Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Aug 2022 15:25:10 +0200
Source: linux
Architecture: source
Version: 5.10.136-1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1014793
Changes:
linux (5.10.136-1) bullseye-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.128
- MAINTAINERS: add Amir as xfs maintainer for 5.10.y
- drm: remove drm_fb_helper_modinit
- tick/nohz: unexport __init-annotated tick_nohz_full_setup()
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init()
- xfs: use kmem_cache_free() for kmem_cache objects
- xfs: punch out data fork delalloc blocks on COW writeback failure
- xfs: Fix the free logic of state in xfs_attr_node_hasname
- xfs: remove all COW fork extents when remounting readonly
- xfs: check sb_meta_uuid for dabuf buffer recovery
- [powerpc*] ftrace: Remove ftrace init tramp once kernel init is complete
- [arm64] net: mscc: ocelot: allow unregistered IP multicast flooding
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.129
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
- ipv6: take care of disable_policy when restoring routes
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX
S40G)
- nvdimm: Fix badblocks clear off-by-one error
- [powerpc*] bpf: Fix use of user_pt_regs in uapi
- dm raid: fix accesses beyond end of raid member array
- [s390x] archrandom: simplify back to earlier design and initialize
earlier
- SUNRPC: Fix READ_PLUS crasher (Closes: #1014793)
- net: usb: ax88179_178a: Fix packet receiving
- virtio-net: fix race between ndo_open() and virtio_device_ready()
- [armhf] net: dsa: bcm_sf2: force pause link settings
- net: tun: unlink NAPI from device on destruction
- net: tun: stop NAPI when detaching queues
- net: dp83822: disable false carrier interrupt
- net: dp83822: disable rx error interrupt
- RDMA/qedr: Fix reporting QP timeout attribute
- RDMA/cm: Fix memory leak in ib_cm_insert_listen
- linux/dim: Fix divide by 0 in RDMA DIM
- usbnet: fix memory allocation in helpers
- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
- NFSD: restore EINVAL error translation in nfsd_commit()
- netfilter: nft_dynset: restore set element counter when failing to update
- net/sched: act_api: Notify user space if any actions were flushed before
error
- net: bonding: fix possible NULL deref in rlb code
- net: bonding: fix use-after-free after 802.3ad slave unbind
- tipc: move bc link creation back to tipc_node_create
- epic100: fix use after free on rmmod
- io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
- net: tun: avoid disabling NAPI twice
- xfs: use current->journal_info for detecting transaction recursion
- xfs: rename variable mp to parsing_mp
- xfs: Skip repetitive warnings about mount options
- xfs: ensure xfs_errortag_random_default matches XFS_ERRTAG_MAX
- xfs: fix xfs_trans slab cache name
- xfs: update superblock counters correctly for !lazysbcount
- xfs: fix xfs_reflink_unshare usage of filemap_write_and_wait_range
- tcp: add a missing nf_reset_ct() in 3WHS handling
- xen/gntdev: Avoid blocking in unmap_grant_pages()
- [arm64] drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
- sit: use min
- ipv6/sit: fix ipip6_tunnel_get_prl return value
- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
fails
- net: usb: qmi_wwan: add Telit 0x1060 composition
- net: usb: qmi_wwan: add Telit 0x1070 composition
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.130
- mm/slub: add missing TID updates on slab deactivation
- ALSA: hda/realtek: Add quirk for Clevo L140PU
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
- can: gs_usb: gs_usb_open/close(): fix memory leak
- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
- bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
- usbnet: fix memory leak in error case
- netfilter: nft_set_pipapo: release elements in clone from abort path
- [amd64] iommu/vt-d: Fix PCI bus rescan device hot add
- PM: runtime: Redefine pm_runtime_release_supplier()
- memregion: Fix memregion_free() fallback definition
- video: of_display_timing.h: include errno.h
- [powerpc*] powernv: delay rng platform device creation until later in
boot
- can: kvaser_usb: replace run-time checks with struct
kvaser_usb_driver_info
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
- xfs: remove incorrect ASSERT in xfs_rename
- [armhf] meson: Fix refcount leak in meson_smp_prepare_cpus
- [armhf] pinctrl: sunxi: a83t: Fix NAND function name for some pins
- [arm64] dts: imx8mp-evk: correct mmc pad settings
- [arm64] dts: imx8mp-evk: correct the uart2 pinctl value
- [arm64] dts: imx8mp-evk: correct gpio-led pad settings
- [arm64] dts: imx8mp-evk: correct I2C3 pad settings
- [arm64,armhf] pinctrl: sunxi: sunxi_pconf_set: use correct offset
- [arm64] dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
- xsk: Clear page contiguity bit when unmapping pool
- i40e: Fix dropped jumbo frames statistics
- r8169: fix accessing unset transport header
- [armhf] dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
- misc: rtsx_usb: use separate command and response buffers
- misc: rtsx_usb: set return value in rsp_buf alloc err path
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
- ida: don't use BUG_ON() for debugging
- [arm64,armhf] dmaengine: pl330: Fix lockdep warning about non-static key
- [armhf] dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
- [armhf] dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.131
- [armhf] Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.132
- [x86] ALSA: hda - Add fixup for Dell Latitidue E5430
- [x86] ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
- [x86] ALSA: hda/realtek: Fix headset mic for Acer SF313-51
- [x86] ALSA: hda/realtek - Fix headset mic problem for a HP machine with
alc671
- [x86] ALSA: hda/realtek - Fix headset mic problem for a HP machine with
alc221
- [x86] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
- fix race between exit_itimers() and /proc/pid/timers
- mm: split huge PUD on wp_huge_pud fallback
- tracing/histograms: Fix memory leak problem
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer
- ip: fix dflt addr selection for connected nexthop
- [armhf] 9213/1: Print message about disabled Spectre workarounds only
once
- [armel,armhf] 9214/1: alignment: advance IT state after emulating Thumb
instruction
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
- cgroup: Use separate src/dst nodes when preloading css_sets for migration
- btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and
inline extents
- [arm64,armhf] drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error
- [arm64,armhf] drm/panfrost: Fix shrinker list corruption by madvise IOCTL
- fs/remap: constrain dedupe of EOF blocks
- nilfs2: fix incorrect masking of permission flags for symlinks
- sh: convert nommu io{re,un}map() to static inline functions
- Revert "evm: Fix memleak in init_desc"
- ext4: fix race condition between ext4_write and ext4_convert_inline_data
- [armhf] dts: imx6qdl-ts7970: Fix ngpio typo and count
- [armhf] 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out
of idle
- [armel,armhf] 9210/1: Mark the FDT_FIXED sections as shareable
- net/mlx5e: Fix capability check for updating vnic env counters
- [x86] drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector()
- ima: Fix a potential integer overflow in ima_appraise_measurement
- [arm64,armhf] ASoC: sgtl5000: Fix noise on shutdown/remove
- [x86] ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks()
- [x86] ASoC: Intel: Skylake: Correct the handling of fmt_config flexible
array
- sysctl: Fix data races in proc_dointvec().
- sysctl: Fix data races in proc_douintvec().
- sysctl: Fix data races in proc_dointvec_minmax().
- sysctl: Fix data races in proc_douintvec_minmax().
- sysctl: Fix data races in proc_doulongvec_minmax().
- sysctl: Fix data races in proc_dointvec_jiffies().
- tcp: Fix a data-race around sysctl_tcp_max_orphans.
- inetpeer: Fix data-races around sysctl.
- net: Fix data-races around sysctl_mem.
- cipso: Fix data-races around sysctl.
- icmp: Fix data-races around sysctl.
- ipv4: Fix a data-race around sysctl_fib_sync_mem.
- [armhf] dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
- [x86] drm/i915/gt: Serialize TLB invalidates with GT resets
- sysctl: Fix data-races in proc_dointvec_ms_jiffies().
- icmp: Fix a data-race around sysctl_icmp_ratelimit.
- icmp: Fix a data-race around sysctl_icmp_ratemask.
- raw: Fix a data-race around sysctl_raw_l3mdev_accept.
- ipv4: Fix data-races around sysctl_ip_dynaddr.
- nexthop: Fix data-races around nexthop_compat_mode.
- [armhf] net: ftgmac100: Hold reference returned by of_get_child_by_name()
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
- ima: Fix potential memory leak in ima_init_crypto()
- sfc: fix use after free when disabling sriov
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
- seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
- sfc: fix kernel panic when creating VF
- net: atlantic: remove deep parameter on suspend/resume functions
- net: atlantic: remove aq_nic_deinit() when resume
- [x86] KVM: x86: Fully initialize 'struct kvm_lapic_irq' in
kvm_pv_kick_cpu_op()
- net/tls: Check for errors in tls_device_init
- mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
- virtio_mmio: Add missing PM calls to freeze/restore
- virtio_mmio: Restore guest page size on resume
- netfilter: br_netfilter: do not skip all hooks with 0 priority
- [arm64] scsi: hisi_sas: Limit max hw sectors for v3 HW
- [powerpc*] cpufreq: pmac32-cpufreq: Fix refcount leak bug
- [x86] platform/x86: hp-wmi: Ignore Sanitization Mode event
- net: tipc: fix possible refcount leak in tipc_sk_create()
- nvme-tcp: always fail a request when sending it failed
- nvme: fix regression when disconnect a recovering ctrl
- net: sfp: fix memory leak in sfp_probe()
- ASoC: ops: Fix off by one in range control validation
- [armhf] pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux()
- [x86] ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
- [amd64] Clear .brk area at early boot
- [armhf] dts: stm32: use the correct clock source for CEC on stm32mp151
- Revert "can: xilinx_can: Limit CANFD brp to 2"
- nvme-pci: phison e16 has bogus namespace ids
- signal handling: don't use BUG_ON() for debugging
- USB: serial: ftdi_sio: add Belimo device ids
- usb: typec: add missing uevent when partner support PD
- [arm64,armhf] usb: dwc3: gadget: Fix event pending check
- [armhf] tty: serial: samsung_tty: set dma burst_size to 1
- vt: fix memory overlapping when deleting chars in the buffer
- serial: 8250: fix return error code in serial8250_request_std_resource()
- [armhf] serial: stm32: Clear prev values before setting RTS delays
- [arm*] serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
- serial: 8250: Fix PM usage_count for console handover
- [x86] pat: Fix x86_has_pat_wp()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.133
- [amd64] Preparation for mitigating RETbleed:
+ KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
+ KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
+ objtool: Refactor ORC section generation
+ objtool: Add 'alt_group' struct
+ objtool: Support stack layout changes in alternatives
+ objtool: Support retpoline jump detection for vmlinux.o
+ objtool: Assume only ELF functions do sibling calls
+ objtool: Combine UNWIND_HINT_RET_OFFSET and UNWIND_HINT_FUNC
+ x86/xen: Support objtool validation in xen-asm.S
+ x86/xen: Support objtool vmlinux.o validation in xen-head.S
+ x86/alternative: Merge include files
+ x86/alternative: Support not-feature
+ x86/alternative: Support ALTERNATIVE_TERNARY
+ x86/alternative: Use ALTERNATIVE_TERNARY() in _static_cpu_has()
+ x86/insn: Rename insn_decode() to insn_decode_from_regs()
+ x86/insn: Add a __ignore_sync_check__ marker
+ x86/insn: Add an insn_decode() API
+ x86/insn-eval: Handle return values from the decoder
+ x86/alternative: Use insn_decode()
+ x86: Add insn_decode_kernel()
+ x86/alternatives: Optimize optimize_nops()
+ x86/retpoline: Simplify retpolines
+ objtool: Correctly handle retpoline thunk calls
+ objtool: Handle per arch retpoline naming
+ objtool: Rework the elf_rebuild_reloc_section() logic
+ objtool: Add elf_create_reloc() helper
+ objtool: Create reloc sections implicitly
+ objtool: Extract elf_strtab_concat()
+ objtool: Extract elf_symbol_add()
+ objtool: Add elf_create_undef_symbol()
+ objtool: Keep track of retpoline call sites
+ objtool: Cache instruction relocs
+ objtool: Skip magical retpoline .altinstr_replacement
+ objtool/x86: Rewrite retpoline thunk calls
+ objtool: Support asm jump tables
+ x86/alternative: Optimize single-byte NOPs at an arbitrary position
+ objtool: Fix .symtab_shndx handling for elf_create_undef_symbol()
+ objtool: Only rewrite unconditional retpoline thunk calls
+ objtool/x86: Ignore __x86_indirect_alt_* symbols
+ objtool: Don't make .altinstructions writable
+ objtool: Teach get_alt_entry() about more relocation types
+ objtool: print out the symbol type when complaining about it
+ objtool: Remove reloc symbol type checks in get_alt_entry()
+ objtool: Make .altinstructions section entry size consistent
+ objtool: Introduce CFI hash
+ objtool: Handle __sanitize_cov*() tail calls
+ objtool: Classify symbols
+ objtool: Explicitly avoid self modifying code in .altinstr_replacement
+ objtool,x86: Replace alternatives with .retpoline_sites
+ x86/retpoline: Remove unused replacement symbols
+ x86/asm: Fix register order
+ x86/asm: Fixup odd GEN-for-each-reg.h usage
+ x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h
+ x86/retpoline: Create a retpoline thunk array
+ x86/alternative: Implement .retpoline_sites support
+ x86/alternative: Handle Jcc __x86_indirect_thunk_\reg
+ x86/alternative: Try inline spectre_v2=retpoline,amd
+ x86/alternative: Add debug prints to apply_retpolines()
+ bpf,x86: Simplify computing label offsets
+ bpf,x86: Respect X86_FEATURE_RETPOLINE*
+ x86/lib/atomic64_386_32: Rename things
- [amd64] Mitigate straight-line speculation:
+ x86: Prepare asm files for straight-line-speculation
+ x86: Prepare inline-asm for straight-line-speculation
+ x86/alternative: Relax text_poke_bp() constraint
+ objtool: Add straight-line-speculation validation
+ x86: Add straight-line-speculation mitigation
+ tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf
bench mem memcpy'
+ kvm/emulate: Fix SETcc emulation function offsets with SLS
+ objtool: Default ignore INT3 for unreachable
+ crypto: x86/poly1305 - Fixup SLS
+ objtool: Fix SLS validation for kcov tail-call replacement
- objtool: Fix code relocs vs weak symbols
- objtool: Fix type of reloc::addend
- objtool: Fix symbol creation
- x86/entry: Remove skip_r11rcx
- objtool: Fix objtool regression on x32 systems
- x86/realmode: build with -D__DISABLE_EXPORTS
- [amd64] Add mitigations for RETbleed on AMD/Hygon (CVE-2022-29900) and
Intel (CVE-2022-29901) processors:
+ x86/kvm/vmx: Make noinstr clean
+ x86/cpufeatures: Move RETPOLINE flags to word 11
+ x86/retpoline: Cleanup some #ifdefery
+ x86/retpoline: Swizzle retpoline thunk
+ Makefile: Set retpoline cflags based on CONFIG_CC_IS_{CLANG,GCC}
+ x86/retpoline: Use -mfunction-return
+ x86: Undo return-thunk damage
+ x86,objtool: Create .return_sites
+ objtool: skip non-text sections when adding return-thunk sites
+ x86,static_call: Use alternative RET encoding
+ x86/ftrace: Use alternative RET encoding
+ x86/bpf: Use alternative RET encoding
+ x86/kvm: Fix SETcc emulation for return thunks
+ x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
+ x86/sev: Avoid using __x86_return_thunk
+ x86: Use return-thunk in asm code
+ objtool: Treat .text.__x86.* as noinstr
+ x86: Add magic AMD return-thunk
+ x86/bugs: Report AMD retbleed vulnerability
+ x86/bugs: Add AMD retbleed= boot parameter
+ x86/bugs: Enable STIBP for JMP2RET
+ x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
+ x86/entry: Add kernel IBRS implementation
+ x86/bugs: Optimize SPEC_CTRL MSR writes
+ x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
+ x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation()
+ x86/bugs: Report Intel retbleed vulnerability
+ intel_idle: Disable IBRS during long idle
+ objtool: Update Retpoline validation
+ x86/xen: Rename SYS* entry points
+ x86/bugs: Add retbleed=ibpb
+ x86/bugs: Do IBPB fallback check only once
+ objtool: Add entry UNRET validation
+ x86/cpu/amd: Add Spectral Chicken
+ x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
+ x86/speculation: Fix firmware entry SPEC_CTRL handling
+ x86/speculation: Fix SPEC_CTRL write on SMT state change
+ x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
+ x86/speculation: Remove x86_spec_ctrl_mask
+ objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
+ KVM: VMX: Flatten __vmx_vcpu_run()
+ KVM: VMX: Convert launched argument to flags
+ KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
+ KVM: VMX: Fix IBRS handling after vmexit
+ x86/speculation: Fill RSB on vmexit for IBRS
+ x86/common: Stamp out the stepping madness
+ x86/cpu/amd: Enumerate BTC_NO
+ x86/retbleed: Add fine grained Kconfig knobs
+ x86/bugs: Add Cannon lake to RETBleed affected CPU list
+ x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
+ x86/kexec: Disable RET on kexec
+ x86/speculation: Disable RRSBA behavior
- x86/static_call: Serialize __static_call_fixup() properly
- tools/insn: Restore the relative include paths for cross building
- x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
- x86/xen: Fix initialisation in hypercall_page after rethunk
- x86/ftrace: Add UNWIND_HINT_FUNC annotation for ftrace_stub
- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
- efi/x86: use naked RET on mixed mode call wrapper
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
- KVM: emulate: do not adjust size of fastop and setcc subroutines
- tools arch x86: Sync the msr-index.h copy with the kernel sources
- tools headers cpufeatures: Sync with the kernel sources
- x86/bugs: Remove apostrophe typo
- um: Add missing apply_returns()
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
- kvm: fix objtool relocation warning
- objtool: Fix elf_create_undef_symbol() endianness
- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf
bench mem memcpy' - again
- tools headers: Remove broken definition of __LITTLE_ENDIAN
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.134
- [armhf] pinctrl: stm32: fix optional IRQ support to gpios
- lockdown: Fix kexec lockdown bypass with ima policy (CVE-2022-21505)
- io_uring: Use original task for req identity in io_identity_cow()
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
- docs: net: explain struct net_device lifetime
- net: make free_netdev() more lenient with unregistering devices
- net: make sure devices go through netdev_wait_all_refs
- net: move net_set_todo inside rollback_registered()
- net: inline rollback_registered()
- net: move rollback_registered_many()
- net: inline rollback_registered_many()
- [amd64] PCI: hv: Fix multi-MSI to allow more than one MSI vector
- [amd64] PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
- [amd64] PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
- [amd64] PCI: hv: Fix interrupt mapping for multi-MSI
- [arm64] serial: mvebu-uart: correctly report configured baudrate value
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
xfrm_bundle_lookup() (CVE-2022-36879)
- perf/core: Fix data race between perf_event_set_output() and
perf_mmap_close()
- drm/amdgpu/display: add quirk handling for stutter mode
- igc: Reinstate IGC_REMOVED logic and implement it properly
- ip: Fix data-races around sysctl_ip_no_pmtu_disc.
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
- ip: Fix data-races around sysctl_ip_fwd_update_priority.
- ip: Fix data-races around sysctl_ip_nonlocal_bind.
- ip: Fix a data-race around sysctl_ip_autobind_reuse.
- ip: Fix a data-race around sysctl_fwmark_reflect.
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
- tcp: Fix data-races around sysctl_tcp_mtu_probing.
- tcp: Fix data-races around sysctl_tcp_base_mss.
- tcp: Fix data-races around sysctl_tcp_min_snd_mss.
- tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
- tcp: Fix a data-race around sysctl_tcp_probe_threshold.
- tcp: Fix a data-race around sysctl_tcp_probe_interval.
- net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
- net: stmmac: fix dma queue left shift overflow issue
- igmp: Fix data-races around sysctl_igmp_llm_reports.
- igmp: Fix a data-race around sysctl_igmp_max_memberships.
- igmp: Fix data-races around sysctl_igmp_max_msf.
- tcp: Fix data-races around keepalive sysctl knobs.
- tcp: Fix data-races around sysctl_tcp_syncookies.
- tcp: Fix data-races around sysctl_tcp_reordering.
- tcp: Fix data-races around some timeout sysctl knobs.
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
- tcp: Fix a data-race around sysctl_tcp_tw_reuse.
- tcp: Fix data-races around sysctl_max_syn_backlog.
- tcp: Fix data-races around sysctl_tcp_fastopen.
- tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
- iavf: Fix handling of dummy receive descriptors
- i40e: Fix erroneous adapter reinitialization during recovery process
- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
- [arm64,armhf] gpio: pca953x: only use single read/write for No AI mode
- [arm64,armhf] gpio: pca953x: use the correct range when do regmap sync
- [arm64,armhf] gpio: pca953x: use the correct register address when
regcache sync during init
- be2net: Fix buffer overflow in be_get_module_eeprom
- ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
- ip: Fix data-races around sysctl_ip_prot_sock.
- udp: Fix a data-race around sysctl_udp_l3mdev_accept.
- tcp: Fix data-races around sysctl knobs related to SYN option.
- tcp: Fix a data-race around sysctl_tcp_early_retrans.
- tcp: Fix data-races around sysctl_tcp_recovery.
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
- tcp: Fix a data-race around sysctl_tcp_stdurg.
- tcp: Fix a data-race around sysctl_tcp_rfc1337.
- tcp: Fix data-races around sysctl_tcp_max_reordering.
- [arm*] spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for
non DMA transfers
- KVM: Don't null dereference ops->destroy
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
- bpf: Make sure mac_header was set before using it
- sched/deadline: Fix BUG_ON condition for deboosted tasks
- [x86] bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS
parts
- dlm: fix pending remove if msg allocation fails
- bitfield.h: Fix "type of reg too small for mask" test
- ALSA: memalloc: Align buffer allocations in page size
- Bluetooth: Add bt_skb_sendmsg helper
- Bluetooth: Add bt_skb_sendmmsg helper
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
- Bluetooth: Fix passing NULL to PTR_ERR
- Bluetooth: SCO: Fix sco_send_frame returning skb->len
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
- [x86] amd: Use IBPB for firmware calls
- [x86] alternative: Report missing return thunk details
- watchqueue: make sure to serialize 'wqueue->defunct' properly
- tty: drivers/tty/, stop using tty_schedule_flip()
- tty: the rest, stop using tty_schedule_flip()
- tty: drop tty_schedule_flip()
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
- net: usb: ax88179_178a needs FLAG_SEND_ZLP
- watch-queue: remove spurious double semicolon
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.135
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
- Revert "ocfs2: mount shared volume without ha stack"
- [s390x] archrandom: prevent CPACF trng invocations in interrupt context
- watch_queue: Fix missing rcu annotation
- watch_queue: Fix missing locking in add_watch_to_object()
- tcp: Fix data-races around sysctl_tcp_dsack.
- tcp: Fix a data-race around sysctl_tcp_app_win.
- tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
- tcp: Fix a data-race around sysctl_tcp_frto.
- tcp: Fix a data-race around sysctl_tcp_nometrics_save.
- tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
- ice: do not setup vlan for loopback VSI
- Revert "tcp: change pingpong threshold to 3"
- tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
- tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
- tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
- net: ping6: Fix memleak in ipv6_renew_options().
- ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
- igmp: Fix data-races around sysctl_igmp_qrv.
- net: sungem_phy: Add of_node_put() for reference returned by
of_get_parent()
- tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
- tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
- tcp: Fix a data-race around sysctl_tcp_autocorking.
- tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
- Documentation: fix sctp_wmem in ip-sysctl.rst
- macsec: fix NULL deref in macsec_add_rxsa
- macsec: fix error message in macsec_add_rxsa and _txsa
- macsec: limit replay window size with XPN
- macsec: always read MACSEC_SA_ATTR_PN as a u64
- net: macsec: fix potential resource leak in macsec_add_rxsa() and
macsec_add_txsa()
- tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
- tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
- tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
- tcp: Fix data-races around sysctl_tcp_reflect_tos.
- i40e: Fix interface init with MSI interrupts (no MSI-X)
- sctp: fix sleep in atomic context bug in timer handlers
- netfilter: nf_queue: do not allow packet truncation below transport
header
offset (CVE-2022-36946)
- virtio-net: fix the race between refill work and close
- sfc: disable softirqs for ptp TX
- sctp: leave the err path free in sctp_stream_init to sctp_stream_free
- page_alloc: fix invalid watermark check on a negative value
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
- [arm*] 9216/1: Fix MAX_DMA_ADDRESS overflow
- docs/kernel-parameters: Update descriptions for "mitigations=" param with
retbleed
- xfs: refactor xfs_file_fsync
- xfs: xfs_log_force_lsn isn't passed a LSN
- xfs: prevent UAF in xfs_log_item_in_current_chkpt
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
- xfs: force the log offline when log intent item recovery fails
- xfs: hold buffer across unpin and potential shutdown processing
- xfs: remove dead stale buf unpin handling code
- xfs: logging the on disk inode LSN can make it go backwards
- xfs: Enforce attr3 buffer recovery order
- [x86] bugs: Do not enable IBPB at firmware entry when IBPB is not
available
- bpf: Consolidate shared test timing code
- bpf: Add PROG_TEST_RUN support for sk_lookup programs
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.136
- [x86] speculation: Make all RETbleed mitigations 64-bit only
- ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
- ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
- tun: avoid double free in tun_free_netdev
- [x86] ACPI: video: Force backlight native for some TongFang devices
- [x86] ACPI: video: Shortening quirk list by identifying Clevo by
board_name only
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
- [arm64] crypto: arm64/poly1305 - fix a read out-of-bound
- Bluetooth: hci_bcm: Add BCM4349B1 variant
- Bluetooth: hci_bcm: Add DT compatible for CYW55572
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
- [x86] Add mitigations for Post-Barrier Return Stack Buffer Prediction
(PBRSB) issue (CVE-2022-26373):
+ x86/speculation: Add RSB VM Exit protections
+ x86/speculation: Add LFENCE to RSB fill sequence
.
[ Salvatore Bonaccorso ]
* Bump ABI to 17
* [rt] Update to 5.10.131-rt72
* posix-cpu-timers: Cleanup CPU timers before freeing them during exec
(CVE-2022-2585)
* netfilter: nf_tables: do not allow SET_ID to refer to another table
(CVE-2022-2586)
* netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
* netfilter: nf_tables: do not allow RULE_ID to refer to another chain
* net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588)
Checksums-Sha1:
349f4a555d4346ff3c134d689e2b24e226a419fc 197238 linux_5.10.136-1.dsc
83b30668008f1c5fdda4cecad2ab39df07e97da0 121753316 linux_5.10.136.orig.tar.xz
2fbb82b84647177a20dfacfe56cffa94819c86cc 1529956 linux_5.10.136-1.debian.tar.xz
8e0ccb66d2e357f600c251c80d1af67743555e7a 6669 linux_5.10.136-1_source.buildinfo
Checksums-Sha256:
e1255e00f7858ee19b20ea596d467def2171137878bdbad25b7e1b4447a7b9a9 197238
linux_5.10.136-1.dsc
70a150a1f890ae7af4db31ad907730b264d5ae7accc12ff0ff65b2f01b4a4175 121753316
linux_5.10.136.orig.tar.xz
bebe712cd247b244915b5c8326294074adbb2496577f3bbc27c474a4a3f7f90f 1529956
linux_5.10.136-1.debian.tar.xz
664aab9c7d1c3b789df954ebdcedb80f0f80ca9c01a18269517cdb136ae2ff81 6669
linux_5.10.136-1_source.buildinfo
Files:
f1a1fc78a5e14ce50dd743db61f674fb 197238 kernel optional linux_5.10.136-1.dsc
64630bf4428e26b1386e8945746f4637 121753316 kernel optional
linux_5.10.136.orig.tar.xz
1427906554e78d4fd5f68e7588eeabe8 1529956 kernel optional
linux_5.10.136-1.debian.tar.xz
c4175426c015fe251c81ad60daff9144 6669 kernel optional
linux_5.10.136-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmL3p4BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E3QYP/0aspRJueNByv3zJ2pXf8bbID9Saot2+
AsWP5MS1MiTfJbhv5bbFfAG3I7pJ6auChzWwKPOxg7YRmjGoYOrq69aYGWTtytoJ
JiBb7OExcjY/W5mhaLsvambJxcxl8nIZPqqaNYFEb2x02eoPqIqvsZMHY5yFSGnb
IZA+et7ExKEeGk0z/0+7narCk8A3lSU5op4gE3onlv+qvf465oqJiYe90yUdzNq+
xMFIWOQ36XmL5GovUb1xhdaGgDuLSl5Y0z/ARubXohjQioV6JYoaZn/KqCHY9mxt
wRtxIQceeoaQw/JpePq7xQVFCILg2ejT9zwUAnSox1cb5KZzJ5TzMKBbsovS2hMK
gbzltoUCfr9LAQuY0TcGoVfsztscLqr/nQQjllc9TDAzyuSvuum1XYug3hS2h6Eo
hbt2aUSeZkjZ0EPFeatfK9x7iyBQssckdsAj17Kh8lXnoSbvlAGYDiOwzR6/DIyn
2wdgu9JjRVws6afj/uuypxAuDMOc9mZx/G1EWJ3e05qajRgbsVqd5tov6DDV0hzg
W+99+3BepWc177BQ7yrWGLUgWno8p7qyXSOt7a71ByxirVImU82w0NNjJ8ASx98E
0/6O78NPYHuW0B+TiM8toqi2BcsnpA//Ly9F1WX9A4pW7DA7TOwmUNJ0tjbHn8TZ
x+SAsGIuivPI
=IRHe
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
