-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Sep 2021 20:53:57 +0200 Source: linux-signed-arm64 Architecture: source Version: 4.19.208+1 Distribution: buster-proposed-updates Urgency: medium Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Changes: linux-signed-arm64 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter Checksums-Sha1: a35a02297a0e26568108cc73ca11264793dc6a1b 6605 linux-signed-arm64_4.19.208+1.dsc e651ddc4a6b802bd44674356909f53623eb2116b 2031152 linux-signed-arm64_4.19.208+1.tar.xz Checksums-Sha256: 1c995b30014caa6d22976e180144ecc01403af5576364e9da7cfea06e8cd9d6a 6605 linux-signed-arm64_4.19.208+1.dsc ff3c0b0c54ca338b4558cec0d99a84df0f564c6429b548b5996d846093d63d2d 2031152 linux-signed-arm64_4.19.208+1.tar.xz Files: 90dd345025ec56c8e8361dc63520ad76 6605 kernel optional linux-signed-arm64_4.19.208+1.dsc 7475dc2e1a4ba7885198196ae08cc87b 2031152 kernel optional linux-signed-arm64_4.19.208+1.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFWMksACgkQi0FRiLdO NzZVgQ/+PSI6Mis52iswwlVuJJ7rAP+TjBee45hqyS89/O/hckcsfVfsrdpbPBBF gk0Cy6jA/ol/TnLlfoaNcqJhoN0pON59I1qZH9xu1L0KyNsjASTXUnYcSjgMrs1w IQNy5/X53L3UohxmokzWMrUfJrAyE/AArimwRWR3aLRT7TPjibnxgNWv6cs5GAVS 6XpP8qTF3H+8dHgbzq/sLzOfWwWT+LYbeEy4AtjkKQRzGHgqIELB9ggT8xAVL5LY J4fRJIsvHU8fdaiCXl1U8c2BYMgOOzgpv0lJG0aYS7/beXrCvPjnyknBNdxsEqsB nQsRVK2PcVs62jL7svUqYmSIdTevldqQ6g9AeeEV6476iCDGVCD80CKy0PCgOrOn JYG3PQdQn7wJbURVnPpC14LdnolJL49nkCBT5nd+8+0uQybICrPtfvSp3uzA1jCB Wb1iDroq/iyNouCl6TF0tVtYRUoOHiFKKoDXMlrQTT/WNzf1sJMVmIty0p2vUnA/ GmCIWKcfnxqG511EEyA31faP467hrWtHQaYI6Ju6UzLcGIR3WUkbJE3Tu84Jcokf KOj6440LnBM9BJbE6CMWFZmbZch8JEsGLqnYQPRth+4SPWlKlFVlFOGzsfxtjbcg xzid2lI3nCwDfJaYo89Lla5iZdBXqybzmQFRTqxVWVPwtIda8bw= =hsix -----END PGP SIGNATURE-----