Accepted linux-5.10 5.10.149-2~deb10u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Oct 2022 23:03:33 +0200
Source: linux-5.10
Architecture: source
Version: 5.10.149-2~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 1017425 1018752 1019248 1022025
Changes:
linux-5.10 (5.10.149-2~deb10u1) buster-security; urgency=high
.
* Rebuild for buster:
- Change ABI number to 0.deb10.19
.
linux (5.10.149-2) bullseye-security; urgency=high
.
* Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
(Closes: #1022025)
* Revert "drm/amdgpu: make sure to init common IP before gmc"
(Closes: #1022025)
.
linux (5.10.149-1) bullseye-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.149
- Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
.
[ Salvatore Bonaccorso ]
* Replace patch for "io_uring/af_unix: defer registered files gc to io_uring
release" with queued version
.
linux (5.10.148-1) bullseye-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.141
- [s390x] mm: do not trigger write fault when vma does not allow VM_WRITE
- kbuild: Fix include path in scripts/Makefile.modpost
- Bluetooth: L2CAP: Fix build errors in some archs
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
- media: pvrusb2: fix memory leak in pvr_probe
- HID: hidraw: fix memory leak in hidraw_release()
- net: fix refcount bug in sk_psock_get (2)
- fbdev: fb_pm2fb: Avoid potential divide by zero error
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead
- drm/amd/display: Avoid MPC infinite loop
- drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
- drm/amd/display: clear optc underflow before turn off odm clock
- neigh: fix possible DoS due to net iface start/stop loop
- [s390x] hypfs: avoid error message under KVM
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
- drm/amd/display: Fix pixel clock programming
- drm/amdgpu: Increase tlb flush timeout for sriov
- netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
- lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline()
- kprobes: don't call disarm_kprobe() for disabled kprobes
- io_uring: disable polling pollfree files
- xfs: remove infinite loop when reserving free block pool
- xfs: always succeed at setting the reserve pool size
- xfs: fix overfilling of reserve pool
- xfs: fix soft lockup via spinning in filestream ag selection loop
- xfs: revert "xfs: actually bump warning counts when we send warnings"
- net: neigh: don't call kfree_skb() under spin_lock_irqsave()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.142
- [arm64] drm/msm/dsi: fix the inconsistent indenting
- [arm64] drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
- [arm64] drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
- [arm64] drm/msm/dsi: Fix number of regulators for SDM660
- [x86] platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
- iio: adc: mcp3911: make use of the sign bit
- bpf, cgroup: Fix kernel BUG in purge_effective_progs
- ieee802154/adf7242: defer destroy_workqueue call
- ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
- Revert "xhci: turn off port power in shutdown"
- net: sched: tbf: don't call qdisc_put() while holding tree lock
- net/sched: fix netdevice reference leaks in attach_default_qdiscs()
- sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
- tcp: annotate data-race around challenge_timestamp
- Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
- net/smc: Remove redundant refcount increase
- [arm64] serial: fsl_lpuart: RS485 RTS polariy is inverse
- staging: rtl8712: fix use after free bugs
- [powerpc*] align syscall table for ppc32
- vt: Clear selection before changing the font
- [arm64] tty: serial: lpuart: disable flow control while waiting for the
transmit engine to complete
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
- iio: ad7292: Prevent regulator double disable
- iio: adc: mcp3911: use correct formula for AD conversion
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
- [arm*] binder: fix UAF of ref->proc caused by race condition
(CVE-2022-20421)
- [x86] drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
- Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
- [arm64,armhf] clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
- [arm64,armhf] clk: bcm: rpi: Use correct order for the parameters of
devm_kcalloc()
- [arm64,armhf] clk: bcm: rpi: Prevent out-of-bounds access
- [arm64,armhf] clk: bcm: rpi: Add missing newline
- [armel,armhf] hwmon: (gpio-fan) Fix array out of bounds access
- [arm64,armhf] gpio: pca953x: Add mutex_lock for regcache sync in PM
- [x86] KVM: x86: Mask off unsupported and unknown bits of
IA32_ARCH_CAPABILITIES
- xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
- mm: pagewalk: Fix race between unmap and page walker
- xen-blkback: Advertise feature-persistent as user requested
- xen-blkfront: Advertise feature-persistent as user requested
- [x86] thunderbolt: Use the actual buffer in tb_async_error()
- media: mceusb: Use new usb_control_msg_*() routines
- xhci: Add grace period after xHC start to prevent premature runtime
suspend.
- USB: serial: cp210x: add Decagon UCA device id
- USB: serial: option: add support for OPPO R11 diag port
- USB: serial: option: add Quectel EM060K modem
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
- usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles
- [arm*] usb: dwc2: fix wrong order of phy_power_on and phy_init
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
- [s390x] hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
- [s390x] fix nospec table alignments
- USB: core: Prevent nested device-reset calls
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
- driver core: Don't probe devices after bus_type.match() probe deferral
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
- wifi: mac80211: Fix UAF in ieee80211_scan_rx()
- ip: fix triggering of 'icmp redirect'
- net: Use u64_stats_fetch_begin_irq() for stats fetch.
- net: mac802154: Fix a condition in the receive path
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
- ALSA: seq: oss: Fix data-race for max_midi_devs access
- ALSA: seq: Fix data-race at module auto-loading
- [x86] drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
- btrfs: harden identification of a stale device
- mmc: core: Fix UHS-I SD 1.8V workaround branch
- [arm64,armhf] usb: dwc3: fix PHY disable sequence
- [arm64,armhf] usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
- [arm64,armhf] usb: dwc3: disable USB core PHY management
- USB: serial: ch341: fix lost character on LCR updates
- USB: serial: ch341: fix disabled rx timer on older devices
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143
- NFSD: Fix verifier returned in stable WRITEs
- xen-blkfront: Cache feature_persistent value before advertisement
- tty: n_gsm: initialize more members at gsm_alloc_mux()
- tty: n_gsm: avoid call of sleeping functions from atomic context
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(CVE-2022-40307)
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd()
- fs: only do a memory barrier for the first set_buffer_uptodate()
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
- scsi: megaraid_sas: Fix double kfree()
- drm/gem: Fix GEM handle release errors
- drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to
psp_hw_fini
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
- drm/radeon: add a force flush to delay work when radeon
- [arm64] cacheinfo: Fix incorrect assignment of signed error value to
unsigned fw_level
- net/core/skbuff: Check the return value of skb_copy_bits()
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface()
- kprobes: Prohibit probes in gate area
- debugfs: add debugfs_lookup_and_remove()
- nvmet: fix a use-after-free
- [x86] drm/i915: Implement WaEdpLinkRateDataReload
- scsi: mpt3sas: Fix use-after-free warning
- scsi: lpfc: Add missing destroy_workqueue() in error path
- cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
empty subtree
- cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
- smb3: missing inode locks in punch hole
- regulator: core: Clean up on enable failure
- [arm64] tee: fix compiler warning in tee_shm_register()
- RDMA/cma: Fix arguments order in net device validation
- [arm64] RDMA/hns: Fix supported page size
- [arm64] RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
- netfilter: br_netfilter: Drop dst references before setting.
- netfilter: nf_tables: clean up hook list when offload flags check fails
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663)
- ALSA: usb-audio: Inform the delayed registration more properly
- ALSA: usb-audio: Register card again for iface over delayed_register
option
- rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
- afs: Use the operation issue time instead of the reply time for callbacks
- sch_sfb: Don't assume the skb is still around after enqueueing to child
- tipc: fix shift wrapping bug in map_get()
- ice: use bitmap_free instead of devm_kfree
- i40e: Fix kernel crash during module removal
- xen-netback: only remove 'hotplug-status' when the vif is actually
destroyed
- ipv6: sr: fix out-of-bounds read when setting HMAC data.
- IB/core: Fix a nested dead lock as part of ODP flow
- RDMA/mlx5: Set local port to one when accessing counters
- nvme-tcp: fix UAF when detecting digest errors
- nvme-tcp: fix regression that causes sporadic requests to time out
- tcp: fix early ETIMEDOUT after spurious non-SACK RTO
- sch_sfb: Also store skb len before calling child enqueue
- swiotlb: avoid potential left shift overflow
- [amd64] iommu/amd: use full 64-bit value in build_completion_wait()
- [arm64] errata: add detection for AMEVCNTR01 incrementing incorrectly
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.144
- [armhf] dts: imx: align SPI NOR node name with dtschema
- [amd64] iommu/vt-d: Correctly calculate sagaw value of IOMMU
- tracefs: Only clobber mode/uid/gid on remount if asked
- Input: goodix - add support for GT1158
- [arm64] drm/msm/rd: Fix FIFO-full deadlock
- [amd64] hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
message
- tg3: Disable tg3 device on system reboot to avoid triggering AER
- ieee802154: cc2520: add rc code in cc2520_tx()
- Input: iforce - add support for Boeder Force Feedback Wheel
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
- drm/amd/amdgpu: skip ucode loading if ucode_size == 0
- [arm*] perf/arm_pmu_platform: fix tests for platform_get_irq() failure
- [x86] platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot
keymap fixes
- mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
- [x86] Revert "x86/ftrace: Use alternative RET encoding"
- [x86] ibt,ftrace: Make function-graph play nice
- [x86] ftrace: Use alternative RET encoding
- Input: goodix - add compatible string for GT1158
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.145
- [ppc64el] KVM: PPC: Book3S HV: Context tracking exit guest context before
enabling irqs
- [ppc64el] KVM: PPC: Tick accounting should defer vtime accounting 'til
after IRQ handling
- serial: 8250: Fix reporting real baudrate value in c_ospeed field
- [powerpc*] pseries/mobility: refactor node lookup during DT update
- [powerpc*] pseries/mobility: ignore ibm, platform-facilities updates
- [x86] platform/x86/intel: hid: add quirk to support Surface Go 3
- [arm64,armhf] net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
- [arm64] pinctrl: sunxi: Fix name for A100 R_PIO
- NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
- [arm64] gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in
mpc85xx
- [arm64] drm/meson: Correct OSD1 global alpha value
- [arm64] drm/meson: Fix OSD1 RGB to YCbCr coefficient
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
- of/device: Fix up of_dma_configure_id() stub
- cifs: revalidate mapping when doing direct writes
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
- video: fbdev: i740fb: Error out if 'pixclock' equals zero (CVE-2022-3061)
- Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field"
- [x86] ASoC: nau8824: Fix semaphore unbalance at error paths
- [armhf] regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe()
- rxrpc: Fix local destruction being repeated
- rxrpc: Fix calc of resend age
- wifi: mac80211_hwsim: check length for virtio packets
- ALSA: hda/sigmatel: Keep power up while beep is enabled
- [arm64,armhf] ALSA: hda/tegra: Align BDL entry to 4KB boundary
- net: usb: qmi_wwan: add Quectel RM520N
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
- [misp64el,mipsel] OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
- mksysmap: Fix the mismatch of 'L0' symbols in System.map
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
(CVE-2022-39842)
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.146
- drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
- drm/amdgpu: indirect register access for nv12 sriov
- drm/amdgpu: Separate vf2pf work item init from virt data exchange
- drm/amdgpu: make sure to init common IP before gmc
- [arm64,armhf] usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC
unbind
- [arm64,armhf] usb: dwc3: Issue core soft reset before enabling run/stop
- [arm64,armhf] usb: dwc3: gadget: Prevent repeat pullup()
- [arm64,armhf] usb: dwc3: gadget: Refactor pullup()
- [arm64,armhf] usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
- [arm64,armhf] usb: dwc3: gadget: Avoid duplicate requests to enable
Run/Stop
- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch
failure
- vfio/type1: Change success value of vaddr_get_pfn()
- vfio/type1: Prepare for batched pinning with struct vfio_batch
- vfio/type1: Unpin zero pages
- USB: core: Fix RST error in hub.c
- USB: serial: option: add Quectel BG95 0x0203 composition
- USB: serial: option: add Quectel RM520N
- ALSA: hda/tegra: set depop delay for tegra
- ALSA: hda: add Intel 5 Series / 3400 PCI DID
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
- ALSA: hda/realtek: Re-arrange quirk table entries
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
- [amd64] iommu/vt-d: Check correct capability for sagaw determination
- media: flexcop-usb: fix endpoint type check
- [x86] efi: x86: Wipe setup_data on pure EFI boot
- efi: libstub: check Shim mode using MokSBStateRT
- gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
- [arm64,armhf] can: flexcan: flexcan_mailbox_read() fix return value for
drop = true
- mm/slub: fix to return errno if kmalloc() fails
- KVM: SEV: add cache flush to solve SEV cache incoherency issues
(CVE-2022-0171)
- xfs: fix up non-directory creation in SGID directories (CVE-2021-4037)
- xfs: reorder iunlink remove operation in xfs_ifree
- xfs: validate inode fork size against fork format
- [arm64] dts: rockchip: Pull up wlan wake# on Gru-Bob
- netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663)
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
- iavf: Fix cached head and tail value for iavf_get_tx_pending
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
- net: let flow have same hash in two directions
- net: core: fix flow symmetric hash
- net: phy: aquantia: wait for the suspend/resume operations to finish
- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB
region
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
- net: bonding: Share lacpdu_mcast_addr definition
- net: bonding: Unsync device addresses on ndo_stop
- net: team: Unsync device addresses on ndo_stop
- [arm64,armhf] drm/panel: simple: Fix innolux_g121i1_l01 bus_format
- iavf: Fix bad page state
- iavf: Fix set max MTU size with port VLAN and jumbo frames
- i40e: Fix VF set max MTU size
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
- sfc: fix TX channel offset when using legacy interrupts
- sfc: fix null pointer dereference in efx_hard_start_xmit
- of: mdio: Add of_node_put() when breaking out of for_each_xx
- wireguard: ratelimiter: disable timings test by default
- wireguard: netlink: avoid variable-sized memcpy on sockaddr
- [arm64] net: enetc: move enetc_set_psfp() out of the common
enetc_set_features()
- net: socket: remove register_gifconf
- net/sched: taprio: avoid disabling offload when it was never enabled
- net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
qdiscs
- netfilter: nf_tables: fix nft_counters_enabled underflow at
nf_tables_addchain()
- netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
- netfilter: ebtables: fix memory leak when blob is malformed
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
- net/smc: Stop the CLC flow if no link to map buffers on
- net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
- net: sched: fix possible refcount leak in tc_new_tfilter()
- drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
- serial: Create uart_xmit_advance()
- [arm64,armhf] serial: tegra: Use uart_xmit_advance(), fixes icount.tx
accounting
- [s390x] dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
- vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external()
- drm/amdgpu: Fix check for RAS support
- cifs: use discard iterator to discard unneeded network data more
efficiently
- cifs: always initialize struct msghdr smb_msg completely
- [x86] Drivers: hv: Never allocate anything besides framebuffer from
framebuffer memory region
- [x86] drm/gma500: Fix BUG: sleeping function called from invalid context
errors
- drm/amdgpu: use dirty framebuffer helper
- drm/amd/display: Limit user regamma to a valid value
- drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack
usage
- [arm64] drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
- workqueue: don't skip lockdep work dependency in cancel_work_sync()
- [arm64,armhf] i2c: imx: If pm_runtime_get_sync() returned 1 device access
is possible
- [amd64,arm64] devdax: Fix soft-reservation memory description
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
- ext4: limit the number of retries after discarding preallocations blocks
- ext4: make directory inode spreading reflect flexbg size
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.147
- [x86] thunderbolt: Add support for Intel Maple Ridge
- [x86] thunderbolt: Add support for Intel Maple Ridge single port
controller
- [arm64,armhf] ALSA: hda/tegra: Use clk_bulk helpers
- [arm64,armhf] ALSA: hda/tegra: Reset hardware
- ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically
- ALSA: hda: Fix Nvidia dp infoframe
- btrfs: fix hang during unmount when stopping a space reclaim worker
- [arm64,x86] usb: typec: ucsi: Remove incorrect warning
- [x86] thunderbolt: Explicitly reset plug events delay back to USB4 spec
value
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
- mm/page_alloc: fix race condition between build_all_zonelists and page
allocation
- mm: prevent page_frag_alloc() from corrupting the memory
- mm/migrate_device.c: flush TLB while holding PTL
- mm: fix madivse_pageout mishandling on non-LRU page
- swiotlb: max mapping size takes min align mask into account
- [arm64] scsi: hisi_sas: Revert "scsi: hisi_sas: Limit max hw sectors for
v3 HW"
- [arm64,armhf] soc: sunxi: sram: Actually claim SRAM regions
- [arm64,armhf] soc: sunxi: sram: Prevent the driver from being unbound
- [arm64,armhf] soc: sunxi_sram: Make use of the helper function
devm_platform_ioremap_resource()
- [arm64,armhf] soc: sunxi: sram: Fix probe function ordering issues
- [arm64,armhf] soc: sunxi: sram: Fix debugfs info for A64 SRAM C
- [arm64,armhf] Revert "drm: bridge: analogix/dp: add panel
prepare/unprepare in suspend/resume time"
- usbnet: Fix memory leak in usbnet_disconnect()
- net: sched: act_ct: fix possible refcount leak in tcf_ct_init()
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
- nvme: add new line after variable declatation
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
- net: stmmac: power up/down serdes in stmmac_open/release
- [armhf] clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
- [x86] KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest
- [x86] alternative: Fix race in try_get_desc()
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.148
- nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
- nilfs2: fix use-after-free bug of struct nilfs_root
- nilfs2: fix leak of nilfs_root in case of writer thread creation failure
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
- ceph: don't truncate file in atomic_open
- docs: update mediator information in CoC docs
- xsk: Inherit need_wakeup flag for shared sockets
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303)
- mm: gup: fix the fast GUP race against THP collapse
- [powerpc*] 64s/radix: don't need to broadcast IPI for radix pmd collapse
flush
- fs: fix UAF/GPF bug in nilfs_mdt_destroy
- compiler_attributes.h: move __compiletime_{error|warning}
- scsi: qedf: Fix a UAF bug in __qedf_probe()
- net/ieee802154: fix uninit value bug in dgram_sendmsg
- ALSA: hda/hdmi: Fix the converter reuse for the silent stream
- net: atlantic: fix potential memory leak in aq_ndev_close()
- drm/amd/display: update gamut remap if plane has changed
- drm/amd/display: skip audio setup when audio stream is enabled
- mmc: core: Replace with already defined values for readability
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
- usb: mon: make mmapped memory read only
- USB: serial: ftdi_sio: fix 300 bps rate for SIO
- [arm64] rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
- Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5"
- random: restore O_NONBLOCK support
- random: clamp credited irq bits to maximum mixed
- ALSA: hda: Fix position reporting on Poulsbo
- efi: Correct Macmini DMI match in uefi cert quirk
- scsi: stex: Properly zero out the passthrough command structure
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
- random: avoid reading two cache lines on irq randomness
- random: use expired timer rather than wq for mixing fast pool
- wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
(CVE-2022-41674)
- wifi: cfg80211/mac80211: reject bad MBSSID elements
- wifi: cfg80211: ensure length byte is present before access
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720)
- wifi: cfg80211: avoid nontransmitted BSS list corruption (CVE-2022-42721)
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
- wifi: mac80211: fix crash in beacon protection for P2P-device
(CVE-2022-42722)
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
- Input: xpad - add supported devices as contributed on github
- Input: xpad - fix wireless 360 controller breaking after suspend
.
[ Aurelien Jarno ]
* [arm64] Add support for misalignment fixups for multiword loads from next
branch. Enable COMPAT_ALIGNMENT_FIXUPS.
.
[ Salvatore Bonaccorso ]
* [x86] drivers/edac: Enable EDAC_I10NM as module (Closes: #1019248)
* Bump ABI to 19
* Refresh "Export symbols needed by Android drivers"
* [rt] Update to 5.10.140-rt73
* io_uring/af_unix: defer registered files gc to io_uring release
(CVE-2022-2602)
* ext4: fix check for block being out of directory size (CVE-2022-1184)
.
[ Uwe Kleine-König ]
* mac80211: mlme: find auth challenge directly
* wifi: mac80211: don't parse mbssid in assoc response
* wifi: mac80211: fix MBSSID parsing use-after-free (CVE-2022-42719)
.
linux (5.10.140-1) bullseye; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
- Makefile: link with -z noexecstack --no-warn-rwx-segments
- [x86] link vdso and boot with -z noexecstack --no-warn-rwx-segments
- Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
- wifi: mac80211_hwsim: fix race condition in pending packet
- wifi: mac80211_hwsim: add back erroneously removed cast
- wifi: mac80211_hwsim: use 32-bit skb cookie
- add barriers to buffer_uptodate and set_buffer_uptodate
- HID: wacom: Only report rotation for art pen
- HID: wacom: Don't register pad_input for touch switch
- [x86] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
case
- [x86] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending
case
- [x86] KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- [s390x] KVM: s390: pv: don't present the ecall interrupt twice
- [x86] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
- [x86] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks
- [x86] KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP
- [x86] KVM: x86: Tag kvm_mmu_x86_module_init() with __init
- mm: Add kvrealloc()
- xfs: only set IOMAP_F_SHARED when providing a srcmap to a write
- xfs: fix I_DONTCACHE
- mm/mremap: hold the rmap lock in write mode when moving page table
entries.
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
- ALSA: hda/cirrus - support for iMac 12,1 model
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
- tty: vt: initialize unicode screen buffer
- vfs: Check the truncate maximum size in inode_newsize_ok()
- fs: Add missing umask strip in vfs_tmpfile
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
- fbcon: Fix accelerated fbdev scrolling while logo is still shown
- usbnet: Fix linkwatch use-after-free on disconnect
- ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
- [arm*] drm/vc4: hdmi: Disable audio if dmas property is present but empty
- drm/nouveau: fix another off-by-one in nvbios_addr
- drm/nouveau: Don't pm_runtime_put_sync(), only
pm_runtime_put_autosuspend()
- drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from
pm_runtime
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains
- iio: light: isl29028: Fix the warning in isl29028_remove()
- scsi: sg: Allow waiting for commands to complete on removed device
- scsi: qla2xxx: Fix incorrect display of max frame size
- scsi: qla2xxx: Zero undefined mailbox IN registers
- fuse: limit nsec
- [arm64] serial: mvebu-uart: uart2 error bits clearing
- md-raid: destroy the bitmap after destroying the thread
- md-raid10: fix KASAN warning
- PCI: Add defines for normal and subtractive PCI bridges
- [powerpc*] powernv: Avoid crashing if rng is NULL
- [mips64el,mipsel] cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
- USB: HCD: Fix URB giveback issue in tasklet function
- [arm64,armhf] usb: dwc3: gadget: refactor dwc3_repare_one_trb
- [arm64,armhf] usb: dwc3: gadget: fix high speed multiplier setting
- netfilter: nf_tables: fix null deref due to zeroed list head
- epoll: autoremove wakers even more aggressively
- [x86] Handle idle=nomwait cmdline properly for x86_idle
- [arm64] Do not forget syscall when starting a new thread.
- [arm64] fix oops in concurrently setting insn_emulation sysctls
- genirq: Don't return error on missing optional irq_request_resources()
- [mips64el,mipsel] irqchip/mips-gic: Only register IPI domain when SMP is
enabled
- genirq: GENERIC_IRQ_IPI depends on SMP
- [mips64el,mipsel] irqchip/mips-gic: Check the return value of ioremap() in
gic_of_init()
- wait: Fix __wait_event_hrtimeout for RT/DL tasks
- [armhf] OMAP2+: display: Fix refcount leak bug
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk
- ACPI: PM: save NVS memory for Lenovo G40-45
- ACPI: LPSS: Fix missing check in register_device_clock()
- [arm64] dts: allwinner: a64: orangepi-win: Fix LED node name
- PM: hibernate: defer device probing when resuming from hibernation
- selinux: Add boundary check in put_entry()
- [armel,armhf] findbit: fix overflowing offset
- [arm64,armhf] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
- ACPI: processor/idle: Annotate more functions to live in cpuidle section
- Input: atmel_mxt_ts - fix up inverted RESET handler
- [arm64] soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
- [x86] pmem: Fix platform-device leak in error path
- [armhf] dts: ast2500-evb: fix board compatible
- [armhf] dts: ast2600-evb: fix board compatible
- [arm64] cpufeature: Allow different PMU versions in ID_DFR0_EL1
- locking/lockdep: Fix lockdep_init_map_*() confusion
- [arm64] soc: fsl: guts: machine variable might be unset
- block: fix infinite loop for invalid zone append
- [armhf] OMAP2+: Fix refcount leak in omapdss_init_of
- [armhf] OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
- [arm64] regulator: qcom_smd: Fix pm8916_pldo range
- [arm64] ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP
- [arm64] bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe()
- erofs: avoid consecutive detection for Highmem memory
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
- hwmon: (drivetemp) Add module alias
- block: remove the request_queue to argument request based tracepoints
- blktrace: Trace remapped requests correctly
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
- dm: return early from dm_pr_call() if DM device is suspended
- ath10k: do not enforce interrupt trigger type
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
- ath11k: fix netdev open race
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer
- ath11k: Fix incorrect debug_mask mappings
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
- virtio-gpu: fix a missing check to avoid NULL dereference
- [arm64] drm: adv7511: override i2c address of cec before accessing it
- net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
- i2c: Fix a potential use after free
- media: tw686x: Register the irq at the end of probe
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679)
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd()
- drm/radeon: fix incorrrect SPDX-License-Identifiers
- [amd64] crypto: ccp - During shutdown, check SEV data pointer before using
- [arm64] drm: bridge: adv7511: Add check for mipi_dsi_driver_register
- media: hdpvr: fix error value returns in hdpvr_read
- [arm64,armhf] media: v4l2-mem2mem: prevent pollerr when
last_buffer_dequeued is set
- media: tw686x: Fix memory leak in tw686x_video_init
- [arm*] drm/vc4: plane: Remove subpixel positioning check
- [arm*] drm/vc4: plane: Fix margin calculations for the right/bottom edges
- [arm*] drm/vc4: dsi: Correct DSI divider calculations
- [arm*] drm/vc4: dsi: Correct pixel order for DSI0
- [arm*] drm/vc4: drv: Remove the DSI pointer in vc4_drv
- [arm*] drm/vc4: dsi: Use snprintf for the PHY clocks instead of an array
- [arm*] drm/vc4: dsi: Introduce a variant structure
- [arm*] drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
- [arm*] drm/vc4: dsi: Fix dsi0 interrupt support
- [arm*] drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration
- [arm*] drm/vc4: hdmi: Remove firmware logic for MAI threshold setting
- [arm*] drm/vc4: hdmi: Avoid full hdmi audio fifo writes
- [arm*] drm/vc4: hdmi: Don't access the connector state in reset if kmalloc
fails
- [arm*] drm/vc4: hdmi: Limit the BCM2711 to the max without scrambling
- [arm*] drm/vc4: hdmi: Fix timings for interlaced modes
- [arm*] drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
- [arm64,armhf] drm/rockchip: vop: Don't crash for invalid duplicate_state()
- [arm64,armhf] drm/rockchip: Fix an error handling path rockchip_dp_probe()
- lib: bitmap: order includes alphabetically
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
- hinic: Use the bitmap API when applicable
- net: hinic: fix bug that ethtool get wrong stats
- net: hinic: avoid kernel hung in hinic_get_stats64()
- [arm64] drm/msm/mdp5: Fix global state lock backoff
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
- tcp: make retransmitted SKB fit into the send window
- bpf: Fix subprog names in stack traces.
- fs: check FMODE_LSEEK to control internal pipe splicing
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
- [i386] can: pch_can: do not report txerr and rxerr during bus-off
- can: sja1000: do not report txerr and rxerr during bus-off
- [armhf] can: sun4i_can: do not report txerr and rxerr during bus-off
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
- can: usb_8dev: do not report txerr and rxerr during bus-off
- can: error: specify the values of data[5..7] of CAN error frames
- [i386] can: pch_can: pch_can_error(): initialize errc before using it
- Bluetooth: hci_intel: Add check for platform_driver_register
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()`
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
- [arm64,armhf] media: cedrus: hevc: Add check for invalid timestamp
- net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS
cipher/version
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
- [arm64] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
- inet: add READ_ONCE(sk->sk_bound_dev_if) in INET_MATCH()
- tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
- ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
- tcp: Fix data-races around sysctl_tcp_l3mdev_accept.
- net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
- iavf: Fix max_rate limiting
- net: rose: fix netdev reference changes
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
- wireguard: ratelimiter: use hrtimer in selftest
- wireguard: allowedips: don't corrupt stack when detecting overflow
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
- mtd: partitions: Fix refcount leak in parse_redboot_of
- [arm64,armhf] usb: xhci: tegra: Fix error check
- netfilter: xtables: Bring SPDX identifier back
- [arm64,armhf] platform/chrome: cros_ec: Always expose last resume result
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware
- mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
- driver core: fix potential deadlock in __driver_attach
- usb: host: xhci: use snprintf() in xhci_decode_trb()
- [arm64,armhf] PCI: dwc: Add unroll iATU space support to
dw_pcie_disable_atu()
- [arm64,armhf] PCI: dwc: Always enable CDM check if "snps,enable-cdm-check"
exists
- soundwire: bus_type: fix remove and shutdown support
- [arm64] KVM: arm64: Don't return from void function
- [x86] intel_th: Fix a resource leak in an error handling path
- [x86] intel_th: msu-sink: Potential dereference of null pointer
- [x86] intel_th: msu: Fix vmalloced buffers
- [x86] staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback
- [arm64] mmc: sdhci-of-esdhc: Fix refcount leak in
esdhc_signal_voltage_switch
- mmc: block: Add single read for 4k sector cards
- [s390x] KVM: s390: pv: leak the topmost page table when destroy fails
- PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
- [arm64] PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
- scsi: smartpqi: Fix DMA direction for RAID requests
- [armhf] usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
- [arm64,armhf] usb: dwc3: core: Deprecate GCTL.CORESOFTRESET
- [arm64,armhf] usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during
bootup
- [arm64,armhf] usb: dwc3: qcom: fix missing optional irq warnings
- RDMA/qedr: Improve error logs for rdma_alloc_tid error return
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
- [arm64] RDMA/hns: Fix incorrect clearing of interrupt status register
- [amd64] RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
- [mips64el,mipsel] mmc: cavium-octeon: Add of_node_put() when breaking out
of loop
- HID: alps: Declare U1_UNICORN_LEGACY support
- USB: serial: fix tty-port initialized comments
- [armhf,i386] platform/olpc: Fix uninitialized data in debugfs write
- RDMA/srpt: Duplicate port name members
- RDMA/srpt: Introduce a reference count in struct srpt_device
- RDMA/srpt: Fix a use-after-free
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
- RDMA/mlx5: Add missing check for return value in get namespace flow
- RDMA/rxe: Fix error unwind in rxe_create_qp()
- null_blk: fix ida error handling in null_add_dev()
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
- ext4: recover csum seed of tmp_inode after migrating to extents
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted
- opp: Fix error check in dev_pm_opp_attach_genpd()
- serial: 8250: Export ICR access helpers for internal use
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
- profiling: fix shift too large makes kernel panic
- tty: n_gsm: Delete gsmtty open SABM frame when config requester
- tty: n_gsm: fix user open not possible at responder until initiator open
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
- tty: n_gsm: fix non flow control frames during mux flow off
- tty: n_gsm: fix packet re-transmission without open control channel
- tty: n_gsm: fix race condition in gsmld_write()
- [arm64] ASoC: qcom: Fix missing of_node_put() in
asoc_qcom_lpass_cpu_platform_probe()
- vfio: Remove extra put/gets around vfio_device->group
- vfio: Simplify the lifetime logic for vfio_device
- vfio: Split creation of a vfio_device into init and register ops
- tty: n_gsm: fix wrong T1 retry count handling
- tty: n_gsm: fix DM command
- tty: n_gsm: fix missing corner cases in gsmld_poll()
- kfifo: fix kfifo_to_user() return type
- lib/smp_processor_id: fix imbalanced instrumentation_end() call
- [arm64] mfd: max77620: Fix refcount leak in max77620_initialise_fps
- [arm64] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of
loop
- [s390x] dump: fix old lowcore virtual vs physical address confusion
- fuse: Remove the control interface for virtio-fs
- [armhf] ASoC: audio-graph-card: Add of_node_put() in fail path
- [arm64] watchdog: armada_37xx_wdt: check the return value of
devm_ioremap() in armada_37xx_wdt_probe()
- [arm64,armhf] video: fbdev: amba-clcd: Fix refcount leak bugs
- video: fbdev: sis: fix typos in SiS_GetModeID()
- [powerpc*] pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
alias
- f2fs: don't set GC_FAILURE_PIN for background GC
- f2fs: write checkpoint during FG_GC
- f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time
- [powerpc*] xive: Fix refcount leak in xive_get_max_prio
- kprobes: Forbid probing on trampoline and BPF code areas
- [powerpc*] pci: Fix PHB numbering when using opal-phbid
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy()
- sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
- [amd64] x86/numa: Use cpumask_available instead of hardcoded NULL check
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
- sched: Fix the check of nr_running at queue wakelist
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
- video: fbdev: arkfb: Check the size of screen before memset_io()
- video: fbdev: s3fb: Check the size of screen before memset_io()
- [s390x] scsi: zfcp: Fix missing auto port scan and thus missing target
ports
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
- [x86] bugs: Enable STIBP for IBPB mitigated RETBleed
- [x86] ftrace/x86: Add back ftrace_expected assignment
- __follow_mount_rcu(): verify that mount_lock remains unchanged
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
- [x86] drm/i915/dg1: Update DMC_DEBUG3 register
- HID: Ignore battery for Elan touchscreen on HP Spectre X360 15-df0xxx
- HID: hid-input: add Surface Go battery quirk
- [arm*] drm/vc4: drv: Adopt the dma configuration from the HVS or V3D
component
- usbnet: smsc95xx: Don't clear read-only PHY interrupt
- usbnet: smsc95xx: Avoid link settings race on interrupt reception
- [x86] intel_th: pci: Add Meteor Lake-P support
- [x86] intel_th: pci: Add Raptor Lake-S PCH support
- [x86] intel_th: pci: Add Raptor Lake-S CPU support
- [x86] KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
- [x86] KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
- [amd64] iommu/vt-d: avoid invalid memory access via
node_online(NUMA_NO_NODE)
- PCI/AER: Write AER Capability only when we control it
- PCI/ERR: Bind RCEC devices to the Root Port driver
- PCI/ERR: Rename reset_link() to reset_subordinates()
- PCI/ERR: Simplify by using pci_upstream_bridge()
- PCI/ERR: Simplify by computing pci_pcie_type() once
- PCI/ERR: Use "bridge" for clarity in pcie_do_recovery()
- PCI/ERR: Avoid negated conditional for clarity
- PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery()
- PCI/ERR: Recover from RCEC AER errors
- PCI/AER: Iterate over error counters instead of error strings
- serial: 8250: Dissociate 4MHz Titan ports from Oxford ports
- serial: 8250: Correct the clock for OxSemi PCIe devices
- serial: 8250_pci: Refactor the loop in pci_ite887x_init()
- serial: 8250_pci: Replace dev_*() by pci_*() macros
- serial: 8250: Fold EndRun device support into OxSemi Tornado code
- dm writecache: set a default MAX_WRITEBACK_JOBS
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
- timekeeping: contribute wall clock to rng on time change
- btrfs: reject log replay if there is unsupported RO compat flag
- btrfs: reset block group chunk force if we have to wait
- [amd64,arm64] ACPI: CPPC: Do not prevent CPPC from working in the future
- [x86] KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
- [x86] KVM: VMX: Drop explicit 'nested' check from vmx_set_cr4()
- [x86] KVM: SVM: Drop VMXE check from svm_set_cr4()
- [x86] KVM: x86: Move vendor CR4 validity check to dedicated kvm_x86_ops
hook
- [x86] KVM: nVMX: Inject #UD if VMXON is attempted with incompatible
CR0/CR4
- [x86] KVM: x86/pmu: preserve IA32_PERF_CAPABILITIES across CPUID refresh
- [x86] KVM: x86/pmu: Use binary search to check filtered events
- [x86] KVM: x86/pmu: Use different raw event masks for AMD and Intel
- [x86] KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
- [x86] KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's
no vPMU
- [x86] KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support
global_ctrl
- xen-blkback: fix persistent grants negotiation
- xen-blkback: Apply 'feature_persistent' parameter when connect
- xen-blkfront: Apply 'feature_persistent' parameter when connect
- KEYS: asymmetric: enforce SM2 signature use pkey algo
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
- tracing: Use a struct alignof to determine trace event field alignment
- ext4: check if directory block is within i_size (CVE-2022-1184)
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- ext4: fix warning in ext4_iomap_begin as race between bmap and write
- ext4: make sure ext4_append() always allocates new block
- ext4: fix use-after-free in ext4_xattr_set_entry
- ext4: update s_overhead_clusters in the superblock during an on-line
resize
- ext4: fix extent status tree race in writeback error recovery path
- ext4: correct max_inline_xattr_value_size computing
- ext4: correct the misjudgment in ext4_iget_extra_inode
- dm raid: fix address sanitizer warning in raid_resume
- dm raid: fix address sanitizer warning in raid_status
- KVM: Add infrastructure and macro to mark VM as bugged
- [x86] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC
irq (CVE-2022-2153)
- [x86] KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (CVE-2022-2153)
- mac80211: fix a memory leak where sta_info is not freed
- tcp: fix over estimation in sk_forced_mem_schedule()
- Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv"
- [arm*] drm/vc4: change vc4_dma_range_matches from a global to static
- Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
- [x86] kvm: x86/pmu: Fix the compare function used by the pmu event filter
- [arm64] tee: add overflow check in register_shm_helper()
- net/9p: Initialize the iounit field during fid creation
- net_sched: cls_route: disallow handle of 0
- sched/fair: Fix fault in reweight_entity
- btrfs: only write the sectors in the vertical stripe which has data
stripes
- btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.138
- ALSA: info: Fix llseek return value when using callback
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
- [x86] mm: Use proper mask when setting PUD mapping
- rds: add missing barrier to release_refill
- ata: libata-eh: Add missing command name
- [arm64] mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
- btrfs: fix lost error handling when looking up extended ref on log replay
- tracing: Have filter accept "common_cpu" to be consistent
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
- can: ems_usb: fix clang's -Wunaligned-access warning
- apparmor: fix quiet_denied for file rules
- apparmor: fix absroot causing audited secids to begin with =
- apparmor: Fix failed mount permission check error message
- apparmor: fix aa_label_asxprint return check
- apparmor: fix setting unconfined mode on a loaded profile
- apparmor: fix overlapping attachment computation
- apparmor: fix reference count leak in aa_pivotroot()
- apparmor: Fix memleak in aa_simple_write_to_buffer()
- Documentation: ACPI: EINJ: Fix obsolete example
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
- NFSv4: Fix races in the legacy idmapper upcall
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES
- NFSv4/pnfs: Fix a use-after-free bug in open
- bpf: Acquire map uref in .init_seq_private for array map iterator
- bpf: Acquire map uref in .init_seq_private for hash map iterator
- bpf: Acquire map uref in .init_seq_private for sock local storage map
iterator
- bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
- bpf: Check the validity of max_rdwr_access for sock local storage map
iterator
- can: mcp251x: Fix race condition on receive interrupt
- [amd64,arm64] net: atlantic: fix aq_vec index out of range error
- sunrpc: fix expiry of auth creds
- SUNRPC: Reinitialise the backchannel request buffers before reuse
- virtio_net: fix memory leak inside XPD_TX with mergeable
- devlink: Fix use-after-free after a failed reload
- [arm64] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
- [arm64,armhf] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
- geneve: do not use RT_TOS for IPv6 flowlabel
- ipv6: do not use RT_TOS for IPv6 flowlabel
- [x86] plip: avoid rcu debug splat
- vsock: Fix memory leak in vsock_connect()
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
- ceph: use correct index when encoding client supported features
- ceph: don't leak snap_rwsem in handle_cap_grant
- nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
- xen/xenbus: fix return type in xenbus_file_read()
- atm: idt77252: fix use-after-free bugs caused by tst_timer
- geneve: fix TOS inheriting for ipv4
- [arm64] dpaa2-eth: trace the allocated address instead of page struct
- iavf: Fix adminq error handling
- netfilter: nf_tables: really skip inactive sets when allocating name
- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on
NFT_SET_OBJECT flag
- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is
specified
- [powerpc*] pci: Fix get_phb_number() locking
- [arm64,armhf] spi: meson-spicc: add local pow2 clock ops to preserve rate
between messages
- [arm64,armhf] net: dsa: mv88e6060: prevent crash on an unused port
- [arm64] net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet
counters
- net: genl: fix error path memory leak in policy dumping
- ice: Ignore EEXIST when setting promisc mode
- [arm64,armhf] i2c: imx: Make sure to unregister adapter on remove()
- regulator: pca9450: Remove restrictions for regulator-name
- i40e: Fix to stop tx_timeout recovery if GLOBR fails
- [arm64,armhf] fec: Fix timer capture timing in `fec_ptp_enable_pps()`
- [x86] stmmac: intel: Add a missing clk_disable_unprepare() call in
intel_eth_pci_remove()
- igb: Add lock to avoid data race
- kbuild: fix the modules order between drivers and libs
- locking/atomic: Make test_and_*_bit() ordered on failure
- [x86] ASoC: SOF: intel: move sof_intel_dsp_desc() forward
- [arm64] drm/meson: Fix refcount bugs in
meson_vpu_has_available_connectors()
- audit: log nftables configuration change events once per table
- netfilter: nftables: add helper function to set the base sequence number
- netfilter: add helper function to set up the nfnetlink header and use it
- [armhf] drm/sun4i: dsi: Prevent underflow when computing packet sizes
- PCI: Add ACS quirk for Broadcom BCM5750x NICs
- [arm64,armhf] platform/chrome: cros_ec_proto: don't show MKBP version if
unsupported
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info
- [arm64,armhf] irqchip/tegra: Fix overflow implicit truncation warnings
- [arm64] drm/meson: Fix overflow implicit truncation warnings
- [armhf] clk: ti: Stop using legacy clkctrl names for omap4 and 5
- [arm*] usb: dwc2: gadget: remove D+ pull-up while no vbus with
usb-role-switch
- [x86] vboxguest: Do not use devm for irq
- uacce: Handle parent device removal or parent driver module rmmod
- zram: do not lookup algorithm in backends table
- [arm64] clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
input
- gadgetfs: ep_io - wait until IRQ finishes
- [x86] pinctrl: intel: Check against matching data instead of ACPI
companion
- [powerpc*] cxl: Fix a memory leak in an error handling path
- [arm64] PCI/ACPI: Guard ARM64-specific mcfg_quirks
- RDMA/rxe: Limit the number of calls to each tasklet
- md: Notify sysfs sync_completed in md_reap_sync_thread()
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue
teardown
- drivers:md:fix a potential use-after-free bug
- ext4: avoid remove directory when directory is corrupted
- ext4: avoid resizing to a partial cluster size
- lib/list_debug.c: Detect uninitialized lists
- vfio: Clear the caps->buf to NULL after free
- [mips64el,mipsel] cavium-octeon: Fix missing of_node_put() in
octeon2_usb_clocks_start
- modules: Ensure natural alignment for .altinstructions and __bug_table
sections
- watchdog: export lockup_detector_reconfigure
- ALSA: core: Add async signal helpers
- ALSA: timer: Use deferred fasync helper
- ALSA: control: Use deferred fasync helper
- f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
- f2fs: fix to do sanity check on segment type in build_sit_entries()
- smb3: check xattr value length earlier
- [powerpc*] 64: Init jump labels before parse_early_param()
- netfilter: nftables: fix a warning message in
nf_tables_commit_audit_collect()
- netfilter: nf_tables: fix audit memory leak in nf_tables_commit
- tracing/probes: Have kprobes and uprobes use $COMM too
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE
with netdev_warn_once()
- can: j1939: j1939_session_destroy(): fix memory leak of skbs
- PCI/ERR: Retain status from error notification
- qrtr: Convert qrtr_ports from IDR to XArray
- bpf: Fix KASAN use-after-free Read in compute_effective_progs
- [arm64] tee: fix memory leak in tee_shm_register()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.139
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.140
- audit: fix potential double free on error path from
fsnotify_add_inode_mark
- pinctrl: amd: Don't save/restore interrupt status and wake status bits
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
- fs: remove __sync_filesystem
- vfs: make sync_filesystem return errors from ->sync_fs
- xfs: return errors in xfs_fs_sync_fs
- xfs: only bother with sync_filesystem during readonly remount
- kernel/sched: Remove dl_boosted flag comment
- xfrm: fix refcount leak in __xfrm_policy_check()
- xfrm: clone missing x->lastused in xfrm_do_migrate
- af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028)
- xfrm: policy: fix metadata dst->dev xmit null pointer dereference
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
- NFSv4.2 fix problems with __nfs42_ssc_open
- SUNRPC: RPC level errors should set task->tk_rpc_status
- mm/huge_memory.c: use helper function migration_entry_to_page()
- mm/smaps: don't access young/dirty bit if pte unpresent
- rose: check NULL rose_loopback_neigh->loopback
- ice: xsk: Force rings to be sized to power of 2
- ice: xsk: prohibit usage of non-balanced queue id
- net/mlx5e: Properly disable vlan strip on non-UL reps
- bonding: 802.3ad: fix no transmission of LACPDUs
- net: ipvtap - add __init/__exit annotations to module init/exit funcs
- netfilter: ebtables: reject blobs that don't provide all entry points
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
- netfilter: nft_payload: report ERANGE for too long offset and length
- netfilter: nft_payload: do not truncate csum_offset and csum_type
- netfilter: nf_tables: do not leave chain stats enabled on error
- netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
- netfilter: nft_tunnel: restrict it to netdev family
- netfilter: nftables: remove redundant assignment of variable err
- netfilter: nf_tables: consolidate rule verdict trace call
- netfilter: nft_cmp: optimize comparison for 16-bytes
- netfilter: bitwise: improve error goto labels
- netfilter: nf_tables: upfront validation of data via nft_data_init()
- netfilter: nf_tables: disallow jump to implicit chain from set element
- netfilter: nf_tables: disallow binding to already bound chain
(CVE-2022-39190)
- tcp: tweak len/truesize ratio for coalesce candidates
- net: Fix data-races around sysctl_[rw]mem(_offset)?.
- net: Fix data-races around sysctl_[rw]mem_(max|default).
- net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
- net: Fix data-races around netdev_max_backlog.
- net: Fix data-races around netdev_tstamp_prequeue.
- ratelimit: Fix data-races in ___ratelimit().
- bpf: Folding omem_charge() into sk_storage_charge()
- net: Fix data-races around sysctl_optmem_max.
- net: Fix a data-race around sysctl_tstamp_allow_data.
- net: Fix a data-race around sysctl_net_busy_poll.
- net: Fix a data-race around sysctl_net_busy_read.
- net: Fix a data-race around netdev_budget.
- net: Fix a data-race around netdev_budget_usecs.
- net: Fix data-races around sysctl_fb_tunnels_only_for_init_net.
- net: Fix data-races around sysctl_devconf_inherit_init_net.
- net: Fix a data-race around sysctl_somaxconn.
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
- rxrpc: Fix locking in rxrpc's sendmsg
- btrfs: fix silent failure when deleting root reference
- btrfs: replace: drop assert for suspended replace
- btrfs: add info when mount fails due to stale replace target
- btrfs: check if root is readonly while setting security xattr
- [x86] perf/x86/lbr: Enable the branch type for the Arch LBR by default
- [amd64] x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
- [x86] bugs: Add "unknown" reporting for MMIO Stale Data
- loop: Check for overflow while configuring loop
- asm-generic: sections: refactor memory_intersects
- [s390x] fix double free of GS and RI CBs on fork() failure
- [x86] ACPI: processor: Remove freq Qos request for all CPUs
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
- mm/hugetlb: fix hugetlb not supporting softdirty tracking
- Revert "md-raid: destroy the bitmap after destroying the thread"
- md: call __md_stop_writes in md_stop
- [arm64] Fix match_list for erratum 1286807 on Arm Cortex-A76
- Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- blk-mq: fix io hung due to missing commit_rqs
- [x86] perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
- [x86] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
- bpf: Don't use tnum_range on array range checking for poke descriptors
(CVE-2022-2905)
.
[ Salvatore Bonaccorso ]
* Bump ABI to 18
* certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux"
certificate (Closes: #1018752)
* [x86] nospec: Unwreck the RSB stuffing
* [x86] nospec: Fix i386 RSB stuffing (Closes: #1017425)
* mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188)
* Revert "PCI/portdrv: Don't disable AER reporting in
get_port_device_capability()"
* bpf: Don't redirect packets with invalid pkt_len
* mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
* net/af_packet: check len when min_header_len equals to 0
Checksums-Sha1:
e8c0f95fbba96a98ddc9cbaa12aef24a37e3f4f6 42421 linux-5.10_5.10.149-2~deb10u1.dsc
3faa70854998ee99b726bc5325495a1b6d688255 121760420 linux-5.10_5.10.149.orig.tar.xz
3e814cb2ea3e1ea1a47648f542700ab62d7db90a 1530240 linux-5.10_5.10.149-2~deb10u1.debian.tar.xz
4e08fe4328508376cfc295de63ba44caaa288fcf 13716 linux-5.10_5.10.149-2~deb10u1_source.buildinfo
Checksums-Sha256:
cd8b51b1ceafcc042c06f0453b1ee1ed8bd833548ac47ffe45c0373b2accfc92 42421 linux-5.10_5.10.149-2~deb10u1.dsc
3b39e80fcb2664d07c043d9702434ea6b25e65d520dd42de3542097b0077c635 121760420 linux-5.10_5.10.149.orig.tar.xz
d0eae0fce7e89bea043a5192398be8fd49f56833a7d27a5b4fa7e00113fda63f 1530240 linux-5.10_5.10.149-2~deb10u1.debian.tar.xz
d39c71b31d00257e52c2440b42b71dc789de1228ce546f2027afebd81489300d 13716 linux-5.10_5.10.149-2~deb10u1_source.buildinfo
Files:
d371e06297fb13063b59578bf2d0cbc0 42421 kernel optional linux-5.10_5.10.149-2~deb10u1.dsc
95abcf88e1ba3924656e41a29f148e4c 121760420 kernel optional linux-5.10_5.10.149.orig.tar.xz
408cfbb9e868e8f29a38ab423954b92e 1530240 kernel optional linux-5.10_5.10.149-2~deb10u1.debian.tar.xz
f4aca8466d4cfddf84474dd4a5b638e6 13716 kernel optional linux-5.10_5.10.149-2~deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmNdPIkACgkQ57/I7JWG
EQnmyA//TMJPdklEzh//0Yl7uO/oOtuR23p7YdAKeiEe5zmyhBG0ZGGQimGWsMpY
FG8J32vDEpThvN8bSTupwR9K7cBt6YBUSJHh/OHEWu4wWsv5vHBxXUBMZ5Gcx2+r
I2LGRzNJ6B0SG074lgx/YRusNOcI5oKoMYxm6V3n3ECsbyNWv9PaWRcHSe95X6x9
81X1AfCTanGP2DDJXiCW81OiRYonzV3Ow/qyZKtR0kHzkyPtmztClSoBCxmvhL0c
09OEXVosK/l9vtQQzXzy9LIqcgSakoe2DiNH4AhLpiz7k8QBUbbFN7eNbO3W6Uvk
kwiF6wXWEQNTx4A/9wjve3AXfYRpPEPEKWMbBRXA4kt+sn0SW/vnDOQAmmZUzzyd
6ugoAO9IF0AuNpl3udVfo/wuTtMV+ZCiZxCuJJCtdI8QJH2Gm6eSIerloqTYd24r
cpx5lgeHvsGFgIW73anH/FmwIZoYr4GPe9Iv+oyMsrLRQUDkxaRnX5cFWRDXcpXU
WmZElriD9qE84HJWHqQZ1zphL33EP54PHCW9bhCPd/FRqoWxo5Lr+b1MRdE0/sTr
VvnysQ9WJHnUwSzDkBWTTbOovLxII901sS07U2NjayBxUOLgoTXNpDzYgHq133eX
t+wxKkWTb3317jYwiPzMyMpTBaTT0zf+LglAY+KdB41QASxLNMc=
=30/y
-----END PGP SIGNATURE-----
Reply to: