Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.285 upstream stable release
from git://git.kernel.org/
usbnet: ipheth: fix carrier detection in modes 1 and 4
net: ethernet: use ip_hdrlen() instead of bit shift
net: phy: vitesse: repair vsc73xx autonegotiation
scripts: kconfig: merge_config: config files: add a trailing newline
arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma
ice: fix accounting for filters shared by multiple VSIs
net/mlx5e: Add missing link modes to ptys2ethtool_map
net: ftgmac100: Enable TX interrupt to avoid TX timeout
net: dpaa: Pad packets to ETH_ZLEN
spi: nxp-fspi: fix the KASAN report out-of-bounds bug
soundwire: stream: Revert "soundwire: stream: fix programming slave ports for
non-continous port maps"
selftests: breakpoints: Fix a typo of function name
ASoC: allow module autoloading for table db1200_pids
ALSA: hda/realtek - Fixed ALC256 headphone no sound
ALSA: hda/realtek - FIxed ALC285 headphone no sound
pinctrl: at91: make it work with current gpiolib
microblaze: don't treat zero reserved memory regions as error
net: ftgmac100: Ensure tx descriptor updates are visible
wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
ASoC: tda7419: fix module autoloading
drm: komeda: Fix an issue related to normalized zpos
spi: bcm63xx: Enable module autoloading
x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
gpio: prevent potential speculation leaks in gpio_device_get_desc()
USB: serial: pl2303: add device id for Macrosilicon MS3020
USB: usbtmc: prevent kernel-usb-infoleak
ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
wifi: ath9k: fix parameter check in ath9k_init_debug()
wifi: ath9k: Remove error checks when creating debugfs entries
fs: explicitly unregister per-superblock BDIs
mount: warn only once about timestamp range expiration
fs/namespace: fnic: Switch to use %ptTd
mount: handle OOM on mnt_warn_timestamp_expiry
can: j1939: use correct function name in comment
netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
netfilter: nf_tables: reject element expiration with no timeout
netfilter: nf_tables: reject expiration higher than timeout
wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
mac80211: parse radiotap header when selecting Tx queue
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
sock_map: Add a cond_resched() in sock_hash_free()
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
Bluetooth: btusb: Fix not handling ZPL/short-transfer
net: tipc: avoid possible garbage value
block, bfq: fix possible UAF for bfqq->bic with merge chain
block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
block, bfq: don't break merge chain in bfq_split_bfqq()
spi: ppc4xx: handle irq_of_parse_and_map() errors
spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
ARM: versatile: fix OF node leak in CPUs prepare
reset: berlin: fix OF node leak in probe() error path
clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init()
hwmon: (max16065) Fix overflows seen when writing limits
mtd: slram: insert break after errors in parsing the map
hwmon: (ntc_thermistor) fix module autoloading
power: supply: axp20x_battery: allow disabling battery charging
power: supply: axp20x_battery: Remove design from min and max voltage
power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
mtd: powernv: Add check devm_kasprintf() returned value
drm/stm: Fix an error handling path in stm_drm_platform_probe()
drm/amdgpu: Replace one-element array with flexible-array member
drm/amdgpu: properly handle vbios fake edid sizing
drm/radeon: Replace one-element array with flexible-array member
drm/radeon: properly handle vbios fake edid sizing
drm/rockchip: vop: Allow 4096px width scaling
drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
jfs: fix out-of-bounds in dbNextAG() and diAlloc()
drm/msm: Fix incorrect file name output in adreno_request_fw()
drm/msm/a5xx: disable preemption in submits by default
drm/msm/a5xx: properly clear preemption records on resume
drm/msm/a5xx: fix races in preemption evaluation stage
ipmi: docs: don't advertise deprecated sysfs entries
drm/msm: fix %s null argument error
drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
xen: use correct end address of kernel for conflict checking
xen/swiotlb: add alignment check for dma buffers
tpm: Clean up TPM space after command failure
selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
selftests/bpf: Fix compiling flow_dissector.c with musl-libc
selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
selftests/bpf: Fix error compiling test_lru_map.c
xz: cleanup CRC32 edits from 2018
kthread: add kthread_work tracepoints
kthread: fix task state in kthread worker if being frozen
ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
ext4: avoid negative min_clusters in find_group_orlov()
ext4: return error on ext4_find_inline_entry
ext4: avoid OOB when system.data xattr changes underneath the filesystem
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
nilfs2: determine empty node blocks as corrupted
nilfs2: fix potential oob read in nilfs_btree_check_delete()
bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
perf sched timehist: Fix missing free of session in perf_sched__timehist()
perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
perf time-utils: Fix 32-bit nsec parsing
clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
PCI: xilinx-nwl: Fix register misspelling
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
pinctrl: single: fix missing error code in pcs_probe()
clk: ti: dra7-atl: Fix leak of of_nodes
pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
watchdog: imx_sc_wdt: Don't disable WDT in suspend
RDMA/hns: Optimize hem allocation performance
riscv: Fix fp alignment bug in perf_callchain_user()
RDMA/cxgb4: Added NULL check for lookup_atid
ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
nfsd: call cache_put if xdr_reserve_space returns NULL
nfsd: return -EINVAL when namelen is 0
f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
f2fs: fix typo
f2fs: fix to update i_ctime in __f2fs_setxattr()
f2fs: remove unneeded check condition in __f2fs_setxattr()
f2fs: reduce expensive checkpoint trigger frequency
iio: adc: ad7606: fix oversampling gpio array
iio: adc: ad7606: fix standby gpio state to match the documentation
coresight: tmc: sg: Do not leak sg_table
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
tcp: check skb is non-NULL in tcp_rto_delta_us()
net: qrtr: Update packets cloning when broadcasting
netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
Remove *.orig pattern from .gitignore
soc: versatile: integrator: fix OF node leak in probe() error path
drm/amd/display: Round calculated vtotal
USB: appledisplay: close race between probe and completion handler
USB: misc: cypress_cy7c63: check for short transfer
USB: class: CDC-ACM: fix race between get_serial and set_serial
firmware_loader: Block path traversal
tty: rp2: Fix reset with non forgiving PCIe host bridges
drbd: Fix atomicity violation in drbd_uuid_set_bm()
drbd: Add NULL check for net_conf to prevent dereference in state validation
ACPI: sysfs: validate return type of _STR method
ACPI: resource: Add another DMI match for the TongFang GMxXGxx
wifi: rtw88: 8822c: Fix reported RX band width
debugobjects: Fix conditions in fill_pool()
f2fs: prevent possible int overflow in dir_block_index()
f2fs: avoid potential int overflow in sanity_check_area_boundary()
hwrng: mtk - Use devm_pm_runtime_enable
vfs: fix race between evice_inodes() and find_inode()&iput()
fs: Fix file_set_fowner LSM hook inconsistencies
nfs: fix memory leak in error path of nfs4_do_reclaim
ASoC: meson: axg: extract sound card utils
UBUNTU: [Config] updateconfigs for SND_MESON_CARD_UTILS
ASoC: meson: axg-card: fix 'use-after-free'
PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
soc: versatile: realview: fix memory leak during device remove
soc: versatile: realview: fix soc_dev leak during device remove
usb: yurex: Replace snprintf() with the safer scnprintf() variant
USB: misc: yurex: fix race between read and write
pps: remove usage of the deprecated ida_simple_xx() API
pps: add an error check in parport_attach
mm: only enforce minimum stack gap size if it's sensible
i2c: aspeed: Update the stop sw state when the bus recovery occurs
i2c: isch: Add missed 'else'
usb: yurex: Fix inconsistent locking bug in yurex_read()
mailbox: rockchip: fix a typo in module autoloading
mailbox: bcm2835: Fix timeout during suspend mode
ceph: remove the incorrect Fw reference check when dirtying pages
Minor fixes to the CAIF Transport drivers Kconfig file
drivers: net: Fix Kconfig indentation, continued
ieee802154: Fix build error
net/mlx5: Added cond_resched() to crdump collection
netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
netfilter: nf_tables: prevent nf_skb_duplicated corruption
Bluetooth: btmrvl_sdio: Refactor irq wakeup
Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
net: ethernet: lantiq_etop: fix memory disclosure
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
net: add more sanity checks to qdisc_pkt_len_init()
ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
ALSA: hda/realtek: Fix the push button function for the ALC257
ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
f2fs: Require FMODE_WRITE for atomic write ioctls
wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
net: hisilicon: hip04: fix OF node leak in probe()
net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
net: hisilicon: hns_mdio: fix OF node leak in probe()
ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
net: sched: consistently use rcu_replace_pointer() in taprio_change()
wifi: rtw88: select WANT_DEV_COREDUMP
ACPI: EC: Do not release locks during operation region accesses
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
tipc: guard against string buffer overrun
net: mvpp2: Increase size of queue_name buffer
ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
ACPICA: iasl: handle empty connection_node
proc: add config & param to block forcing mem writes
UBUNTU: [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
nfp: Use IRQF_NO_AUTOEN flag in request_irq()
signal: Replace BUG_ON()s
ALSA: asihpi: Fix potential OOB array access
ALSA: hdsp: Break infinite MIDI input flush loop
x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
fbdev: pxafb: Fix possible use after free in pxafb_task()
power: reset: brcmstb: Do not go into infinite loop if reset fails
ata: sata_sil: Rename sil_blacklist to sil_quirks
jfs: UBSAN: shift-out-of-bounds in dbFindBits
jfs: Fix uaf in dbFreeBits
jfs: check if leafidx greater than num leaves per dmap tree
jfs: Fix uninit-value access of new_ea in ea_buffer
drm/amd/display: Check stream before comparing them
drm/amd/display: Fix index out of bounds in degamma hardware format translation
drm/amd/display: Initialize get_bytes_per_element's default to 1
drm/printer: Allow NULL data in devcoredump printer
scsi: aacraid: Rearrange order of struct aac_srb_unit
drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
of/irq: Refer to actual buffer size in of_irq_parse_one()
ext4: ext4_search_dir should return a proper error
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
spi: s3c64xx: fix timeout counters in flush_fifo
selftests: breakpoints: use remaining time to check if suspend succeed
selftests: vDSO: fix vDSO symbols lookup for powerpc64
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
i2c: xiic: Wait for TX empty to avoid missed TX NAKs
firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
spi: bcm63xx: Fix module autoloading
perf/core: Fix small negative period being ignored
parisc: Fix itlb miss handler for 64-bit programs
drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
ALSA: core: add isascii() check to card ID generator
ext4: no need to continue when the number of entries is 1
ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
ext4: aovid use-after-free in ext4_ext_insert_extent()
ext4: fix double brelse() the buffer of the extents path
ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
parisc: Fix 64-bit userspace syscall path
parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
of/irq: Support #msi-cells=<0> in of_msi_get_domain
drm: omapdrm: Add missing check for alloc_ordered_workqueue
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
mm: krealloc: consider spare memory for __GFP_ZERO
ocfs2: fix the la space leak when unmounting an ocfs2 volume
ocfs2: fix uninit-value in ocfs2_get_block()
ocfs2: reserve space for inline xattr before attaching reflink tree
ocfs2: cancel dqi_sync_work before freeing oinfo
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
ocfs2: fix null-ptr-deref when journal load failed.
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
riscv: define ILLEGAL_POINTER_VALUE for 64bit
aoe: fix the potential use-after-free problem in more places
clk: rockchip: fix error for unknown clocks
media: sun4i_csi: Implement link validate for sun4i_csi subdev
media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
media: venus: fix use after free bug in venus_remove due to race condition
iio: magnetometer: ak8975: Fix reading for ak099xx sensors
tomoyo: fallback to realpath if symlink's pathname does not exist
rtc: at91sam9: fix OF node leak in probe() error path
Input: adp5589-keys - fix adp5589_gpio_get_value()
ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
btrfs: wait for fixup workers before stopping cleaner kthread during umount
gpio: davinci: fix lazy disable
i2c: qcom-geni: Let firmware specify irq trigger flags
i2c: qcom-geni: Grow a dev pointer to simplify code
i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
arm64: Add Cortex-715 CPU part definition
arm64: cputype: Add Neoverse-N3 definitions
arm64: errata: Expand speculative SSBS workaround once more
uprobes: fix kernel info leak via "[uprobes]" vma
nfsd: use ktime_get_seconds() for timestamps
nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()
clk: qcom: clk-rpmh: Fix overflow in BCM vote
r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
r8169: add tally counter fields added with RTL8125
ACPI: battery: Simplify battery hook locking
ACPI: battery: Fix possible crash when unregistering a battery hook
ext4: fix inode tree inconsistency caused by ENOMEM
unicode: Don't special case ignorable code points
net: ethernet: cortina: Drop TSO support
tracing: Remove precision vsnprintf() check from print event
drm/crtc: fix uninitialized variable use even harder
tracing: Have saved_cmdlines arrays all in one allocation
virtio_console: fix misc probe bugs
Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
bpf: Check percpu map value size first
s390/facility: Disable compile time optimization for decompressor code
s390/mm: Add cond_resched() to cmm_alloc/free_pages()
ext4: nested locking for xattr inode
s390/cpum_sf: Remove WARN_ON_ONCE statements
ktest.pl: Avoid false positives with grub2 skip regex
clk: bcm: bcm53573: fix OF node leak in init
PCI: Add ACS quirk for Qualcomm SA8775P
i2c: i801: Use a different adapter-name for IDF adapters
PCI: Mark Creative Labs EMU20k2 INTx masking as broken
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove
due to race condition
media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
usb: chipidea: udc: enable suspend interrupt after usb reset
usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
virtio_pmem: Check device status before requesting flush
tools/iio: Add memory allocation failure check for trigger_name
driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute
fbdev: sisfb: Fix strbuf array overflow
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
ice: fix VLAN replay after reset
SUNRPC: Fix integer overflow in decode_rc_list()
tcp: fix to allow timestamp undo if no retransmits were sent
tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
netfilter: br_netfilter: fix panic with metadata_dst skb
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
gpio: aspeed: Add the flush write to ensure the write complete.
gpio: aspeed: Use devm_clk api to manage clock source
igb: Do not bring the device up after non-fatal error
net/sched: accept TCA_STAB only for root qdisc
net: ibm: emac: mal: fix wrong goto
net: annotate lockless accesses to sk->sk_ack_backlog
net: annotate lockless accesses to sk->sk_max_ack_backlog
sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
ppp: fix ppp_async_encode() illegal access
slip: make slhc_remember() more robust against malicious packets
locking/lockdep: Fix bad recursion pattern
locking/lockdep: Rework lockdep_lock
locking/lockdep: Avoid potential access of invalid memory in lock_class
lockdep: fix deadlock issue between lockdep and rcu
resource: fix region_intersects() vs add_memory_driver_managed()
HID: plantronics: Workaround for an unexcepted opposite volume key
Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
usb: dwc3: core: Stop processing of pending events if controller is halted
usb: xhci: Fix problem with xhci resume from suspend
usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
net: Fix an unsafe loop on the list
nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
posix-clock: Fix missing timespec64 check in pc_clock_settime()
arm64: probes: Remove broken LDR (literal) uprobe support
arm64: probes: Fix simulate_ldr*_literal()
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
tracing/kprobes: Fix symbol counting logic by looking at modules as well
PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
fat: fix uninitialized variable
mm/swapfile: skip HugeTLB pages for unuse_vma
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
KVM: s390: Change virtual to physical address access in diag 0x258 handler
x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
drm/vmwgfx: Handle surface check failure correctly
iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency()
iio: light: opt3001: add missing full-scale range value
iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
Bluetooth: Remove debugfs directory on module init failure
Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
xhci: Fix incorrect stream context type macro
USB: serial: option: add support for Quectel EG916Q-GL
USB: serial: option: add Telit FN920C04 MBIM compositions
parport: Proper fix for array out-of-bounds access
x86/resctrl: Annotate get_mem_config() functions as __init
x86/apic: Always explicitly disarm TSC-deadline timer
nilfs2: propagate directory read errors from nilfs_find_entry()
mac80211: Fix NULL ptr deref for injected rate info
RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
ipv4: give an IPv4 dev to blackhole_netdev
RDMA/bnxt_re: Return more meaningful error
drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
macsec: don't increment counters for an unrelated SA
net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
net: systemport: fix potential memory leak in bcm_sysport_xmit()
genetlink: hold RCU in genlmsg_mcast()
smb: client: fix OOBs when building SMB2_IOCTL request
usb: typec: altmode should keep reference to parent
Bluetooth: bnep: fix wild-memory-access in proto_unregister
arm64:uprobe fix the uprobe SWBP_INSN in big-endian
arm64: probes: Fix uprobes for big-endian kernels
KVM: s390: gaccess: Check if guest address is in memslot
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
udf: fix uninit-value use in udf_get_fileshortad
jfs: Fix sanity check in dbMount
tracing: Consider the NULL character when validating the event length
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
be2net: fix potential memory leak in be_xmit()
net: usb: usbnet: fix name regression
net: sched: fix use-after-free in taprio_change()
r8169: avoid unsolicited interrupts
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
ALSA: hda/realtek: Update default depop procedure
drm/amd: Guard against bad data for ATIF ACPI method
ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
selinux: improve error checking in sel_write_load()
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
cgroup: Fix potential overflow issue when checking max_depth
wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
mac80211: do drv_reconfig_complete() before restarting all
mac80211: Add support to trigger sta disconnect on hardware restart
wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema
gtp: simplify error handling code in 'gtp_encap_enable()'
gtp: allow -1 to be specified as file description from userspace
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
bpf: Fix out-of-bounds write in trie_get_next_key()
net: support ip generic csum processing in skb_csum_hwoffload_help
net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
drivers/misc: ti-st: Remove unneeded variable in st_tty_open
firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
net: amd: mvme147: Fix probe banner message
misc: sgi-gru: Don't disable preemption in GRU driver
usbip: tools: Fix detach_port() invalid port error path
usb: phy: Fix API devm_usb_put_phy() can not release the phy
xhci: Fix Link TRB DMA in command ring stopped completion event
Revert "driver core: Fix uevent_show() vs driver detach race"
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
wifi: ath10k: Fix memory leak in management tx
wifi: iwlegacy: Clear stale interrupts before resuming device
staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
nilfs2: fix potential deadlock with newly created symlinks
riscv: Remove unused GENERATING_ASM_OFFSETS
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
nilfs2: fix kernel bug due to missing clearing of checked flag
mm: shmem: fix data-race in shmem_getattr()
Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
vt: prevent kernel-infoleak in con_font_get()
mac80211: always have ieee80211_sta_restart()
mm: krealloc: Fix MTE false alarm in __do_krealloc
Linux 5.4.285
UBUNTU: Upstream stable to v5.4.285
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux (Ubuntu Focal)
Importance: Medium
Assignee: Manuel Diewald (diewald)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Changed in: linux (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Focal)
Status: New => In Progress
** Changed in: linux (Ubuntu Focal)
Assignee: (unassigned) => Manuel Diewald (diewald)
** Description changed:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.285 upstream stable release
from git://git.kernel.org/
-
+ usbnet: ipheth: fix carrier detection in modes 1 and 4
+ net: ethernet: use ip_hdrlen() instead of bit shift
+ net: phy: vitesse: repair vsc73xx autonegotiation
+ scripts: kconfig: merge_config: config files: add a trailing newline
+ arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma
+ ice: fix accounting for filters shared by multiple VSIs
+ net/mlx5e: Add missing link modes to ptys2ethtool_map
+ net: ftgmac100: Enable TX interrupt to avoid TX timeout
+ net: dpaa: Pad packets to ETH_ZLEN
+ spi: nxp-fspi: fix the KASAN report out-of-bounds bug
+ soundwire: stream: Revert "soundwire: stream: fix programming slave ports for
non-continous port maps"
+ selftests: breakpoints: Fix a typo of function name
+ ASoC: allow module autoloading for table db1200_pids
+ ALSA: hda/realtek - Fixed ALC256 headphone no sound
+ ALSA: hda/realtek - FIxed ALC285 headphone no sound
+ pinctrl: at91: make it work with current gpiolib
+ microblaze: don't treat zero reserved memory regions as error
+ net: ftgmac100: Ensure tx descriptor updates are visible
+ wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
+ wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
+ ASoC: tda7419: fix module autoloading
+ drm: komeda: Fix an issue related to normalized zpos
+ spi: bcm63xx: Enable module autoloading
+ x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
+ ocfs2: add bounds checking to ocfs2_xattr_find_entry()
+ ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
+ gpio: prevent potential speculation leaks in gpio_device_get_desc()
+ USB: serial: pl2303: add device id for Macrosilicon MS3020
+ USB: usbtmc: prevent kernel-usb-infoleak
+ ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
+ wifi: ath9k: fix parameter check in ath9k_init_debug()
+ wifi: ath9k: Remove error checks when creating debugfs entries
+ fs: explicitly unregister per-superblock BDIs
+ mount: warn only once about timestamp range expiration
+ fs/namespace: fnic: Switch to use %ptTd
+ mount: handle OOM on mnt_warn_timestamp_expiry
+ can: j1939: use correct function name in comment
+ netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
+ netfilter: nf_tables: reject element expiration with no timeout
+ netfilter: nf_tables: reject expiration higher than timeout
+ wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
+ wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
+ mac80211: parse radiotap header when selecting Tx queue
+ wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
+ wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param
+ sock_map: Add a cond_resched() in sock_hash_free()
+ can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
+ Bluetooth: btusb: Fix not handling ZPL/short-transfer
+ net: tipc: avoid possible garbage value
+ block, bfq: fix possible UAF for bfqq->bic with merge chain
+ block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
+ block, bfq: don't break merge chain in bfq_split_bfqq()
+ spi: ppc4xx: handle irq_of_parse_and_map() errors
+ spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
+ ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
+ ARM: versatile: fix OF node leak in CPUs prepare
+ reset: berlin: fix OF node leak in probe() error path
+ clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
+ hwmon: (max16065) Fix overflows seen when writing limits
+ mtd: slram: insert break after errors in parsing the map
+ hwmon: (ntc_thermistor) fix module autoloading
+ power: supply: axp20x_battery: allow disabling battery charging
+ power: supply: axp20x_battery: Remove design from min and max voltage
+ power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
+ fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
+ mtd: powernv: Add check devm_kasprintf() returned value
+ drm/stm: Fix an error handling path in stm_drm_platform_probe()
+ drm/amdgpu: Replace one-element array with flexible-array member
+ drm/amdgpu: properly handle vbios fake edid sizing
+ drm/radeon: Replace one-element array with flexible-array member
+ drm/radeon: properly handle vbios fake edid sizing
+ drm/rockchip: vop: Allow 4096px width scaling
+ drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
+ drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
+ jfs: fix out-of-bounds in dbNextAG() and diAlloc()
+ drm/msm: Fix incorrect file name output in adreno_request_fw()
+ drm/msm/a5xx: disable preemption in submits by default
+ drm/msm/a5xx: properly clear preemption records on resume
+ drm/msm/a5xx: fix races in preemption evaluation stage
+ ipmi: docs: don't advertise deprecated sysfs entries
+ drm/msm: fix %s null argument error
+ drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
+ xen: use correct end address of kernel for conflict checking
+ xen/swiotlb: add alignment check for dma buffers
+ tpm: Clean up TPM space after command failure
+ selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
+ selftests/bpf: Fix compiling flow_dissector.c with musl-libc
+ selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
+ selftests/bpf: Fix error compiling test_lru_map.c
+ xz: cleanup CRC32 edits from 2018
+ kthread: add kthread_work tracepoints
+ kthread: fix task state in kthread worker if being frozen
+ ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
+ smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
+ ext4: avoid negative min_clusters in find_group_orlov()
+ ext4: return error on ext4_find_inline_entry
+ ext4: avoid OOB when system.data xattr changes underneath the filesystem
+ nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
+ nilfs2: determine empty node blocks as corrupted
+ nilfs2: fix potential oob read in nilfs_btree_check_delete()
+ bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
+ perf sched timehist: Fix missing free of session in perf_sched__timehist()
+ perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
+ perf time-utils: Fix 32-bit nsec parsing
+ clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
+ drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
+ drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
+ PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
+ PCI: xilinx-nwl: Fix register misspelling
+ RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
+ pinctrl: single: fix missing error code in pcs_probe()
+ clk: ti: dra7-atl: Fix leak of of_nodes
+ pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
+ watchdog: imx_sc_wdt: Don't disable WDT in suspend
+ RDMA/hns: Optimize hem allocation performance
+ riscv: Fix fp alignment bug in perf_callchain_user()
+ RDMA/cxgb4: Added NULL check for lookup_atid
+ ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
+ nfsd: call cache_put if xdr_reserve_space returns NULL
+ nfsd: return -EINVAL when namelen is 0
+ f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
+ f2fs: fix typo
+ f2fs: fix to update i_ctime in __f2fs_setxattr()
+ f2fs: remove unneeded check condition in __f2fs_setxattr()
+ f2fs: reduce expensive checkpoint trigger frequency
+ iio: adc: ad7606: fix oversampling gpio array
+ iio: adc: ad7606: fix standby gpio state to match the documentation
+ coresight: tmc: sg: Do not leak sg_table
+ netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
+ net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
+ tcp: check skb is non-NULL in tcp_rto_delta_us()
+ net: qrtr: Update packets cloning when broadcasting
+ netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
+ Remove *.orig pattern from .gitignore
+ soc: versatile: integrator: fix OF node leak in probe() error path
+ drm/amd/display: Round calculated vtotal
+ USB: appledisplay: close race between probe and completion handler
+ USB: misc: cypress_cy7c63: check for short transfer
+ USB: class: CDC-ACM: fix race between get_serial and set_serial
+ firmware_loader: Block path traversal
+ tty: rp2: Fix reset with non forgiving PCIe host bridges
+ drbd: Fix atomicity violation in drbd_uuid_set_bm()
+ drbd: Add NULL check for net_conf to prevent dereference in state validation
+ ACPI: sysfs: validate return type of _STR method
+ ACPI: resource: Add another DMI match for the TongFang GMxXGxx
+ wifi: rtw88: 8822c: Fix reported RX band width
+ debugobjects: Fix conditions in fill_pool()
+ f2fs: prevent possible int overflow in dir_block_index()
+ f2fs: avoid potential int overflow in sanity_check_area_boundary()
+ hwrng: mtk - Use devm_pm_runtime_enable
+ vfs: fix race between evice_inodes() and find_inode()&iput()
+ fs: Fix file_set_fowner LSM hook inconsistencies
+ nfs: fix memory leak in error path of nfs4_do_reclaim
+ ASoC: meson: axg: extract sound card utils
+ UBUNTU: [Config] updateconfigs for SND_MESON_CARD_UTILS
+ ASoC: meson: axg-card: fix 'use-after-free'
+ PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
+ PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
+ soc: versatile: realview: fix memory leak during device remove
+ soc: versatile: realview: fix soc_dev leak during device remove
+ usb: yurex: Replace snprintf() with the safer scnprintf() variant
+ USB: misc: yurex: fix race between read and write
+ pps: remove usage of the deprecated ida_simple_xx() API
+ pps: add an error check in parport_attach
+ mm: only enforce minimum stack gap size if it's sensible
+ i2c: aspeed: Update the stop sw state when the bus recovery occurs
+ i2c: isch: Add missed 'else'
+ usb: yurex: Fix inconsistent locking bug in yurex_read()
+ mailbox: rockchip: fix a typo in module autoloading
+ mailbox: bcm2835: Fix timeout during suspend mode
+ ceph: remove the incorrect Fw reference check when dirtying pages
+ Minor fixes to the CAIF Transport drivers Kconfig file
+ drivers: net: Fix Kconfig indentation, continued
+ ieee802154: Fix build error
+ net/mlx5: Added cond_resched() to crdump collection
+ netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
+ net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
+ netfilter: nf_tables: prevent nf_skb_duplicated corruption
+ Bluetooth: btmrvl_sdio: Refactor irq wakeup
+ Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
+ net: ethernet: lantiq_etop: fix memory disclosure
+ net: avoid potential underflow in qdisc_pkt_len_init() with UFO
+ net: add more sanity checks to qdisc_pkt_len_init()
+ ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
+ sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
+ ALSA: hda/realtek: Fix the push button function for the ALC257
+ ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
+ ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
+ f2fs: Require FMODE_WRITE for atomic write ioctls
+ wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
+ wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
+ ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
+ net: hisilicon: hip04: fix OF node leak in probe()
+ net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
+ net: hisilicon: hns_mdio: fix OF node leak in probe()
+ ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
+ ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
+ net: sched: consistently use rcu_replace_pointer() in taprio_change()
+ wifi: rtw88: select WANT_DEV_COREDUMP
+ ACPI: EC: Do not release locks during operation region accesses
+ ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
+ tipc: guard against string buffer overrun
+ net: mvpp2: Increase size of queue_name buffer
+ ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
+ ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
+ tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
+ ACPICA: iasl: handle empty connection_node
+ proc: add config & param to block forcing mem writes
+ UBUNTU: [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
+ wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
+ nfp: Use IRQF_NO_AUTOEN flag in request_irq()
+ signal: Replace BUG_ON()s
+ ALSA: asihpi: Fix potential OOB array access
+ ALSA: hdsp: Break infinite MIDI input flush loop
+ x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
+ fbdev: pxafb: Fix possible use after free in pxafb_task()
+ power: reset: brcmstb: Do not go into infinite loop if reset fails
+ ata: sata_sil: Rename sil_blacklist to sil_quirks
+ jfs: UBSAN: shift-out-of-bounds in dbFindBits
+ jfs: Fix uaf in dbFreeBits
+ jfs: check if leafidx greater than num leaves per dmap tree
+ jfs: Fix uninit-value access of new_ea in ea_buffer
+ drm/amd/display: Check stream before comparing them
+ drm/amd/display: Fix index out of bounds in degamma hardware format
translation
+ drm/amd/display: Initialize get_bytes_per_element's default to 1
+ drm/printer: Allow NULL data in devcoredump printer
+ scsi: aacraid: Rearrange order of struct aac_srb_unit
+ drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
+ of/irq: Refer to actual buffer size in of_irq_parse_one()
+ ext4: ext4_search_dir should return a proper error
+ ext4: fix i_data_sem unlock order in ext4_ind_migrate()
+ spi: s3c64xx: fix timeout counters in flush_fifo
+ selftests: breakpoints: use remaining time to check if suspend succeed
+ selftests: vDSO: fix vDSO symbols lookup for powerpc64
+ i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
+ i2c: xiic: Wait for TX empty to avoid missed TX NAKs
+ firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
+ spi: bcm63xx: Fix module autoloading
+ perf/core: Fix small negative period being ignored
+ parisc: Fix itlb miss handler for 64-bit programs
+ drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
+ ALSA: core: add isascii() check to card ID generator
+ ext4: no need to continue when the number of entries is 1
+ ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
+ ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
+ ext4: aovid use-after-free in ext4_ext_insert_extent()
+ ext4: fix double brelse() the buffer of the extents path
+ ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
+ parisc: Fix 64-bit userspace syscall path
+ parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
+ of/irq: Support #msi-cells=<0> in of_msi_get_domain
+ drm: omapdrm: Add missing check for alloc_ordered_workqueue
+ jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
+ mm: krealloc: consider spare memory for __GFP_ZERO
+ ocfs2: fix the la space leak when unmounting an ocfs2 volume
+ ocfs2: fix uninit-value in ocfs2_get_block()
+ ocfs2: reserve space for inline xattr before attaching reflink tree
+ ocfs2: cancel dqi_sync_work before freeing oinfo
+ ocfs2: remove unreasonable unlock in ocfs2_read_blocks
+ ocfs2: fix null-ptr-deref when journal load failed.
+ ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
+ riscv: define ILLEGAL_POINTER_VALUE for 64bit
+ aoe: fix the potential use-after-free problem in more places
+ clk: rockchip: fix error for unknown clocks
+ media: sun4i_csi: Implement link validate for sun4i_csi subdev
+ media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
+ media: venus: fix use after free bug in venus_remove due to race condition
+ iio: magnetometer: ak8975: Fix reading for ak099xx sensors
+ tomoyo: fallback to realpath if symlink's pathname does not exist
+ rtc: at91sam9: fix OF node leak in probe() error path
+ Input: adp5589-keys - fix adp5589_gpio_get_value()
+ ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
+ ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
+ btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
+ btrfs: wait for fixup workers before stopping cleaner kthread during umount
+ gpio: davinci: fix lazy disable
+ i2c: qcom-geni: Let firmware specify irq trigger flags
+ i2c: qcom-geni: Grow a dev pointer to simplify code
+ i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
+ arm64: Add Cortex-715 CPU part definition
+ arm64: cputype: Add Neoverse-N3 definitions
+ arm64: errata: Expand speculative SSBS workaround once more
+ uprobes: fix kernel info leak via "[uprobes]" vma
+ nfsd: use ktime_get_seconds() for timestamps
+ nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
+ clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()
+ clk: qcom: clk-rpmh: Fix overflow in BCM vote
+ r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
+ r8169: add tally counter fields added with RTL8125
+ ACPI: battery: Simplify battery hook locking
+ ACPI: battery: Fix possible crash when unregistering a battery hook
+ ext4: fix inode tree inconsistency caused by ENOMEM
+ unicode: Don't special case ignorable code points
+ net: ethernet: cortina: Drop TSO support
+ tracing: Remove precision vsnprintf() check from print event
+ drm/crtc: fix uninitialized variable use even harder
+ tracing: Have saved_cmdlines arrays all in one allocation
+ virtio_console: fix misc probe bugs
+ Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
+ bpf: Check percpu map value size first
+ s390/facility: Disable compile time optimization for decompressor code
+ s390/mm: Add cond_resched() to cmm_alloc/free_pages()
+ ext4: nested locking for xattr inode
+ s390/cpum_sf: Remove WARN_ON_ONCE statements
+ ktest.pl: Avoid false positives with grub2 skip regex
+ clk: bcm: bcm53573: fix OF node leak in init
+ PCI: Add ACS quirk for Qualcomm SA8775P
+ i2c: i801: Use a different adapter-name for IDF adapters
+ PCI: Mark Creative Labs EMU20k2 INTx masking as broken
+ ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition
+ media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
+ usb: chipidea: udc: enable suspend interrupt after usb reset
+ usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
+ virtio_pmem: Check device status before requesting flush
+ tools/iio: Add memory allocation failure check for trigger_name
+ driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
+ fbdev: sisfb: Fix strbuf array overflow
+ RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
+ ice: fix VLAN replay after reset
+ SUNRPC: Fix integer overflow in decode_rc_list()
+ tcp: fix to allow timestamp undo if no retransmits were sent
+ tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
+ netfilter: br_netfilter: fix panic with metadata_dst skb
+ Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
+ gpio: aspeed: Add the flush write to ensure the write complete.
+ gpio: aspeed: Use devm_clk api to manage clock source
+ igb: Do not bring the device up after non-fatal error
+ net/sched: accept TCA_STAB only for root qdisc
+ net: ibm: emac: mal: fix wrong goto
+ net: annotate lockless accesses to sk->sk_ack_backlog
+ net: annotate lockless accesses to sk->sk_max_ack_backlog
+ sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
+ ppp: fix ppp_async_encode() illegal access
+ slip: make slhc_remember() more robust against malicious packets
+ locking/lockdep: Fix bad recursion pattern
+ locking/lockdep: Rework lockdep_lock
+ locking/lockdep: Avoid potential access of invalid memory in lock_class
+ lockdep: fix deadlock issue between lockdep and rcu
+ resource: fix region_intersects() vs add_memory_driver_managed()
+ HID: plantronics: Workaround for an unexcepted opposite volume key
+ Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
+ usb: dwc3: core: Stop processing of pending events if controller is halted
+ usb: xhci: Fix problem with xhci resume from suspend
+ usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
+ hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
+ net: Fix an unsafe loop on the list
+ nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
+ posix-clock: Fix missing timespec64 check in pc_clock_settime()
+ arm64: probes: Remove broken LDR (literal) uprobe support
+ arm64: probes: Fix simulate_ldr*_literal()
+ tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
+ tracing/kprobes: Fix symbol counting logic by looking at modules as well
+ PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
+ fat: fix uninitialized variable
+ mm/swapfile: skip HugeTLB pages for unuse_vma
+ KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
+ s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
+ KVM: s390: Change virtual to physical address access in diag 0x258 handler
+ x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
+ blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
+ drm/vmwgfx: Handle surface check failure correctly
+ iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
+ iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
+ iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
+ iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
+ iio: light: opt3001: add missing full-scale range value
+ iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
+ iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
+ Bluetooth: Remove debugfs directory on module init failure
+ Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
+ xhci: Fix incorrect stream context type macro
+ USB: serial: option: add support for Quectel EG916Q-GL
+ USB: serial: option: add Telit FN920C04 MBIM compositions
+ parport: Proper fix for array out-of-bounds access
+ x86/resctrl: Annotate get_mem_config() functions as __init
+ x86/apic: Always explicitly disarm TSC-deadline timer
+ nilfs2: propagate directory read errors from nilfs_find_entry()
+ mac80211: Fix NULL ptr deref for injected rate info
+ RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
+ ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
+ RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
+ ipv4: give an IPv4 dev to blackhole_netdev
+ RDMA/bnxt_re: Return more meaningful error
+ drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
+ macsec: don't increment counters for an unrelated SA
+ net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
+ net: systemport: fix potential memory leak in bcm_sysport_xmit()
+ genetlink: hold RCU in genlmsg_mcast()
+ smb: client: fix OOBs when building SMB2_IOCTL request
+ usb: typec: altmode should keep reference to parent
+ Bluetooth: bnep: fix wild-memory-access in proto_unregister
+ arm64:uprobe fix the uprobe SWBP_INSN in big-endian
+ arm64: probes: Fix uprobes for big-endian kernels
+ KVM: s390: gaccess: Check if guest address is in memslot
+ drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
+ udf: fix uninit-value use in udf_get_fileshortad
+ jfs: Fix sanity check in dbMount
+ tracing: Consider the NULL character when validating the event length
+ net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
+ be2net: fix potential memory leak in be_xmit()
+ net: usb: usbnet: fix name regression
+ net: sched: fix use-after-free in taprio_change()
+ r8169: avoid unsolicited interrupts
+ posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
+ ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
+ ALSA: hda/realtek: Update default depop procedure
+ drm/amd: Guard against bad data for ATIF ACPI method
+ ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
+ ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
+ nilfs2: fix kernel bug due to missing clearing of buffer delay flag
+ ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
+ hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
+ selinux: improve error checking in sel_write_load()
+ arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
+ xfrm: validate new SA's prefixlen using SA family when sel.family is unset
+ cgroup: Fix potential overflow issue when checking max_depth
+ wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
+ mac80211: do drv_reconfig_complete() before restarting all
+ mac80211: Add support to trigger sta disconnect on hardware restart
+ wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
+ wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
+ ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
+ dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema
+ gtp: simplify error handling code in 'gtp_encap_enable()'
+ gtp: allow -1 to be specified as file description from userspace
+ net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
+ bpf: Fix out-of-bounds write in trie_get_next_key()
+ net: support ip generic csum processing in skb_csum_hwoffload_help
+ net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
+ netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
+ drivers/misc: ti-st: Remove unneeded variable in st_tty_open
+ firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
+ net: amd: mvme147: Fix probe banner message
+ misc: sgi-gru: Don't disable preemption in GRU driver
+ usbip: tools: Fix detach_port() invalid port error path
+ usb: phy: Fix API devm_usb_put_phy() can not release the phy
+ xhci: Fix Link TRB DMA in command ring stopped completion event
+ Revert "driver core: Fix uevent_show() vs driver detach race"
+ wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
+ wifi: ath10k: Fix memory leak in management tx
+ wifi: iwlegacy: Clear stale interrupts before resuming device
+ staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
+ nilfs2: fix potential deadlock with newly created symlinks
+ riscv: Remove unused GENERATING_ASM_OFFSETS
+ ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
+ nilfs2: fix kernel bug due to missing clearing of checked flag
+ mm: shmem: fix data-race in shmem_getattr()
+ Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
+ vt: prevent kernel-infoleak in con_font_get()
+ mac80211: always have ieee80211_sta_restart()
+ mm: krealloc: Fix MTE false alarm in __do_krealloc
Linux 5.4.285
- mm: krealloc: Fix MTE false alarm in __do_krealloc
- mac80211: always have ieee80211_sta_restart()
- vt: prevent kernel-infoleak in con_font_get()
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
- mm: shmem: fix data-race in shmem_getattr()
- nilfs2: fix kernel bug due to missing clearing of checked flag
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
- riscv: Remove unused GENERATING_ASM_OFFSETS
- nilfs2: fix potential deadlock with newly created symlinks
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
- wifi: iwlegacy: Clear stale interrupts before resuming device
- wifi: ath10k: Fix memory leak in management tx
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
- Revert "driver core: Fix uevent_show() vs driver detach race"
- xhci: Fix Link TRB DMA in command ring stopped completion event
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- usbip: tools: Fix detach_port() invalid port error path
- misc: sgi-gru: Don't disable preemption in GRU driver
- net: amd: mvme147: Fix probe banner message
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
- drivers/misc: ti-st: Remove unneeded variable in st_tty_open
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- net: support ip generic csum processing in skb_csum_hwoffload_help
- bpf: Fix out-of-bounds write in trie_get_next_key()
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
- gtp: allow -1 to be specified as file description from userspace
- gtp: simplify error handling code in 'gtp_encap_enable()'
- dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- mac80211: Add support to trigger sta disconnect on hardware restart
- mac80211: do drv_reconfig_complete() before restarting all
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- cgroup: Fix potential overflow issue when checking max_depth
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
- selinux: improve error checking in sel_write_load()
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- drm/amd: Guard against bad data for ATIF ACPI method
- ALSA: hda/realtek: Update default depop procedure
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- r8169: avoid unsolicited interrupts
- net: sched: fix use-after-free in taprio_change()
- net: usb: usbnet: fix name regression
- be2net: fix potential memory leak in be_xmit()
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
- tracing: Consider the NULL character when validating the event length
- jfs: Fix sanity check in dbMount
- udf: fix uninit-value use in udf_get_fileshortad
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
- KVM: s390: gaccess: Check if guest address is in memslot
- KVM: s390: gaccess: Cleanup access to guest pages
- KVM: s390: gaccess: Refactor access address range check
- KVM: s390: gaccess: Refactor gpa and length calculation
- arm64: probes: Fix uprobes for big-endian kernels
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
- usb: typec: altmode should keep reference to parent
- smb: client: fix OOBs when building SMB2_IOCTL request
- genetlink: hold RCU in genlmsg_mcast()
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
- macsec: don't increment counters for an unrelated SA
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
- RDMA/bnxt_re: Return more meaningful error
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- mac80211: Fix NULL ptr deref for injected rate info
- erofs: fix lz4 inplace decompression
- nilfs2: propagate directory read errors from nilfs_find_entry()
- x86/apic: Always explicitly disarm TSC-deadline timer
- x86/resctrl: Annotate get_mem_config() functions as __init
- parport: Proper fix for array out-of-bounds access
- USB: serial: option: add Telit FN920C04 MBIM compositions
- USB: serial: option: add support for Quectel EG916Q-GL
- xhci: Fix incorrect stream context type macro
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- Bluetooth: Remove debugfs directory on module init failure
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: light: opt3001: add missing full-scale range value
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- drm/vmwgfx: Handle surface check failure correctly
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- KVM: s390: Change virtual to physical address access in diag 0x258 handler
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
- wifi: mac80211: fix potential key use-after-free
- mm/swapfile: skip HugeTLB pages for unuse_vma
- fat: fix uninitialized variable
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- tracing/kprobes: Fix symbol counting logic by looking at modules as well
- tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
- arm64: probes: Fix simulate_ldr*_literal()
- arm64: probes: Remove broken LDR (literal) uprobe support
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
- net: Fix an unsafe loop on the list
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- usb: xhci: Fix problem with xhci resume from suspend
- usb: dwc3: core: Stop processing of pending events if controller is halted
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
- HID: plantronics: Workaround for an unexcepted opposite volume key
- CDC-NCM: avoid overflow in sanity checking
- resource: fix region_intersects() vs add_memory_driver_managed()
- lockdep: fix deadlock issue between lockdep and rcu
- locking/lockdep: Avoid potential access of invalid memory in lock_class
- locking/lockdep: Rework lockdep_lock
- locking/lockdep: Fix bad recursion pattern
- slip: make slhc_remember() more robust against malicious packets
- ppp: fix ppp_async_encode() illegal access
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
- net: annotate lockless accesses to sk->sk_max_ack_backlog
- net: annotate lockless accesses to sk->sk_ack_backlog
- net: ibm: emac: mal: fix wrong goto
- net/sched: accept TCA_STAB only for root qdisc
- igb: Do not bring the device up after non-fatal error
- gpio: aspeed: Use devm_clk api to manage clock source
- gpio: aspeed: Add the flush write to ensure the write complete.
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
- netfilter: br_netfilter: fix panic with metadata_dst skb
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- tcp: fix to allow timestamp undo if no retransmits were sent
- SUNRPC: Fix integer overflow in decode_rc_list()
- ice: fix VLAN replay after reset
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
- fbdev: sisfb: Fix strbuf array overflow
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- tools/iio: Add memory allocation failure check for trigger_name
- virtio_pmem: Check device status before requesting flush
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
- usb: chipidea: udc: enable suspend interrupt after usb reset
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Add ACS quirk for Qualcomm SA8775P
- clk: bcm: bcm53573: fix OF node leak in init
- ktest.pl: Avoid false positives with grub2 skip regex
- s390/cpum_sf: Remove WARN_ON_ONCE statements
- ext4: nested locking for xattr inode
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
- s390/facility: Disable compile time optimization for decompressor code
- bpf: Check percpu map value size first
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- virtio_console: fix misc probe bugs
- tracing: Have saved_cmdlines arrays all in one allocation
- drm/crtc: fix uninitialized variable use even harder
- tracing: Remove precision vsnprintf() check from print event
- net: ethernet: cortina: Drop TSO support
- unicode: Don't special case ignorable code points
- ext4: fix inode tree inconsistency caused by ENOMEM
- ACPI: battery: Fix possible crash when unregistering a battery hook
- ACPI: battery: Simplify battery hook locking
- r8169: add tally counter fields added with RTL8125
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
- clk: qcom: clk-rpmh: Fix overflow in BCM vote
- clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- nfsd: use ktime_get_seconds() for timestamps
- uprobes: fix kernel info leak via "[uprobes]" vma
- arm64: errata: Expand speculative SSBS workaround once more
- arm64: cputype: Add Neoverse-N3 definitions
- arm64: Add Cortex-715 CPU part definition
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
- i2c: qcom-geni: Grow a dev pointer to simplify code
- i2c: qcom-geni: Let firmware specify irq trigger flags
- gpio: davinci: fix lazy disable
- btrfs: wait for fixup workers before stopping cleaner kthread during umount
- btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
- Input: adp5589-keys - fix adp5589_gpio_get_value()
- rtc: at91sam9: fix OF node leak in probe() error path
- tomoyo: fallback to realpath if symlink's pathname does not exist
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- media: venus: fix use after free bug in venus_remove due to race condition
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
- clk: rockchip: fix error for unknown clocks
- aoe: fix the potential use-after-free problem in more places
- riscv: define ILLEGAL_POINTER_VALUE for 64bit
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
- ocfs2: fix null-ptr-deref when journal load failed.
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
- ocfs2: cancel dqi_sync_work before freeing oinfo
- ocfs2: reserve space for inline xattr before attaching reflink tree
- ocfs2: fix uninit-value in ocfs2_get_block()
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
- mm: krealloc: consider spare memory for __GFP_ZERO
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
- parisc: Fix 64-bit userspace syscall path
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- ext4: fix double brelse() the buffer of the extents path
- ext4: aovid use-after-free in ext4_ext_insert_extent()
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: no need to continue when the number of entries is 1
- ALSA: core: add isascii() check to card ID generator
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- parisc: Fix itlb miss handler for 64-bit programs
- perf/core: Fix small negative period being ignored
- spi: bcm63xx: Fix module autoloading
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
- selftests: vDSO: fix vDSO symbols lookup for powerpc64
- selftests: breakpoints: use remaining time to check if suspend succeed
- spi: s3c64xx: fix timeout counters in flush_fifo
- ext4: fix i_data_sem unlock order in ext4_ind_migrate()
- ext4: ext4_search_dir should return a proper error
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- drm/printer: Allow NULL data in devcoredump printer
- drm/amd/display: Initialize get_bytes_per_element's default to 1
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation
- drm/amd/display: Check stream before comparing them
- jfs: Fix uninit-value access of new_ea in ea_buffer
- jfs: check if leafidx greater than num leaves per dmap tree
- jfs: Fix uaf in dbFreeBits
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- power: reset: brcmstb: Do not go into infinite loop if reset fails
- fbdev: pxafb: Fix possible use after free in pxafb_task()
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- ALSA: hdsp: Break infinite MIDI input flush loop
- ALSA: asihpi: Fix potential OOB array access
- signal: Replace BUG_ON()s
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
- proc: add config & param to block forcing mem writes
- ACPICA: iasl: handle empty connection_node
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- net: mvpp2: Increase size of queue_name buffer
- tipc: guard against string buffer overrun
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
- ACPI: EC: Do not release locks during operation region accesses
- wifi: rtw88: select WANT_DEV_COREDUMP
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- net: hisilicon: hns_mdio: fix OF node leak in probe()
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
- net: hisilicon: hip04: fix OF node leak in probe()
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
- f2fs: Require FMODE_WRITE for atomic write ioctls
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- ALSA: hda/realtek: Fix the push button function for the ALC257
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
- net: add more sanity checks to qdisc_pkt_len_init()
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
- net: ethernet: lantiq_etop: fix memory disclosure
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- Bluetooth: btmrvl_sdio: Refactor irq wakeup
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- net/mlx5: Added cond_resched() to crdump collection
- ieee802154: Fix build error
- drivers: net: Fix Kconfig indentation, continued
- Minor fixes to the CAIF Transport drivers Kconfig file
- ceph: remove the incorrect Fw reference check when dirtying pages
- mailbox: bcm2835: Fix timeout during suspend mode
- mailbox: rockchip: fix a typo in module autoloading
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- i2c: isch: Add missed 'else'
- i2c: aspeed: Update the stop sw state when the bus recovery occurs
- mm: only enforce minimum stack gap size if it's sensible
- pps: add an error check in parport_attach
- pps: remove usage of the deprecated ida_simple_xx() API
- USB: misc: yurex: fix race between read and write
- usb: yurex: Replace snprintf() with the safer scnprintf() variant
- soc: versatile: realview: fix soc_dev leak during device remove
- soc: versatile: realview: fix memory leak during device remove
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
- ASoC: meson: axg-card: fix 'use-after-free'
- ASoC: meson: axg: extract sound card utils
- nfs: fix memory leak in error path of nfs4_do_reclaim
- fs: Fix file_set_fowner LSM hook inconsistencies
- vfs: fix race between evice_inodes() and find_inode()&iput()
- hwrng: mtk - Use devm_pm_runtime_enable
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- f2fs: prevent possible int overflow in dir_block_index()
- debugobjects: Fix conditions in fill_pool()
- wifi: rtw88: 8822c: Fix reported RX band width
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- ACPI: sysfs: validate return type of _STR method
- drbd: Add NULL check for net_conf to prevent dereference in state validation
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- firmware_loader: Block path traversal
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- USB: misc: cypress_cy7c63: check for short transfer
- USB: appledisplay: close race between probe and completion handler
- drm/amd/display: Round calculated vtotal
- soc: versatile: integrator: fix OF node leak in probe() error path
- Remove *.orig pattern from .gitignore
- crypto: aead,cipher - zeroize key buffer after use
- netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
- net: qrtr: Update packets cloning when broadcasting
- tcp: check skb is non-NULL in tcp_rto_delta_us()
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
- coresight: tmc: sg: Do not leak sg_table
- iio: adc: ad7606: fix standby gpio state to match the documentation
- iio: adc: ad7606: fix oversampling gpio array
- f2fs: reduce expensive checkpoint trigger frequency
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: fix typo
- f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
- nfsd: return -EINVAL when namelen is 0
- nfsd: call cache_put if xdr_reserve_space returns NULL
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
- RDMA/cxgb4: Added NULL check for lookup_atid
- riscv: Fix fp alignment bug in perf_callchain_user()
- RDMA/hns: Optimize hem allocation performance
- watchdog: imx_sc_wdt: Don't disable WDT in suspend
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- clk: ti: dra7-atl: Fix leak of of_nodes
- pinctrl: single: fix missing error code in pcs_probe()
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
- PCI: xilinx-nwl: Fix register misspelling
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- perf time-utils: Fix 32-bit nsec parsing
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf sched timehist: Fix missing free of session in perf_sched__timehist()
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
- nilfs2: determine empty node blocks as corrupted
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
- ext4: return error on ext4_find_inline_entry
- ext4: avoid negative min_clusters in find_group_orlov()
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- jbd2: introduce/export functions
jbd2_journal_submit|finish_inode_data_buffers()
- kthread: fix task state in kthread worker if being frozen
- kthread: add kthread_work tracepoints
- xz: cleanup CRC32 edits from 2018
- selftests/bpf: Fix error compiling test_lru_map.c
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
- tpm: Clean up TPM space after command failure
- xen/swiotlb: add alignment check for dma buffers
- xen: use correct end address of kernel for conflict checking
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
- drm/msm: fix %s null argument error
- ipmi: docs: don't advertise deprecated sysfs entries
- drm/msm/a5xx: fix races in preemption evaluation stage
- drm/msm/a5xx: properly clear preemption records on resume
- drm/msm/a5xx: disable preemption in submits by default
- drm/msm: Fix incorrect file name output in adreno_request_fw()
- jfs: fix out-of-bounds in dbNextAG() and diAlloc()
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/rockchip: vop: Allow 4096px width scaling
- drm/radeon: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
- mtd: powernv: Add check devm_kasprintf() returned value
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
- power: supply: axp20x_battery: Remove design from min and max voltage
- power: supply: axp20x_battery: allow disabling battery charging
- hwmon: (ntc_thermistor) fix module autoloading
- mtd: slram: insert break after errors in parsing the map
- hwmon: (max16065) Fix overflows seen when writing limits
- clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
- reset: berlin: fix OF node leak in probe() error path
- ARM: versatile: fix OF node leak in CPUs prepare
- ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
- spi: ppc4xx: handle irq_of_parse_and_map() errors
- block, bfq: don't break merge chain in bfq_split_bfqq()
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
- block, bfq: fix possible UAF for bfqq->bic with merge chain
- net: tipc: avoid possible garbage value
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
- sock_map: Add a cond_resched() in sock_hash_free()
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
- mac80211: parse radiotap header when selecting Tx queue
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- netfilter: nf_tables: reject expiration higher than timeout
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- can: j1939: use correct function name in comment
- mount: handle OOM on mnt_warn_timestamp_expiry
- fs/namespace: fnic: Switch to use %ptTd
- mount: warn only once about timestamp range expiration
- fs: explicitly unregister per-superblock BDIs
- wifi: ath9k: Remove error checks when creating debugfs entries
- wifi: ath9k: fix parameter check in ath9k_init_debug()
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
- USB: usbtmc: prevent kernel-usb-infoleak
- USB: serial: pl2303: add device id for Macrosilicon MS3020
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
- inet: inet_defrag: prevent sk release while still in use
- gpio: prevent potential speculation leaks in gpio_device_get_desc()
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
- spi: bcm63xx: Enable module autoloading
- drm: komeda: Fix an issue related to normalized zpos
- ASoC: tda7419: fix module autoloading
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
- wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
- net: ftgmac100: Ensure tx descriptor updates are visible
- microblaze: don't treat zero reserved memory regions as error
- pinctrl: at91: make it work with current gpiolib
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
- ASoC: allow module autoloading for table db1200_pids
- selftests: breakpoints: Fix a typo of function name
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports for
non-continous port maps"
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
- net: dpaa: Pad packets to ETH_ZLEN
- net: ftgmac100: Enable TX interrupt to avoid TX timeout
- net/mlx5e: Add missing link modes to ptys2ethtool_map
- ice: fix accounting for filters shared by multiple VSIs
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma
- scripts: kconfig: merge_config: config files: add a trailing newline
- net: phy: vitesse: repair vsc73xx autonegotiation
- net: ethernet: use ip_hdrlen() instead of bit shift
- usbnet: ipheth: fix carrier detection in modes 1 and 4
+ UBUNTU: Upstream stable to v5.4.285
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2089233
Title:
Focal update: v5.4.285 upstream stable release
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Focal:
In Progress
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.285 upstream stable release
from git://git.kernel.org/
usbnet: ipheth: fix carrier detection in modes 1 and 4
net: ethernet: use ip_hdrlen() instead of bit shift
net: phy: vitesse: repair vsc73xx autonegotiation
scripts: kconfig: merge_config: config files: add a trailing newline
arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma
ice: fix accounting for filters shared by multiple VSIs
net/mlx5e: Add missing link modes to ptys2ethtool_map
net: ftgmac100: Enable TX interrupt to avoid TX timeout
net: dpaa: Pad packets to ETH_ZLEN
spi: nxp-fspi: fix the KASAN report out-of-bounds bug
soundwire: stream: Revert "soundwire: stream: fix programming slave ports for
non-continous port maps"
selftests: breakpoints: Fix a typo of function name
ASoC: allow module autoloading for table db1200_pids
ALSA: hda/realtek - Fixed ALC256 headphone no sound
ALSA: hda/realtek - FIxed ALC285 headphone no sound
pinctrl: at91: make it work with current gpiolib
microblaze: don't treat zero reserved memory regions as error
net: ftgmac100: Ensure tx descriptor updates are visible
wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
ASoC: tda7419: fix module autoloading
drm: komeda: Fix an issue related to normalized zpos
spi: bcm63xx: Enable module autoloading
x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
gpio: prevent potential speculation leaks in gpio_device_get_desc()
USB: serial: pl2303: add device id for Macrosilicon MS3020
USB: usbtmc: prevent kernel-usb-infoleak
ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
wifi: ath9k: fix parameter check in ath9k_init_debug()
wifi: ath9k: Remove error checks when creating debugfs entries
fs: explicitly unregister per-superblock BDIs
mount: warn only once about timestamp range expiration
fs/namespace: fnic: Switch to use %ptTd
mount: handle OOM on mnt_warn_timestamp_expiry
can: j1939: use correct function name in comment
netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
netfilter: nf_tables: reject element expiration with no timeout
netfilter: nf_tables: reject expiration higher than timeout
wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
mac80211: parse radiotap header when selecting Tx queue
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param
sock_map: Add a cond_resched() in sock_hash_free()
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
Bluetooth: btusb: Fix not handling ZPL/short-transfer
net: tipc: avoid possible garbage value
block, bfq: fix possible UAF for bfqq->bic with merge chain
block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
block, bfq: don't break merge chain in bfq_split_bfqq()
spi: ppc4xx: handle irq_of_parse_and_map() errors
spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
ARM: versatile: fix OF node leak in CPUs prepare
reset: berlin: fix OF node leak in probe() error path
clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
hwmon: (max16065) Fix overflows seen when writing limits
mtd: slram: insert break after errors in parsing the map
hwmon: (ntc_thermistor) fix module autoloading
power: supply: axp20x_battery: allow disabling battery charging
power: supply: axp20x_battery: Remove design from min and max voltage
power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
mtd: powernv: Add check devm_kasprintf() returned value
drm/stm: Fix an error handling path in stm_drm_platform_probe()
drm/amdgpu: Replace one-element array with flexible-array member
drm/amdgpu: properly handle vbios fake edid sizing
drm/radeon: Replace one-element array with flexible-array member
drm/radeon: properly handle vbios fake edid sizing
drm/rockchip: vop: Allow 4096px width scaling
drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
jfs: fix out-of-bounds in dbNextAG() and diAlloc()
drm/msm: Fix incorrect file name output in adreno_request_fw()
drm/msm/a5xx: disable preemption in submits by default
drm/msm/a5xx: properly clear preemption records on resume
drm/msm/a5xx: fix races in preemption evaluation stage
ipmi: docs: don't advertise deprecated sysfs entries
drm/msm: fix %s null argument error
drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
xen: use correct end address of kernel for conflict checking
xen/swiotlb: add alignment check for dma buffers
tpm: Clean up TPM space after command failure
selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
selftests/bpf: Fix compiling flow_dissector.c with musl-libc
selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
selftests/bpf: Fix error compiling test_lru_map.c
xz: cleanup CRC32 edits from 2018
kthread: add kthread_work tracepoints
kthread: fix task state in kthread worker if being frozen
ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
ext4: avoid negative min_clusters in find_group_orlov()
ext4: return error on ext4_find_inline_entry
ext4: avoid OOB when system.data xattr changes underneath the filesystem
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
nilfs2: determine empty node blocks as corrupted
nilfs2: fix potential oob read in nilfs_btree_check_delete()
bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
perf sched timehist: Fix missing free of session in perf_sched__timehist()
perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
perf time-utils: Fix 32-bit nsec parsing
clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
PCI: xilinx-nwl: Fix register misspelling
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
pinctrl: single: fix missing error code in pcs_probe()
clk: ti: dra7-atl: Fix leak of of_nodes
pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
watchdog: imx_sc_wdt: Don't disable WDT in suspend
RDMA/hns: Optimize hem allocation performance
riscv: Fix fp alignment bug in perf_callchain_user()
RDMA/cxgb4: Added NULL check for lookup_atid
ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
nfsd: call cache_put if xdr_reserve_space returns NULL
nfsd: return -EINVAL when namelen is 0
f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
f2fs: fix typo
f2fs: fix to update i_ctime in __f2fs_setxattr()
f2fs: remove unneeded check condition in __f2fs_setxattr()
f2fs: reduce expensive checkpoint trigger frequency
iio: adc: ad7606: fix oversampling gpio array
iio: adc: ad7606: fix standby gpio state to match the documentation
coresight: tmc: sg: Do not leak sg_table
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
tcp: check skb is non-NULL in tcp_rto_delta_us()
net: qrtr: Update packets cloning when broadcasting
netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
Remove *.orig pattern from .gitignore
soc: versatile: integrator: fix OF node leak in probe() error path
drm/amd/display: Round calculated vtotal
USB: appledisplay: close race between probe and completion handler
USB: misc: cypress_cy7c63: check for short transfer
USB: class: CDC-ACM: fix race between get_serial and set_serial
firmware_loader: Block path traversal
tty: rp2: Fix reset with non forgiving PCIe host bridges
drbd: Fix atomicity violation in drbd_uuid_set_bm()
drbd: Add NULL check for net_conf to prevent dereference in state validation
ACPI: sysfs: validate return type of _STR method
ACPI: resource: Add another DMI match for the TongFang GMxXGxx
wifi: rtw88: 8822c: Fix reported RX band width
debugobjects: Fix conditions in fill_pool()
f2fs: prevent possible int overflow in dir_block_index()
f2fs: avoid potential int overflow in sanity_check_area_boundary()
hwrng: mtk - Use devm_pm_runtime_enable
vfs: fix race between evice_inodes() and find_inode()&iput()
fs: Fix file_set_fowner LSM hook inconsistencies
nfs: fix memory leak in error path of nfs4_do_reclaim
ASoC: meson: axg: extract sound card utils
UBUNTU: [Config] updateconfigs for SND_MESON_CARD_UTILS
ASoC: meson: axg-card: fix 'use-after-free'
PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
soc: versatile: realview: fix memory leak during device remove
soc: versatile: realview: fix soc_dev leak during device remove
usb: yurex: Replace snprintf() with the safer scnprintf() variant
USB: misc: yurex: fix race between read and write
pps: remove usage of the deprecated ida_simple_xx() API
pps: add an error check in parport_attach
mm: only enforce minimum stack gap size if it's sensible
i2c: aspeed: Update the stop sw state when the bus recovery occurs
i2c: isch: Add missed 'else'
usb: yurex: Fix inconsistent locking bug in yurex_read()
mailbox: rockchip: fix a typo in module autoloading
mailbox: bcm2835: Fix timeout during suspend mode
ceph: remove the incorrect Fw reference check when dirtying pages
Minor fixes to the CAIF Transport drivers Kconfig file
drivers: net: Fix Kconfig indentation, continued
ieee802154: Fix build error
net/mlx5: Added cond_resched() to crdump collection
netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
netfilter: nf_tables: prevent nf_skb_duplicated corruption
Bluetooth: btmrvl_sdio: Refactor irq wakeup
Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
net: ethernet: lantiq_etop: fix memory disclosure
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
net: add more sanity checks to qdisc_pkt_len_init()
ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
ALSA: hda/realtek: Fix the push button function for the ALC257
ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
f2fs: Require FMODE_WRITE for atomic write ioctls
wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
net: hisilicon: hip04: fix OF node leak in probe()
net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
net: hisilicon: hns_mdio: fix OF node leak in probe()
ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
net: sched: consistently use rcu_replace_pointer() in taprio_change()
wifi: rtw88: select WANT_DEV_COREDUMP
ACPI: EC: Do not release locks during operation region accesses
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
tipc: guard against string buffer overrun
net: mvpp2: Increase size of queue_name buffer
ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
ACPICA: iasl: handle empty connection_node
proc: add config & param to block forcing mem writes
UBUNTU: [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
nfp: Use IRQF_NO_AUTOEN flag in request_irq()
signal: Replace BUG_ON()s
ALSA: asihpi: Fix potential OOB array access
ALSA: hdsp: Break infinite MIDI input flush loop
x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
fbdev: pxafb: Fix possible use after free in pxafb_task()
power: reset: brcmstb: Do not go into infinite loop if reset fails
ata: sata_sil: Rename sil_blacklist to sil_quirks
jfs: UBSAN: shift-out-of-bounds in dbFindBits
jfs: Fix uaf in dbFreeBits
jfs: check if leafidx greater than num leaves per dmap tree
jfs: Fix uninit-value access of new_ea in ea_buffer
drm/amd/display: Check stream before comparing them
drm/amd/display: Fix index out of bounds in degamma hardware format
translation
drm/amd/display: Initialize get_bytes_per_element's default to 1
drm/printer: Allow NULL data in devcoredump printer
scsi: aacraid: Rearrange order of struct aac_srb_unit
drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
of/irq: Refer to actual buffer size in of_irq_parse_one()
ext4: ext4_search_dir should return a proper error
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
spi: s3c64xx: fix timeout counters in flush_fifo
selftests: breakpoints: use remaining time to check if suspend succeed
selftests: vDSO: fix vDSO symbols lookup for powerpc64
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
i2c: xiic: Wait for TX empty to avoid missed TX NAKs
firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
spi: bcm63xx: Fix module autoloading
perf/core: Fix small negative period being ignored
parisc: Fix itlb miss handler for 64-bit programs
drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
ALSA: core: add isascii() check to card ID generator
ext4: no need to continue when the number of entries is 1
ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
ext4: aovid use-after-free in ext4_ext_insert_extent()
ext4: fix double brelse() the buffer of the extents path
ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
parisc: Fix 64-bit userspace syscall path
parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
of/irq: Support #msi-cells=<0> in of_msi_get_domain
drm: omapdrm: Add missing check for alloc_ordered_workqueue
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
mm: krealloc: consider spare memory for __GFP_ZERO
ocfs2: fix the la space leak when unmounting an ocfs2 volume
ocfs2: fix uninit-value in ocfs2_get_block()
ocfs2: reserve space for inline xattr before attaching reflink tree
ocfs2: cancel dqi_sync_work before freeing oinfo
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
ocfs2: fix null-ptr-deref when journal load failed.
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
riscv: define ILLEGAL_POINTER_VALUE for 64bit
aoe: fix the potential use-after-free problem in more places
clk: rockchip: fix error for unknown clocks
media: sun4i_csi: Implement link validate for sun4i_csi subdev
media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
media: venus: fix use after free bug in venus_remove due to race condition
iio: magnetometer: ak8975: Fix reading for ak099xx sensors
tomoyo: fallback to realpath if symlink's pathname does not exist
rtc: at91sam9: fix OF node leak in probe() error path
Input: adp5589-keys - fix adp5589_gpio_get_value()
ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[]
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
btrfs: wait for fixup workers before stopping cleaner kthread during umount
gpio: davinci: fix lazy disable
i2c: qcom-geni: Let firmware specify irq trigger flags
i2c: qcom-geni: Grow a dev pointer to simplify code
i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
arm64: Add Cortex-715 CPU part definition
arm64: cputype: Add Neoverse-N3 definitions
arm64: errata: Expand speculative SSBS workaround once more
uprobes: fix kernel info leak via "[uprobes]" vma
nfsd: use ktime_get_seconds() for timestamps
nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()
clk: qcom: clk-rpmh: Fix overflow in BCM vote
r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
r8169: add tally counter fields added with RTL8125
ACPI: battery: Simplify battery hook locking
ACPI: battery: Fix possible crash when unregistering a battery hook
ext4: fix inode tree inconsistency caused by ENOMEM
unicode: Don't special case ignorable code points
net: ethernet: cortina: Drop TSO support
tracing: Remove precision vsnprintf() check from print event
drm/crtc: fix uninitialized variable use even harder
tracing: Have saved_cmdlines arrays all in one allocation
virtio_console: fix misc probe bugs
Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
bpf: Check percpu map value size first
s390/facility: Disable compile time optimization for decompressor code
s390/mm: Add cond_resched() to cmm_alloc/free_pages()
ext4: nested locking for xattr inode
s390/cpum_sf: Remove WARN_ON_ONCE statements
ktest.pl: Avoid false positives with grub2 skip regex
clk: bcm: bcm53573: fix OF node leak in init
PCI: Add ACS quirk for Qualcomm SA8775P
i2c: i801: Use a different adapter-name for IDF adapters
PCI: Mark Creative Labs EMU20k2 INTx masking as broken
ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition
media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put()
usb: chipidea: udc: enable suspend interrupt after usb reset
usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
virtio_pmem: Check device status before requesting flush
tools/iio: Add memory allocation failure check for trigger_name
driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
fbdev: sisfb: Fix strbuf array overflow
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
ice: fix VLAN replay after reset
SUNRPC: Fix integer overflow in decode_rc_list()
tcp: fix to allow timestamp undo if no retransmits were sent
tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
netfilter: br_netfilter: fix panic with metadata_dst skb
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
gpio: aspeed: Add the flush write to ensure the write complete.
gpio: aspeed: Use devm_clk api to manage clock source
igb: Do not bring the device up after non-fatal error
net/sched: accept TCA_STAB only for root qdisc
net: ibm: emac: mal: fix wrong goto
net: annotate lockless accesses to sk->sk_ack_backlog
net: annotate lockless accesses to sk->sk_max_ack_backlog
sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
ppp: fix ppp_async_encode() illegal access
slip: make slhc_remember() more robust against malicious packets
locking/lockdep: Fix bad recursion pattern
locking/lockdep: Rework lockdep_lock
locking/lockdep: Avoid potential access of invalid memory in lock_class
lockdep: fix deadlock issue between lockdep and rcu
resource: fix region_intersects() vs add_memory_driver_managed()
HID: plantronics: Workaround for an unexcepted opposite volume key
Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
usb: dwc3: core: Stop processing of pending events if controller is halted
usb: xhci: Fix problem with xhci resume from suspend
usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma
net: Fix an unsafe loop on the list
nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
posix-clock: Fix missing timespec64 check in pc_clock_settime()
arm64: probes: Remove broken LDR (literal) uprobe support
arm64: probes: Fix simulate_ldr*_literal()
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
tracing/kprobes: Fix symbol counting logic by looking at modules as well
PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
fat: fix uninitialized variable
mm/swapfile: skip HugeTLB pages for unuse_vma
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
KVM: s390: Change virtual to physical address access in diag 0x258 handler
x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
drm/vmwgfx: Handle surface check failure correctly
iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
iio: light: opt3001: add missing full-scale range value
iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
Bluetooth: Remove debugfs directory on module init failure
Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
xhci: Fix incorrect stream context type macro
USB: serial: option: add support for Quectel EG916Q-GL
USB: serial: option: add Telit FN920C04 MBIM compositions
parport: Proper fix for array out-of-bounds access
x86/resctrl: Annotate get_mem_config() functions as __init
x86/apic: Always explicitly disarm TSC-deadline timer
nilfs2: propagate directory read errors from nilfs_find_entry()
mac80211: Fix NULL ptr deref for injected rate info
RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
ipv4: give an IPv4 dev to blackhole_netdev
RDMA/bnxt_re: Return more meaningful error
drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
macsec: don't increment counters for an unrelated SA
net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit()
net: systemport: fix potential memory leak in bcm_sysport_xmit()
genetlink: hold RCU in genlmsg_mcast()
smb: client: fix OOBs when building SMB2_IOCTL request
usb: typec: altmode should keep reference to parent
Bluetooth: bnep: fix wild-memory-access in proto_unregister
arm64:uprobe fix the uprobe SWBP_INSN in big-endian
arm64: probes: Fix uprobes for big-endian kernels
KVM: s390: gaccess: Check if guest address is in memslot
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
udf: fix uninit-value use in udf_get_fileshortad
jfs: Fix sanity check in dbMount
tracing: Consider the NULL character when validating the event length
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
be2net: fix potential memory leak in be_xmit()
net: usb: usbnet: fix name regression
net: sched: fix use-after-free in taprio_change()
r8169: avoid unsolicited interrupts
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
ALSA: hda/realtek: Update default depop procedure
drm/amd: Guard against bad data for ATIF ACPI method
ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
selinux: improve error checking in sel_write_load()
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
cgroup: Fix potential overflow issue when checking max_depth
wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
mac80211: do drv_reconfig_complete() before restarting all
mac80211: Add support to trigger sta disconnect on hardware restart
wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema
gtp: simplify error handling code in 'gtp_encap_enable()'
gtp: allow -1 to be specified as file description from userspace
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
bpf: Fix out-of-bounds write in trie_get_next_key()
net: support ip generic csum processing in skb_csum_hwoffload_help
net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
drivers/misc: ti-st: Remove unneeded variable in st_tty_open
firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
net: amd: mvme147: Fix probe banner message
misc: sgi-gru: Don't disable preemption in GRU driver
usbip: tools: Fix detach_port() invalid port error path
usb: phy: Fix API devm_usb_put_phy() can not release the phy
xhci: Fix Link TRB DMA in command ring stopped completion event
Revert "driver core: Fix uevent_show() vs driver detach race"
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
wifi: ath10k: Fix memory leak in management tx
wifi: iwlegacy: Clear stale interrupts before resuming device
staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
nilfs2: fix potential deadlock with newly created symlinks
riscv: Remove unused GENERATING_ASM_OFFSETS
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
nilfs2: fix kernel bug due to missing clearing of checked flag
mm: shmem: fix data-race in shmem_getattr()
Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
vt: prevent kernel-infoleak in con_font_get()
mac80211: always have ieee80211_sta_restart()
mm: krealloc: Fix MTE false alarm in __do_krealloc
Linux 5.4.285
UBUNTU: Upstream stable to v5.4.285
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089233/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
