This bug was fixed in the package linux-iot - 5.4.0-1006.8 --------------- linux-iot (5.4.0-1006.8) focal; urgency=medium * focal/linux-iot: 5.4.0-1006.8 -proposed tracker (LP: #1992050) [ Ubuntu: 5.4.0-132.148 ] * CVE-2022-42719 - mac80211: mlme: find auth challenge directly - wifi: mac80211: don't parse mbssid in assoc response - wifi: mac80211: fix MBSSID parsing use-after-free * iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500 (LP: #1983656) - iavf: Fix set max MTU size with port VLAN and jumbo frames - i40e: Fix VF set max MTU size * fib_nexthop_nongw.sh from ubuntu_kernel_selftests failed on B-5.4 (LP: #1990800) - SAUCE: selftests/net: skipping tests for older ip command releases * CVE-2022-29901 - Revert "x86/speculation: Add RSB VM Exit protections" - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" - x86/devicetable: Move x86 specific macro out of generic code - x86/cpu: Add consistent CPU match macros - x86/cpu: Add a steppings field to struct x86_cpu_id - x86/kvm/vmx: Make noinstr clean - x86/cpufeatures: Move RETPOLINE flags to word 11 - x86/bugs: Report AMD retbleed vulnerability - x86/bugs: Add AMD retbleed= boot parameter - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value - x86/entry: Remove skip_r11rcx - x86/entry: Add kernel IBRS implementation - x86/bugs: Optimize SPEC_CTRL MSR writes - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() - x86/bugs: Report Intel retbleed vulnerability - intel_idle: Disable IBRS during long idle - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n - x86/speculation: Fix firmware entry SPEC_CTRL handling - x86/speculation: Fix SPEC_CTRL write on SMT state change - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit - x86/speculation: Remove x86_spec_ctrl_mask - KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw - KVM: VMX: Flatten __vmx_vcpu_run() - KVM: VMX: Convert launched argument to flags - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS - KVM: VMX: Fix IBRS handling after vmexit - x86/speculation: Fill RSB on vmexit for IBRS - x86/common: Stamp out the stepping madness - x86/cpu/amd: Enumerate BTC_NO - x86/bugs: Add Cannon lake to RETBleed affected CPU list - x86/speculation: Disable RRSBA behavior - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts - x86/speculation: Add RSB VM Exit protections * ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (LP: #1990985) - ACPI: processor_idle: Skip dummy wait if kernel is in guest - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems * cgroup: all controllers mounted when using 'cgroup_no_v1=' (LP: #1988584) - cgroup-v1: add disabled controller check in cgroup1_parse_param() * Focal update: v5.4.212 upstream stable release (LP: #1991156) - audit: fix potential double free on error path from fsnotify_add_inode_mark - parisc: Fix exception handler for fldw and fstw instructions - kernel/sys_ni: add compat entry for fadvise64_64 - usb: cdns3: Fix issue for clear halt endpoint - pinctrl: amd: Don't save/restore interrupt status and wake status bits - sched/deadline: Unthrottle PI boosted threads while enqueuing - sched/deadline: Fix stale throttling on de-/boosted tasks - sched/deadline: Fix priority inheritance with multiple scheduling classes - kernel/sched: Remove dl_boosted flag comment - xfrm: fix refcount leak in __xfrm_policy_check() - SUNRPC: RPC level errors should set task->tk_rpc_status - rose: check NULL rose_loopback_neigh->loopback - net/mlx5e: Properly disable vlan strip on non-UL reps - net: moxa: get rid of asymmetry in DMA mapping/unmapping - bonding: 802.3ad: fix no transmission of LACPDUs - net: ipvtap - add __init/__exit annotations to module init/exit funcs - netfilter: ebtables: reject blobs that don't provide all entry points - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips - netfilter: nft_payload: report ERANGE for too long offset and length - netfilter: nft_payload: do not truncate csum_offset and csum_type - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families - netfilter: nft_tunnel: restrict it to netdev family - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. - net: Fix data-races around netdev_tstamp_prequeue. - ratelimit: Fix data-races in ___ratelimit(). - net: Fix a data-race around sysctl_tstamp_allow_data. - net: Fix a data-race around sysctl_net_busy_poll. - net: Fix a data-race around sysctl_net_busy_read. - net: Fix a data-race around netdev_budget. - net: Fix a data-race around netdev_budget_usecs. - net: Fix a data-race around sysctl_somaxconn. - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter - btrfs: fix silent failure when deleting root reference - btrfs: replace: drop assert for suspended replace - btrfs: add info when mount fails due to stale replace target - btrfs: check if root is readonly while setting security xattr - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry - loop: Check for overflow while configuring loop - asm-generic: sections: refactor memory_intersects - s390: fix double free of GS and RI CBs on fork() failure - ACPI: processor: Remove freq Qos request for all CPUs - mm/hugetlb: fix hugetlb not supporting softdirty tracking - md: call __md_stop_writes in md_stop - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() - s390/mm: do not trigger write fault when vma does not allow VM_WRITE - x86/bugs: Add "unknown" reporting for MMIO Stale Data - kbuild: Fix include path in scripts/Makefile.modpost - Bluetooth: L2CAP: Fix build errors in some archs - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report - udmabuf: Set the DMA mask for the udmabuf device (v2) - media: pvrusb2: fix memory leak in pvr_probe - HID: hidraw: fix memory leak in hidraw_release() - fbdev: fb_pm2fb: Avoid potential divide by zero error - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead - bpf: Don't redirect packets with invalid pkt_len - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse - btrfs: introduce btrfs_lookup_match_dir - btrfs: do not pin logs too early during renames - btrfs: unify lookup return value when dir entry is missing - drm/amd/display: Avoid MPC infinite loop - drm/amd/display: clear optc underflow before turn off odm clock - neigh: fix possible DoS due to net iface start/stop loop - s390/hypfs: avoid error message under KVM - drm/amd/display: Fix pixel clock programming - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y - btrfs: tree-checker: check for overlapping extent items - lib/vdso: Let do_coarse() return 0 to simplify the callsite - lib/vdso: Mark do_hres() and do_coarse() as __always_inline - kprobes: don't call disarm_kprobe() for disabled kprobes - net/af_packet: check len when min_header_len equals to 0 - net: neigh: don't call kfree_skb() under spin_lock_irqsave() - Linux 5.4.212 * Focal update: v5.4.211 upstream stable release (LP: #1990190) - Makefile: link with -z noexecstack --no-warn-rwx-segments - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" - ALSA: bcd2000: Fix a UAF bug on the error path of probing - igc: Remove _I_PHY_ID checking - wifi: mac80211_hwsim: fix race condition in pending packet - wifi: mac80211_hwsim: add back erroneously removed cast - wifi: mac80211_hwsim: use 32-bit skb cookie - add barriers to buffer_uptodate and set_buffer_uptodate - HID: wacom: Only report rotation for art pen - HID: wacom: Don't register pad_input for touch switch - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP - mm/mremap: hold the rmap lock in write mode when moving page table entries. - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model - ALSA: hda/cirrus - support for iMac 12,1 model - ALSA: hda/realtek: Add quirk for another Asus K42JZ model - tty: vt: initialize unicode screen buffer - vfs: Check the truncate maximum size in inode_newsize_ok() - fs: Add missing umask strip in vfs_tmpfile - thermal: sysfs: Fix cooling_device_stats_setup() error code path - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters - usbnet: Fix linkwatch use-after-free on disconnect - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() - parisc: Fix device names in /proc/iomem - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error - drm/nouveau: fix another off-by-one in nvbios_addr - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains - iio: light: isl29028: Fix the warning in isl29028_remove() - fuse: limit nsec - serial: mvebu-uart: uart2 error bits clearing - md-raid10: fix KASAN warning - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() - PCI: Add defines for normal and subtractive PCI bridges - powerpc/fsl-pci: Fix Class Code of PCIe Root Port - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E - powerpc/powernv: Avoid crashing if rng is NULL - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - coresight: Clear the connection field properly - USB: HCD: Fix URB giveback issue in tasklet function - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC - netfilter: nf_tables: fix null deref due to zeroed list head - epoll: autoremove wakers even more aggressively - x86: Handle idle=nomwait cmdline properly for x86_idle - arm64: Do not forget syscall when starting a new thread. - arm64: fix oops in concurrently setting insn_emulation sysctls - ext2: Add more validity checks for inode counts - genirq: Don't return error on missing optional irq_request_resources() - wait: Fix __wait_event_hrtimeout for RT/DL tasks - ARM: dts: imx6ul: add missing properties for sram - ARM: dts: imx6ul: change operating-points to uint32-matrix - ARM: dts: imx6ul: fix csi node compatible - ARM: dts: imx6ul: fix lcdif node compatible - ARM: dts: imx6ul: fix qspi node compatible - spi: synquacer: Add missing clk_disable_unprepare() - ARM: OMAP2+: display: Fix refcount leak bug - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks - ACPI: PM: save NVS memory for Lenovo G40-45 - ACPI: LPSS: Fix missing check in register_device_clock() - arm64: dts: qcom: ipq8074: fix NAND node name - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name - ARM: shmobile: rcar-gen2: Increase refcount for new reference - PM: hibernate: defer device probing when resuming from hibernation - selinux: Add boundary check in put_entry() - spi: spi-rspi: Fix PIO fallback on RZ platforms - ARM: findbit: fix overflowing offset - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init - ARM: bcm: Fix refcount leak in bcm_kona_smc_init - x86/pmem: Fix platform-device leak in error path - ARM: dts: ast2500-evb: fix board compatible - ARM: dts: ast2600-evb: fix board compatible - soc: fsl: guts: machine variable might be unset - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg - ARM: OMAP2+: Fix refcount leak in omapdss_init_of - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init - cpufreq: zynq: Fix refcount leak in zynq_get_revision - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register - ARM: dts: qcom: pm8841: add required thermal-sensor-cells - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() - arm64: dts: mt7622: fix BPI-R64 WPS button - erofs: avoid consecutive detection for Highmem memory - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() - thermal/tools/tmon: Include pthread and time headers in tmon.h - dm: return early from dm_pr_call() if DM device is suspended - ath10k: do not enforce interrupt trigger type - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() - drm/mipi-dbi: align max_chunk to 2 in spi_transfer - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function - drm: adv7511: override i2c address of cec before accessing it - i2c: Fix a potential use after free - media: tw686x: Register the irq at the end of probe - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() - drm: bridge: adv7511: Add check for mipi_dsi_driver_register - drm/mcde: Fix refcount leak in mcde_dsi_bind - media: hdpvr: fix error value returns in hdpvr_read - drm/vc4: plane: Remove subpixel positioning check - drm/vc4: plane: Fix margin calculations for the right/bottom edges - drm/vc4: dsi: Correct DSI divider calculations - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE - drm/rockchip: vop: Don't crash for invalid duplicate_state() - drm/rockchip: Fix an error handling path rockchip_dp_probe() - drm/mediatek: dpi: Remove output format of YUV - drm/mediatek: dpi: Only enable dpi after the bridge is enabled - drm: bridge: sii8620: fix possible off-by-one - drm/msm/mdp5: Fix global state lock backoff - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. - tcp: make retransmitted SKB fit into the send window - libbpf: Fix the name of a reused map - selftests: timers: valid-adjtimex: build fix for newer toolchains - selftests: timers: clocksource-switch: fix passing errors from child - fs: check FMODE_LSEEK to control internal pipe splicing - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() - wifi: p54: Fix an error handling path in p54spi_probe() - wifi: p54: add missing parentheses in p54_flush() - selftests/bpf: fix a test for snprintf() overflow - can: pch_can: do not report txerr and rxerr during bus-off - can: rcar_can: do not report txerr and rxerr during bus-off - can: sja1000: do not report txerr and rxerr during bus-off - can: hi311x: do not report txerr and rxerr during bus-off - can: sun4i_can: do not report txerr and rxerr during bus-off - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off - can: usb_8dev: do not report txerr and rxerr during bus-off - can: error: specify the values of data[5..7] of CAN error frames - can: pch_can: pch_can_error(): initialize errc before using it - Bluetooth: hci_intel: Add check for platform_driver_register - i2c: cadence: Support PEC for SMBus block read - i2c: mux-gpmux: Add of_node_put() when breaking out of loop - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue - wifi: libertas: Fix possible refcount leak in if_usb_probe() - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of - iavf: Fix max_rate limiting - netdevsim: Avoid allocation warnings triggered from user space - net: rose: fix netdev reference changes - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock - clk: renesas: r9a06g032: Fix UART clkgrp bitsel - mtd: maps: Fix refcount leak in of_flash_probe_versatile - mtd: maps: Fix refcount leak in ap_flash_init - mtd: rawnand: meson: Fix a potential double free issue - HID: cp2112: prevent a buffer overflow in cp2112_xfer() - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release - mtd: partitions: Fix refcount leak in parse_redboot_of - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path - fpga: altera-pr-ip: fix unsigned comparison with less than zero - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe - usb: xhci: tegra: Fix error check - clk: mediatek: reset: Fix written reset bit offset - misc: rtsx: Fix an error handling path in rtsx_pci_probe() - driver core: fix potential deadlock in __driver_attach - clk: qcom: clk-krait: unlock spin after mux completion - usb: host: xhci: use snprintf() in xhci_decode_trb() - clk: qcom: ipq8074: fix NSS port frequency tables - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain - soundwire: bus_type: fix remove and shutdown support - intel_th: Fix a resource leak in an error handling path - intel_th: msu-sink: Potential dereference of null pointer - intel_th: msu: Fix vmalloced buffers - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch - memstick/ms_block: Fix some incorrect memory allocation - memstick/ms_block: Fix a memory leak - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R - scsi: smartpqi: Fix DMA direction for RAID requests - usb: gadget: udc: amd5536 depends on HAS_DMA - RDMA/hns: Fix incorrect clearing of interrupt status register - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() - mmc: cavium-octeon: Add of_node_put() when breaking out of loop - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop - HID: alps: Declare U1_UNICORN_LEGACY support - PCI: tegra194: Fix Root Port interrupt handling - PCI: tegra194: Fix link up retry sequence - USB: serial: fix tty-port initialized comments - platform/olpc: Fix uninitialized data in debugfs write - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region - RDMA/rxe: Fix error unwind in rxe_create_qp() - null_blk: fix ida error handling in null_add_dev() - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() - ext4: recover csum seed of tmp_inode after migrating to extents - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted - opp: Fix error check in dev_pm_opp_attach_genpd() - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe - ASoC: codecs: da7210: add check for i2c_add_driver - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV - profiling: fix shift too large makes kernel panic - tty: n_gsm: fix non flow control frames during mux flow off - tty: n_gsm: fix packet re-transmission without open control channel - tty: n_gsm: fix race condition in gsmld_write() - remoteproc: qcom: wcnss: Fix handling of IRQs - vfio/ccw: Do not change FSM state in subchannel event - tty: n_gsm: fix wrong T1 retry count handling - tty: n_gsm: fix DM command - tty: n_gsm: fix missing corner cases in gsmld_poll() - iommu/exynos: Handle failed IOMMU device registration properly - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge - kfifo: fix kfifo_to_user() return type - mfd: t7l66xb: Drop platform disable callback - mfd: max77620: Fix refcount leak in max77620_initialise_fps - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop - s390/zcore: fix race when reading from hardware system area - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() - fuse: Remove the control interface for virtio-fs - ASoC: audio-graph-card: Add of_node_put() in fail path - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() - video: fbdev: amba-clcd: Fix refcount leak bugs - video: fbdev: sis: fix typos in SiS_GetModeID() - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader - powerpc/xive: Fix refcount leak in xive_get_max_prio - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address - perf symbol: Fail to read phdr workaround - kprobes: Forbid probing on trampoline and BPF code areas - powerpc/pci: Fix PHB numbering when using opal-phbid - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO - scripts/faddr2line: Fix vmlinux detection on arm64 - x86/numa: Use cpumask_available instead of hardcoded NULL check - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() - tools/thermal: Fix possible path truncations - video: fbdev: vt8623fb: Check the size of screen before memset_io() - video: fbdev: arkfb: Check the size of screen before memset_io() - video: fbdev: s3fb: Check the size of screen before memset_io() - scsi: zfcp: Fix missing auto port scan and thus missing target ports - scsi: qla2xxx: Fix discovery issues in FC-AL topology - scsi: qla2xxx: Turn off multi-queue for 8G adapters - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection - x86/olpc: fix 'logical not is only applied to the left hand side' - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH - btrfs: reset block group chunk force if we have to wait - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h - ext4: make sure ext4_append() always allocates new block - ext4: fix use-after-free in ext4_xattr_set_entry - ext4: update s_overhead_clusters in the superblock during an on-line resize - ext4: fix extent status tree race in writeback error recovery path - ext4: correct max_inline_xattr_value_size computing - ext4: correct the misjudgment in ext4_iget_extra_inode - intel_th: pci: Add Raptor Lake-S CPU support - intel_th: pci: Add Raptor Lake-S PCH support - intel_th: pci: Add Meteor Lake-P support - dm raid: fix address sanitizer warning in raid_resume - dm raid: fix address sanitizer warning in raid_status - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback - dm writecache: set a default MAX_WRITEBACK_JOBS - ACPI: CPPC: Do not prevent CPPC from working in the future - timekeeping: contribute wall clock to rng on time change - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) - btrfs: reject log replay if there is unsupported RO compat flag - KVM: Add infrastructure and macro to mark VM as bugged - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() - tcp: fix over estimation in sk_forced_mem_schedule() - scsi: sg: Allow waiting for commands to complete on removed device - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - net/9p: Initialize the iounit field during fid creation - net_sched: cls_route: disallow handle of 0 - ALSA: info: Fix llseek return value when using callback - rds: add missing barrier to release_refill - ata: libata-eh: Add missing command name - mmc: pxamci: Fix another error handling path in pxamci_probe() - mmc: pxamci: Fix an error handling path in pxamci_probe() - btrfs: fix lost error handling when looking up extended ref on log replay - tracing: Have filter accept "common_cpu" to be consistent - can: ems_usb: fix clang's -Wunaligned-access warning - apparmor: fix quiet_denied for file rules - apparmor: fix absroot causing audited secids to begin with = - apparmor: Fix failed mount permission check error message - apparmor: fix aa_label_asxprint return check - apparmor: fix overlapping attachment computation - apparmor: fix reference count leak in aa_pivotroot() - apparmor: Fix memleak in aa_simple_write_to_buffer() - Documentation: ACPI: EINJ: Fix obsolete example - NFSv4.1: Don't decrease the value of seq_nr_highest_sent - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly - NFSv4: Fix races in the legacy idmapper upcall - NFSv4.1: RECLAIM_COMPLETE must handle EACCES - NFSv4/pnfs: Fix a use-after-free bug in open - can: mcp251x: Fix race condition on receive interrupt - sunrpc: fix expiry of auth creds - SUNRPC: Reinitialise the backchannel request buffers before reuse - devlink: Fix use-after-free after a failed reload - net: bgmac: Fix a BUG triggered by wrong bytes_compl - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool - geneve: do not use RT_TOS for IPv6 flowlabel - plip: avoid rcu debug splat - vsock: Fix memory leak in vsock_connect() - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles - tools/vm/slabinfo: use alphabetic order when two values are equal - tools build: Switch to new openssl API for test-libcrypto - NTB: ntb_tool: uninitialized heap data in tool_fn_write() - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` - xen/xenbus: fix return type in xenbus_file_read() - atm: idt77252: fix use-after-free bugs caused by tst_timer - dpaa2-eth: trace the allocated address instead of page struct - tee: add overflow check in register_shm_helper() - nios2: page fault et.al. are *not* restartable syscalls... - nios2: don't leave NULLs in sys_call_table[] - nios2: traced syscall does need to check the syscall number - nios2: fix syscall restart checks - nios2: restarts apply only to the first sigframe we build... - nios2: add force_successful_syscall_return() - iavf: Fix adminq error handling - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks - netfilter: nf_tables: really skip inactive sets when allocating name - powerpc/pci: Fix get_phb_number() locking - net: dsa: mv88e6060: prevent crash on an unused port - net: moxa: pass pdev instead of ndev to DMA functions - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry - ice: Ignore EEXIST when setting promisc mode - i40e: Fix to stop tx_timeout recovery if GLOBR fails - fec: Fix timer capture timing in `fec_ptp_enable_pps()` - igb: Add lock to avoid data race - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file - locking/atomic: Make test_and_*_bit() ordered on failure - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() - PCI: Add ACS quirk for Broadcom BCM5750x NICs - usb: cdns3 fix use-after-free at workaround 2 - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info - irqchip/tegra: Fix overflow implicit truncation warnings - drm/meson: Fix overflow implicit truncation warnings - usb: host: ohci-ppc-of: Fix refcount leak bug - usb: renesas: Fix refcount leak bug - vboxguest: Do not use devm for irq - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input - gadgetfs: ep_io - wait until IRQ finishes - cxl: Fix a memory leak in an error handling path - PCI/ACPI: Guard ARM64-specific mcfg_quirks - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups - selftests/kprobe: Do not test for GRP/ without event failures - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown - drivers:md:fix a potential use-after-free bug - ext4: avoid remove directory when directory is corrupted - ext4: avoid resizing to a partial cluster size - lib/list_debug.c: Detect uninitialized lists - tty: serial: Fix refcount leak bug in ucc_uart.c - vfio: Clear the caps->buf to NULL after free - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start - riscv: mmap with PROT_WRITE but no PROT_READ is invalid - RISC-V: Add fast call path of crash_kexec() - watchdog: export lockup_detector_reconfigure - powerpc/32: Don't always pass -mcpu=powerpc to the compiler - ALSA: core: Add async signal helpers - ALSA: timer: Use deferred fasync helper - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() - smb3: check xattr value length earlier - powerpc/64: Init jump labels before parse_early_param() - video: fbdev: i740fb: Check the argument of i740_calc_vclk() - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 - tracing/probes: Have kprobes and uprobes use $COMM too - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() - can: j1939: j1939_session_destroy(): fix memory leak of skbs - btrfs: only write the sectors in the vertical stripe which has data stripes - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() - Linux 5.4.211 * CVE-2022-3028 - af_key: Do not call xfrm_probe_algs in parallel * CVE-2022-2978 - fs: fix UAF/GPF bug in nilfs_mdt_destroy * CVE-2022-40768 - scsi: stex: Properly zero out the passthrough command structure [ Ubuntu: 5.4.0-131.147 ] * CVE-2022-2602 - SAUCE: io_uring/af_unix: defer registered files gc to io_uring release - SAUCE: io_uring/af_unix: fix memleak during unix GC * CVE-2022-41674 - SAUCE: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() - SAUCE: wifi: cfg80211/mac80211: reject bad MBSSID elements - SAUCE: wifi: cfg80211: ensure length byte is present before access - SAUCE: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate - SAUCE: wifi: cfg80211: update hidden BSSes to avoid WARN_ON * CVE-2022-42721 - SAUCE: wifi: cfg80211: avoid nontransmitted BSS list corruption * CVE-2022-42720 - SAUCE: wifi: cfg80211: fix BSS refcounting bugs -- Wen-chien Jesse Sung