[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted linux 5.10.120-1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports

Hash: SHA512

Format: 1.8
Date: Mon, 13 Jun 2022 22:46:49 +0200
Source: linux
Architecture: source
Version: 5.10.120-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 1006346 1007799 1008299
 linux (5.10.120-1~bpo10+1) buster-backports; urgency=high
   * Rebuild for buster-backports:
     - Change ABI number to 0.bpo.15
 linux (5.10.120-1) bullseye-security; urgency=high
   * New upstream stable update:
     - USB: quirks: add a Realtek card reader
     - USB: quirks: add STRING quirk for VCOM device
     - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
     - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
     - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
     - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
     - xhci: Enable runtime PM on second Alderlake controller
     - xhci: stop polling roothubs after shutdown
     - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
     - iio: dac: ad5592r: Fix the missing return value.
     - iio: dac: ad5446: Fix read_raw not returning set value
     - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
     - iio: imu: inv_icm42600: Fix I2C init possible nack
     - usb: misc: fix improper handling of refcount in uss720_probe()
     - [arm64,x86] usb: typec: ucsi: Fix reuse of completion structure
     - [arm64,x86] usb: typec: ucsi: Fix role swapping
     - usb: gadget: uvc: Fix crash when encoding data for usb request
     - usb: gadget: configfs: clear deactivation flag in
     - [arm64,armhf] usb: dwc3: Try usb-role-switch first in dwc3_drd_init
     - [arm64,armhf] usb: dwc3: core: Fix tx/rx threshold settings
     - [arm64,armhf] usb: dwc3: core: Only handle soft-reset in DCTL
     - [arm64,armhf] usb: dwc3: gadget: Return proper request status
     - [arm*] usb: phy: generic: Get the vbus supply
     - [arm64,armhf] serial: imx: fix overrun interrupts in DMA mode
     - serial: 8250: Also set sticky MCR bits in console restoration
     - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
     - [arm64,armhf] arch_topology: Do not set llc_sibling if llc_id is invalid
     - hex2bin: make the function hex_to_bin constant-time
     - hex2bin: fix access beyond string end
     - iocost: don't reset the inuse weight of under-weighted debtors
     - video: fbdev: udlfb: properly check endpoint type
     - iio:imu:bmi160: disable regulator in error path
     - USB: Fix xhci event ring dequeue pointer ERDP update issue
     - [armhf] phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
     - [armhf] phy: samsung: exynos5250-sata: fix missing device put in probe
       error paths
     - [armhf] OMAP2+: Fix refcount leak in omap_gic_of_init
     - [armhf] bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific
     - [armhf] phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
     - [armhf] dts: am3517-evm: Fix misc pinmuxing
     - [armhf] dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
     - ipvs: correctly print the memory size of ip_vs_conn_tab
     - [armhf] pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered
       IRQs in EOI
     - [arm64,armhf] net: dsa: Add missing of_node_put() in
     - netfilter: nft_set_rbtree: overlap detection with element re-addition
       after deletion
     - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
     - [arm64,armhf] pinctrl: rockchip: fix RK3308 pinmux bits
     - tcp: md5: incorrect tcp_header_len for incoming connections
     - [armhf] pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ
     - tcp: ensure to use the most recently sent skb when filling the rate sample
     - wireguard: device: check for metadata_dst with skb_valid_dst()
     - sctp: check asoc strreset_chunk in sctp_generate_reconf_event
     - [arm64] dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
     - [arm64] net: hns3: modify the return code of hclge_get_ring_chain_from_mbx
     - [arm64] net: hns3: add validity check for message data length
     - [arm64] net: hns3: add return value for mailbox handling in PF
     - net/smc: sync err code when tcp connection was refused
     - ip_gre: Make o_seqno start from 0 in native mode
     - ip6_gre: Make o_seqno start from 0 in native mode
     - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
     - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
     - tcp: make sure treq->af_specific is initialized
     - [arm64,armhf] bus: sunxi-rsb: Fix the return value of
     - [arm64,armhf] clk: sunxi: sun9i-mmc: check return value after calling
     - [arm64] net: bcmgenet: hide status block before TX timestamping
     - net: phy: marvell10g: fix return value on error
     - bnx2x: fix napi API usage sequence
     - [arm64,armhf] net: fec: add missing of_node_put() in
     - ixgbe: ensure IPsec VF<->PF compatibility
     - tcp: fix F-RTO may not work correctly when receiving DSACK
     - [x86] ASoC: Intel: soc-acpi: correct device endpoints for max98373
     - ext4: fix bug_on in start_this_handle during umount filesystem
     - [amd64] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
     - cifs: destage any unwritten data to the server before calling
     - [x86] drivers: net: hippi: Fix deadlock in rr_close()
     - zonefs: Fix management of open zones
     - zonefs: Clear inode information flags on inode creation
     - [x86] drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
     - [armhf] net: ethernet: stmmac: fix write to sgmii_adapter_base
     - [x86] thermal: int340x: Fix attr.show callback prototype
     - [x86] cpu: Load microcode during restore_processor_state()
     - tty: n_gsm: fix restart handling via CLD command
     - tty: n_gsm: fix decoupled mux resource
     - tty: n_gsm: fix mux cleanup after unregister tty device
     - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
     - tty: n_gsm: fix malformed counter for out of frame data
     - netfilter: nft_socket: only do sk lookups when indev is available
     - tty: n_gsm: fix insufficient txframe size
     - tty: n_gsm: fix wrong DLCI release order
     - tty: n_gsm: fix missing explicit ldisc flush
     - tty: n_gsm: fix wrong command retry handling
     - tty: n_gsm: fix wrong command frame length field encoding
     - tty: n_gsm: fix reset fifo race condition
     - tty: n_gsm: fix incorrect UA handling
     - tty: n_gsm: fix software flow control handling
     - [mips*] Fix CP0 counter erratum detection for R4k CPUs
     - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
     - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
     - [arm64] mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
     - mmc: core: Set HS clock speed before sending HS CMD13
     - gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
     - [x86] KVM: x86/svm: Account for family 17h event renumberings in
     - [amd64] iommu/vt-d: Calculate mask for non-aligned flushes
     - Revert "SUNRPC: attempt AF_LOCAL connect on setup"
     - firewire: fix potential uaf in outbound_phy_packet_callback()
     - firewire: remove check of list iterator against head past the loop body
     - firewire: core: extend card->lock in fw_core_handle_bus_reset
     - net: stmmac: disable Split Header (SPH) for Intel platforms
     - genirq: Synchronize interrupt thread startup
     - ASoC: da7219: Fix change notifications for tone generator frequency
     - [s390x] dasd: fix data corruption for ESE devices
     - [s390x] dasd: prevent double format of tracks for ESE devices
     - [s390x] dasd: Fix read for ESE with blksize < 4k
     - [s390x] dasd: Fix read inconsistency for ESE DASD devices
     - can: isotp: remove re-binding of bound socket
     - nfc: replace improper check device_is_registered() in netlink related
       functions (CVE-2022-1974)
     - NFC: netlink: fix sleep in atomic bug when firmware download timeout
     - [arm64,armhf] gpio: pca953x: fix irq_stat not updated when irq is disabled
       (irq_mask not set)
     - hwmon: (adt7470) Fix warning on module removal
     - [arm*] ASoC: dmaengine: Restore NULL prepare_slave_config() callback
     - net/mlx5e: Fix trust state reset in reload
     - net/mlx5e: Don't match double-vlan packets if cvlan is not set
     - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft
     - net/mlx5e: Fix the calling of update_buffer_lossy() API
     - net/mlx5: Avoid double clear or set of sync reset requested
     - NFSv4: Don't invalidate inode attributes on delegation return
     - [arm64,armhf] net: stmmac: dwmac-sun8i: add missing of_node_put() in
     - [armhf] net: cpsw: add missing of_node_put() in cpsw_probe_dt()
     - hinic: fix bug of wq out of bound access
     - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
     - bnxt_en: Fix unnecessary dropping of RX packets
     - [arm64,armhf] smsc911x: allow using IRQ0
     - btrfs: always log symlinks in full mode
     - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
     - [x86] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
       architectural PMU
     - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu
     - [x86] kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
     - [x86] KVM: x86: Do not change ICR on write to APIC_SELF_IPI
     - [x86] KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs
     - [x86] KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is
     - rcu: Fix callbacks processing time limit retaining cond_resched()
     - rcu: Apply callbacks processing time limit only on softirq
     - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
     - dm: interlock pending dm_io and dm_wait_for_bios_completion
     - [arm64] PCI: aardvark: Clear all MSIs at setup
     - [arm64] PCI: aardvark: Fix reading MSI interrupt number
     - mmc: rtsx: add 74 Clocks in power on flow
     - regulator: consumer: Add missing stubs to regulator/consumer.h
     - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
     - nfp: bpf: silence bitwise vs. logical OR warning
     - Bluetooth: Fix the creation of hdev->name
     - mm: fix missing cache flush for all tail pages of compound page
     - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
     - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
     - batman-adv: Don't skb_split skbuffs with frag_list
     - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
     - hwmon: (tmp401) Add OF device ID table
     - mac80211: Reset MBSSID parameters upon connection
     - net: Fix features skip in for_each_netdev_feature()
     - [arm64] net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in
       hardware when deleted
     - [arm64] net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
     - [arm64] net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
     - [arm64] net: mscc: ocelot: avoid corrupting hardware counters when moving
       VCAP filters
     - ipv4: drop dst in multicast routing path
     - drm/nouveau: Fix a potential theorical leak in
     - netlink: do not reset transport header in netlink_recvmsg()
     - sfc: Use swap() instead of open coding it
     - net: sfc: fix memory leak due to ptp channel
     - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
     - nfs: fix broken handling of the softreval mount option
     - dim: initialize all struct fields
     - [s390x] ctcm: fix variable dereferenced before check
     - [s390x] ctcm: fix potential memory leak
     - [s390x] lcs: fix variable dereferenced before check
     - net/sched: act_pedit: really ensure the skb is writable
     - [arm64] net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral
     - [armhf] net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
     - net/smc: non blocking recvmsg() return -EAGAIN when no data and
     - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
     - gfs2: Fix filesystem block deallocation for short writes
     - hwmon: (f71882fg) Fix negative temperature
     - ASoC: max98090: Reject invalid values in custom control put()
     - ASoC: max98090: Generate notifications on changes for custom control
     - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
     - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT
     - tcp: resalt the secret every 10 seconds (CVE-2022-1012)
     - firmware_loader: use kernel credentials when reading firmware
     - tty: n_gsm: fix mux activation issues in gsm_config()
     - usb: cdc-wdm: fix reading stuck on device close
     - USB: serial: pl2303: add device id for HP LM930 Display
     - USB: serial: qcserial: add support for Sierra Wireless EM7590
     - USB: serial: option: add Fibocom L610 modem
     - USB: serial: option: add Fibocom MA510 modem
     - ceph: fix setting of xattrs on async created inodes
     - drm/nouveau/tegra: Stop using iommu_present()
     - i40e: i40e_main: fix a missing check on list iterator
     - [amd64,arm64] net: atlantic: always deep reset on pm op, fixing up my null
       deref regression
     - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
     - [x86] drm/vmwgfx: Initialize drm_mode_fb_cmd2
     - SUNRPC: Clean up scheduling of autoclose
     - SUNRPC: Prevent immediate close+reconnect
     - SUNRPC: Don't call connect() more than once on a TCP socket
     - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
     - net: phy: Fix race condition on link status change
     - [arm*] arm[64]/memremap: don't abuse pfn_valid() to ensure presence of
       linear map
     - ping: fix address binding wrt vrf
     - usb: gadget: uvc: rename function to be more consistent
     - usb: gadget: uvc: allow for application to cleanly shutdown
     - io_uring: always use original task when preparing req identity
     - io_uring: always grab file table for deferred statx
     - floppy: use a statically allocated error counter
     - [x86] Revert "drm/i915/opregion: check port number bounds for SWSCI
       display power state"
     - igc: Remove _I_PHY_ID checking
     - igc: Remove phy->type checking
     - igc: Update I226_K device ID
     - rtc: fix use-after-free on device removal
     - [arm64] rtc: pcf2127: fix bug when reading alarm registers
     - Input: add bounds checking to input_set_capability()
     - nvme-pci: add quirks for Samsung X5 SSDs
     - gfs2: Disable page faults during lockless buffered reads
     - [arm64,armhf] rtc: sun6i: Fix time overflow handling
     - [armhf] crypto: stm32 - fix reference leak in stm32_crc_remove
     - [amd64] crypto: x86/chacha20 - Avoid spurious jumps to other functions
     - ALSA: hda/realtek: Enable headset mic on Lenovo P360
     - [s390x] pci: improve zpci_dev reference counting
     - nvme-multipath: fix hang when disk goes live over reconnect
     - rtc: mc146818-lib: Fix the AltCentury for AMD platforms
     - fs: fix an infinite loop in iomap_fiemap
     - drbd: remove usage of list iterator variable after loop
     - [arm64] platform/chrome: cros_ec_debugfs: detach log reader wq from devm
     - [armel,armhf] 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in
     - nilfs2: fix lockdep warnings in page operations for btree nodes
     - nilfs2: fix lockdep warnings during disk space reclamation
     - Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
     - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
     - ALSA: usb-audio: Restore Rane SL-1 quirk
     - [i386] ALSA: wavefront: Proper check of get_user() error
     - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
     - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729)
     - selinux: fix bad cleanup on error in hashtab_duplicate()
     - Fix double fget() in vhost_net_set_backend()
     - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
     - [x86] KVM: x86/mmu: Update number of zapped pages even if page list is
     - [arm64] paravirt: Use RCU read locks to guard stolen_time
     - [arm64] mte: Ensure the cleared tags are visible before setting the PTE
     - [arm64] crypto: qcom-rng - fix infinite loop on requests not multiple of
     - libceph: fix potential use-after-free on linger ping and resends
     - drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
     - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
     - [armhf] pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
     - [arm64] net: macb: Increment rx bd head after allocating skb and buffer
     - net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
     - xfrm: Add possibility to set the default to block if we have no policy
     - net: xfrm: fix shift-out-of-bounce
     - xfrm: make user policy API complete
     - xfrm: notify default policy on update
     - xfrm: fix dflt policy check when there is no policy configured
     - xfrm: rework default policy structure
     - xfrm: fix "disable_policy" flag use when arriving from different devices
     - net/sched: act_pedit: sanitize shift argument before usage
     - [x86] net: vmxnet3: fix possible use-after-free bugs in
     - [x86] net: vmxnet3: fix possible NULL pointer dereference in
     - ice: fix possible under reporting of ethtool Tx and Rx statistics
     - net/qla3xxx: Fix a test in ql_reset_work()
     - net/mlx5e: Properly block LRO when XDP is enabled
     - net: af_key: add check for pfkey_broadcast in function pfkey_process
     - [armhf] 9196/1: spectre-bhb: enable for Cortex-A15
     - [armel,armhf] 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
     - igb: skip phy status check where unavailable
     - net: bridge: Clear offload_fwd_mark when passing frame up bridge
     - [arm*] gpio: mvebu/pwm: Refuse requests with inverted polarity
     - scsi: qla2xxx: Fix missed DMA unmap for aborted commands
     - mac80211: fix rx reordering with non explicit / psmp ack policy
     - nl80211: validate S1G channel width
     - nl80211: fix locking in nl80211_set_tx_bitrate_mask()
     - ethernet: tulip: fix missing pci_disable_device() on error in
     - [amd64,arm64] net: atlantic: fix "frag[0] not initialized"
     - [amd64,arm64] net: atlantic: reduce scope of is_rsc_complete
     - [amd64,arm64] net: atlantic: add check for MAX_SKB_FRAGS
     - [amd64,arm64] net: atlantic: verify hw_head_ lies within TX buffer ring
     - [arm64] Enable repeat tlbi workaround on KRYO4XX gold CPUs
     - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
     - afs: Fix afs_getattr() to refetch file status if callback break occurred
     - include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
     - lockdown: also lock down previous kgdb use (CVE-2022-21499)
     - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
     - [x86] KVM: x86: Properly handle APF vs disabled LAPIC situation
     - [x86] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
     - tcp: change source port randomizarion at connect() time
     - secure_seq: use the 64 bits of the siphash for port offset calculation
     - ACPI: sysfs: Make sparse happy about address space in use
     - ACPI: sysfs: Fix BERT error region memory mapping
     - random: avoid arch_get_random_seed_long() when collecting IRQ randomness
     - random: remove dead code left over from blocking pool
     - MAINTAINERS: co-maintain random.c
     - MAINTAINERS: add git tree for random.c
     - crypto: lib/blake2s - Move selftest prototype into header file
     - crypto: blake2s - define shash_alg structs using macros
     - [amd64] crypto: x86/blake2s - define shash_alg structs using macros
     - crypto: blake2s - remove unneeded includes
     - crypto: blake2s - move update and final logic to internal/blake2s.h
     - crypto: blake2s - share the "shash" API boilerplate code
     - crypto: blake2s - optimize blake2s initialization
     - crypto: blake2s - add comment for blake2s_state fields
     - crypto: blake2s - adjust include guard naming
     - crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
     - lib/crypto: blake2s: include as built-in
     - lib/crypto: blake2s: move hmac construction into wireguard
     - lib/crypto: sha1: re-roll loops to reduce code size
     - lib/crypto: blake2s: avoid indirect calls to compression function for
       Clang CFI
     - random: document add_hwgenerator_randomness() with other input functions
     - random: remove unused irq_flags argument from add_interrupt_randomness()
     - random: use BLAKE2s instead of SHA1 in extraction
     - random: do not sign extend bytes for rotation when mixing
     - random: do not re-init if crng_reseed completes before primary init
     - random: mix bootloader randomness into pool
     - random: harmonize "crng init done" messages
     - random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
     - random: early initialization of ChaCha constants
     - random: avoid superfluous call to RDRAND in CRNG extraction
     - random: don't reset crng_init_cnt on urandom_read()
     - random: fix typo in comments
     - random: cleanup poolinfo abstraction
     - random: cleanup integer types
     - random: remove incomplete last_data logic
     - random: remove unused extract_entropy() reserved argument
     - random: rather than entropy_store abstraction, use global
     - random: remove unused OUTPUT_POOL constants
     - random: de-duplicate INPUT_POOL constants
     - random: prepend remaining pool constants with POOL_
     - random: cleanup fractional entropy shift constants
     - random: access input_pool_data directly rather than through pointer
     - random: selectively clang-format where it makes sense
     - random: simplify arithmetic function flow in account()
     - random: continually use hwgenerator randomness
     - random: access primary_pool directly rather than through pointer
     - random: only call crng_finalize_init() for primary_crng
     - random: use computational hash for entropy extraction
     - random: simplify entropy debiting
     - random: use linear min-entropy accumulation crediting
     - random: always wake up entropy writers after extraction
     - random: make credit_entropy_bits() always safe
     - random: remove use_input_pool parameter from crng_reseed()
     - random: remove batched entropy locking
     - random: fix locking in crng_fast_load()
     - random: use RDSEED instead of RDRAND in entropy extraction
     - random: get rid of secondary crngs
     - random: inline leaves of rand_initialize()
     - random: ensure early RDSEED goes through mixer on init
     - random: do not xor RDRAND when writing into /dev/random
     - random: absorb fast pool into input pool after fast load
     - random: use simpler fast key erasure flow on per-cpu keys
     - random: use hash function for crng_slow_load()
     - random: make more consistent use of integer types
     - random: remove outdated INT_MAX >> 6 check in urandom_read()
     - random: zero buffer after reading entropy from userspace
     - random: fix locking for crng_init in crng_reseed()
     - random: tie batched entropy generation to base_crng generation
     - random: remove ifdef'd out interrupt bench
     - random: remove unused tracepoints
     - random: add proper SPDX header
     - random: deobfuscate irq u32/u64 contributions
     - random: introduce drain_entropy() helper to declutter crng_reseed()
     - random: remove useless header comment
     - random: remove whitespace and reorder includes
     - random: group initialization wait functions
     - random: group crng functions
     - random: group entropy extraction functions
     - random: group entropy collection functions
     - random: group userspace read/write functions
     - random: group sysctl functions
     - random: rewrite header introductory comment
     - random: defer fast pool mixing to worker
     - random: do not take pool spinlock at boot
     - random: unify early init crng load accounting
     - random: check for crng_init == 0 in add_device_randomness()
     - random: pull add_hwgenerator_randomness() declaration into random.h
     - random: clear fast pool, crng, and batches in cpuhp bring up
     - random: round-robin registers as ulong, not u32
     - random: only wake up writers after zap if threshold was passed
     - random: cleanup UUID handling
     - random: unify cycles_t and jiffies usage and types
     - random: do crng pre-init loading in worker rather than irq
     - random: give sysctl_random_min_urandom_seed a more sensible value
     - random: don't let 644 read-only sysctls be written to
     - random: replace custom notifier chain with standard one
     - random: use SipHash as interrupt entropy accumulator
     - random: make consistent usage of crng_ready()
     - random: reseed more often immediately after booting
     - random: check for signal and try earlier when generating entropy
     - random: skip fast_init if hwrng provides large chunk of entropy
     - random: treat bootloader trust toggle the same way as cpu trust toggle
     - random: re-add removed comment about get_random_{u32,u64} reseeding
     - random: mix build-time latent entropy into pool at init
     - random: do not split fast init input in add_hwgenerator_randomness()
     - random: do not allow user to keep crng key around on stack
     - random: check for signal_pending() outside of need_resched() check
     - random: check for signals every PAGE_SIZE chunk of /dev/[u]random
     - random: allow partial reads if later user copies fail
     - random: make random_get_entropy() return an unsigned long
     - random: document crng_fast_key_erasure() destination possibility
     - random: fix sysctl documentation nits
     - init: call time_init() before rand_initialize()
     - [s390x] define get_cycles macro for arch-override
     - [powerpc*] define get_cycles macro for arch-override
     - timekeeping: Add raw clock fallback for random_get_entropy()
     - [mips*] use fallback for random_get_entropy() instead of just c0 random
     - [arm*] use fallback for random_get_entropy() instead of zero
     - [x86] tsc: Use fallback for random_get_entropy() instead of zero
     - random: insist on random_get_entropy() existing in order to simplify
     - random: do not use batches when !crng_ready()
     - random: use first 128 bits of input as fast init
     - random: do not pretend to handle premature next security model
     - random: order timer entropy functions below interrupt functions
     - random: do not use input pool from hard IRQs
     - random: help compiler out with fast_mix() by using simpler arguments
     - siphash: use one source of truth for siphash permutations
     - random: use symbolic constants for crng_init states
     - random: avoid initializing twice in credit race
     - random: move initialization out of reseeding hot path
     - random: remove ratelimiting for in-kernel unseeded randomness
     - random: use proper jiffies comparison macro
     - random: handle latent entropy and command line from random_init()
     - random: credit architectural init the exact amount
     - random: use static branch for crng_ready()
     - random: remove extern from functions in header
     - random: use proper return types on get_random_{int,long}_wait()
     - random: make consistent use of buf and len
     - random: move initialization functions out of hot pages
     - random: move randomize_page() into mm where it belongs
     - random: unify batched entropy implementations
     - random: convert to using fops->read_iter()
     - random: convert to using fops->write_iter()
     - random: wire up fops->splice_{read,write}_iter()
     - random: check for signals after page of pool writes
     - ALSA: ctxfi: Add SB046x PCI ID
     - percpu_ref_init(): clean ->percpu_count_ref on failure
     - net: af_key: check encryption module availability consistency
     - nfc: pn533: Fix buggy cleanup order
     - [armhf] net: ftgmac100: Disable hardware checksum on AST2600
     - [x86] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
     - [arm64] drivers: i2c: thunderx: Allow driver to work with ACPI defined
       TWSI controllers
     - netfilter: nf_tables: disallow non-stateful expression in sets earlier
     - pipe: make poll_usage boolean and annotate its access
     - pipe: Fix missing lock in pipe_resize_ring() (ZDI-CAN-17291)
     - cfg80211: set custom regdomain after wiphy registration
     - assoc_array: Fix BUG_ON during garbage collect
     - io_uring: don't re-import iovecs from callbacks
     - io_uring: fix using under-expanded iters
     - xfs: detect overflows in bmbt records
     - xfs: show the proper user quota options
     - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
     - xfs: fix an ABBA deadlock in xfs_rename
     - xfs: Fix CIL throttle hang when CIL space used going backwards
     - exfat: check if cluster num is valid
     - crypto: drbg - prepare for more fine-grained tracking of seeding state
     - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
     - crypto: drbg - move dynamic ->reseed_threshold adjustments to
     - crypto: drbg - make reseeding from get_random_bytes() synchronous
     - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (CVE-2022-1972)
     - netfilter: conntrack: re-fetch conntrack after insertion
     - [x86] kvm: Alloc dummy async #PF token outside of raw spinlock
     - [x86] kvm: use correct GFP flags for preemption disabled
     - [x86] KVM: x86: avoid calling x86 emulator without a decoded instruction
     - [arm64] crypto: caam - fix i.MX6SX entropy delay value
     - crypto: ecrdsa - Fix incorrect use of vli_cmp
     - zsmalloc: fix races between asynchronous zspage free and page migration
     - Bluetooth: hci_qca: Use del_timer_sync() before freeing
     - dm integrity: fix error code in dm_integrity_ctr()
     - dm crypt: make printing of the key constant-time
     - dm stats: add cond_resched when looping over entries
     - dm verity: set DM_TARGET_IMMUTABLE feature flag
     - raid5: introduce MD_BROKEN
     - HID: multitouch: Add support for Google Whiskers Touchpad
     - HID: multitouch: add quirks to enable Lenovo X12 trackpoint
     - tpm: Fix buffer access in tpm2_get_tpm_pt()
     - docs: submitting-patches: Fix crossref to 'The canonical patch format'
     - NFS: Memory allocation failures are not server fatal errors
     - NFSD: Fix possible sleep during nfsd4_release_lockowner()
     - bpf: Fix potential array overflow in bpf_trampoline_get_progs()
     - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
   [ Salvatore Bonaccorso ]
   * [rt] Update to 5.10.115-rt67
   * Bump ABI to 15
   * [rt] Drop "random: Make it work on rt"
   [ Mateusz Łukasik ]
   * [armhf] drivers/thermal: Enable SUN8I_THERMAL as module (Closes: #1007799)
 linux (5.10.113-1) bullseye-security; urgency=high
   * New upstream stable update:
     - Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
       (Closes: #1008299)
     - xfrm: Check if_id in xfrm_migrate
     - xfrm: Fix xfrm migrate issues when address family changes
     - mac80211: refuse aggregations sessions before authorized
     - [mips64el,mipsel] smp: fill in sibling and core maps earlier
     - [x86] atm: firestream: check the return value of ioremap() in fs_init()
     - iwlwifi: don't advertise TWT support
     - drm/vrr: Set VRR capable prop only if it is attached to connector
     - nl80211: Update bss channel on channel switch for P2P_CLIENT
     - sfc: extend the locking on mcdi->seqno
     - [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled
     - ocfs2: fix crash when initialize filecheck kobj fails
     - mm: swap: get rid of livelock in swapin readahead
     - efi: fix return value of __setup handlers
     - vsock: each transport cycles only on its own sockets
     - esp6: fix check on ipv6_skip_exthdr's return value
     - net: phy: marvell: Fix invalid comparison in the resume and suspend
     - net/packet: fix slab-out-of-bounds access in packet_recvmsg()
     - atm: eni: Add check for dma_map_single
     - [x86] hv_netvsc: Add check for kvmalloc_array
     - [armhf] drm/imx: parallel-display: Remove bus flags check in
     - [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
     - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
     - [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of
     - net: phy: mscc: Add MODULE_FIRMWARE macros
     - bnx2x: fix built-in kernel driver load failure
     - [arm64] net: bcmgenet: skip invalid partial checksums
     - [arm64] net: mscc: ocelot: fix backwards compatibility with single-chain
       tc-flower offload
     - usb: gadget: rndis: prevent integer overflow in rndis_set_response()
     - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
     - usb: usbtmc: Fix bug in pipe direction for control transfers
     - scsi: mpt3sas: Page fault in reply q processing
     - Input: aiptek - properly check endpoint type
     - perf symbols: Fix symbol size calculation condition
     - net: usb: Correct PHY handling of smsc95xx
     - net: usb: Correct reset handling of smsc95xx
     - smsc95xx: Ignore -ENODEV errors when device is unplugged
     - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666)
     - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
     - net: ipv6: fix skb_over_panic in __ip6_append_data
     - exfat: avoid incorrectly releasing for root inode
     - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
     - cgroup: Use open-time cgroup namespace for process migration perm checks
     - cgroup-v1: Correct privileges check in release_agent writes
     - tpm: Fix error handling in async work
     - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356)
     - ALSA: oss: Fix PCM OSS buffer allocation overflow
     - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
     - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
     - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
     - ALSA: hda/realtek: Add quirk for ASUS GA402
     - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
     - ALSA: pcm: Fix races among concurrent read/write and buffer changes
     - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
     - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048)
     - ALSA: pcm: Add stream lock during PCM reset ioctl operations
     - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
     - ALSA: cmipci: Restore aux vol on suspend/resume
     - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
     - [arm64] drivers: net: xgene: Fix regression in CRC stripping
     - netfilter: nf_tables: initialize registers in nft_do_chain()
     - [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
     - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
     - [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
     - [x86] crypto: qat - disable registration of algorithms
     - Revert "ath: add support for special 0x0 regulatory domain"
     - rcu: Don't deboost before reporting expedited quiescent state
     - mac80211: fix potential double free on mesh join
     - tpm: use try_get_ops() in tpm-space.c
     - [arm64] wcn36xx: Differentiate wcn3660 from wcn3620
     - llc: only change llc->dev when bind() succeeds
     - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854)
     - USB: serial: pl2303: add IBM device IDs
     - USB: serial: simple: add Nokia phone driver
     - netdevice: add the case if dev is NULL
     - HID: logitech-dj: add new lightspeed receiver id
     - xfrm: fix tunnel model fragmentation behavior
     - virtio_console: break out of buf poll on remove
     - ethernet: sun: Free the coherent when failing in probing
     - gpio: Revert regression in sysfs-gpio (gpiolib.c)
     - spi: Fix invalid sgs value
     - Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
     - spi: Fix erroneous sgs value with min_t()
     - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
       pfkey_register (CVE-2022-1353)
     - [arm*] iommu/iova: Improve 32-bit free space estimate
     - tpm: fix reference counting for struct tpm_chip
     - virtio-blk: Use blk_validate_block_size() to validate block size
     - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
     - xhci: fix garbage USBSTS being logged in some cases
     - xhci: fix runtime PM imbalance in USB2 resume
     - xhci: make xhci_handshake timeout for xhci_reset() adjustable
     - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
     - [x86] mei: me: add Alder Lake N device id.
     - [x86] mei: avoid iterator usage outside of list_for_each_entry
     - iio: inkern: apply consumer scale on IIO_VAL_INT cases
     - iio: inkern: apply consumer scale when no channel scale is available
     - iio: inkern: make a best effort on offset calculation
     - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
     - KEYS: fix length validation in keyctl_pkey_params_get_2()
     - Documentation: add link to stable release candidate tree
     - Documentation: update stable tree link
     - firmware: stratix10-svc: add missing callback parameter on RSU
     - SUNRPC: avoid race between mod_timer() and del_timer_sync()
     - NFSD: prevent underflow in nfssvc_decode_writeargs()
     - NFSD: prevent integer overflow on 32 bit systems
     - f2fs: fix to unlock page correctly in error path of is_alive()
     - f2fs: quota: fix loop condition at f2fs_quota_sync()
     - f2fs: fix to do sanity check on .cp_pack_total_block_count
     - [armhf] remoteproc: Fix count check in rproc_coredump_write()
     - [armhf] pinctrl: samsung: drop pin banks references on error paths
     - mtd: rawnand: protect access to rawnand devices while in suspend
     - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
       path (CVE-2022-28390)
     - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
     - jffs2: fix memory leak in jffs2_do_mount_fs
     - jffs2: fix memory leak in jffs2_scan_medium
     - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
     - mm: invalidate hwpoison page cache page in fault path
     - mempolicy: mbind_range() set_policy() after vma_merge()
     - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
     - qed: display VF trust config
     - qed: validate and restrict untrusted VFs vlan promisc mode
     - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
     - cifs: prevent bad output lengths in smb2_ioctl_query_info()
     - cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
     - [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator
     - ALSA: hda: Avoid unsol event during RPM suspending
     - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
     - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
     - mm: madvise: skip unmapped vma holes passed to process_madvise
     - mm: madvise: return correct bytes advised with process_madvise
     - Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
     - mm,hwpoison: unmap poisoned page before invalidation
     - dm integrity: set journal entry unused when shrinking device
     - drbd: fix potential silent data corruption
     - can: isotp: sanitize CAN ID checks in isotp_bind()
     - [powerpc*] kvm: Fix kvm_use_magic_page
     - udp: call udp_encap_enable for v6 sockets when enabling encap
     - [arm64] signal: nofpsimd: Do not allocate fp/simd context when not
     - ACPI: properties: Consistently return -ENOENT if there are no more
     - coredump: Also dump first pages of non-executable ELF libraries
     - ext4: fix ext4_fc_stats trace point
     - ext4: fix fs corruption when tring to remove a non-empty directory with IO
     - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
     - block: limit request dispatch loop duration
     - block: don't merge across cgroup boundaries if blkcg is enabled
     - drm/edid: check basic audio support on CEA extension block
     - [armhf] dts: exynos: add missing HDMI supplies on SMDK5250
     - [armhf] dts: exynos: add missing HDMI supplies on SMDK5420
     - [x86] mgag200 fix memmapsl configuration in GCTL6 register
     - carl9170: fix missing bit-wise or operator for tx_params
     - pstore: Don't use semaphores in always-atomic-context code
     - [x86] thermal: int340x: Increase bitmap size
     - exec: Force single empty string when argv is empty
     - crypto: rsa-pkcs1pad - only allow with rsa
     - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
     - crypto: rsa-pkcs1pad - restore signature length check
     - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
     - bcache: fixup multiple threads crash
     - DEC: Limit PMAX memory probing to R3k systems
     - brcmfmac: firmware: Allocate space for default boardrev in nvram
     - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
     - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
     - brcmfmac: pcie: Fix crashes due to early IRQs
     - [x86] drm/i915/opregion: check port number bounds for SWSCI display power
     - [x86] drm/i915/gem: add missing boundary check in vm_access
     - PCI: pciehp: Clear cmd_busy bit in polling mode
     - [arm64] PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
     - [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings
     - selinux: check return value of sel_make_avc_files
     - [arm64] hwrng: cavium - Check health status while reading random data
     - [arm64] hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
     - crypto: authenc - Fix sleep in atomic context in decrypt_tail
     - [x86] thermal: int340x: Check for NULL after calling kmemdup()
     - [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe
     - [arm64] mm: avoid fixmap race condition when create pud mapping
     - audit: log AUDIT_TIME_* records only from rules
     - spi: pxa2xx-pci: Balance reference count for PCI DMA device
     - [armhf] hwmon: (pmbus) Add mutex to regulator ops
     - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
     - nvme: cleanup __nvme_check_ids
     - block: don't delete queue kobject before its children
     - PM: hibernate: fix __setup handler error handling
     - PM: suspend: fix return value of __setup handler
     - [arm64] crypto: sun8i-ce - call finalize with bh disabled
     - [arm64,armhf] crypto: amlogic - call finalize with bh disabled
     - [armhf] clocksource/drivers/timer-ti-dm: Fix regression from errata i940
     - [armhf] clocksource/drivers/exynos_mct: Refactor resources allocation
     - [armhf] clocksource/drivers/exynos_mct: Handle DTS with higher number of
     - clocksource/drivers/timer-of: Check return value of of_iomap in
     - ACPI: APEI: fix return value of __setup handlers
     - [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels
     - [arm*] amba: Make the remove callback return void
     - [armhf] hwmon: (pmbus) Add Vin unit off handling
     - [x86] clocksource: acpi_pm: fix return value of __setup handler
     - io_uring: terminate manual loop iterator loop correctly for non-vecs
     - watch_queue: Fix NULL dereference in error cleanup
     - watch_queue: Actually free the watch
     - f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
     - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
     - sched/core: Export pelt_thermal_tp
     - rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
     - rseq: Remove broken uapi field layout on 32-bit little endian
     - perf/core: Fix address filter parser for multiple filters
     - [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel
     - f2fs: fix missing free nid in f2fs_handle_failed_inode
     - nfsd: more robust allocation failure handling in nfsd_file_cache_init
     - f2fs: fix to avoid potential deadlock
     - btrfs: fix unexpected error path when reflinking an inline extent
     - f2fs: compress: remove unneeded read when rewrite whole cluster
     - f2fs: fix compressed file start atomic write may cause data corruption
     - [arm64,armhf] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP
       buffers across ioctls
     - media: bttv: fix WARNING regression on tunerless devices
     - [arm*] ASoC: generic: simple-card-utils: remove useless assignment
     - [armhf] media: coda: Fix missing put_device() call in coda_get_vdoa_data
     - [armhf] media: aspeed: Correct value for h-total-pixels
     - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
       avoid black screen
     - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
     - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
     - [arm64] firmware: qcom: scm: Remove reassignment to desc following
     - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is
       not defined
     - [armhf] dts: imx: Add missing LVDS decoder on M53Menlo
     - media: em28xx: initialize refcount before kref_get
     - media: usb: go7007: s2250-board: fix leak in probe()
     - [arm64,armhf] media: cedrus: H265: Fix neighbour info buffer size
     - [arm64,armhf] media: cedrus: h264: Fix neighbour info buffer size
     - [x86] ASoC: rt5663: check the return value of devm_kzalloc() in
     - printk: fix return value of printk.devkmsg __setup handler
     - [x86] ASoC: soc-compress: prevent the potentially use of null pointer
     - [armhf] memory: emif: Add check for setup_interrupts
     - [armhf] memory: emif: check the pointer temp in get_device_details()
     - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
     - [arm64] dts: rockchip: Fix SDIO regulator supply properties on
     - media: stk1160: If start stream fails, return buffers with
     - media: saa7134: convert list_for_each to entry variant
     - media: saa7134: fix incorrect use to determine if list is empty
     - ivtv: fix incorrect device_caps for ivtvfb
     - [arm64,armhf] ASoC: rockchip: i2s: Use
     - [arm64,armhf] ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in
     - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
     - [armhf] ASoC: fsl_spdif: Disable TX clock when stop
     - [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
     - [arm64] drm/meson: osd_afbcd: Add an exit callback to struct
     - [arm64,armhf] drm/bridge: Add missing pm_runtime_disable() in
     - [arm64] drm: bridge: adv7511: Fix ADV7535 HPD enablement
     - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
     - [arm64,armhf] drm/panfrost: Check for error num after setting mask
     - Bluetooth: hci_serdev: call init_rwsem() before p->open()
     - [armhf] mtd: rawnand: gpmi: fix controller timings setting
     - drm/edid: Don't clear formats if using deep color
     - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
     - drm/amd/display: Fix a NULL pointer dereference in
     - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
     - ath9k_htc: fix uninit value bugs
     - RDMA/core: Set MR type in ib_reg_user_mr
     - [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation
     - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
     - i40e: respect metadata on XSK Rx to skb
     - [x86] ray_cs: Check ioremap return value
     - [powerpc*] KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
     - [powerpc*] perf: Don't use perf_hw_context for trace IMC PMU
     - [arm64,armhf] net: dsa: mv88e6xxx: Enable port policy support on 6097
     - [arm64] PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
     - [arm64,armhf] drm/bridge: dw-hdmi: use safe format when first in bridge
     - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
     - drm/amd/pm: enable pm sysfs write for one VF mode
     - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
     - IB/cma: Allow XRC INI QPs to set their local ACK timeout
     - dax: make sure inodes are flushed before destroy cache
     - iwlwifi: Fix -EIO error code that is never returned
     - iwlwifi: mvm: Fix an error code in iwl_mvm_up()
     - [arm64] drm/msm/dp: populate connector of struct dp_panel
     - [arm64] drm/msm/dpu: add DSPP blocks teardown
     - [arm64] drm/msm/dpu: fix dp audio condition
     - scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
     - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
     - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
     - scsi: pm8001: Fix le32 values handling in
     - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
     - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
     - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
     - scsi: pm8001: Fix NCQ NON DATA command task initialization
     - scsi: pm8001: Fix NCQ NON DATA command completion handling
     - scsi: pm8001: Fix abort all task initialization
     - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
     - drm/amd/display: Remove vupdate_int_entry definition
     - TOMOYO: fix __setup handlers return values
     - [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
     - [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong
       false return
     - [arm64] scsi: hisi_sas: Change permission of parameter prot_mask
     - [arm64] bpf, arm64: Call build_prologue() first in first JIT pass
     - [arm64] bpf, arm64: Feed byte-offset into bpf line info
     - [arm64,armhf] gpu: host1x: Fix a memory leak in 'host1x_remove()'
     - [powerpc*] mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
     - [x86] KVM: x86: Fix emulation in writing cr8
     - [x86] KVM: x86/emulator: Defer not-present segment check in
     - [x86] hv_balloon: rate-limit "Unhandled message" warning
     - [amd64] IB/hfi1: Allow larger MTU without AIP
     - PCI: Reduce warnings on possible RW1C corruption
     - [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request
     - [x86] platform/x86: huawei-wmi: check the return value of
     - vxcan: enable local echo for sent CAN frames
     - ath10k: Fix error handling in ath10k_setup_msa_resources
     - [mips*] pgalloc: fix memory leak caused by pgd_free()
     - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
     - bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
     - bpf, sockmap: Fix more uncharged while msg has more_data
     - bpf, sockmap: Fix double uncharge the mem of sk_msg
     - USB: storage: ums-realtek: fix error code in rts51x_read_mem()
     - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
     - can: isotp: support MSG_TRUNC flag when reading from socket
     - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
     - ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
     - af_netlink: Fix shift out of bounds in group mask calculation
     - [arm64,armhf] i2c: meson: Fix wrong speed use from probe
     - PCI: Avoid broken MSI on SB600 USB devices
     - [arm64] net: bcmgenet: Use stronger register read/writes to assure
     - tcp: ensure PMTU updates are processed during fastopen
     - openvswitch: always update flow key after nat
     - tipc: fix the timer expires after interval 100ms
     - [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff
     - [armhf] fsi: aspeed: convert to devm_platform_ioremap_resource
     - [armhf] fsi: Aspeed: Fix a potential double free
     - soundwire: intel: fix wrong register name in intel_shim_wake
     - iio: mma8452: Fix probe failing when an i2c_device_id is used
     - [arm64,armhf] phy: dphy: Correct lpx parameter and its
     - [x86] serial: 8250_mid: Balance reference count for PCI DMA device
     - [x86] serial: 8250_lpss: Balance reference count for PCI DMA device
     - NFS: Use of mapping_set_error() results in spurious errors
     - serial: 8250: Fix race condition in RTS-after-send handling
     - NFS: Return valid errors from nfs2/3_decode_dirent()
     - [arm64] clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
     - [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock
     - nvdimm/region: Fix default alignment for small regions
     - [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in
     - NFS: remove unneeded check in decode_devicenotify_args()
     - [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in
     - [s390x] tty: hvc: fix return value of __setup handler
     - serial: 8250: fix XOFF/XON sending when DMA is used
     - driver core: dd: fix return value of __setup handler
     - jfs: fix divide error in dbNextAG
     - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
     - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
     - kdb: Fix the putarea helper function
     - clk: Initialize orphan req_rate
     - [amd64] xen: fix is_xen_pmu()
     - [arm64] net: enetc: report software timestamping via SO_TIMESTAMPING
     - [arm64] net: hns3: fix bug when PF set the duplicate MAC address for VFs
     - net: phy: broadcom: Fix brcm_fet_config_init()
     - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
     - [armhf] net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
     - fs: fd tables have to be multiples of BITS_PER_LONG
     - fs: fix fd table size alignment properly
     - LSM: general protection fault in legacy_parse_param
     - block, bfq: don't move oom_bfqq
     - selinux: use correct type for context length
     - selinux: allow FIOCLEX and FIONCLEX with policy capability
     - loop: use sysfs_emit() in the sysfs xxx show()
     - Fix incorrect type in assignment of ipv6 port for audit
     - fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
     - bfq: fix use-after-free in bfq_dispatch_request
     - ACPICA: Avoid walking the ACPI Namespace if it is not there
     - Revert "Revert "block, bfq: honor already-setup queue merges""
     - ACPI/APEI: Limit printable size of BERT table data
     - PM: core: keep irq flags in device_pm_check_callbacks()
     - nvme-tcp: lockdep: annotate in-kernel sockets
     - [arm64] spi: tegra20: Use of_device_get_match_data()
     - ext4: correct cluster len and clusters changed accounting in
     - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
     - ext4: don't BUG if someone dirty pages without asking ext4 first
     - f2fs: fix to do sanity check on curseg->alloc_type
     - NFSD: Fix nfsd_breaker_owns_lease() return values
     - f2fs: compress: fix to print raw data size in error path of lz4
     - video: fbdev: cirrusfb: check pixclock to avoid divide by zero
     - [armel,armhf] ftrace: avoid redundant loads or clobbering IP
     - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
     - ASoC: soc-core: skip zero num_dai component in searching dai name
     - media: cx88-mpeg: clear interrupt status register before streaming video
     - uaccess: fix type mismatch warnings from access_ok()
     - media: Revert "media: em28xx: add missing em28xx_close_extension"
     - media: hdpvr: initialize dev->worker at hdpvr_register_videodev
     - mmc: host: Return an error when ->enable_sdio_irq() ops is missing
     - ALSA: hda/realtek: Add alc256-samsung-headphone fixup
     - [x86] KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP
     - [powerpc*] lib/sstep: Fix 'sthcx' instruction
     - [powerpc*] lib/sstep: Fix build errors with newer binutils
     - scsi: qla2xxx: Fix stuck session in gpdb
     - scsi: qla2xxx: Fix scheduling while atomic
     - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
     - scsi: qla2xxx: Fix warning for missing error code
     - scsi: qla2xxx: Fix device reconnect in loop topology
     - scsi: qla2xxx: Add devids and conditionals for 28xx
     - scsi: qla2xxx: Check for firmware dump already collected
     - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
     - scsi: qla2xxx: Fix disk failure to rediscover
     - scsi: qla2xxx: Fix incorrect reporting of task management failure
     - scsi: qla2xxx: Fix hang due to session stuck
     - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
     - scsi: qla2xxx: Fix N2N inconsistent PLOGI
     - scsi: qla2xxx: Reduce false trigger to login
     - scsi: qla2xxx: Use correct feature type field during RFF_ID processing
     - [arm64] platform: chrome: Split trace include file
     - [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
     - KVM: Prevent module exit until all VMs are freed
     - [x86] KVM: x86: fix sending PV IPI
     - [x86] KVM: SVM: fix panic on out-of-bounds guest IRQ
     - [x86] ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
     - ubifs: rename_whiteout: Fix double free for whiteout_ui->data
     - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
     - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
     - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
     - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
     - ubifs: Fix to add refcount once page is set private
     - ubifs: rename_whiteout: correct old_dir size computing
     - wireguard: queueing: use CFI-safe ptr_ring cleanup function
     - wireguard: socket: free skb in send6 when ipv6 is disabled
     - wireguard: socket: ignore v6 endpoints when ipv6 is disabled
     - XArray: Fix xas_create_range() when multi-order entry present
     - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
       path (CVE-2022-28389)
     - can: mcba_usb: properly check endpoint type
     - XArray: Update the LRU list in xas_split()
     - rtc: check if __rtc_read_time was successful
     - gfs2: Make sure FITRIM minlen is rounded up to fs block size
     - [arm64] net: hns3: fix software vlan talbe of vlan 0 inconsistent with
     - rxrpc: Fix call timer start racing with call destruction
     - [arm64] mailbox: imx: fix wakeup failure from freeze mode
     - watch_queue: Free the page array when watch_queue is dismantled
     - pinctrl: pinconf-generic: Print arguments for bias-pull-*
     - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
     - [arm*] iop32x: offset IRQ numbers by 1
     - io_uring: fix memory leak of uid in files registration
     - [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC
     - [arm64] platform/chrome: cros_ec_typec: Check for EC device
     - can: isotp: restore accidentally removed MSG_PEEK feature
     - proc: bootconfig: Add null pointer check
     - [x86] ASoC: soc-compress: Change the check for codec_dai
     - batman-adv: Check ptr for NULL before reducing its refcnt
     - mm/mmap: return 1 from stack_guard_gap __setup() handler
     - mm/memcontrol: return 1 from cgroup.memory __setup() handler
     - mm/usercopy: return 1 from hardened_usercopy __setup() handler
     - bpf: Adjust BPF stack helper functions to accommodate skip > 0
     - bpf: Fix comment for helper bpf_current_task_under_cgroup()
     - dt-bindings: mtd: nand-controller: Fix the reg property description
     - dt-bindings: mtd: nand-controller: Fix a comment in the examples
     - dt-bindings: spi: mxic: The interrupt property is not mandatory
     - [x86] ASoC: topology: Allow TLV control to be either read or write
     - docs: sysctl/kernel: add missing bit to panic_print
     - openvswitch: Fixed nd target mask field in the flow dump.
     - [x86] KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
     - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
       path (CVE-2022-28388)
     - coredump: Snapshot the vmas in do_coredump
     - coredump: Remove the WARN_ON in dump_vma_snapshot
     - coredump/elf: Pass coredump_params into fill_note_info
     - coredump: Use the vma snapshot in fill_files_note
     - [arm64] Do not defer reserve_crashkernel() for platforms with no DMA
       memory zones
     - [arm64] PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
     - ubifs: Rectify space amount budget for mkdir/tmpfile operations
     - gfs2: Check for active reservation in gfs2_release
     - gfs2: Fix gfs2_release for non-writers regression
     - gfs2: gfs2_setattr_size error path fix
     - [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
     - [x86] KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
     - drm: Add orientation quirk for GPD Win Max
     - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
     - drm/amd/display: Add signal type check when verify stream backends same
     - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
     - ptp: replace snprintf with sysfs_emit
     - [armhf] ath11k: fix kernel panic during unload/load ath11k modules
     - ath11k: mhi: use mhi_sync_power_up()
     - bpf: Make dst_port field in struct bpf_sock 16-bit wide
     - scsi: mvsas: Replace snprintf() with sysfs_emit()
     - scsi: bfa: Replace snprintf() with sysfs_emit()
     - [arm64,armhf] power: supply: axp20x_battery: properly report current when
     - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
     - cfg80211: don't add non transmitted BSS to 6GHz scanned channels
     - ipv6: make mc_forwarding atomic
     - [powerpc*] Set crashkernel offset to mid of RMA region
     - drm/amdgpu: Fix recursive locking warning
     - [arm64] PCI: aardvark: Fix support for MSI interrupts
     - [arm64] iommu/arm-smmu-v3: fix event handling soft lockup
     - usb: ehci: add pci device support for Aspeed platforms
     - tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
     - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
     - iwlwifi: mvm: Correctly set fragmented EBS
     - ipv4: Invalidate neighbour for broadcast address upon address addition
     - dm ioctl: prevent potential spectre v1 gadget
     - dm: requeue IO if mapping table not yet available
     - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
     - scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
     - scsi: pm8001: Fix task leak in pm8001_send_abort_all()
     - scsi: pm8001: Fix tag leaks on error
     - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
     - scsi: aha152x: Fix aha152x_setup() __setup handler return value
     - [arm64] scsi: hisi_sas: Free irq vectors in order for v3 HW
     - net/smc: correct settings of RMB window update limit
     - macvtap: advertise link netns via netlink
     - tuntap: add sanity checks about msg_controllen in sendmsg
     - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
     - Bluetooth: use memset avoid memory leaks
     - bnxt_en: Eliminate unintended link toggle during FW reset
     - [mps64el,mipsel] fix fortify panic when copying asm exception handlers
     - scsi: libfc: Fix use after free in fc_exch_abts_resp()
     - can: isotp: set default value for N_As to 50 micro seconds
     - net: account alternate interface name memory
     - net: limit altnames to 64k total
     - net: sfp: add 2500base-X quirk for Lantech SFP module
     - [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on
     - Bluetooth: Fix use after free in hci_send_acl
     - netlabel: fix out-of-bounds memory accesses
     - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
     - init/main.c: return 1 from handled __setup() functions
     - minix: fix bug when opening a file with O_DIRECT
     - [arm*] staging: vchiq_core: handle NULL result of find_service_by_handle
     - [arm64,armhf] phy: amlogic: meson8b-usb2: Use dev_err_probe()
     - w1: w1_therm: fixes w1_seq for ds28ea00 sensors
     - NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
     - NFSv4: Protect the state recovery thread against direct reclaim
     - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
     - [armhf] clk: ti: Preserve node in ti_dt_clocks_register()
     - clk: Enforce that disjoints limits are invalid
     - SUNRPC/call_alloc: async tasks mustn't block waiting for memory
     - SUNRPC/xprt: async tasks mustn't block waiting for memory
     - SUNRPC: remove scheduling boost for "SWAPPER" tasks.
     - NFS: swap IO handling is slightly different for O_DIRECT IO
     - NFS: swap-out must always use STABLE writes.
     - [armhf] serial: samsung_tty: do not unlock port->lock for
     - virtio_console: eliminate anonymous module_init & module_exit
     - jfs: prevent NULL deref in diFree
     - SUNRPC: Fix socket waits for write buffer space
     - NFS: nfsiod should not block forever in mempool_alloc()
     - NFS: Avoid writeback threads getting stuck in mempool_alloc()
     - mm: fix race between MADV_FREE reclaim and blkdev direct IO read
     - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
     - [x86] Drivers: hv: vmbus: Fix potential crash on module unload
     - Revert "NFSv4: Handle the special Linux file open access mode"
     - NFSv4: fix open failure with O_ACCMODE flag
     - ice: Clear default forwarding VSI during VSI release
     - net: ipv4: fix route with nexthop object delete warning
     - net: stmmac: Fix unset max_speed difference between DT and non-DT
     - [armhf] drm/imx: imx-ldb: Check for null pointer after calling kmemdup
     - [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes
     - sfc: Do not free an empty page_ring
     - RDMA/mlx5: Don't remove cache MRs when a delay is needed
     - [amd64] IB/rdmavt: add lock to call to rvt_error_qp to prevent a race
     - [arm64] dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
     - ice: Set txq_teid to ICE_INVAL_TEID on ring creation
     - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
     - ipv6: Fix stats accounting in ip6_pkt_drop
     - ice: synchronize_rcu() when terminating rings
     - net: openvswitch: don't send internal clone attribute to the userspace.
     - net: openvswitch: fix leak of nested actions
     - rxrpc: fix a race in rxrpc_exit_net()
     - qede: confirm skb is allocated before using
     - bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
     - drbd: Fix five use after free bugs in get_initial_state
     - io_uring: don't touch scm_fp_list after queueing skb
     - SUNRPC: Handle ENOMEM in call_transmit_status()
     - SUNRPC: Handle low memory situations in call_status()
     - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
     - [armhf] iommu/omap: Fix regression in probe for NULL pointer dereference
     - [arm64] Add part number for Arm Cortex-A78AE
     - [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
     - [arm64,armhf] mmc: mmci: stm32: correctly check all elements of sg list
     - lz4: fix LZ4_decompress_safe_partial read out of bound
     - mmmremap.c: avoid pointless invalidate_range_start/end on
     - mm/mempolicy: fix mpol_new leak in shared_policy_replace
     - io_uring: fix race between timeout flush and removal (CVE-2022-29582)
     - [x86] pm: Save the MSR validity status at context setup
     - [x86] speculation: Restore speculation related MSRs during S3 resume
     - btrfs: fix qgroup reserve overflow the qgroup limit
     - btrfs: prevent subvol with swapfile from being deleted
     - [arm64] patch_text: Fixup last cpu should be master
     - [amd64] RDMA/hfi1: Fix use-after-free bug for mm struct
     - gpio: Restrict usage of GPIO chip irq members before initialization
     - [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
     - [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling
     - drm/nouveau/pmu: Add missing callbacks for Tegra devices
     - mm: don't skip swap entry even if zap_details specified
     - cgroup: Use open-time credentials for process migraton perm checks
     - [x86] Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
     - [arm64,armhf] irqchip/gic, gic-v3: Prevent GSI to SGI translations
     - [powerpc*] Fix virt_addr_valid() for 64-bit Book3E & 32-bit
     - [amd64] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
     - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195)
     - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195)
     - [arm64] cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
     - ACPI: processor idle: Check for architectural support for LPI
     - btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
     - [arm64] drm/msm: Add missing put_task_struct() in debugfs path
     - SUNRPC: Fix the svc_deferred_event trace class
     - net/sched: flower: fix parsing of ethertype following VLAN header
     - veth: Ensure eth header is in skb's linear part
     - gpiolib: acpi: use correct format characters
     - net: mdio: Alphabetically sort header inclusion
     - net/sched: fix initialization order when updating chain 0 head
     - [arm64] net: dsa: felix: suppress -EPROBE_DEFER errors
     - [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a
     - net/sched: taprio: Check if socket flags are valid
     - cfg80211: hold bss_lock while updating nontrans_list
     - [arm64] drm/msm: Fix range size vs end confusion
     - [arm64] drm/msm/dsi: Use connector directly in
     - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
     - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
     - scsi: pm80xx: Enable upper inbound, outbound queues
     - scsi: iscsi: Stop queueing during ep_disconnect
     - scsi: iscsi: Force immediate failure during shutdown
     - scsi: iscsi: Use system_unbound_wq for destroy_work
     - scsi: iscsi: Rel ref after iscsi_lookup_endpoint()
     - scsi: iscsi: Fix in-kernel conn failure handling
     - scsi: iscsi: Move iscsi_ep_disconnect()
     - scsi: iscsi: Fix offload conn cleanup when iscsid restarts
     - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart
     - sctp: Initialize daddr on peeled off socket
     - cifs: potential buffer overflow in handling symlinks
     - [arm64] net: bcmgenet: Revert "Use stronger register read/writes to assure
     - drm/amd: Add USBC connector ID
     - btrfs: fix fallocate to use file_modified to update permissions
     - btrfs: do not warn for free space inode in cow_file_range
     - drm/amd/display: fix audio format not updated after edid updated
     - drm/amd/display: FEC check in timing validation
     - drm/amd/display: Update VTEM Infopacket definition
     - drm/amdkfd: Fix Incorrect VMIDs passed to HWS
     - drm/amdgpu/vcn: improve vcn dpg stop procedure
     - [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring
     - scsi: target: tcmu: Fix possible page UAF
     - scsi: lpfc: Fix queue failures when recovering from PCI parity error
     - [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
     - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
     - [armhf] gpu: ipu-v3: Fix dev_dbg frequency output
     - [arm64] alternatives: mark patch_alternative() as `noinstr`
     - tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
     - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
     - myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
     - drm/amd/display: Revert FEC check in validation
     - drm/amd/display: Fix allocate_mst_payload assert on resume
     - scsi: mvsas: Add PCI ID of RocketRaid 2640
     - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
     - drivers: net: slip: fix NPD bug in sl_tx_timeout()
     - mm, page_alloc: fix build_zonerefs_node()
     - mm: fix unexpected zeroed page mapping with zram swap
     - [x86] KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
     - ath9k: Properly clear TX status area before reporting to mac80211
     - ath9k: Fix usage of driver-private space in tx_info
     - btrfs: fix root ref counts in error handling in btrfs_get_root_ref
     - btrfs: mark resumed async balance as writing
     - ALSA: hda/realtek: Add quirk for Clevo PD50PNT
     - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
     - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
     - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
     - ipv6: fix panic when forwarding a pkt with no in6 dev
     - drm/amd/display: don't ignore alpha property on pre-multiplied mode
     - drm/amdgpu: Enable gfxoff quirk on MacBook Pro
     - genirq/affinity: Consider that CPUs on nodes can be unbalanced
     - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
     - dm integrity: fix memory corruption when tag_size is less than digest size
     - smp: Fix offline cpu check in flush_smp_call_function_queue()
     - timers: Fix warning condition in __run_timers()
     - dma-direct: avoid redundant memory sync for swiotlb
     - scsi: iscsi: Fix endpoint reuse regression
     - scsi: iscsi: Fix unbound endpoint error handling
     - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204)
     - ax25: fix reference count leaks of ax25_dev (CVE-2022-1204)
     - ax25: fix UAF bugs of net_device caused by rebinding operation
     - ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1204)
     - ax25: fix UAF bug in ax25_send_control()
     - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199)
     - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205)
     - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205)
     - tracing: Dump stacktrace trigger to the corresponding instance
     - gfs2: assign rgrp glock before compute_bitstructs
     - net/sched: cls_u32: fix netns refcount changes in u32_change()
     - ALSA: usb-audio: Clear MIDI port active flag after draining
     - ALSA: hda/realtek: Add quirk for Clevo NP70PNP
     - dm: fix mempool NULL pointer race when completing IO
     - [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap
     - esp: limit skb_page_frag_refill use to a single page
     - igc: Fix infinite loop in release_swfw_sync
     - igc: Fix BUG: scheduling while atomic
     - rxrpc: Restore removed timer deletion
     - net/smc: Fix sock leak when release after smc_shutdown()
     - net/packet: fix packet_sock xmit return value checking
     - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
     - ip6_gre: Fix skb_under_panic in __gre6_xmit()
     - net/sched: cls_u32: fix possible leak in u32_init_knode()
     - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
     - ipv6: make ip6_rt_gc_expire an atomic_t
     - netlink: reset network and mac headers in netlink_dump()
     - net: stmmac: Use readl_poll_timeout_atomic() in atomic state
     - [arm64] mm: Remove [PUD|PMD]_TABLE_BIT from [pud|pmd]_bad()
     - [arm64] mm: fix p?d_leaf()
     - [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can
       never be negative
     - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
     - vxlan: fix error return code in vxlan_fdb_append
     - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
     - [amd64,arm64] net: atlantic: Avoid out-of-bounds indexing
     - mt76: Fix undefined behavior due to shift overflowing the constant
     - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
     - [arm64] drm/msm/mdp5: check the return of kzalloc()
     - [arm64] net: macb: Restart tx only if queue pointer is lagging
     - scsi: qedi: Fix failed disconnect handling
     - stat: fix inconsistency between struct stat and struct compat_stat
     - nvme: add a quirk to disable namespace identifiers
     - nvme-pci: disable namespace identifiers for Qemu controllers
     - mm, hugetlb: allow for "high" userspace addresses
     - oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
     - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
     - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
     - [amd64,arm64] net: atlantic: invert deep par in pm functions, preventing
       null derefs
     - openvswitch: fix OOB access in reserve_sfa_size()
     - gpio: Request interrupts after IRQ is initialized
     - ASoC: soc-dapm: fix two incorrect uses of list iterator
     - e1000e: Fix possible overflow in LTR decoding
     - [arm*] arm_pmu: Validate single/group leader events
     - sched/pelt: Fix attach_entity_load_avg() corner case
     - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
     - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in
     - [powerpc*] KVM: PPC: Fix TCE handling for VFIO
     - [arm*] drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()
     - [powerpc*] perf: Fix power9 event alternatives
     - ext4: fix fallocate to use file_modified to update permissions
     - ext4: fix symlink file size not match to file content
     - ext4: fix use-after-free in ext4_search_dir
     - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
     - ext4, doc: fix incorrect h_reserved size
     - ext4: fix overhead calculation to account for the reserved gdt blocks
     - ext4: force overhead calculation if the s_overhead_cluster makes no sense
     - can: isotp: stop timeout monitoring when no first frame was sent
     - jbd2: fix a potential race while discarding reserved buffers after an
     - block/compat_ioctl: fix range check in BLKGETSIZE
   [ Salvatore Bonaccorso ]
   * Bump ABI to 14
   * [rt] Drop "tcp: Remove superfluous BH-disable around"
   * [rt] Update "tracing: Merge irqflags + preempt counter." for upstream
     changes in 5.10.113
   * [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
     (Closes: #1006346)
   * floppy: disable FDRAWCMD by default
 linux (5.10.106-1) bullseye; urgency=medium
   * New upstream stable update:
     - mac80211_hwsim: report NOACK frames in tx_status
     - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
     - [arm*] i2c: bcm2835: Avoid clock stretching timeouts
     - ASoC: rt5682: do not block workqueue if card is unbound
     - regulator: core: fix false positive in regulator_late_cleanup()
     - Input: clear BTN_RIGHT/MIDDLE on buttonpads
     - [arm64] KVM: arm64: vgic: Read HW interrupt pending state from the HW
     - tipc: fix a bit overflow in tipc_crypto_key_rcv()
     - cifs: fix double free race when mount fails in cifs_get_root()
     - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
     - usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
     - usb: gadget: clear related members when goto fail (CVE-2022-24958)
     - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
     - exfat: fix i_blocks for files truncated over 4 GiB
     - tracing: Add test for user space strings when filtering on string pointers
     - [armhf] serial: stm32: prevent TDR register overwrite when sending x_char
     - ata: pata_hpt37x: fix PCI clock detection
     - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
     - tracing: Add ustring operation to filtering string pointers
     - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
     - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
     - [amd64] iommu/amd: Recover from event log overflow
     - [x86] drm/i915: s/JSP2/ICP2/ PCH
     - xen/netfront: destroy queues before real_num_tx_queues is zeroed
     - mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
     - xfrm: fix MTU regression
     - netfilter: fix use-after-free in __nf_register_net_hook()
     - bpf, sockmap: Do not ignore orig_len parameter
     - xfrm: fix the if_id check in changelink
     - xfrm: enforce validity of offload input flags
     - e1000e: Correct NVM checksum verification flow
     - net: fix up skbs delta_truesize in UDP GRO frag_list
     - netfilter: nf_queue: don't assume sk is full socket
     - netfilter: nf_queue: fix possible use-after-free
     - netfilter: nf_queue: handle socket prefetch
     - batman-adv: Request iflink once in batadv-on-batadv check
     - batman-adv: Request iflink once in batadv_get_real_netdevice
     - batman-adv: Don't expect inter-netns unique iflink indices
     - net: ipv6: ensure we call ipv6_mc_down() at most once
     - net: dcb: flush lingering app table entries for unregistered devices
     - net/smc: fix connection leak
     - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
     - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
     - rcu/nocb: Fix missed nocb_timer requeue
     - ice: Fix race conditions between virtchnl handling and VF ndo ops
     - ice: fix concurrent reset and removal of VFs
     - sched/topology: Make sched_init_numa() use a set for the deduplicating
     - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
     - mac80211: fix forwarded mesh frames AC & queue selection
     - net: stmmac: fix return value of __setup handler
     - mac80211: treat some SAE auth steps as final
     - iavf: Fix missing check for running netdev
     - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
     - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
     - efivars: Respect "block" flag in efivar_entry_set_safe()
     - can: gs_usb: change active_channels's type from atomic_t to u8
     - igc: igc_read_phy_reg_gpy: drop premature return
     - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
     - [arm64,armhf] pinctrl: sunxi: Use unique lockdep classes for IRQs
     - igc: igc_write_phy_reg_gpy: drop premature return
     - memfd: fix F_SEAL_WRITE after shmem huge page allocated
     - [armhf] dts: switch timer config to common devkit8000 devicetree
     - [armhf] dts: Use 32KiHz oscillator on devkit8000
     - [arm64] soc: fsl: guts: Revert commit 3c0d64e867ed
     - [arm64] soc: fsl: guts: Add a missing memory allocation failure check
     - [armhf] tegra: Move panels to AUX bus
     - net: chelsio: cxgb3: check the return value of pci_find_capability()
     - iavf: Refactor iavf state machine tracking
     - nl80211: Handle nla_memdup failures in handle_nan_filter
     - drm/amdgpu: fix suspend/resume hang regression
     - net: dcb: disable softirqs in dcbnl_flush_dev()
     - Input: elan_i2c - move regulator_[en|dis]able() out of
     - Input: elan_i2c - fix regulator enable count imbalance after
     - HID: add mapping for KEY_DICTATE
     - HID: add mapping for KEY_ALL_APPLICATIONS
     - tracing/histogram: Fix sorting on old "cpu" value
     - tracing: Fix return value of __setup handlers
     - btrfs: fix lost prealloc extents beyond eof after full fsync
     - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
     - btrfs: add missing run of delayed items after unlink during log replay
     - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
     - hamradio: fix macro redefine warning
     - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
     - [armhf] report Spectre v2 status through sysfs
     - [armel,armhf] early traps initialisation
     - [armel,armhf] use LOADADDR() to get load address of sections
     - [armel,armhf] Spectre-BHB workaround
     - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
     - [arm64] cputype: Add CPU implementor & types for the Apple M1 cores
     - [arm64] Add Neoverse-N2, Cortex-A710 CPU part definition
     - [arm64] Add Cortex-X2 CPU part definition
     - [arm64] Add Cortex-A510 CPU part definition
     - [arm64] Add HWCAP for self-synchronising virtual counter
     - [arm64] add ID_AA64ISAR2_EL1 sys register
     - [arm64] cpufeature: add HWCAP for FEAT_AFP
     - [arm64] cpufeature: add HWCAP for FEAT_RPRES
     - [arm64] entry.S: Add ventry overflow sanity checks
     - [arm64] spectre: Rename spectre_v4_patch_fw_mitigation_conduit
     - [arm64] entry: Make the trampoline cleanup optional
     - [arm64] entry: Free up another register on kpti's tramp_exit path
     - [arm64] entry: Move the trampoline data page before the text page
     - [arm64] entry: Allow tramp_alias to access symbols after the 4K boundary
     - [arm64] entry: Don't assume tramp_vectors is the start of the vectors
     - [arm64] entry: Move trampoline macros out of ifdef'd section
     - [arm64] entry: Make the kpti trampoline's kpti sequence optional
     - [arm64] entry: Allow the trampoline text to occupy multiple pages
     - [arm64] entry: Add non-kpti __bp_harden_el1_vectors for mitigations
     - [arm64] entry: Add vectors that have the bhb mitigation sequences
     - [arm64] entry: Add macro for reading symbol addresses from the trampoline
     - [arm64] Add percpu vectors for EL1
     - [arm64] proton-pack: Report Spectre-BHB vulnerabilities as part of
     - [arm64] KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
     - [arm64] Mitigate spectre style branch history side channels
     - [arm64] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
     - [arm64] Use the clearbhb instruction in mitigations
     - [arm64] proton-pack: Include unprivileged eBPF status in Spectre v2
       mitigation reporting
     - [armel,armhf] fix co-processor register typo
     - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
     - [armhf] fix build warning in proc-v7-bugs.c
     - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
       (CVE-2022-23040, XSA-396)
     - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
       CVE-2022-23038, XSA-396)
     - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
       (CVE-2022-23036, XSA-396)
     - xen/netfront: don't use gnttab_query_foreign_access() for mapped status
       (CVE-2022-23037, XSA-396)
     - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
       (CVE-2022-23038, XSA-396)
     - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
     - xen: remove gnttab_query_foreign_access()
     - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
     - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
     - xen/gnttab: fix gnttab_end_foreign_access() without page specified
       (CVE-2022-23041, XSA-396)
     - xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
       (CVE-2022-23042, XSA-396)
     - Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
     - [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay
     - [arm64] dts: armada-3720-turris-mox: Add missing ethernet0 alias
     - tipc: fix kernel panic when enabling bearer
     - mISDN: Remove obsolete PIPELINE_DEBUG debugging information
     - mISDN: Fix memory leak in dsp_pipeline_build()
     - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
     - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
     - net: qlogic: check the return value of dma_alloc_coherent() in
     - esp: Fix BEET mode inter address family tunneling on GSO
     - qed: return status of qed_iov_get_link
     - i40e: stop disabling VFs due to PF error responses
     - ice: stop disabling VFs due to PF error responses
     - ice: Align macro names to the specification
     - ice: Remove unnecessary checker loop
     - ice: Rename a couple of variables
     - ice: Fix curr_link_speed advertised speed
     - tipc: fix incorrect order of state message data sanity check
     - [armhf] net: ethernet: ti: cpts: Handle error for clk_enable
     - ax25: Fix NULL pointer dereference in ax25_kill_by_device
     - net/mlx5: Fix size field in bufferx_reg struct
     - net/mlx5: Fix a race on command flush flow
     - net/mlx5e: Lag, Only handle events from highest priority multipath entry
     - NFC: port100: fix use-after-free in port100_send_complete
     - net: phy: DP83822: clear MISR2 register to disable interrupts
     - sctp: fix kernel-infoleak for SCTP sockets
     - [arm64] net: bcmgenet: Don't claim WOL when its not available
     - [arm64,armhf] spi: rockchip: Fix error in getting num-cs property
     - [arm64,armhf] spi: rockchip: terminate dma transmission when slave abort
     - net-sysfs: add check for netdevice being present to speed_show
     - [armhf] hwmon: (pmbus) Clear pmbus fault/warning bits after read
     - gpio: Return EPROBE_DEFER if gc->to_irq is NULL
     - Revert "xen-netback: remove 'hotplug-status' once it has served its
     - Revert "xen-netback: Check for hotplug-status existence before watching"
     - ipv6: prevent a possible race condition with lifetimes
     - tracing: Ensure trace buffer is at least 4096 bytes large
     - fuse: fix pipe buffer lifetime for direct_io
     - staging: rtl8723bs: Fix access-point mode deadlock
     - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
     - [arm64] mmc: meson: Fix usage of meson_mmc_post_req()
     - [arm64] dts: marvell: armada-37xx: Remap IO space to bus address 0x0
     - virtio: unexport virtio_finalize_features
     - virtio: acknowledge all features before access
     - watch_queue, pipe: Free watchqueue state after clearing pipe ring
     - watch_queue: Fix to release page in ->release() (CVE-2022-0995)
     - watch_queue: Fix to always request a pow-of-2 pipe ring size
     - watch_queue: Fix the alloc bitmap size to reflect notes allocated
     - watch_queue: Free the alloc bitmap when the watch_queue is torn down
     - watch_queue: Fix lack of barrier/sync/lock between post and read
     - watch_queue: Make comment about setting ->defunct more accurate
     - [x86] boot: Fix memremap of setup_indirect structures
     - [x86] boot: Add setup_indirect support in early_memremap_is_setup_data()
     - [x86] traps: Mark do_int3() NOKPROBE_SYMBOL
     - ext4: add check to prevent attempting to resize an fs with sparse_super2
     - [armel,armhf] fix Thumb2 regression with Spectre BHB
     - watch_queue: Fix filter limit check ((CVE-2022-0995)
   [ Salvatore Bonaccorso ]
   * Bump ABI to 13
   * [rt] Update to 5.10.104-rt63
   * [rt] Update to 5.10.106-rt64
   * sctp: fix the processing for INIT chunk (CVE-2021-3772)
   * tcp: make tcp_read_sock() more robust
   * io_uring: return back safer resurrect
   * [arm64] kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
 d230e489d2a5e0e64648faacdf8bd25c02f13398 210309 linux_5.10.120-1~bpo10+1.dsc
 6343dc2477db5e1f24851259b8b5abdd68366753 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz
 8f6571ef2bc1e1fade31393ede05824a6483a09f 54771 linux_5.10.120-1~bpo10+1_source.buildinfo
 4d2fb2bb0dbf7225e9efda1a1ef11fa86e1a1cc11dc8ba7ba3a31e80a96c63f2 210309 linux_5.10.120-1~bpo10+1.dsc
 47b7750c64c215a8dd7c4f3ba430a6d1c532a9131f65bc7bbce63d5acafceb62 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz
 805e93cc023e94faacfbf2a098dcdfb7a632d1b68dc9fb7d1c95178ba1b64e7b 54771 linux_5.10.120-1~bpo10+1_source.buildinfo
 6b9a0705430e2cd450be51af485468f1 210309 kernel optional linux_5.10.120-1~bpo10+1.dsc
 87dd4d0064c1ab5b7433b9fda7a260c0 1508012 kernel optional linux_5.10.120-1~bpo10+1.debian.tar.xz
 26ce5000121028a550280ed5e95bdaf0 54771 kernel optional linux_5.10.120-1~bpo10+1_source.buildinfo



Reply to: