summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:58:15 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:58:15 +0000
commit2d139def3645feb04fd5a703be97b7f3eae8b556 (patch)
tree11c56a757cab0bdb6226826737d30a48ee9c13d3 /debian/changelog
parentMerging upstream version 6.1.82. (diff)
downloadlinux-debian.tar.xz
linux-debian.zip
Adding debian version 6.1.82-1.debian/6.1.82-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog922
1 files changed, 922 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 6d603a5e6..6f1aa1c11 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,925 @@
+linux (6.1.82-1) bookworm; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
+ - asm-generic: make sparse happy with odd-sized put_unaligned_*()
+ - [powerpc*] mm: Fix null-pointer dereference in pgtable_cache_add
+ - [arm64] irq: set the correct node for VMAP stack
+ - [arm64] drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
+ - [powerpc*] Fix build error due to is_valid_bugaddr()
+ - [powerpc*] mm: Fix build failures due to arch_reserved_kernel_pages()
+ - [x86] boot: Ignore NMIs during very early boot
+ - [powerpc*] pmd_move_must_withdraw() is only needed for
+ CONFIG_TRANSPARENT_HUGEPAGE
+ - [powerpc*] lib: Validate size for vector operations
+ - [x86*] mce: Mark fatal MCE's page as poison to avoid panic in the kdump
+ kernel
+ - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
+ sysfs file
+ - debugobjects: Stop accessing objects after releasing hash bucket lock
+ - regulator: core: Only increment use_count when enable_count changes
+ - audit: Send netlink ACK before setting connection in auditd_set
+ - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
+ - PNP: ACPI: fix fortify warning
+ - ACPI: extlog: fix NULL pointer dereference check
+ - ACPI: NUMA: Fix the logic of getting the fake_pxm value
+ - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
+ - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
+ events
+ - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
+ - UBSAN: array-index-out-of-bounds in dtSplitRoot
+ - jfs: fix slab-out-of-bounds Read in dtSearch
+ - jfs: fix array-index-out-of-bounds in dbAdjTree
+ - jfs: fix uaf in jfs_evict_inode
+ - pstore/ram: Fix crash when setting number of cpus to an odd number
+ - erofs: fix ztailpacking for subpage compressed blocks
+ - [armhf] crypto: stm32/crc32 - fix parsing list of devices
+ - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
+ - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
+ - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
+ - jfs: fix array-index-out-of-bounds in diNewExt
+ - arch: consolidate arch_irq_work_raise prototypes
+ - [s390x] vfio-ap: fix sysfs status attribute for AP queue devices
+ - [s390x] ptrace: handle setting of fpc register correctly
+ - [s390x] KVM: s390: fix setting of fpc register
+ - SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623)
+ - ecryptfs: Reject casefold directory inodes
+ - ext4: fix inconsistent between segment fstrim and full fstrim
+ - ext4: unify the type of flexbg_size to unsigned int
+ - ext4: remove unnecessary check from alloc_flex_gd()
+ - ext4: avoid online resizing failures due to oversized flex bg
+ (CVE-2023-52622)
+ - wifi: rt2x00: restart beacon queue when hardware reset
+ - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
+ - [arm64] soc: xilinx: Fix for call trace due to the usage of
+ smp_processor_id()
+ - [arm64] soc: xilinx: fix unhandled SGI warning message
+ - scsi: lpfc: Fix possible file string name overflow when updating firmware
+ - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
+ - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
+ - net: usb: ax88179_178a: avoid two consecutive device resets
+ - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
+ - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
+ - wifi: ath9k: Fix potential array-index-out-of-bounds read in
+ ath9k_htc_txstatus()
+ - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too
+ early
+ - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
+ (CVE-2023-52621)
+ - scsi: libfc: Don't schedule abort twice
+ - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
+ - bpf: Set uattr->batch.count as zero before batched update or deletion
+ - net: phy: at803x: fix passing the wrong reference for config_intr
+ - [arm64] scsi: hisi_sas: Set .phy_attached before notifing phyup event
+ HISI_PHYE_PHY_UP_PM
+ - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
+ - net: atlantic: eliminate double free in error handling logic
+ - [arm64,armhf] net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error
+ path
+ - block: prevent an integer overflow in bvec_try_merge_hw_page
+ - md: Whenassemble the array, consult the superblock of the freshest device
+ - [arm64] dts: qcom: msm8996: Fix 'in-ports' is a required property
+ - [arm64] dts: qcom: msm8998: Fix 'out-ports' is a required property
+ - ice: fix pre-shifted bit usage
+ - [arm64] dts: amlogic: fix format for s4 uart node
+ - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
+ - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
+ - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
+ - wifi: cfg80211: free beacon_ies when overridden from hidden BSS
+ - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
+ - Bluetooth: hci_sync: fix BR/EDR wakeup bug
+ - Bluetooth: L2CAP: Fix possible multiple reject send
+ - net/smc: disable SEID on non-s390 archs where virtual ISM may be used
+ - i40e: Fix VF disable behavior to block all traffic
+ - net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
+ - f2fs: fix to check return value of f2fs_reserve_new_block()
+ - ALSA: hda: Refer to correct stream index at loops
+ - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
+ - fast_dput(): handle underflows gracefully
+ - RDMA/IPoIB: Fix error code return in ipoib_mcast_join
+ - [arm64,armhf] drm/panel-edp: Add override_edid_mode quirk for generic edp
+ - drm/amd/display: Fix tiled display misalignment
+ - f2fs: fix write pointers on zoned device after roll forward
+ - [x86] ASoC: amd: Add new dmi entries for acp5x platform
+ - drm/drm_file: fix use of uninitialized variable
+ - drm/framebuffer: Fix use of uninitialized variable
+ - drm/mipi-dsi: Fix detach call without attach
+ - media: stk1160: Fixed high volume of stk1160_dbg messages
+ - [arm64,armhf] media: rockchip: rga: fix swizzling for RGB formats
+ - PCI: add INTEL_HDA_ARL to pci_ids.h
+ - [x86] ALSA: hda: Intel: add HDA_ARL PCI ID support
+ - [arm64] media: rkisp1: Drop IRQF_SHARED
+ - [arm64] media: rkisp1: Fix IRQ handler return values
+ - [arm64] media: rkisp1: Store IRQ lines
+ - [arm64] media: rkisp1: Fix IRQ disable race issue
+ - hwmon: (nct6775) Fix fan speed set failure in automatic mode
+ - f2fs: fix to tag gcing flag on page during block migration
+ - [armhf] drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
+ time
+ - IB/ipoib: Fix mcast list locking
+ - media: ddbridge: fix an error code problem in ddb_probe
+ - drm/amd/display: For prefetch mode > 0, extend prefetch if possible
+ - [arm64] drm/msm/dpu: Ratelimit framedone timeout msgs
+ - [arm64] drm/msm/dpu: fix writeback programming for YUV cases
+ - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
+ - [x86] watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
+ - drm/amd/display: make flip_timestamp_in_us a 64-bit variable
+ - drm/amdgpu: Fix ecc irq enable/disable unpaired
+ - drm/amdgpu: Let KFD sync with VM fences
+ - drm/amdgpu: Fix '*fw' from request_firmware() not released in
+ 'amdgpu_ucode_request()'
+ - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
+ - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
+ - leds: trigger: panic: Don't register panic notifier if creating the
+ trigger failed
+ - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
+ - PCI: Only override AMD USB controller if required
+ - PCI: switchtec: Fix stdev_release() crash after surprise hot remove
+ - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
+ - usb: hub: Replace hardcoded quirk value with BIT() macro
+ - usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x
+ hub
+ - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
+ - fs/kernfs/dir: obey S_ISGID
+ - PCI: Fix 64GT/s effective data rate calculation
+ - PCI/AER: Decode Requester ID when no error info found
+ - 9p: Fix initialisation of netfs_inode for 9p
+ - libsubcmd: Fix memory leak in uniq()
+ - virtio_net: Fix "ā€˜%dā€™ directive writing between 1 and 11 bytes into a
+ region of size 10" warnings
+ - blk-mq: fix IO hang from sbitmap wakeup race
+ - ceph: reinitialize mds feature bit even when session in open
+ - ceph: fix deadlock or deadcode of misusing dget()
+ - ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
+ - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
+ 'get_platform_power_management_table()'
+ - drm/amdgpu: Fix with right return code '-EIO' in
+ 'amdgpu_gmc_vram_checking()'
+ - drm/amdgpu: Release 'adev->pm.fw' before return in
+ 'amdgpu_device_need_post()'
+ - perf: Fix the nr_addr_filters fix
+ - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
+ - drm: using mul_u32_u32() requires linux/math64.h
+ - scsi: isci: Fix an error code problem in isci_io_request_build()
+ - [armhf] regulator: ti-abb: don't use devm_platform_ioremap_resource_byname
+ for shared interrupt register
+ - scsi: core: Move scsi_host_busy() out of host lock for waking up EH
+ handler
+ - HID: hidraw: fix a problem of memory leak in hidraw_release()
+ - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
+ - ipv4: raw: add drop reasons
+ - ipmr: fix kernel panic when forwarding mcast packets
+ - tcp: add sanity checks to rx zerocopy
+ - ixgbe: Refactor returning internal error codes
+ - ixgbe: Refactor overtemp event handling
+ - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
+ - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
+ - llc: call sock_orphan() at release time
+ - bridge: mcast: fix disabled snooping after long uptime
+ - netfilter: conntrack: correct window scaling with retransmitted SYN
+ - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
+ - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
+ - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
+ expectations
+ - net: ipv4: fix a memleak in ip_setup_cork
+ - af_unix: fix lockdep positive in sk_diag_dump_icons()
+ - net: sysfs: Fix /sys/class/net/<iface> path
+ - [arm64] irq: set the correct node for shadow call stack
+ - Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
+ - [arm64] drm/msm/dsi: Enable runtime PM
+ - gve: Fix use-after-free vulnerability
+ - bonding: remove print in bond_verify_device_path
+ - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
+ - ext4: regenerate buddy after block freeing failed if under fc replay
+ - [arm64] dmaengine: ti: k3-udma: Report short packet errors
+ - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue
+ DMA
+ - [arm64] dmaengine: fsl-qdma: Fix a memory leak related to the queue
+ command DMA
+ - [arm64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
+ - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
+ - [armhf] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
+ - cifs: failure to add channel on iface should bump up weight
+ - [arm64] drm/msms/dp: fixed link clock divider bits be over written in BPC
+ unknown case
+ - [arm64] drm/msm/dp: return correct Colorimetry for
+ DP_TEST_DYNAMIC_RANGE_CEA case
+ - [arm64] drm/msm/dpu: check for valid hw_pp in
+ dpu_encoder_helper_phys_cleanup
+ - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
+ - wifi: mac80211: fix waiting for beacons logic
+ - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
+ - net: atlantic: Fix DMA mapping for PTP hwts ring
+ - tunnels: fix out of bounds access when building IPv6 PMTU error
+ - atm: idt77252: fix a memleak in open_card_ubr0
+ - [armhf] hwmon: (aspeed-pwm-tacho) mutex for tach reading
+ - [x86] hwmon: (coretemp) Fix out-of-bounds memory access
+ - [x86] hwmon: (coretemp) Fix bogus core_id to attr name mapping
+ - inet: read sk->sk_family once in inet_recv_error()
+ - [x86] drm/i915/gvt: Fix uninitialized variable in handle_mmio()
+ - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
+ - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
+ - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
+ - ppp_async: limit MRU to 64K
+ - selftests: cmsg_ipv6: repeat the exact packet
+ - netfilter: nft_compat: narrow down revision to unsigned 8-bits
+ - netfilter: nft_compat: reject unused compat flag
+ - netfilter: nft_compat: restrict match/target protocol to u16
+ - drm/amd/display: Implement bounds check for stream encoder creation in
+ DCN301
+ - netfilter: nft_ct: reject direction for ct id
+ - netfilter: nft_set_pipapo: store index in scratch maps
+ - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
+ - netfilter: nft_set_pipapo: remove scratch_aligned pointer
+ - fs/ntfs3: Fix an NULL dereference bug
+ - scsi: core: Move scsi_host_busy() out of host lock if it is for
+ per-command
+ - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
+ - fs: dlm: don't put dlm_local_addrs on heap (Closes: #1063338)
+ - mtd: parsers: ofpart: add workaround for #size-cells 0
+ - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
+ - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
+ - ALSA: usb-audio: add quirk for RODE NT-USB+
+ - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
+ - USB: serial: option: add Fibocom FM101-GL variant
+ - USB: serial: cp210x: add ID for IMST iM871A-USB
+ - [arm64,armhf] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
+ - [arm64,armhf] usb: host: xhci-plat: Add support for
+ XHCI_SG_TRB_CACHE_SIZE_QUIRK
+ - hrtimer: Report offline hrtimer enqueue
+ - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
+ - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
+ (Closes: #1061521)
+ - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
+ - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
+ - vhost: use kzalloc() instead of kmalloc() followed by memset()
+ (CVE-2024-0340)
+ - RDMA/irdma: Fix support for 64k pages
+ - f2fs: add helper to check compression level (Closes: #1063422)
+ - block: treat poll queue enter similarly to timeouts
+ - clocksource: Skip watchdog check for large watchdog intervals
+ - net: stmmac: xgmac: use #define for string constants
+ - ALSA: usb-audio: Sort quirk table entries
+ - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
+ - netfilter: nft_set_rbtree: skip end interval element from gc
+ (CVE-2024-26581)
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
+ - work around gcc bugs with 'asm goto' with outputs
+ - update workarounds for gcc "asm goto" issue
+ - btrfs: add and use helper to check if block group is used
+ - btrfs: do not delete unused block group if it may be used soon
+ - btrfs: forbid creating subvol qgroups
+ - btrfs: do not ASSERT() if the newly created subvolume already got read
+ (CVE-2024-23850)
+ - btrfs: forbid deleting live subvol qgroup
+ - btrfs: send: return EOPNOTSUPP on unknown flags
+ - btrfs: don't reserve space for checksums when writing to nocow files
+ - btrfs: reject encoded write if inode has nodatasum flag set
+ - btrfs: don't drop extent_map for free space inode on write error
+ - driver core: Fix device_link_flag_is_sync_state_only()
+ - wifi: iwlwifi: Fix some error codes
+ - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
+ - of: property: Improve finding the supplier of a remote-endpoint property
+ - net: openvswitch: limit the number of recursions from action sets
+ (CVE-2024-1151)
+ - lan966x: Fix crash when adding interface under a lag
+ - tls/sw: Use splice_eof() to flush
+ - tls: extract context alloc/initialization out of tls_set_sw_offload
+ - net: tls: factor out tls_*crypt_async_wait()
+ - tls: fix race between async notify and socket close (CVE-2024-26583)
+ - net: tls: fix use-after-free with partial reads and async decrypt
+ (CVE-2024-26582)
+ - net: tls: fix returned read length with async decrypt
+ - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
+ - net: sysfs: Fix /sys/class/net/<iface> path for statistics
+ - nouveau/svm: fix kvcalloc() argument order
+ - [mips*] Add 'memory' clobber to csum_ipv6_magic() inline assembler
+ - i40e: Do not allow untrusted VF to remove administratively set MAC
+ - i40e: Fix waiting for queues of all VSIs to be disabled
+ - tracing/trigger: Fix to return error if failed to alloc snapshot
+ - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
+ - scsi: storvsc: Fix ring buffer size calculation
+ - dm-crypt, dm-verity: disable tasklets
+ - [x86] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
+ - ALSA: hda/realtek: Fix the external mic not being recognised for Acer
+ Swift 1 SF114-32
+ - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
+ - HID: i2c-hid-of: fix NULL-deref on failed power up
+ - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
+ - HID: wacom: Do not register input devices until after hid_hw_start
+ - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
+ - usb: ucsi: Add missing ppm_lock
+ - usb: ulpi: Fix debugfs directory leak
+ - usb: ucsi_acpi: Fix command completion handling
+ - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
+ - usb: f_mass_storage: forbid async queue when shutdown happen
+ - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
+ - driver core: fw_devlink: Improve detection of overlapping cycles
+ - cifs: fix underflow in parse_server_interfaces()
+ - i2c: qcom-geni: Correct I2C TRE sequence
+ - irqchip/loongson-eiointc: Use correct struct type in
+ eiointc_domain_alloc()
+ - i2c: pasemi: split driver into two separate modules
+ - i2c: i801: Fix block process call transactions (CVE-2024-26593)
+ - modpost: trim leading spaces when processing source files list
+ - mptcp: get rid of msk->subflow
+ - mptcp: fix data re-injection from stale subflow
+ - mptcp: drop the push_pending field
+ - mptcp: check addrs list in userspace_pm_get_local_id
+ - media: Revert "media: rkisp1: Drop IRQF_SHARED"
+ - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
+ - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
+ - drm/virtio: Set segment size for virtio_gpu device
+ - lsm: fix the logic in security_inode_getsecctx()
+ - firewire: core: correct documentation of fw_csr_string() kernel API
+ - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
+ - kbuild: Fix changing ELF file type for output of gen_btf for big endian
+ - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
+ - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
+ - net: stmmac: do not clear TBS enable bit on link up/down
+ - xen-netback: properly sync TX responses
+ - modpost: propagate W=1 build option to modpost
+ - modpost: Don't let "driver"s reference .exit.*
+ - linux/init: remove __memexit* annotations
+ - modpost: Include '.text.*' in TEXT_SECTIONS
+ - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
+ - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
+ - ASoC: codecs: wcd938x: handle deferred probe
+ - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
+ - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
+ - [arm*] binder: signal epoll threads of self-work (CVE-2024-26606)
+ - misc: fastrpc: Mark all sessions as invalid in cb_remove
+ - ext4: fix double-free of blocks due to wrong extents moved_len
+ - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
+ - tracing: Fix wasted memory in saved_cmdlines logic
+ - staging: iio: ad5933: fix type mismatch regression
+ - iio: magnetometer: rm3100: add boundary check for the value read from
+ RM3100_REG_TMRC
+ - iio: core: fix memleak in iio_device_register_sysfs
+ - iio: commom: st_sensors: ensure proper DMA alignment
+ - iio: accel: bma400: Fix a compilation problem
+ - iio: adc: ad_sigma_delta: ensure proper DMA alignment
+ - iio: imu: adis: ensure proper DMA alignment
+ - iio: imu: bno055: serdev requires REGMAP
+ - media: rc: bpf attach/detach requires write permission
+ - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
+ - xfrm: Remove inner/outer modes from output path
+ - xfrm: Remove inner/outer modes from input path
+ - [arm64] drm/msm: Wire up tlb ops
+ - drm/prime: Support page array >= 4GB
+ - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
+ - drm/amd/display: Preserve original aspect ratio in create stream
+ - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
+ - ring-buffer: Clean ring_buffer_poll_wait() error return
+ - nfp: flower: fix hardware offload for the transfer layer port
+ - [powerpc*] 64: Set task pt_regs->link to the LR value on scv entry
+ - [powerpc*] cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
+ - [powerpc*] pseries: fix accuracy of stolen time
+ - [x86] fpu: Stop relying on userspace for info to fault in xsave buffer
+ (CVE-2024-26603)
+ - [x86] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
+ - [x86] mm/ident_map: Use gbpages only where full GB page should be mapped.
+ - io_uring/net: fix multishot accept overflow handling
+ - mmc: slot-gpio: Allow non-sleeping GPIO ro
+ - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
+ - ALSA: hda/conexant: Add quirk for SWS JS201D
+ - nilfs2: fix data corruption in dsync block recovery for small block sizes
+ - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
+ - crypto: ccp - Fix null pointer dereference in
+ __sev_platform_shutdown_locked
+ - nfp: use correct macro for LengthSelect in BAR config
+ - nfp: flower: prevent re-adding mac index for bonded port
+ - wifi: cfg80211: fix wiphy delayed work queueing
+ - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
+ - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
+ - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
+ - zonefs: Improve error handling
+ - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be
+ detected by BIOS (Closes: #1056056)
+ - [x86] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
+ - fs: relax mount_setattr() permission checks
+ - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
+ - [s390x] qeth: Fix potential loss of L3-IP@ in case of network issues
+ - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
+ - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
+ - ceph: prevent use-after-free in encode_cap_msg()
+ - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+ (CVE-2024-0841)
+ - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
+ - of: property: fix typo in io-channels
+ - can: netlink: Fix TDCO calculation using the old data bittiming
+ - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
+ - can: j1939: Fix UAF in j1939_sk_match_filter during
+ setsockopt(SO_J1939_FILTER)
+ - pmdomain: core: Move the unused cleanup to a _sync initcall
+ - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
+ lock_task_sighand()
+ - tracing: Inform kmemleak of saved_cmdlines allocation
+ - xfrm: Use xfrm_state selector for BEET input
+ - xfrm: Silence warnings triggerable by bad packets
+ - tls: fix NULL deref on tls_sw_splice_eof() with empty record
+ - md: bypass block throttle for superblock update
+ - wifi: mwifiex: Support SD8978 chipset
+ - wifi: mwifiex: add extra delay for firmware ready
+ - bus: moxtet: Add spi device table
+ - [arm64] dts: qcom: msm8916: Enable blsp_dma by default
+ - [arm64] dts: qcom: msm8916: Make blsp_dma controlled-remotely
+ - [arm64] dts: qcom: sdm845: fix USB SS wakeup
+ - [arm64] dts: qcom: sm8150: fix USB SS wakeup
+ - wifi: mwifiex: fix uninitialized firmware_stat
+ - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
+ - block: fix partial zone append completion handling in req_bio_endio()
+ - netfilter: ipset: fix performance regression in swap operation
+ - netfilter: ipset: Missing gc cancellations fixed
+ - nfsd: fix RELEASE_LOCKOWNER
+ - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
+ - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
+ - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
+ - smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)
+ - smb: client: fix parsing of SMB3.1.1 POSIX create context
+ - net: prevent mss overflow in skb_segment() (CVE-2023-52435)
+ - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
+ - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
+ - bpf: Remove trace_printk_lock
+ - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
+ - dmaengine: ioat: Free up __cleanup() name
+ - apparmor: Free up __cleanup() name
+ - locking: Introduce __cleanup() based infrastructure
+ - kbuild: Drop -Wdeclaration-after-statement
+ - sched/membarrier: reduce the ability to hammer on sys_membarrier
+ (CVE-2024-26602)
+ - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
+ - nilfs2: fix potential bug in end_buffer_async_write
+ - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
+ - dm: limit the number of targets and parameter size area (CVE-2024-23851,
+ CVE-2023-52429)
+ - [arm64:]Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
+ - mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
+ - net/sched: Retire CBQ qdisc
+ - net/sched: Retire ATM qdisc
+ - net/sched: Retire dsmark qdisc
+ - sched/rt: Disallow writing invalid values to sched_rt_period_us
+ - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
+ - scsi: target: core: Add TMF to tmr_list handling
+ - cifs: open_cached_dir should not rely on primary channel
+ - wifi: cfg80211: fix missing interfaces when dumping
+ - wifi: mac80211: fix race condition on enabling fast-xmit
+ - fbdev: savage: Error out if pixclock equals zero
+ - fbdev: sis: Error out if pixclock equals zero
+ - block: Fix WARNING in _copy_from_iter
+ - smb: Work around Clang __bdos() type confusion
+ - cifs: translate network errors on send to -ECONNABORTED
+ - ahci: asm1166: correct count of reported ports
+ - aoe: avoid potential deadlock at set_capacity
+ - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
+ - [mips*] reserve exception vector space ONLY ONCE
+ - [x86] platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus
+ tablet
+ - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block
+ bitmap corrupt
+ - ext4: avoid allocating blocks from corrupted group in
+ ext4_mb_try_best_found()
+ - ext4: avoid allocating blocks from corrupted group in
+ ext4_mb_find_by_goal()
+ - Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx
+ == 0
+ - [armhf] dmaengine: ti: edma: Add some null pointer checks to the
+ edma_probe
+ - [arm64] regulator: pwm-regulator: Add validity checks in continuous
+ .get_voltage
+ - nvmet-tcp: fix nvme tcp ida memory leak
+ - usb: ucsi_acpi: Quirk to ack a connector change ack cmd
+ - ALSA: usb-audio: Check presence of valid altsetting control
+ - [armhf] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
+ - Input: xpad - add Lenovo Legion Go controllers
+ - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
+ sctp_new
+ - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
+ - [x86] ASoC: wm_adsp: Don't overwrite fwf_name with the default
+ - ALSA: usb-audio: Ignore clock selector errors for single connection
+ - nvme-fc: do not wait in vain when unloading module
+ - nvmet-fcloop: swap the list_add_tail arguments
+ - nvmet-fc: release reference on target port
+ - nvmet-fc: defer cleanup using RCU properly
+ - nvmet-fc: hold reference on hostport match
+ - nvmet-fc: abort command when there is no binding
+ - nvmet-fc: avoid deadlock on delete association path
+ - nvmet-fc: take ref count on tgtport before delete assoc
+ - smb: client: increase number of PDUs allowed in a compound request
+ - ext4: correct the hole length returned by ext4_map_blocks()
+ - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
+ - wifi: mac80211: set station RX-NSS on reconfig
+ - wifi: mac80211: adding missing drv_mgd_complete_tx() call
+ - efi: runtime: Fix potential overflow of soft-reserved region size
+ - efi: Don't add memblocks for soft-reserved memory
+ - [x86] hwmon: (coretemp) Enlarge per package core count limit
+ - scsi: lpfc: Use unsigned type for num_sge
+ - scsi: ufs: core: Remove the ufshcd_release() in
+ ufshcd_err_handling_prepare()
+ - firewire: core: send bus reset promptly on gap count error
+ - drm/amdgpu: skip to program GFXDEC registers for suspend abort
+ - drm/amdgpu: reset gpu for s3 suspend abort case
+ - smb: client: set correct d_type for reparse points under DFS mounts
+ - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
+ - smb3: clarify mount warning
+ - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
+ - drm/ttm: Fix an invalid freeing on already freed page in error path
+ - [s390x] cio: fix invalid -EBUSY on ccw_device_start
+ - ata: libata-core: Do not try to set sleeping devices to standby
+ - dm-crypt: recheck the integrity tag after a failure
+ - dm-integrity: recheck the integrity tag after a failure
+ - dm-crypt: don't modify the data when using authenticated encryption
+ - dm-verity: recheck the hash after a failure
+ - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS
+ window
+ - scsi: target: pscsi: Fix bio_put() for error case
+ - scsi: core: Consult supported VPD page list prior to fetching page
+ - mm/swap: fix race when skipping swapcache
+ - mm: memcontrol: clarify swapaccount=0 deprecation warning
+ - [x86] platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
+ - [x86] platform/x86: touchscreen_dmi: Allow partial (prefix) matches for
+ ACPI names
+ - cachefiles: fix memory leak in cachefiles_add_cache()
+ - md: Fix missing release of 'active_io' for flush
+ - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
+ - [arm64] KVM: arm64: vgic-its: Test for valid IRQ in
+ its_sync_lpi_pending_table()
+ - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
+ - crypto: virtio/akcipher - Fix stack overflow on memcpy
+ - irqchip/gic-v3-its: Do not assume vPE tables are preallocated
+ - irqchip/sifive-plic: Enable interrupt if needed before EOI
+ - PCI/MSI: Prevent MSI hardware interrupt number truncation
+ - l2tp: pass correct message length to ip6_append_data
+ - [x86] returnthunk: Allow different return thunks
+ - [x86] Revert "x86/alternative: Make custom return thunk unconditional"
+ - [x86] alternative: Make custom return thunk unconditional
+ - dm-integrity, dm-verity: reduce stack usage for recheck
+ - erofs: fix refcount on the metabuf used for inode lookup
+ - serial: amba-pl011: Fix DMA transmission in RS485 mode
+ - [arm64,armhf] usb: dwc3: gadget: Don't disconnect if not started
+ - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
+ - usb: roles: fix NULL pointer issue when put module's reference
+ - usb: roles: don't get/set_role() when usb_role_switch is unregistered
+ - mptcp: make userspace_pm_append_new_local_addr static
+ - mptcp: add needs_id for userspace appending addr
+ - mptcp: fix lockless access in subflow ULP diag
+ - Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
+ - [amd64] IB/hfi1: Fix a memleak in init_credit_return
+ - RDMA/bnxt_re: Return error for SRQ resize
+ - RDMA/irdma: Fix KASAN issue with tasklet
+ - RDMA/irdma: Validate max_send_wr and max_recv_wr
+ - RDMA/irdma: Set the CQ read threshold for GEN 1
+ - RDMA/irdma: Add AE for too many RNRS
+ - RDMA/srpt: Support specifying the srpt_service_guid parameter
+ - iommufd/iova_bitmap: Bounds check mapped::pages access
+ - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array
+ - iommufd/iova_bitmap: Consider page offset for the pages to be pinned
+ - RDMA/qedr: Fix qedr_create_user_qp error flow
+ - [arm64] dts: rockchip: set num-cs property for spi on px30
+ - RDMA/srpt: fix function pointer cast warnings
+ - bpf, scripts: Correct GPL license name
+ - scsi: smartpqi: Fix disable_managed_interrupts
+ - net: bridge: switchdev: Skip MDB replays of deferred events on offload
+ - net: bridge: switchdev: Ensure deferred event delivery on unoffload
+ - dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
+ check_estalblished().
+ - nouveau: fix function cast warnings
+ - [x86] numa: Fix the address overlap check in numa_fill_memblks()
+ - [x86] numa: Fix the sort compare func used in numa_fill_memblks()
+ - net: stmmac: Fix incorrect dereference in interrupt handlers
+ - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
+ - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
+ - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
+ - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
+ - afs: Increase buffer size in afs_update_volume_status()
+ - ipv6: sr: fix possible use-after-free and null-ptr-deref
+ - net: dev: Convert sa_data to flexible array in struct sockaddr
+ - [arm64] sme: Restore SME registers on exit from suspend
+ - [x86] platform/x86: thinkpad_acpi: Only update profile if successfully
+ converted
+ - [s390x] use the correct count for __iowrite64_copy()
+ - bpf, sockmap: Fix NULL pointer dereference in
+ sk_psock_verdict_data_ready()
+ - tls: break out of main loop when PEEK gets a non-data record
+ - tls: stop recv() if initial process_rx_list gave us non-DATA
+ - tls: don't skip over different type records from the rx_list
+ - netfilter: nf_tables: set dormant flag on hook register failure
+ - netfilter: flowtable: simplify route logic
+ - netfilter: nft_flow_offload: reset dst in route object after setting up
+ flow
+ - netfilter: nft_flow_offload: release dst in case direct xmit path is used
+ - netfilter: nf_tables: rename function to destroy hook list
+ - netfilter: nf_tables: register hooks last when adding new chain/flowtable
+ - netfilter: nf_tables: use kzalloc for hook allocation
+ - net: mctp: put sock on tag allocation failure
+ - Fix write to cloned skb in ipv6_hop_ioam()
+ - net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
+ - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is
+ set
+ - drm/amd/display: Fix memory leak in dm_sw_fini()
+ - [arm64,armhf] i2c: imx: when being a target, mark the last read as
+ processed
+ - erofs: simplify compression configuration parser
+ - erofs: fix inconsistent per-file compression format (CVE-2024-26590)
+ - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
+ - mm: zswap: fix missing folio cleanup in writeback race path
+ - mptcp: userspace pm send RM_ADDR for ID 0
+ - mptcp: add needs_id for netlink appending addr
+ - ata: ahci: add identifiers for ASM2116 series adapters
+ - ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
+ - arp: Prevent overflow in arp_req_get().
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
+ - netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
+ - [arm64] drm/meson: fix unbind path if HDMI fails to bind
+ - [arm64] drm/meson: Don't remove bridges which are created by other drivers
+ - scsi: core: Add struct for args to execution functions
+ - scsi: sd: usb_storage: uas: Access media prior to querying device
+ properties
+ - af_unix: Fix task hung while purging oob_skb in GC.
+ - of: overlay: Reorder struct fragment fields kerneldoc
+ - usb: gadget: Properly configure the device for remote wakeup
+ - Input: xpad - add constants for GIP interface numbers
+ - [arm64] iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
+ - [arm64] iommu/arm-smmu-qcom: Limit the SMR groups to 128
+ - RDMA/core: Fix multiple -Warray-bounds warnings
+ - mm: huge_memory: don't force huge page alignment on 32 bit
+ (CVE-2024-26621) (Closes: #1024149)
+ - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
+ - netlink: add nla be16/32 types to minlen array
+ - net: ip_tunnel: prevent perpetual headroom growth
+ - net: mctp: take ownership of skb in mctp_local_output
+ - tun: Fix xdp_rxq_info's queue_index when detaching
+ - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
+ back
+ - net: veth: clear GRO when clearing XDP even when down
+ - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
+ - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
+ detected
+ - veth: try harder when allocating queue memory
+ - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
+ - net: lan78xx: fix "softirq work is pending" error
+ - uapi: in6: replace temporary label with rfc9486
+ - stmmac: Clear variable when destroying workqueue
+ - Bluetooth: hci_sync: Check the correct flag before starting a scan
+ - Bluetooth: Avoid potential use-after-free in hci_error_reset
+ - Bluetooth: hci_sync: Fix accept_list when attempting to suspend
+ - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
+ - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
+ - Bluetooth: Enforce validation on max value of connection interval
+ - Bluetooth: qca: Fix wrong event type for patch config command
+ - Bluetooth: hci_qca: mark OF related data as maybe unused
+ - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
+ - Bluetooth: btqca: use le32_to_cpu for ver.soc_id
+ - Bluetooth: btqca: Add WCN3988 support
+ - Bluetooth: qca: use switch case for soc type behavior
+ - Bluetooth: qca: add support for WCN7850
+ - Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
+ - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
+ - netfilter: let reset rules clean out conntrack entries
+ - netfilter: bridge: confirm multicast packets before passing them up the
+ stack
+ - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
+ - igb: extend PTP timestamp adjustments to i211
+ - net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames
+ - tls: decrement decrypt_pending if no async completion will be called
+ - tls: fix peeking with sync+async decryption
+ - efi/capsule-loader: fix incorrect allocation size
+ - ALSA: Drop leftover snd-rtctimer stuff from Makefile
+ - [arm64,armhf] drm/tegra: Remove existing framebuffer only if we support
+ display
+ - fbcon: always restore the old font data in fbcon_do_set_font()
+ - afs: Fix endless loop in directory parsing
+ - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing
+ - tomoyo: fix UAF write bug in tomoyo_write_control() (CVE-2024-26622)
+ - ALSA: firewire-lib: fix to check cycle continuity
+ - ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
+ - ALSA: hda/realtek: fix mute/micmute LED For HP mt440
+ - landlock: Fix asymmetric private inodes referring
+ - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
+ - wifi: nl80211: reject iftype change with mesh ID change
+ - btrfs: fix double free of anonymous device after snapshot creation failure
+ - btrfs: dev-replace: properly validate device names
+ - btrfs: send: don't issue unnecessary zero writes for trailing hole
+ - Revert "drm/amd/pm: resolve reboot exception for si oland"
+ - drm/buddy: fix range bias
+ - [arm64] dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
+ - [arm64] crypto: arm64/neonbs - fix out-of-bounds access on short input
+ - [arm64] dmaengine: fsl-qdma: init irq after reg initialization
+ - [arm64,armhf] mmc: mmci: stm32: fix DMA API overlapping mappings warning
+ - mmc: core: Fix eMMC initialization with 1-bit bus connection
+ - [arm64] mmc: sdhci-xenon: add timeout for PHY init complete
+ - [arm64] mmc: sdhci-xenon: fix PHY init clock stability
+ - efivarfs: Request at most 512 bytes for variable names
+ - [arm64] pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
+ - [x86] e820: Don't reserve SETUP_RNG_SEED in e820
+ - [x86] cpu/intel: Detect TME keyid bits before setting MTRR mask registers
+ - mptcp: fix data races on local_id
+ - mptcp: fix data races on remote_id
+ - mptcp: fix duplicate subflow creation
+ - mptcp: continue marking the first subflow as UNCONNECTED
+ - mptcp: map v4 address to v6 when destroying subflow
+ - mptcp: push at DSS boundaries
+ - mptcp: fix snd_wnd initialization for passive socket
+ - mptcp: fix double-free on socket dismantle
+ - mptcp: fix possible deadlock in subflow diag
+ - RDMA/core: Refactor rdma_bind_addr (CVE-2023-2176)
+ - RDMA/core: Update CMA destination address on rdma_resolve_addr
+ - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory
+ - [x86] boot/compressed: Rename efi_thunk_64.S to efi-mixed.S
+ - [x86] boot/compressed: Move 32-bit entrypoint code into .text section
+ - [x86] boot/compressed: Move bootargs parsing out of 32-bit startup code
+ - [x86] boot/compressed: Move efi32_pe_entry into .text section
+ - [x86] boot/compressed: Move efi32_entry out of head_64.S
+ - [x86] boot/compressed: Move efi32_pe_entry() out of head_64.S
+ - [x86] boot/compressed, efi: Merge multiple definitions of image_offset
+ into one
+ - [x86] boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk
+ - [x86] boot/compressed: Avoid touching ECX in startup32_set_idt_entry()
+ - [x86] boot/compressed: Pull global variable reference into
+ startup32_load_idt()
+ - [x86] boot/compressed: Move startup32_load_idt() into .text section
+ - [x86] boot/compressed: Move startup32_load_idt() out of head_64.S
+ - [x86] boot/compressed: Move startup32_check_sev_cbit() into .text
+ - [x86] boot/compressed: Move startup32_check_sev_cbit() out of head_64.S
+ - [x86] boot/compressed: Adhere to calling convention in
+ get_sev_encryption_bit()
+ - [x86] boot/compressed: Only build mem_encrypt.S if AMD_MEM_ENCRYPT=y
+ - efi: verify that variable services are supported
+ - [x86] efi: Make the deprecated EFI handover protocol optional
+ - [x86] boot: Robustify calling startup_{32,64}() from the decompressor code
+ - [x86] efistub: Branch straight to kernel entry point from C code
+ - [x86] decompressor: Store boot_params pointer in callee save register
+ - [x86] decompressor: Assign paging related global variables earlier
+ - [x86] decompressor: Call trampoline as a normal function
+ - [x86] decompressor: Use standard calling convention for trampoline
+ - [x86] decompressor: Avoid the need for a stack in the 32-bit trampoline
+ - [x86] decompressor: Call trampoline directly from C code
+ - [x86] decompressor: Only call the trampoline when changing paging levels
+ - [x86] decompressor: Pass pgtable address to trampoline directly
+ - [x86] decompressor: Merge trampoline cleanup with switching code
+ - [x86] decompressor: Move global symbol references to C code
+ - decompress: Use 8 byte alignment
+ - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
+ - NFS: Fix data corruption caused by congestion.
+ - NFSD: Simplify READ_PLUS
+ - NFSD: Remove redundant assignment to variable host_err
+ - nfsd: ignore requests to disable unsupported versions
+ - nfsd: move nfserrno() to vfs.c
+ - nfsd: allow disabling NFSv2 at compile time
+ - exportfs: use pr_debug for unreachable debug statements
+ - NFSD: Flesh out a documenting comment for filecache.c
+ - NFSD: Clean up nfs4_preprocess_stateid_op() call sites
+ - NFSD: Trace stateids returned via DELEGRETURN
+ - NFSD: Trace delegation revocations
+ - NFSD: Use const pointers as parameters to fh_ helpers
+ - NFSD: Update file_hashtbl() helpers
+ - NFSD: Clean up nfsd4_init_file()
+ - NFSD: Add a nfsd4_file_hash_remove() helper
+ - NFSD: Clean up find_or_add_file()
+ - NFSD: Refactor find_file()
+ - NFSD: Use rhashtable for managing nfs4_file objects
+ - NFSD: Fix licensing header in filecache.c
+ - filelock: add a new locks_inode_context accessor function
+ - lockd: use locks_inode_context helper
+ - nfsd: use locks_inode_context helper
+ - nfsd: fix up the filecache laundrette scheduling
+ - NFSD: Use struct_size() helper in alloc_session()
+ - lockd: set missing fl_flags field when retrieving args
+ - lockd: ensure we use the correct file descriptor when unlocking
+ - lockd: fix file selection in nlmsvc_cancel_blocked
+ - trace: Relocate event helper files
+ - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker
+ - NFSD: add support for sending CB_RECALL_ANY
+ - NFSD: add delegation reaper to react to low memory condition
+ - NFSD: add CB_RECALL_ANY tracepoints
+ - NFSD: Use only RQ_DROPME to signal the need to drop a reply
+ - NFSD: Avoid clashing function prototypes
+ - NFSD: Use set_bit(RQ_DROPME)
+ - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown
+ time
+ - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker
+ - nfsd: don't destroy global nfs4_file table in per-net shutdown
+ - [arm64] efi: Limit allocations to 48-bit addressable physical region
+ - efi: efivars: prevent double registration
+ - [x86] efistub: Simplify and clean up handover entry code
+ - [x86] decompressor: Avoid magic offsets for EFI handover entrypoint
+ - [x86] efistub: Clear BSS in EFI handover protocol entrypoint
+ - efi/libstub: Add memory attribute protocol definitions
+ - efi/libstub: Add limit argument to efi_random_alloc()
+ - [x86] efistub: Perform 4/5 level paging switch from the stub
+ - [x86] decompressor: Factor out kernel decompression and relocation
+ - [x86] efistub: Prefer EFI memory attributes protocol over DXE services
+ - [x86] efistub: Perform SNP feature test while running in the firmware
+ - [x86] efistub: Avoid legacy decompressor when doing EFI boot
+ - [x86] efi/x86: Avoid physical KASLR on older Dell systems
+ - [x86] efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
+ - [x86] boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr'
+ - [x86] boot: efistub: Assign global boot_params variable
+ - [x86] efi/x86: Fix the missing KASLR_FLAG bit in
+ boot_params->hdr.loadflags
+ - af_unix: Drop oob_skb ref before purging queue in GC.
+ - [arm64] phy: freescale: phy-fsl-imx8-mipi-dphy: Fix alias name to use
+ dashes
+ - [powerpc*] pseries/iommu: IOMMU table is not initialized for kdump over
+ SR-IOV
+ - gpio: 74x164: Enable output pins after registers are reset
+ - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
+ - gpio: fix resource unwinding order in error path
+ - block: define bvec_iter as __packed __aligned(4)
+ - [arm64,armhf] Revert "interconnect: Fix locking for runpm vs reclaim"
+ - [arm64,armhf] Revert "interconnect: Teach lockdep about icc_bw_lock order"
+ - [x86] bugs: Add asm helpers for executing VERW
+ - [x86] entry_64: Add VERW just before userspace transition
+ - [x86] entry_32: Add VERW just before userspace transition
+ - [x86] bugs: Use ALTERNATIVE() instead of mds_user_clear static key
+ - [x86] KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
+ - [x86] KVM/VMX: Move VERW closer to VMentry for MDS mitigation
+ - bpf: Add table ID to bpf_fib_lookup BPF helper
+ - bpf: Derive source IP addr via bpf_*_fib_lookup()
+ - [x86] efistub: Give up if memory attribute protocol returns an error
+ - xen/events: close evtchn after mapping cleanup
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.82
+ - ceph: switch to corrected encoding of max_xattr_size in mdsmap
+ - net: lan78xx: fix runtime PM count underflow on link stop
+ - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
+ - i40e: disable NAPI right after disabling irqs when handling xsk_pool
+ - ice: reorder disabling IRQ and NAPI in ice_qp_dis
+ - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
+ - geneve: make sure to pull inner header in geneve_rx()
+ - ice: virtchnl: stop pretending to support RSS over AQ or registers
+ - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
+ - igc: avoid returning frame twice in XDP_REDIRECT
+ - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
+ - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
+ - net: dsa: microchip: fix register write order in ksz8_ind_write8()
+ - net/rds: fix WARNING in rds_conn_connect_if_down
+ - netfilter: nft_ct: fix l3num expectations with inet pseudo family
+ - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
+ - erofs: apply proper VMA alignment for memory mapped files on THP
+ - netrom: Fix a data-race around sysctl_netrom_default_path_quality
+ - netrom: Fix a data-race around
+ sysctl_netrom_obsolescence_count_initialiser
+ - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
+ - netrom: Fix a data-race around sysctl_netrom_transport_timeout
+ - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
+ - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
+ - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
+ - netrom: Fix a data-race around
+ sysctl_netrom_transport_requested_window_size
+ - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
+ - netrom: Fix a data-race around sysctl_netrom_routing_control
+ - netrom: Fix a data-race around sysctl_netrom_link_fails_count
+ - netrom: Fix data-races around sysctl_net_busy_read
+ - [s390x] KVM: s390: add stat counter for shadow gmap events
+ - [s390x] KVM: s390: vsie: fix race during shadow creation
+ - drm/amd/display: Fix uninitialized variable usage in core_link_
+ 'read_dpcd() & write_dpcd()' functions
+ - nfp: flower: add goto_chain_index for ct entry
+ - nfp: flower: add hardware offload check for post ct entry
+ - readahead: avoid multiple marked readahead pages
+ - xhci: process isoc TD properly when there was a transaction error mid TD.
+ - xhci: handle isoc Babble and Buffer Overrun events properly
+ - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
+ - [x86] Mitigate Register File Data Sampling (RFDS) vulnerability
+ (CVE-2023-28746):
+ + [x86] mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
+ + Documentation/hw-vuln: Add documentation for RFDS
+ + [x86] rfds: Mitigate Register File Data Sampling (RFDS)
+ + [x86] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
+ - drm/amd/display: Wrong colorimetry workaround
+ - drm/amd/display: Fix MST Null Ptr for RV
+ - getrusage: add the "signal_struct *sig" local variable
+ - getrusage: move thread_group_cputime_adjusted() outside of
+ lock_task_sighand()
+ - getrusage: use __for_each_thread()
+ - getrusage: use sig->stats_lock rather than lock_task_sighand()
+ - fs/proc: do_task_stat: use __for_each_thread()
+ - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children
+ stats
+
+ [ Salvatore Bonaccorso ]
+ * Bump ABI to 19
+ * [rt] Refresh "sched: avoid false lockdep splat in put_task_struct()"
+ * Drop now unknown config options for retired CBQ, ATM and dsmark qdisc
+ * [x86] efistub: Clear decompressor BSS in native EFI entrypoint
+ * [x86] efistub: Don't clear BSS twice in mixed mode
+ * efi: fix panic in kdump kernel
+ * efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
+ higher address
+ * efi/libstub: Cast away type warning in use of max()
+ * aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
+ (CVE-2023-6270)
+ * wifi: ath10k: fix NULL pointer dereference in
+ ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (CVE-2023-7042)
+ * Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+ (CVE-2024-22099)
+ * sr9800: Add check for usbnet_get_endpoints (CVE-2024-26651)
+ * [rt] Update to 6.1.82-rt27
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 28 Mar 2024 09:35:01 +0100
+
linux (6.1.76-1) bookworm; urgency=medium
* New upstream stable update: