Commit 7dcfec3c authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 5.10.28-6parrot1

linux (5.10.28-6parrot1) rolling; urgency=medium
  * Import new Debian release.
linux (5.10.28-1) unstable; urgency=medium
  * New upstream stable update:
    - mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add
      nr_pages argument
    - mm/memcg: set memcg when splitting page
    - mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
    - net: stmmac: fix dma physical address of descriptor when display ring
    - [arm64,armhf] net: fec: ptp: avoid register access when ipg clock is
    - [powerpc*] 4xx: Fix build errors from mfdcr()
    - atm: eni: dont release is never initialized
    - atm: lanai: dont run lanai_dev_close if not open
    - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
    - [x86] ALSA: hda: ignore invalid NHLT table
    - ixgbe: Fix memleak in ixgbe_configure_clsu32
    - blk-cgroup: Fix the recursive blkg rwstat
    - net: tehuti: fix error return code in bdx_probe()
    - net: intel: iavf: fix error return code of iavf_init_get_resources()
    - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
    - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264)
    - cifs: ask for more credit on async read/write code paths
    - gfs2: fix use-after-free in trans_drain
    - [arm64,armhf] cpufreq: blacklist Arm Vexpress platforms in
    - gpiolib: acpi: Add missing IRQF_ONESHOT
    - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
    - NFS: Correct size calculation for create reply length
    - [arm64] net: hisilicon: hns: fix error return code of
    - [arm64] net: enetc: set MAC RX FIFO to recommended value
    - atm: uPD98402: fix incorrect allocation
    - atm: idt77252: fix null-ptr-dereference
    - cifs: change noisy error message to FYI
    - kbuild: add image_name to no-sync-config-targets
    - umem: fix error return code in mm_pci_probe()
    - [sparc64] Fix opcode filtering in handling of no fault loads
    - u64_stats,lockdep: Fix u64_stats_init() vs lockdep
    - block: Fix REQ_OP_ZONE_RESET_ALL handling
    - drm/amdgpu: fb BO should be ttm_bo_type_device
    - drm/radeon: fix AGP dependency
    - nvme: simplify error logic in nvme_validate_ns()
    - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
    - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
    - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
    - nvme-core: check ctrl css before setting up zns
    - nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
    - nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
    - nfs: we don't support removing system.nfs4_acl
    - block: Suppress uevent for hidden device when removed
    - mm/fork: clear PASID for new mm
    - [ia64] fix ia64_syscall_get_set_arguments() for break-based syscalls
    - [ia64] fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
    - static_call: Pull some static_call declarations to the type headers
    - [x86] static_call: Allow module use without exposing static_call_key
    - [x86] static_call: Fix the module key fixup
    - [x86] static_call: Fix static_call_set_init()
    - [x86] KVM: Protect userspace MSR filter with SRCU, and set atomically-ish
    - btrfs: fix sleep while in non-sleep context during qgroup removal
    - selinux: don't log MAC_POLICY_LOAD record on failed policy load
    - selinux: fix variable scope issue in live sidtab conversion
    - [arm64] netsec: restore phy power state after controller reset
    - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events
    - psample: Fix user API breakage
    - z3fold: prevent reclaim/free race for headless pages
    - squashfs: fix inode lookup sanity checks
    - squashfs: fix xattr id and id lookup sanity checks
    - hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared
    - [x86] ACPI: video: Add missing callback back for Sony VPCEH3U1E
    - ACPICA: Always create namespace nodes using acpi_ns_create_node()
    - [arm64] stacktrace: don't trace arch_stack_walk()
    - integrity: double check iint_cache was initialized
    - [armhf] drm/etnaviv: Use FOLL_FORCE for userptr
    - drm/amdgpu: Add additional Sienna Cichlid PCI ID
    - [x86] drm/i915: Fix the GT fence revocation runtime PM logic
    - dm verity: fix DM_VERITY_OPTS_MAX value
    - dm ioctl: fix out of bounds array access when no devices
    - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
    - [armhf] OMAP2+: Fix smartreflex init regression after dropping legacy data
    - [armhf] soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7
    - veth: Store queue_mapping independently of XDP prog presence
    - bpf: Change inode_storage's lookup_elem return value from NULL to -EBADF
    - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets
    - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs
    - net/mlx5e: Don't match on Geneve options in case option masks are all zero
    - ipv6: fix suspecious RCU usage warning
    - drop_monitor: Perform cleanup upon probe registration failure
    - macvlan: macvlan_count_rx() needs to be aware of preemption
    - net: sched: validate stab values
    - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
    - igc: reinit_locked() should be called with rtnl_lock
    - igc: Fix Pause Frame Advertising
    - igc: Fix Supported Pause Frame Link Setting
    - igc: Fix igc_ptp_rx_pktstamp()
    - e1000e: add rtnl_lock() to e1000_reset_task
    - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
    - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
    - net: phy: broadcom: Add power down exit reset state delay
    - [armhf] ftgmac100: Restart MAC HW once
    - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647)
    - flow_dissector: fix byteorder of dissected ICMP ID
    - netfilter: ctnetlink: fix dump of the expect mask attribute
    - net: phylink: Fix phylink_err() function name error in
    - tipc: better validate user input in tipc_nl_retrieve_key()
    - tcp: relookup sock for RST+ACK packets handled by obsolete req sock
    - can: isotp: isotp_setsockopt(): only allow to set low level TX flags for
    - can: isotp: TX-path: ensure that CAN frame flags are initialized
    - can: peak_usb: add forgotten supported devices
    - [arm64,armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for
      missing bitrate
    - can: c_can_pci: c_can_pci_remove(): fix use-after-free
    - [armhf] can: c_can: move runtime PM enable/disable to c_can_platform
    - mac80211: fix rate mask reset
    - mac80211: Allow HE operation to be longer than expected.
    - nfp: flower: fix unsupported pre_tunnel flows
    - nfp: flower: add ipv6 bit to pre_tunnel control message
    - nfp: flower: fix pre_tun mask id allocation
    - ftrace: Fix modify_ftrace_direct.
    - [arm64] drm/msm/dsi: fix check-before-set in the 7nm dsi_pll code
    - net/sched: cls_flower: fix only mask bit check in the validate_ct_state
    - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags
    - netfilter: nftables: allow to update flowtable flags
    - netfilter: flowtable: Make sure GC works periodically in idle system
    - [armhf] dts: imx6ull: fix ubi filesystem mount failed
    - ipv6: weaken the v4mapped source check
    - net: check all name nodes in __dev_alloc_name
    - net: cdc-phonet: fix data-interface release on probe failure
    - igb: check timestamp validity
    - r8152: limit the RX buffer size of RTL8153A for USB 2.0
    - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
    - selinux: vsock: Set SID for socket returned by accept()
    - bpf: Fix umd memory leak in copy_process() (CVE-2021-29649)
    - can: isotp: tx-path: zero initialize outgoing CAN frames
    - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind
    - [arm64] drm/msm: Fix suspend/resume on i.MX5
    - [arm64] kdump: update ppos when reading elfcorehdr
    - PM: runtime: Defer suspending suppliers
    - net/mlx5: Add back multicast stats for uplink representor
    - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP
    - net/mlx5e: Offload tuple rewrite for non-CT flows
    - net/mlx5e: Fix error path for ethtool set-priv-flag
    - PM: EM: postpone creating the debugfs dir till fs_initcall
    - net: bridge: don't notify switchdev for local FDB addresses
    - [amd64] xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on
    - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
    - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
    - net: Consolidate common blackhole dst ops
    - net, bpf: Fix ip6ip6 crash with collect_md populated skbs
    - igb: avoid premature Rx buffer reuse
    - net: phy: introduce phydev->port
    - net: phy: broadcom: Avoid forward for bcm54xx_config_clock_delay()
    - net: phy: broadcom: Set proper 1000BaseX/SGMII interface mode for
    - net: phy: broadcom: Fix RGMII delays for BCM50160 and BCM50610M
    - Revert "netfilter: x_tables: Switch synchronization to RCU"
    - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650)
    - dm table: Fix zoned model check and zone sectors check
    - mm/mmu_notifiers: ensure range_end() is paired with range_start()
    - Revert "netfilter: x_tables: Update remaining dereference to RCU"
    - ACPI: scan: Rearrange memory allocation in acpi_device_add()
    - ACPI: scan: Use unique number for instance_no
    - io_uring: fix provide_buffers sign extension
    - block: recalculate segment count for multi-segment discards correctly
    - scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
    - scsi: qedi: Fix error return code of qedi_alloc_global_queues()
    - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
    - smb3: fix cached file size problems in duplicate extents (reflink)
    - cifs: Adjust key sizes and key generation routines for AES256 encryption
    - locking/mutex: Fix non debug version of mutex_lock_io_nested()
    - mm/memcg: fix 5.10 backport of splitting page memcg
    - fs/cachefiles: Remove wait_bit_key layout dependency
    - can: dev: Move device back to init netns on owning netns delete
    - r8169: fix DMA being used after buffer free if WoL is enabled
    - [armhf] net: dsa: b53: VLAN filtering is global to all users
    - mac80211: fix double free in ibss_leave
    - ext4: add reclaim checks to xattr code
    - fs/ext4: fix integer overflow in s_log_groups_per_flex
    - [amd64] Revert "xen: fix p2m size in dom0 for disabled memory hotplug
    - Revert "net: bonding: fix error return code of bond_neigh_init()"
    - nvme: fix the nsid value to print in nvme_validate_or_alloc_ns
    - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
    - xen-blkback: don't leak persistent grants from xen_blkbk_map()
    - [arm64] mm: correct the inside linear map range during hotplug check
    - bpf: Fix fexit trampoline.
    - virtiofs: Fail dax mount if device does not support it
    - ext4: shrink race window in ext4_should_retry_alloc()
    - ext4: fix bh ref count on error paths
    - rpc: fix NULL dereference on kmalloc failure
    - iomap: Fix negative assignment to unsigned sis->pages in
    - [x86] ASoC: rt1015: fix i2c communication error
    - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
    - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor
      of 10
    - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value
      on probe
    - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table
    - ASoC: soc-core: Prevent warning if no DMI table is present
    - NFSD: fix error handling in NFSv4.0 callbacks
    - kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing
    - vhost: Fix vhost_vq_reset()
    - io_uring: fix ->flags races by linked timeouts
    - scsi: st: Fix a use after free in st_open()
    - scsi: qla2xxx: Fix broken #endif placement
    - [x86] staging: comedi: cb_pcidas: fix request_irq() warn
    - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn
    - ASoC: rt711: add snd_soc_component remove callback
    - thermal/core: Add NULL pointer check before using cooling device stats
    - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
    - locking/ww_mutex: Fix acquire/release imbalance in
    - nvmet-tcp: fix kmap leak when data digest in use
    - io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
    - [x86] static_call: Align static_call_is_init() patching condition
    - ext4: do not iput inode under running transaction in ext4_rename()
    - io_uring: call req_set_fail_links() on short send[msg]()/recv[msg]() with
    - [arm64,armhf] net: mvpp2: fix interrupt mask/unmask skip condition
    - flow_dissector: fix TTL and TOS dissection on IPv4 fragments
    - net: introduce CAN specific pointer in the struct net_device
    - brcmfmac: clear EAP/association status bits on linkdown events
    - ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL
    - rtw88: coex: 8821c: correct antenna switch function
    - iwlwifi: pcie: don't disable interrupts for reg_lock
    - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
    - [amd64,arm64] net: ethernet: aquantia: Handle error cleanup of start on
    - appletalk: Fix skb allocation size in loopback case
    - net: wan/lmc: unregister device when no matching device is found
    - net: 9p: advance iov on empty read
    - bpf: Remove MTU check in __bpf_skb_max_len
    - ACPI: tables: x86: Reserve memory occupied by ACPI tables
    - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()
    - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
    - ALSA: hda: Re-add dropped snd_poewr_change_state() calls
    - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks
    - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
    - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8
    - [x86] KVM: SVM: load control fields from VMCB12 before checking them
    - [x86] KVM: SVM: ensure that EFER.SVME is set when running nested guest or
      on nested vmexit
    - PM: runtime: Fix race getting/putting suppliers at probe
    - PM: runtime: Fix ordering in pm_runtime_get_suppliers()
    - tracing: Fix stack trace event size
    - [s390x] vdso: copy tod_steering_delta value to vdso_data page
    - [s390x] vdso: fix tod_steering_delta type
    - mm: fix race by making init_zero_pfn() early_initcall
    - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
    - drm/amdgpu: check alignment on CPU page for bo map
    - reiserfs: update reiserfs_xattrs_initialized() condition
    - [armhf] drm/imx: fix memory leak when fails to init
    - [arm64,armhf] drm/tegra: dc: Restore coupling of display controllers
    - [arm64,armhf] drm/tegra: sor: Grab runtime PM reference across reset
    - [arm64,armhf] pinctrl: rockchip: fix restore error in resume
    - extcon: Add stubs for extcon_register_notifier_all() functions
    - extcon: Fix error handling in extcon_dev_register
    - firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
    - [arm64] usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
    - [x86] video: hyperv_fb: Fix a double free in hvfb_probe
    - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483)
    - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
    - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
    - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64
    - cdc-acm: fix BREAK rx code path adding necessary calls
    - USB: cdc-acm: untangle a circular dependency between callback and softint
    - USB: cdc-acm: downgrade message to debug
    - USB: cdc-acm: fix double free on probe failure
    - USB: cdc-acm: fix use-after-free after probe failure
    - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
    - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
    - [arm*] usb: dwc2: Prevent core suspend when port connection flag is 0
    - [arm64] usb: dwc3: qcom: skip interconnect init for ACPI probe
    - [arm64,armhf] usb: dwc3: gadget: Clear DEP flags after stop transfers in
      ep disable
    - soc: qcom-geni-se: Cleanup the code to remove proxy votes
    - [x86] staging: rtl8192e: Fix incorrect source in memcpy()
    - [x86] staging: rtl8192e: Change state information from u16 to u8
    - driver core: clear deferred probe reason on probe retry
    - drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
    - [riscv64] evaluate put_user() arg before enabling user access
    - Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for
    - [amd64] bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for
  [ Salvatore Bonaccorso ]
  * [rt] Refresh "u64_stats: Disable preemption on 32bit-UP/SMP with RT
    during updates"
  * Bump ABI to 6
  * [rt] Refresh "tracing: Merge irqflags + preempt counter."
  * bpf, x86: Validate computation of branch displacements for x86-64
  * bpf, x86: Validate computation of branch displacements for x86-32
linux (5.10.26-1) unstable; urgency=medium
  * New upstream stable update:
    - ALSA: dice: fix null pointer dereference when node is disconnected
    - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
    - ALSA: hda: generic: Fix the micmute led init state
    - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
    - Revert "PM: runtime: Update device status before letting suppliers
    - [s390x] vtime: fix increased steal time accounting
    - [s390x] pci: refactor zpci_create_device()
    - [s390x] pci: remove superfluous zdev->zbus check
    - [s390x] pci: fix leak of PCI device structure
    - zonefs: Fix O_APPEND async write handling
    - zonefs: prevent use of seq files as swap file
    - zonefs: fix to update .i_wr_refcnt correctly in zonefs_open_zone()
    - btrfs: fix race when cloning extent buffer during rewind of an old root
    - btrfs: fix slab cache flags for free space tree bitmap
    - vhost-vdpa: fix use-after-free of v->config_ctx (CVE-2021-29266)
    - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode
    - [x86] ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current
    - [x86] ASoC: SOF: Intel: unregister DMIC device on probe error
    - [x86] ASoC: SOF: intel: fix wrong poll bits in dsp power down
    - ASoC: qcom: sdm845: Fix array out of bounds access (CVE-2021-28952)
    - ASoC: qcom: sdm845: Fix array out of range on rx slim channels
    - [arm64] ASoC: qcom: lpass-cpu: Fix lpass dai ids parse
    - [arm*] ASoC: simple-card-utils: Do not handle device clock
    - afs: Fix accessing YFS xattrs on a non-YFS server
    - afs: Stop listxattr() from listing "afs.*" attributes
    - ALSA: usb-audio: Fix unintentional sign extension issue
    - nvme: fix Write Zeroes limitations
    - nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
    - nvme-tcp: fix possible hang when failing to set io queues
    - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
    - nvmet: don't check iosqes,iocqes for discovery controllers
    - nfsd: Don't keep looking up unhashed files in the nfsd file cache
    - nfsd: don't abort copies early
    - NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
    - NFSD: fix dest to src mount in inter-server COPY
    - svcrdma: disable timeouts on rdma backchannel
    - sunrpc: fix refcount leak for rpc auth modules
    - [x86] i915/perf: Start hrtimer only if sampling the OA buffer
    - pstore: Fix warning in pstore_kill_sb()
    - io_uring: ensure that SQPOLL thread is started for exit (CVE-2021-28951)
    - net/qrtr: fix __netdev_alloc_skb call
    - cifs: fix allocation size on newly created files
    - scsi: lpfc: Fix some error codes in debugfs
    - scsi: myrs: Fix a double free in myrs_cleanup()
    - [riscv64] correct enum sbi_ext_rfence_fid
    - gpiolib: Assign fwnode to parent's if no primary one provided
    - nvme-rdma: fix possible hang when failing to set io queues
    - [armhf] tty: serial: stm32-usart: Remove set but unused 'cookie' variables
    - [armhf] serial: stm32: fix DMA initialization error handling
    - bpf: Declare __bpf_free_used_maps() unconditionally
    - module: merge repetitive strings in module_sig_check()
    - module: avoid *goto*s in module_sig_check()
    - module: harden ELF info handling
    - scsi: pm80xx: Make mpi_build_cmd locking consistent
    - scsi: pm80xx: Make running_req atomic
    - scsi: pm80xx: Fix pm8001_mpi_get_nvmd_resp() race condition
    - scsi: pm8001: Neaten debug logging macros and uses
    - scsi: libsas: Remove notifier indirection
    - scsi: libsas: Introduce a _gfp() variant of event notifiers
    - scsi: mvsas: Pass gfp_t flags to libsas event notifiers
    - [x86] scsi: isci: Pass gfp_t flags in isci_port_link_down()
    - [x86] scsi: isci: Pass gfp_t flags in isci_port_link_up()
    - [x86] scsi: isci: Pass gfp_t flags in isci_port_bc_change_received()
    - RDMA/mlx5: Allow creating all QPs even when non RDMA profile is used
    - [powerpc*] sstep: Fix load-store and update emulation
    - [powerpc*] sstep: Fix darn emulation
    - i40e: Fix endianness conversions
    - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
    - drm/amd/display: turn DPMS off on connector unplug
    - iwlwifi: Add a new card for MA family
    - io_uring: fix inconsistent lock state
    - [arm64,armhf] media: cedrus: h264: Support profile controls
    - [s390x] qeth: schedule TX NAPI on QAOB completion
    - io_uring: don't attempt IO reissue from the ring exit path
    - io_uring: clear IOCB_WAITQ for non -EIOCBQUEUED return
    - net: bonding: fix error return code of bond_neigh_init()
    - gfs2: Add common helper for holding and releasing the freeze glock
    - gfs2: move freeze glock outside the make_fs_rw and _ro functions
    - gfs2: bypass signal_our_withdraw if no journal
    - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure
    - usb-storage: Add quirk to defeat Kindle's automatic unload
    - usbip: Fix incorrect double assignment to udc->ud.tcp_rx
    - usb: gadget: configfs: Fix KASAN use-after-free
    - [x86] usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct
    - [x86] usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
    - [arm64,armhf] usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
    - [arm64,armhf] usb: dwc3: gadget: Prevent EP queuing while stopping
    - [x86] thunderbolt: Initialize HopID IDAs in tb_switch_alloc()
    - [x86] thunderbolt: Increase runtime PM reference count on DP tunnel
    - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
    - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask
    - iio: hid-sensor-prox: Fix scale not correct issue
    - iio: hid-sensor-temperature: Fix issues of timestamp channel
    - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store
      functions (CVE-2021-28972)
    - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status
    - [x86] perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT
    - [x86] ioapic: Ignore IRQ2 again
    - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
    - [x86] Move TS_COMPAT back to asm/thread_info.h
    - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
    - efivars: respect EFI_UNSUPPORTED return from firmware
    - ext4: fix error handling in ext4_end_enable_verity()
    - ext4: find old entry again if failed to rename whiteout
    - ext4: stop inode update before return
    - ext4: do not try to set xattr into ea_inode if value is empty
    - ext4: fix potential error in ext4_do_update_inode
    - ext4: fix rename whiteout with fast commit
    - static_call: Fix static_call_update() sanity check
    - efi: use 32-bit alignment for efi_guid_t literals
    - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
    - genirq: Disable interrupts for force threaded handlers
    - [x86] apic/of: Fix CPU devicetree-node lookups
    - cifs: Fix preauth hash corruption
  [ Salvatore Bonaccorso ]
  * linux-image: Add Breaks: relation with old fwupdate versions
    (Closes: #985801)
  * [rt] Update to 5.10.25-rt35
  * Refresh "Include package version along with kernel release in stack
  * Refresh "firmware: Remove redundant log messages from drivers"
  * Refresh "MODSIGN: checking the blacklisted hash before loading a kernel
  * libsas: Avoid ABI change for removal of notifier indirection
  [ Uwe Kleine-König ]
  * [arm64] Enable various configurations for i.MX8 (Closes: #985862)
parents 3e935ac3 9941e245
Pipeline #2888 failed with stages
......@@ -37,4 +37,11 @@
__ARCH_DEFINE_STATIC_CALL_TRAMP(name, "ret; nop; nop; nop; nop")
#define ARCH_ADD_TRAMP_KEY(name) \
asm(".pushsection .static_call_tramp_key, \"a\" \n" \
".long " STATIC_CALL_TRAMP_STR(name) " - . \n" \
".long " STATIC_CALL_KEY_STR(name) " - . \n" \
".popsection \n")
#endif /* _ASM_STATIC_CALL_H */
......@@ -216,10 +216,31 @@ static inline int arch_within_stack_frames(const void * const stack,
* Thread-synchronous status.
* This is different from the flags in that nobody else
* ever touches our thread-synchronous status, so we don't
* have to worry about atomic accesses.
#define TS_COMPAT 0x0002 /* 32bit syscall active (64BIT)*/
#ifndef __ASSEMBLY__
#define TS_I386_REGS_POKED 0x0004 /* regs poked by 32-bit ptracer */
#define TS_COMPAT_RESTART 0x0008
#define arch_set_restart_data arch_set_restart_data
static inline void arch_set_restart_data(struct restart_block *restart)
struct thread_info *ti = current_thread_info();
if (ti->status & TS_COMPAT)
ti->status |= TS_COMPAT_RESTART;
ti->status &= ~TS_COMPAT_RESTART;
#ifndef __ASSEMBLY__
#ifdef CONFIG_X86_32
#define in_ia32_syscall() true
......@@ -86,18 +86,6 @@ clear_foreign_p2m_mapping(struct gnttab_unmap_grant_ref *unmap_ops,
* The maximum amount of extra memory compared to the base size. The
* main scaling factor is the size of struct page. At extreme ratios
* of base:extra, all the base memory can be filled with page
* structures for the extra memory, leaving no space for anything
* else.
* 10x seems like a reasonable balance between scaling flexibility and
* leaving a practically usable system.
#define XEN_EXTRA_MEM_RATIO (10)
* Helper functions to write or read unsigned long values to/from
* memory, when the access may fault.
......@@ -1554,10 +1554,18 @@ void __init acpi_boot_table_init(void)
* Initialize the ACPI boot-time table parser.
if (acpi_table_init()) {
if (acpi_locate_initial_tables())
int __init early_acpi_boot_init(void)
if (acpi_disabled)
return 1;
acpi_table_parse(ACPI_SIG_BOOT, acpi_parse_sbf);
......@@ -1570,18 +1578,9 @@ void __init acpi_boot_table_init(void)
} else {
printk(KERN_WARNING PREFIX "Disabling ACPI support\n");
return 1;
int __init early_acpi_boot_init(void)
* If acpi_disabled, bail out
if (acpi_disabled)
return 1;
* Process the Multiple APIC Description Table (MADT), if present
......@@ -2317,6 +2317,11 @@ static int cpuid_to_apicid[] = {
[0 ... NR_CPUS - 1] = -1,
bool arch_match_cpu_phys_id(int cpu, u64 phys_id)
return phys_id == cpuid_to_apicid[cpu];
* apic_id_is_primary_thread - Check whether APIC ID belongs to a primary thread
......@@ -1033,6 +1033,16 @@ static int mp_map_pin_to_irq(u32 gsi, int idx, int ioapic, int pin,
if (idx >= 0 && test_bit(mp_irqs[idx].srcbus, mp_bus_not_pci)) {
irq = mp_irqs[idx].srcbusirq;
legacy = mp_is_legacy_irq(irq);
* IRQ2 is unusable for historical reasons on systems which
* have a legacy PIC. See the comment vs. IRQ2 further down.
* If this gets removed at some point then the related code
* in lapic_assign_system_vectors() needs to be adjusted as
* well.
if (legacy && irq == PIC_CASCADE_IR)
return -EINVAL;
......@@ -1051,6 +1051,9 @@ void __init setup_arch(char **cmdline_p)
/* Look for ACPI tables and reserve memory occupied by them. */
......@@ -1136,11 +1139,6 @@ void __init setup_arch(char **cmdline_p)
* Parse the ACPI tables for possible boot-time SMP configuration.
......@@ -766,30 +766,8 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs)
static inline unsigned long get_nr_restart_syscall(const struct pt_regs *regs)
* This function is fundamentally broken as currently
* implemented.
* The idea is that we want to trigger a call to the
* restart_block() syscall and that we want in_ia32_syscall(),
* in_x32_syscall(), etc. to match whatever they were in the
* syscall being restarted. We assume that the syscall
* instruction at (regs->ip - 2) matches whatever syscall
* instruction we used to enter in the first place.
* The problem is that we can get here when ptrace pokes
* syscall-like values into regs even if we're not in a syscall
* at all.
* For now, we maintain historical behavior and guess based on
* stored state. We could do better by saving the actual
* syscall arch in restart_block or (with caveats on x32) by
* checking if regs->ip points to 'int $0x80'. The current
* behavior is incorrect if a tracer has a different bitness
* than the tracee.
if (current_thread_info()->status & (TS_COMPAT|TS_I386_REGS_POKED))
if (current_thread_info()->status & TS_COMPAT_RESTART)
return __NR_ia32_restart_syscall;
#ifdef CONFIG_X86_X32_ABI
......@@ -1655,7 +1655,7 @@ void play_dead_common(void)
static bool wakeup_cpu0(void)
bool wakeup_cpu0(void)
if (smp_processor_id() == 0 && enable_start_cpu0)
return true;
......@@ -246,11 +246,18 @@ static bool nested_vmcb_check_controls(struct vmcb_control_area *control)
return true;
static bool nested_vmcb_checks(struct vcpu_svm *svm, struct vmcb *vmcb12)
static bool nested_vmcb_check_save(struct vcpu_svm *svm, struct vmcb *vmcb12)
struct kvm_vcpu *vcpu = &svm->vcpu;
bool vmcb12_lma;
* FIXME: these should be done after copying the fields,
* to avoid TOC/TOU races. For these save area checks
* the possible damage is limited since kvm_set_cr0 and
* kvm_set_cr4 handle failure; EFER_SVME is an exception
* so it is force-set later in nested_prepare_vmcb_save.
if ((vmcb12->save.efer & EFER_SVME) == 0)
return false;
......@@ -271,7 +278,7 @@ static bool nested_vmcb_checks(struct vcpu_svm *svm, struct vmcb *vmcb12)
if (kvm_valid_cr4(&svm->vcpu, vmcb12->save.cr4))
return false;
return nested_vmcb_check_controls(&vmcb12->control);
return true;
static void load_nested_vmcb_control(struct vcpu_svm *svm,
......@@ -396,7 +403,14 @@ static void nested_prepare_vmcb_save(struct vcpu_svm *svm, struct vmcb *vmcb12)
svm->vmcb->save.gdtr = vmcb12->save.gdtr;
svm->vmcb->save.idtr = vmcb12->save.idtr;
kvm_set_rflags(&svm->vcpu, vmcb12->save.rflags);
svm_set_efer(&svm->vcpu, vmcb12->save.efer);
* Force-set EFER_SVME even though it is checked earlier on the
* VMCB12, because the guest can flip the bit between the check
* and now. Clearing EFER_SVME would call svm_free_nested.
svm_set_efer(&svm->vcpu, vmcb12->save.efer | EFER_SVME);
svm_set_cr0(&svm->vcpu, vmcb12->save.cr0);
svm_set_cr4(&svm->vcpu, vmcb12->save.cr4);
svm->vmcb->save.cr2 = svm->vcpu.arch.cr2 = vmcb12->save.cr2;
......@@ -454,7 +468,6 @@ int enter_svm_guest_mode(struct vcpu_svm *svm, u64 vmcb12_gpa,
int ret;
svm->nested.vmcb12_gpa = vmcb12_gpa;
load_nested_vmcb_control(svm, &vmcb12->control);
nested_prepare_vmcb_save(svm, vmcb12);
......@@ -501,7 +514,10 @@ int nested_svm_vmrun(struct vcpu_svm *svm)
if (WARN_ON_ONCE(!svm->nested.initialized))
return -EINVAL;
if (!nested_vmcb_checks(svm, vmcb12)) {
load_nested_vmcb_control(svm, &vmcb12->control);
if (!nested_vmcb_check_save(svm, vmcb12) ||
!nested_vmcb_check_controls(&svm->nested.ctl)) {
vmcb12->control.exit_code = SVM_EXIT_ERR;
vmcb12->control.exit_code_hi = 0;
vmcb12->control.exit_info_1 = 0;
......@@ -1205,6 +1221,8 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
if (!(save->cr0 & X86_CR0_PG))
goto out_free;
if (!(save->efer & EFER_SVME))
goto out_free;
* All checks done, we can enter guest mode. L1 control fields
......@@ -1505,35 +1505,44 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
bool kvm_msr_allowed(struct kvm_vcpu *vcpu, u32 index, u32 type)
struct kvm_x86_msr_filter *msr_filter;
struct msr_bitmap_range *ranges;
struct kvm *kvm = vcpu->kvm;
struct msr_bitmap_range *ranges = kvm->arch.msr_filter.ranges;
u32 count = kvm->arch.msr_filter.count;
u32 i;
bool r = kvm->arch.msr_filter.default_allow;
bool allowed;
int idx;
u32 i;
/* MSR filtering not set up or x2APIC enabled, allow everything */
if (!count || (index >= 0x800 && index <= 0x8ff))
/* x2APIC MSRs do not support filtering. */
if (index >= 0x800 && index <= 0x8ff)
return true;
/* Prevent collision with set_msr_filter */
idx = srcu_read_lock(&kvm->srcu);
for (i = 0; i < count; i++) {
msr_filter = srcu_dereference(kvm->arch.msr_filter, &kvm->srcu);
if (!msr_filter) {
allowed = true;
goto out;
allowed = msr_filter->default_allow;
ranges = msr_filter->ranges;
for (i = 0; i < msr_filter->count; i++) {
u32 start = ranges[i].base;
u32 end = start + ranges[i].nmsrs;
u32 flags = ranges[i].flags;
unsigned long *bitmap = ranges[i].bitmap;
if ((index >= start) && (index < end) && (flags & type)) {
r = !!test_bit(index - start, bitmap);
allowed = !!test_bit(index - start, bitmap);
srcu_read_unlock(&kvm->srcu, idx);
return r;
return allowed;
......@@ -5291,25 +5300,34 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
return r;
static void kvm_clear_msr_filter(struct kvm *kvm)
static struct kvm_x86_msr_filter *kvm_alloc_msr_filter(bool default_allow)
struct kvm_x86_msr_filter *msr_filter;
msr_filter = kzalloc(sizeof(*msr_filter), GFP_KERNEL_ACCOUNT);
if (!msr_filter)
return NULL;
msr_filter->default_allow = default_allow;
return msr_filter;
static void kvm_free_msr_filter(struct kvm_x86_msr_filter *msr_filter)
u32 i;
u32 count = kvm->arch.msr_filter.count;
struct msr_bitmap_range ranges[16];
kvm->arch.msr_filter.count = 0;
memcpy(ranges, kvm->arch.msr_filter.ranges, count * sizeof(ranges[0]));
if (!msr_filter)
for (i = 0; i < msr_filter->count; i++)
for (i = 0; i < count; i++)
static int kvm_add_msr_filter(struct kvm *kvm, struct kvm_msr_filter_range *user_range)
static int kvm_add_msr_filter(struct kvm_x86_msr_filter *msr_filter,
struct kvm_msr_filter_range *user_range)
struct msr_bitmap_range *ranges = kvm->arch.msr_filter.ranges;
struct msr_bitmap_range range;
unsigned long *bitmap = NULL;
size_t bitmap_size;
......@@ -5343,11 +5361,9 @@ static int kvm_add_msr_filter(struct kvm *kvm, struct kvm_msr_filter_range *user
goto err;
/* Everything ok, add this range identifier to our global pool */
ranges[kvm->arch.msr_filter.count] = range;
/* Make sure we filled the array before we tell anyone to walk it */
/* Everything ok, add this range identifier. */
msr_filter->ranges[msr_filter->count] = range;
return 0;
......@@ -5358,10 +5374,11 @@ static int kvm_add_msr_filter(struct kvm *kvm, struct kvm_msr_filter_range *user
static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp)
struct kvm_msr_filter __user *user_msr_filter = argp;
struct kvm_x86_msr_filter *new_filter, *old_filter;
struct kvm_msr_filter filter;
bool default_allow;
int r = 0;
bool empty = true;
int r = 0;
u32 i;
if (copy_from_user(&filter, user_msr_filter, sizeof(filter)))
......@@ -5374,25 +5391,32 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp)
if (empty && !default_allow)
return -EINVAL;
kvm->arch.msr_filter.default_allow = default_allow;
new_filter = kvm_alloc_msr_filter(default_allow);
if (!new_filter)
return -ENOMEM;
* Protect from concurrent calls to this function that could trigger
* a TOCTOU violation on kvm->arch.msr_filter.count.
for (i = 0; i < ARRAY_SIZE(filter.ranges); i++) {
r = kvm_add_msr_filter(kvm, &filter.ranges[i]);
if (r)
r = kvm_add_msr_filter(new_filter, &filter.ranges[i]);
if (r) {
return r;
/* The per-VM filter is protected by kvm->lock... */
old_filter = srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1);
rcu_assign_pointer(kvm->arch.msr_filter, new_filter);
kvm_make_all_cpus_request(kvm, KVM_REQ_MSR_FILTER_CHANGED);
return r;
return 0;
long kvm_arch_vm_ioctl(struct file *filp,
......@@ -10423,8 +10447,6 @@ void kvm_arch_pre_destroy_vm(struct kvm *kvm)
void kvm_arch_destroy_vm(struct kvm *kvm)
u32 i;
if (current->mm == kvm->mm) {
* Free memory regions allocated on behalf of userspace,
......@@ -10441,8 +10463,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
if (kvm_x86_ops.vm_destroy)
for (i = 0; i < kvm->arch.msr_filter.count; i++)
kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
......@@ -231,7 +231,7 @@ static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc)
if (pgprot_val(old_prot) == pgprot_val(new_prot))
pa = pfn << page_level_shift(level);
pa = pfn << PAGE_SHIFT;
size = page_level_size(level);
......@@ -1735,7 +1735,7 @@ static int invoke_bpf_mod_ret(const struct btf_func_model *m, u8 **pprog,
* add rsp, 8 // skip eth_type_trans's frame
* ret // return to its caller
int arch_prepare_bpf_trampoline(void *image, void *image_end,
int arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *image, void *image_end,
const struct btf_func_model *m, u32 flags,
struct bpf_tramp_progs *tprogs,
void *orig_call)
......@@ -1774,6 +1774,15 @@ int arch_prepare_bpf_trampoline(void *image, void *image_end,
save_regs(m, &prog, nr_args, stack_size);
if (flags & BPF_TRAMP_F_CALL_ORIG) {
/* arg1: mov rdi, im */
emit_mov_imm64(&prog, BPF_REG_1, (long) im >> 32, (u32) (long) im);
if (emit_call(&prog, __bpf_tramp_enter, prog)) {
ret = -EINVAL;
goto cleanup;
if (fentry->nr_progs)
if (invoke_bpf(m, &prog, fentry, stack_size))
return -EINVAL;
......@@ -1792,8 +1801,7 @@ int arch_prepare_bpf_trampoline(void *image, void *image_end,
if (flags & BPF_TRAMP_F_CALL_ORIG) {
if (fentry->nr_progs || fmod_ret->nr_progs)
restore_regs(m, &prog, nr_args, stack_size);
restore_regs(m, &prog, nr_args, stack_size);
/* call original function */
if (emit_call(&prog, orig_call, prog)) {
......@@ -1802,6 +1810,9 @@ int arch_prepare_bpf_trampoline(void *image, void *image_end,
/* remember return value in a stack for bpf prog to access */
emit_stx(&prog, BPF_DW, BPF_REG_FP, BPF_REG_0, -8);
im->ip_after_call = prog;
memcpy(prog, ideal_nops[NOP_ATOMIC5], X86_PATCH_SIZE);
prog += X86_PATCH_SIZE;
if (fmod_ret->nr_progs) {
......@@ -1832,9 +1843,17 @@ int arch_prepare_bpf_trampoline(void *image, void *image_end,
* the return value is only updated on the stack and still needs to be
* restored to R0.
if (flags & BPF_TRAMP_F_CALL_ORIG)
if (flags & BPF_TRAMP_F_CALL_ORIG) {
im->ip_epilogue = prog;
/* arg1: mov rdi, im */
emit_mov_imm64(&prog, BPF_REG_1, (long) im >> 32, (u32) (long) im);
if (emit_call(&prog, __bpf_tramp_exit, prog)) {
ret = -EINVAL;
goto cleanup;
/* restore original return value back into RAX */
emit_ldx(&prog, BPF_DW, BPF_REG_0, BPF_REG_FP, -8);
EMIT1(0x5B); /* pop rbx */
EMIT1(0xC9); /* leave */
......@@ -98,8 +98,8 @@ EXPORT_SYMBOL_GPL(xen_p2m_size);
unsigned long xen_max_p2m_pfn __read_mostly;
#define P2M_LIMIT 0
......@@ -416,9 +416,6 @@ void __init xen_vmalloc_p2m_tree(void)
xen_p2m_last_pfn = xen_max_p2m_pfn;
p2m_limit = (phys_addr_t)P2M_LIMIT * 1024 * 1024 * 1024 / PAGE_SIZE;
p2m_limit = xen_start_info->nr_pages * XEN_EXTRA_MEM_RATIO;
vm.flags = VM_ALLOC;
vm.size = ALIGN(sizeof(unsigned long) * max(xen_max_p2m_pfn, p2m_limit),
......@@ -59,6 +59,18 @@ static struct {
} xen_remap_buf __initdata __aligned(PAGE_SIZE);
static unsigned long xen_remap_mfn __initdata = INVALID_P2M_ENTRY;
* The maximum amount of extra memory compared to the base size. The
* main scaling factor is the size of struct page. At extreme ratios
* of base:extra, all the base memory can be filled with page
* structures for the extra memory, leaving no space for anything
* else.
* 10x seems like a reasonable balance between scaling flexibility and
* leaving a practically usable system.
#define EXTRA_MEM_RATIO (10)
static bool xen_512gb_limit __initdata = IS_ENABLED(CONFIG_XEN_512GB);
static void __init xen_parse_512gb(void)
......@@ -778,13 +790,13 @@ char * __init xen_memory_setup(void)
extra_pages += max_pages - max_pfn;
* Clamp the amount of extra memory to a XEN_EXTRA_MEM_RATIO
* Clamp the amount of extra memory to a EXTRA_MEM_RATIO
* factor the base size.