Unbreakable Enterprise kernel-container security update

[4.14.35-2047.523.4.1]

• mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags (Michal Hocko) [Orabug: 35164196]
  [4.14.35-2047.523.4]
• rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Hakon Bugge) [Orabug: 34987235]
• rds: ib: Add FRWR related statistics counters (Hakon Bugge) [Orabug: 34987235]
• net/rds: The fast registration work queue is not destroyed (Ka-Cheong Poon) [Orabug: 25962452] [Orabug: 31712036]
  [4.14.35-2047.523.3]
• driver/soc/pensando: cap_pcie: refactor pciep_regrd32 (David Clear) [Orabug: 35089515]
• mtd: spi-nor: Add support for Winbond w25q02nw flash. (David Clear) [Orabug: 35089515]
• drivers/i2c: Lattice I2C driver update (David Clear) [Orabug: 35089515]
• drivers/soc/pensando: Adding Elba sbus driver (David Clear) [Orabug: 35089515]
• Arm64: Pensando: Enable ltc2978 driver for Ortano ADI cards (Austin Sehnert) [Orabug: 35080511]
• scsi: target: core: Remove from tmr_list during LUN unlink (Dmitry Bogdanov) [Orabug: 35040145]
  [4.14.35-2047.523.2]
• RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060577]
• xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35040849]
  [4.14.35-2047.523.1]
• x86/kexec: Do not reserve EFI setup_data in the kexec e820 table (Dave Young) [Orabug: 34966703]
• xfs: make COW fork unwritten extent conversions more robust (Christoph Hellwig) [Orabug: 34390903]
• scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (Chandrakanth patil) [Orabug: 34242965]
• scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (Kashyap Desai) [Orabug: 34242965]
• LTS version: v4.14.304 (Saeed Mirzamohammadi)
• x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long)
• gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov)
• serial: atmel: fix incorrect baudrate setup (Tobias Schramm)
• serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Jarvinen)
• usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park)
• usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej zenczykowski)
• usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally)
• usb: host: ehci-fsl: Fix module alias (Alexander Stein)
• USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler)
• usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi)
• USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman)
• USB: serial: option: add Quectel EM05CN modem (Duke Xin)
• USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin)
• USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi)
• USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin)
• USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin)
• USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin)
• prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman)
• usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu)
• xhci-pci: set the dma max_seg_size (Ricardo Ribalda)
• nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi)
• f2fs: let’s avoid panic if extent_tree is not created (Jaegeuk Kim)
• RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE))
• net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin)
• pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia)
• LTS version: v4.14.303 (Saeed Mirzamohammadi)
• Revert ‘usb: ulpi: defer ulpi_register on ulpi_read_id timeout’ (Ferry Toth)
• nfc: pn533: Wait for out_urb’s completion in pn533_usb_send_frame() (Minsuk Kang)
• hvc/xen: lock console list traversal (Roger Pau Monne)
• regulator: da9211: Use irq handler when ready (Ricardo Ribalda)
• EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber)
• x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra)
• netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia)
• ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005830] {CVE-2023-0394}
• platform/x86: sony-laptop: Don’t turn off 0x153 keyboard backlight during probe (Hans de Goede)
• ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne)
• net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni)
• s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens)
• perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter)
• docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet)
• net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005793] {CVE-2022-47929}
• ravb: Fix ‘failed to switch device to config mode’ message during unbind (Biju Das)
• driver core: Fix bus_type.match() error handling in __driver_attach() (Isaac J. Manjarres)
• parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller)
• hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds)
• hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann)
• nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton)
• x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco)
• udf: Fix extension of the last extent in the file (Jan Kara)
• caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao)
• usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich)
• net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983615] {CVE-2023-23455}
• net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin)
• net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao)
• nfc: Fix potential resource leaks (Miaoqian Lin)
• qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin)
• bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski)
• SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto)
• ext4: allocate extended attribute value in vmalloc area (Ye Bin)
• ext4: avoid unaccounted block allocation when expanding inode (Jan Kara)
• ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara)
• ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin)
• ext4: avoid BUG_ON when creating xattrs (Jan Kara)
• ext4: fix error code return to user-space in ext4_get_branch() (Luis Henriques)
• ext4: init quota for ‘old.inode’ in ‘ext4_rename’ (Ye Bin)
• ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li)
• ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui)
• ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li)
• drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin)
• drm/connector: send hotplug uevent on connector cleanup (Simon Ser)
• device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang)
• parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing)
• iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips)
• crypto: n2 - add missing hash statesize (Corentin Labbe)
• PCI/sysfs: Fix double free in error path (Sascha Hauer)
• PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin)
• ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu)
• cifs: fix confusing debug message (Paulo Alcantara)
• media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820630] {CVE-2022-41218}
• media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki)
• ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers)
• tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong)
• x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj)
• dm cache: set needs_check flag after aborting metadata (Mike Snitzer)
• dm cache: Fix UAF in destroy() (Luo Meng)
• dm thin: Fix UAF in run_timer_softirq() (Luo Meng)
• dm thin: Use last transaction’s pmd->root when commit failed (Zhihao Cheng)
• dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer)
• selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickael Salaun)
• ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld)
• ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt)
• media: stv0288: use explicitly signed char (Jason A. Donenfeld)
• tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo)
• tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo)
• mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu)
• md: fix a crash in mempool_free (Mikulas Patocka)
• pnode: terminate at peers of source (Christian Brauner)
• ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine)
• ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine)
• hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg)
• HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge)
• powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch)
• powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch)
• media: dvbdev: fix refcnt bug (Lin Ma) [Orabug: 34983296] {CVE-2022-45886} {CVE-2022-45884} {CVE-2022-45919} {CVE-2022-45887} {CVE-2022-45885}
• gcov: add support for checksum field (Rickard x Andersson)
• iio: adc: ad_sigma_delta: do not use internal iio_dev lock (Nuno Sa)
• reiserfs: Add missing calls to reiserfs_security_free() (Roberto Sassu)
• HID: wacom: Ensure bootloader PID is usable in hidraw mode (Jason Gerecke)
• usb: dwc3: core: defer probe on ulpi_read_id timeout (Ferry Toth)
• pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (John Stultz)
• pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (John Stultz)
• ASoC: rt5670: Remove unbalanced pm_runtime_put() (Hans de Goede)
• ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (Wang Jingjin)
• ASoC: wm8994: Fix potential deadlock (Marek Szyprowski)
• ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (Wang Jingjin)
• ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (Wang Yufen)
• orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (Zhang Xiaoxu)
• drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (Nathan Chancellor)
• drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (Nathan Chancellor)
• clk: st: Fix memory leak in st_of_quadfs_setup() (Xiu Jianfeng)
• media: si470x: Fix use-after-free in si470x_int_in_callback() (Shigeru Yoshida)
• mmc: f-sdh30: Add quirks for broken timeout clock capability (Kunihiko Hayashi)
• blk-mq: fix possible memleak when register ‘hctx’ failed (Ye Bin)
• media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (Mazin Al Haddad)
• media: dvbdev: adopts refcnt to avoid UAF (Lin Ma) [Orabug: 34983296] {CVE-2022-45887} {CVE-2022-45885} {CVE-2022-45884} {CVE-2022-45886} {CVE-2022-45919}
• media: dvb-frontends: fix leak of memory fw (Yan Lei)
• ppp: associate skb with a device at tx (Stanislav Fomichev)
• mrp: introduce active flags to prevent UAF when applicant uninit (Schspa Shi)
• md/raid1: stop mdx_raid1 thread when raid1 array run failed (Jiang Li)
• drm/sti: Use drm_mode_copy() (Ville Syrjala)
• s390/lcs: Fix return type of lcs_start_xmit() (Nathan Chancellor)
• s390/netiucv: Fix return type of netiucv_tx() (Nathan Chancellor)
• s390/ctcm: Fix return type of ctc{mp,}m_tx() (Nathan Chancellor)
• igb: Do not free q_vector unless new one was allocated (Kees Cook)
• wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (Minsuk Kang)
• hamradio: baycom_epp: Fix return type of baycom_send_packet() (Nathan Chancellor)
• net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() (Nathan Chancellor)
• bpf: make sure skb->len != 0 when redirecting to a tunneling device (Stanislav Fomichev)
• ipmi: fix memleak when unload ipmi driver (Zhang Yuchen)
• ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (Amadeusz Slawinski)
• wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (Shigeru Yoshida)
• wifi: ath9k: verify the expected usb_endpoints are present (Fedor Pchelkin)
• hfs: fix OOB Read in __hfs_brec_find (ZhangPeng)
• acct: fix potential integer overflow in encode_comp_t() (Zheng Yejian)
• nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (Ryusuke Konishi)
• ACPICA: Fix error code path in acpi_ds_call_control_method() (Rafael J. Wysocki)
• fs: jfs: fix shift-out-of-bounds in dbDiscardAG (Hoi Pok Wu)
• udf: Avoid double brelse() in udf_rename() (Shigeru Yoshida)
• fs: jfs: fix shift-out-of-bounds in dbAllocAG (Dongliang Mu)
• binfmt_misc: fix shift-out-of-bounds in check_special_flags (Liu Shixin)
• net: stream: purge sk_error_queue in sk_stream_kill_queues() (Eric Dumazet)
• myri10ge: Fix an error handling path in myri10ge_probe() (Christophe JAILLET)
• net_sched: reject TCF_EM_SIMPLE case for complex ematch module (Cong Wang)
• skbuff: Account for tail adjustment during pull operations (Subash Abhinov Kasiviswanathan)
• openvswitch: Fix flow lookup to use unmasked key (Eelco Chaudron)
• r6040: Fix kmemleak in probe and remove (Li Zetao)
• nfc: pn533: Clear nfc_target before being used (Minsuk Kang)
• mISDN: hfcmulti: don’t call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• mISDN: hfcpci: don’t call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• mISDN: hfcsusb: don’t call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (Dan Aloni)
• rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (Gaosheng Cui)
• selftests/powerpc: Fix resource leaks (Miaoqian Lin)
• powerpc/hv-gpci: Fix hv_gpci event list (Kajol Jain)
• powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() (Yang Yingliang)
• powerpc/perf: callchain validate kernel stack pointer bounds (Nicholas Piggin)
• powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (Yang Yingliang)
• cxl: Fix refcount leak in cxl_calc_capp_routing (Miaoqian Lin)
• powerpc/52xx: Fix a resource leak in an error handling path (Christophe JAILLET)
• macintosh/macio-adb: check the return value of ioremap() (Xie Shaowen)
• macintosh: fix possible memory leak in macio_add_one_device() (Yang Yingliang)
• iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (Yuan Can)
• iommu/amd: Fix pci device refcount leak in ppr_notifier() (Yang Yingliang)
• rtc: snvs: Allow a time difference on clock register read (Stefan Eichenberger)
• include/uapi/linux/swab: Fix potentially missing __always_inline (Matt Redfearn)
• HSI: omap_ssi_core: Fix error handling in ssi_init() (Yuan Can)
• power: supply: fix residue sysfs file in error handle route of __power_supply_register() (Zeng Heng)
• HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (Yang Yingliang)
• HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (Yang Yingliang)
• fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (Christophe JAILLET)
• fbdev: vermilion: decrease reference count in error path (Xiongfeng Wang)
• fbdev: via: Fix error in via_core_init() (Shang XiaoJing)
• fbdev: pm2fb: fix missing pci_disable_device() (Yang Yingliang)
• fbdev: ssd1307fb: Drop optional dependency (Andy Shevchenko)
• usb: storage: Add check for kcalloc (Jiasheng Jiang)
• i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) [Orabug: 34555528] {CVE-2022-2873}
• vme: Fix error not catched in fake_init() (Chen Zhongjin)
• staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (YueHaibing)
• staging: rtl8192u: Fix use after free in ieee80211_rx() (Dan Carpenter)
• i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (Hui Tang)
• chardev: fix error handling in cdev_device_add() (Yang Yingliang)
• mcb: mcb-parse: fix error handing in chameleon_parse_gdd() (Yang Yingliang)
• drivers: mcb: fix resource leak in mcb_probe() (Zhengchao Shao)
• cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (Yang Yingliang)
• cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (Yang Yingliang)
• misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang)
• misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (ruanjinjie)
• test_firmware: fix memory leak in test_firmware_init() (Zhengchao Shao)
• serial: sunsab: Fix error handling in sunsab_init() (Yuan Can)
• serial: pch: Fix PCI device refcount leak in pch_request_dma() (Xiongfeng Wang)
• serial: amba-pl011: avoid SBSA UART accessing DMACR register (Jiamei Xie)
• staging: vme_user: Fix possible UAF in tsi148_dma_list_add (Gaosheng Cui)
• usb: fotg210-udc: Fix ages old endianness issues (Linus Walleij)
• uio: uio_dmem_genirq: Fix deadlock between irq config and handling (Rafael Mendonca)
• uio: uio_dmem_genirq: Fix missing unlock in irq configuration (Rafael Mendonca)
• vfio: platform: Do not pass return buffer to ACPI _RST method (Rafael Mendonca)
• class: fix possible memory leak in __class_register() (Yang Yingliang)
• drivers: dio: fix possible memory leak in dio_init() (Yang Yingliang)
• IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (Dragos Tatulea)
• hwrng: geode - Fix PCI device refcount leak (Xiongfeng Wang)
• hwrng: amd - Fix PCI device refcount leak (Xiongfeng Wang)
• crypto: img-hash - Fix variable dereferenced before check ‘hdev->req’ (Gaosheng Cui)
• orangefs: Fix sysfs not cleanup when dev init failed (Zhang Xiaoxu)
• RDMA/hfi1: Fix error return code in parse_platform_config() (Wang Yufen)
• scsi: snic: Fix possible UAF in snic_tgt_create() (Gaosheng Cui)
• scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (Chen Zhongjin)
• scsi: ipr: Fix WARNING in ipr_init() (Shang XiaoJing)
• scsi: fcoe: Fix possible name leak when device_register() fails (Yang Yingliang)
• scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (Yang Yingliang)
• scsi: hpsa: Fix error handling in hpsa_add_sas_host() (Yang Yingliang)
• RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (Zhang Xiaoxu)
• RDMA/hfi: Decrease PCI device reference count in error path (Xiongfeng Wang)
• PCI: Check for alloc failure in pci_request_irq() (Zeng Heng)
• apparmor: fix a memleak in multi_transaction_new() (Gaosheng Cui)
• stmmac: fix potential division by 0 (Piergiorgio Beruto)
• Bluetooth: RFCOMM: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• Bluetooth: hci_core: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• Bluetooth: hci_bcsp: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• Bluetooth: hci_h5: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• Bluetooth: hci_qca: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• Bluetooth: btusb: don’t call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• ntb_netdev: Use dev_kfree_skb_any() in interrupt context (Eric Pilmore)
• net: lan9303: Fix read error execution path (Jerry Ray)
• net: amd-xgbe: Check only the minimum speed for active/passive cables (Tom Lendacky)
• net: amd: lance: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• hamradio: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• net: ethernet: dnet: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• net: emaclite: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• net: apple: bmac: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• net: apple: mace: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu)
• net: farsync: Fix kmemleak when rmmods farsync (Li Zetao)
• ethernet: s2io: don’t call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
• drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (Yuan Can)
• net: defxx: Fix missing err handling in dfx_init() (Yongqiang Liu)
• net: vmw_vsock: vmci: Check memcpy_from_msg() (Artem Chernyshev)
• blktrace: Fix output non-blktrace event when blk_classic option enabled (Yang Jihong)
• wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (Wang Yufen)
• wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (Bitterblue Smith)
• clk: samsung: Fix memory leak in _samsung_clk_register_pll() (Xiu Jianfeng)
• media: coda: Add check for kmalloc (Jiasheng Jiang)
• media: coda: Add check for dcoda_iram_alloc (Jiasheng Jiang)
• media: c8sectpfe: Add of_node_put() when breaking out of loop (Liang He)
• mmc: mmci: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: wbsd: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: via-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: wmt-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: vub300: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: toshsd: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: mxcmmc: fix return value check of mmc_add_host() (Yang Yingliang)
• mmc: moxart: fix return value check of mmc_add_host() (Yang Yingliang)
• NFSv4.x: Fail client initialisation if state manager thread can’t run (Trond Myklebust)
• SUNRPC: Fix missing release socket in rpc_sockname() (Wang ShaoBo)
• ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (Gaosheng Cui)
• media: saa7164: fix missing pci_disable_device() (Liu Shixin)
• regulator: core: fix module refcount leak in set_supply() (Yang Yingliang)
• bonding: uninitialized variable in bond_miimon_inspect() (Dan Carpenter)
• ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (Zhang Qilong)
• drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (Xiongfeng Wang)
• drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (Xiongfeng Wang)
• ALSA: asihpi: fix missing pci_disable_device() (Liu Shixin)
• NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (Trond Myklebust)
• NFSv4.2: Fix a memory stomp in decode_attr_security_label (Trond Myklebust)
• media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC (Aakarsh Jain)
• media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (Baisong Zhong)
• pinctrl: pinconf-generic: add missing of_node_put() (ZhangPeng)
• media: imon: fix a race condition in send_packet() (Gautam Menghani)
• mtd: maps: pxa2xx-flash: fix memory leak in probe (Zheng Yongjun)
• clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (Xiu Jianfeng)
• ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (Baisong Zhong)
• HID: hid-sensor-custom: set fixed size for custom attributes (Marcus Folkesson)
• media: platform: exynos4-is: Fix error handling in fimc_md_init() (Yuan Can)
• media: solo6x10: fix possible memory leak in solo_sysfs_init() (Yang Yingliang)
• Input: elants_i2c - properly handle the reset GPIO when power is off (Douglas Anderson)
• mtd: lpddr2_nvm: Fix possible null-ptr-deref (Hui Tang)
• wifi: ath10k: Fix return value in ath10k_pci_init() (Xiu Jianfeng)
• ima: Fix misuse of dereference of pointer in template_desc_init_fields() (Xiu Jianfeng)
• regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (Yang Yingliang)
• ASoC: pxa: fix null-pointer dereference in filter() (Zeng Heng)
• drm/radeon: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo)
• media: camss: Clean up received buffers on failed start of streaming (Vladimir Zapolskiy)
• mtd: Fix device name leak when register device failed in add_mtd_device() (Zhang Xiaoxu)
• media: vivid: fix compose size exceed boundary (Liu Shixin)
• spi: Update reference to struct spi_controller (Jonathan Neuschafer)
• media: i2c: ad5820: Fix error path (Ricardo Ribalda)
• wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (Fedor Pchelkin)
• wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (Fedor Pchelkin)
• rapidio: devices: fix missing put_device in mport_cdev_open (Cai Xinchen)
• hfs: Fix OOB Write in hfs_asc2mac (ZhangPeng)
• eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD (Zhang Qilong)
• rapidio: fix possible UAF when kfifo_alloc() fails (Wang Weiyang)
• fs: sysv: Fix sysv_nblocks() returns wrong value (Chen Zhongjin)
• MIPS: BCM63xx: Add check for NULL for clk in clk_enable (Anastasia Belova)
• platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mxds|mx (Yu Liao)
• x86/xen: Fix memory leak in xen_init_lock_cpu() (Xiu Jianfeng)
• uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (Oleg Nesterov)
• ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (Li Zetao)
• rapidio: rio: fix possible name leak in rio_register_mport() (Yang Yingliang)
• rapidio: fix possible name leaks when rio_add_device() fails (Yang Yingliang)
• lib/notifier-error-inject: fix error when writing -errno to debugfs file (Akinobu Mita)
• libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (Akinobu Mita)
• irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() (Shang XiaoJing)
• PNP: fix name memory leak in pnp_alloc_dev() (Yang Yingliang)
• MIPS: vpe-cmp: fix possible memory leak while module exiting (Yang Yingliang)
• MIPS: vpe-mt: fix possible memory leak while module exiting (Yang Yingliang)
• ocfs2: fix memory leak in ocfs2_stack_glue_init() (Shang XiaoJing)
• timerqueue: Use rb_entry_safe() in timerqueue_getnext() (Barnabas Pocze)
• perf: Fix possible memleak in pmu_dev_alloc() (Chen Zhongjin)
• fs: don’t audit the capability check in simple_xattr_list() (Ondrej Mosnacek)
• PM: hibernate: Fix mistake in kerneldoc comment (xiongxin)
• alpha: fix syscall entry in !AUDUT_SYSCALL case (Al Viro)
• cpuidle: dt: Return the correct numbers of parsed idle states (Ulf Hansson)
• tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (Michael Kelley)
• pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (Stephen Boyd)
• ARM: mmp: fix timer_read delay (Doug Brown)
• pstore/ram: Fix error return code in ramoops_probe() (Wang Yufen)
• ARM: dts: turris-omnia: Add switch port 6 node (Pali Rohar)
• ARM: dts: turris-omnia: Add ethernet aliases (Pali Rohar)
• ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (Pali Rohar)
• arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (AngeloGioacchino Del Regno)
• soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (Zhang Qilong)
• arm: dts: spear600: Fix clcd interrupt (Kory Maincent)
• drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (Chen Jiahao)
• ARM: dts: qcom: apq8064: fix coresight compatible (Luca Weiss)
• usb: musb: remove extra check in musb_gadget_vbus_draw (Ivaylo Dimitrov)
• net: loopback: use NET_NAME_PREDICTABLE for name_assign_type (Rasmus Villemoes)
• Bluetooth: L2CAP: Fix u8 overflow (Sungwoo Kim) [Orabug: 34880796] {CVE-2022-45934}
• igb: Initialize mailbox message for VF reset (Tony Nguyen)
• USB: serial: cp210x: add Kamstrup RF sniffer PIDs (Bruno Thomsen)
• USB: serial: option: add Quectel EM05-G modem (Duke Xin)
• usb: gadget: uvc: Prevent buffer overflow in setup handler (Szymon Heidrich)
• udf: Fix extending file within last block (Jan Kara)
• udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (Jan Kara)
• udf: Fix preallocation discarding at indirect extent boundary (Jan Kara)
• udf: Drop unused arguments of udf_delete_aext() (Jan Kara)
• udf: Discard preallocation before extending file with a hole (Jan Kara)
• perf script python: Remove explicit shebang from tests/attr.c (Tony Jones)
• ASoC: ops: Correct bounds check for second channel on SX controls (Charles Keepax)
• can: mcba_usb: Fix termination command argument (Yasushi SHOJI)
• can: sja1000: fix size of OCR_MODE_MASK define (Heiko Schocher)
• ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (Mark Brown)
• nfp: fix use-after-free in area_cache_get() (Jialiang Wang) [Orabug: 34719740] {CVE-2022-3545}
• block: unhash blkdev part inode when the part is deleted (Ming Lei)
• mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (Jann Horn)
• mm/khugepaged: fix GUP-fast interaction by sending IPI (Jann Horn)
• once: add DO_ONCE_SLOW() for sleepable contexts (Eric Dumazet)
• libtraceevent: Fix build with binutils 2.35 (Ben Hutchings)