sync_filesystem return errors from ->sync_fs - xfs: return errors in xfs_fs_sync_fs - xfs: only bother with sync_filesystem during readonly remount - kernel/sched: Remove dl_boosted flag comment - xfrm: fix refcount leak in __xfrm_policy_check() - xfrm: clone missing x->lastused in xfrm_do_migrate - af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028) - xfrm: policy: fix metadata dst->dev xmit null pointer dereference - NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() - NFSv4.2 fix problems with __nfs42_ssc_open - SUNRPC: RPC level errors should set task->tk_rpc_status - mm/huge_memory.c: use helper function migration_entry_to_page() - mm/smaps: don't access young/dirty bit if pte unpresent - rose: check NULL rose_loopback_neigh->loopback - ice: xsk: Force rings to be sized to power of 2 - ice: xsk: prohibit usage of non-balanced queue id - net/mlx5e: Properly disable vlan strip on non-UL reps - bonding: 802.3ad: fix no transmission of LACPDUs - net: ipvtap - add __init/__exit annotations to module init/exit funcs - netfilter: ebtables: reject blobs that don't provide all entry points - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips - netfilter: nft_payload: report ERANGE for too long offset and length - netfilter: nft_payload: do not truncate csum_offset and csum_type - netfilter: nf_tables: do not leave chain stats enabled on error - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families - netfilter: nft_tunnel: restrict it to netdev family - netfilter: nftables: remove redundant assignment of variable err - netfilter: nf_tables: consolidate rule verdict trace call - netfilter: nft_cmp: optimize comparison for 16-bytes - netfilter: bitwise: improve error goto labels - netfilter: nf_tables: upfront validation of data via nft_data_init() - netfilter: nf_tables: disallow jump to implicit chain from set element - netfilter: nf_tables: disallow binding to already bound chain (CVE-2022-39190) - tcp: tweak len/truesize ratio for coalesce candidates - net: Fix data-races around sysctl_[rw]mem(_offset)?. - net: Fix data-races around sysctl_[rw]mem_(max|default). - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. - net: Fix data-races around netdev_max_backlog. - net: Fix data-races around netdev_tstamp_prequeue. - ratelimit: Fix data-races in ___ratelimit(). - bpf: Folding omem_charge() into sk_storage_charge() - net: Fix data-races around sysctl_optmem_max. - net: Fix a data-race around sysctl_tstamp_allow_data. - net: Fix a data-race around sysctl_net_busy_poll. - net: Fix a data-race around sysctl_net_busy_read. - net: Fix a data-race around netdev_budget. - net: Fix a data-race around netdev_budget_usecs. - net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. - net: Fix data-races around sysctl_devconf_inherit_init_net. - net: Fix a data-race around sysctl_somaxconn. - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter - rxrpc: Fix locking in rxrpc's sendmsg - btrfs: fix silent failure when deleting root reference - btrfs: replace: drop assert for suspended replace - btrfs: add info when mount fails due to stale replace target - btrfs: check if root is readonly while setting security xattr - [x86] perf/x86/lbr: Enable the branch type for the Arch LBR by default - [amd64] x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry - [x86] bugs: Add "unknown" reporting for MMIO Stale Data - loop: Check for overflow while configuring loop - asm-generic: sections: refactor memory_intersects - [s390x] fix double free of GS and RI CBs on fork() failure - [x86] ACPI: processor: Remove freq Qos request for all CPUs - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() - mm/hugetlb: fix hugetlb not supporting softdirty tracking - Revert "md-raid: destroy the bitmap after destroying the thread" - md: call __md_stop_writes in md_stop - [arm64] Fix match_list for erratum 1286807 on Arm Cortex-A76 - Documentation/ABI: Mention retbleed vulnerability info file for sysfs - blk-mq: fix io hung due to missing commit_rqs - [x86] perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU - [x86] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq - bpf: Don't use tnum_range on array range checking for poke descriptors (CVE-2022-2905) . [ Salvatore Bonaccorso ] * Bump ABI to 18 * certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux" certificate (Closes: #1018752) * [x86] nospec: Unwreck the RSB stuffing * [x86] nospec: Fix i386 RSB stuffing (Closes: #1017425) * mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188) * Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" * bpf: Don't redirect packets with invalid pkt_len * mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse * net/af_packet: check len when min_header_len equals to 0 Checksums-Sha1: e8c0f95fbba96a98ddc9cbaa12aef24a37e3f4f6 42421 linux-5.10_5.10.149-2~deb10u1.dsc 3faa70854998ee99b726bc5325495a1b6d688255 121760420 linux-5.10_5.10.149.orig.tar.xz 3e814cb2ea3e1ea1a47648f542700ab62d7db90a 1530240 linux-5.10_5.10.149-2~deb10u1.debian.tar.xz 4e08fe4328508376cfc295de63ba44caaa288fcf 13716 linux-5.10_5.10.149-2~deb10u1_source.buildinfo Checksums-Sha256: cd8b51b1ceafcc042c06f0453b1ee1ed8bd833548ac47ffe45c0373b2accfc92 42421 linux-5.10_5.10.149-2~deb10u1.dsc 3b39e80fcb2664d07c043d9702434ea6b25e65d520dd42de3542097b0077c635 121760420 linux-5.10_5.10.149.orig.tar.xz d0eae0fce7e89bea043a5192398be8fd49f56833a7d27a5b4fa7e00113fda63f 1530240 linux-5.10_5.10.149-2~deb10u1.debian.tar.xz d39c71b31d00257e52c2440b42b71dc789de1228ce546f2027afebd81489300d 13716 linux-5.10_5.10.149-2~deb10u1_source.buildinfo Files: d371e06297fb13063b59578bf2d0cbc0 42421 kernel optional linux-5.10_5.10.149-2~deb10u1.dsc 95abcf88e1ba3924656e41a29f148e4c 121760420 kernel optional linux-5.10_5.10.149.orig.tar.xz 408cfbb9e868e8f29a38ab423954b92e 1530240 kernel optional linux-5.10_5.10.149-2~deb10u1.debian.tar.xz f4aca8466d4cfddf84474dd4a5b638e6 13716 kernel optional linux-5.10_5.10.149-2~deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmNdPIkACgkQ57/I7JWG EQnmyA//TMJPdklEzh//0Yl7uO/oOtuR23p7YdAKeiEe5zmyhBG0ZGGQimGWsMpY FG8J32vDEpThvN8bSTupwR9K7cBt6YBUSJHh/OHEWu4wWsv5vHBxXUBMZ5Gcx2+r I2LGRzNJ6B0SG074lgx/YRusNOcI5oKoMYxm6V3n3ECsbyNWv9PaWRcHSe95X6x9 81X1AfCTanGP2DDJXiCW81OiRYonzV3Ow/qyZKtR0kHzkyPtmztClSoBCxmvhL0c 09OEXVosK/l9vtQQzXzy9LIqcgSakoe2DiNH4AhLpiz7k8QBUbbFN7eNbO3W6Uvk kwiF6wXWEQNTx4A/9wjve3AXfYRpPEPEKWMbBRXA4kt+sn0SW/vnDOQAmmZUzzyd 6ugoAO9IF0AuNpl3udVfo/wuTtMV+ZCiZxCuJJCtdI8QJH2Gm6eSIerloqTYd24r cpx5lgeHvsGFgIW73anH/FmwIZoYr4GPe9Iv+oyMsrLRQUDkxaRnX5cFWRDXcpXU WmZElriD9qE84HJWHqQZ1zphL33EP54PHCW9bhCPd/FRqoWxo5Lr+b1MRdE0/sTr VvnysQ9WJHnUwSzDkBWTTbOovLxII901sS07U2NjayBxUOLgoTXNpDzYgHq133eX t+wxKkWTb3317jYwiPzMyMpTBaTT0zf+LglAY+KdB41QASxLNMc= =30/y -----END PGP SIGNATURE-----