-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 May 2024 14:40:24 +0200
Source: linux-signed-amd64
Architecture: source
Version: 5.10.216+1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-amd64 (5.10.216+1) bullseye-security; urgency=high
.
* Sign kernel from linux 5.10.216-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- units: change from 'L' to 'UL'
- units: add the HZ macros
- spi: introduce SPI_MODE_X_MASK macro
- iio: adc: ad7091r: Set alert bit in config register
- iio: adc: ad7091r: Allow users to configure device events
- iio: adc: ad7091r: Enable internal vref if external vref is not supplied
- dmaengine: fix NULL pointer in channel unregistration function
- iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
- ext4: allow for the last group to be marked as trimmed
- crypto: api - Disallow identical driver names
- PM: hibernate: Enforce ordering during image compression/decompression
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
- [s390x] crypto: s390/aes - Fix buffer overread in CTR mode
- bus: mhi: host: Drop chan lock before queuing buffers
- async: Split async_schedule_node_domain()
- async: Introduce async_schedule_dev_nocall()
- [arm64] dts: qcom: sdm845: fix USB wakeup interrupt types
- [arm64] dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
- lsm: new security_file_ioctl_compat() hook
- scripts/get_abi: fix source path leak
- mmc: core: Use mrq.sbc in close-ended ffu
- mmc: mmc_spi: remove custom DMA mapped buffers
- rtc: Adjust failure return code for cmos_set_alarm()
- nouveau/vmm: don't set addr on the fail path to avoid warning
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
- rename(): fix the locking of subdirectories
- block: Remove special-casing of compound pages
- mm: vmalloc: introduce array allocation functions
- KVM: use __vcalloc for very large allocations
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
- tcp: make sure init the accept_queue's spinlocks once
- bnxt_en: Wait for FLR to complete during probe
- vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
- llc: make llc_ui_sendmsg() more robust against bonding changes
- llc: Drop support for ETH_P_TR_802_2.
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
(CVE-2024-23849)
- tracing: Ensure visibility when inserting an element into tracing_map
- afs: Hide silly-rename files from userspace
- tcp: Add memory barrier to tcp_push()
- netlink: fix potential sleeping issue in mqueue_flush_file
- ipv6: init the accept_queue's spinlocks in inet6_create
- net/mlx5: DR, Use the right GVMI number for drop action
- net/mlx5e: fix a double-free in arfs_create_groups
- netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
- netfilter: nf_tables: validate NFPROTO_* family
- net: mvpp2: clear BM pool before initialization
- fjes: fix memleaks in fjes_hw_setup
- net: fec: fix the unhandled context fault from smmu
- btrfs: ref-verify: free ref cache before clearing mount opt
- btrfs: tree-checker: fix inline ref size in error messages
- btrfs: don't warn if discard range is not aligned to sector
- btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
- btrfs: don't abort filesystem when attempting to snapshot deleted
subvolume
- rbd: don't move requests to the running list on errors
- exec: Fix error handling in begin_new_exec()
- wifi: iwlwifi: fix a memory corruption
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress
basechain
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
- drm: Don't unref the same fb many times by mistake due to deadlock
handling
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
- drm/tidss: Fix atomic_flush check
- drm/bridge: nxp-ptn3460: simplify some error checking
- PM: sleep: Use dev_printk() when possible
- PM: sleep: Avoid calling put_device() under dpm_list_mtx
- PM: core: Remove unnecessary (void *) conversions
- PM: sleep: Fix possible deadlocks in core system-wide PM code
- fs/pipe: move check to pipe_has_watch_queue()
- pipe: wakeup wr_wait after setting max_usage
- [arm64] dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC
interrupts
- [arm64] dts: qcom: sc7180: fix USB wakeup interrupt types
- mm: use __pfn_to_section() instead of open coding it
- mm/sparsemem: fix race in accessing memory_section->usage
- btrfs: remove err variable from btrfs_delete_subvolume
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume
being deleted
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
- [armhf] drm/exynos: fix accidental on-stack copy of exynos_drm_plane
- [armhf] drm/exynos: gsc: minor fix for loop iteration in
gsc_runtime_resume
- gpio: eic-sprd: Clear interrupt after set the interrupt type
- spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
- [mips*] Call lose_fpu(0) before initializing fcr31 in
mips_set_personality_nan
- tick/sched: Preserve number of idle sleeps across CPU hotplug events
- [x86] entry/ia32: Ensure s32 is sign extended to s64
- [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
- drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
- [powerpc*] Fix build error due to is_valid_bugaddr()
- [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
- [x86] boot: Ignore NMIs during very early boot
- [powerpc*] pmd_move_must_withdraw() is only needed for
CONFIG_TRANSPARENT_HUGEPAGE
- [powerpc*] lib: Validate size for vector operations
- [x86] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
kernel
- perf/core: Fix narrow startup race when creating the perf nr_addr_filters
sysfs file
- debugobjects: Stop accessing objects after releasing hash bucket lock
- regulator: core: Only increment use_count when enable_count changes
- audit: Send netlink ACK before setting connection in auditd_set
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
- PNP: ACPI: fix fortify warning
- ACPI: extlog: fix NULL pointer dereference check
- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
events
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
- jfs: fix slab-out-of-bounds Read in dtSearch
- jfs: fix array-index-out-of-bounds in dbAdjTree
- jfs: fix uaf in jfs_evict_inode
- pstore/ram: Fix crash when setting number of cpus to an odd number
- crypto: stm32/crc32 - fix parsing list of devices
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
- rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
- jfs: fix array-index-out-of-bounds in diNewExt
- [s390x] ptrace: handle setting of fpc register correctly
- [s390x] KVM: s390: fix setting of fpc register
- SUNRPC: Fix a suspicious RCU usage warning
- ecryptfs: Reject casefold directory inodes
- ext4: fix inconsistent between segment fstrim and full fstrim
- ext4: unify the type of flexbg_size to unsigned int
- ext4: remove unnecessary check from alloc_flex_gd()
- ext4: avoid online resizing failures due to oversized flex bg
- wifi: rt2x00: restart beacon queue when hardware reset
- scsi: lpfc: Fix possible file string name overflow when updating firmware
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
- bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus()
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
- scsi: libfc: Don't schedule abort twice
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
- bpf: Set uattr->batch.count as zero before batched update or deletion
- ionic: pass opcode to devcmd_wait
- block/rnbd-srv: Check for unlikely string overflow
- [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
path
- block: prevent an integer overflow in bvec_try_merge_hw_page
- md: Whenassemble the array, consult the superblock of the freshest device
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
- Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
- Bluetooth: L2CAP: Fix possible multiple reject send
- i40e: Fix VF disable behavior to block all traffic
- f2fs: fix to check return value of f2fs_reserve_new_block()
- ALSA: hda: Refer to correct stream index at loops
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
- fast_dput(): handle underflows gracefully
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join
- drm/amd/display: Fix tiled display misalignment
- f2fs: fix write pointers on zoned device after roll forward
- drm/drm_file: fix use of uninitialized variable
- drm/framebuffer: Fix use of uninitialized variable
- drm/mipi-dsi: Fix detach call without attach
- media: stk1160: Fixed high volume of stk1160_dbg messages
- [x86] PCI: add INTEL_HDA_ARL to pci_ids.h
- [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
- [x86] ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
- [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
time
- IB/ipoib: Fix mcast list locking
- media: ddbridge: fix an error code problem in ddb_probe
- [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
- clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
- clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
- drm/amdgpu: Let KFD sync with VM fences
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
- leds: trigger: panic: Don't register panic notifier if creating the
trigger failed
- i3c: master: cdns: Update maximum prescaler value for i2c clock
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
- mfd: ti_am335x_tscadc: Fix TI SoC dependencies
- PCI: Only override AMD USB controller if required
- PCI: switchtec: Fix stdev_release() crash after surprise hot remove
- usb: hub: Replace hardcoded quirk value with BIT() macro
- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
- fs/kernfs/dir: obey S_ISGID
- PCI/AER: Decode Requester ID when no error info found
- libsubcmd: Fix memory leak in uniq()
- virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a
region of size 10" warnings
- blk-mq: fix IO hang from sbitmap wakeup race
- ceph: fix deadlock or deadcode of misusing dget()
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
'get_platform_power_management_table()'
- drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()'
- perf: Fix the nr_addr_filters fix
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
- drm: using mul_u32_u32() requires linux/math64.h
- scsi: isci: Fix an error code problem in isci_io_request_build()
- scsi: core: Introduce enum scsi_disposition
- scsi: core: Move scsi_host_busy() out of host lock for waking up EH
handler
- ip6_tunnel: use dev_sw_netstats_rx_add()
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
- net-zerocopy: Refactor frag-is-remappable test.
- tcp: add sanity checks to rx zerocopy
- ixgbe: Remove non-inclusive language
- ixgbe: Refactor returning internal error codes
- ixgbe: Refactor overtemp event handling
- ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
- llc: call sock_orphan() at release time
- netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
expectations
- net: ipv4: fix a memleak in ip_setup_cork
- af_unix: fix lockdep positive in sk_diag_dump_icons()
- net: sysfs: Fix /sys/class/net/<iface> path
- HID: apple: Add support for the 2021 Magic Keyboard
- HID: apple: Add 2021 magic keyboard FN key mapping
- bonding: remove print in bond_verify_device_path
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
- PM: sleep: Fix error handling in dpm_prepare()
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
- dmaengine: ti: k3-udma: Report short packet errors
- dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
- dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(CVE-2024-26600)
- [arm64] drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case
- net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
- tunnels: fix out of bounds access when building IPv6 PMTU error
- atm: idt77252: fix a memleak in open_card_ubr0
- hwmon: (aspeed-pwm-tacho) mutex for tach reading
- [x86] hwmon: (coretemp) Fix out-of-bounds memory access
- [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
- inet: read sk->sk_family once in inet_recv_error()
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
- tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
- ppp_async: limit MRU to 64K
- netfilter: nft_compat: reject unused compat flag
- netfilter: nft_compat: restrict match/target protocol to u16
- netfilter: nft_ct: reject direction for ct id
- netfilter: nft_set_pipapo: store index in scratch maps
- netfilter: nft_set_pipapo: add helper to release pcpu scratch area
- netfilter: nft_set_pipapo: remove scratch_aligned pointer
- scsi: core: Move scsi_host_busy() out of host lock if it is for
per-command
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning
- net/af_iucv: clean up a try_then_request_module()
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
- USB: serial: option: add Fibocom FM101-GL variant
- USB: serial: cp210x: add ID for IMST iM871A-USB
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
- hrtimer: Report offline hrtimer enqueue
- Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
- vhost: use kzalloc() instead of kmalloc() followed by memset()
- clocksource: Skip watchdog check for large watchdog intervals
- net: stmmac: xgmac: use #define for string constants
- net: stmmac: xgmac: fix a typo of register name in DPP safety handling
- netfilter: nft_set_rbtree: skip end interval element from gc
(CVE-2024-26581)
- btrfs: forbid creating subvol qgroups
- btrfs: do not ASSERT() if the newly created subvolume already got read
(CVE-2024-23850)
- btrfs: forbid deleting live subvol qgroup
- btrfs: send: return EOPNOTSUPP on unknown flags
- of: unittest: Fix compile in the non-dynamic case
- net: openvswitch: limit the number of recursions from action sets
(CVE-2024-1151)
- spi: ppc4xx: Drop write-only variable
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
- net: sysfs: Fix /sys/class/net/<iface> path for statistics
- [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
- i40e: Fix waiting for queues of all VSIs to be disabled
- tracing/trigger: Fix to return error if failed to alloc snapshot
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
- ALSA: hda/realtek: Fix the external mic not being recognised for Acer
Swift 1 SF114-32
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
- HID: wacom: generic: Avoid reporting a serial of '0' to userspace
- HID: wacom: Do not register input devices until after hid_hw_start
- usb: ucsi_acpi: Fix command completion handling
- USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
- usb: f_mass_storage: forbid async queue when shutdown happen
- media: ir_toy: fix a memleak in irtoy_tx
- i2c: i801: Remove i801_set_block_buffer_mode
- i2c: i801: Fix block process call transactions (CVE-2024-26593)
- modpost: trim leading spaces when processing source files list
- scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
- lsm: fix the logic in security_inode_getsecctx()
- firewire: core: correct documentation of fw_csr_string() kernel API
- kbuild: Fix changing ELF file type for output of gen_btf for big endian
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
- net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
- xen-netback: properly sync TX responses
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
- [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
- misc: fastrpc: Mark all sessions as invalid in cb_remove
- ext4: fix double-free of blocks due to wrong extents moved_len
- tracing: Fix wasted memory in saved_cmdlines logic
- staging: iio: ad5933: fix type mismatch regression
- iio: magnetometer: rm3100: add boundary check for the value read from
RM3100_REG_TMRC
- iio: accel: bma400: Fix a compilation problem
- media: rc: bpf attach/detach requires write permission
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
- ring-buffer: Clean ring_buffer_poll_wait() error return
- serial: max310x: set default value when reading clock ready bit
- serial: max310x: improve crystal stable clock detection
- [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
- mmc: slot-gpio: Allow non-sleeping GPIO ro
- ALSA: hda/conexant: Add quirk for SWS JS201D
- nilfs2: fix data corruption in dsync block recovery for small block sizes
- nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
- crypto: ccp - Fix null pointer dereference in
__sev_platform_shutdown_locked
- nfp: use correct macro for LengthSelect in BAR config
- nfp: flower: prevent re-adding mac index for bonded port
- wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
- [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
- ceph: prevent use-after-free in encode_cap_msg()
- of: property: fix typo in io-channels
- can: j1939: Fix UAF in j1939_sk_match_filter during
setsockopt(SO_J1939_FILTER)
- pmdomain: core: Move the unused cleanup to a _sync initcall
- tracing: Inform kmemleak of saved_cmdlines allocation
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
- bus: moxtet: Add spi device table
- PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support
- mips: Fix max_mapnr being uninitialized on early stages
- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
- serial: Add rs485_supported to uart_port
- serial: 8250_exar: Fill in rs485_supported
- serial: 8250_exar: Set missing rs485_supported flag
- scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm
- scripts/decode_stacktrace.sh: support old bash version
- scripts: decode_stacktrace: demangle Rust symbols
- scripts/decode_stacktrace.sh: optionally use LLVM utilities
- netfilter: ipset: fix performance regression in swap operation
- netfilter: ipset: Missing gc cancellations fixed
- hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
- Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"
- net: prevent mss overflow in skb_segment() (CVE-2023-52435)
- sched/membarrier: reduce the ability to hammer on sys_membarrier
(CVE-2024-26602)
- nilfs2: fix potential bug in end_buffer_async_write
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
- dm: limit the number of targets and parameter size area (CVE-2024-23851,
CVE-2023-52429)
- PM: runtime: add devm_pm_runtime_enable helper
- PM: runtime: Have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend()
- [arm64] drm/msm/dsi: Enable runtime PM
- netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
(CVE-2024-0607)
- net: bcmgenet: Fix EEE implementation
- PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
- net/sched: Retire CBQ qdisc
- net/sched: Retire ATM qdisc
- net/sched: Retire dsmark qdisc
- smb: client: fix OOB in receive_encrypted_standard() (CVE-2024-0565)
- smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
- smb: client: fix parsing of SMB3.1.1 POSIX create context
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
- userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
- zonefs: Improve error handling
- sched/rt: Fix sysctl_sched_rr_timeslice intial value
- sched/rt: Disallow writing invalid values to sched_rt_period_us
- scsi: target: core: Add TMF to tmr_list handling
- [arm64] dmaengine: fsl-qdma: increase size of 'irq_name'
- wifi: cfg80211: fix missing interfaces when dumping
- wifi: mac80211: fix race condition on enabling fast-xmit
- fbdev: savage: Error out if pixclock equals zero
- fbdev: sis: Error out if pixclock equals zero
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
- ahci: asm1166: correct count of reported ports
- ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found()
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_find_by_goal()
- [armhf] dmaengine: ti: edma: Add some null pointer checks to the
edma_probe
- [arm64] regulator: pwm-regulator: Add validity checks in continuous
.get_voltage
- nvmet-tcp: fix nvme tcp ida memory leak
- [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
- netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
sctp_new
- nvme-fc: do not wait in vain when unloading module
- nvmet-fcloop: swap the list_add_tail arguments
- nvmet-fc: release reference on target port
- nvmet-fc: abort command when there is no binding
- ext4: correct the hole length returned by ext4_map_blocks()
- Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
- efi: runtime: Fix potential overflow of soft-reserved region size
- efi: Don't add memblocks for soft-reserved memory
- [x86] hwmon: (coretemp) Enlarge per package core count limit
- scsi: lpfc: Use unsigned type for num_sge
- firewire: core: send bus reset promptly on gap count error
- virtio-blk: Ensure no requests in virtqueues before deleting vqs.
- [mips*] irqchip/mips-gic: Don't touch vl_map if a local interrupt is not
routable
- media: av7110: prevent underflow in write_ts_to_decoder()
- hvc/xen: prevent concurrent accesses to the shared ring
- [x86] uaccess: Implement macros for CMPXCHG on user addresses
- seccomp: Invalidate seccomp mode to catch death failures
- block: ataflop: fix breakage introduced at blk-mq refactoring
- [powerpc*] watchpoint: Workaround P10 DD1 issue with VSX-32 byte
instructions
- [powerpc*] watchpoints: Annotate atomic context in more places
- cifs: add a warning when the in-flight count goes negative
- mtd: spinand: macronix: Add support for MX35LFxGE4AD
- [x86] ASoC: Intel: boards: harden codec property handling
- [x86] ASoC: Intel: boards: get codec device with ACPI instead of bus
search
- [x86] ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after
use
- task_stack, x86/cea: Force-inline stack helpers
- btrfs: tree-checker: check for overlapping extent items
- btrfs: introduce btrfs_lookup_match_dir
- btrfs: unify lookup return value when dir entry is missing
- btrfs: do not pin logs too early during renames
- lan743x: fix for potential NULL pointer dereference with bare card
- [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13
x360 PC
- iwlwifi: mvm: do more useful queue sync accounting
- iwlwifi: mvm: write queue_sync_state only for sync
- jbd2: remove redundant buffer io error checks
- jbd2: recheck chechpointing non-dirty buffer
- jbd2: Fix wrongly judgement for buffer head removing while doing
checkpoint
- [x86] drop bogus "cc" clobber from __try_cmpxchg_user_asm()
- erofs: fix lz4 inplace decompression (CVE-2023-52497)
- [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
- [s390x] cio: fix invalid -EBUSY on ccw_device_start
- dm-crypt: don't modify the data when using authenticated encryption
- [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
- [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table()
- gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
- PCI/MSI: Prevent MSI hardware interrupt number truncation
- l2tp: pass correct message length to ip6_append_data
- [x86] Revert "x86/ftrace: Use alternative RET encoding"
- [x86] text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR
- [x86] ibt,paravirt: Use text_gen_insn() for paravirt_patch()
- [x86] ftrace: Use alternative RET encoding
- [x86] returnthunk: Allow different return thunks
- [x86] Revert "x86/alternative: Make custom return thunk unconditional"
- [x86] alternative: Make custom return thunk unconditional
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
- mptcp: fix lockless access in subflow ULP diag
- [amd64] IB/hfi1: Fix a memleak in init_credit_return
- RDMA/bnxt_re: Return error for SRQ resize
- RDMA/srpt: Support specifying the srpt_service_guid parameter
- RDMA/qedr: Fix qedr_create_user_qp error flow
- [arm64] dts: rockchip: set num-cs property for spi on px30
- RDMA/srpt: fix function pointer cast warnings
- bpf, scripts: Correct GPL license name
- scsi: jazz_esp: Only build if SCSI core is builtin
- nouveau: fix function cast warnings
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
- afs: Increase buffer size in afs_update_volume_status()
- ipv6: sr: fix possible use-after-free and null-ptr-deref
- packet: move from strlcpy with unused retval to strscpy
- net: dev: Convert sa_data to flexible array in struct sockaddr
- [s390x] use the correct count for __iowrite64_copy()
- netfilter: nf_tables: set dormant flag on hook register failure
- drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
set
- drm/amd/display: Fix memory leak in dm_sw_fini()
- block: ataflop: more blk-mq refactoring fixes
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
- arp: Prevent overflow in arp_req_get().
- ext4: regenerate buddy after block freeing failed if under fc replay
(CVE-2024-26601)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.212
- [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
ACPI names
- crypto: virtio/akcipher - Fix stack overflow on memcpy
- netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
- net: ip_tunnel: prevent perpetual headroom growth
- tun: Fix xdp_rxq_info's queue_index when detaching
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
- Bluetooth: Avoid potential use-after-free in hci_error_reset
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
- Bluetooth: Enforce validation on max value of connection interval
- netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
- rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
- efi/capsule-loader: fix incorrect allocation size
- ALSA: Drop leftover snd-rtctimer stuff from Makefile
- afs: Fix endless loop in directory parsing
- tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
- gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
- wifi: nl80211: reject iftype change with mesh ID change
- btrfs: dev-replace: properly validate device names
- [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
- [arm64] dmaengine: fsl-qdma: init irq after reg initialization
- mmc: core: Fix eMMC initialization with 1-bit bus connection
- [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
- [arm64] mmc: sdhci-xenon: fix PHY init clock stability
- [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
- [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
- mptcp: fix possible deadlock in subflow diag
- ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
- cachefiles: fix memory leak in cachefiles_add_cache()
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(CVE-2024-0841)
- gpiolib: Fix the error path order in gpiochip_add_data_with_key()
- gpio: fix resource unwinding order in error path
- mptcp: fix double-free on socket dismantle
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.213
- [arm64,armhf] mmc: mmci: stm32: use a buffer for unaligned DMA requests
- [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
- lan78xx: Fix white space and style issues
- lan78xx: Add missing return code checks
- lan78xx: Fix partial packet errors on suspend/resume
- lan78xx: Fix race conditions in suspend/resume handling
- net: lan78xx: fix runtime PM count underflow on link stop
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
- i40e: disable NAPI right after disabling irqs when handling xsk_pool
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
- geneve: make sure to pull inner header in geneve_rx()
- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
- cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
- net/rds: fix WARNING in rds_conn_connect_if_down
- netfilter: nft_ct: fix l3num expectations with inet pseudo family
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range
- netrom: Fix a data-race around sysctl_netrom_default_path_quality
- netrom: Fix a data-race around
sysctl_netrom_obsolescence_count_initialiser
- netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
- netrom: Fix a data-race around sysctl_netrom_transport_timeout
- netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
- netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
- netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
- netrom: Fix a data-race around
sysctl_netrom_transport_requested_window_size
- netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
- netrom: Fix a data-race around sysctl_netrom_routing_control
- netrom: Fix a data-race around sysctl_netrom_link_fails_count
- netrom: Fix data-races around sysctl_net_busy_read
- xhci: remove extra loop in interrupt context
- xhci: prevent double-fetch of transfer and transfer event TRBs
- xhci: process isoc TD properly when there was a transaction error mid TD.
- xhci: handle isoc Babble and Buffer Overrun events properly
- net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
- bpf: net: Change sk_getsockopt() to take the sockptr_t argument
- lsm: make security_socket_getpeersec_stream() sockptr_t safe
- lsm: fix default return value of the socket_getpeersec_*() hooks
- ext4: make ext4_es_insert_extent() return void
- ext4: refactor ext4_da_map_blocks()
- ext4: convert to exclusive lock while inserting delalloc extents
- [x86] Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
hardening
- [x86] hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
hardening
- [x86] hv_netvsc: Wait for completion on request SWITCH_DATA_PATH
- [x86] hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove
- [x86] hv_netvsc: Make netvsc/VF binding check both MAC and serial number
- [x86] hv_netvsc: use netif_is_bond_master() instead of open code
- [x86] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
- mm/hugetlb: change hugetlb_reserve_pages() to type bool
- mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
- getrusage: add the "signal_struct *sig" local variable
- getrusage: move thread_group_cputime_adjusted() outside of
lock_task_sighand()
- getrusage: use __for_each_thread()
- getrusage: use sig->stats_lock rather than lock_task_sighand()
- [x86] Drivers: hv: vmbus: Drop error message when 'No request id
available'
- regmap: allow to define reg_update_bits for no bus configuration
- regmap: Add bulk read/write callbacks into regmap_config
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
- io_uring/unix: drop usage of io_uring socket
- io_uring: drop any code related to SCM_RIGHTS
- rcu-tasks: Provide rcu_trace_implies_rcu_gp()
- bpf: Defer the free of inner map when necessary (CVE-2023-52447)
- ASoC: rt5645: Make LattePanda board DMI match more precise
- [x86] xen: Add some null pointer checking to smp.c
- [mips*] Clear Cause.BD in instruction_pointer_set
- HID: multitouch: Add required quirk for Synaptics 0xcddc device
- gen_compile_commands: fix invalid escape sequence warning
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment
- RDMA/mlx5: Relax DEVX access upon modify commands
- [x86] mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
- [x86] mm: Disallow vsyscall page read for copy_from_kernel_nofault()
- net/iucv: fix the allocation size of iucv_path_table array
- block: sed-opal: handle empty atoms when parsing response
- dm-verity, dm-crypt: align "struct bvec_iter" correctly
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(CVE-2024-22099)
- firewire: core: use long bus reset on gap count error
- [x86] ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8
tablet
- Input: gpio_keys_polled - suppress deferred probe error for gpio
- [x86] paravirt: Fix build due to __text_gen_insn() backport
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
- nbd: null check for nla_nest_start
- fs/select: rework stack allocation hack for clang
- block: add a new set_read_only method
- md: implement ->set_read_only to hook into BLKROSET processing
- md: Don't clear MD_CLOSING when the raid is about to stop
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
(CVE-2023-6270)
- timekeeping: Fix cross-timestamp interpolation on counter wrap
- timekeeping: Fix cross-timestamp interpolation corner case decision
- timekeeping: Fix cross-timestamp interpolation for non-x86
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled
- wifi: b43: Disable QoS for bcm4331
- wifi: wilc1000: fix declarations ordering
- wifi: wilc1000: fix RCU usage in connect path
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
- wifi: wilc1000: fix multi-vif management when deleting a vif
- wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir()
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
- sock_diag: annotate data-races around sock_diag_handlers[family]
- inet_diag: annotate data-races around inet_diag_table[]
- bpftool: Silence build warning about calloc()
- af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
- wifi: iwlwifi: dbg-tlv: ensure NUL termination
- wifi: iwlwifi: fix EWRD table validity check
- net: blackhole_dev: fix build warning for ethh set but not used
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
- bpf: Factor out bpf_spin_lock into helpers.
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
- wireless: Remove redundant 'flush_workqueue()' calls
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all
interfaces
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
- [amd64] iommu/amd: Mark interrupt as managed
- wifi: brcmsmac: avoid function pointer casts
- net: ena: Remove ena_select_queue
- ACPI: scan: Fix device check notification handling
- [x86] relocs: Ignore relocations in .notes section (CVE-2024-26816)
- SUNRPC: fix some memleaks in gssx_dec_option_array
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the
.remove function
- wifi: rtw88: 8821c: Fix false alarm count
- PCI: Make pci_dev_is_disconnected() helper public for other drivers
- [amd64] iommu/vt-d: Don't issue ATS Invalidation request when device is
disconnected
- igb: move PEROUT and EXTTS isr logic to separate functions
- igb: Fix missing time sync events
- Bluetooth: Remove superfluous call to hci_conn_check_pending()
- Bluetooth: hci_core: Fix possible buffer overflow
- sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
- bpf: Eliminate rlimit-based memory accounting for devmap maps
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
- bpf: Fix hashtab overflow check on 32-bit arches
- bpf: Fix stackmap overflow check on 32-bit arches
- ipv6: fib6_rules: flush route cache when rule is changed
- net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
- net: phy: fix phy_get_internal_delay accessing an empty array
- net: hns3: fix port duplex configure error in IMP reset
- net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
- net: phy: dp83822: Fix RGMII TX delay configuration
- OPP: debugfs: Fix warning around icc_get_name()
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt()
function
- net/ipv4: Replace one-element array with flexible-array member
- net/ipv4: Revert use of struct_size() helper
- net/ipv4/ipv6: Replace one-element arraya with flexible-array members
- bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
- ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
function
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
function
- udp: fix incorrect parameter validation in the udp_lib_getsockopt()
function
- net: kcm: fix incorrect parameter validation in the kcm_getsockopt)
function
- nfp: flower: handle acti_netdevs allocation failure
- dm raid: fix false positive for requeue needed during reshape
- dm: call the resume method on internal suspend
- [arm64,armhf] drm/tegra: dsi: Add missing check for of_find_device_by_node
- [arm64,armhf] drm/tegra: dsi: Make use of the helper function
dev_err_probe()
- [arm64,armhf] drm/tegra: dsi: Fix some error handling paths in
tegra_dsi_probe()
- [arm64,armhf] drm/tegra: dsi: Fix missing pm_runtime_disable() in the
error handling path of tegra_dsi_probe()
- [arm64,armhf] drm/tegra: output: Fix missing i2c_put_adapter() in the
error handling paths of tegra_output_probe()
- drm/rockchip: inno_hdmi: Fix video timing
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil
- drm/rockchip: lvds: do not overwrite error code
- drm/rockchip: lvds: do not print scary message when probing defer
- drm/lima: fix a memleak in lima_heap_alloc
- dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
- media: tc358743: register v4l2 async device only after successful setup
- PCI/DPC: Print all TLP Prefixes, not just the first
- perf record: Fix possible incorrect free in record__switch_output()
- HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
- drm/amd/display: Fix a potential buffer overflow in
'dp_dsc_clock_en_read()'
- drm/amd/display: Fix potential NULL pointer dereferences in
'dcn10_set_output_transfer_func()'
- perf evsel: Fix duplicate initialization of data->id in
evsel__parse_sample()
- media: em28xx: annotate unchecked call to media_device_register()
- media: v4l2-tpg: fix some memleaks in tpg_alloc
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
- media: edia: dvbdev: fix a use-after-free
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192
- [arm64] clk: qcom: reset: Commonize the de/assert functions
- [arm64] clk: qcom: reset: Ensure write completion on reset de/assertion
- quota: simplify drop_dquot_ref()
- quota: Fix potential NULL pointer dereference
- quota: Fix rcu annotations of inode dquot pointers
- PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
- crypto: xilinx - call finalize with bh disabled
- perf thread_map: Free strlist on normal path in
thread_map__new_by_tid_str()
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
- ALSA: seq: fix function cast warnings
- perf stat: Avoid metric-only segv
- media: sun8i-di: Fix coefficient writes
- media: sun8i-di: Fix power on/off sequences
- media: sun8i-di: Fix chroma difference threshold
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
- media: go7007: add check of return value of go7007_read_addr()
- media: pvrusb2: remove redundant NULL check
- media: pvrusb2: fix pvr2_stream_callback casts
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
- [arm64] clk: hisilicon: hi3519: Release the correct number of gates in
hi3519_clk_unregister()
- [arm64,armhf] drm/tegra: put drm_gem_object ref on error in
tegra_fb_create
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes
a ref
- crypto: arm/sha - fix function cast warnings
- drm/tidss: Fix initial plane zpos values
- mtd: maps: physmap-core: fix flash size larger than 32-bit
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
- media: pvrusb2: fix uaf in pvr2_context_set_notify
- media: dvb-frontends: avoid stack overflow warnings with clang
- media: go7007: fix a memleak in go7007_load_encoder
- media: ttpci: fix two memleaks in budget_av_attach
- media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
- powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
- [arm64] drm/msm/dpu: add division of drm_display_mode's hskew parameter
- [powerpc*] embedded6xx: Fix no previous prototype for avr_uart_send() etc.
- leds: aw2013: Unlock mutex before destroying it
- leds: sgm3140: Add missing timer cleanup and flash gpio control
- backlight: lm3630a: Initialize backlight_properties on init
- backlight: lm3630a: Don't set bl->props.brightness in get_brightness
- backlight: da9052: Fully initialize backlight_properties during probe
- backlight: lm3639: Fully initialize backlight_properties during probe
- backlight: lp8788: Fully initialize backlight_properties during probe
- clk: Fix clk_core_get NULL dereference
- ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
- ALSA: usb-audio: Stop parsing channels bits when all channels are found.
- RDMA/srpt: Do not register event handler until srpt device is fully setup
- f2fs: compress: fix to check unreleased compressed cluster
- scsi: csiostor: Avoid function pointer casts
- RDMA/device: Fix a race between mad_client and cm_client init
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
- NFSv4.2: fix listxattr maximum XDR buffer size
- watchdog: stm32_iwdg: initialize default timeout
- NFS: Fix an off by one in root_nfs_cat()
- afs: Revert "afs: Hide silly-rename files from userspace"
- [armhf] remoteproc: stm32: Constify st_rproc_ops
- [armhf] remoteproc: Add new get_loaded_rsc_table() to rproc_ops
- [armhf] remoteproc: stm32: Move resource table setup to rproc_ops
- [armhf] remoteproc: stm32: use correct format strings on 64-bit
- [armhf] remoteproc: stm32: Fix incorrect type in assignment for va
- [armhf] remoteproc: stm32: Fix incorrect type assignment returned by
stm32_rproc_get_loaded_rsc_tablef
- tty: vt: fix 20 vs 0x20 typo in EScsiignore
- serial: max310x: fix syntax error in IRQ error message
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
- kconfig: fix infinite loop when expanding a macro at the end of file
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it
- serial: 8250_exar: Don't remove GPIO device on suspend
- staging: greybus: fix get_channel_from_mode() failure path
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
- io_uring: don't save/restore iowait state
- [s390x] vtime: fix average steal time calculation
- soc: fsl: dpio: fix kcalloc() argument order
- hsr: Fix uninit-value access in hsr_get_node()
- packet: annotate data-races around ignore_outgoing
- net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
- wireguard: receive: annotate data-race around receiving_counter.counter
- rds: introduce acquire/release ordering in acquire/release_in_xmit()
- hsr: Handle failures in module init
- net/bnx2x: Prevent access to a freed page in page_pool
- netfilter: nft_set_pipapo: release elements in clone only from destroy
path (CVE-2024-26809)
- scsi: fc: Update formal FPIN descriptor definitions
- netfilter: nf_tables: do not compare internal table flags on updates
- rcu: add a helper to report consolidated flavor QS
- bpf: report RCU QS in cpumap kthread
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
- regmap: Add missing map->bus check
- [armhf] remoteproc: stm32: fix phys_addr_t format string
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- amdkfd: use calloc instead of kzalloc to avoid integer overflow
(CVE-2024-26817)
- Documentation/hw-vuln: Update spectre doc
- [x86] cpu: Support AMD Automatic IBRS
- [x86] bugs: Use sysfs_emit()
- timers: Update kernel-doc for various functions
- timers: Use del_timer_sync() even on UP
- timers: Rename del_timer_sync() to timer_delete_sync()
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
(CVE-2023-47233)
- [armhf] dts: marvell: Fix maxium->maxim typo in brownstone dts
- [x86] drm/vmwgfx: stop using ttm_bo_create v2
- [x86] drm/vmwgfx: switch over to the new pin interface v2
- [x86] drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
- [x86] drm/vmwgfx: Fix some static checker warnings
- [x86] drm/vmwgfx: Fix possible null pointer derefence with invalid
contexts
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
(CVE-2024-24861)
- KVM: Always flush async #PF workqueue when vCPU is being destroyed
- [x86] crypto: qat - fix double free during reset
- [x86] crypto: qat - resolve race condition during AER recovery
- ext4: correct best extent lstart adjustment logic
- block: introduce zone_write_granularity limit
- block: Clear zone limits for a non-zoned stacked queue
- bounds: support non-power-of-two CONFIG_NR_CPUS
- fat: fix uninitialized field in nostale filehandles
- ubifs: Set page uptodate in the correct place
- ubi: Check for too small LEB size in VTBL code
- ubi: correct the calculation of fastmap size
- mtd: rawnand: meson: fix scrambling mode value in command macro
- PM: suspend: Set mem_sleep_current during kernel command line setup
- [powerpc*] fsl: Fix mfpmr build errors with newer binutils
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
- USB: serial: add device ID for VeriFone adapter
- USB: serial: cp210x: add ID for MGP Instruments PDS100
- USB: serial: option: add MeiG Smart SLM320 product
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
- PM: sleep: wakeirq: fix wake irq warning in system suspend
- mmc: tmio: avoid concurrent runs of mmc_request_done()
- fuse: fix root lookup with nonzero generation
- fuse: don't unhash root
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
- printk/console: Split out code that enables default console
- serial: Lock console when calling into driver before registration
- btrfs: fix off-by-one chunk length calculation at
contains_pending_extent()
- PCI: Drop pci_device_remove() test of pci_dev->driver
- PCI/PM: Drain runtime-idle callbacks before driver removal
- PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
- PCI: Cache PCIe Device Capabilities register
- PCI: Work around Intel I210 ROM BAR overlap defect
- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
- dm-raid: fix lockdep waring in "pers->hot_add_disk"
- mac802154: fix llsec key resources release in mac802154_llsec_key_del
- mm: swap: fix race between free_swap_and_cache() and swapoff()
- mmc: core: Fix switch on gp3 partition
- [armhf] drm/etnaviv: Restore some id values
- hwmon: (amc6821) add of_match table
- ext4: fix corruption during on-line resize
- nvmem: meson-efuse: fix function pointer type mismatch
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API
- [arm64,armhf] phy: tegra: xusb: Add API to retrieve the port number of phy
- usb: gadget: tegra-xudc: Use dev_err_probe()
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
- speakup: Fix 8bit characters from direct synth
- PCI/ERR: Clear AER status only when we control AER
- PCI/AER: Block runtime suspend when handling errors
- nfs: fix UAF in direct writes
- kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
- PCI: dwc: endpoint: Fix advertised resizable BAR size
- vfio/platform: Disable virqfds on cleanup
- ring-buffer: Fix waking up ring buffer readers
- ring-buffer: Do not set shortest_full when full target is hit
- ring-buffer: Fix resetting of shortest_full
- ring-buffer: Fix full_waiters_pending in poll
- [s390x] zcrypt: fix reference counting on zcrypt card objects
- drm/panel: do not return negative error codes from drm_panel_get_modes()
- [armhf] drm/exynos: do not return negative values from .get_modes()
- drm/imx/ipuv3: do not return negative values from .get_modes()
- drm/vc4: hdmi: do not return negative values from .get_modes()
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings
- nilfs2: prevent kernel bug at submit_bh_wbc()
- cpufreq: dt: always allocate zeroed cpumask
- [x86] CPU/AMD: Update the Zenbleed microcode revisions
- net: hns3: tracing: fix hclgevf trace event strings
- wireguard: netlink: check for dangling peer via is_dead instead of empty
list
- wireguard: netlink: access device through ctx instead of peer
- ahci: asm1064: correct count of reported ports
- ahci: asm1064: asm1166: don't limit reported ports
- drm/amd/display: Return the correct HDCP error code
- drm/amd/display: Fix noise issue on HDMI AV mute
- dm snapshot: fix lockup in dm_exception_table_exit
- vxge: remove unnecessary cast in kfree()
- [x86] stackprotector/32: Make the canary into a regular percpu variable
- [x86] pm: Work around false positive kmemleak report in
msr_build_context()
- scripts: kernel-doc: Fix syntax error due to undeclared args variable
(Closes: #1064035)
- comedi: comedi_test: Prevent timers rescheduling during deletion
- cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
return value"
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout (CVE-2024-26643)
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642)
- netfilter: nf_tables: reject constant set with timeout
- Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
memory
- xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
- [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
svm_register_enc_region()
- ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
ALC897 platform
- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
- usb: gadget: ncm: Fix handling of zero block length packets
- usb: port: Don't try to peer unused USB ports based on location
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
- mei: me: add arrow lake point S DID
- mei: me: add arrow lake point H DID
- vt: fix unicode buffer corruption when deleting characters
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
- tee: optee: Fix kernel panic caused by incorrect error handling
- xen/events: close evtchn after mapping cleanup (CVE-2024-26687)
- printk: Update @console_may_schedule in console_trylock_spinning()
- btrfs: allocate btrfs_ioctl_defrag_range_args on stack
- [x86] asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
- [x86] bugs: Add asm helpers for executing VERW
- [x86] entry_64: Add VERW just before userspace transition
- [x86] entry_32: Add VERW just before userspace transition
- [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
- [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
- [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
- [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
(CVE-2023-28746):
+ [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
+ Documentation/hw-vuln: Add documentation for RFDS
+ [x86] rfds: Mitigate Register File Data Sampling (RFDS)
+ [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
- perf/core: Fix reentry problem in perf_output_read_group()
- efivarfs: Request at most 512 bytes for variable names
- [powerpc*] xor_vmx: Add '-mhard-float' to CFLAGS
- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
(CVE-2023-52488)
- mm/memory-failure: fix an incorrect use of tail pages
- mm/migrate: set swap entry values of THP tail pages properly.
- init: open /initrd.image with O_LARGEFILE
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
- mmc: core: Initialize mmc_blk_ioc_data
- mmc: core: Avoid negative index with array access
- net: ll_temac: platform_get_resource replaced by wrong function
- usb: cdc-wdm: close race between read and workqueue
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
(CVE-2024-26654)
- scsi: core: Fix unremoved procfs host directory regression
- [arm*] staging: vc04_services: changen strncpy() to strscpy_pad()
- [arm*] staging: vc04_services: fix information leak in create_component()
- USB: core: Add hub_get() and hub_put() routines
- [arm*] usb: dwc2: host: Fix remote wakeup from hibernation
- [arm*] usb: dwc2: host: Fix hibernation flow
- [arm*] usb: dwc2: host: Fix ISOC flow in DDMA mode
- [arm*] usb: dwc2: gadget: LPM flow fix
- usb: udc: remove warning when queue disabled ep
- usb: typec: ucsi: Ack unsupported commands
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
- scsi: qla2xxx: Split FCE|EFT trace control
- scsi: qla2xxx: Fix command flush on cable pull
- scsi: qla2xxx: Delay I/O Abort on PCI error
- [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
- scsi: lpfc: Correct size for wqe for memset()
- USB: core: Fix deadlock in usb_deauthorize_interface()
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
- tcp: properly terminate timers for kernel sockets
- ACPICA: debugger: check status of acpi_evaluate_object() in
acpi_db_walk_for_fields()
- bpf: Protect against int overflow for stack access size
- dm integrity: fix out-of-range warning
- r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
- [x86] cpufeatures: Add new word for scattered features
- Bluetooth: hci_event: set the conn encrypted before conn establishes
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
CVE-2024-24858)
- netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
- net/rds: fix possible cp null dereference
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
- vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
- vfio: Introduce interface to flush virqfd inject workqueue
- vfio/pci: Create persistent INTx handler (CVE-2024-26812)
- vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
- vfio/fsl-mc: Block calling interrupt handler without trigger
(CVE-2024-26814)
- io_uring: ensure '0' is returned on file registration success
- Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
mapped."
- mm, vmscan: prevent infinite loop for costly GFP_NOIO |
__GFP_RETRY_MAYFAIL allocations
- [x86] srso: Add SRSO mitigation for Hygon processors (CVE-2023-52482)
- block: add check that partition length needs to be aligned with block size
(CVE-2023-52458)
- netfilter: nf_tables: reject new basechain after table flag update
- netfilter: nf_tables: flush pending destroy work before exit_net release
- netfilter: nf_tables: Fix potential data-race in
__nft_flowtable_type_get()
- netfilter: validate user input for expected length
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
- net/sched: act_skbmod: prevent kernel-infoleak
- net: stmmac: fix rx queue priority assignment
- erspan: make sure erspan_base_hdr is present in skb->head
- ipv6: Fix infinite recursion in fib6_dump_done().
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary
- i40e: fix i40e_count_filters() to count only active/new filters
- i40e: fix vf may be used uninitialized in this function warning
- scsi: qla2xxx: Update manufacturer details
- scsi: qla2xxx: Update manufacturer detail
- Revert "usb: phy: generic: Get the vbus supply"
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
- net: ravb: Always process TX descriptor ring
- [arm64] dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
- [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
- ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
- scsi: mylex: Fix sysfs buffer lengths
- ata: sata_mv: Fix PCI device ID table declaration compilation warning
- ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
microphone
- driver core: Introduce device_link_wait_removal()
- of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
- [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
- [s390x] entry: align system call table on 8 bytes
- [x86] bugs: Fix the SRSO mitigation on Zen3/4
- [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
for !SRSO
- mptcp: don't account accept() of non-MPC client as fallback to TCP
- [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
word
- objtool: Add asm version of STACK_FRAME_NON_STANDARD
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
- panic: Flush kernel log buffer at the end
- [arm64] dts: rockchip: fix rk3328 hdmi ports node
- [arm64] dts: rockchip: fix rk3399 hdmi ports node
- ionic: set adminq irq affinity
- pstore/zone: Add a null pointer check to the psz_kmsg_read
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
- btrfs: export: handle invalid inode or root reference in
btrfs_get_parent()
- btrfs: send: handle path ref underflow in header iterate_inode_ref()
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
- Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
- sysv: don't call sb_bread() with pointers_lock held
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
- isofs: handle CDs with bad root inode but good Joliet root directory
- media: sta2x11: fix irq handler cast
- ext4: add a hint for block bitmap corrupt state in mb_groups
- ext4: forbid commit inconsistent quota data when errors=remount-ro
- drm/amd/display: Fix nanosec stat overflow
- SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to
unsigned int
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
- libperf evlist: Avoid out-of-bounds access
- block: prevent division by zero in blk_rq_stat_sum()
- RDMA/cm: add timeout to cm_destroy_id wait
- Input: allocate keycode for Display refresh rate toggle
- [x86] platform/x86: touchscreen_dmi: Add an extra entry for a variant of
the Chuwi Vi8 tablet
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent
environment
- tools: iio: replace seekdir() in iio_generic_buffer
- usb: typec: tcpci: add generic tcpci fallback compatible
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
- drivers/nvme: Add quirks for device 126f:2262
- fbmon: prevent division by zero in fb_videomode_from_videomode()
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
(CVE-2024-26925)
- netfilter: nf_tables: discard table flag update with pending basechain
deletion
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
- virtio: reenable config if freezing device failed
- [x86] mm/pat: fix VM_PAT handling in COW mappings
- [x86] drm/i915/gt: Reset queue_priority_hint on parking
- Bluetooth: btintel: Fixe build regression
- [x86] VMCI: Fix possible memcpy() run-time warning in
vmci_datagram_invoke_guest_handler()
- kbuild: dummy-tools: adjust to stricter stackprotector check
- scsi: sd: Fix wrong zone_write_granularity value during revalidate
- [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
- [x86] head/64: Re-enable stack protection
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216
- batman-adv: Avoid infinite loop trying to resize local TT
- Bluetooth: Fix memory leak in hci_req_sync_complete()
- media: cec: core: remove length check of Timer Status
- nouveau: fix function cast warning
- net: openvswitch: fix unwanted error log on timeout policy probing
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one
file
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
- geneve: fix header validation in geneve[6]_xmit_skb
- ipv6: fib: hide unused 'pn' variable
- ipv4/route: avoid unused-but-set-variable warning
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
- Bluetooth: SCO: Fix not validating setsockopt user input
- netfilter: complete validation of user input
- net/mlx5: Properly link new fs rules into the tree
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
- af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
- net: ena: Fix potential sign extension issue
- net: ena: Wrong missing IO completions check order
- net: ena: Fix incorrect descriptor free behavior
- [amd64] iommu/vt-d: Allocate local memory for page request queue
- [arm64] mailbox: imx: fix suspend failue
- btrfs: qgroup: correctly model root qgroup rsv in convert
- drm/client: Fully protect modes[] with dev->mode_config.mutex
- vhost: Add smp_rmb() in vhost_vq_avail_empty()
- [x86] cpu: Actually turn off mitigations by default for
SPECULATION_MITIGATIONS=n
- [x86] apic: Force native_apic_mem_read() to use the MOV instruction
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
- btrfs: record delayed inode root in transaction
- kprobes: Fix possible use-after-free issue on kprobe registration
- Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
(CVE-2024-27020)
- netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
- tun: limit printing rate when illegal packet received by tun dev
(CVE-2024-27013)
- RDMA/rxe: Fix the problem "mutex_destroy missing"
- RDMA/cm: Print the old state when cm_destroy_id gets timeout
- RDMA/mlx5: Fix port number for counter query in multi-port configuration
- drm: nv04: Fix out of bounds access (CVE-2024-27008)
- drm/panel: visionox-rm69299: don't unregister DSI device
- clk: Remove prepare_lock hold assertion in __clk_release()
- clk: Mark 'all_lists' as const
- clk: remove extra empty line
- clk: Print an info line before disabling unused clocks
- clk: Initialize struct clk_core kref earlier
- clk: Get runtime PM before walking tree during disable_unused
(CVE-2024-27004)
- [x86] cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
- [arm*] binder: check offset alignment in binder_get_object()
(CVE-2024-26926)
- [x86] thunderbolt: Avoid notify PM core about runtime PM resume
- [x86] thunderbolt: Fix wake configurations after device unplug
- [x86] comedi: vmk80xx: fix incomplete endpoint checking (CVE-2024-27001)
- USB: serial: option: add Fibocom FM135-GL variants
- USB: serial: option: add support for Fibocom FM650/FG650
- USB: serial: option: add Lonsung U8300/U9300 product
- USB: serial: option: support Quectel EM060K sub-models
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
- USB: serial: option: add Telit FN920C04 rmnet compositions
- Revert "usb: cdc-wdm: close race between read and workqueue"
- usb: dwc2: host: Fix dereference issue in DDMA completion flow.
(CVE-2024-26997)
- usb: Disable USB3 LPM at shutdown
- mei: me: disable RPL-S on SPS and IGN firmwares
- speakup: Avoid crash on very long word (CVE-2024-26994)
- fs: sysfs: Fix reference leak in sysfs_break_active_protection()
(CVE-2024-26993)
- init/main.c: Fix potential static_command_line memory overflow
(CVE-2024-26988)
- drm/amdgpu: validate the parameters of bo mapping operations more clearly
(CVE-2024-26922)
- nouveau: fix instmem race condition around ptr stores (CVE-2024-26984)
- nilfs2: fix OOB in nilfs_set_de_type (CVE-2024-26981)
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one
- vxlan: drop packets from invalid src-address
- ipv4: check for NULL idev in ip_route_use_hint()
- net: usb: ax88179_178a: stop lying about skb->truesize
- net: gtp: Fix Use-After-Free in gtp_dellink
- ipvs: Fix checksumming on GSO of SCTP packets
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit
- netfilter: nf_tables: honor table dormant flag from netdev release event
path
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
- i40e: Report MFS in decimal base instead of hex
- iavf: Fix TC config comparison with existing adapter TC config
- net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
- af_unix: Suppress false-positive lockdep splat for spin_lock() in
__unix_gc().
- serial: core: Provide port lock wrappers
- Revert "crypto: api - Disallow identical driver names"
- net/mlx5e: Fix a race in command alloc flow
- tracing: Show size of requested perf buffer
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
together
- PM / devfreq: Fix buffer overflow in trans_stat_show (CVE-2023-52614)
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
- cpu: Re-enable CPU mitigations by default for !X86 architectures
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
- drm/amdgpu: Fix leak when GPU memory allocation fails
- irqchip/gic-v3-its: Prevent double free on error
- ethernet: Add helper for assigning packet type when dest address does not
match device address
- net: b44: set pause params only when interface is up
- stackdepot: respect __GFP_NOLOCKDEP allocation flag
- mtd: diskonchip: work around ubsan link failure
- tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
- [x86] idma64: Don't try to serve interrupts when device is powered off
- i2c: smbus: fix NULL function pointer dereference
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
- bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
- udp: preserve the connected status if only UDP cmsg
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
.
[ Salvatore Bonaccorso ]
* Bump ABI to 29
* [rt] Refresh "sched/vtime: Consolidate IRQ time accounting"
* [rt] Update to 5.10.215-rt107
* [rt] Refresh "u64_stats: Disable preemption on 32bit-UP/SMP with RT during
updates"
* drivers/tty: Disable N_GSM
* tipc: fix UAF in error path
* tipc: fix a possible memleak in tipc_buf_append
Checksums-Sha1:
82c10e6ecfeff5126409ef1f0f38862effaaf459 8609 linux-signed-amd64_5.10.216+1.dsc
474defa600d9be42074d87cfa01396eb3005dbab 2917980 linux-signed-amd64_5.10.216+1.tar.xz
Checksums-Sha256:
cd406d009e08d9a6f1fffa95dddff850abe7f948267613fb63b60aef44e3526c 8609 linux-signed-amd64_5.10.216+1.dsc
296d0a4c86096f9bbbaa1d6b1797e140bfe81d9e5a3b6c934c772ed9708035fa 2917980 linux-signed-amd64_5.10.216+1.tar.xz
Files:
c68c1b2de9ba3313c77c3ffe019fa17b 8609 kernel optional linux-signed-amd64_5.10.216+1.dsc
f7848629f58b9617a314fa8512b5f25d 2917980 kernel optional linux-signed-amd64_5.10.216+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmY1jCkACgkQi0FRiLdO
NzY77A//SgLO8LkO+rDSrzHTI2SnPM7mJYIW4S/O+NQyOyy6zL6iQZvIqUU9Oggb
WNh030J0O+wDw5Ue7d7VsrRIfqOs9H1osZfRizfixCXC+lN1CAt6kMbWn9rjO6+5
DexIpaZNSaDKhXCZd9qaSSTVexqSLKoTyQfrK4EMet3TyPppsFFWFBViJQNLMAXB
m4134RMxg7lCMksmCqDBBcEge3RZRKESTT1iZ6m80sXzXf805WdiNsuPorxeeyI4
88Z6yrb2O2NN6pth4+dD2QrE6rlrnocRKxwb0GYNYBKquNHj2ynoP5Ea9Gka0nlV
KyXmSaw9hwCNLRWxb4UuphyqNj77k58ElMsNdMDB91LvPUT9HsWpc++I8UOdw7tU
xJzyf964vP5vB77ir6T6uk6z3fm09PQSrPtJrIS0dYDT6TAelOD/fbu7rjo7Uv+A
u8pP/b2Qxh3Bcof68uQJuvcBpjHSwF1jKAJOsNypzFJi/tIIS2Ha8oZ5qcDul/jp
qskJHq8XXxGB+Q/XawBradOUFpUOJ+u2LKdbPZ6GaZd++PKbuKXWDzsbpxTTUHen
gkoA1Rd04bTm0ztNppFMr6TIlcBvBuMsQTOsMo/sJkvdHTLrMWwUeh4dQJcRdpQx
s+bnUt7Ie/ju2P+CIBetHp5a+MfG+Ee6+nQ4Fzq6sWAVs5SATGs=
=Ra5N
-----END PGP SIGNATURE-----
