SUSE-SU-2023:4414-1

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
• CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
• CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
• CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
• CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
• CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
• CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
• CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
• CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAPNETADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
• CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
• CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)

The following non-security bugs were fixed:

• 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
• ACPI: irq: Fix incorrect return value in acpiregistergsi() (git-fixes).
• ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
• ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
• ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
• ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
• ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
• ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
• ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
• ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
• ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
• ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
• ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
• ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
• ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
• ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
• ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
• ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
• ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
• ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
• ASoC: fsl: imx-pcm-rpmsg: Add SNDRVPCMINFO_BATCH flag (git-fixes).
• ASoC: imx-rpmsg: Set ignorepmdowntime for dai_link (git-fixes).
• ASoC: pxa: fix a memory leak in probe() (git-fixes).
• Bluetooth: Avoid redundant authentication (git-fixes).
• Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
• Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
• Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
• Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
• Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
• Bluetooth: hcicodec: Fix leaking content of localcodecs (git-fixes).
• Bluetooth: hci_event: Fix coding style (git-fixes).
• Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
• Bluetooth: hci_event: Ignore NULL link key (git-fixes).
• Bluetooth: hcisock: Correctly bounds check and pad HCIMONNEWINDEX name (git-fixes).
• Bluetooth: hcisock: fix slab oob read in createmonitor_event (git-fixes).
• Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
• Documentation: qat: change kernel version (PED-6401).
• Documentation: qat: rewrite description (PED-6401).
• Drivers: hv: vmbus: Call hvsynicfree() if hvsynicalloc() fails (git-fixes).
• Drivers: hv: vmbus: Fix vmbuswaitfor_unload() to scan present CPUs (git-fixes).
• Drop amdgpu patch causing spamming (bsc#1215523).
• HID: holtek: fix slab-out-of-bounds Write in holtekkbdinput_event (git-fixes).
• HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
• HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
• HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
• HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
• HID: sony: remove duplicate NULL check before calling usbfreeurb() (git-fixes).
• IB/mlx4: Fix the size of a buffer in addportentries() (git-fixes)
• Input: goodix - ensure int GPIO is in input for gpiocount == 1 && gpioint_idx == 0 case (git-fixes).
• Input: powermate - fix use-after-free in powermateconfigcomplete (git-fixes).
• Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
• Input: xpad - add PXN V900 support (git-fixes).
• KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
• KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
• KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
• KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
• KVM: x86: Fix clang -Wimplicit-fallthrough in dohostcpuid() (git-fixes).
• KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
• KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
• KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
• KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
• KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
• NFS: Fix O_DIRECT locking issues (bsc#1211162).
• NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
• NFS: Fix a potential data corruption (bsc#1211162).
• NFS: Fix a use after free in nfsdirectjoin_group() (bsc#1211162).
• NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
• NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
• NFS: More fixes for nfsdirectwriterescheduleio() (bsc#1211162).
• NFS: Use the correct commit info in nfsjoinpage_group() (bsc#1211162).
• NFSD: Never call nfsdfilegc() in foreground paths (bsc#1215545).
• RDMA/cma: Fix truncation compilation warning in makecmaports (git-fixes)
• RDMA/cma: Initialize ibsamulticast structure to 0 when join (git-fixes)
• RDMA/core: Require admin capabilities to set system parameters (git-fixes)
• RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
• RDMA/mlx5: Fix NULL string error (git-fixes)
• RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
• RDMA/siw: Fix connection failure handling (git-fixes)
• RDMA/srp: Do not call scsidone() from srpabort() (git-fixes)
• RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
• Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
• Revert 'tty: ngsm: fix UAF in gsmcleanup_mux' (git-fixes).
• USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
• USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
• USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
• arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
• ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
• ata: libata-core: Fix ataportrequest_pm() locking (git-fixes).
• ata: libata-core: Fix port and device removal (git-fixes).
• ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
• ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
• blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init (bsc#1216062).
• blk-cgroup: support to track if policy is online (bsc#1216062).
• bonding: Fix extraction of ports from the packet headers (bsc#1214754).
• bonding: Return pointer to data after pull on skb (bsc#1214754).
• bonding: do not assume skb mac_header is set (bsc#1214754).
• bpf: Add copymapvalue_long to copy to remote percpu memory (git-fixes).
• bpf: Add missing btfput to registerbtfiddtor_kfuncs (git-fixes).
• bpf: Add override check to kprobe multi link attach (git-fixes).
• bpf: Add zeromapvalue to zero map value with special fields (git-fixes).
• bpf: Cleanup checkrefcountok (git-fixes).
• bpf: Fix max stack depth check for async callbacks (git-fixes).
• bpf: Fix offset calculation error in _copymapvalue and zeromap_value (git-fixes).
• bpf: Fix refobjid for dynptr data slices in verifier (git-fixes).
• bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
• bpf: Fix subprog idx logic in checkmaxstack_depth (git-fixes).
• bpf: Gate dynptr API behind CAP_BPF (git-fixes).
• bpf: Prevent decltag from being referenced in funcproto arg (git-fixes).
• bpf: Repeat checkmaxstack_depth for async callbacks (git-fixes).
• bpf: Tighten ptrtobtf_id checks (git-fixes).
• bpf: fix precision propagation verbose logging (git-fixes).
• bpf: prevent decltag from being referenced in funcproto (git-fixes).
• bpf: propagate precision across all frames, not just the last one (git-fixes).
• bpf: propagate precision in ALU/ALU64 operations (git-fixes).
• btf: Export bpf_dynptr definition (git-fixes).
• btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
• bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
• bus: ti-sysc: Use fsleep() instead of usleeprange() in syscreset() (git-fixes).
• ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
• ceph: add encryption support to writepage and writepages (jsc#SES-1880).
• ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
• ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
• ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
• ceph: add new mount option to enable sparse reads (jsc#SES-1880).
• ceph: add object version support for sync read (jsc#SES-1880).
• ceph: add read/modify/write to cephsyncwrite (jsc#SES-1880).
• ceph: add some fscrypt guardrails (jsc#SES-1880).
• ceph: add support for encrypted snapshot names (jsc#SES-1880).
• ceph: add support to readdir for encrypted names (jsc#SES-1880).
• ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
• ceph: align data in pages in cephsyncwrite (jsc#SES-1880).
• ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
• ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
• ceph: decode alternate_name in lease info (jsc#SES-1880).
• ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
• ceph: drop messages from MDS when unmounting (jsc#SES-1880).
• ceph: encode encrypted name in cephmdscbuild_path and dentry release (jsc#SES-1880).
• ceph: fix incorrect revoked caps assert in cephfillfile_size() (bsc#1216322).
• ceph: fix type promotion bug on 32bit systems (bsc#1216324).
• ceph: fix updating itruncatepagecache_size for fscrypt (jsc#SES-1880).
• ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
• ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
• ceph: implement -o testdummyencryption mount option (jsc#SES-1880).
• ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
• ceph: make cephfilltrace and cephgetname decrypt names (jsc#SES-1880).
• ceph: make cephmsdcbuild_path use ref-walk (jsc#SES-1880).
• ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
• ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
• ceph: make numfwd and numretry to __u32 (jsc#SES-1880).
• ceph: mark directory as non-complete after loading key (jsc#SES-1880).
• ceph: pass the request to parsereplyinfo_readdir() (jsc#SES-1880).
• ceph: plumb in decryption during reads (jsc#SES-1880).
• ceph: preallocate inode for ops that may create one (jsc#SES-1880).
• ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
• ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
• ceph: send alternate_name in MClientRequest (jsc#SES-1880).
• ceph: set DCACHENOKEYNAME flag in cephlookup/atomicopen() (jsc#SES-1880).
• ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
• ceph: switch cephlookup/atomicopen() to use new fscrypt helper (jsc#SES-1880).
• ceph: use osdreqopextentosd_iter for netfs reads (jsc#SES-1880).
• ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
• ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
• cgroup/cpuset: Change references of cpusetmutex to cpusetrwsem (bsc#1215955).
• cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
• clk: tegra: fix error return case for recalc_rate (git-fixes).
• counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
• crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
• crypto: qat - Remove unused function declarations (PED-6401).
• crypto: qat - add fw_counters debugfs file (PED-6401).
• crypto: qat - add heartbeat counters check (PED-6401).
• crypto: qat - add heartbeat feature (PED-6401).
• crypto: qat - add internal timer for qat 4xxx (PED-6401).
• crypto: qat - add measure clock frequency (PED-6401).
• crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
• crypto: qat - add qatzlibdeflate (PED-6401).
• crypto: qat - add support for 402xx devices (PED-6401).
• crypto: qat - change value of default idle filter (PED-6401).
• crypto: qat - delay sysfs initialization (PED-6401).
• crypto: qat - do not export adfinitadmin_pm() (PED-6401).
• crypto: qat - drop log level of msg in getinstancenode() (PED-6401).
• crypto: qat - drop obsolete heartbeat interface (PED-6401).
• crypto: qat - drop redundant adfenableaer() (PED-6401).
• crypto: qat - expose pmidleenabled through sysfs (PED-6401).
• crypto: qat - extend buffer list logic interface (PED-6401).
• crypto: qat - extend configuration for 4xxx (PED-6401).
• crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
• crypto: qat - fix concurrency issue when device state changes (PED-6401).
• crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
• crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
• crypto: qat - make fw images name constant (PED-6401).
• crypto: qat - make state machine functions static (PED-6401).
• crypto: qat - move dbgfs init to separate file (PED-6401).
• crypto: qat - move returns to default case (PED-6401).
• crypto: qat - refactor device restart logic (PED-6401).
• crypto: qat - refactor fw config logic for 4xxx (PED-6401).
• crypto: qat - remove ADFSTATUSPF_RUNNING flag from probe (PED-6401).
• crypto: qat - replace state machine calls (PED-6401).
• crypto: qat - replace the if statement with min() (PED-6401).
• crypto: qat - set deprecated capabilities as reserved (PED-6401).
• crypto: qat - unmap buffer before free for DH (PED-6401).
• crypto: qat - unmap buffers before free for RSA (PED-6401).
• crypto: qat - update slice mask for 4xxx devices (PED-6401).
• crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
• dmaengine: idxd: use spinlockirqsave before waiteventlock_irq (git-fixes).
• dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
• dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
• drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
• drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
• drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
• drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
• drm/amdgpu/nbio4.3: set proper rmmioremap.regoffset for SR-IOV (git-fixes).
• drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
• drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
• drm/amdgpu: add missing NULL check (git-fixes).
• drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
• drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
• drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
• drm/atomic-helper: relax unregistered connector check (git-fixes).
• drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
• drm/i915/gt: Fix reservation address in ggttreserveguc_top (git-fixes).
• drm/i915: Retry gtt fault when out of fence registers (git-fixes).
• drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
• drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
• drm/msm/dpu: change dpuplanecalcbw() to use u64 to avoid overflow (git-fixes).
• drm/msm/dsi: fix irqofparseandmap() error checking (git-fixes).
• drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
• drm/vmwgfx: fix typo of sizeof argument (git-fixes).
• drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
• firmware: armffa: Do not set the memory region attributes for MEMLEND (git-fixes).
• firmware: imx-dsp: Fix an error handling path in imxdspsetup_channels() (git-fixes).
• fprobe: Ensure running fprobeexithandler() finished before calling rethook_free() (git-fixes).
• fscrypt: new helper function - fscryptpreparelookup_partial() (jsc#SES-1880).
• gpio: aspeed: fix the GPIO number passed to pinctrlgpioset_config() (git-fixes).
• gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
• gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
• gpio: tb10x: Fix an error handling path in tb10xgpioprobe() (git-fixes).
• gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
• gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
• gve: Do not fully free QPL pages on prefill errors (git-fixes).
• i2c: i801: unregister tcopdev in i801probe() error path (git-fixes).
• i2c: mux: Avoid potential false error message in i2cmuxadd_adapter (git-fixes).
• i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
• i2c: mux: gpio: Add missing fwnodehandleput() (git-fixes).
• i2c: mux: gpio:�Replace custom acpigetlocal_address() (git-fixes).
• i2c: npcm7xx: Fix callback completion ordering (git-fixes).
• ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
• iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
• iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
• iio: pressure: ms5611: ms5611promis_valid false negative bug (git-fixes).
• intel x86 platform vsec kABI workaround (bsc#1216202).
• iouring/fs: remove sqe->rwflags checking from LINKAT (git-fixes).
• io_uring/rw: defer fsnotify calls to task context (git-fixes).
• iouring/rw: ensure kiocbend_write() is always called (git-fixes).
• io_uring/rw: remove leftover debug statement (git-fixes).
• io_uring: Replace 0-length array with flexible array (git-fixes).
• iouring: ensure REQF_ISREG is set async offload (git-fixes).
• io_uring: fix fdinfo sqe offsets calculation (git-fixes).
• io_uring: fix memory leak when removing provided buffers (git-fixes).
• iommu/amd/io-pgtable: Implement mappages iopgtable_ops callback (bsc#1212423).
• iommu/amd/io-pgtable: Implement unmappages iopgtable_ops callback (bsc#1212423).
• iommu/amd: Add map/unmappages() iommudomain_ops callback support (bsc#1212423).
• iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
• kABI: fix bpf Tighten-ptrtobtf_id checks (git-fixes).
• kabi: blkcgpolicydata fix KABI (bsc#1216062).
• kabi: workaround for enum nfttransphase (bsc#1215104).
• kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
• leds: Drop BUGON check for LEDCOLORIDMULTI (git-fixes).
• libceph: add CEPHOSDOPASSERTVER support (jsc#SES-1880).
• libceph: add new ioviter-based cephmsgdatatype and cephosddata_type (jsc#SES-1880).
• libceph: add sparse read support to OSD client (jsc#SES-1880).
• libceph: add sparse read support to msgr1 (jsc#SES-1880).
• libceph: add spinlock around osd->o_requests (jsc#SES-1880).
• libceph: allow cephosdcnew_request to accept a multi-op read (jsc#SES-1880).
• libceph: define struct cephsparseextent and add some helpers (jsc#SES-1880).
• libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
• libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
• libceph: use kernel_connect() (bsc#1216323).
• mm, memcg: reconsider kmem.limitinbytes deprecation (bsc#1208788 bsc#1213705).
• mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
• mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
• mmc: mtk-sd: Use readlpolltimeoutatomic in msdcreset_hw (git-fixes).
• mtd: physmap-core: Restore map_rom fallback (git-fixes).
• mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
• mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
• mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
• mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
• mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
• net/sched: fix netdevice reference leaks in attachdefaultqdiscs() (git-fixes).
• net: mana: Fix TX CQE error handling (bsc#1215986).
• net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
• net: nfc: llcp: Add lock when modifying device list (git-fixes).
• net: rfkill: gpio: prevent value glitch during probe (git-fixes).
• net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
• net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
• net: usb: dm9601: fix uninitialized variable use in dm9601mdioread (git-fixes).
• net: usb: smsc75xx: Fix uninit-value access in _smsc75xxread_reg (git-fixes).
• net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
• net: use skistcp() in more places (git-fixes).
• netfilter: nftables: add NFTTRANSPREPAREERROR to deal with bound set/chain (git-fixes).
• netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
• nfc: nci: assert requested protocol is valid (git-fixes).
• nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
• nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
• nilfs2: fix potential use after free in nilfsgccachesubmitreaddata() (git-fixes).
• nvme-fc: Prevent null pointer dereference in nvmefcio_getuuid() (bsc#1214842).
• phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
• phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
• phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
• pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
• pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
• platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
• platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
• platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
• platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
• platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
• platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
• platform/x86: asus-wmi: Change ASUSWMIBRN_DOWN code from 0x20 to 0x2e (git-fixes).
• platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
• platform/x86: think-lmi: Fix reference leak (git-fixes).
• platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
• power: supply: ucs1002: fix error code in ucs1002getproperty() (git-fixes).
• quota: Fix slow quotaoff (bsc#1216621).
• r8152: check budget for r8152_poll() (git-fixes).
• regmap: fix NULL deref on lookup (git-fixes).
• regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
• remove unnecessary WARNONONCE() (bsc#1214823).
• ring-buffer: Avoid softlockup in ringbufferresize() (git-fixes).
• ring-buffer: Do not attempt to read past 'commit' (git-fixes).
• ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
• ring-buffer: Update 'shortest_full' in polling (git-fixes).
• s390/cio: fix a memleak in cssallocsubchannel (git-fixes bsc#1216510).
• s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
• sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
• sched/deadline,rt: Remove unused parameter from picknext[rt|dl]_entity() (git fixes (sched)).
• sched/rt: Fix live lock between selectfallbackrq() and RT push (git fixes (sched)).
• sched/rt: Fix sysctlschedrr_timeslice intial value (git fixes (sched)).
• scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
• scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
• scsi: iscsi: Add length check for nlattr payload (git-fixes).
• scsi: iscsi: Add strlen() check in iscsiifset{host}param() (git-fixes).
• scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
• scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
• scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
• scsi: pm8001: Setup IRQs on resume (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgdebugcmd_read() directly (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgfpintcmdread() directly (git-fixes).
• scsi: qedf: Do not touch _user pointer in qedfdbgstopioonerrorcmdread() directly (git-fixes).
• scsi: qedi: Fix potential deadlock on &qedipercpu->pwork_lock (git-fixes).
• scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
• selftests/bpf: Add more tests for checkmaxstack_depth bug (git-fixes).
• selftests/bpf: Add reproducer for decltag in funcproto argument (git-fixes).
• selftests/bpf: Add reproducer for decltag in funcproto return type (git-fixes).
• selftests/bpf: Add selftest for checkstackmax_depth bug (git-fixes).
• selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
• serial: 8250_port: Check IRQ data before use (git-fixes).
• soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
• spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
• spi: stm32: add a delay before SPI disable (git-fixes).
• spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
• spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
• thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
• thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
• thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
• tracing: Have current_trace inc the trace array ref count (git-fixes).
• tracing: Have event inject files inc the trace array ref count (git-fixes).
• tracing: Have option files inc the trace array ref count (git-fixes).
• tracing: Have tracingmaxlatency inc the trace array ref count (git-fixes).
• tracing: Increase trace array ref count on enable and filter files (git-fixes).
• tracing: Make tracemarker{,raw} stream-like (git-fixes).
• usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
• usb: dwc3: Soft reset phy on probe for host (git-fixes).
• usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
• usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
• usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
• usb: musb: Get the musbqh poniter after musbgiveback (git-fixes).
• usb: musb: Modify the 'HWVers' register address (git-fixes).
• usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
• usb: typec: ucsi: Clear EVENTPENDING bit if ucsisend_command fails (git-fixes).
• usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
• vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
• vringh: do not use vringhkiovadvance() in vringhiovxfer() (git-fixes).
• watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
• watchdog: iTCOwdt: Set NOREBOOT if the watchdog is not already running (git-fixes).
• wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
• wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
• wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
• wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
• wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
• wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
• wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
• wifi: mwifiex: Fix oob check condition in mwifiexprocessrx_packet (git-fixes).
• wifi: mwifiex: Fix tlvbufleft calculation (git-fixes).
• wifi: mwifiex: Sanity check tlvlen and tlvbitmap_len (git-fixes).
• x86/cpu, kvm: Add the NONESTEDDATA_BP feature (bsc#1213772).
• x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
• x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
• x86/cpu, kvm: Move X86FEATURELFENCE_RDTSC to its native leaf (bsc#1213772).
• x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
• x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
• x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
• x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
• x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
• x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
• x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
• x86/sev: Make encdechypercall() accept a size instead of npages (bsc#1214635).
• xen-netback: use default TX queue size for vifs (git-fixes).
• xhci: Keep interrupt disabled in initialization until host is running (git-fixes).