El-errata: ELSA-2023-12196 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2023-12196
http://linux.oracle.com/errata/ELSA-2023-12196.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
aarch64:
bpftool-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-8.91.4.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-8.91.4.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-8.91.4.1.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-8.91.4.1.el9uek.src.rpm
Related CVEs:
CVE-2022-4129
CVE-2023-23559
CVE-2023-0394
CVE-2023-0266
CVE-2022-47929
CVE-2023-23454
CVE-2023-23455
CVE-2022-41218
Description of changes:
[5.15.0-8.91.4.1.el9uek]
- uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130]
[5.15.0-8.91.4.el9uek]
- selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471]
- selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug: 35088471]
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Shuah Khan) [Orabug: 35088471]
- uek-rpm: aarch64 enable DETECT_HUNG_TASK (Tom Saeger) [Orabug: 34580801]
[5.15.0-8.91.3.el9uek]
- Update README with UEK Text Description (Somasundaram Krishnasamy) [Orabug: 35084845]
- uek-rpm: config-x86-64*: Disable CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (Alejandro Jimenez) [Orabug: 35059109]
- Revert "RDMA/irdma: Fix warning, move switch variable into case" (Jack Vogel) [Orabug: 35048858]
- Revert "RDMA/irdma: Move variable into switch case" (Jack Vogel) [Orabug: 35048858]
- Revert "ACPI/IORT: Move variables in switch, fix for build warnings." (Jack Vogel) [Orabug: 35048858]
[5.15.0-8.91.2.el9uek]
- RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060575]
- net/rds: Go back to alloc_ordered_workqueue() (Gerd Rausch) [Orabug: 35042697]
- sched/core: Remove sched_uek cmdline parameter (Konrad Rzeszutek Wilk) [Orabug: 35049222]
- uek-misc: Initial version (Konrad Rzeszutek Wilk) [Orabug: 35049222]
- treewide: Move the definition in a global file (Konrad Rzeszutek Wilk) [Orabug: 35049222]
- treewide: Rename wake_affine_idle_pull into on_exadata (Konrad Rzeszutek Wilk) [Orabug: 35049222]
- sched/core: Remove sched_uek=preempt (Konrad Rzeszutek Wilk) [Orabug: 35049222]
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35038311]
- perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35038311]
- perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35038311]
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35038311]
- perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35038311]
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Introduce UPI topology type (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (Alexander Antonov) [Orabug: 35038311]
- perf/x86/intel/uncore: Generalize IIO topology support (Alexander Antonov) [Orabug: 35038311]
- net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 34994148]
- i40e: Add basic support for I710 devices (Stanislaw Grzeszczak) [Orabug: 35059783]
[5.15.0-8.91.1.el9uek]
- LTS version: v5.15.91 (Jack Vogel)
- perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King)
- netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman)
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner)
- block: fix and cleanup bio_check_ro (Christoph Hellwig)
- kbuild: Allow kernel installation packaging to override pkg-config (Chun-Tse Shao)
- cpufreq: governor: Use kobject release() method to free dbs_data (Kevin Hao)
- cpufreq: Move to_gov_attr_set() to cpufreq.h (Kevin Hao)
- Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (Dmitry Torokhov)
- tools: gpio: fix -c option of gpio-event-mon (Ivo Borisov Shopov)
- treewide: fix up files incorrectly marked executable (Linus Torvalds)
- net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet)
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen)
- thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki)
- net: mctp: mark socks as dead on unhash, prevent re-add (Jeremy Kerr)
- net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda)
- net: ravb: Fix lack of register setting after system resumed for Gen3 (Yoshihiro Shimoda)
- ravb: Rename "no_ptp_cfg_active" and "ptp_cfg_active" variables (Biju Das)
- gpio: mxc: Unlock on error path in mxc_flip_edge() (Dan Carpenter)
- nvme: fix passthrough csi check (Keith Busch)
- riscv/kprobe: Fix instruction simulation of JALR (Liao Chang)
- sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner)
- net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet)
- netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima)
- netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman)
- ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet)
- ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet)
- netlink: annotate data races around sk_state (Eric Dumazet)
- netlink: annotate data races around dst_portid and dst_group (Eric Dumazet)
- netlink: annotate data races around nlk->portid (Eric Dumazet)
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso)
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso)
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (Arnd Bergmann)
- net: fix UaF in netns ops registration error path (Paolo Abeni)
- netlink: prevent potential spectre v1 gadgets (Eric Dumazet)
- i2c: designware: use casting of u64 in clock multiplication to avoid overflow (Lareine Khawaly)
- scsi: ufs: core: Fix devfreq deadlocks (Johan Hovold)
- net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang)
- EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam)
- EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam)
- ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti)
- ipv6: fix reachability confirmation with proxy_ndp (Gergely Risko)
- thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation (Marc Zyngier)
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst)
- ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi)
- ksmbd: limit pdu length size according to connection status (Namjae Jeon)
- ksmbd: downgrade ndr version error message to debug (Namjae Jeon)
- ksmbd: do not sign response to session request for guest login (Marios Makassikis)
- ksmbd: add max connections parameter (Namjae Jeon)
- ksmbd: add smbd max io size parameter (Namjae Jeon)
- i2c: mv64xxx: Add atomic_xfer method to driver (Chris Morgan)
- i2c: mv64xxx: Remove shutdown method from driver (Chris Morgan)
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (David Howells)
- ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google))
- trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova)
- tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google))
- module: Don't wait for GOING modules (Petr Pavlu)
- KVM: SVM: fix tsc scaling cache logic (Maxim Levitsky)
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov)
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (Harsh Jain)
- Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka)
- exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook)
- docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook)
- panic: Expose "warn_count" to sysfs (Kees Cook)
- panic: Introduce warn_limit (Kees Cook)
- panic: Consolidate open-coded panic_on_warn checks (Kees Cook)
- exit: Allow oops_limit to be disabled (Kees Cook)
- exit: Expose "oops_count" to sysfs (Kees Cook)
- exit: Put an upper limit on how often we can oops (Jann Horn)
- panic: Separate sysctl logic from CONFIG_SMP (Kees Cook)
- ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap)
- csky: Fix function name in csky_alignment() and die() (Nathan Chancellor)
- h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor)
- hexagon: Fix function name in die() (Nathan Chancellor)
- objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman)
- exit: Add and use make_task_dead. (Eric W. Biederman)
- kasan: no need to unset panic_on_warn in end_report() (Tiezhu Yang)
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (Tiezhu Yang)
- panic: unset panic_on_warn inside panic() (Tiezhu Yang)
- kernel/panic: move panic sysctls to its own file (tangmeng)
- sysctl: add a new register_sysctl_init() interface (Xiaoming Ni)
- fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu)
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (Deepak Sharma)
- drm/i915: Remove unused variable (Nirmoy Das)
- Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" (Sasha Levin)
- drm/i915: Allow switching away via vga-switcheroo if uninitialized (Thomas Zimmermann)
- firmware: coreboot: Check size of table entry and use flex-array (Kees Cook)
- lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik)
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede)
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein)
- r8152: add vendor/device ID pair for Microsoft Devkit (Andre Przywara)
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li)
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens)
- spi: spidev: remove debug messages that access spidev->spi without locking (Bartosz Golaszewski)
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown)
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown)
- cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen)
- perf/x86/intel/uncore: Add Emerald Rapids (Kan Liang)
- perf/x86/msr: Add Emerald Rapids (Kan Liang)
- s390: expicitly align _edata and _end symbols on page boundary (Alexander Gordeev)
- s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle)
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson)
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (Hui Wang)
- ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu)
- cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist (Konrad Dybcio)
- kcsan: test: don't put the expect array on the stack (Max Filippov)
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta)
- scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace (Wenchao Hao)
- tcp: fix rate_app_limited to default to 1 (David Morley)
- net: stmmac: enable all safety features by default (Andrew Halaney)
- thermal: core: call put_device() only after device_register() fails (Viresh Kumar)
- thermal/core: fix error code in __thermal_cooling_device_register() (Dan Carpenter)
- thermal: Validate new state in cur_state_store() (Viresh Kumar)
- thermal/core: Rename 'trips' to 'num_trips' (Daniel Lezcano)
- thermal/core: Remove duplicate information when an error occurs (Daniel Lezcano)
- net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan)
- selftests/net: toeplitz: fix race on tpacket_v3 block close (Willem de Bruijn)
- driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin)
- w1: fix WARNING after calling w1_process() (Yang Yingliang)
- w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang)
- device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() (Yang Yingliang)
- ptdma: pt_core_execute_cmd() should use spinlock (Eric Pilmore)
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (Kevin Hao)
- tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing)
- nvme-pci: fix timeout request state check (Keith Busch)
- drm/amd/display: fix issues with driver unload (Hamza Mahfooz)
- phy: phy-can-transceiver: Skip warning if no "max-bitrate" (Geert Uytterhoeven)
- dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin)
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara)
- HID: betop: check shape of output reports (Pietro Borrello)
- l2tp: prevent lockdep issue in l2tp_tunnel_register() (Eric Dumazet)
- virtio-net: correctly enable callback during start_xmit (Jason Wang)
- net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock)
- dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko)
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann)
- net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap)
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (Maor Dickman)
- net: ipa: disable ipa interrupt during suspend (Caleb Connolly)
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (Ying Hsu)
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami)
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (Udipto Goswami)
- HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina)
- pinctrl: rockchip: fix mux route data for rk3568 (Jonas Karlman)
- net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit)
- HID: check empty report_list in bigben_probe() (Pietro Borrello)
- HID: check empty report_list in hid_validate_values() (Pietro Borrello)
- net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit)
- net: usb: sr9700: Handle negative len (Szymon Heidrich)
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (Geetha sowjanya)
- l2tp: close all race conditions in l2tp_tunnel_register() (Cong Wang)
- l2tp: convert l2tp_tunnel_list to idr (Cong Wang)
- l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki)
- l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951574] {CVE-2022-4129}
- net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet)
- net: stmmac: Fix queue statistics reading (Kurt Kanzenbach)
- pinctrl: rockchip: fix reading pull type on rk3568 (Jonas Karlman)
- pinctrl/rockchip: add error handling for pull/drive register getters (Sebastian Reichel)
- pinctrl/rockchip: Use temporary variable for struct device (Andy Shevchenko)
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037701] {CVE-2023-23559}
- gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut)
- gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock (Marek Vasut)
- gpio: use raw spinlock for gpio chip shadowed data (Schspa Shi)
- sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb (Rahul Rameshbabu)
- net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() (Vladimir Oltean)
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina)
- net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang)
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing)
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst)
- amd-xgbe: Delay AN timeout during KR training (Raju Rangoju)
- amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju)
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (Claudiu Beznea)
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (Xingyuan Mo)
- phy: ti: fix Kconfig warning and operator precedence (Randy Dunlap)
- arm64: dts: qcom: msm8992-libra: Fix the memory map (Konrad Dybcio)
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (Konrad Dybcio)
- arm64: dts: qcom: msm8992: Don't use sfpb mutex (Konrad Dybcio)
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (Christophe JAILLET)
- affs: initialize fsdata in affs_truncate() (Alexander Potapenko)
- IB/hfi1: Remove user expected buffer invalidate race (Dean Luick)
- IB/hfi1: Immediately remove invalid memory from hardware (Dean Luick)
- IB/hfi1: Fix expected receive setup error exit issues (Dean Luick)
- IB/hfi1: Reserve user expected TIDs (Dean Luick)
- IB/hfi1: Reject a zero-length user expected buffer (Dean Luick)
- RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum)
- tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada)
- firmware: arm_scmi: Harden shared memory access in fetch_notification (Cristian Marussi)
- firmware: arm_scmi: Harden shared memory access in fetch_response (Cristian Marussi)
- EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin)
- reset: uniphier-glue: Fix possible null-ptr-deref (Hui Tang)
- reset: uniphier-glue: Use reset_control_bulk API (Philipp Zabel)
- soc: imx8m: Fix incorrect check for of_clk_get_by_name() (Miaoqian Lin)
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (Tim Harvey)
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang)
- ARM: imx: add missing of_node_put() (Dario Binacchi)
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (Adam Ford)
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam)
- ARM: dts: imx7d-pico: Use 'clock-frequency' (Fabio Estevam)
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (Fabio Estevam)
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (Fabio Estevam)
- dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (Jayesh Choudhary)
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui)
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui)
- memory: tegra: Remove clients SID override programming (Ashish Mhetre)
- LTS version: v5.15.90 (Jack Vogel)
- io_uring/rw: remove leftover debug statement (Jens Axboe)
- io_uring/rw: ensure kiocb_end_write() is always called (Jens Axboe)
- io_uring: fix double poll leak on repolling (Pavel Begunkov)
- io_uring: Clean up a false-positive warning from GCC 9.3.0 (Alviro Iskandar Setiawan)
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Hugh Dickins)
- soc: qcom: apr: Make qcom,protection-domain optional again (Stephan Gerhold)
- Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (Eric Dumazet)
- block: mq-deadline: Rename deadline_is_seq_writes() (Damien Le Moal)
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (Yang Yingliang)
- net/ulp: use consistent error code when blocking ULP (Paolo Abeni)
- io_uring/net: fix fast_iov assignment in io_setup_async_msg() (Stefan Metzmacher)
- io_uring: io_kiocb_update_pos() should not touch file for non -1 offset (Jens Axboe)
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (Steven Rostedt (Google))
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long)
- Revert "drm/amdgpu: make display pinning more flexible (v2)" (Alex Deucher)
- efi: rt-wrapper: Add missing include (Ard Biesheuvel)
- arm64: efi: Execute runtime services from a dedicated stack (Ard Biesheuvel)
- fs/ntfs3: Fix attr_punch_hole() null pointer derenference (Alon Zahavi)
- drm/amdgpu: drop experimental flag on aldebaran (Alex Deucher)
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (Joshua Ashton)
- drm/amd/display: Calculate output_color_space after pixel encoding adjustment (Joshua Ashton)
- drm/amd/display: Fix set scaling doesn's work (hongao)
- drm/i915/display: Check source height is > 0 (Drew Davenport)
- drm/i915: re-disable RC6p on Sandy Bridge (Sasa Dragic)
- mei: me: add meteor lake point M DID (Alexander Usyskin)
- gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov)
- serial: atmel: fix incorrect baudrate setup (Tobias Schramm)
- serial: amba-pl011: fix high priority character transmission in rs486 mode (Lino Sanfilippo)
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled (Reinette Chatre)
- dmaengine: tegra210-adma: fix global intr clear (Mohan Kumar)
- dmaengine: lgm: Move DT parsing after initialization (Peter Harliman Liem)
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Järvinen)
- dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation (Heiner Kallweit)
- dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation (Heiner Kallweit)
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park)
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej Żenczykowski)
- usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally)
- usb: typec: altmodes/displayport: Fix pin assignment calculation (Prashant Malani)
- usb: typec: altmodes/displayport: Add pin assignment helper (Prashant Malani)
- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (ChiYuan Huang)
- usb: host: ehci-fsl: Fix module alias (Alexander Stein)
- usb: cdns3: remove fetched trb from cache before dequeuing (Pawel Laszczak)
- USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler)
- USB: gadgetfs: Fix race between mounting and unmounting (Alan Stern)
- tty: fix possible null-ptr-defer in spk_ttyio_release (Gaosheng Cui)
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (Krzysztof Kozlowski)
- staging: mt7621-dts: change some node hex addresses to lower case (Sergio Paracuellos)
- bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD (Paul Moore)
- riscv: dts: sifive: fu740: fix size of pcie 32bit memory (Ben Dooks)
- thunderbolt: Use correct function to calculate maximum USB3 link rate (Mika Westerberg)
- cifs: do not include page data when checking signature (Enzo Matsumiya)
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (Filipe Manana)
- btrfs: do not abort transaction on failure to write log tree when syncing log (Filipe Manana)
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen)
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (Samuel Holland)
- ACPI: PRM: Check whether EFI runtime is available (Ard Biesheuvel)
- comedi: adv_pci1760: Fix PWM instruction handling (Ian Abbott)
- usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi)
- misc: fastrpc: Fix use-after-free race condition for maps (Ola Jeppsson)
- misc: fastrpc: Don't remove map on creater_process and device_release (Abel Vesa)
- USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman)
- staging: vchiq_arm: fix enum vchiq_status return types (Arnd Bergmann)
- USB: serial: option: add Quectel EM05CN modem (Duke Xin(辛安文))
- USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin(辛安文))
- USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi)
- USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin(辛安文))
- USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin(辛安文))
- USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin(辛安文))
- prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman)
- xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables (Mathias Nyman)
- usb: acpi: add helper to check port lpm capability using acpi _DSM (Mathias Nyman)
- xhci: Add a flag to disable USB3 lpm on a xhci root port level. (Mathias Nyman)
- xhci: Add update_hub_device override for PCI xHCI hosts (Mathias Nyman)
- xhci: Fix null pointer dereference when host dies (Mathias Nyman)
- usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu)
- xhci-pci: set the dma max_seg_size (Ricardo Ribalda)
- io_uring/rw: defer fsnotify calls to task context (Jens Axboe)
- io_uring: do not recalculate ppos unnecessarily (Dylan Yudaken)
- io_uring: update kiocb->ki_pos at execution time (Dylan Yudaken)
- io_uring: remove duplicated calls to io_kiocb_ppos (Dylan Yudaken)
- io_uring: ensure that cached task references are always put on exit (Jens Axboe)
- io_uring: fix async accept on O_NONBLOCK sockets (Dylan Yudaken)
- io_uring: allow re-poll if we made progress (Jens Axboe)
- io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG) (Jens Axboe)
- io_uring: add flag for disabling provided buffer recycling (Jens Axboe)
- io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly (Jens Axboe)
- io_uring: improve send/recv error handling (Pavel Begunkov)
- io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (Jens Axboe)
- eventfd: provide a eventfd_signal_mask() helper (Jens Axboe)
- eventpoll: add EPOLL_URING_WAKE poll wakeup flag (Jens Axboe)
- io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (Jens Axboe)
- hugetlb: unshare some PMDs when splitting VMAs (James Houghton)
- drm/amd: Delay removal of the firmware framebuffer (Sasha Levin)
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (Guchun Chen)
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (Jeremy Szu)
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (Andy Chi)
- efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Ding Hui)
- nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi)
- zonefs: Detect append writes at invalid locations (Damien Le Moal)
- Add exception protection processing for vd in axi_chan_handle_err function (Shawn.Shao)
- wifi: mac80211: sdata can be NULL during AMPDU start (Alexander Wetzel)
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (Arend van Spriel)
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev (Krzysztof Kozlowski)
- fbdev: omapfb: avoid stack overflow warning (Arnd Bergmann)
- perf/x86/rapl: Treat Tigerlake like Icelake (Chris Wilson)
- f2fs: let's avoid panic if extent_tree is not created (Jaegeuk Kim)
- x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka)
- btrfs: always report error in run_one_delayed_ref() (Qu Wenruo)
- RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE))
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Chunhao Lin)
- net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin)
- vduse: Validate vq_num in vduse_validate_config() (Harshit Mogalapalli)
- virtio_pci: modify ENOENT to EINVAL (Angus Chen)
- tools/virtio: initialize spinlocks in vring_test.c (Ricardo Cañuelo)
- selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID (Hao Sun)
- pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia)
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (Naohiro Aota)
- LTS version: v5.15.89 (Jack Vogel)
- pinctrl: amd: Add dynamic debugging for active GPIOs (Mario Limonciello)
- Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" (Ferry Toth)
- block: handle bio_split_to_limits() NULL return (Jens Axboe)
- io_uring/io-wq: only free worker if it was allocated for creation (Jens Axboe)
- io_uring/io-wq: free worker if task_work creation is canceled (Jens Axboe)
- efi: fix NULL-deref in init error path (Johan Hovold)
- arm64: cmpxchg_double*: hazard against entire exchange variable (Mark Rutland)
- arm64: atomics: remove LL/SC trampolines (Mark Rutland)
- arm64: atomics: format whitespace consistently (Mark Rutland)
- io_uring: lock overflowing for IOPOLL (Pavel Begunkov)
- KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID (Paolo Bonzini)
- Documentation: KVM: add API issues section (Paolo Bonzini)
- mm: Always release pages to the buddy allocator in memblock_free_late(). (Aaron Thompson)
- platform/surface: aggregator: Add missing call to ssam_request_sync_free() (Maximilian Luz)
- igc: Fix PPS delta between two synchronized end-points (Christopher S Hall)
- perf build: Properly guard libbpf includes (Ian Rogers)
- net/mlx5e: Don't support encap rules with gbp option (Gavin Li)
- net/mlx5: Fix ptp max frequency adjustment range (Rahul Rameshbabu)
- net/sched: act_mpls: Fix warning during failed attribute validation (Ido Schimmel)
- tools/nolibc: fix the O_* fcntl/open macro definitions for riscv (Willy Tarreau)
- tools/nolibc: restore mips branch ordering in the _start block (Willy Tarreau)
- tools/nolibc: Remove .global _start from the entry point code (Ammar Faizi)
- tools/nolibc/arch: mark the _start symbol as weak (Willy Tarreau)
- tools/nolibc/arch: split arch-specific code into individual files (Willy Tarreau)
- tools/nolibc/types: split syscall-specific definitions into their own files (Willy Tarreau)
- tools/nolibc/std: move the standard type definitions to std.h (Willy Tarreau)
- tools/nolibc: use pselect6 on RISCV (Willy Tarreau)
- tools/nolibc: x86-64: Use mov $60,%eax instead of mov $60,%rax (Ammar Faizi)
- tools/nolibc: x86: Remove r8, r9 and r10 from the clobber list (Ammar Faizi)
- af_unix: selftest: Fix the size of the parameter to connect() (Mirsad Goran Todorovac)
- nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (Minsuk Kang)
- hvc/xen: lock console list traversal (Roger Pau Monne)
- octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable (Angela Czubak)
- tipc: fix unexpected link reset due to discovery messages (Tung Nguyen)
- ALSA: usb-audio: Relax hw constraints for implicit fb sync (Takashi Iwai)
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs (Takashi Iwai)
- ASoC: wm8904: fix wrong outputs volume after power reactivation (Emanuele Ghidoli)
- scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery (Peter Wang)
- scsi: ufs: Stop using the clock scaling lock in the error handler (Bart Van Assche)
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (Shin'ichiro Kawasaki)
- regulator: da9211: Use irq handler when ready (Ricardo Ribalda)
- x86/resctrl: Fix task CLOSID/RMID update race (Peter Newman)
- EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber)
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra)
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (Kajol Jain)
- netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia)
- sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long)
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (Christophe JAILLET)
- iommu/iova: Fix alloc iova overflows issue (Yunfei Wang)
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout (Ferry Toth)
- bus: mhi: host: Fix race between channel preparation and M0 event (Qiang Yu)
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005828] {CVE-2023-0394}
- ixgbe: fix pci device refcount leak (Yang Yingliang)
- platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (Hans de Goede)
- dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (Konrad Dybcio)
- dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (Konrad Dybcio)
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (Kuogee Hsieh)
- platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] (Hans de Goede)
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (Bryan O'Donoghue)
- dt-bindings: msm: dsi-controller-main: Fix description of core clock (Bryan O'Donoghue)
- dt-bindings: msm: dsi-controller-main: Fix power-domain constraint (Bryan O'Donoghue)
- drm/msm/adreno: Make adreno quirks not overwrite each other (Konrad Dybcio)
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (Bryan O'Donoghue)
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (Hans de Goede)
- platform/surface: aggregator: Ignore command messages not intended for us (Maximilian Luz)
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (Hans de Goede)
- cifs: Fix uninitialized memory read for smb311 posix symlink create (Volker Lendecke)
- net/mlx5e: Set action fwd flag when parsing tc action goto (Roi Dayan)
- drm/i915/gt: Reset twice (Chris Wilson)
- drm/virtio: Fix GEM handle creation UAF (Rob Clark)
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens)
- s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops (Heiko Carstens)
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (Brian Norris)
- s390/kexec: fix ipl report address for kdump (Alexander Egorenkov)
- perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter)
- net: stmmac: add aux timestamps fifo clearance wait (Noor Azura Ahmad Tarmizi)
- docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet)
- efi: tpm: Avoid READ_ONCE() for accessing the event log (Ard Biesheuvel)
- selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c (Jinrong Liang)
- KVM: arm64: nvhe: Fix build with profile optimization (Denis Nikitin)
- KVM: arm64: Fix S1PTW handling on RO memslots (Marc Zyngier)
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (Luka Guzenko)
- ALSA: hda/realtek - Turn on power early (Yuchi Yang)
- ALSA: control-led: use strscpy in set_led_id() (Jaroslav Kysela)
- LTS version: v5.15.88 (Jack Vogel)
- ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (Chris Chiu)
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (Adrian Chan)
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne) [Orabug: 34983525] {CVE-2023-0266}
- net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni)
- net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005790] {CVE-2022-47929}
- serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way" (Rasmus Villemoes)
- selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace (Kyle Huey)
- x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set (Kyle Huey)
- x86/fpu: Allow PKRU to be (once again) written by ptrace. (Kyle Huey)
- x86/fpu: Add a pkru argument to copy_uabi_to_xstate() (Kyle Huey)
- x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate(). (Kyle Huey)
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (Kyle Huey)
- parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller)
- LTS version: v5.15.87 (Jack Vogel)
- drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe)
- io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res() (Harshit Mogalapalli)
- efi: random: combine bootloader provided RNG seed with RNG protocol output (Ard Biesheuvel)
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (Jan Kara)
- net: hns3: fix return value check bug of rx copybreak (Jie Wang)
- btrfs: make thaw time super block check to also verify checksum (Qu Wenruo)
- selftests: set the BUILD variable to absolute path (Muhammad Usama Anjum)
- ext4: don't allow journal inode to have encrypt flag (Eric Biggers)
- mptcp: use proper req destructor for IPv6 (Matthieu Baerts)
- mptcp: dedicated request sock for subflow in v6 (Matthieu Baerts)
- Revert "ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007" (Mario Limonciello)
- ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob (William Liu)
- ksmbd: fix infinite loop in ksmbd_conn_handler_loop() (Namjae Jeon)
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds)
- hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann)
- drm/i915/gvt: fix vgpu debugfs clean in remove (Zhenyu Wang)
- drm/i915/gvt: fix gvt debugfs destroy (Zhenyu Wang)
- riscv, kprobes: Stricter c.jr/c.jalr decoding (Björn Töpel)
- riscv: uaccess: fix type of 0 variable on error in get_user() (Ben Dooks)
- thermal: int340x: Add missing attribute for data rate base (Srinivas Pandruvada)
- io_uring: fix CQ waiting timeout handling (Pavel Begunkov)
- block: don't allow splitting of a REQ_NOWAIT bio (Jens Axboe)
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (Paul Menzel)
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton)
- x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco)
- x86/kexec: Fix double-free of elf header buffer (Takashi Iwai)
- btrfs: check superblock to ensure the fs was not modified at thaw time (Qu Wenruo)
- nvme: also return I/O command effects from nvme_command_effects (Christoph Hellwig)
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (Christoph Hellwig)
- io_uring: check for valid register opcode earlier (Jens Axboe)
- nvme: fix multipath crash caused by flush request when blktrace is enabled (Yanjun Zhang)
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (Hans de Goede)
- udf: Fix extension of the last extent in the file (Jan Kara)
- caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao)
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (Dan Carpenter)
- perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode (Namhyung Kim)
- usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich)
- octeontx2-pf: Fix lmtst ID used in aura free (Geetha sowjanya)
- drivers/net/bonding/bond_3ad: return when there's no aggregator (Daniil Tatianin)
- fs/ntfs3: don't hold ni_lock when calling truncate_setsize() (Tetsuo Handa)
- drm/imx: ipuv3-plane: Fix overlay plane width (Philipp Zabel)
- perf tools: Fix resources leak in perf_data__open_dir() (Miaoqian Lin)
- netfilter: ipset: Rework long task execution when adding/deleting entries (Jozsef Kadlecsik)
- netfilter: ipset: fix hash:net,port,net hang with /0 subnet (Jozsef Kadlecsik)
- net: sparx5: Fix reading of the MAC address (Horatiu Vultur)
- net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983582] {CVE-2023-23454}
- net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983613] {CVE-2023-23455}
- gpio: sifive: Fix refcount leak in sifive_gpio_probe (Miaoqian Lin)
- ceph: switch to vfs_inode_has_locks() to fix file lock bug (Xiubo Li)
- filelock: new helper: vfs_inode_has_locks (Jeff Layton)
- drm/meson: Reduce the FIFO lines held when AFBC is not used (Carlo Caione)
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (Maor Gottlieb)
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (Shay Drory)
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin)
- net: ena: Update NUMA TPH hint register upon NUMA node update (David Arinzon)
- net: ena: Set default value for RX interrupt moderation (David Arinzon)
- net: ena: Fix rx_copybreak value update (David Arinzon)
- net: ena: Use bitmask to indicate packet redirection (David Arinzon)
- net: ena: Account for the number of processed bytes in XDP (David Arinzon)
- net: ena: Don't register memory info on XDP exchange (David Arinzon)
- net: ena: Fix toeplitz initial hash value (David Arinzon)
- net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao)
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (Adham Faris)
- net/mlx5e: Always clear dest encap in neigh-update-del (Chris Mi)
- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Roi Dayan)
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default (Dragos Tatulea)
- net/mlx5: Avoid recovery in probe flows (Shay Drory)
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (Jiri Pirko)
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (Moshe Shemesh)
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (Stefano Garzarella)
- vhost: fix range used in translate_desc() (Stefano Garzarella)
- vringh: fix range used in iotlb_translate() (Stefano Garzarella)
- vhost/vsock: Fix error handling in vhost_vsock_init() (Yuan Can)
- vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (ruanjinjie)
- nfc: Fix potential resource leaks (Miaoqian Lin)
- net: dsa: mv88e6xxx: depend on PTP conditionally (Johnny S. Lee)
- qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin)
- net: sched: fix memory leak in tcindex_set_parms (Hawkins Jiawei)
- net: hns3: fix VF promisc mode not update when mac table full (Jian Shen)
- net: hns3: fix miss L3E checking for rx packet (Jian Shen)
- net: hns3: extract macro to simplify ring stats update code (Peng Li)
- net: hns3: refactor hns3_nic_reuse_page() (Hao Chen)
- net: hns3: add interrupts re-initialization while doing VF FLR (Jie Wang)
- nfsd: shut down the NFSv4 state objects before the filecache (Jeff Layton)
- veth: Fix race with AF_XDP exposing old or uninitialized descriptors (Shawn Bohrer)
- netfilter: nf_tables: honor set timeout and garbage collection updates (Pablo Neira Ayuso)
- vmxnet3: correctly report csum_level for encapsulated packet (Ronak Doshi)
- netfilter: nf_tables: perform type checking for existing sets (Pablo Neira Ayuso)
- netfilter: nf_tables: add function to create set stateful expressions (Pablo Neira Ayuso)
- netfilter: nf_tables: consolidate set description (Pablo Neira Ayuso)
- drm/panfrost: Fix GEM handle creation ref-counting (Steven Price)
- bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski)
- btrfs: fix an error handling path in btrfs_defrag_leaves() (Sasha Levin)
- SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto)
- drm/i915/migrate: fix length calculation (Matthew Auld)
- drm/i915/migrate: fix offset calculation (Matthew Auld)
- drm/i915/migrate: don't check the scratch page (Matthew Auld)
- ext4: fix deadlock due to mbcache entry corruption (Jan Kara)
- mbcache: automatically delete entries from cache on freeing (Jan Kara)
- ext4: correct inconsistent error msg in nojournal mode (Baokun Li)
- ext4: goto right label 'failed_mount3a' (Jason Yan)
- ravb: Fix "failed to switch device to config mode" message during unbind (Biju Das)
- perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data (Masami Hiramatsu (Google))
- perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor (Masami Hiramatsu (Google))
- media: s5p-mfc: Fix in register read and write for H264 (Smitha T Murthy)
- media: s5p-mfc: Clear workbit to handle error condition (Smitha T Murthy)
- media: s5p-mfc: Fix to handle reference queue during finishing (Smitha T Murthy)
- x86/MCE/AMD: Clear DFR errors found in THR handler (Yazen Ghannam)
- x86/mce: Get rid of msr_ops (Borislav Petkov)
- btrfs: fix extent map use-after-free when handling missing device in read_one_chunk (void0red)
- btrfs: move missing device handling in a dedicate function (Nikolay Borisov)
- btrfs: replace strncpy() with strscpy() (Sasha Levin)
- phy: qcom-qmp-combo: fix out-of-bounds clock access (Sasha Levin)
- ARM: renumber bits related to _TIF_WORK_MASK (Jens Axboe)
- ext4: fix off-by-one errors in fast-commit block filling (Eric Biggers)
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (Eric Biggers)
- ext4: add missing validation of fast-commit record lengths (Eric Biggers)
- ext4: don't set up encryption key during jbd2 transaction (Eric Biggers)
- ext4: disable fast-commit of encrypted dir operations (Eric Biggers)
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (Eric Biggers)
- ext4: factor out ext4_fc_get_tl() (Eric Biggers)
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (Eric Biggers)
- ext4: use ext4_debug() instead of jbd_debug() (Eric Biggers)
- ext4: remove unused enum EXT4_FC_COMMIT_FAILED (Eric Biggers)
- tracing: Fix issue of missing one synthetic field (Zheng Yejian)
- block: mq-deadline: Fix dd_finish_request() for zoned devices (Damien Le Moal)
- drm/amdgpu: make display pinning more flexible (v2) (Alex Deucher)
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (Alex Deucher)
- ext4: allocate extended attribute value in vmalloc area (Ye Bin)
- ext4: avoid unaccounted block allocation when expanding inode (Jan Kara)
- ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara)
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin)
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Ye Bin)
- ext4: avoid BUG_ON when creating xattrs (Jan Kara)
- ext4: fix error code return to user-space in ext4_get_branch() (Luís Henriques)
- ext4: fix corruption when online resizing a 1K bigalloc fs (Baokun Li)
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (Eric Whitney)
- ext4: init quota for 'old.inode' in 'ext4_rename' (Ye Bin)
- ext4: fix uninititialized value in 'ext4_evict_inode' (Ye Bin)
- ext4: fix leaking uninitialized memory in fast-commit journal (Eric Biggers)
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li)
- ext4: check and assert if marking an no_delete evicting inode dirty (Zhang Yi)
- ext4: fix reserved cluster accounting in __es_remove_extent() (Ye Bin)
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (Baokun Li)
- ext4: add helper to check quota inums (Baokun Li)
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (Baokun Li)
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui)
- ext4: fix use-after-free in ext4_orphan_cleanup (Baokun Li)
- fs: ext4: initialize fsdata in pagecache_write() (Alexander Potapenko)
- ext4: remove trailing newline from ext4_msg() message (Luís Henriques)
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li)
- ext4: silence the warning when evicting inode with dioread_nolock (Zhang Yi)
- drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (Yuan Can)
- drm/i915/dsi: fix VBT send packet port selection for dual link DSI (Mikko Kovanen)
- drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin)
- drm/connector: send hotplug uevent on connector cleanup (Simon Ser)
- device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang)
- parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing)
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (Maria Yu)
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips)
- phy: qcom-qmp-combo: fix sc8180x reset (Johan Hovold)
- driver core: Fix bus_type.match() error handling in __driver_attach() (Isaac J. Manjarres)
- crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello)
- crypto: n2 - add missing hash statesize (Corentin Labbe)
- riscv: mm: notify remote harts about mmu cache updates (Sergey Matyukevich)
- riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument (Guo Ren)
- PCI/sysfs: Fix double free in error path (Sascha Hauer)
- PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin)
- ipmi: fix use after free in _ipmi_destroy_user() (Dan Carpenter)
- ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu)
- mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (Alexander Sverdlin)
- ipmi: fix long wait in unload when IPMI disconnect (Zhang Yuchen)
- ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (Maximilian Luz)
- ASoC: jz4740-i2s: Handle independent FIFO flush bits (Aidan MacDonald)
- wifi: wilc1000: sdio: fix module autoloading (Michael Walle)
- efi: Add iMac Pro 2017 to uefi skip cert quirk (Aditya Garg)
- md/bitmap: Fix bitmap chunk size overflow issues (Florian-Ewald Mueller)
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (Damien Le Moal)
- rtc: ds1347: fix value written to century register (Ian Abbott)
- cifs: fix missing display of three mount options (Steve French)
- cifs: fix confusing debug message (Paulo Alcantara)
- media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820628] {CVE-2022-41218}
- media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki)
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers)
- staging: media: tegra-video: fix device_node use after free (Luca Ceresoli)
- staging: media: tegra-video: fix chan->mipi value on error (Luca Ceresoli)
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong)
- tracing/probes: Handle system names with hyphens (Steven Rostedt (Google))
- tracing/hist: Fix wrong return value in parse_action_params() (Zheng Yejian)
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (Masami Hiramatsu (Google))
- tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google))
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Masami Hiramatsu (Google))
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (Masami Hiramatsu (Google))
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (Steven Rostedt (Google))
- x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj)
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (Sean Christopherson)
- KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (Sean Christopherson)
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (Sean Christopherson)
- of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values (Rob Herring)
- perf/core: Call LSM hook after copying perf_event_attr (Namhyung Kim)
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (Zheng Yejian)
- dm cache: set needs_check flag after aborting metadata (Mike Snitzer)
- dm cache: Fix UAF in destroy() (Luo Meng)
- dm clone: Fix UAF in clone_dtr() (Luo Meng)
- dm integrity: Fix UAF in dm_integrity_dtr() (Luo Meng)
- dm thin: Fix UAF in run_timer_softirq() (Luo Meng)
- dm thin: resume even if in FAIL mode (Luo Meng)
- dm thin: Use last transaction's pmd->root when commit failed (Zhihao Cheng)
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (Zhihao Cheng)
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer)
- mptcp: remove MPTCP 'ifdef' in TCP SYN cookies (Matthieu Baerts)
- mptcp: mark ops structures as ro_after_init (Florian Westphal)
- fs: dlm: retry accept() until -EAGAIN or error returns (Alexander Aring)
- fs: dlm: fix sock release if listen fails (Alexander Aring)
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (Chris Chiu)
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (Philipp Jungkamp)
- cpufreq: Init completion before kobject_init_and_add() (Yongqiang Liu)
- PM/devfreq: governor: Add a private governor_data for governor (Kant Fan)
- selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickaël Salaün)
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (Krzysztof Kozlowski)
- ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld)
- btrfs: fix resolving backrefs for inline extent followed by prealloc (Boris Burkov)
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (Wenchao Chen)
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (Krzysztof Kozlowski)
- perf/x86/intel/uncore: Clear attr_update properly (Alexander Antonov)
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (Alexander Antonov)
- jbd2: use the correct print format (Bixuan Cui)
- ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt)
- kest.pl: Fix grub2 menu handling for rebooting (Steven Rostedt)
- soc: qcom: Select REMAP_MMIO for LLCC driver (Manivannan Sadhasivam)
- media: stv0288: use explicitly signed char (Jason A. Donenfeld)
- net/af_packet: make sure to pull mac header (Eric Dumazet)
- net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO (Hangbin Liu)
- rcu-tasks: Simplify trc_read_check_handler() atomic operations (Paul E. McKenney)
- ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire (Pierre-Louis Bossart)
- ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio (Pierre-Louis Bossart)
- kcsan: Instrument memcpy/memset/memmove with newer Clang (Marco Elver)
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (Chuck Lever)
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo)
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo)
- tpm: acpi: Call acpi_put_table() to fix memory leak (Hanjun Guo)
- mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu)
- f2fs: allow to read node block after shutdown (Jaegeuk Kim)
- f2fs: should put a page when checking the summary info (Pavel Machek)
- mm, compaction: fix fast_isolate_around() to stay within boundaries (NARIBAYASHI Akira)
- md: fix a crash in mempool_free (Mikulas Patocka)
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs (ChiYuan Huang)
- pnode: terminate at peers of source (Christian Brauner)
- ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine)
- ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine)
- ovl: Use ovl mounter's fsuid and fsgid in ovl_link() (Zhang Tianci)
- binfmt: Fix error return code in load_elf_fdpic_binary() (Wang Yufen)
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg)
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (Qiujun Huang)
- pstore: Properly assign mem_type property (Luca Stefani)
- HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge)
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (José Expósito)
- powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch)
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch)
- objtool: Fix SEGFAULT (Christophe Leroy)
- fs/ntfs3: Fix slab-out-of-bounds in r_page (Yin Xiujiang)
- fs/ntfs3: Delete duplicate condition in ntfs_read_mft() (Dan Carpenter)
- fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() (Tetsuo Handa)
- fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() (Tetsuo Handa)
- fs/ntfs3: Validate index root when initialize NTFS security (Edward Lo)
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart)
- fs/ntfs3: Fix slab-out-of-bounds read in run_unpack (Hawkins Jiawei)
- fs/ntfs3: Validate resident attribute name (Edward Lo)
- fs/ntfs3: Validate buffer length while parsing index (Edward Lo)
- fs/ntfs3: Validate attribute name offset (Edward Lo)
- fs/ntfs3: Add null pointer check for inode operations (Edward Lo)
- fs/ntfs3: Fix memory leak on ntfs_fill_super() error path (Shigeru Yoshida)
- fs/ntfs3: Add null pointer check to attr_load_runs_vcn (Edward Lo)
- fs/ntfs3: Validate data run offset (Edward Lo)
- fs/ntfs3: Add overflow check for attribute size (edward lo)
- fs/ntfs3: Validate BOOT record_size (edward lo)
- nvmet: don't defer passthrough commands with trivial effects to the workqueue (Christoph Hellwig)
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (Christoph Hellwig)
- ata: ahci: Fix PCS quirk application for suspend (Adam Vodopjan)
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (Yu Kuai)
- ACPI: resource: do IRQ override on Lenovo 14ALC7 (Adrian Freund)
- ACPI: resource: do IRQ override on XMG Core 15 (Erik Schumacher)
- ACPI: resource: do IRQ override on LENOVO IdeaPad (Jiri Slaby (SUSE))
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan)
- nvme-pci: fix page size checks (Keith Busch)
- nvme-pci: fix mempool alloc size (Keith Busch)
- nvme-pci: fix doorbell buffer value endianness (Klaus Jensen)
- cifs: fix oops during encryption (Paulo Alcantara)
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (Miaoqian Lin)
- IB/mlx4: Implement backend callback for "ib_get_vector_irqn" (Gerd Rausch) [Orabug: 34276618]
- net/rds: Split send & receive vectors again (Gerd Rausch) [Orabug: 34276609]
- drivers: base: cacheinfo: export symbol "get_cpu_cacheinfo" (Gerd Rausch) [Orabug: 34276609]
- net/rds: Bring tasklets back for better latency (Gerd Rausch) [Orabug: 34276240]
- net/rds: Throttle check for CQ CPU affinity (Gerd Rausch) [Orabug: 34276240]
- net/rds: Follow the observed CQ CPU affinity (Gerd Rausch) [Orabug: 34276240]
- net/rds: Add "preferred_cpu" option to "rds_rdma.ko" (Gerd Rausch) [Orabug: 34276240]
- net/mlx5: Add new verb "ib_get_vector_irqn" (Gerd Rausch) [Orabug: 34276240]
- net/rds: Use the preferred_cpu in rds_queue_{,delayed}_work (Gerd Rausch) [Orabug: 34276240]
- net/rds: Make workers use the designated CPU (Gerd Rausch) [Orabug: 34276240]
- net/rds: Put more CPU cores to work (Gerd Rausch) [Orabug: 34276240]
- net/rds: Get rid of tasklets (Gerd Rausch) [Orabug: 34276240]
- net/rds: Use the same vector for send & receive (Gerd Rausch) [Orabug: 34276240]
- net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240]
- net/rds: Allocate pages on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240]
- uek-rpm: [act|cls]_bpf should be part of core (Alan Maguire) [Orabug: 34551630]
- net/rds: Do not RESET_ALT_CONN if conn drops with DR_IB_DISCONNECTED_EVENT (Sharath Srinivasan) [Orabug: 34864406]
- rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Håkon Bugge) [Orabug: 34987233]
- rds: ib: Add FRWR related statistics counters (Håkon Bugge) [Orabug: 34987233]
- scsi: megaraid_sas: Skip syncing the RAID map on older controllers (Martin K. Petersen) [Orabug: 35028425]
- iommu/amd: Don't block updates to GATag if guest mode is already on (Joao Martins) [Orabug: 34988288]
- IB/core: Make GID table entry (gid_idx) available immediately (Konrad Rzeszutek Wilk) [Orabug: 35015836]
- iommu/amd: Disable AVIC on certain systems BIOS (Joao Martins) [Orabug: 35018580]
- xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35021004]
_______________________________________________
An unbreakable Enterprise kernel security update has been released for Oracle Linux 9.