Accepted linux 4.19.208-1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Sep 2021 20:53:57 +0200
Source: linux
Architecture: source
Version: 4.19.208-1
Distribution: buster
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 961056
Changes:
linux (4.19.208-1) buster; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195
- perf/core: Fix endless multiplex timer
- net/nfc/rawsock.c: fix a permission check bug
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L
tablet
- [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830
tablet
- bonding: init notify_work earlier to avoid uninitialized use
- netlink: disable IRQs for netlink_lock_table()
- net: mdiobus: get rid of a BUG_ON()
- cgroup: disable controllers at parse time
- wq: handle VM suspension in stall detection
- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
- RDS tcp loopback connection can hang
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing
- [x86] scsi: vmw_pvscsi: Set correct residual data length
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
- [arm64] net: macb: ensure the device is available before accessing GEMGXL
control registers
- nvme-fabrics: decode host pathing error for connect
- [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
- bnx2x: Fix missing error code in bnx2x_iov_init_one()
- [powerpc*] i2c: mpc: Make use of i2c_recover_bus()
- [powerpc*] i2c: mpc: implement erratum A-004447 workaround
- drm: Fix use-after-free read in drm_getunique()
- drm: Lock pointer access in drm_master_release()
- kvm: avoid speculation-based attacks from out-of-range memslot accesses
- [arm64,x86] staging: rtl8723bs: Fix uninitialized variables
- btrfs: return value from btrfs_mark_extent_written() in case of error
- cgroup1: don't allow '\n' in renaming
- USB: f_ncm: ncm_bitrate (speed) is unsigned
- usb: f_ncm: only first packet of aggregate needs to start timer
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
- [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception
- [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error
path
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
- USB: serial: quatech2: fix control-request directions
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
- usb: gadget: eem: fix wrong eem header operation
- usb: fix various gadgets null ptr deref on 10gbps cabling.
- usb: fix various gadget panics on 10gbps cabling
- regulator: core: resolve supply for boot-on/always-on regulators
- [arm64] regulator: max77620: Use device_set_of_node_from_dev()
- RDMA/mlx4: Do not map the core_clock page to user space unless enabled
- perf: Fix data race between pin_count increment/decrement
- sched/fair: Make sure to update tg contrib for blocked load
- IB/mlx5: Fix initializing CQ fragments buffer
- NFS: Fix a potential NULL dereference in nfs_get_client()
- NFSv4: Fix deadlock between nfs4_evict_inode() and
nfs4_opendata_get_inode()
- perf session: Correct buffer copying when peeking events
- kvm: fix previous commit for 32-bit builds
- NFS: Fix use-after-free in nfs4_init_client()
- NFSv4: Fix second deadlock in nfs4_evict_inode()
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
- scsi: core: Fix error handling of scsi_host_alloc()
- scsi: core: Put .shost_dev in failure path if host state changes to
RUNNING
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED
- ftrace: Do not blindly read the ip address in ftrace_bug()
- tracing: Correct the length check which causes memory corruption
- proc: only require mm_struct for writing
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
- net: ieee802154: fix null deref in parse dev addr
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
- HID: hid-sensor-hub: Return error for hid_set_field() failure
- HID: Add BUS_VIRTUAL to hid_connect logging
- HID: usbhid: fix info leak in hid_submit_ctrl
- gfs2: Prevent direct-I/O write fallback errors from getting lost
- gfs2: Fix use-after-free in gfs2_glock_shrink_scan
- scsi: target: core: Fix warning on realtime kernels
- ethernet: myri10ge: Fix missing error code in myri10ge_probe()
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
- net: ipconfig: Don't override command-line hostnames or domains
- rtnetlink: Fix missing error code in rtnl_bridge_notify()
- net: Return the correct errno code
- fib: Return the correct errno code
- afs: Fix an IS_ERR() vs NULL check
- mm/memory-failure: make sure wait for page writeback in memory_failure
- batman-adv: Avoid WARN_ON timing related checks
- net: ipv4: fix memory leak in netlbl_cipsov4_add_std
- net: rds: fix memory leak in rds_recvmsg
- udp: fix race between close() and udp_abort()
- rtnetlink: Fix regression in bridge VLAN configuration
- net/mlx5e: Block offload of outer header csum for UDP tunnels
- netfilter: synproxy: Fix out of bounds when parsing TCP options
- sch_cake: Fix out of bounds when parsing TCP options and header
- alx: Fix an error handling path in 'alx_probe()'
- net: stmmac: dwmac1000: Fix extended MAC address registers definition
- net: add documentation to socket.c
- net: make get_net_ns return error if NET_NS is disabled
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
- ptp: ptp_clock: Publish scaled_ppm_to_ppb
- ptp: improve max_adj check against unreasonable values
- net: cdc_ncm: switch to eth%d interface naming
- net: usb: fix possible use-after-free in smsc75xx_bind
- [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype
- net: ipv4: fix memory leak in ip_mc_add1_src
- net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
- be2net: Fix an error handling path in 'be_probe()'
- net: hamradio: fix memory leak in mkiss_close
- net: cdc_eem: fix tx fixup skb leak
- icmp: don't send out ICMP messages with a source address of 0.0.0.0
- radeon: use memcpy_to/fromio for UVD fw upload
- hwmon: (scpi-hwmon) shows the negative temperature properly
- can: mcba_usb: fix memory leak in mcba_usb
- usb: core: hub: Disable autosuspend for Cypress CY7C65632
- tracing: Do not stop recording cmdlines when tracing is off
- tracing: Do not stop recording comms if the trace file is being read
- tracing: Do no increment trace_clock_global() by one
- PCI: Mark TI C667X to avoid bus reset
- PCI: Mark some NVIDIA GPUs to avoid bus reset
- PCI: Add ACS quirk for Broadcom BCM57414 NIC
- PCI: Work around Huawei Intelligent NIC VF FLR erratum
- [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in
dma_cyclc
- net: bridge: fix vlan tunnel dst null pointer dereference
- net: bridge: fix vlan tunnel dst refcnt when egressing
- mm/slub: clarify verification reporting
- mm/slub.c: include swab.h
- [armhf] net: fec_ptp: add clock rate zero check
- [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
- can: bcm/raw/isotp: use per module netdevice notifier
- inet: use bigger hash table for IP ID generation
- [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
- [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot
- [x86] fpu: Reset state for all signal restore failures
- module: limit enabling module.sig_enforce (CVE-2021-35039)
- drm/nouveau: wait for moving fence after pinning v2
- drm/radeon: wait for moving fence after pinning
- Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
- mac80211: remove warning in ieee80211_get_sband()
- cfg80211: call cfg80211_leave_ocb when switching away from OCB
- mac80211: drop multicast fragments
- net: ethtool: clear heap allocations for ethtool function
- ping: Check return value of function 'ping_queue_rcv_skb'
- inet: annotate date races around sk->sk_txhash
- net/packet: annotate accesses to po->bind
- net/packet: annotate accesses to po->ifindex
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS
- r8169: Avoid memcpy() over-reading of ETH_SS_STATS
- net: qed: Fix memcpy() overflow of qed_dcbx_params()
- [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA
- nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
- i2c: robotfuzz-osif: fix control-request directions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197
- mm: add VM_WARN_ON_ONCE_PAGE() macro
- mm/rmap: remove unneeded semicolon in page_not_mapped()
- mm/rmap: use page_not_mapped in try_to_unmap()
- mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
- mm/thp: make is_huge_zero_pmd() safe and quicker
- mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
- mm/thp: fix vma_address() if virtual address below file offset
- mm/thp: fix page_address_in_vma() on file THP tails
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
- mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
- mm: page_vma_mapped_walk(): use page for pvmw->page
- mm: page_vma_mapped_walk(): settle PageHuge on entry
- mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
- mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
- mm: page_vma_mapped_walk(): crossing page table boundary
- mm: page_vma_mapped_walk(): add a level of indentation
- mm: page_vma_mapped_walk(): use goto instead of while (1)
- mm: page_vma_mapped_walk(): get vma_address_end() earlier
- mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
- mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
- mm, futex: fix shared futex pgoff on shmem huge page
- scsi: sr: Return appropriate error code when disk is ejected
- drm/nouveau: fix dma_address check for CPU/GPU sync
- ext4: eliminate bogus error in ext4_data_block_valid_rcu()
- kthread_worker: split code for canceling the delayed work timer
- kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync()
- xen/events: reset active flag for lateeoi events later
- [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails
- [armhf] OMAP: replace setup_irq() by request_irq()
- [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource
support
- [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap
issue
- [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata
i940
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset
- ALSA: usb-audio: Fix OOB access at proc output
- media: dvb-usb: fix wrong definition
- Input: usbtouchscreen - fix control-request directions
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
- usb: gadget: eem: fix echo command packet response issue
- USB: cdc-acm: blacklist Heimann USB Appset device
- [arm64,armhf] usb: dwc3: Fix debugfs creation flow
- [x86] usb: typec: Add the missed altmode_id_remove() in
typec_register_altmode()
- xhci: solve a double free problem while doing s4
- iov_iter_fault_in_readable() should do nothing in xarray case
- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
(CVE-2021-3612)
- [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian
mode
- btrfs: send: fix invalid path for unlink operations after parent
orphanization
- btrfs: clear defrag status of a root if starting transaction fails
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
transaction handle
- ext4: fix kernel infoleak via ext4_extent_header
- ext4: return error code when ext4_fill_flex_info() fails
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
- ext4: fix avefreec in find_group_orlov
- ext4: use ext4_grp_locked_error in mb_find_extent
- can: gw: synchronize rcu operations before removing gw job entry
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue
in TX path
- SUNRPC: Fix the batch tasks count wraparound.
- SUNRPC: Should wake up the privileged task firstly.
- [s390x] cio: dont call css_wait_for_slow_path() inside a lock
- [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem
- [x86] serial_cs: remove wrong GLOBETROTTER.cis entry
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
- ssb: sdio: Don't overwrite const buffer if block_write fails
- rsi: Assign beacon rate settings to the correct rate_info descriptor field
- rsi: fix AP mode with WPA failure due to encrypted EAPOL
- tracing/histograms: Fix parsing of "sym-offset" modifier
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8
- [powerpc*] stacktrace: Fix spurious "stale" traces in
raise_backtrace_ipi()
- fuse: check connected before queueing on fpq->io
- spi: Make of_register_spi_device also set the fwnode
- [i386] spi: spi-topcliff-pch: Fix potential double free in
pch_spi_process_messages()
- media: cpia2: fix memory leak in cpia2_usb_probe
- media: pvrusb2: fix warning in pvr2_i2c_core_done
- [x86] crypto: qat - check return code of qat_hal_rd_rel_reg()
- [x86] crypto: qat - remove unused macro in FW loader
- sched/fair: Fix ascii art by relpacing tabs
- media: em28xx: Fix possible memory leak of em28xx struct
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
- media: bt8xx: Fix a missing check bug in bt878_probe
- media: dvd_usb: memory leak in cinergyt2_fe_attach
- mmc: via-sdmmc: add a check against NULL pointer dereference
- crypto: shash - avoid comparing pointers to exported functions under CFI
- media: dvb_net: avoid speculation from net slot
- media: siano: fix device register error path
- btrfs: fix error handling in __btrfs_update_delayed_inode
- btrfs: abort transaction if we fail to update the delayed inode
- btrfs: disable build on platforms having page size 256K
- [armhf] regulator: da9052: Ensure enough delay time for
.set_voltage_time_sel
- HID: do not use down_interruptible() when unbinding devices
- ACPI: processor idle: Fix up C-state latency if not ordered
- [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning
- lib: vsprintf: Fix handling of number field widths in vsscanf
- ACPI: EC: Make more Asus laptops use ECDT _GPE
- block_dump: remove block_dump feature in mark_inode_dirty()
- fs: dlm: cancel work sync othercon
- random32: Fix implicit truncation warning in prandom_seed_state()
- fs: dlm: fix memory leak when fenced
- ACPICA: Fix memory leak caused by _CID repair function
- ACPI: bus: Call kobject_put() in acpi_init() error path
- [x86] platform/x86: toshiba_acpi: Fix missing error code in
toshiba_acpi_setup_keyboard()
- clocksource: Retry clock read if long delays detected
- HID: wacom: Correct base usage for capacitive ExpressKey status bits
- [armhf] sata_highbank: fix deferred probing
- [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
- [x86] crypto: ccp - Fix a resource leak in an error handling path
- media: rc: i2c: Fix an error message
- media: gspca/gl860: fix zero-length control requests
- media: siano: Fix out-of-bounds warnings in
smscore_load_firmware_family2()
- btrfs: clear log tree recovering status if starting transaction fails
- [armhf] spi: spi-sun6i: Fix chipselect/clock bug
- ACPI: sysfs: Fix a buffer overrun problem with description_show()
- blk-wbt: introduce a new disable state to prevent false positive by
rwb_enabled()
- blk-wbt: make sure throttle is enabled properly
- ocfs2: fix snprintf() checking
- [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe()
- [i386] net: pch_gbe: Propagate error from devm_gpio_request_one()
- [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on
error in cdn_dp_grf_write()
- RDMA/rxe: Fix failure during driver load
- drm: qxl: ensure surf.data is ininitialized
- ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
- [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
- ssb: Fix error return code in ssb_bus_scan()
- brcmfmac: fix setting of station info chains bitmask
- brcmfmac: correctly report average RSSI in station info
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path
- ath10k: Fix an error code in ath10k_add_interface()
- RDMA/mlx5: Don't add slave port to unaffiliated list
- netfilter: nft_exthdr: check for IPv6 packet before further processing
- netfilter: nft_osf: check for TCP packet before further processing
- netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
- RDMA/rxe: Fix qp reference counting for atomic ops
- pkt_sched: sch_qfq: fix qfq_change_class() error path
- vxlan: add missing rcu_read_lock() in neigh_reduce()
- net/ipv4: swap flow ports when validating source
- ieee802154: hwsim: Fix memory leak in hwsim_add_one
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
- mac80211: remove iwlwifi specific workaround NDPs of null_response
- ipv6: exthdrs: do not blindly use init_net
- bpf: Do not change gso_size during bpf_skb_change_proto()
- i40e: Fix error handling in i40e_vsi_open
- i40e: Fix autoneg disabling for non-10GBaseT links
- ipv6: fix out-of-bound access in ip6_parse_tlv()
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
- writeback: fix obtain a reference to a freeing memcg css
- net: lwtunnel: handle MTU calculation in forwading
- net: sched: fix warning in tcindex_alloc_perfect_hash
- RDMA/mlx5: Don't access NULL-cleared mpi pointer
- tty: nozomi: Fix a resource leak in an error handling function
- mwifiex: re-fix for unaligned accesses
- [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
hi6210_i2s_startup()
- [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
set_protocol()
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
- scsi: FlashPoint: Rename si_flags field
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
- of: Fix truncation of memory sizes on 32-bit platforms
- [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on
error in marvell_nfc_resume()
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
- configfs: fix memleak in configfs_release_bin_file
- [powerpc*] Offline CPU in stop_this_cpu()
- [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate
- vfio/pci: Handle concurrent vma faults
- mm/huge_memory.c: don't discard hugepage if other processes are mapping it
- mmc: block: Disable CMDQ on the ioctl path
- mmc: vub3000: fix control-request direction
- drm/amd/amdgpu/sriov disable all ip hw status by default
- [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
- hugetlb: clear huge pte during flush function on mips platform
- atm: iphase: fix possible use-after-free in ia_module_exit()
- mISDN: fix possible use-after-free in HFC_cleanup()
- atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
- reiserfs: add check for invalid 1st journal block
- drm/virtio: Fix double free on probe failure
- udf: Fix NULL pointer dereference in udf_symlink function
- e100: handle eeprom as little endian
- [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied
properly
- ipv6: use prandom_u32() for ID generation
- RDMA/cxgb4: Fix missing error code in create_qp()
- dm space maps: don't reset space map allocation cursor when committing
- [armhf] pinctrl: mcp23s08: fix race condition in irq handler
- ice: set the value of global config lock timeout longer
- virtio_net: Remove BUG() to avoid machine dead
- [arm64,armhf] net: mvpp2: check return value after calling
platform_get_resource()
- [amd64] fjes: check return value after calling platform_get_resource()
- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
- xfrm: Fix error reporting in xfrm_state_construct.
- [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
- [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan
- net: fix mistake path for netdev_features_strings
- rtl8xxxu: Fix device info for RTL8192EU devices
- atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
- atm: nicstar: register the interrupt handler in the right place
- vsock: notify server to shutdown when client has pending signal
- RDMA/rxe: Don't overwrite errno from ib_umem_get()
- iwlwifi: mvm: don't change band on bound PHY contexts
- iwlwifi: pcie: free IML DMA memory allocation
- sfc: avoid double pci_remove of VFs
- sfc: error code if SRIOV cannot be disabled
- wireless: wext-spy: Fix out-of-bounds warning
- net: ip: avoid OOM kills with large UDP sends over loopback
- RDMA/cma: Fix rdma_resolve_route() memory leak
- Bluetooth: Fix the HCI to MGMT status conversion table
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
- sctp: validate from_addr_param return (CVE-2021-3655)
- sctp: add size validation when walking chunks (CVE-2021-3655)
- fscrypt: don't ignore minor_hash when hash is 0
- bdi: Do not use freezable workqueue
- [arm64] serial: mvebu-uart: clarify the baud rate derivation
- [arm64] serial: mvebu-uart: fix calculation of clock divisor
- fuse: reject internal errno
- [powerpc*] barrier: Avoid collision with clang's __lwsync macro
- usb: gadget: f_fs: Fix setting of device and driver data cross-references
- drm/radeon: Add the missed drm_gem_object_put() in
radeon_user_framebuffer_create()
- pinctrl/amd: Add device HID for new AMD GPIO controller
- [arm64] drm/msm/mdp4: Fix modifier support enabling
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
- mmc: core: clear flags before allowing to retune
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
- [armhf] ata: ahci_sunxi: Disable DIPM
- cpu/hotplug: Cure the cpusets trainwreck
- [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer
workaround
- [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
- ipmi/watchdog: Stop watchdog timer when the current action is 'none'
- seq_buf: Fix overflow in seq_buf_putmem_hex()
- tracing: Simplify & fix saved_tgids logic
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
- dm btree remove: assign new_root only when removal succeeds
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
- [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request
- media: subdev: disallow ioctl for saa6588/davinci
- media: dtv5100: fix control-request directions
- media: zr364xx: fix memory leak in zr364xx_start_readpipe
- media: gspca/sq905: fix control-request direction
- media: gspca/sunplus: fix zero-length control requests
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
- [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
- jfs: fix GPF in diFree
- [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is
enabled
- [x86] KVM: X86: Disable hardware breakpoints unconditionally before
kvm_x86->run()
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
- tracing: Do not reference char * as a string in histograms
- [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock
- [arm64] PCI: aardvark: Fix kernel panic during PIO transfer
- [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one
- Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
- w1: ds2438: fixing bug that would always get page0
- scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the
SGLs
- scsi: core: Cap scsi_host cmd_per_lun at can_queue
- [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling
path
- scsi: scsi_dh_alua: Check for negative result value
- fs/jfs: Fix missing error code in lmLogInit()
- scsi: iscsi: Add iscsi_cls_conn refcount helpers
- scsi: iscsi: Fix conn use after free during resets
- scsi: iscsi: Fix shost->max_id use
- scsi: qedi: Fix null ref during abort handling
- [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
- [s390x] sclp_vt220: fix console name to match device (Closes: #961056)
- [i386] ALSA: sb: Fix potential double-free of CSP mixer elements
- [powerpc*] ps3: Add dma_mask to ps3_dma_region
- [arm64] gpio: zynq: Check return value of pm_runtime_get_sync
- [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655
- ASoC: soc-core: Fix the error return code in
snd_soc_of_parse_audio_routing()
- ALSA: bebob: add support for ToneWeal FW66
- usb: gadget: f_hid: fix endianness issue with descriptors
- [powerpc*] boot: Fixup device-tree on little endian
- [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq()
- [x86] intel_th: Wait until port is in reset before programming it
- i2c: core: Disable client irq on reboot/shutdown
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
- [x86] power: supply: max17042: Do not enforce (incorrect) interrupt
trigger type
- [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
- [x86] watchdog: Fix possible use-after-free in wdt_startup()
- [x86] watchdog: Fix possible use-after-free by calling del_timer_sync()
- [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout
- [x86] fpu: Return proper error codes from user access functions
- [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE
- orangefs: fix orangefs df output.
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
- NFS: nfs_find_open_context() may only select open files
- [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback
- [arm64] ACPI: AMBA: Fix resource name in /proc/iomem
- [x86] ACPI: video: Add quirk for the Dell Vostro 3350
- virtio-blk: Fix memory leak among suspend/resume procedure
- virtio_net: Fix error handling in virtnet_restore()
- virtio_console: Assure used length from device is limited (CVE-2021-38160)
- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
- NFSv4: Initialise connection to the server in nfs4_alloc_client()
(CVE-2021-38199)
- nfs: fix acl memory leak of posix_acl_create()
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
- [x86] fpu: Limit xstate copy size in xstateregs_set()
- virtio_net: move tx vq operation under tx queue lock
- [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe()
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
- rtc: fix snprintf() checking in is_rtc_hctosys()
- [arm64,armhf] reset: bail if try_module_get() fails
- [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
- net: bridge: multicast: fix PIM hello router port marking race
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199
- [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and
rk3288
- [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info
- [armhf] dts: rockchip: fix supply properties in io-domains nodes
- [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds
- thermal/core: Correct function name thermal_zone_device_unregister()
- [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger
type
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
- scsi: libsas: Add LUN number check in .slave_alloc callback
- scsi: libfc: Fix array index out of bound exception
- sched/fair: Fix CFS bandwidth hrtimer expiry type
- mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
- dm writecache: return the exact table values that were set
- dm writecache: fix writing beyond end of underlying device when shrinking
- [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
- net: ipv6: fix return value of ip6_skb_dst_mtu
- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
- net: bridge: sync fdb to new unicast-filtering ports
- [arm64] net: qcom/emac: fix UAF in emac_remove
- net: ti: fix UAF in tlan_remove_one
- net: send SYNACK packet with accepted fwmark
- net: validate lwtstate->data before returning from skb_tunnel_info()
- dma-buf/sync_file: Don't leak fences on merge failure
- tcp: annotate data races around tp->mtu_info
- ipv6: tcp: drop silly ICMPv6 packet too big messages
- udp: annotate data races around unix_sk(sk)->gso_size
- net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
- igb: Fix use-after-free error during reset
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
- igb: Fix an error handling path in 'igb_probe()'
- e1000e: Fix an error handling path in 'e1000_probe()'
- iavf: Fix an error handling path in 'iavf_probe()'
- igb: Check if num of q_vectors is smaller than max before array access
- igb: Fix position of assignment to *ring
- ipv6: fix 'disable_policy' for fwd packets
- nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
- liquidio: Fix unintentional sign extension issue on left shift of u16
- net: fix uninit-value in caif_seqpkt_sendmsg
- net: decnet: Fix sleeping inside in af_decnet
- [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
- netrom: Decrease sock refcount when sock timers expire
- scsi: iscsi: Fix iface sysfs attr detection
- scsi: target: Fix protect handling in WRITE SAME(32)
- net/tcp_fastopen: fix data races around tfo_active_disable_stamp
- net/sched: act_skbmod: Skip non-Ethernet packets
- nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
- Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
- sctp: update active_key for asoc when old key is being replaced
- net: sched: cls_api: Fix the the wrong parameter
- [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free
- proc: Avoid mixing integer types in mem_rw()
- [s390x] ftrace: fix ftrace_update_ftrace_func implementation
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
- [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver
- xhci: Fix lost USB 2 remote wake
- [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
(CVE-2021-37576)
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
- usb: hub: Fix link power management max exit latency (MEL) calculations
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
- USB: serial: option: add support for u-blox LARA-R6 family
- USB: serial: cp210x: fix comments for GE CS1000
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
- [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
(CVE-2021-3679)
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
- ixgbe: Fix packet corruption due to missing DMA sync
- drm: Return -ENOTTY for non-drm ioctls
- KVM: do not assume PTE is writable after follow_pfn
- KVM: do not allow mapping valid but non-reference-counted pages
(CVE-2021-22543)
- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
- [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on
Topaz
- btrfs: compression: don't try to compress if we don't have enough pages
- PCI: Mark AMD Navi14 GPU ATS as broken
- xhci: add xhci_get_virt_ep() helper
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200
- [x86] KVM: determine if an exception has an error code only when injecting
it.
- net: split out functions related to registering inflight socket files
- af_unix: fix garbage collect vs MSG_PEEK
- workqueue: fix UAF in pwq_unbound_release_workfn()
- net/802/mrp: fix memleak in mrp_request_join()
- net/802/garp: fix memleak in garp_request_join()
- net: annotate data race around sk_ll_usec
- sctp: move 198 addresses from unusable to private scope
- hfs: add missing clean-up in hfs_fill_super
- hfs: fix high memory mapping in hfs_bnode_read
- hfs: add lock nesting notation to hfs_find_init
- cifs: fix the out of range assignment to bit fields in
parse_server_interfaces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201
- virtio_net: Do not pull payload in skb->head
- gro: ensure frag0 meets IP header alignment
- [x86] asm: Ensure asm/proto.h can be included stand-alone
- btrfs: fix rw device counting in __btrfs_free_extra_devids
- [x86] kvm: fix vcpu-id indexed array sizes
- ocfs2: fix zero out valid data
- ocfs2: issue zeroout to EOF blocks
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
- can: mcba_usb_start(): add missing urb->transfer_dma initialization
- can: usb_8dev: fix memory leak
- can: ems_usb: fix memory leak
- can: esd_usb2: fix memory leak
- NIU: fix incorrect error return, missed in previous revert
- nfc: nfcsim: fix use after free during module unload
- cfg80211: Fix possible memory leak in function cfg80211_bss_update
- netfilter: conntrack: adjust stop timestamp to real expiry value
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only
- i40e: Fix logic of disabling queues
- i40e: Fix log TC creation failure when max num of queues is exceeded
- tipc: fix sleeping in tipc accept routine
- mlx4: Fix missing error code in mlx4_load_one()
- net: llc: fix skb_over_panic
- net/mlx5: Fix flow table chaining
- sctp: fix return value check in __sctp_rcv_asconf_lookup
- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
- sis900: Fix missing pci_disable_device() in probe and remove
- [powerpc*] pseries: Fix regression while building external modules
- i40e: Add additional info to PHY type error
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202
- btrfs: mark compressed range uptodate only if all bio succeed
- r8152: Fix potential PM refcount imbalance
- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
- net: Fix zero-copy head len calculation.
- bdi: move bdi_dev_name out of line
- bdi: use bdi_dev_name() to get device name
- bdi: add a ->dev_name field to struct backing_dev_info
- Revert "Bluetooth: Shutdown controller after workqueues are flushed or
cancelled"
- [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
- padata: validate cpumask without removed CPU during offline
- padata: add separate cpuhp node for CPUHP_PADATA_DEAD
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203
- Revert "ACPICA: Fix memory leak caused by _CID repair function"
- ALSA: seq: Fix racy deletion of subscriber
- [armhf] imx: add missing iounmap()
- ALSA: usb-audio: fix incorrect clock source setting
- scsi: sr: Return correct event when media event code is 3
- media: videobuf2-core: dequeue if start_streaming fails
- net: natsemi: Fix missing pci_disable_device() in probe and remove
- sctp: move the active_key update after sh_keys is added
- nfp: update ethtool reporting of pauseframe control
- net: ipv6: fix returned variable type in ip6_skb_dst_mtu
- bnx2x: fix an error code in bnx2x_nic_load()
- net: pegasus: fix uninit-value in get_interrupt_interval
- [armhf] net: fec: fix use-after-free in fec_drv_remove
- net: vxge: fix use-after-free in vxge_device_unregister
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
- USB: usbtmc: Fix RCU stall warning
- USB: serial: option: add Telit FD980 composition 0x1056
- USB: serial: ch341: fix character loss at high transfer rates
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
- usb: gadget: f_hid: fixed NULL pointer dereference
- usb: gadget: f_hid: idle uses the highest byte for duration
- tracing/histogram: Rename "cpu" to "common_cpu"
- [arm64] optee: Clear stale cache entries during initialization
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
- media: rtl28xxu: fix zero-length control request
- pipe: increase minimum default pipe size to 2 pages
- ext4: fix potential htree corruption when growing large_dir directories
- serial: 8250: Mask out floating 16/32-bit bus bits
- [mips*] Malta: Do not byte-swap accesses to the CBUS UART
- [x86] pcmcia: i82092: fix a null pointer dereference bug
- [x86] KVM: accept userspace interrupt only if no event is injected
- [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
- [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove
- qmi_wwan: add network device usage statistics for qmimux devices
- libata: fix ata_pio_sector for CONFIG_HIGHMEM
- reiserfs: add check for root_inode in reiserfs_fill_super
- reiserfs: check directory items on read from disk
- net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
ql_adapter_reset
- [armhf] imx: add mmdc ipg clock operation for mmdc
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204
- [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
- bpf: Inherit expanded/patched seen count from old aux data
(CVE-2021-33624)
- bpf: Do not mark insn as seen under speculative path verification
(CVE-2021-33624)
- bpf: Fix leakage under speculation on mispredicted branches
(CVE-2021-33624)
- [x86] KVM: MMU: Use the correct inherited permissions to get shadow page
(CVE-2021-38198)
- USB:ehci:fix Kunpeng920 ehci hardware problem
- ppp: Fix generating ppp unit id when ifname is not specified
- ovl: prevent private clone if bind mount is not allowed CVE-2021-3732)
- net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205
- [x86] ASoC: intel: atom: Fix reference to PCM buffer address
- i2c: dev: zero out array used for i2c reads from userspace
- [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
- ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
- net: Fix memory leak in ieee802154_raw_deliver
- net: igmp: fix data-race in igmp_ifc_timer_expire()
- net: bridge: fix memleak in br_add_if()
- tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B
packets
- net: igmp: increase size of mr_ifc_count
- xen/events: Fix race in set_evtchn_to_irq
- vsock/virtio: avoid potential deadlock when vsock device remove
- [powerpc*] kprobes: Fix kprobe Oops happens in booke
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
- [x86] msi: Force affinity setup before startup
- [x86] ioapic: Force affinity setup before startup
- genirq/msi: Ensure deactivation on teardown
- PCI/MSI: Enable and mask MSI-X early
- PCI/MSI: Do not set invalid bits in MSI mask
- PCI/MSI: Correct misleading comments
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
- PCI/MSI: Protect msi_desc::masked for multi-MSI
- PCI/MSI: Mask all unused MSI-X entries
- PCI/MSI: Enforce that MSI-X table entry is masked for update
- PCI/MSI: Enforce MSI[X] entry updates to be visible
- [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width
- mac80211: drop data frames without key on encrypted links
- [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
(CVE-2021-3656)
- [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(CVE-2021-3653)
- [x86] fpu: Make init_fpstate correct with optimized XSAVE
- ath: Use safer key clearing with key cache entries (CVE-2020-3702)
- ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702)
- ath: Export ath_hw_keysetmac() (CVE-2020-3702)
- ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702)
- ath9k: Postpone key cache entry deletion for TXQ frames reference it
(CVE-2020-3702)
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is
not yet available
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
- net: usb: lan78xx: don't modify phy_device state concurrently
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait
- [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
- vhost: Fix the calculation in vhost_overflow()
- bnxt: don't lock the tx queue from napi poll
- bnxt: disable napi before canceling DIM
- net: 6pack: fix slab-out-of-bounds in decode_data
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
- [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors
- [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly
- [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error
- ALSA: hda - fix the 'Capture Switch' value change notifications
- btrfs: prevent rename2 from exchanging a subvol with a directory from
different parents
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
- [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup
- locks: print a warning when mount fails due to lack of "mand" support
- fs: warn about impending deprecation of mandatory locks
- netfilter: nft_exthdr: fix endianness of tcp option cast
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206
- net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743)
- bpf: Do not use ax register in interpreter on div/mod
- bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600)
- bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444)
- netfilter: conntrack: collect all entries in one cycle
- once: Fix panic when module unload
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
and TX error counters
- Revert "USB: serial: ch341: fix character loss at high transfer rates"
- USB: serial: option: add new VID/PID to support Fibocom FG150
- [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
- [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable
- [amd64] IB/hfi1: Fix possible null-pointer dereference in
_extend_sdma_tx_descs()
- e1000e: Fix the max snoop/no-snoop latency for 10M
- ip_gre: add validation for csum_start
- [arm64] xgene-v2: Fix a resource leak in the error handling path of
'xge_probe()'
- [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number
- [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration
- usb: gadget: u_audio: fix race condition on endpoint stop
- opp: remove WARN when no valid OPPs remain
- virtio: Improve vq->broken access to avoid any compiler optimization
- virtio_pci: Support surprise removal of virtio pci device
- [amd64] vringh: Use wiov->used to check for read/write desc order
- qed: qed ll2 race condition fixes
- qed: Fix null-pointer dereference in qed_rdma_create_qp()
- drm: Copy drm_wait_vblank to user before returning
- drm/nouveau/disp: power down unused DP links during init
- net/rds: dma_map_sg is entitled to merge entries
- vt_kdsetmode: extend console locking (CVE-2021-3753)
- fbmem: add margin check to fb_check_caps()
- [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow
MMUs
- Revert "floppy: reintroduce O_NDELAY fix"
- net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207
- ext4: fix race writing to an inline_data file while its xattrs are
changing (CVE-2021-40490)
- [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar
U/V formats
- qed: Fix the VF msix vectors flow
- [arm64] net: macb: Add a NULL check on desc_ptp
- qede: Fix memset corruption
- [x86] perf/x86/intel/pt: Fix mask of num_address_ranges
- [x86] perf/x86/amd/ibs: Work around erratum #1197
- [armel,armhf] 8918/2: only build return_address() if needed
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
- clk: fix build warning for orphan_list
- media: stkwebcam: fix memory leak in stk_camera_probe
- [armhf] imx: add missing clk_disable_unprepare()
- [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init
- igmp: Add ip_mc_list lock in ip_check_mc_rcu
- ipv4/icmp: l3mdev: Perform icmp error route lookup on source device
routing table (v2)
- SUNRPC/nfs: Fix return value for nfs4_callback_compound()
- [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling
- [powerpc*] boot: Delete unneeded .globl _zimage_start
- mm/page_alloc: speed up the iteration of max_order
- Revert "btrfs: compression: don't try to compress if we don't have enough
pages"
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
- [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
- PCI: Call Max Payload Size-related fixup quirks early
- locking/mutex: Fix HANDOFF condition
- regmap: fix the offset of register error log
- sched/deadline: Fix reset_on_fork reporting of DL tasks
- power: supply: axp288_fuel_gauge: Report register-address on readb /
writeb errors
- sched/deadline: Fix missing clock update in migrate_task_rq_dl()
- hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
- udf: Check LVID earlier
- isofs: joliet: Fix iocharset=utf8 mount option
- bcache: add proper error unwinding in bcache_device_init
- nvme-rdma: don't update queue count when failing to set io queues
- [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF
- [s390x] cio: add dev_busid sysfs entry for each subchannel
- libata: fix ata_host_start()
- [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms()
- [x86] crypto: qat - handle both source of interrupt in VF ISR
- [x86] crypto: qat - fix reuse of completion variable
- [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications
- [x86] crypto: qat - do not export adf_iov_putmsg()
- fcntl: fix potential deadlock for &fasync_struct.fa_lock
- udf_get_extendedattr() had no boundary checks.
- lib/mpi: use kcalloc in mpi_resize
- [x86] crypto: qat - use proper type for vf_mask
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
- media: go7007: remove redundant initialization
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
- tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
- [arm64] media: venus: venc: Fix potential null pointer dereference on
pointer fmt
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
- PCI: PM: Enable PME if it can be signaled from D3cold
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
- [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary
LMs
- Bluetooth: fix repeated calls to sco_sock_kill
- [arm64] drm/msm/dsi: Fix some reference counted resource leaks
- [armhf] usb: phy: twl6030: add IRQ checks
- Bluetooth: Move shutdown callback before flushing tx and rx queue
- mac80211: Fix insufficient headroom issue for AMSDU
- Bluetooth: add timeout sanity check to hci_inquiry
- [armhf] i2c: s3c2410: fix IRQ check
- [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
- CIFS: Fix a potencially linear read overflow
- [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
- bcma: Fix memory leak for internally-handled cores
- ipv4: make exception cache less predictible
- net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
- ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
- netns: protect netns ID lookups with RCU
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
- ext4: report correct st_size for encrypted symlinks
- f2fs: report correct st_size for encrypted symlinks
- ubifs: report correct st_size for encrypted symlinks
- tty: Fix data race between tiocsti() and flush_to_ldisc()
- [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is
adjusted
- fbmem: don't allow too huge resolutions
- [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover
- [armel] clk: kirkwood: Fix a clocking boot regression
- btrfs: reset replace target device to allocation state on close
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
- PCI/MSI: Skip masking MSI-X on Xen PV
- [powerpc*] perf/hv-gpci: Fix counter value parsing
- xen: fix setting of max_pfn in shared_info
- 9p/xen: Fix end of loop tests for list_for_each_entry
- bpf/verifier: per-register parent pointers
- bpf: correct slot_type marking logic to allow more stack slot sharing
- bpf: Support variable offset stack access from helpers
- bpf: Reject indirect var_off stack access in raw mode
- bpf: Reject indirect var_off stack access in unpriv mode
- bpf: Sanity check max value for var_off stack access
- bpf: track spill/fill of constants
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(CVE-2021-34556, CVE-2021-35477)
- bpf: Fix leakage due to insufficient speculative store bypass mitigation
(CVE-2021-34556, CVE-2021-35477)
- bpf: verifier: Allocate idmap scratch in verifier env
- bpf: Fix pointer arithmetic mask tightening under state pruning
- [arm64] head: avoid over-mapping in map_memory
- block: bfq: fix bfq_set_next_ioprio_data()
- [x86] power: supply: max17042: handle fails of reading status register
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
- [x86] VMCI: fix NULL pointer dereference when unmapping queue pair
- media: uvc: don't do DMA on stack
- media: rc-loopback: return number of emitters rather than error
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
- [arm64] PCI: xilinx-nwl: Enable the clock through CCF
- [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for
PIO response
- [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
- HID: input: do not report stylus battery state as "full"
- RDMA/iwcm: Release resources if iw_cm module initialization fails
- docs: Fix infiniband uverbs minor number
- [armhf] pinctrl: samsung: Fix pinctrl bank pin count
- [powerpc*] stacktrace: Include linux/delay.h
- [arm64,armhf] pinctrl: single: Fix error return code in
pcs_parse_bits_in_pinctrl_entry()
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
- [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call
- fscache: Fix cookie key hashing
- f2fs: fix to account missing .skipped_gc_rwsem
- f2fs: fix to unmap pages from userspace process in punch_hole()
- [mips*] Malta: fix alignment of the devicetree buffer
- userfaultfd: prevent concurrent API initialization
- media: dib8000: rewrite the init prbs logic
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
- tipc: keep the skb in rcv queue until the whole data is read
- video: fbdev: kyro: fix a DoS bug by restricting user input
- netlink: Deal with ESRCH error in nlmsg_notify()
- usb: gadget: u_ether: fix a potential null pointer dereference
- usb: gadget: composite: Allow bMaxPower=0 if self-powered
- tty: serial: jsm: hold port lock when reporting modem line changes
- video: fbdev: kyro: Error out if 'pixclock' equals zero
- ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
- flow_dissector: Fix out-of-bounds warnings
- [s390x] jump_label: print real address in a case of a jump label bug
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
- serial: 8250_pci: make setup_port() parameters explicitly unsigned
- Bluetooth: skip invalid hci_sync_conn_complete_evt
- bonding: 3ad: fix the concurrency between __bond_release_one() and
bond_3ad_state_machine_handler()
- [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps
for the matching in-/output
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
- [armhf] dts: imx53-ppd: Fix ACHC entry
- [arm64] dts: qcom: sdm660: use reg value for memory node
- [arm64] net: ethernet: stmmac: Do not use unreachable() in
ipq806x_gmac_probe()
- Bluetooth: schedule SCO timeouts with delayed_work
- Bluetooth: avoid circular locks in sco_sock_connect
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
access in amdgpu_i2c_router_select_ddc_port()
- Bluetooth: Fix handling of LE Enhanced Connection Complete
- tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
- rpc: fix gss_svc_init cleanup on failure
- [x86] staging: rts5208: Fix get_ms_information() heap buffer size
- gfs2: Don't call dlm after protocol is unmounted
- of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
- [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions
- mmc: rtsx_pci: Fix long reads when clock is prescaled
- mmc: core: Return correct emmc response in case of ioctl error
- cifs: fix wrong release in sess_alloc_buffer() failed path
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set"
- [armhf] usb: musb: musb_dsps: request_irq() after initializing musb
- usbip: give back URBs for unsent unlink requests during cleanup
- usbip:vhci_hcd USB port can get stuck in the disabled state
- [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang
- [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
- parport: remove non-zero check on count
- ath9k: fix OOB read ar9300_eeprom_restore_internal
- ath9k: fix sleeping in atomic context
- ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
- [x86] scsi: BusLogic: Fix missing pr_cont() use
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
- [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off
- mm/hugetlb: initialize hugetlb_usage in mm_init
- memcg: enable accounting for pids in nested pid namespaces
- [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when
timeout occurs
- drm/amdgpu: Fix BUG_ON assert
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
- [x86] xen: reset legacy rtc flag for PV domU
- bnx2x: Fix enabling network interfaces without VFs
- [arm64] sve: Use correct size when reinitialising SVE state
- PM: base: power: don't try to use non-existing RTC for storing data
- PCI: Add AMD GPU multi-function power dependencies
- [x86] mm: Fix kern_addr_valid() to cope with existing but not present
entries
- tipc: fix an use-after-free issue in tipc_recvmsg
- dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
- r6040: Restore MDIO clock frequency after MAC reset
- tipc: increase timeout in tipc_sk_enqueue()
- net/mlx5: Fix potential sleeping in atomic context
- events: Reuse value read using READ_ONCE instead of re-reading it
- net/af_unix: fix a data-race in unix_dgram_poll
- [arm64,armhf] net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
- qed: Handle management FW error
- [arm64] net: hns3: pad the short tunnel frame before sending to hardware
- mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
- [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
- [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping
- PCI: Add ACS quirks for Cavium multi-function devices
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
- block, bfq: honor already-setup queue merges
- ethtool: Fix an error code in cxgb2.c
- mfd: axp20x: Update AXP288 volatile ranges
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
- [arm64] KVM: Handle PSCI resets before userspace touches vCPU state
- mtd: rawnand: cafe: Fix a resource leak in the error handling path of
'cafe_nand_probe()'
- [armhf] net: dsa: b53: Fix calculating number of switch ports
- netfilter: socket: icmp6: fix use-after-scope
- fq_codel: reject silly quantum parameters
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
- ip_gre: validate csum_start only on pull
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208
- [s390x] bpf: Fix optimizing out zero-extensions
- KVM: remember position in kvm->vcpus array
- rcu: Fix missed wakeup of exp_wq waiters
- apparmor: remove duplicate macro list_entry_is_head()
- tracing/kprobe: Fix kprobe_on_func_entry() modification
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655)
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655)
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
- [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
- 9p/trans_virtio: Remove sysfs file on probe failure
- prctl: allow to setup brk for et_dyn executables
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
- profiling: fix shift-out-of-bounds bugs
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
- ceph: lockdep annotations for try_nonblocking_invalidate
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
- [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
.
[ Salvatore Bonaccorso ]
* [rt] Update to 4.19.195-rt82
* [rt] Update to 4.19.196-rt83
* Bump ABI to 18
* [rt] Update to 4.19.197-rt84
* Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers"
* [rt] Update to 4.19.198-rt85
* Refresh "scsi: hisi_sas: Create separate host attributes per HBA"
* [rt] Update to 4.19.199-rt86
* [rt] Update to 4.19.206-rt87
* [rt] Update to 4.19.207-rt88
* hso: fix bailout in error case of probe
* usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159)
* usb: hso: remove the bailout parameter
Checksums-Sha1:
18e5688107bc874e5de17ce40db82014ead3b301 191615 linux_4.19.208-1.dsc
a0923f01d0d7ac09ca20910e46b2fa953eae0ab6 107598860 linux_4.19.208.orig.tar.xz
87c86effbe6178a913544aa6681f01faa9c6dbd3 1504196 linux_4.19.208-1.debian.tar.xz
cb90d4f38a3561fb85127b83c0d6d3d3f8658c8b 6303 linux_4.19.208-1_source.buildinfo
Checksums-Sha256:
abc4bc72ccc5bf6d2c5ee4d60547c58ce8e00246effa0d4ca8d4a4ab36131dde 191615 linux_4.19.208-1.dsc
cabff7d88404362e0ac398f5fed783e00acfb0fcce8669ced3e0de44fc2b03bc 107598860 linux_4.19.208.orig.tar.xz
f4582cbfc68afe8650596ec591c4ebe4339d938f20b5dd034ae3110e011357cd 1504196 linux_4.19.208-1.debian.tar.xz
10a6aa5b02d434308cc44a47fe96f5f75c6732069654cf0bd2805e63f657b9aa 6303 linux_4.19.208-1_source.buildinfo
Files:
3b9bdc791ebc8c97036e54d2d3ee61e3 191615 kernel optional linux_4.19.208-1.dsc
784c54448e9bcfd450072171cf6a9d96 107598860 kernel optional linux_4.19.208.orig.tar.xz
2ff2defcff9ca44690f16925e1fb159a 1504196 kernel optional linux_4.19.208-1.debian.tar.xz
5cbe868dc6e856b1b3bdf6dac2208ce2 6303 kernel optional linux_4.19.208-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFUtw9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJN4P/0HC58Jff4ivxhf+PmeMnbd0U+jYzspa
uZ+8Vtu+BRPvQsjSCrNuTrxSDofSA/Y2yofcYnse+wSx3Wraz2vlxcESktyXBORf
1YA/LKv6x3fjD3ZWiTC2ZyblSIta7FOJRIhe/VWrZks0OgqSe6+SEZHBOMh3ZqKI
nBflCx+graQsh+sR2/4wD3gbq3lr4I2HCm0TYbquZfMajXoNK7oG1HRs1/fE7Pg6
XL9Biw5cUQwbPy7EiU3hjH2bU4luNR1sWGVCMCFyXYyYOzpSYXvNhNocmpa5kH5r
dnlTQWw0ewLd4OuR0eIa4rsbL3NQ6vuirqPjgnIkaQ5wC+wr4OgzDajjfg0kxaKB
k/UVszFOIrhN+BOV65KFiZxcD5L5in72cjlmXY6dfBDK0dlsVyxpGoMjGsrOTf9M
RG1d009cMOazjRTRxfChMbQ68VJItEBhytqAhxSRm+UkSVJ7AsOMrsPumWUfA5wK
rMLAgtMv+DdIw2t1iSyyEO55wo2EmkZibfj/PlYRvKajCw7njORM7g89CJc6PVIR
K45BxumRydZrZhwlENUGJv2iSMsR5XQmBPqMuZCSFzXvMwhRHcxEm3bhVcUDXhhY
jYo1gQaQy4YroQtohth2hS1qfuxwVmKGJmUeM4UJDSLP5GrDgJ5UM8cTxro84+1Y
soNLOW2TN2Kc
=9ccL
-----END PGP SIGNATURE-----