Accepted linux-signed-arm64 4.19.232+1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 07 Mar 2022 22:13:16 +0100
Source: linux-signed-arm64
Architecture: source
Version: 4.19.232+1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-arm64 (4.19.232+1) buster-security; urgency=high
.
* Sign kernel from linux 4.19.232-1
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209
- ocfs2: drop acl cache for directories too
- [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
- [armhf] usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned()
- cifs: fix incorrect check for null pointer in header_assemble
- [x86] xen/x86: fix PV trap handling on secondary processors
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
- USB: cdc-acm: fix minor-number release
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
- USB: serial: mos7840: remove duplicated 0xac24 device ID
- USB: serial: option: add Telit LN920 compositions
- USB: serial: option: remove duplicate USB device ID
- USB: serial: option: add device id for Foxconn T99W265
- [arm64] serial: mvebu-uart: fix driver's tx_empty callback
- net: hso: fix muxed tty registration
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
- net/smc: add missing error check in smc_clc_prfx_set()
- net/mlx4_en: Don't allow aRFS for encapsulated packets
- scsi: iscsi: Adjust iface sysfs attr detection
- [x86] tty: synclink_gt, drop unneeded forward declarations
- [x86] tty: synclink_gt: rename a conflicting function name
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies()
- [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error
- md: fix a lock order reversal in md_alloc
- blktrace: Fix uaf in blk_trace access after removing by sysfs
- [arm64,armhf] net: stmmac: allow CSR clock of 300MHz
- xen/balloon: use a kernel thread instead a workqueue
- nvme-multipath: fix ANA state updates when a namespace is not present
- qnx4: avoid stringop-overread errors
- [arm64] Mark __stack_chk_guard as __ro_after_init
- net: 6pack: Fix tx timeout and slot time
- [arm64] PCI: aardvark: Fix checking for PIO status
- tcp: address problems caused by EDT misshaps
- tcp: always set retrans_stamp on recovery
- tcp: create a helper to model exponential backoff
- tcp: adjust rto_base in retransmits_timed_out()
- xen/balloon: fix balloon kthread freezing
- tty: Fix out-of-bound vmalloc access in imageblit
- cpufreq: schedutil: Use kobject release() method to free sugov_tunables
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
- mac80211: fix use-after-free in CCMP/GCMP RX
- [x86] kvmclock: Move this_cpu_pvti into kvmclock.h
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
- sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
- hwmon: (tmp421) Replace S_<PERMS> with octal values
- hwmon: (tmp421) report /PVLD condition as fault
- hwmon: (tmp421) fix rounding for negative values
- e100: fix length calculation in e100_get_regs_len
- e100: fix buffer overrun in e100_get_regs
- Revert "block, bfq: honor already-setup queue merges"
- scsi: csiostor: Add module softdep on cxgb4
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(CVE-2021-4203)
- elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
- ext4: fix potential infinite loop in ext4_dx_readdir()
- net: udp: annotate data race around udp_sk(sk)->corkflag
- [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header
- [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link()
- [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support
- [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE
- [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(CVE-2021-3744, CVE-2021-3764)
- HID: betop: fix slab-out-of-bounds Write in betop_probe
- netfilter: ipset: Fix oversized kvmalloc() calls
- HID: usbhid: free raw_report buffers in usbhid_stop
- cred: allow get_cred() and put_cred() to be given NULL.
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210
- net: mdio: introduce a shutdown method to mdio device drivers
- xen-netback: correct success/error reporting for the SKB-with-fraglist
case
- scsi: sd: Free scsi_disk device via put_device()
- [arm*] usb: dwc2: check return value after calling platform_get_resource()
- scsi: ses: Retry failed Send/Receive Diagnostic commands
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
- lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211
- USB: cdc-acm: fix racy tty buffer accesses
- USB: cdc-acm: fix break reporting
- xen/privcmd: fix error handling in mmap-resource processing
- ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321)
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
- xen/balloon: fix cancelled balloon action
- [armhf] dts: omap3430-sdp: Fix NAND device node
- [mips,mipsel] bpf, mips: Validate conditional branch offsets
(CVE-2021-38300)
- [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
(CVE-2021-41864)
- phy: mdio: fix memory leak
- net_sched: fix NULL deref in fifo_set_limit()
- [i386] ptp_pch: Load module automatically if ID matches
- [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff
sequence
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
- [arm64,armhf] net: sfp: Fix typo in state machine debug string
- netlink: annotate data races around nlk->bound
- drm/nouveau/debugfs: fix file release memory leak
- rtnetlink: fix if_nlmsg_stats_size() under estimation
- i40e: fix endless loop under rtnl
- i40e: Fix freeing of uninitialized misc IRQ vector
- i2c: acpi: fix resource leak in reconfiguration device addition
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212
- [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
- netfilter: ip6_tables: zero-initialize fragment offset
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
- net: prevent user from passing illegal stab size
- mac80211: check return value of rhashtable_init
- scsi: ses: Fix unsigned comparison with less than zero
- scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
- [x86] perf/x86: Reset destroy callback on event init failure
- sched: Always inline is_percpu_thread()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213
- ALSA: seq: Fix a potential UAF by wrong private_free call order
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G
- ALSA: hda/realtek - ALC236 headset MIC recording issue
- [s390x] fix strrchr() implementation
- btrfs: deal with errors when replaying dir entry during log replay
- btrfs: deal with errors when adding inode reference during log replay
- btrfs: check for error when looking up inode during dir entry replay
- [x86] mei: me: add Ice Lake-N device id.
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
- xhci: Fix command ring pointer corruption while aborting a command
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
- cb710: avoid NULL pointer subtraction
- [arm64,x86] efi/cper: use stack buffer for error record decoding
- efi: Change down_interruptible() in virt_efi_reset_system() to
down_trylock()
- [armhf] usb: musb: dsps: Fix the probe error path
- Input: xpad - add support for another USB ID of Nacon GC-100
- USB: serial: qcserial: add EM9191 QDL support
- USB: serial: option: add Quectel EC200S-CN module support
- USB: serial: option: add Telit LE910Cx composition 0x1204
- USB: serial: option: add prod. id for Quectel EG91
- virtio: write back F_VERSION_1 before validate
- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
- sctp: account stream padding length for reconf chunk (CVE-2022-0322)
- ethernet: s2io: fix setting mac address during resume
- nfc: fix error handling of nfc_proto_register()
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
- [i386] pata_legacy: fix a couple uninitialized variable bugs
- [arm64] drm/msm: Fix null pointer dereference on pointer edp
- [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
- [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
- [arm64] acpi/arm64: fix next_platform_timer() section mismatch error
- mqprio: Correct stats in mqprio_dump_class_stats().
- qed: Fix missing error code in qed_slowpath_start()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214
- NFSD: Keep existing listeners on portlist error
- netfilter: ipvs: make global sysctl readonly in non-init netns
- [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0
- [arm64] net: hns3: disable sriov before unload hclge layer
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
notification
- can: peak_pci: peak_pci_remove(): fix UAF
- ocfs2: fix data corruption after conversion from inline format
- ocfs2: mount fails with buffer overflow in strlen
- vfs: check fd has read access in kernel_read_file_from_fd()
(CVE-2022-0644)
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
- ALSA: hda/realtek: Add quirk for Clevo PC50HS
- ASoC: DAPM: Fix missing kctl change notifications
- mm, slub: fix mismatch between reconstructed freelist depth and cnt
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760)
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(CVE-2021-43389)
- btrfs: deal with errors when checking if a dir entry exists during log
replay
- [arm64,armhf] net: stmmac: add support for dwmac 3.40a
- isdn: mISDN: Fix sleeping function called from invalid context
- ALSA: hda: avoid write to STATESTS if controller is in reset
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
- net: mdiobus: Fix memory leak in __mdiobus_register
- tracing: Have all levels of checks prevent recursion
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215
- [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype
- [powerpc*] bpf: Fix BPF_MOD when imm == 1
- [arm64] Avoid premature usercopy failure
- usbnet: sanity check for maxpacket
- usbnet: fix error return code in usbnet_probe()
- ata: sata_mv: Fix the error handling of mv_chip_id()
- nfc: port100: fix using -ERRNO as command type mask
- Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322)
- ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322)
- ipv6: make exception cache less predictible (CVE-2021-20322)
- mmc: vub300: fix control-message timeouts
- mmc: cqhci: clear HALT state after CQE enable
- [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330
- [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset
standard tuning circuit
- net: lan78xx: fix division by zero in send path
- RDMA/mlx5: Set user priority for DCT
- [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
- regmap: Fix possible double-free in regcache_rbtree_exit()
- net: batman-adv: fix error handling
- net: Prevent infinite while loop in skb_tx_hash()
- net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume
fails
- net: ethernet: microchip: lan743x: Fix dma allocation failure by using
dma_set_mask_and_coherent
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772)
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772)
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772)
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772)
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216
- scsi: core: Put LLD module refcnt after SCSI device is released
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
(CVE-2021-42739)
- IB/qib: Use struct_size() helper
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
- sfc: Fix reading non-legacy supported link modes
- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
- [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217
- [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes"
- usb: ehci: handshake CMD_RUN instead of STS_HALT
- [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue
- usb-storage: Add compatibility quirk flags for iODD 2531/2541
- printk/console: Allow to disable console output by using console="" or
console=null
- isofs: Fix out of bound access for corrupted isofs image
- [x86] comedi: dt9812: fix DMA buffers on stack
- [x86] comedi: ni_usb6501: fix NULL-deref in command paths
- [x86] comedi: vmk80xx: fix transfer-buffer overflows
- [x86] comedi: vmk80xx: fix bulk-buffer overflow
- [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts
- staging: r8712u: fix control-message timeout
- [x86] staging: rtl8192u: fix control-message timeouts
- rsi: fix control-message timeout
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
delay
- binder: use euid from cred instead of using task
- binder: use cred instead of task for selinux checks
- Input: elantench - fix misreporting trackpoint coordinates
(Closes: #989285)
- libata: fix read log timeout value
- ocfs2: fix data corruption on truncate
- [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error
- tpm: Check for integer overflow in tpm2_map_response_body()
- [x86] media: ite-cir: IR receiver stop working after receive overflow
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
(Closes: #994050)
- ALSA: hda/realtek: Add quirk for Clevo PC70HS
- ALSA: ua101: fix division by zero at probe
- ALSA: 6fire: fix control and bulk message timeouts
- ALSA: line6: fix control and interrupt message timeouts
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400
- ALSA: synth: missing check for possible NULL after the call to kstrdup
- ALSA: timer: Fix use-after-free problem
- ALSA: timer: Unconditionally unlink slave instances, too
- [x86] irq: Ensure PI wakeup handler is unregistered before module unload
- [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails
- scsi: qla2xxx: Fix unmap of already freed sgl
- [arm64] cavium: Fix return values of the probe function
- sfc: Don't use netif_info before net_device setup
- [x86] hyperv/vmbus: include linux/bitops.h
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
- bpf: Prevent increasing bpf_jit_limit above max
- xen/netfront: stop tx queues during live migration
- [armhf] spi: spl022: fix Microwire full duplex mode
- [armhf] watchdog: Fix OMAP watchdog early handling
- [x86] vmxnet3: do not stop tx queues after netif_device_detach()
- btrfs: clear MISSING device status bit in btrfs_close_one_device
- btrfs: fix lost error handling when replaying directory deletes
- btrfs: call btrfs_check_rw_degradable only if there is a missing device
- [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO
DVS is disabled
- [armhf] regulator: dt-bindings: samsung,s5m8767: correct
s5m8767,pmic-buck-default-dvs-idx property
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
- [x86] mwifiex: fix division by zero in fw download path
- ath6kl: fix division by zero in send path
- ath6kl: fix control-message timeout
- ath10k: fix control-message timeout
- ath10k: fix division by zero in send path
- PCI: Mark Atheros QCA6174 to avoid bus reset
- rtl8187: fix control-message timeouts
- [arm64] wcn36xx: Fix HT40 capability for 2Ghz band
- mwifiex: Read a PCI register after writing the TX ring write pointer
- libata: fix checking of DMA state
- [arm64] wcn36xx: handle connection loss indication
- rsi: fix occasional initialisation failure with BT coex
- rsi: fix key enabled check causing unwanted encryption for vap_id > 0
- rsi: fix rate mask set leading to P2P failure
- rsi: Fix module dev_oper_mode parameter description
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
- signal: Remove the bogus sigkill_pending in ptrace_stop
- [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with
-EFAULT
- [x86] power: supply: max17042_battery: Prevent int underflow in
set_soc_threshold
- [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns
- serial: core: Fix initializing and restoring termios speed
- ALSA: mixer: oss: Fix racy access to slots
- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
- xen/balloon: add late_initcall_sync() for initial ballooning done
- [arm64] PCI: aardvark: Do not clear status bits of masked interrupts
- [arm64] PCI: aardvark: Do not unmask unused interrupts
- [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method
- [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
- quota: check block number when reading the block in quota file
- quota: correct error number in free_dqentry()
- pinctrl: core: fix possible memory leak in pinctrl_enable()
- iio: dac: ad5446: Fix ad5622_write() return value
- USB: serial: keyspan: fix memleak on probe errors
- USB: iowarrior: fix control-message timeouts
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640)
- Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752)
- [x86] platform/x86: wmi: do not fail if disabling fails
- locking/lockdep: Avoid RCU-induced noinstr fail
- net: sched: update default qdisc visibility after Tx queue cnt changes
- [x86] Increase exception stack sizes
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
- mwifiex: Properly initialize private structure on interface type changes
- media: netup_unidvb: handle interrupt properly according to the firmware
- media: uvcvideo: Set capability in s_param
- media: uvcvideo: Return -EIO for control errors
- media: mceusb: return without resubmitting URB in case of -EPROTO error.
- ACPICA: Avoid evaluating methods too early during system resume
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
- tracefs: Have tracefs directories not set OTH permission bits by default
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in
channel_detector_create()
- [x86] ACPI: battery: Accept charges over the design capacity as full
- memstick: r592: Fix a UAF bug when removing the driver
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place
decompression
- lib/xz: Validate the value before assigning it to an enum variable
- workqueue: make sysfs of unbound kworker cpumask more clever
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
- PM: hibernate: Get block device exclusively in swsusp_check()
- iwlwifi: mvm: disable RX-diversity in powersave
- gre/sit: Don't generate link-local addr if addr_gen_mode is
IN6_ADDR_GEN_MODE_NONE
- [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted
- task_stack: Fix end_of_stack() for architectures with upwards-growing
stack
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
- cgroup: Make rebind_subsystems() disable v2 controllers all at once
- drm/amdgpu: fix warning for overflow check
- media: em28xx: add missing em28xx_close_extension
- media: dvb-usb: fix ununit-value in az6027_rc_query
- media: si470x: Avoid card name truncation
- media: cx23885: Fix snd_card_free call on null card pointer
- cpuidle: Fix kobject memory leaks in error paths
- media: em28xx: Don't use ops->suspend if it is NULL
- ath9k: Fix potential interrupt storm on queue reset
- [x86] crypto: qat - detect PFVF collision after ACK
- [x86] crypto: qat - disregard spurious PFVF interrupts
- b43legacy: fix a lower bounds test
- b43: fix a lower bounds test
- [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not
configured
- memstick: jmb38x_ms: use appropriate free function in
jmb38x_ms_alloc_host()
- hwmon: Fix possible memleak in __hwmon_device_register()
- ath10k: fix max antenna gain unit
- [arm64] drm/msm: uninitialized variable in msm_gem_import()
- net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
- [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
- rsi: stop thread firstly in rsi_91x_init() error handling
- mwifiex: Send DELBA requests according to spec
- phy: micrel: ksz8041nl: do not use power down mode
- nvme-rdma: fix error code in nvme_rdma_setup_ctrl
- PM: hibernate: fix sparse warnings
- [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP
- [s390x] gmap: don't unconditionally call pte_unmap_unlock() in
__gmap_zap()
- tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
- [s390x] KVM: s390: Fix handle_sske page fault handling
- libertas_tf: Fix possible memory leak in probe and disconnect
- libertas: Fix possible memory leak in probe and disconnect
- [arm64] wcn36xx: add proper DMA memory barriers in rx path
- [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change
- [arm64,armhf] net: phylink: avoid mvneta warning when setting pause
parameters
- crypto: pcrypt - Delay write to padata->info
- RDMA/rxe: Fix wrong port_cap_flags
- scsi: dc395: Fix error case unwinding
- JFS: fix memleak in jfs_mount
- ALSA: hda: Reduce udelay() at SKL+ position reporting
- [arm64,armhf] soc/tegra: Fix an error handling path in
tegra_powergate_power_up()
- serial: 8250_dw: Drop wrong use of ACPI_PTR()
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
- RDMA/mlx4: Return missed an error if device doesn't support steering
- [arm64] phy: qcom-qusb2: Fix a memory leak on probe
- [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX
- [mips*] cm: Convert to bitfield API to fix out-of-bounds access
- apparmor: fix error check
- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
- drm/plane-helper: fix uninitialized variable reference
- [arm64] PCI: aardvark: Don't spam about PIO Response Status
- NFS: Fix deadlocks in nfs_scan_commit_list()
- fs: orangefs: fix error return code of orangefs_revalidate_lookup()
- [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
- netfilter: nfnetlink_queue: fix OOB when mac header was cleared
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
- [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
- scsi: qla2xxx: Fix gnl list corruption
- scsi: qla2xxx: Turn off target reset during issue_lip
- xen-pciback: Fix return in pm_ctrl_init()
- [armhf] net: davinci_emac: Fix interrupt pacing disable
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
zs_unregister_migration()
- zram: off by one in read_block_state()
- llc: fix out-of-bound array index in llc_sk_dev_hash()
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
- [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
- vsock: prevent unnecessary refcnt inc for nonblocking connect
- cxgb4: fix eeprom len when diagnostics not implemented
- [arm64,armhf] USB: chipidea: fix interrupt deadlock
- [armel,armhf] 9155/1: fix early early_iounmap()
- f2fs: should use GFP_NOFS for directory inodes
- 9p/net: fix missing error check in p9_check_errors
- [powerpc*] lib: Add helper to check if offset is within conditional branch
range
- [powerpc*] bpf: Validate branch ranges
- [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000
- [powerpc*] security: Add a helper to query stf_barrier type
- [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
- mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
- mm, oom: do not trigger out_of_memory from the #PF
- [armhf] backlight: gpio-backlight: Correct initial power state handling
- video: backlight: Drop maximum brightness override for brightness zero
- [s390x] cio: check the subchannel validity for dev_busid
- [s390x] tape: fix timer initialization in tape_std_assign()
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
- fuse: truncate pagecache on atomic_o_trunc
- [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL
- ext4: fix lazy initialization next schedule time computation in more
granular unit
- PCI/MSI: Destroy sysfs before freeing entries
- PCI/MSI: Deal with devices lying about their MSI mask capability
- PCI: Add MSI masking quirk for Nvidia ION AHCI
- [arm64] zynqmp: Do not duplicate flash partition label property
- [arm64] zynqmp: Fix serial compatible string
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
- [armhf] usb: musb: tusb6010: check return value after calling
platform_get_resource()
- [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
- [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
- scsi: advansys: Fix kernel pointer leak
- firmware_loader: fix pre-allocated buf built-in firmware use
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
- scsi: target: Fix ordered tag handling
- scsi: target: Fix alua_tg_pt_gps_count tracking
- [i386] ALSA: gus: fix null pointer dereference on pointer block
- f2fs: fix up f2fs_lookup tracepoints
- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
- iavf: check for null in iavf_fix_features
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
- [x86] platform/x86: hp_accel: Fix an error handling path in
'lis3lv02d_probe()'
- net: virtio_net_hdr_to_skb: count transport header in UFO
- i40e: Fix correct max_pkt_size on VF RX queue
- i40e: Fix NULL ptr dereference on VSI filter sync
- i40e: Fix changing previously set num_queue_pairs for PFs
- i40e: Fix display error code in dmesg
- NFC: reorganize the functions in nci_request
- [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake
Server
- [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
- tun: fix bonding active backup with arp monitoring
- ipc: WARN if trying to remove ipc object which is absent
- [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup
fails
- udf: Fix crash after seekdir
- btrfs: fix memory ordering between normal and ordered work functions
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
- drm/udl: fix control-message timeout
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
and dvi connectors
- perf/core: Avoid put_page() when GUP fails
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
- batman-adv: Consider fragmentation for needed_headroom
- batman-adv: Reserve needed_*room for fragments
- batman-adv: Don't always reallocate the fragmentation skb head
- RDMA/netlink: Add __maybe_unused to static inline in C file
- ASoC: DAPM: Cover regression by kctl change notification fix
- [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code
path
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219
- USB: serial: option: add Telit LE910S1 0x9200 composition
- USB: serial: option: add Fibocom FM101-GL variants
- [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal
- usb: hub: Fix usb enumeration issue due to address0 race
- usb: hub: Fix locking issues with address0_mutex
- [arm*] binder: fix test regression due to sender_euid change
- ALSA: ctxfi: Fix out-of-range access
- media: cec: copy sequence field for the reply
- HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
- [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
- fuse: fix page stealing
- xen: don't continue xenstore initialization in case of errors
- xen: detect uninitialized xenbus in xenbus_init
- tracing: Fix pid filtering when triggers are attached
- proc/vmcore: fix clearing user buffer by properly using clear_user()
- [arm64] PCI: aardvark: Fix a leaked reference by adding missing
of_node_put()
- [arm64] PCI: aardvark: Wait for endpoint to be ready before training link
- [arm64] PCI: aardvark: Train link immediately after enabling training
- [arm64] PCI: aardvark: Improve link training
- [arm64] PCI: aardvark: Issue PERST via GPIO
- [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h
macros
- [arm64] PCI: aardvark: Indicate error in 'val' when config read fails
- [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected
- [arm64] PCI: aardvark: Fix compilation on s390
- [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
- [arm64] PCI: aardvark: Update comment about disabling link training
- [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property
- [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting
- [arm64] PCI: aardvark: Fix link training
- [arm64] PCI: aardvark: Fix checking for link up via LTSSM state
- [arm64] pinctrl: armada-37xx: Correct mpp definitions
- [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup
- [arm64] pinctrl: armada-37xx: Correct PWM pins definitions
- [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
- netfilter: ipvs: Fix reuse connection if RS weight is 0
- [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
- net: ieee802154: handle iftypes as u32
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
- [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
- [arm*] drm/vc4: fix error code in vc4_create_object()
- ipv6: fix typos in __ip6_finish_output()
- net/smc: Ensure the active closing peer first closes clcsock
- PM: hibernate: use correct mode for swsusp_close()
- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
flows
- net/smc: Don't call clcsock shutdown twice when smc shutdown
- [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs
- vhost/vsock: fix incorrect used length reported to the guest
- tracing: Check pid filtering when creating events
- [s390x] mm: validate VMA in PGSTE manipulation functions
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002)
- NFC: add NCI_UNREG flag to eliminate the race
- fuse: release pipe buf after last use
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
- xen/blkfront: read response from backend only once
- xen/blkfront: don't take local copy of a request from the ring page
- xen/blkfront: don't trust the backend response data blindly
- xen/netfront: read response from backend only once
- xen/netfront: don't read data from request on the ring page
- xen/netfront: disentangle tx_skb_freelist
- xen/netfront: don't trust the backend response data blindly
- tty: hvc: replace BUG_ON() with negative return value
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
- shm: extend forced shm destroy to support objects from several IPC nses
- NFSv42: Fix pagecache invalidation after COPY/CLONE
- gfs2: Fix length of holes reported at end-of-file
- [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
(CVE-2021-43975)
- net: return correct error code
- [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3
deep
- [s390x] setup: avoid using memblock_enforce_memory_limit
- btrfs: check-integrity: fix a warning on write caching disabled disk
- thermal: core: Reset previous low and high trip during thermal zone init
- scsi: iscsi: Unblock session then wake up error handler
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
- [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array
overflow in hns_dsaf_ge_srst_by_port()
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
- kprobes: Limit max data_size of the kretprobe instances
- ipmi: Move remove_work to dedicated workqueue
- fs: add fget_many() and fput_many()
- fget: check that the fd still exists after getting a ref to it
(CVE-2021-4083)
- net: qlogic: qlcnic: Fix a NULL pointer dereference in
qlcnic_83xx_add_rings()
- net: mpls: Fix notifications when deleting a device
- siphash: use _unaligned version by default
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no
IRQ is available
- net: annotate data-races on txq->xmit_lock_owner
- net/rds: correct socket tunable error in rds_tcp_tune()
- net/smc: Keep smc_close_final rc during active close
- [arm64] drm/msm: Do hw_init() before capturing GPU state
- vgacon: Propagate console boot parameters before calling `vc_resize'
- xhci: Fix commad ring abort, write all 64 bits to CRCR register.
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
- [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
- [amd64] mm: Map all kernel memory into trampoline_pgd
- [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support
- [arm64] serial: pl011: Add ACPI SBSA UART match id
- serial: core: fix transmit-buffer reset and memleak
- ipmi: msghandler: Make symbol 'remove_work_wq' static
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221
- HID: add hid_is_usb() function to make it simpler for USB detection
- HID: wacom: fix problems when device is not a valid USB device
- HID: check for valid USB device for many HID drivers
- can: kvaser_usb: get CAN clock frequency from device
- [x86] can: sja1000: fix use after free in ems_pcmcia_add_card()
- net: core: netlink: add helper refcount dec and lock function
- net: sched: rename qdisc_destroy() to qdisc_put()
- net: sched: extend Qdisc with rcu
- net: sched: add helper function to take reference to Qdisc
- net: sched: use Qdisc rcu API instead of relying on rtnl lock
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
- bpf: Fix the off-by-two error in range markings
- ice: ignore dropped packets during init
- bonding: make tx_rebalance_counter an atomic
- nfp: Fix memory leak in nfp_cpp_area_cache_add()
- seg6: fix the iif in the IPv6 socket control block
- udp: using datalen to cap max gso segments
- [amd64] IB/hfi1: Correct guard on eager buffer deallocation
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
- ALSA: ctl: Fix copy of updated id with element read/write
- ALSA: pcm: oss: Fix negative period/buffer sizes
- ALSA: pcm: oss: Limit the period size to 16MB
- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
- tracefs: Have new files inherit the ownership of their parent
- [arm64] clk: qcom: regmap-mux: fix parent clock lookup
- [i386] can: pch_can: pch_can_rx_normal: fix use after free
- libata: add horkage for ASMedia 1092
- wait: add wake_up_pollfree()
- binder: use wake_up_pollfree()
- signalfd: use wake_up_pollfree()
- aio: keep poll requests on waitqueue until completed
- aio: fix use-after-free due to missing POLLFREE handling
- tracefs: Set all files to the same group ownership as the mount option
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
- qede: validate non LSO skb length
- i40e: Fix pre-set max number of queues for VF
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
- [armhf] net: fec: only clear interrupt of handling queue in
fec_enet_rx_queue()
- net, neigh: clear whole pneigh_entry at alloc time
- net/qla3xxx: fix an error code in ql_adapter_up()
- USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685)
- USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685)
- usb: core: config: fix validation of wMaxPacketValue entries
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
suspending
- usb: core: config: using bit mask instead of individual bits
- xhci: avoid race between disable slot command and host runtime suspend
- iio: trigger: Fix reference counting
- [armhf] iio: mma8452: Fix trigger reference couting
- [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on
AXP22x
- [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
- [armhf] irqchip/armada-370-xp: Fix return value of
armada_370_xp_msi_alloc()
- [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
- [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing
INVALL
- net_sched: fix a crash in tc_new_tfilter()
- net: sched: make function qdisc_free_cb() static
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- stable: clamp SUBLEVEL in 4.19
- nfc: fix segfault in nfc_genl_dump_devices_done
- [arm64] drm/msm/dsi: set default num_data_lanes
- net/mlx4_en: Update reported link modes for 1/10G
- [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag
- net: netlink: af_netlink: Prevent empty skb by adding a check on len.
- tracing: Fix a kmemleak false positive in tracing_map
- [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error
- mac80211: send ADDBA requests using the tid/queue of the aggregation
session
- dm btree remove: fix use after free in rebalance_children()
- audit: improve robustness of the audit queue handling
- nfsd: fix use-after-free due to delegation race (Closes: #988044)
- [x86] sme: Explicitly map new EFI memmap table as encrypted
- mac80211: track only QoS data frames for admission control
- [armhf] socfpga: dts: fix qspi node compatible
- sch_cake: do not call cake_destroy() from cake_init()
- rds: memory leak in __rds_conn_create() (CVE-2021-45480)
- [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning
- igb: Fix removal of unicast MAC filters of VFs
- igbvf: fix double free in `igbvf_probe`
- ixgbe: set X550 MDIO speed before talking to PHY
- netdevsim: Zero-initialize memory for new map's value in function
nsim_bpf_map_alloc (CVE-2021-4135)
- net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600)
- sit: do not call ipip6_dev_free() from sit_init_net()
- USB: gadget: bRequestType is a bitfield, not a enum
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
- PCI/MSI: Mask MSI-X vectors only on success
- USB: serial: cp210x: fix CP2105 GPIO registration
- USB: serial: option: add Telit FN990 compositions
- timekeeping: Really make sure wall_to_monotonic isn't positive
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
- mac80211: validate extended element ID is present
- [armel] 8805/2: remove unneeded naked function usage
- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
- Input: touchscreen - avoid bitwise vs logical OR warning
- media: mxl111sf: change mutex_init() location
- fuse: annotate lock in fuse_reverse_inval_entry()
- ovl: fix warning in ovl_create_real()
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select()
- xen/blkfront: harden blkfront against event channel storms
(CVE-2021-28711)
- xen/netfront: harden netfront against event channel storms
(CVE-2021-28712)
- xen/console: harden hvc_xen against event channel storms (CVE-2021-28713)
- xen/netback: fix rx queue stall detection (CVE-2021-28714)
- xen/netback: don't queue unlimited number of packages (CVE-2021-28715)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223
- net: usb: lan78xx: add Allied Telesis AT29M2-AF
- block, bfq: improve asymmetric scenarios detection
- block, bfq: fix asymmetric scenarios detection
- block, bfq: fix decrement of num_active_groups
- block, bfq: fix queue removal from weights tree
- block, bfq: fix use after free in bfq_bfqq_expire
- HID: holtek: fix mouse probing
- [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode
- [arm64] spi: change clk_disable_unprepare to clk_unprepare
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
- netfilter: fix regression in looped (broad|multi)cast's MAC handling
- qlcnic: potential dereference null pointer of rx_queue->page_ring
- net: accept UFOv6 packages in virtio_net_hdr_to_skb
- net: skip virtio_net_hdr_set_proto if protocol already set
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
- bonding: fix ad_actor_system option setting to default
- [amd64] fjes: Check for error irq
- [armhf] drivers: net: smc911x: Check for error irq
- sfc: falcon: Check null pointer of rx_queue->page_ring
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function
- ALSA: jack: Check the return value of kstrdup()
- ALSA: drivers: opl3: Fix incorrect use of vp->state
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
- ipmi: bail out if init_srcu_struct fails
- ipmi: fix initialization when workqueue allocation fails
- [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT
- [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
(CVE-2021-45469)
- usb: gadget: u_ether: fix race in setting MAC address in setup phase
- [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
- hwmon: (lm90) Do not report 'busy' status bit as alarm
- ax25: NPD bug when detaching AX25 device
- hamradio: defer ax25 kfree after unregister_netdev
- hamradio: improve the incomplete fix to avoid NPD
- phonet/pep: refuse to enable an unbound pipe
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224
- [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733)
- Input: i8042 - add deferred probe support
- [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA
- [x86] platform/x86: apple-gmux: use resource_size() with res
- selinux: initialize proto variable in selinux_ip_postroute_compat()
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
- udp: using datalen to cap ipv6 udp max gso segments
- sctp: use call_rcu to free endpoint
- net: usb: pegasus: Do not drop long Ethernet frames
- net/mlx5e: Fix wrong features assignment in case of error
- i2c: validate user data in compat ioctl
- nfc: uapi: use kernel size_t to fix user-space builds
- uapi: fix linux/nfc.h userspace compilation errors
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
- [arm*] binder: fix async_free_space accounting for empty parcels
- [x86] scsi: vmw_pvscsi: Set residual data length conditionally
- Input: appletouch - initialize work before device registration
- Input: spaceball - fix parsing of movement data packets
- net: fix use-after-free in tw_timer_handler
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
- tracing: Tag trace_percpu_buffer as a percpu pointer
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
- RDMA/core: Don't infoleak GRH fields
- mac80211: initialize variable have_higher_than_11mbit
- i40e: fix use-after-free in i40e_sync_filters_subtask()
- i40e: Fix incorrect netdev's real number of RX/TX queues
- ipv6: Check attribute length for RTA_GATEWAY in multipath route
- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
(CVE-2021-4155)
- rndis_host: support Hytera digital radios
- phonet: refcount leak in pep_sock_accep (CVE-2021-45095)
- ipv6: Continue processing multipath route even if gateway attribute is
invalid
- ipv6: Do cleanup if attribute validation fails in multipath route
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
- net: udp: fix alignment problem in udp4_seq_show()
- mISDN: change function names to avoid conflicts
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226
- Bluetooth: bfusb: fix division by zero in send path
- USB: core: Fix bug in resuming hub's handling of wakeup requests
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
- can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet
- veth: Do not record rx queue hint in veth_xmit
- [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
- can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
- random: fix data race on crng_node_pool
- random: fix data race on crng init time
- [x86] drm/i915: Avoid bitwise vs logical OR warning in
snb_wm_latency_quirk()
- kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
- [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART
- media: uvcvideo: fix division by zero at stream start
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled
- firmware: qemu_fw_cfg: fix sysfs information leak
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
reboot from Windows
- HID: uhid: Fix worker destroying device without any protection
- HID: wacom: Reset expected and received contact counts at the same time
- HID: wacom: Ignore the confidence flag when a touch is removed
- HID: wacom: Avoid using stale array indicies to read contact count
- f2fs: fix to do sanity check in is_alive()
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind()
- [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for
i.MX6
- [x86] gpu: Reserve stolen memory for first integrated Intel GPU
- rtc: cmos: take rtc_lock while reading from CMOS
- media: flexcop-usb: fix control-message timeouts
- media: mceusb: fix control-message timeouts
- media: em28xx: fix control-message timeouts
- media: cpia2: fix control-message timeouts
- media: s2255: fix control-message timeouts
- media: dib0700: fix undefined behavior in tuner shutdown
- media: redrat3: fix control-message timeouts
- media: pvrusb2: fix control-message timeouts
- media: stk1160: fix control-message timeouts
- [x86] can: softing_cs: softingcs_probe(): fix memleak on registration
failure
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
- [arm*] clk: bcm-2835: Pick the closest clock rate
- [arm*] clk: bcm-2835: Remove rounding up the dividers
- [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
- [arm64] wcn36xx: Release DMA channel descriptor allocations
- media: videobuf2: Fix the size printk format
- media: em28xx: fix memory leak in em28xx_init_dev
- Bluetooth: stop proccessing malicious adv data
- [arm64] tee: fix put order in teedev_close_context()
- media: dmxdev: fix UAF when dvb_register_device() fails
- [arm64] crypto: qce - fix uaf on qce_ahash_register_one
- netfilter: bridge: add support for pppoe filtering
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode()
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms()
- [arm*] serial: amba-pl011: do not request memory region twice
- floppy: Fix hang in watchdog when disk is ejected
- media: dib8000: Fix a memleak in dib8000_init()
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
- media: si2157: Fix "warm" tuner state detection
- sched/rt: Try to restart rt period timer when rt runtime exceeded
- xfrm: fix a small bug in xfrm_sa_len()
- media: dw2102: Fix use after free
- media: msi001: fix possible null-ptr-deref in msi001_probe()
- [arm64] drm/msm/dpu: fix safe status debugfs file
- xfrm: interface with if_id 0 should return error
- xfrm: state and policy should fail if XFRMA_IF_ID 0
- usb: ftdi-elan: fix memory leak on device disconnect
- [armhf] mmc: meson-mx-sdio: add IRQ check
- [x86] mce/inject: Avoid out-of-bounds write when setting flags
- [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region()
- [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region()
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
- ppp: ensure minimum packet size in ppp_write()
- Bluetooth: hci_bcm: Check for error irq
- [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in
meson_spifc_probe
- tpm: add request_locality before write TPM_INT_ENABLE
- can: softing: softing_startstop(): fix set but not used variable warning
- pcmcia: fix setting of kthread task states
- net: mcs7830: handle usb read errors properly
- ext4: avoid trim error on fs with small groups
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
- [arm64] RDMA/hns: Validate the pkey index
- [powerpc*] prom_init: Fix improper check of prom_getprop()
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
- [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting
- scsi: ufs: Fix race conditions related to driver data
- RDMA/core: Let ib_find_gid() continue search even after empty entry
- [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes
- [arm*] iommu/iova: Fix race between FQ timeout and teardown
- RDMA/cxgb4: Set queue pair state when being queried
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
- fs: dlm: filter user dlm messages for kernel locks
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
- usb: gadget: f_fs: Use stream_open() for endpoint files
- HID: apple: Do not reset quirks when the Fn key is not found
- media: b2c2: Add missing check in flexcop_pci_isr:
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
- [armhf] HSI: core: Fix return freed object in hsi_new_client
- [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976)
- rsi: Fix out-of-bounds read in rsi_read_pkt()
- floppy: Add max size check for user space request
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach()
- media: m920x: don't use stack on USB reads
- iwlwifi: mvm: synchronize with FW after multicast commands
- ath10k: Fix tx hanging
- net-sysfs: update the queue counts in the unregistration path
- [x86] mce: Mark mce_panic() noinstr
- [x86] mce: Mark mce_end() noinstr
- [x86] mce: Mark mce_read_aux() noinstr
- net: bonding: debug: avoid printing debug logs when bond is not notifying
peers
- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
- HID: quirks: Allow inverting the absolute X/Y values
- media: igorplugusb: receiver overflow should be reported
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach()
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
- audit: ensure userspace is penalized the same as the kernel when under
pressure
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
- iwlwifi: fix leaks/bad data after failed firmware load
- iwlwifi: remove module loading failure message
- iwlwifi: mvm: Fix calculation of frame length
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
- ACPICA: Utilities: Avoid deleting the same object twice in a row
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
- drm/amdgpu: fixup bad vram size on gmc v8
- [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk
- btrfs: remove BUG_ON() in find_parent_nodes()
- btrfs: remove BUG_ON(!eie) in find_parent_nodes
- net: mdio: Demote probed message to debug print
- mac80211: allow non-standard VHT MCS-10/11
- dm btree: add a defensive bounds check to insert_at()
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
- net: phy: marvell: configure RGMII delays for 88E1118
- [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator
- [arm64,armhf] serial: pl010: Drop CR register reset on set_termios
- serial: core: Keep mctrl register state and cached copy in sync
- [powerpc*] powernv: add missing of_node_put
- [powerpc*] btext: add missing of_node_put
- [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race
- [x86] i2c: i801: Don't silently correct invalid transfer size
- [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING
- [powerpc*] i2c: mpc: Correct I2C reset procedure
- w1: Misuse of get_user()/put_user() reported by sparse
- ALSA: seq: Set upper limit of processed events
- [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers
option
- [mips*] OCTEON: add put_device() after of_find_device_by_node()
- [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters
- scsi: sr: Don't use GFP_DMA
- [arm64] rpmsg: core: Clean up resources on announce_create failure.
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write
buffers
- serial: Fix incorrect rs485 polarity on uart open
- cputime, cpuacct: Include guest time in user time in cpuacct.stat
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
- [s390x] mm: fix 2KB pgtable release race
- [armhf] drm/etnaviv: limit submit sizes
- ext4: make sure to reset inode lockdep class when quota enabling fails
- ext4: make sure quota gets properly shutdown on error
- ext4: set csum seed in tmp inode while migrating to extents
- ext4: Fix BUG_ON in ext4_bread when write quota data
- ext4: don't use the orphan list when migrating an inode
- ASoC: dpcm: prevent snd_soc_dpcm use after free
- regulator: core: Let boot-on regulators be powered off
- drm/radeon: fix error handling in radeon_driver_open_kms
- [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device
- RDMA/rxe: Fix a typo in opcode name
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
- netns: add schedule point in ops_exit_list()
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
- net_sched: restore "mpu xxx" handling
- [mips*,s390x] gup: Work around the "COW can break either way" issue
(CVE-2020-29374)
- fuse: fix bad inode (CVE-2020-36322)
- fuse: fix live lock in fuse_iget() (CVE-2021-28950)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227
- [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330)
- net: bridge: clear bridge's private skb space on xmit
- select: Fix indefinitely sleeping task in poll_schedule_timeout()
- [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
- Bluetooth: refactor malicious adv data check
- [s390x] hypfs: include z/VM guests with access control group set
- [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV
FCP devices
- udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617)
- udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617)
- [armhf] drm/etnaviv: relax submit size limits
- netfilter: nft_payload: do not update layer 4 checksum when mangling
fragments
- serial: 8250: of: Fix mapped region size when using reg-offset property
- tty: n_gsm: fix SW flow control encoding/handling
- tty: Add support for Brainboxes UC cards.
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
- [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match()
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
- [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off
- [arm64,armhf] net: sfp: ignore disabled SFP node
- i40e: Increase delay to 1 s after global EMP reset
- i40e: Fix issue when maximum queues is exceeded
- i40e: Fix queues reservation for XDP
- i40e: fix unsigned stat widths
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put()
- ipv6_tunnel: Rate limit warning messages
- net: fix information leakage in /proc/net/ptype
- ping: fix the sk_bound_dev_if match in ping_lookup
- ipv4: avoid using shared IP generator for connected sockets
- hwmon: (lm90) Reduce maximum conversion rate for G781
- NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448)
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file
- net-procfs: show net devices bound packet types
- [arm64] drm/msm: Fix wrong size calculation
- [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
- ipv6: annotate accesses to fn->fn_sernum
- NFS: Ensure the server has an up to date ctime before hardlinking
- NFS: Ensure the server has an up to date ctime before renaming
- phylib: fix potential use-after-free
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959)
- ipv4: raw: lock the socket in raw_bind()
- ipv4: tcp: send zero IPID in SYNACK messages
- netfilter: nat: remove l4 protocol port rovers
- netfilter: nat: limit port clash resolution attempts
- tcp: fix possible socket leaks in internal pacing mode
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
- [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag
- [amd64,arm64] net: amd-xgbe: Fix skb data length underflow
- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
- af_packet: fix data-race in packet_setsockopt / packet_setsockopt
- audit: improve audit queue handling when "audit=1" on cmdline
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
quirks
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
chipset)
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
reboot from Windows
- drm/nouveau: fix off by one in BIOS boundary checking
- block: bio-integrity: Advance seed correctly for larger interval sizes
- RDMA/mlx4: Don't continue event handler after memory allocation failure
- [amd64] iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping()
- [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
- [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe
- net: ieee802154: hwsim: Ensure proper channel selection at probe time
- net: ieee802154: Return meaningful error codes from the netlink helpers
- net: macsec: Verify that send_sci is on when setting Tx sci explicitly
- [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent
- [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
- rtc: cmos: Evaluate century appropriate
- [arm64] EDAC/xgene: Fix deferred probing
- ext4: fix error handling in ext4_restore_inline_data()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229
- cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492)
- moxart: fix potential use-after-free on remove path (CVE-2022-0487)
- tipc: improve size validations for received domain records (CVE-2022-0435)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230
- integrity: check the return value of audit_log_start()
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
- NFS: Fix initialisation of nfs_client cl_flags field
- NFSD: Clamp WRITE offsets
- NFSD: Fix offset type in I/O trace points
- NFSv4 only print the label when its queried
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4.1: Fix uninitialised variable in devicenotify
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4 expose nfs_parse_server_name function
- net: sched: Clarify error message when qdisc kind is unknown
- scsi: target: iscsi: Make sure the np under each tpg is unique
- [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
- [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of
readl_poll_timeout()
- bpf: Add kconfig knob for disabling unpriv bpf by default
- net: bridge: fix stale eth hdr pointer in br_dev_xmit
- usb: f_fs: Fix use-after-free for epfile
- ixgbevf: Require large buffers for build_skb on 82599VF
- bonding: pair enable_port with slave_arr_updates
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure
path
- net: do not keep the dst cache when uncloning an skb dst and its metadata
- net: fix a memleak when uncloning an skb dst and its metadata
- veth: fix races around rq->rx_notify_masked
- tipc: rate limit warning for received illegal binding update
- [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal
- vt_ioctl: fix array_index_nospec in vt_setactivate
- vt_ioctl: add array_index_nospec to VT_ACTIVATE
- n_tty: wake up poll(POLLRDNORM) on receiving data
- [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release
- [arm64,armhf] usb: ulpi: Call of_node_put correctly
- [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs
- USB: gadget: validate interface OS descriptor requests (CVE-2022-25258)
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375)
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- USB: serial: option: add ZTE MF286D modem
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
- USB: serial: cp210x: add NCR Retail IO box id
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
- seccomp: Invalidate seccomp mode to catch death failures
- [x86] hwmon: (dell-smm) Speed up setting of fan speed
- perf: Fix list corruption in perf_cgroup_switch()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231
- Makefile.extrawarn: Move -Wunaligned-access to W=1
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- btrfs: send: in case of IO error log it
- net: ieee802154: at86rf230: Stop leaking skb's
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
- vfs: make freeze_super abort when sync_filesystem returns error
- quota: make dquot_quota_sync return errors from ->sync_fs
- nvme: fix a possible use-after-free in controller reset during load
- nvme-rdma: fix possible use-after-free in transport error_recovery work
- Revert "module, async: async_synchronize_full() on module init iff async
is used"
- iwlwifi: fix use-after-free
- drm/radeon: Fix backlight control on iMac 12,1
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
- taskstats: Cleanup the use of task->exit_code
- mmc: block: fix read single on recovery logic
- vsock: remove vsock from connected table when connect is interrupted by a
signal
- iwlwifi: pcie: fix locking when "HW not ready"
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
- ping: fix the dif and sdif check in ping_lookup
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
- bonding: fix data-races around agg_select_timer
- libsubcmd: Fix use-after-free for realloc(..., 0)
- ALSA: hda: Fix regression on forced probe mask option
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
- [powerpc*] lib/sstep: fix 'ptesync' build error
- ext4: check for out-of-order index extents in ext4_valid_extent_entries()
- block/wbt: fix negative inflight counter when remove scsi device
- NFS: LOOKUP_DIRECTORY is also ok with symlinks
- NFS: Do not report writeback errors in nfs_getattr()
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr()
- net: sched: limit TC_ACT_REPEAT loops
- lib/iov_iter: initialize "flags" in new pipe_buffer
- [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are
used
- [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
- [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
- [armhf] OMAP2+: hwmod: Add of_node_put() before break
- netfilter: conntrack: don't refresh sctp entries in closed state
- kconfig: let 'shell' return enough output for deep path names
- ata: libata-core: Disable TRIM on M88V29
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
- net: usb: qmi_wwan: Add support for Dell DW5829e
- [arm64] net: macb: Align the dma and coherent dma masks
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
- sr9700: sanity check for packet length
- USB: zaurus: support another broken Zaurus
- ping: remove pr_err from ping_lookup
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
- tipc: Fix end of loop tests for list_for_each_entry()
- gso: do not skip outer ip header in case of ipip and net_failover
- openvswitch: Fix setting ipv6 fields causing hw csum failure
- drm/edid: Always set RGB444
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
- configfs: fix a race in configfs_{,un}register_subsystem()
- RDMA/ib_srp: Fix a deadlock
- tty: n_gsm: fix proper link termination after failed open
- Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR"
- memblock: use kfree() to release kmalloced memblock regions
- fget: clarify and improve __fget_files() implementation
- tracing: Have traceon and traceoff trigger honor the instance
- ata: pata_hpt37x: disable primary channel on HPT371
- Revert "USB: serial: ch341: add new Product ID for CH341A"
- usb: gadget: rndis: add spinlock for rndis response list
- tracefs: Set the group ownership in apply_options() not parse_options()
- USB: serial: option: add support for DW5829e
- USB: serial: option: add Telit LE910R1 compositions
- [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
- [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom
halves.
- xhci: re-initialize the HC during resume if HCE was set
- xhci: Prevent futile URB re-submissions due to incorrect return value.
- tty: n_gsm: fix encoding of control signal octet bit DV
.
[ Salvatore Bonaccorso ]
* Bump ABI to 19
* [rt] Update to 4.19.210-rt90
* [rt] Update to 4.19.211-rt91
* [rt] Update to 4.19.212-rt92
* [rt] Update to 4.19.214-rt93
* [rt] Update to 4.19.215-rt94
- fscache: fix initialisation of cookie hash table raw spinlocks
* [rt] Update to 4.19.217-rt95
* Refresh "Export symbols needed by Android drivers"
* liblockdep: Stop build liblockdep packages
* [rt] Update to 4.19.218-rt96
* [rt] Update to 4.19.219-rt97
* [rt] Refresh "net: move xmit_recursion to per-task variable on -RT"
* Refresh "Export symbols needed by Android drivers"
* [rt] Update to 4.19.225-rt101
* Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for
out-of-tree modules""
* [rt] Update to 4.19.227-rt102
* [rt] Update to 4.19.230-rt103
* init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411)
* Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001,
CVE-2022-0002)
- [x86] speculation: Merge one test in spectre_v2_user_select_mitigation()
- [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
- [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
- [x86] speculation: Add eIBRS + Retpoline options
- Documentation/hw-vuln: Update spectre doc
- [x86] speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- [x86] speculation: Use generic retpoline by default on AMD
- [x86] speculation: Update link to AMD speculation whitepaper
- [x86] speculation: Warn about Spectre v2 LFENCE mitigation
- [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
Checksums-Sha1:
5f1d92eafca7174436f7ba5b11acd7902065667d 6605 linux-signed-arm64_4.19.232+1.dsc
b3e1138c37adf6c5b0f2c5976fbc1611526570eb 2049328 linux-signed-arm64_4.19.232+1.tar.xz
Checksums-Sha256:
5631926fb61278c7995fd611fa18b374d064c6ccd2438bb1b0bb1a1e84b81546 6605 linux-signed-arm64_4.19.232+1.dsc
631a844ea0edc2c59fce811a9f42787c84cedd88c99f704eed2dba58162e0c19 2049328 linux-signed-arm64_4.19.232+1.tar.xz
Files:
99fcf9841b143396c0288f068bc461f0 6605 kernel optional linux-signed-arm64_4.19.232+1.dsc
0183a1e705f46d328c6c97c359f0edf8 2049328 kernel optional linux-signed-arm64_4.19.232+1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmIn0QYACgkQi0FRiLdO
NzYAeRAAqFrcB14RGvxHreGUak/ghVqS0vnsWZQqeloVs3eBN/c03/uGbf3aO4Wi
zRRNcATONrUzxAliWq2xcbTuFKBVPEUTS/79YDcdTKwjCqXhhdeFPZv612hJbOVD
X2o+qaZ7XsG5AhpmZxNVWI1IZY2SBWVAYmr3kTjis1HqvP5IkKVP8SiEU3P/4xf8
IWHPGg8215JIeDk4FyIqZFUKDfCHNVelHXofGlAVdc6VjQ2FU3OI9h12pOvZpnuM
dMu0E8SwfnXR6fWC/4MnFPj7ktAOir4c/wzM+sFmQWtc8Izd2xKiI7pBx0H4c3cm
LzDih50DPcP1/8MLm8/zIf79wJURSdOlNYWpZIbmtQQafiIp7K5HiXxnxc/FXTUO
Q32bL2KhZx7XlTw3Q0iu++qMXsKGc4XWxYd5n7ITjwyHEIBrcL5Fxfkr8cVWrMMT
e2J+AM5jYN+7mH8mbfFjTmBJaRWDOElOxOm8aF6+zi4WOMYQ76nLVfhNwqoNLVs2
yszCO4kqDbUXmtgsvNgYqUjOrzk3y9/55bblEivaFz3A+eb0JzcjngMt32Elwdc2
g9hcpXEOKlaYTWfZOD47HS7Gh7u94WOaKJHlqhS2mj+5CRef2LopGMjeh96om97N
iXaGLjQ0l8RGGENs9EYJg6o0+H47y7xUt7HLt/JiU7bYDyfXBjM=
=wRD+
-----END PGP SIGNATURE-----