Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
• CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
• CVE-2021-47186: ipc: check for null after calling kmemdup (bsc#1222702).
• CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
• CVE-2021-47547: net: tulip: de4x5: fix the problem that the array ‘lp->phy’ may be out of bound (bsc#1225505).
• CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
• CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
• CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
• CVE-2021-47593: mptcp: clear ‘kern’ flag from fallback sockets (bsc#1226551).
• CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
• CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571)
• CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555).
• CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
• CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
• CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
• CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071)
• CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
• CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
• CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869)
• CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
• CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
• CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
• CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
• CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
• CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
• CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
• CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
• CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
• CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
• CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
• CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
• CVE-2024-26661: drm/amd/display: Add NULL test for ‘timing generator’ in (bsc#1222323)
• CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
• CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
• CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
• CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
• CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
• CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
• CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
• CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
• CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
• CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
• CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
• CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
• CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
• CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
• CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
• CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
• CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
• CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
• CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
• CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
• CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
• CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700)
• CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585).
• CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557).
• CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
• CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
• CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
• CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
• CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn’t be re-encrypted (bsc#1225744).
• CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
• CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
• CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
• CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
• CVE-2024-36914: drm/amd/display: Skip on writeback when it’s not applicable (bsc#1225757).
• CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
• CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
• CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
• CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
• CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
• CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
• CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
• CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
• CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
• CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
• CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
• CVE-2024-39276: ext4: fix mb_cache_entry’s e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
• CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
• CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
• CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
• CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
• CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
• CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
• CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
• CVE-2024-39494: ima: Fix use-after-free on a dentry’s dname.name (bsc#1227716).
• CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722)
• CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
• CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
• CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
• CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732).
• CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
• CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
• CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
• CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
• CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
• CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
• CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
• CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
• CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
• CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
• CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
• CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
• CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
• CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
• CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
• CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
• CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
• CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
• CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
• CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
• CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
• CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
• CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
• CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
• CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
• CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
• CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
• CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
• CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020).
• CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
• CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
• CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
• CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
• CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410).
• CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
• CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518)
• CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520)
• CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
• CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565)
• CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
• CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
• CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
• CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580)
• CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
• CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640).
• CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
• CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
• CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
• CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
• CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617)
• CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
• CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
• CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470)
• CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
• CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
• CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
• CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591)
• CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705)
• CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
• CVE-2024-42161: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
• CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723)
• CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).

The following non-security bugs were fixed:

• ACPI: EC: Abort address space access upon error (stable-fixes).
• ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
• ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
• ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
• ACPI: x86: Force StorageD3Enable on more products (stable-fixes).
• ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
• ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
• ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
• ALSA: emux: improve patch ioctl data validation (stable-fixes).
• ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
• ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
• ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
• ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
• ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
• ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
• ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
• ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
• ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
• ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
• ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
• ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
• ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
• ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
• ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
• arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
• arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
• arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
• arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
• arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
• arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
• arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
• arm64/io: add constant-argument check (bsc#1226502 git-fixes)
• arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
• arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
• ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
• ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
• ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
• ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
• batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
• blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
• block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
• block, loop: support partitions without scanning (bsc#1227162).
• Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
• Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
• Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
• Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
• Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
• Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
• bnxt_re: Fix imm_data endianness (git-fixes)
• bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
• bpf: allow precision tracking for programs with subprogs (bsc#1225903).
• bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
• bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
• bpf: correct loop detection for iterators convergence (bsc#1225903).
• bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
• bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
• bpf: exact states comparison for iterator convergence checks (bsc#1225903).
• bpf: extract __check_reg_arg() utility function (bsc#1225903).
• bpf: extract same_callsites() as utility function (bsc#1225903).
• bpf: extract setup_func_entry() utility function (bsc#1225903).
• bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
• bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
• bpf: Fix memory leaks in __check_func_call (bsc#1225903).
• bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
• bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
• bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
• bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
• bpf: improve precision backtrack logging (bsc#1225903).
• bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
• bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
• bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
• bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
• bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
• bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
• bpf: print full verifier states on infinite loop detection (bsc#1225903).
• bpf: regsafe() must not skip check_ids() (bsc#1225903).
• bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
• bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
• bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
• bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
• bpf: states_equal() must build idmap for all function frames (bsc#1225903).
• bpf: stop setting precise in current state (bsc#1225903).
• bpf: support precision propagation in the presence of subprogs (bsc#1225903).
• bpf: take into account liveness when propagating precision (bsc#1225903).
• bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
• bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
• bpf: use check_ids() for active_lock comparison (bsc#1225903).
• bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
• bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
• bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
• bpf: widening for callback iterators (bsc#1225903).
• btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
• btrfs: harden identification of a stale device (bsc#1227162).
• btrfs: match stale devices by dev_t (bsc#1227162).
• btrfs: remove the cross file system checks from remap (bsc#1227157).
• btrfs: use dev_t to match device in device_matched (bsc#1227162).
• btrfs: validate device maj:min during open (bsc#1227162).
• bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
• cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
• can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
• can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
• ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
• cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
• crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
• crypto: ecdh - explicitly zeroize private_key (stable-fixes).
• crypto: ecdsa - Fix the public key format description (git-fixes).
• crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
• csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
• decompress_bunzip2: fix rare decompression failure (git-fixes).
• devres: Fix devm_krealloc() wasting memory (git-fixes).
• devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
• dma: fix call order in dmam_free_coherent (git-fixes).
• docs: crypto: async-tx-api: fix broken code example (git-fixes).
• docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
• drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
• drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
• drm/amd/display: Check for NULL pointer (stable-fixes).
• drm/amd/display: Check index msg_id before read or write (stable-fixes).
• drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
• drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
• drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
• drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
• drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
• drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
• drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
• drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
• drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
• drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
• drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
• drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
• drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
• drm/amd/pm: remove logically dead code for renoir (git-fixes).
• drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
• drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
• drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
• drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
• drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
• drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
• drm/lima: fix shared irq handling on driver remove (stable-fixes).
• drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
• drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
• drm/meson: fix canvas release in bind function (git-fixes).
• drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
• drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
• drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
• drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
• drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
• drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
• drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
• drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
• drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
• drm/nouveau: prime: fix refcount underflow (git-fixes).
• drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
• drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
• drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
• drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
• drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
• drm/qxl: Add check for drm_cvt_mode (git-fixes).
• drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
• drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
• drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
• drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
• drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
• eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
• exfat: check if cluster num is valid (git-fixes).
• exfat: simplify is_valid_cluster() (git-fixes).
• filelock: add a new locks_inode_context accessor function (git-fixes).
• firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
• firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
• firmware: cs_dsp: Return error if block header overflows file (git-fixes).
• firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
• firmware: cs_dsp: Validate payload length before processing block (git-fixes).
• firmware: dmi: Stop decoding on broken entry (stable-fixes).
• firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
• firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
• firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
• fix build warning
• fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
• ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
• fuse: verify {g,u}id mount options correctly (bsc#1228191).
• gpio: mc33880: Convert comma to semicolon (git-fixes).
• hfsplus: fix to avoid false alarm of circular locking (git-fixes).
• hfsplus: fix uninit-value in copy_name (git-fixes).
• HID: Add quirk for Logitech Casa touchpad (stable-fixes).
• HID: wacom: Modify pen IDs (git-fixes).
• hpet: Support 32-bit userspace (git-fixes).
• hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
• hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
• hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
• i2c: mark HostNotify target address as used (git-fixes).
• i2c: rcar: bring hardware to known state when probing (git-fixes).
• i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
• i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
• i2c: testunit: avoid re-issued work after read message (git-fixes).
• i2c: testunit: correct Kconfig description (git-fixes).
• Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
• Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
• Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
• Input: qt1050 - handle CHIP_ID reading error (git-fixes).
• Input: silead - Always support 10 fingers (stable-fixes).
• intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
• intel_th: pci: Add Granite Rapids support (stable-fixes).
• intel_th: pci: Add Lunar Lake support (stable-fixes).
• intel_th: pci: Add Meteor Lake-S support (stable-fixes).
• intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
• iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
• ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
• jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
• jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
• jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
• kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
• kABI: bpf: callback fixes kABI workaround (bsc#1225903).
• kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
• kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
• kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
• kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
• kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
• kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
• kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
• kernel-binary: vdso: Own module_dir
• kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
• knfsd: LOOKUP can return an illegal error value (git-fixes).
• kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
• kprobes: Make arch_check_ftrace_location static (git-fixes).
• KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
• KVM: PPC: Book3S HV: Fix ‘rm_exit’ entry in debugfs timings (bsc#1194869).
• KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
• KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
• KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
• KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
• KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
• KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
• KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
• KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes).
• KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
• KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
• KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
• KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
• KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
• KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
• KVM: x86: Explicitly skip optimized logical map setup if vCPU’s LDR==0 (git-fixes).
• KVM: x86: Explicitly track all possibilities for APIC map’s logical modes (git-fixes).
• KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
• KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
• KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
• KVM: x86: Purge ‘highest ISR’ cache when updating APICv state (git-fixes).
• KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
• KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
• leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
• leds: triggers: Flush pending brightness before activating trigger (git-fixes).
• leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
• libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
• lib: objagg: Fix general protection fault (git-fixes).
• lib: objagg: Fix spelling (git-fixes).
• lib: test_objagg: Fix spelling (git-fixes).
• lockd: set missing fl_flags field when retrieving args (git-fixes).
• lockd: use locks_inode_context helper (git-fixes).
• Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
• media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
• media: dvbdev: Initialize sbuf (stable-fixes).
• media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
• media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
• media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
• media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
• media: dw2102: Do not translate i2c read into write (stable-fixes).
• media: dw2102: fix a potential buffer overflow (git-fixes).
• media: imon: Fix race getting ictx->lock (git-fixes).
• media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
• media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
• media: uvcvideo: Override default flags (git-fixes).
• media: venus: fix use after free in vdec_close (git-fixes).
• media: venus: flush all buffers in output plane streamoff (git-fixes).
• mei: demote client disconnect warning on suspend to debug (stable-fixes).
• mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
• mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
• net/dcb: check for detached device before executing callbacks (bsc#1215587).
• netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
• netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
• netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
• netfilter: conntrack: work around exceeded receive window (bsc#1223180).
• netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
• net: mana: Fix possible double free in error handling path (git-fixes).
• net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
• net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
• net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
• nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
• NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
• NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
• nfsd: Add errno mapping for EREMOTEIO (git-fixes).
• NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
• nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
• nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
• nfsd: allow reaping files still under writeback (git-fixes).
• NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
• NFSD: Clean up nfsd3_proc_create() (git-fixes).
• nfsd: Clean up nfsd_file_put() (git-fixes).
• NFSD: Clean up nfsd_open_verified() (git-fixes).
• NFSD: Clean up unused code after rhashtable conversion (git-fixes).
• NFSD: Convert filecache to rhltable (git-fixes).
• NFSD: Convert the filecache to use rhashtable (git-fixes).
• NFSD: De-duplicate hash bucket indexing (git-fixes).
• nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
• nfsd: do not fsync nfsd_files on last close (git-fixes).
• nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
• nfsd: do not kill nfsd_files because of lease break error (git-fixes).
• nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
• nfsd: do not take/put an extra reference when putting a file (git-fixes).
• NFSD enforce filehandle check for source file in COPY (git-fixes).
• NFSD: Ensure nf_inode is never dereferenced (git-fixes).
• nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
• NFSD: Fix licensing header in filecache.c (git-fixes).
• nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
• nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
• NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes).
• NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
• NFSD: Fix the filecache LRU shrinker (git-fixes).
• nfsd: fix up the filecache laundrette scheduling (git-fixes).
• nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
• NFSD: Flesh out a documenting comment for filecache.c (git-fixes).
• NFSD: handle errors better in write_ports_addfd() (git-fixes).
• NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
• NFSD: Leave open files out of the filecache LRU (git-fixes).
• nfsd: map EBADF (git-fixes).
• NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
• NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
• nfsd: NFSD_FILE_KEY_INODE only needs to find GC’ed entries (git-fixes).
• NFSD: nfsd_file_put() can sleep (git-fixes).
• NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
• NFSD: No longer record nf_hashval in the trace log (git-fixes).
• NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
• nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
• NFSD: Record number of flush calls (git-fixes).
• NFSD: Refactor nfsd_create_setattr() (git-fixes).
• NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
• NFSD: Refactor nfsd_file_gc() (git-fixes).
• NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
• NFSD: Refactor NFSv3 CREATE (git-fixes).
• NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
• NFSD: Remove do_nfsd_create() (git-fixes).
• NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
• NFSD: Remove nfsd_file::nf_hashval (git-fixes).
• nfsd: remove the pages_flushed statistic from filecache (git-fixes).
• nfsd: reorganize filecache.c (git-fixes).
• NFSD: Replace the ‘init once’ mechanism (git-fixes).
• NFSD: Report average age of filecache items (git-fixes).
• NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
• NFSD: Report count of freed filecache items (git-fixes).
• NFSD: Report filecache LRU size (git-fixes).
• NFSD: Report the number of items evicted by the LRU walk (git-fixes).
• nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
• nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
• nfsd: rework refcounting in filecache (git-fixes).
• NFSD: Separate tracepoints for acquire and create (git-fixes).
• NFSD: Set up an rhashtable for the filecache (git-fixes).
• nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
• NFSD: simplify per-net file cache management (git-fixes).
• nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
• nfsd: simplify the delayed disposal list code (git-fixes).
• NFSD: Trace filecache LRU activity (git-fixes).
• NFSD: Trace filecache opens (git-fixes).
• NFSD: verify the opened dentry after setting a delegation (git-fixes).
• NFSD: WARN when freeing an item still linked via nf_lru (git-fixes).
• NFSD: Write verifier might go backwards (git-fixes).
• NFSD: Zero counters when the filecache is re-initialized (git-fixes).
• NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
• nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
• nfs: keep server info for remounts (git-fixes).
• nfs: Leave pages in the pagecache if readpage failed (git-fixes).
• NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
• NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
• nilfs2: add missing check for inode numbers on directory entries (git-fixes).
• nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
• nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
• nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
• nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
• nilfs2: fix inode number range checks (git-fixes).
• nilfs2: fix inode number range checks (stable-fixes).
• nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
• nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
• nvme-auth: allow mixing of secret and hash lengths (git-fixes).
• nvme-auth: use transformed key size to create resp (git-fixes).
• nvme: avoid double free special payload (git-fixes).
• nvme: ensure reset state check ordering (bsc#1215492).
• nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
• nvme-multipath: find NUMA path only for online numa-node (git-fixes).
• nvme-pci: add missing condition check for existence of mapped data (git-fixes).
• nvme-pci: Fix the instructions for disabling power management (git-fixes).
• nvmet: always initialize cqe.result (git-fixes).
• nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
• nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
• nvme: use ctrl state accessor (bsc#1215492).
• ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
• ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
• ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
• orangefs: fix out-of-bounds fsid access (git-fixes).
• PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
• PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
• PCI: Extend ACS configurability (bsc#1228090).
• PCI: Fix resource double counting on remove & rescan (git-fixes).
• PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
• PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes).
• PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
• PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
• PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
• PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
• PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
• PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
• PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
• PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
• pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
• pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
• platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
• platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
• platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
• platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
• platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
• platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6’ tablet (stable-fixes).
• platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
• platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
• powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
• powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
• powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
• powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
• powerpc/rtas: clean up includes (bsc#1227487).
• powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
• power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
• pwm: stm32: Always do lazy disabling (git-fixes).
• RDMA/cache: Release GID table even if leak is detected (git-fixes)
• RDMA/device: Return error earlier if port in not valid (git-fixes)
• RDMA/hns: Check atomic wr length (git-fixes)
• RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
• RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
• RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
• RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
• RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
• RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
• RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
• RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
• RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
• RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
• RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
• RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
• RDMA/restrack: Fix potential invalid address access (git-fixes)
• RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
• regmap-i2c: Subtract reg size from max_write (stable-fixes).
• Revert ‘ALSA: firewire-lib: obsolete workqueue for period update’ (bsc#1208783).
• Revert ‘ALSA: firewire-lib: operate for period elapse event in process context’ (bsc#1208783).
• Revert ‘leds: led-core: Fix refcount leak in of_led_get()’ (git-fixes).
• Revert ‘usb: musb: da8xx: Set phy in OTG mode by default’ (stable-fixes).
• rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
• rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
• rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
• rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
• rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
• s390: Implement __iowrite32_copy() (bsc#1226502)
• s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
• saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
• sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
• sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
• scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
• scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
• scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
• scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
• scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
• scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
• scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
• scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
• scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
• scsi: qla2xxx: Complete command early within lock (bsc#1228850).
• scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
• scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
• scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
• scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
• scsi: qla2xxx: Fix flash read failure (bsc#1228850).
• scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
• scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
• scsi: qla2xxx: Indent help text (bsc#1228850).
• scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
• scsi: qla2xxx: Remove unused struct ‘scsi_dif_tuple’ (bsc#1228850).
• scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
• scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
• scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
• scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
• scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
• selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
• selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
• selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
• selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
• selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
• selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
• selftests/bpf: fix __retval() being always ignored (bsc#1225903).
• selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
• selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
• selftests/bpf: make test_align selftest more robust (bsc#1225903).
• selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
• selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
• selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
• selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
• selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
• selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
• selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
• selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
• selftests/bpf: tests for iterating callbacks (bsc#1225903).
• selftests/bpf: test widening for iterating callbacks (bsc#1225903).
• selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
• selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
• selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
• selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
• selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
• selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
• soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
• spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
• spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
• string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
• SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
• SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
• SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
• sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
• SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
• supported.conf:
• tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
• tpm: Prevent hwrng from activating during resume (bsc#1082555).
• tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
• tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
• tpm, tpm: Implement usage counter for locality (bsc#1082555).
• tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
• tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
• tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
• tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
• tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
• tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
• tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
• tracing: Build event generation tests only as modules (git-fixes).
• tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
• tracing/osnoise: Add osnoise/options file (bsc#1228330)
• tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
• tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
• tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
• tracing/osnoise: Make osnoise_instances static (bsc#1228330)
• tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
• tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
• tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
• tracing/timerlat: Notify new max thread latency (bsc#1228330)
• USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
• usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
• usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
• usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
• usb: cdns3: improve handling of unaligned address case (git-fixes).
• usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
• usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
• USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
• usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
• usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
• usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
• usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
• usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
• usb: gadget: printer: SS+ support (stable-fixes).
• usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
• USB: serial: mos7840: fix crash on resume (git-fixes).
• USB: serial: option: add Fibocom FM350-GL (stable-fixes).
• USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
• USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
• USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
• USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
• USB: serial: option: add Telit generic core-dump composition (stable-fixes).
• usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
• usb: xhci-plat: Do not include xhci.h (git-fixes).
• USB: xhci-plat: fix legacy PHY double init (git-fixes).
• wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
• wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
• wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
• wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
• wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
• wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
• wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
• wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
• wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
• wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
• wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
• wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
• wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
• wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
• wifi: mwifiex: Fix interface type change (git-fixes).
• wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
• wifi: wilc1000: fix ies_len type in connect path (git-fixes).
• workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
• workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
• x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
• x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
• x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
• x86/bugs: Remove default case for fully switched enums (bsc#1227900).
• x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
• x86/ibt,ftrace: Search for fentry location (git-fixes).
• x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
• x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
• x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
• x86/purgatory: Switch to the position-independent small code model (git-fixes).
• x86/srso: Move retbleed IBPB check into existing ‘has_microcode’ code block (bsc#1227900).
• x86/srso: Remove ‘pred_cmd’ label (bsc#1227900).
• x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
• x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
• xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
• xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
• xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
• xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).