Accepted linux 4.19.171-1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Jan 2021 23:03:16 +0100
Source: linux
Architecture: source
Version: 4.19.171-1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 970736 972345 977048 977615
Changes:
linux (4.19.171-1) buster-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161
- perf event: Check ref_reloc_sym before using it
- netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177)
- btrfs: don't access possibly stale fs_info data for printing duplicate
device
- btrfs: fix lockdep splat when reading qgroup config on mount
- wireless: Use linux/stddef.h instead of stddef.h
- [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for
userspace
- [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint
- [x86] KVM: Fix split-irqchip vs interrupt injection window request
- [arm64] pgtable: Fix pte_accessible()
- [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect()
(Closes: #977615)
- drm/atomic_helper: Stop modesets on unregistered connectors harder
- ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
- HID: cypress: Support Varmilo Keyboards' media hotkeys
- HID: add support for Sega Saturn
- Input: i8042 - allow insmod to succeed on devices without an i8042
controller
- HID: hid-sensor-hub: Fix issue with devices with no report ID
- HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
- [x86] xen: don't unbind uninitialized lock_kicker_irq
- HID: Add Logitech Dinovo Edge battery quirk
- proc: don't allow async path resolution of /proc/self components
- nvme: free sq/cq dbbuf pointers when dbbuf set fails
- [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
- scsi: libiscsi: Fix NOP race condition
- scsi: target: iscsi: Fix cmd abort fabric stop race
- [x86] perf/x86: fix sysfs type mismatches
- [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure
- scsi: ufs: Fix race between shutdown and runtime resume flow
- bnxt_en: fix error return code in bnxt_init_one()
- bnxt_en: fix error return code in bnxt_init_board()
- [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM
- bnxt_en: Release PCI regions when DMA mask setup fails during probe.
- cxgb4: fix the panic caused by non smac rewrite
- [s390x] qeth: fix tear down of async TX buffers
- IB/mthca: fix return value of error branch in mthca_init_cq()
- net: ena: set initial DMA width to avoid intel iommu issue
- [arm64] optee: add writeback to valid memory type
- [arm64,armhf,x86] efivarfs: revert "fix memory leak in
efivarfs_create()" (Closes: #977048)
- can: gs_usb: fix endianess problem with candleLight firmware
- [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup
time
- [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment
- USB: core: Change %pK for __user pointers to %px
- usb: gadget: f_midi: Fix memleak in f_midi_alloc
- USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO
built-in usb-audio card
- usb: gadget: Fix memleak in gadgetfs_fill_super
- [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
- USB: core: Fix regression in Hercules audio card
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162
- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init
- [s390x] net/af_iucv: set correct sk_protocol for child sockets
- rose: Fix Null pointer dereference in rose_send_frame()
- sock: set sk_err to ee_errno on dequeue from errq
- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control
- tun: honor IOCB_NOWAIT flag
- i40e: Fix removing driver while bare-metal VFs pass traffic
- bonding: wait for sysfs kobject destruction before freeing struct slave
- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING
traversal
- ipv4: Fix tos mask in inet_rtm_getroute()
- geneve: pull IP header before ECN decapsulation
- net: ip6_gre: set dev->hard_header_len when using header_ops
- cxgb3: fix error return code in t3_sge_alloc_qset()
- [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open()
- net/mlx5: Fix wrong address reclaim when command interface is down
- dt-bindings: net: correct interrupt flags in examples
- ALSA: usb-audio: US16x08: fix value count for level meters
- Input: xpad - support Ardwiino Controllers
- Input: i8042 - add ByteSpeed touchpad to noloop table
- tracing: Remove WARN_ON in start_thread()
- RDMA/i40iw: Address an mmap handler exploit in i40iw
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163
- [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting
direct-irq pin to output
- [x86] pinctrl: baytrail: Fix pin being driven low for a while on
gpiod_get(..., GPIOD_OUT_HIGH)
- usb: gadget: f_fs: Use local copy of descriptors for userspace copy
- USB: serial: kl5kusb105: fix memleak on open
- USB: serial: ch341: add new Product ID for CH341A
- USB: serial: ch341: sort device-id entries
- USB: serial: option: add Fibocom NL668 variants
- USB: serial: option: add support for Thales Cinterion EXS82
- USB: serial: option: fix Quectel BG96 matching
- tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661)
- tty: Fix ->session locking (CVE-2020-29660)
- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294
- ALSA: hda/realtek - Add new codec supported for ALC897
- ALSA: hda/generic: Add option to enforce preferred_dacs pairs
- ftrace: Fix updating FTRACE_FL_TRAMP
- cifs: fix potential use-after-free in cifs_echo_request()
- [armhf] i2c: imx: Don't generate STOP condition if arbitration has been
lost
- scsi: mpt3sas: Fix ioctl timeout
- dm writecache: fix the maximum number of arguments
- dm: remove invalid sparse __acquires and __releases annotations
- mm: list_lru: set shrinker map bit when child nr_items is not zero
- mm/swapfile: do not sleep with a spin lock held
- [x86] uprobes: Do not use prefixes.nbytes when looping over
prefixes.bytes
- [armhf] i2c: imx: Fix reset of I2SR_IAL flag
- [armhf] i2c: imx: Check for I2SR_IAL after every byte
- speakup: Reject setting the speakup line discipline outside of speakup
(CVE-2020-27830)
- [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
- spi: Introduce device-managed SPI controller allocation
- [arm*] spi: bcm2835: Fix use-after-free on unbind
- [arm*] spi: bcm2835: Release the DMA channel if probe fails after
dma_init
- tracing: Fix userstacktrace option for instances
- gfs2: check for empty rgrp tree in gfs2_ri_update
- [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
- dm writecache: remove BUG() and fail gracefully instead
- Input: i8042 - fix error return code in i8042_setup_aux()
- netfilter: nf_tables: avoid false-postive lockdep splat
- [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over
prefixes bytes
- Revert "geneve: pull IP header before ECN decapsulation"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164
- [x86] lib: Change .weak to SYM_FUNC_START_WEAK for
arch/x86/lib/mem*_64.S
- [arm*] spi: bcm2835aux: Fix use-after-free on unbind
- [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
- iwlwifi: pcie: limit memory read spin time
- iwlwifi: mvm: fix kernel panic in case of assert during CSA
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
- [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS
state on suspend
- [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga
11e
- [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for
Thinkpad Yoga 11e 4th gen
- [x86] platform/x86: acer-wmi: add automatic keyboard background light
toggle key as KEY_LIGHTS_TOGGLE
- [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion
13 x360 PC
- Input: cm109 - do not stomp on control URB
- Input: i8042 - add Acer laptops to the i8042 reset list
- pinctrl: amd: remove debounce filter setting in IRQ type setting
- mmc: block: Fixup condition for CMD13 polling for RPMB requests
- kbuild: avoid static_assert for genksyms
- scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
- [x86] membarrier: Get rid of a dubious optimization
- [x86] apic/vector: Fix ordering in vector assignment
- [arm64] PCI: qcom: Add missing reset for ipq806x
- mac80211: mesh: fix mesh_pathtbl_init() error path
- [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume()
- tcp: select sane initial rcvq_space.space for big MSS
- tcp: fix cwnd-limited bug for TSO deferral where we send nothing
- net/mlx4_en: Avoid scheduling restart task if it is already running
- lan743x: fix for potential NULL pointer dereference with bare card
- net/mlx4_en: Handle TX error CQE
- [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled
- [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the
m250_sel mux
- net: bridge: vlan: fix error return code in __vlan_add()
- USB: add RESET_RESUME quirk for Snapscan 1212
- ALSA: usb-audio: Fix potential out-of-bounds shift
- ALSA: usb-audio: Fix control 'access overflow' errors from chmap
- xhci: Give USB2 ports time to enter U3 in bus suspend
- USB: UAS: introduce a quirk to set no_write_same
- ALSA: pcm: oss: Fix potential out-of-bounds shift
- [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks
- drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
- [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it
off
- [arm*] gpio: mvebu: fix potential user-after-free on probe
- scsi: bnx2i: Requires MMU
- xsk: Fix xsk_poll()'s return type
- can: softing: softing_netdev_open(): fix error handling
- block: factor out requeue handling from dispatch code
- netfilter: x_tables: Switch synchronization to RCU
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
- ixgbe: avoid premature Rx buffer reuse
- [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base()
- kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
- [arm64,armhf] drm/tegra: sor: Disable clocks on error in
tegra_sor_init()
- [arm64] syscall: exit userspace before unmasking exceptions
- vxlan: Add needed_headroom for lower device
- vxlan: Copy needed_tailroom from lowerdev
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
- dm table: Remove BUG_ON(in_interrupt())
- [arm64] soc/tegra: fuse: Fix index bug in get_process_id
- USB: serial: option: add interface-number sanity check to flag handling
- USB: gadget: f_acm: add support for SuperSpeed Plus
- USB: gadget: f_midi: setup SuperSpeed Plus descriptors
- usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
- USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
- [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING
flag to imx6ul
- [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU
- [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid
XU
- scsi: megaraid_sas: Check user-provided offsets
- HID: i2c-hid: add Vero K147 to descriptor override
- serial_core: Check for port state when tty is in error state
- Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
- quota: Sanity-check quota file headers on load
- media: msi2500: assign SPI bus number dynamically
- crypto: af_alg - avoid undefined behavior accessing salg_name
- md: fix a warning caused by a race between concurrent md_ioctl()s
- perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata
- perf cs-etm: Move definition of 'traceid_list' global variable from
header file
- [x86] drm/gma500: fix double free of gma_connector
- selinux: fix error initialization in inode_doinit_with_dentry()
- RDMA/rxe: Compute PSN windows correctly
- [x86] mm/ident_map: Check for errors from ident_pud_init()
- [armel,armhf] p2v: fix handling of LPAE translation in BE mode
- [x86] apic: Fix x2apic enablement without interrupt remapping
- sched/deadline: Fix sched_dl_global_validate()
- sched: Reenable interrupts in do_sched_yield()
- [arm64] crypto: inside-secure - Fix sizeof() mismatch
- [powerpc*] 64: Set up a kernel stack for secondaries before
cpu_restore()
- [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
- ASoC: pcm: DRAIN support reactivation
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
- Bluetooth: Fix null pointer dereference in hci_event_packet()
- Bluetooth: hci_h5: fix memory leak in h5_close
- [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
- [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20
- [arm64,armhf] spi: tegra20-sflash: fix reference leak in
tegra_sflash_resume
- [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops
- mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
- RDMa/mthca: Work around -Wenum-conversion warning
- [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
- [x86] media: tm6000: Fix sizeof() mismatches
- scsi: core: Fix VPD LUN ID designator priorities
- media: solo6x10: fix missing snd_card_free in error handling case
- [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
- Input: ads7846 - fix race that causes missing releases
- Input: ads7846 - fix integer overflow on Rt calculation
- Input: ads7846 - fix unaligned access on 7845
- spi: fix resource leak for drivers without .remove callback
- [armhf] Input: omap4-keypad - fix runtime PM error handling
- RDMA/cxgb4: Validate the number of CQEs
- memstick: fix a double-free bug in memstick_check
- orinoco: Move context allocation after processing the skb
- [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
- media: siano: fix memory leak of debugfs members in smsdvb_hotplug
- [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
- [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
- [x86] power: supply: bq24190_charger: fix reference leak
- genirq/irqdomain: Don't try to free an interrupt that has no mapping
- PCI: Bounds-check command-line resource alignment requests
- PCI: Fix overflow in command-line resource alignment requests
- [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2
- [x86] platform/x86: dell-smbios-base: Fix error return code in
dell_smbios_init
- ath10k: Fix the parsing error in service available event
- ath10k: Fix an error handling path
- ath10k: Release some resources in an error handling path
- NFSv4.2: condition READDIR's mask for security label based on LSM state
- SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
- lockd: don't use interval-based rebinding over TCP
- NFS: switch nfsiod to be an UNBOUND workqueue.
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
- media: saa7146: fix array overflow in vidioc_s_audio()
- memstick: r592: Fix error return in r592_probe()
- net/mlx5: Properly convey driver version to firmware
- dm ioctl: fix error return code in target_message
- [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault
programming of CNTKCTL_EL1.EVNTI
- [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
- scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
- scsi: pm80xx: Fix error return in pm8001_pci_probe()
- seq_buf: Avoid type mismatch for seq_buf_init
- [x86] scsi: fnic: Fix error return code in fnic_probe()
- [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from
suspend ops
- [powerpc*] pseries/hibernation: remove redundant cacheinfo update
- [armhf] usb: ehci-omap: Fix PM disable depth umbalance in
ehci_hcd_omap_probe
- speakup: fix uninitialized flush_lock
- nfsd: Fix message level for normal termination
- nfs_common: need lock during iterate through the list
- [x86] kprobes: Restore BTF if the single-stepping is cancelled
- [arm64,armhf] clk: tegra: Fix duplicated SE clock entry
- mac80211: don't set set TDLS STA bandwidth wider than possible
- watchdog: Fix potential dereferencing of null pointer
- [armhf] net: allwinner: Fix some resources leak in the error handling
path of the probe and in the remove function
- [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in
__blk_label_update
- [arm64] watchdog: qcom: Avoid context switch in restart handler
- [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup
- qlcnic: Fix error code in probe
- [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the
probe function
- [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel
- [armhf] sunxi: Add machine match for the Allwinner V3 SoC
- cfg80211: initialize rekey_data
- lwt: Disable BH too in run_lwt_bpf()
- [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key
events
- Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
- media: gspca: Fix memory leak in probe
- [armhf] media: sunxi-cir: ensure IR is handled when it is continuous
- media: netup_unidvb: Don't leak SPI master in probe error path
- [x86] Input: cyapa_gen6 - fix out-of-bounds stack access
- ALSA: hda/ca0132 - Change Input Source enum strings.
- PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
- Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources
walks"
- ACPI: PNP: compare the string length in the matching_id()
- ALSA: hda: Fix regressions on clear and reconfig sysfs
- ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
- ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
- ALSA: pcm: oss: Fix a few more UBSAN fixes
- ALSA: hda/realtek: Add quirk for MSI-GP73
- ALSA: hda/realtek: Apply jack fixup for Quanta NL3
- ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO
devices
- ALSA: usb-audio: Disable sample read check if firmware doesn't give back
- [s390x] smp: perform initial CPU reset also for SMT siblings
- [s390x] dasd: fix hanging device offline processing
- [s390x] dasd: prevent inconsistent LCU device data
- [s390x] dasd: fix list corruption of pavgroup group list
- [s390x] dasd: fix list corruption of lcu list
- [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection
- [powerpc*] perf: Exclude kernel samples while counting events in user
space.
- crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
- [x86] EDAC/amd64: Fix PCI component registration
- USB: serial: mos7720: fix parallel-port state restore
- USB: serial: digi_acceleport: fix write-wakeup deadlocks
- USB: serial: keyspan_pda: fix dropped unthrottle interrupts
- USB: serial: keyspan_pda: fix write deadlock
- USB: serial: keyspan_pda: fix stalled writes
- USB: serial: keyspan_pda: fix write-wakeup use-after-free
- USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
- USB: serial: keyspan_pda: fix write unthrottling
- ext4: fix a memory leak of ext4_free_data
- ext4: fix deadlock with fs freezing and EA inodes
- [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps
- [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard
ES
- [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
- [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter
- [powerpc*] xmon: Change printk() to pr_cont()
- ceph: fix race in concurrent __ceph_remove_cap invocations
- SMB3: avoid confusing warning message on mount to Azure
- SMB3.1.1: do not log warning message if server doesn't populate salt
- ubifs: wbuf: Don't leak kernel memory to flash
- jffs2: Fix GC exit abnormally
- jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815)
- drm/dp_aux_dev: check aux_dev before use in
drm_dp_aux_dev_get_by_minor()
- [armel] mtd: parser: cmdline: Fix parsing of part-names with colons
- scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
- scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
- iio: buffer: Fix demux update
- [arm64,armhf] iio: adc: rockchip_saradc: fix missing
clk_disable_unprepare() on error in rockchip_saradc_resume
- md/cluster: block reshape with remote resync job
- md/cluster: fix deadlock when node is doing resync job
- [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in
sunxi_pinctrl_irq_handler
- [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(CVE-2020-29569)
- xen/xenbus: Allow watches discard events before queueing
(CVE-2020-29568)
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
(CVE-2020-29568)
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(CVE-2020-29568)
- xen/xenbus: Count pending messages for each watch (CVE-2020-29568)
- xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568)
- libnvdimm/namespace: Fix reaping of invalidated block-window-namespace
labels
- [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha
12
- PCI: Fix pci_slot_release() NULL pointer dereference
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165
- md/raid10: initialize r10_bio->read_slot before use.
- fscrypt: add fscrypt_is_nokey_name()
- ext4: prevent creating duplicate encrypted filenames
- f2fs: prevent creating duplicate encrypted filenames
- ubifs: prevent creating duplicate encrypted filenames
- vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
- ext4: don't remount read-only with errors=continue on reboot
- uapi: move constants from <linux/kernel.h> to <linux/const.h>
- [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL
accesses
- [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
- [powerpc*] bitops: Fix possible undefined behaviour with fls() and
fls64()
- xen/gntdev.c: Mark pages as dirty
- null_blk: Fix zone size initialization
- of: fix linker-section match-table corruption
- Bluetooth: hci_h5: close serdev device and free hu in h5_close
- reiserfs: add check for an invalid ih_entry_count
- [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in
vmci_ctx_get_chkpt_doorbells()
- media: gp8psk: initialize stats at power control logic
- ALSA: seq: Use bool for snd_seq_queue internal flags
- ALSA: rawmidi: Access runtime->avail always in spinlock
- fcntl: Fix potential deadlock in send_sig{io, urg}()
- [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
- module: set MODULE_STATE_GOING state when a module fails to load
- quota: Don't overflow quota file offsets
- NFSv4: Fix a pNFS layout related use-after-free race when freeing the
inode
- module: delay kobject uevent until after module init call
- ALSA: pcm: Clear the full allocated memory at hw_params
- dm verity: skip verity work if I/O error when system is shutting down
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166
- kdev_t: always inline major/minor helper functions
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167
- workqueue: Kick a worker based on the actual activation of delayed works
- scsi: ufs: Fix wrong print message in dev_err()
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff()
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
- lib/genalloc: fix the overflow when size is too big
- proc: change ->nlink under proc_subdir_lock
- proc: fix lookup in /proc/net subdirectories after setns(2)
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
- [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause
frames
- [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse
- atm: idt77252: call pci_disable_device() on error path
- [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control
configurations
- qede: fix offload for IPIP tunnel packets
- virtio_net: Fix recursive call to cpus_read_lock()
- net-sysfs: take the rtnl lock when storing xps_cpus
- net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
- tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
- ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
- [arm64] net: hns: fix return value check in __lb_other_process()
- erspan: fix version 1 check in gre_parse_header()
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is
running
- CDC-NCM: remove "connected" log message
- net: usb: qmi_wwan: add Quectel EM160R-GL
- r8169: work around power-saving bug on some chip versions
- vhost_net: fix ubuf refcount incorrectly when sendmsg fails
- net: sched: prevent invalid Scell_log shift count
- net-sysfs: take the rtnl lock when storing xps_rxqs
- net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc
- Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close
- [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
- crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
- usb: gadget: enable super speed plus
- USB: cdc-acm: blacklist another IR Droid device
- USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
- [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
completion
- [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call
in usbmisc_get_init_data()
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk
set
- usb: usbip: vhci_hcd: protect shift size
- USB: serial: iuu_phoenix: fix DMA from stack
- USB: serial: option: add LongSung M5710 module support
- USB: serial: option: add Quectel EM160R-GL
- USB: yurex: fix control-URB timeout handling
- USB: usblp: fix DMA to stack
- ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
- usb: gadget: f_uac2: reset wMaxPacketSize
- usb: gadget: function: printer: Fix a memory leak for interface
descriptor
- usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
- usb: gadget: Fix spinlock lockup on usb_function_deactivate
- usb: gadget: configfs: Preserve function ordering after bind failure
- usb: gadget: configfs: Fix use-after-free issue with udc_name
- USB: serial: keyspan_pda: remove unused variable
- [x86] mm: Fix leak of pmd ptlock
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS
- ALSA: hda/conexant: add a new hda codec CX11970
- ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
- btrfs: send: fix wrong file path when there is an inode with a pending
rmdir
- Revert "device property: Keep secondary firmware node secondary by type"
- [x86] xen/pvh: correctly setup the PV EFI interface for dom0
- netfilter: x_tables: Update remaining dereference to RCU
- netfilter: ipset: fix shift-out-of-bounds in htable_bits()
- netfilter: xt_RATEEST: reject non-null terminated string from userspace
- [x86] mtrr: Correct the range check before performing MTRR type lookups
- scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168
- net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736)
- [arm64] net: hns3: fix the number of queues actually used by ARQ
- [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource
references
- [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power
- net: vlan: avoid leaks on register_vlan_dev() failures
- net: ip: always refragment ip defragmented packets
- net: fix pmtu check in nopmtudisc mode
- net: ipv6: fib: flush exceptions when purging route
- vmlinux.lds.h: Add PGO and AutoFDO input sections
- [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert
- [amd64] spi: pxa2xx: Fix use-after-free on unbind
- HID: wacom: Fix memory leakage caused by kfifo_alloc
- [armhf] OMAP2+: omap_device: fix idling of devices during probe
- [x86] cpufreq: powernow-k8: pass policy rather than use
cpufreq_cpu_get()
- [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
- net/mlx5e: Fix two double free cases
- regmap: debugfs: Fix a memory leak when calling regmap_attach_dev
- [arm64] KVM: Don't access PMCR_EL0 when no PMU is available
- block: fix use-after-free in disk_part_iter_next
- net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of
trimmed packet
- regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169
- ASoC: dapm: remove widget from dirty list on free
- [x86] hyperv: check cpu mask after interrupt has been disabled
- [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
- ACPI: scan: Harden acpi_device_add() against device ID overflows
- mm/hugetlb: fix potential missing huge page size info
- dm snapshot: flush merged data before committing metadata
- dm integrity: fix the maximum number of arguments
- r8152: Add Lenovo Powered USB-C Travel Hub
- ext4: fix bug for rename with RENAME_WHITEOUT
- btrfs: fix transaction leak and crash after RO remount caused by qgroup
rescan
- bfq: Fix computation of shallow depth
- [arm64] drm/msm: Call msm_init_vram before binding the gpu
- dump_common_audit_data(): fix racy accesses to ->d_name
- [x86] ASoC: Intel: fix error code cnl_set_dsp_D0()
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
- pNFS: Mark layout for return if return-on-close was not sent
- NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
- NFS: nfs_igrab_and_active must first reference the superblock
- ext4: fix superblock checksum failure when setting password salt
- [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
- RDMA/mlx5: Fix wrong free of blue flame register on error
- mm, slub: consider rest of partial list if acquire_slab() fails
- net: sunrpc: interpret the return value of kstrtou32 correctly
- dm: eliminate potential source of excessive kernel log noise
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
- netfilter: conntrack: fix reading nf_conntrack_buckets
- netfilter: nf_nat: Fix memleak in nf_nat_init
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170
- usb: ohci: Make distrust_firmware param default to false
- dm integrity: fix flush with external metadata device
- nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178)
- udp: Prevent reuseport_select_sock from reading uninitialized socks
- netxen_nic: fix MSI/MSI-x interrupts
- [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
- esp: avoid unneeded kmap_atomic call
- net: dcb: Validate netlink message in DCB handler
- net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
- rxrpc: Call state should be read with READ_ONCE() under some
circumstances
- [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned
- net: sit: unregister_netdevice on newlink's error path
- net: avoid 32 x truesize under-estimation for tiny skbs
- rxrpc: Fix handling of an unsupported token type in rxrpc_read()
- tipc: fix NULL deref in tipc_link_xmit()
- net: introduce skb_list_walk_safe for skb segment walking
- net: skbuff: disambiguate argument and member for skb_list_walk_safe
helper
- net: ipv6: Validate GSO SKB before finish IPv6 processing
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171
- ALSA: hda/via: Add minimum mute flag
- ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
- btrfs: fix lockdep splat in btrfs_recover_relocation
- mmc: core: don't initialize block size from ext_csd if not present
- [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization
- dm: avoid filesystem lookup in dm_get_dev_t()
- dm integrity: fix a crash if "recalculate" used without "internal_hash"
- drm/atomic: put state on error path
- [x86] ASoC: Intel: haswell: Add missing pm_ops
- scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
- scsi: qedi: Correct max length of CHAP secret
- HID: Ignore battery for Elan touchscreen on ASUS UX550
- xen: Fix event channel callback via INTX/GSI
- drm/nouveau/bios: fix issue shadowing expansion ROMs
- drm/nouveau/privring: ack interrupts the same way as RM
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
- drm/nouveau/mmu: fix vram heap sizing
- drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
- i2c: octeon: check correct size of maximum RECV_LEN packet
- [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11
from allow-list
- can: dev: can_restart: fix use after free bug
- can: vxcan: vxcan_xmit: fix use after free bug
- can: peak_usb: fix use after free bugs
- [mips*] irqchip/mips-cpu: Set IPI domain parent chip
- [x86] intel_th: pci: Add Alder Lake-P support
- [arm64] serial: mvebu-uart: fix tx lost characters at power off
- ehci: fix EHCI host controller initialization sequence
- usb: udc: core: Use lock when write to soft_connect
- xhci: make sure TRB is fully written before giving it to the controller
- [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector
- driver core: Extend device_is_dependent()
- netfilter: rpfilter: mask ecn bits before fib lookup
- skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
- udp: mask TOS bits in udp_v4_early_demux()
- ipv6: create multicast route with RTPROT_KERNEL
- net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
- net_sched: reject silly cell_log in qdisc_get_rtab()
- ipv6: set multicast flag on the multicast route
- net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
- [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid"
.
[ Salvatore Bonaccorso ]
* [rt] Update to 4.19.165-rt70
* Bump ABI to 14
* [rt] Refresh "net/core: protect users of napi_alloc_cache against
reentrance"
* futex: Move futex exit handling into futex code
* futex: Replace PF_EXITPIDONE with a state
* exit/exec: Seperate mm_release()
* futex: Split futex_mm_release() for exit/exec
* futex: Set task::futex_state to DEAD right after handling futex exit
* futex: Mark the begin of futex exit explicitly
* futex: Sanitize exit state handling
* futex: Provide state handling for exec() as well
* futex: Add mutex around futex exit
* futex: Provide distinct return value when owner is exiting
* futex: Prevent exit livelock
* [rt] Refresh "softirq: Split softirq locks"
* [arm*] gpio: mvebu: fix pwm .get_state period calculation
* Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
* futex: Ensure the correct return value from futex_lock_pi()
* futex: Replace pointless printk in fixup_owner()
* futex: Provide and use pi_state_update_owner()
* rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
* futex: Use pi_state_update_owner() in put_pi_state()
* futex: Simplify fixup_pi_state_owner()
* futex: Handle faults correctly for PI futexes
* [rt] Refresh "rtmutex: Handle the various new futex race conditions"
* [rt] Refresh "rtmutex: add sleeping lock implementation"
* [rt] Refresh "Revert "rtmutex: Handle the various new futex race
conditions""
* [rt] Refresh "futex: Make the futex_hash_bucket lock raw"
* [rt] Refresh "futex: Delay deallocation of pi_state"
* [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring
back its old state"
* HID: wacom: Correct NULL dereference on AES pen proximity
* tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825)
.
[ Uwe Kleine-König ]
* [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345)
Checksums-Sha1:
cec64089bf234ebd16918a122f7b86ec5ed5dee3 191615 linux_4.19.171-1.dsc
37c3c0616d91bc7d3665ae98c201e772b6b6ab88 107575880 linux_4.19.171.orig.tar.xz
006bf55ea1b29f3a4e582025189376f510f6b326 1479940 linux_4.19.171-1.debian.tar.xz
096ef9560e2bef9324ca40332511d79304fe2fb6 6275 linux_4.19.171-1_source.buildinfo
Checksums-Sha256:
1da387cd31a15b60acf2c6500bd44a7cf5458a945bad1b1dee77533d8b53d2cc 191615 linux_4.19.171-1.dsc
a675203341bfc2876a6361874c40b40190017c95bd51917372e13ef82652bcb0 107575880 linux_4.19.171.orig.tar.xz
c7e1c1474c99227245ac73ab68dfcd36778728edfb0dba04496b3625de5d84b3 1479940 linux_4.19.171-1.debian.tar.xz
7293a0d04abd2ce8e8e3925e96f48859c107fa979388637b664e642d0890bc89 6275 linux_4.19.171-1_source.buildinfo
Files:
86a9cb65e87d95c2a0f3da25a5ae0b4a 191615 kernel optional linux_4.19.171-1.dsc
0db4d008c7ce5a97f13d28e72a209dd0 107575880 kernel optional linux_4.19.171.orig.tar.xz
d804066531e03f77b2fea895b7fec3eb 1479940 kernel optional linux_4.19.171-1.debian.tar.xz
4fd511ebfb9c283defa9dd72684b62ac 6275 kernel optional linux_4.19.171-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAUhs5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIHwP/ikUBcU3jEDEb7qKgjGTmK1RFUiopb91
QUeKsCYLhYgJWalfizjdfWP8EKVvYk/zs6nmeFCjXzXRiVDKPCEDdxN3tzdusG5G
9PyPqUXuvvYHQKVPik1tw5NDwbtHsYEXVWabxWF9XLe1AaUmTOQyuApSz9+9rw+y
Pm2Ro5LzBey3vfaMjIBA0ccS26XUVpbyF/M7GB2RL0iWM6ZjnsGKVCMaYK9/mLLx
niEszr97uuz+JKUjtpykTOZWMI7yDXoW+3IAORRmB5Rsr4lCXabLvlbiJNNsOHEC
CiuPiEnbXHXhCDrD7YoT3Tzkmc6MMlqvzQI2t82qB1azHV9wLKxTnIJxUF9JxWfq
8etAw7QygfizD1/KtjSgODkt4v5J1j3SkG4KWwMuKCm+MFScT7TWkhkdYmg2mH4x
cvbnHYClHp+QQujtLc/b3k50y+QivxIPEX1AEb+z9y0mVFHB/cVFgvgGwLX1BTyD
bFod86oQKnteknvnXDPBWc59YlPhZtwc1qB/b316wP7Nsiw8eruP8Mu2TF5JBEqz
WG5vJtfwFKwUJk3N96KANJEJ3jGmYKXHvkvI066tJJDXmtqahFo3orL+PXrWp9Wt
Tc5FEBYnuJ//1VLpU1nLN+I10fH8bP4brlxAQNXT5D5mwCI9agxOjlR1Jns+g2Qc
4RtYWQJLttT+
=xn6U
-----END PGP SIGNATURE-----