https://source.android.com/docs/security/bulletin/2024-08-01
CVE-2024-36971
* tag 'ASB-2024-08-05_12-5.10' of https://android.googlesource.com/kernel/common:
ANDROID: GKI: remove export of tracing control functions
ANDROID: Incremental fs: Retry page faults on non-fatal errors
ANDROID: update ABI XML due to struct clk_core change
UPSTREAM: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
UPSTREAM: f2fs: avoid false alarm of circular locking
UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock
ANDROID: userfaultfd: Fix use-after-free in userfaultfd_using_sigbus()
ANDROID: 16K: Don't set padding vm_flags on 32-bit archs
ANDROID: update .xml file due to struct clk_core abi change
ANDROID: mark DRM_VMWGFX as BROKEN
Revert "ANDROID: Setting up GS before calling __restore_processor_state."
Revert "block: introduce zone_write_granularity limit"
Revert "block: Clear zone limits for a non-zoned stacked queue"
Revert "scsi: sd: Fix wrong zone_write_granularity value during revalidate"
Revert "PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()"
Revert "PCI: Cache PCIe Device Capabilities register"
Revert "PCI: Work around Intel I210 ROM BAR overlap defect"
Revert "PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited"
Revert "PCI/DPC: Quirk PIO log size for certain Intel Root Ports"
Revert "PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports"
Revert "PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports"
Revert "timers: Rename del_timer_sync() to timer_delete_sync()"
Linux 5.10.218
docs: kernel_include.py: Cope with docutils 0.21
serial: kgdboc: Fix NMI-safety problems from keyboard reset code
usb: typec: ucsi: displayport: Fix potential deadlock
drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
mptcp: ensure snd_nxt is properly initialized on connect
firmware: arm_scmi: Harden accesses to the reset domains
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
netlink: annotate lockless accesses to nlk->max_recvmsg_len
ima: fix deadlock when traversing "ima_default_rules".
net: bcmgenet: synchronize UMAC_CMD access
net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
x86/xen: Drop USERGS_SYSRET64 paravirt call
pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin()
Linux 5.10.217
md: fix kmemleak of rdev->serial
keys: Fix overwrite of key expiration on instantiation
regulator: core: fix debugfs creation regression
hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
net: fix out-of-bounds access in ops_init
drm/vmwgfx: Fix invalid reads in fence signaled events
mei: me: add lunar lake point M DID
dyndbg: fix old BUG_ON in >control parser
ASoC: tegra: Fix DSPK 16-bit playback
net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
tipc: fix UAF in error path
iio: accel: mxc4005: Interrupt handling fixes
iio:imu: adis16475: Fix sync mode setting
ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
usb: dwc3: core: Prevent phy suspend during init
usb: xhci-plat: Don't include xhci.h
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: gadget: composite: fix OS descriptors w_value logic
usb: ohci: Prevent missed ohci interrupts
usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device
usb: typec: ucsi: Fix connector check on init
usb: typec: ucsi: Check for notifications after init
arm64: dts: qcom: Fix 'interrupt-map' parent address cells
firewire: nosy: ensure user_length is taken into account when fetching packet contents
btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
net: hns3: use appropriate barrier function after setting a bit value
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
net: bridge: fix corrupted ethernet header on multicast-to-unicast
kcov: Remove kcov include from sched.h and move it to its users.
phonet: fix rtm_phonet_notify() skb allocation
hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event()
hwmon: (corsair-cpro) Use a separate buffer for sending commands
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
xfrm: Preserve vlan tags for transport mode software GRO
net:usb:qmi_wwan: support Rolling modules
drm/nouveau/dp: Don't probe eDP ports twice harder
fs/9p: drop inodes immediately on non-.L too
clk: Don't hold prepare_lock when calling kref_put()
gpio: crystalcove: Use -ENOTSUPP consistently
gpio: wcove: Use -ENOTSUPP consistently
9p: explicitly deny setlease attempts
fs/9p: translate O_TRUNC into OTRUNC
fs/9p: only translate RWX permissions for plain 9P2000
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
MIPS: scall: Save thread_info.syscall unconditionally on entry
gpu: host1x: Do not setup DMA for virtual devices
blk-iocost: avoid out of bounds shift
scsi: target: Fix SELinux error when systemd-modules loads the target module
btrfs: always clear PERTRANS metadata during commit
btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
tools/power turbostat: Fix Bzy_MHz documentation typo
tools/power turbostat: Fix added raw MSR output
firewire: ohci: mask bus reset interrupts between ISR and bottom half
ata: sata_gemini: Check clk_enable() result
net: bcmgenet: Reset RBUF on first open
ALSA: line6: Zero-initialize message buffers
btrfs: return accurate error code on open failure in open_fs_devices()
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
net: mark racy access on sk->sk_rcvbuf
wifi: cfg80211: fix rdev_dump_mpp() arguments order
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
gfs2: Fix invalid metadata access in punch_hole
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
net: gro: add flush check in udp_gro_receive_segment
tipc: fix a possible memleak in tipc_buf_append
net: core: reject skb_copy(_expand) for fraglist GSO skbs
net: bridge: fix multicast-to-unicast with fraglist GSO
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
cxgb4: Properly lock TX queue for the selftest.
ASoC: meson: cards: select SND_DYNAMIC_MINORS
ASoC: Fix 7/8 spaces indentation in Kconfig
net: qede: use return from qede_parse_actions()
net: qede: use return from qede_parse_flow_attr() for flow_spec
net: qede: use return from qede_parse_flow_attr() for flower
net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
s390/vdso: Add CFI for RA register to asm macro vdso_func
net l2tp: drop flow hash on forward
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
octeontx2-af: avoid off-by-one read from userspace
bna: ensure the copied buf is NUL terminated
s390/mm: Fix clearing storage keys for huge pages
s390/mm: Fix storage key clearing for guest huge pages
regulator: mt6360: De-capitalize devicetree regulator subnodes
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
power: rt9455: hide unused rt9455_boost_voltage_values
nfs: Handle error of rpc_proc_register() in nfs_net_init().
nfs: make the rpc_stat per net namespace
nfs: expose /proc/net/sunrpc/nfs in net namespaces
sunrpc: add a struct rpc_stats arg to rpc_create_args
pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
pinctrl: core: delete incorrect free in pinctrl_enable()
pinctrl/meson: fix typo in PDM's pin name
pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
eeprom: at24: fix memory corruption race condition
eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
eeprom: at24: Use dev_err_probe for nvmem register failure
wifi: nl80211: don't free NULL coalescing rule
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
dmaengine: pl330: issue_pending waits until WFP state
Linux 5.10.216
riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
udp: preserve the connected status if only UDP cmsg
bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
i2c: smbus: fix NULL function pointer dereference
riscv: Fix TASK_SIZE on 64-bit NOMMU
riscv: fix VMALLOC_START definition
dma: xilinx_dpdma: Fix locking
idma64: Don't try to serve interrupts when device is powered off
dmaengine: owl: fix register access functions
tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
mtd: diskonchip: work around ubsan link failure
stackdepot: respect __GFP_NOLOCKDEP allocation flag
net: b44: set pause params only when interface is up
ethernet: Add helper for assigning packet type when dest address does not match device address
irqchip/gic-v3-its: Prevent double free on error
drm/amdgpu: Fix leak when GPU memory allocation fails
drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
cpu: Re-enable CPU mitigations by default for !X86 architectures
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
PM / devfreq: Fix buffer overflow in trans_stat_show
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
tracing: Show size of requested perf buffer
net/mlx5e: Fix a race in command alloc flow
Revert "crypto: api - Disallow identical driver names"
serial: mxs-auart: add spinlock around changing cts state
serial: core: Provide port lock wrappers
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets
iavf: Fix TC config comparison with existing adapter TC config
i40e: Report MFS in decimal base instead of hex
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
netfilter: nf_tables: honor table dormant flag from netdev release event path
mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
mlxsw: spectrum_acl_tcam: Fix warning during rehash
mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
mlxsw: spectrum_acl_tcam: Rate limit error message
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
ipvs: Fix checksumming on GSO of SCTP packets
net: gtp: Fix Use-After-Free in gtp_dellink
net: usb: ax88179_178a: stop lying about skb->truesize
ipv4: check for NULL idev in ip_route_use_hint()
NFC: trf7970a: disable all regulators on removal
mlxsw: core: Unregister EMAD trap using FORWARD action
vxlan: drop packets from invalid src-address
wifi: iwlwifi: mvm: remove old PASN station when adding a new one
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
arm64: dts: mediatek: mt2712: fix validation errors
arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
arm64: dts: mediatek: mt7622: fix IR nodename
arm64: dts: mediatek: mt7622: fix clock controllers
arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch
arm64: dts: mediatek: mt7622: add support for coherent DMA
arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
nilfs2: fix OOB in nilfs_set_de_type
nouveau: fix instmem race condition around ptr stores
drm/amdgpu: validate the parameters of bo mapping operations more clearly
init/main.c: Fix potential static_command_line memory overflow
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
speakup: Avoid crash on very long word
mei: me: disable RPL-S on SPS and IGN firmwares
usb: Disable USB3 LPM at shutdown
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
Revert "usb: cdc-wdm: close race between read and workqueue"
USB: serial: option: add Telit FN920C04 rmnet compositions
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Fibocom FM135-GL variants
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
comedi: vmk80xx: fix incomplete endpoint checking
thunderbolt: Fix wake configurations after device unplug
thunderbolt: Avoid notify PM core about runtime PM resume
binder: check offset alignment in binder_get_object()
x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
clk: Get runtime PM before walking tree during disable_unused
clk: Initialize struct clk_core kref earlier
clk: Print an info line before disabling unused clocks
clk: remove extra empty line
clk: Mark 'all_lists' as const
clk: Remove prepare_lock hold assertion in __clk_release()
drm/panel: visionox-rm69299: don't unregister DSI device
drm: nv04: Fix out of bounds access
RDMA/mlx5: Fix port number for counter query in multi-port configuration
RDMA/cm: Print the old state when cm_destroy_id gets timeout
RDMA/rxe: Fix the problem "mutex_destroy missing"
tun: limit printing rate when illegal packet received by tun dev
netfilter: nft_set_pipapo: do not free live element
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
kprobes: Fix possible use-after-free issue on kprobe registration
selftests/ftrace: Limit length in subsystem-enable tests
riscv: process: Fix kernel gp leakage
riscv: Enable per-task stack canaries
btrfs: record delayed inode root in transaction
irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
x86/apic: Force native_apic_mem_read() to use the MOV instruction
selftests: timers: Fix abs() warning in posix_timers test
x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n
vhost: Add smp_rmb() in vhost_vq_avail_empty()
drm/client: Fully protect modes[] with dev->mode_config.mutex
btrfs: qgroup: correctly model root qgroup rsv in convert
mailbox: imx: fix suspend failue
iommu/vt-d: Allocate local memory for page request queue
net: ena: Fix incorrect descriptor free behavior
net: ena: Wrong missing IO completions check order
net: ena: Fix potential sign extension issue
af_unix: Fix garbage collector racing against connect()
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
net/mlx5: Properly link new fs rules into the tree
netfilter: complete validation of user input
Bluetooth: SCO: Fix not validating setsockopt user input
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
ipv4/route: avoid unused-but-set-variable warning
ipv6: fib: hide unused 'pn' variable
octeontx2-af: Fix NIX SQ mode and BP config
geneve: fix header validation in geneve[6]_xmit_skb
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
net: openvswitch: fix unwanted error log on timeout policy probing
nouveau: fix function cast warning
media: cec: core: remove length check of Timer Status
Bluetooth: Fix memory leak in hci_req_sync_complete()
batman-adv: Avoid infinite loop trying to resize local TT
Linux 5.10.215
x86/head/64: Re-enable stack protection
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
scsi: sd: Fix wrong zone_write_granularity value during revalidate
kbuild: dummy-tools: adjust to stricter stackprotector check
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Bluetooth: btintel: Fixe build regression
drm/i915/gt: Reset queue_priority_hint on parking
x86/mm/pat: fix VM_PAT handling in COW mappings
virtio: reenable config if freezing device failed
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
netfilter: nf_tables: discard table flag update with pending basechain deletion
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: release batch on table validation from abort path
fbmon: prevent division by zero in fb_videomode_from_videomode()
drivers/nvme: Add quirks for device 126f:2262
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
usb: typec: tcpci: add generic tcpci fallback compatible
tools: iio: replace seekdir() in iio_generic_buffer
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
ktest: force $buildonly = 1 for 'make_warnings_file' test type
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Input: allocate keycode for Display refresh rate toggle
RDMA/cm: add timeout to cm_destroy_id wait
block: prevent division by zero in blk_rq_stat_sum()
libperf evlist: Avoid out-of-bounds access
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
drm/amd/display: Fix nanosec stat overflow
ext4: forbid commit inconsistent quota data when errors=remount-ro
ext4: add a hint for block bitmap corrupt state in mb_groups
media: sta2x11: fix irq handler cast
isofs: handle CDs with bad root inode but good Joliet root directory
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
sysv: don't call sb_bread() with pointers_lock held
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
pstore/zone: Add a null pointer check to the psz_kmsg_read
ionic: set adminq irq affinity
arm64: dts: rockchip: fix rk3399 hdmi ports node
arm64: dts: rockchip: fix rk3328 hdmi ports node
panic: Flush kernel log buffer at the end
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
objtool: Add asm version of STACK_FRAME_NON_STANDARD
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
x86/bugs: Fix the SRSO mitigation on Zen3/4
riscv: Fix spurious errors from __get/put_kernel_nofault
s390/entry: align system call table on 8 bytes
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
driver core: Introduce device_link_wait_removal()
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
ata: sata_mv: Fix PCI device ID table declaration compilation warning
scsi: mylex: Fix sysfs buffer lengths
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
net: ravb: Always process TX descriptor ring
udp: do not accept non-tunnel GSO skbs landing in a tunnel
Revert "usb: phy: generic: Get the vbus supply"
scsi: qla2xxx: Update manufacturer detail
scsi: qla2xxx: Update manufacturer details
i40e: fix vf may be used uninitialized in this function warning
i40e: fix i40e_count_filters() to count only active/new filters
octeontx2-pf: check negative error code in otx2_open()
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
ipv6: Fix infinite recursion in fib6_dump_done().
selftests: reuseaddr_conflict: add missing new line at the end of the output
erspan: make sure erspan_base_hdr is present in skb->head
net: stmmac: fix rx queue priority assignment
net/sched: act_skbmod: prevent kernel-infoleak
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
netfilter: validate user input for expected length
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: reject new basechain after table flag update
block: add check that partition length needs to be aligned with block size
x86/srso: Add SRSO mitigation for Hygon processors
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
io_uring: ensure '0' is returned on file registration success
vfio/fsl-mc: Block calling interrupt handler without trigger
vfio/platform: Create persistent IRQ handlers
vfio/pci: Create persistent INTx handler
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Lock external INTx masking ops
vfio/pci: Disable auto-enable of exclusive INTx IRQ
net/rds: fix possible cp null dereference
netfilter: nf_tables: disallow timeout for anonymous sets
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Bluetooth: hci_event: set the conn encrypted before conn establishes
x86/cpufeatures: Add new word for scattered features
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
dm integrity: fix out-of-range warning
Octeontx2-af: fix pause frame configuration in GMP mode
bpf: Protect against int overflow for stack access size
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
tcp: properly terminate timers for kernel sockets
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
USB: core: Fix deadlock in usb_deauthorize_interface()
scsi: lpfc: Correct size for wqe for memset()
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: qla2xxx: Delay I/O Abort on PCI error
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Split FCE|EFT trace control
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
usb: typec: ucsi: Ack unsupported commands
usb: udc: remove warning when queue disabled ep
usb: dwc2: gadget: LPM flow fix
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix remote wakeup from hibernation
USB: core: Add hub_get() and hub_put() routines
staging: vc04_services: fix information leak in create_component()
staging: vc04_services: changen strncpy() to strscpy_pad()
scsi: core: Fix unremoved procfs host directory regression
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
usb: cdc-wdm: close race between read and workqueue
net: ll_temac: platform_get_resource replaced by wrong function
mmc: core: Avoid negative index with array access
mmc: core: Initialize mmc_blk_ioc_data
hexagon: vmlinux.lds.S: handle attributes section
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
init: open /initrd.image with O_LARGEFILE
mm/migrate: set swap entry values of THP tail pages properly.
mm/memory-failure: fix an incorrect use of tail pages
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
efivarfs: Request at most 512 bytes for variable names
perf/core: Fix reentry problem in perf_output_read_group()
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
x86/rfds: Mitigate Register File Data Sampling (RFDS)
Documentation/hw-vuln: Add documentation for RFDS
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
x86/entry_32: Add VERW just before userspace transition
x86/entry_64: Add VERW just before userspace transition
x86/bugs: Add asm helpers for executing VERW
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
printk: Update @console_may_schedule in console_trylock_spinning()
xen/events: close evtchn after mapping cleanup
tee: optee: Fix kernel panic caused by incorrect error handling
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
vt: fix unicode buffer corruption when deleting characters
mei: me: add arrow lake point H DID
mei: me: add arrow lake point S DID
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
usb: port: Don't try to peer unused USB ports based on location
usb: gadget: ncm: Fix handling of zero block length packets
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
comedi: comedi_test: Prevent timers rescheduling during deletion
scripts: kernel-doc: Fix syntax error due to undeclared args variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
x86/stackprotector/32: Make the canary into a regular percpu variable
vxge: remove unnecessary cast in kfree()
dm snapshot: fix lockup in dm_exception_table_exit
drm/amd/display: Fix noise issue on HDMI AV mute
drm/amd/display: Return the correct HDCP error code
ahci: asm1064: asm1166: don't limit reported ports
ahci: asm1064: correct count of reported ports
wireguard: netlink: access device through ctx instead of peer
wireguard: netlink: check for dangling peer via is_dead instead of empty list
net: hns3: tracing: fix hclgevf trace event strings
x86/CPU/AMD: Update the Zenbleed microcode revisions
cpufreq: dt: always allocate zeroed cpumask
nilfs2: prevent kernel bug at submit_bh_wbc()
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
memtest: use {READ,WRITE}_ONCE in memory scanning
drm/vc4: hdmi: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/panel: do not return negative error codes from drm_panel_get_modes()
s390/zcrypt: fix reference counting on zcrypt card objects
soc: fsl: qbman: Use raw spinlock for cgr_lock
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
ring-buffer: Fix full_waiters_pending in poll
ring-buffer: Fix resetting of shortest_full
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix waking up ring buffer readers
vfio/platform: Disable virqfds on cleanup
PCI: dwc: endpoint: Fix advertised resizable BAR size
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
nfs: fix UAF in direct writes
PCI/AER: Block runtime suspend when handling errors
PCI/ERR: Clear AER status only when we control AER
speakup: Fix 8bit characters from direct synth
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
usb: gadget: tegra-xudc: Use dev_err_probe()
phy: tegra: xusb: Add API to retrieve the port number of phy
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
nvmem: meson-efuse: fix function pointer type mismatch
ext4: fix corruption during on-line resize
hwmon: (amc6821) add of_match table
drm/etnaviv: Restore some id values
mmc: core: Fix switch on gp3 partition
mm: swap: fix race between free_swap_and_cache() and swapoff()
mac802154: fix llsec key resources release in mac802154_llsec_key_del
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI: Work around Intel I210 ROM BAR overlap defect
PCI: Cache PCIe Device Capabilities register
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI: Drop pci_device_remove() test of pci_dev->driver
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
serial: Lock console when calling into driver before registration
printk/console: Split out code that enables default console
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
fuse: don't unhash root
fuse: fix root lookup with nonzero generation
mmc: tmio: avoid concurrent runs of mmc_request_done()
PM: sleep: wakeirq: fix wake irq warning in system suspend
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: add device ID for VeriFone adapter
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
powerpc/fsl: Fix mfpmr build errors with newer binutils
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
PM: suspend: Set mem_sleep_current during kernel command line setup
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix ip_fast_csum
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
mtd: rawnand: meson: fix scrambling mode value in command macro
ubi: correct the calculation of fastmap size
ubi: Check for too small LEB size in VTBL code
ubifs: Set page uptodate in the correct place
fat: fix uninitialized field in nostale filehandles
bounds: support non-power-of-two CONFIG_NR_CPUS
block: Clear zone limits for a non-zoned stacked queue
block: introduce zone_write_granularity limit
ext4: correct best extent lstart adjustment logic
selftests/mqueue: Set timeout to 180 seconds
crypto: qat - resolve race condition during AER recovery
crypto: qat - fix double free during reset
sparc: vDSO: fix return value of __setup handler
sparc64: NMI watchdog: fix return value of __setup handler
KVM: Always flush async #PF workqueue when vCPU is being destroyed
media: xc4000: Fix atomicity violation in xc4000_get_frequency
serial: max310x: fix NULL pointer dereference in I2C instantiation
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx: stop using ttm_bo_create v2
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
timers: Rename del_timer_sync() to timer_delete_sync()
timers: Use del_timer_sync() even on UP
timers: Update kernel-doc for various functions
x86/bugs: Use sysfs_emit()
x86/cpu: Support AMD Automatic IBRS
Documentation/hw-vuln: Update spectre doc
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Change-Id: I7279a2f07527db00e298b47f8f8f44c457fa2ef6
d613c46b79