Unbreakable Enterprise kernel security update

[4.14.35-2047.536.5]

• mmc: core: Fix switch on gp3 partition (Dominique Martinet)
• Revert ‘Revert ‘md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d’’ (Song Liu)
• mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin)
• Revert ‘x86/mm/ident_map: Use gbpages only where full GB page should be mapped.’ (Ingo Molnar)
• sched/fair: More accurate reweight_entity() (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Introduce {en,de}queue_load_avg() (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Rename {en,de}queue_entity_load_avg() (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Move enqueue migrate handling (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Change update_load_avg() arguments (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Remove se->load.weight from se->avg.load_sum (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Cure calc_cfs_shares() vs. reweight_entity() (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Add comment to calc_cfs_shares() (Peter Zijlstra) [Orabug: 36468903]
• sched/fair: Clean up calc_cfs_shares() (Peter Zijlstra) [Orabug: 36468903]
• rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264644]
• rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264644]
  [4.14.35-2047.536.4]
• rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264661]
• bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36223525]
  [4.14.35-2047.536.3]
• Revert ‘net/sched: Retire CBQ qdisc’ (Saeed Mirzamohammadi)
• Revert ‘net/sched: Retire ATM qdisc’ (Saeed Mirzamohammadi)
• Revert ‘net/sched: Retire dsmark qdisc’ (Saeed Mirzamohammadi)
  [4.14.35-2047.536.2]
• netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36466544] {CVE-2024-1086}
• RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280065]
• mm: avoid heavy swap lock contention when unmapping with ktask (Anthony Yznaga) [Orabug: 36201622]
• mm: use less threads when unmapping some large VMAs (Anthony Yznaga) [Orabug: 36201622]
• LTS version: v4.14.341 (Yifei Liu)
• gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas)
• cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li)
• mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov)
• btrfs: dev-replace: properly validate device names (David Sterba)
• wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg)
• gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov)
• ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai)
• power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede)
• efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann)
• Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng)
• Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz)
• Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu)
• net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco)
• lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel)
• netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka)
• LTS version: v4.14.340 (Yifei Liu)
• fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche)
• KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton)
• PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar)
• s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe)
• packet: move from strlcpy with unused retval to strscpy (Wolfram Sang)
• ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev)
• nouveau: fix function cast warnings (Arnd Bergmann)
• scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap)
• RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann)
• RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche)
• IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu)
• usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati)
• l2tp: pass correct message length to ip6_append_data (Tom Parkin)
• gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev)
• dm-crypt: don’t modify the data when using authenticated encryption (Mikulas Patocka)
• mm: memcontrol: switch to rcu protection in drain_all_stock() (Roman Gushchin)
• s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter)
• virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun)
• firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto)
• hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui)
• regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl)
• ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li)
• ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li)
• ahci: asm1166: correct count of reported ports (Conrad Kostecki)
• fbdev: sis: Error out if pixclock equals zero (Fullway Wang)
• fbdev: savage: Error out if pixclock equals zero (Fullway Wang)
• wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau)
• wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior)
• dmaengine: shdma: increase size of ‘dev_id’ (Vinod Koul)
• scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov)
• sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis)
• sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis)
• sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis)
• nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi)
• memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() (GONG, Ruiqi)
• net/sched: Retire dsmark qdisc (Jamal Hadi Salim)
• net/sched: Retire ATM qdisc (Jamal Hadi Salim)
• net/sched: Retire CBQ qdisc (Jamal Hadi Salim)
• LTS version: v4.14.339 (Yifei Liu)
• PCI: Only override AMD USB controller if required (Guilherme G. Piccoli)
• netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter)
• lsm: new security_file_ioctl_compat() hook (Alfred Piccioni)
• nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi)
• sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds)
• Revert ‘md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d’ (Junxiao Bi)
• pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio)
• irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger)
• nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio)
• nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi)
• nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi)
• ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu)
• x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl)
• staging: iio: ad5933: fix type mismatch regression (David Schiller)
• ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li)
• nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin)
• firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto)
• scsi: Revert ‘scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock’ (Lee Duncan)
• usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu)
• USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum)
• HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke)
• HID: wacom: generic: Avoid reporting a serial of ‘0’ to userspace (Tatsunosuke Tobita)
• mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O’Keefe)
• tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google))
• i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera)
• MIPS: Add ‘memory’ clobber to csum_ipv6_magic() inline assembler (Guenter Roeck)
  path for statistics (Breno Leitao)
• Documentation: net-sysfs: describe missing statistics (Julian Wiedmann)
• ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov)
• spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig)
• btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba)
• vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia)
• Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede)
• USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr)
• USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu)
• USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu)
• net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann)
• netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso)
• netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso)
• ppp_async: limit MRU to 64K (Eric Dumazet)
• tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida)
• rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells)
• inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet)
• hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli)
• atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu)
• phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren)
• dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li)
• bonding: remove print in bond_verify_device_path (Zhengchao Shao)
• HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg)
• HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie)
• HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot)
  path (Breno Leitao)
• af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet)
• net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu)
• net: Fix one possible memleak in ip_setup_cork (Gao Feng)
• netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso)
• llc: call sock_orphan() at release time (Eric Dumazet)
• ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller)
• ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET)
• ixgbe: Refactor overtemp event handling (Jedrzej Jagielski)
• ixgbe: Remove non-inclusive language (Piotr Skajewski)
• net: remove unneeded break (Tom Rix)
• scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui)
• wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis)
• drm/amdgpu: Release ‘adev->pm.fw’ before return in ‘amdgpu_device_need_post()’ (Srinivasan Shanmugam)
• ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li)
• virtio_net: Fix ‘’%d’ directive writing between 1 and 11 bytes into a region of size 10’ warnings (Zhu Yanjun)
• libsubcmd: Fix memory leak in uniq() (Ian Rogers)
• usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar)
• mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson)
• um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor)
• um: Don’t use vfprintf() for os_info() (Benjamin Berg)
• um: Fix naming clash between UML and scheduler (Anton Ivanov)
• leds: trigger: panic: Don’t register panic notifier if creating the trigger failed (Heiner Kallweit)
• clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu)
• clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu)
• media: ddbridge: fix an error code problem in ddb_probe (Su Hui)
• IB/ipoib: Fix mcast list locking (Daniel Vacek)
• drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson)
• ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart)
• ALSA: hda: Add Icelake PCI ID (Guneshwor Singh)
• PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart)
• media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal)
• drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen)
• drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen)
• drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen)
• RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang)
• fast_dput(): handle underflows gracefully (Al Viro)
• ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea)
• wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg)
• wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui)
• wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen)
• md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas)
• ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam)
• ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam)
• ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam)
• ARM: dts: imx1: Fix sram node (Fabio Estevam)
• ARM: dts: imx27: Fix sram node (Fabio Estevam)
• ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam)
• ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam)
• ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker)
• scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke)
• scsi: libfc: Don’t schedule abort twice (Hannes Reinecke)
• bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao)
• wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang)
• ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein)
• ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein)
• bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao)
• PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel)
• scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee)
• ext4: unify the type of flexbg_size to unsigned int (Baokun Li)
• SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker)
• KVM: s390: fix setting of fpc register (Heiko Carstens)
• s390/ptrace: handle setting of fpc register correctly (Heiko Carstens)
• jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis)
• rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov)
• pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen)
• jfs: fix uaf in jfs_evict_inode (Edward Adam Davis)
• jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat)
• jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat)
• UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad)
• FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad)
• ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava)
• PNP: ACPI: fix fortify warning (Dmitry Antipov)
• ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu)
• audit: Send netlink ACK before setting connection in auditd_set (Chris Riches)
• powerpc/lib: Validate size for vector operations (Naveen N Rao)
• powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman)
• powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman)
• powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan)
• tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen)
• mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao)
• drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter)
• drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter)
• drm: Don’t unref the same fb many times by mistake due to deadlock handling (Ville Syrjala)
• gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello)
• btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo)
• btrfs: don’t warn if discard range is not aligned to sector (David Sterba)
• net: fec: fix the unhandled context fault from smmu (Shenwei Wang)
• fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu)
• netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal)
• net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu)
• net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov)
• netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao)
• tcp: Add memory barrier to tcp_push() (Salvatore Dipietro)
• net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan)
• llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima)
• llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet)
• vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma)
• drivers: core: fix kernel-doc markup for dev_err_probe() (Mauro Carvalho Chehab)
• driver code: print symbolic error code (Michal Miroslaw)
• Revert ‘driver core: Annotate dev_err_probe() with __must_check’ (Greg Kroah-Hartman)
• driver core: Annotate dev_err_probe() with __must_check (Andy Shevchenko)
• x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero)
• powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor)
• block: Remove special-casing of compound pages (Matthew Wilcox (Oracle))
• parisc/firmware: Fix F-extend for PDC addresses (Helge Deller)
• rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang)
• hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu)
• PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang)
• crypto: api - Disallow identical driver names (Herbert Xu)
• serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve)
• spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel)
• driver core: add device probe log helper (Andrzej Hajda)
• serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve)
• units: add the HZ macros (Daniel Lezcano)
• units: change from ‘L’ to ‘UL’ (Daniel Lezcano)
• units: Add Watt units (Daniel Lezcano)
• include/linux/units.h: add helpers for kelvin to/from Celsius conversion (Akinobu Mita)
• PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng)
  [4.14.35-2047.536.1]
• ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36242427]