[continued from previous message]

- vfio/pci: Lock external INTx masking ops (CVE-2024-26810)
- vfio/platform: Disable virqfds on cleanup
- ksmbd: retrieve number of blocks using vfs_getattr in
set_file_allocation_info
- ring-buffer: Fix waking up ring buffer readers
- ring-buffer: Do not set shortest_full when full target is hit
- ring-buffer: Fix resetting of shortest_full
- ring-buffer: Fix full_waiters_pending in poll
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
- [s390x] zcrypt: fix reference counting on zcrypt card objects
- drm/probe-helper: warn about negative .get_modes()
- drm/panel: do not return negative error codes from drm_panel_get_modes()
- [armhf] drm/exynos: do not return negative values from .get_modes()
- [armhf] drm/imx/ipuv3: do not return negative values from .get_modes()
- [arm64,armhf] drm/vc4: hdmi: do not return negative values from
.get_modes()
- memtest: use {READ,WRITE}_ONCE in memory scanning
- Revert "block/mq-deadline: use correct way to throttling write requests"
- f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
- f2fs: truncate page cache before clearing flags when aborting atomic write
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings
- nilfs2: prevent kernel bug at submit_bh_wbc()
- cifs: open_cached_dir(): add FILE_READ_EA to desired access
- cpufreq: dt: always allocate zeroed cpumask
- [amd64] x86/CPU/AMD: Update the Zenbleed microcode revisions
- NFSD: Fix nfsd_clid_class use of __string_len() macro
- net: hns3: tracing: fix hclgevf trace event strings
- wireguard: netlink: check for dangling peer via is_dead instead of empty
list
- wireguard: netlink: access device through ctx instead of peer
- ahci: asm1064: correct count of reported ports
- ahci: asm1064: asm1166: don't limit reported ports
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
- drm/amd/display: Return the correct HDCP error code
- drm/amd/display: Fix noise issue on HDMI AV mute
- dm snapshot: fix lockup in dm_exception_table_exit
- [x86] pm: Work around false positive kmemleak report in
msr_build_context()
- cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's
return value"
- [x86] platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
(Closes: #1065320)
- tls: fix race between tx work scheduling and socket close (CVE-2024-26585)
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout (CVE-2024-26643)
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642)
- netfilter: nf_tables: reject constant set with timeout
- Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
memory
- init/Kconfig: lower GCC version check for -Warray-bounds
- [x86] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
- [x86] KVM: SVM: Flush pages under kvm->lock to fix UAF in
svm_register_enc_region()
- tracing: Use .flush() call to wake up readers
- drm/amdgpu/pm: Fix the error of pwm1_enable setting
- [x86] drm/i915: Check before removing mm notifier
- ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo
ALC897 platform
- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
- usb: gadget: ncm: Fix handling of zero block length packets
- usb: port: Don't try to peer unused USB ports based on location
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on
suspend/resume
- mei: me: add arrow lake point S DID
- mei: me: add arrow lake point H DID
- vt: fix unicode buffer corruption when deleting characters
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
- ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
- tee: optee: Fix kernel panic caused by incorrect error handling
- mm, vmscan: prevent infinite loop for costly GFP_NOIO |
__GFP_RETRY_MAYFAIL allocations
- iio: accel: adxl367: fix DEVID read after reset
- iio: accel: adxl367: fix I2C FIFO data register
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
- drm/amd/display: handle range offsets in VRR ranges
- [x86] efistub: Call mixed mode boot services on the firmware's stack
- net: tls: handle backlogging of crypto requests (CVE-2024-26584)
- [x86] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
- iommu: Avoid races around default domain allocations
- clocksource/drivers/arm_global_timer: Fix maximum prescaler value
- entry: Respect changes to system call number by trace_sys_enter()
- minmax: add umin(a, b) and umax(a, b)
- swiotlb: Fix alignment checks when both allocation and DMA masks are
present
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
- printk: Update @console_may_schedule in console_trylock_spinning()
- irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
- irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
- irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based
on register's index
- irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
- irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
- irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger
type
- [x86] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe
address
- [x86] fpu: Keep xfd_state in sync with MSR_IA32_XFD
- pwm: img: fix pwm clock lookup
- tty: serial: imx: Fix broken RS485
- block: Fix page refcounts for unaligned buffers in __bio_release_pages()
- blk-mq: release scheduler resource when request completes
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (CVE-2024-27437)
- vfio: Introduce interface to flush virqfd inject workqueue
- vfio/pci: Create persistent INTx handler (CVE-2024-26812)
- vfio/platform: Create persistent IRQ handlers (CVE-2024-26813)
- vfio/fsl-mc: Block calling interrupt handler without trigger
(CVE-2024-26814)
- [x86] coco: Export cc_vendor
- [x86] coco: Get rid of accessor functions
- [x86] Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
- [x86] sev: Fix position dependent variable references in startup code
- mm/migrate: set swap entry values of THP tail pages properly.
- init: open /initrd.image with O_LARGEFILE
- [x86] efistub: Add missing boot_params for mixed mode compat entry
- btrfs: zoned: don't skip block groups with 100% zone unusable
- btrfs: zoned: use zone aware sb location for scrub
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- wifi: iwlwifi: fw: don't always use FW dump trig
- exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
- hexagon: vmlinux.lds.S: handle attributes section
- mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
HS200 mode
- mmc: core: Initialize mmc_blk_ioc_data
- mmc: core: Avoid negative index with array access
- block: Do not force full zone append completion in req_bio_endio()
- thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
- nouveau/dmem: handle kcalloc() allocation failure
- net: ll_temac: platform_get_resource replaced by wrong function
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
- [x86] drm/i915/bios: Tolerate devdata==NULL in
intel_bios_encoder_supports_dp_dual_mode()
- [x86] drm/i915/gt: Reset queue_priority_hint on parking
- Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
- Revert "usb: phy: generic: Get the vbus supply"
- usb: cdc-wdm: close race between read and workqueue
- USB: UAS: return ENODEV when submit urbs fail with device not attached
- usb: dwc3-am62: Rename private data
- usb: dwc3-am62: fix module unload/reload behavior
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
(CVE-2024-26654)
- scsi: core: Fix unremoved procfs host directory regression
- staging: vc04_services: changen strncpy() to strscpy_pad()
- staging: vc04_services: fix information leak in create_component()
- USB: core: Add hub_get() and hub_put() routines
- USB: core: Fix deadlock in port "disable" sysfs attribute
- scsi: sd: Fix TCG OPAL unlock on system resume
- usb: dwc2: host: Fix remote wakeup from hibernation
- usb: dwc2: host: Fix hibernation flow
- usb: dwc2: host: Fix ISOC flow in DDMA mode
- usb: dwc2: gadget: Fix exiting from clock gating
- usb: dwc2: gadget: LPM flow fix
- usb: udc: remove warning when queue disabled ep
- usb: typec: Return size of buffer if pd_set operation succeeds
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
- usb: typec: ucsi: Ack unsupported commands
- usb: typec: ucsi_acpi: Refactor and fix DELL quirk
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
- scsi: qla2xxx: Prevent command send on chip reset
- scsi: qla2xxx: Fix N2N stuck connection
- scsi: qla2xxx: Split FCE|EFT trace control
- scsi: qla2xxx: Update manufacturer detail
- scsi: qla2xxx: NVME|FCP prefer flag not being honored
- scsi: qla2xxx: Fix command flush on cable pull
- scsi: qla2xxx: Fix double free of fcport
- scsi: qla2xxx: Change debug message during driver unload
- scsi: qla2xxx: Delay I/O Abort on PCI error
- [x86] cpu: Enable STIBP on AMD if Automatic IBRS is enabled
- tls: fix use-after-free on failed backlog decryption (CVE-2024-26800)
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
- scsi: lpfc: Correct size for wqe for memset()
- scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
- scsi: libsas: Fix disk not being scanned in after being removed
- [x86] sev: Skip ROM range scans and validation for SEV-SNP guests
- USB: core: Fix deadlock in usb_deauthorize_interface()
- tools/resolve_btfids: fix build with musl libc
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
- scripts/bpf_doc: Use silent mode when exec make cmd
- dma-buf: Fix NULL pointer dereference in sanitycheck()
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
- mlxbf_gige: stop PHY during open() error paths
- wifi: iwlwifi: mvm: rfi: fix potential response leaks
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
- [s390x] qeth: handle deferred cc1
- tcp: properly terminate timers for kernel sockets
- net: wwan: t7xx: Split 64bit accesses to fix alignment issues
- [arm64] net: hns3: fix index limit to support all queue stats
- [arm64] net: hns3: fix kernel crash when devlink reload during pf
initialization
- [arm64] net: hns3: mark unexcuted loopback test result as UNEXECUTED
- tls: recv: process_rx_list shouldn't use an offset with kvec
- tls: adjust recv return with async crypto and failed copy to userspace
- tls: get psock ref after taking rxlock to avoid leak
- mlxbf_gige: call request_irq() after NAPI initialized
- bpf: Protect against int overflow for stack access size
- cifs: Fix duplicate fscache cookie warnings
- net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
- inet: inet_defrag: prevent sk release while still in use
- dm integrity: fix out-of-range warning
- [x86] cpufeatures: Add new word for scattered features
- [x86] perf/x86/amd/lbr: Use freeze based on availability
- [arm64] KVM: arm64: Fix host-programmed guest events in nVHE
- r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
- [x86] cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
word
- Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT"
- [arm64] dts: qcom: sc7180-trogdor: mark bluetooth address as broken
- Bluetooth: qca: fix device-address endianness
- Bluetooth: add quirk for broken address properties
- Bluetooth: hci_event: set the conn encrypted before conn establishes
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (CVE-2024-24857,
CVE-2024-24858)
- xen-netfront: Add missing skb_mark_for_recycle
- net/rds: fix possible cp null dereference
- net: usb: ax88179_178a: avoid the interface always configured as random
address
- vsock/virtio: fix packet delivery to tap device
- Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
mapped."
- netfilter: nf_tables: reject new basechain after table flag update
- netfilter: nf_tables: flush pending destroy work before exit_net release
- netfilter: nf_tables: Fix potential data-race in
__nft_flowtable_type_get()
- netfilter: validate user input for expected length
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
- net/sched: act_skbmod: prevent kernel-infoleak
- net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()
- net: stmmac: fix rx queue priority assignment
- net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping
- net: phy: micrel: Fix potential null pointer dereference
- gro: fix ownership transfer
- [x86] bugs: Fix the SRSO mitigation on Zen3/4
- [x86] retpoline: Do the necessary fixup to the Zen3/4 srso return thunk
for !SRSO
- i40e: Fix VF MAC filter removal
- erspan: make sure erspan_base_hdr is present in skb->head
- ipv6: Fix infinite recursion in fib6_dump_done().
- mlxbf_gige: stop interface during shutdown
- r8169: skip DASH fw status checks when DASH is disabled
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary
- udp: prevent local UDP tunnel packets from being GROed
- i40e: fix i40e_count_filters() to count only active/new filters
- i40e: fix vf may be used uninitialized in this function warning
- drm/amd: Evict resources during PM ops prepare() callback
- drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
- drm/amd: Flush GFXOFF requests in prepare stage
- i40e: Store the irq number in i40e_q_vector
- i40e: Remove _t suffix from enum type names
- i40e: Enforce software interrupt during busy-poll exit
- r8169: use spinlock to protect mac ocp register access
- r8169: use spinlock to protect access to registers Config2 and Config5
- r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6)
non-wildcard addresses.
- drivers: net: convert to boolean for the mac_managed_pm flag
- net: fec: Set mac_managed_pm during probe
- [x86] KVM: SVM: enhance info printk's in SEV init
- [x86] KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails
- [x86] KVM: SVM: Use unsigned integers when dealing with ASIDs
- [x86] KVM: SVM: Add support for allowing zero SEV ASIDs
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
- 9p: Fix read/write debug statements to report server reply
- drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported
- drm/panfrost: fix power transition timeout warnings
- ASoC: rt5682-sdw: fix locking sequence
- [x86] ASoC: rt711-sdca: fix locking sequence
- ASoC: rt711-sdw: fix locking sequence
- ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
- scsi: mylex: Fix sysfs buffer lengths
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe()
- cifs: Fix caching to try to do open O_WRONLY as rdwr on server
- ata: sata_mv: Fix PCI device ID table declaration compilation warning
- nfsd: hold a lighter-weight client reference over CB_RECALL_ANY
- [x86] retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
- ksmbd: don't send oplock break if rename fails
- ksmbd: validate payload size in ipc response (CVE-2024-26811)
- ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
- ALSA: hda/realtek - Fix inactive headset mic jack
- ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
microphone
- driver core: Introduce device_link_wait_removal()
- of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
- [x86] mm/pat: fix VM_PAT handling in COW mappings
- [x86] mce: Make sure to grab mce_sysfs_mutex in set_bank()
- [x86] coco: Require seeding RNG with RDRAND on CoCo systems
- [s390x] entry: align system call table on 8 bytes
- smb3: retrying on failed server close
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
- smb: client: fix potential UAF in cifs_stats_proc_write()
- smb: client: fix potential UAF in cifs_stats_proc_show()
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
- smb: client: fix potential UAF in is_valid_oplock_break()
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
- smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
- mptcp: don't account accept() of non-MPC client as fallback to TCP
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
- nvme: fix miss command type check
- [x86] bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- [x86] syscall: Don't force use of indirect calls for system calls
- [x86] Mitigate Native Branch History Injection vulnerability
(CVE-2024-2201):
+ [x86] bhi: Add support for clearing branch history at syscall entry
+ [x86] bhi: Define SPEC_CTRL_BHI_DIS_S
+ [x86] bhi: Enumerate Branch History Injection (BHI) bug
+ [x86] bhi: Add BHI mitigation knob
+ [x86] bhi: Mitigate KVM by default
+ [x86] KVM: x86: Add BHI_NO
+ [x86] set SPECTRE_BHI_ON as default
.
[ Salvatore Bonaccorso ]
* Bump ABI to 20
* Refresh "efi: Lock down the kernel if booted in secure boot mode" (context
changes in 6.1.84)
* [rt] Refresh "serial: 8250: implement write_atomic"
* Refresh "x86: Make x32 syscall support conditional on a kernel parameter"
* tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
(Closes: #1068770)
* Revert "scsi: sd: usb_storage: uas: Access media prior to querying device
properties" (Closes: #1068675)
* Revert "scsi: core: Add struct for args to execution functions"
* scsi: sd: usb_storage: uas: Access media prior to querying device properties
Checksums-Sha1:
96e8580cb1462ba438fc28d27cdf06c154308756 290924 linux_6.1.85-1.dsc
86985ea19cf9db504e226f0a70a6cf848819af06 137597252 linux_6.1.85.orig.tar.xz
e8234e6475fbaefca69cacd1f9b62fd7fb1f68b6 1627960 linux_6.1.85-1.debian.tar.xz
e5b81a00a9ded9a8afda139d264bf89fb1969020 7117 linux_6.1.85-1_source.buildinfo Checksums-Sha256:
4b9de409835ac055d92e13763c4228dfb706f40c61352e512fdc98245f24f1d7 290924 linux_6.1.85-1.dsc
528d48ab19f355c6706263723cfda108492ac2dcb4de8af21f8b1676c8373d7d 137597252 linux_6.1.85.orig.tar.xz
99cc3b914e71fade4613d90c895232c16268565b8d04ee765e6c553b770d0d00 1627960 linux_6.1.85-1.debian.tar.xz
2cc607f072d991c8c7c4c648cc9b0508c222c8a3f5310eed8909e1cd4d14620a 7117 linux_6.1.85-1_source.buildinfo
Files:
f801414be0ef36d4aa5d222a272474ba 290924 kernel optional linux_6.1.85-1.dsc
fdb3b2b8121867f9afbfb10d3228e503 137597252 kernel optional linux_6.1.85.orig.tar.xz
ef7c37741e655176e7a9d80f957aaf79 1627960 kernel optional linux_6.1.85-1.debian.tar.xz
0aae449aad4f075e10bf6326d163d196 7117 kernel optional linux_6.1.85-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYYVBVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvbkP/2Zd6wVKsV/Z/2GoghzAtDleF35//r+8 7nubdrpLCeAzZOijTZgY7ERF8FplM0SH/TkN4WfBeixUoiLOGBTQ+/UsIDD10uX6 BghmyU6NS1yzWBdEfyrNlexF0qe+3oL32myPP6khgN+MwLD9pgXCY+drWDiP/TJL oCrSRCoJk+ctidxAUDFTfliiqHnCp7grmrbPfYBpsEimTJ/ajJYDNmSgU6z2gqXF 5yrblZl3r3/43HwiWcuSjq1OW/YNIiaPiThN2VXwQjQEUzXbVVsC+dHIOjj0/xQ/ nLo/A2le1DCY+YsbCMQAgRPb8UD5hjR+XNjoN/kOOmdyBlhZN1VEvZ/zbBhWt5B4 pUBQbN1nqQQsFbri698oV/yYa//QfvHojmRDeJaJ0zXEpXmJwp7GFumsJLJFXjS8 E/RI92jWvAnHuc2UrWFWaOxI0VOM9frQZl3gVseyOAlUlRVI7CGl0syAA2jHmgYU aX65qphzNf6z0P4mlu8fSeezzhEJawXiYxtfuYcfQCxeRatMt+pXJkof6r5kntO+ lGYpiRyRYS4UP71MDg+TSHjsJC45/vyg0chbAPZbd/Z7qSoazRqWvcUD+7ffx/KQ aOfnd6EyrulLmM52LLUloE1pkKUhUpSjblZtIwQg33v1SrtyfjSUlKWkQrZYzrSJ
vMoPNRn/MHu5
=48oX
-----END PGP SIGNATURE-----


--============== 49170645983065340=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZh2gaQAKCRCb9qggYcy5 IZyiAP9Rocqcl8k5tBwRhOz9IsrCpDqvgLETzS6doWU5vKBS8QD+LoZSarEbLWJy IJxD+AAI8I8VYe2uzNVfgFp4cwfSvww=EsS4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)