This is the start of the stable review cycle for the 5.15.151 release. There are 83 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 07 Mar 2024 11:31:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.151-rc2.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 5.15.151-rc2 Davide Caratti <dcaratti@xxxxxxxxxx> mptcp: fix double-free on socket dismantle Gal Pressman <gal@xxxxxxxxxx> Revert "tls: rx: move counting TlsDecryptErrors for sync" Jakub Kicinski <kuba@xxxxxxxxxx> net: tls: fix async vs NIC crypto offload Martynas Pumputis <m@xxxxxxxxx> bpf: Derive source IP addr via bpf_*_fib_lookup() Louis DeLosSantos <louis.delos.devel@xxxxxxxxx> bpf: Add table ID to bpf_fib_lookup BPF helper Martin KaFai Lau <martin.lau@xxxxxxxxxx> bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Revert "interconnect: Teach lockdep about icc_bw_lock order" Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Revert "interconnect: Fix locking for runpm vs reclaim" Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> gpio: fix resource unwinding order in error path Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> gpiolib: Fix the error path order in gpiochip_add_data_with_key() Arturas Moskvinas <arturas.moskvinas@xxxxxxxxx> gpio: 74x164: Enable output pins after registers are reset Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> af_unix: Drop oob_skb ref before purging queue in GC. Max Krummenacher <max.krummenacher@xxxxxxxxxxx> Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe" Oscar Salvador <osalvador@xxxxxxx> fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Baokun Li <libaokun1@xxxxxxxxxx> cachefiles: fix memory leak in cachefiles_add_cache() Paolo Abeni <pabeni@xxxxxxxxxx> mptcp: fix possible deadlock in subflow diag Paolo Abeni <pabeni@xxxxxxxxxx> mptcp: push at DSS boundaries Geliang Tang <tanggeliang@xxxxxxxxxx> mptcp: add needs_id for netlink appending addr Jean Sacren <sakiwit@xxxxxxxxx> mptcp: clean up harmless false expressions Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> selftests: mptcp: add missing kconfig for NF Filter in v6 Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx> selftests: mptcp: add missing kconfig for NF Filter Paolo Abeni <pabeni@xxxxxxxxxx> mptcp: rename timer related helper to less confusing names Paolo Abeni <pabeni@xxxxxxxxxx> mptcp: process pending subflow error on close Paolo Abeni <pabeni@xxxxxxxxxx> mptcp: move __mptcp_error_report in protocol.c Paolo Bonzini <pbonzini@xxxxxxxxxx> x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Bjorn Andersson <quic_bjorande@xxxxxxxxxxx> pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation Elad Nachman <enachman@xxxxxxxxxxx> mmc: sdhci-xenon: fix PHY init clock stability Elad Nachman <enachman@xxxxxxxxxxx> mmc: sdhci-xenon: add timeout for PHY init complete Ivan Semenov <ivan@xxxxxxxxxxx> mmc: core: Fix eMMC initialization with 1-bit bus connection Curtis Klein <curtis.klein@xxxxxxx> dmaengine: fsl-qdma: init irq after reg initialization Tadeusz Struk <tstruk@xxxxxxxxxx> dmaengine: ptdma: use consistent DMA masks Peng Ma <peng.ma@xxxxxxx> dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read David Sterba <dsterba@xxxxxxxx> btrfs: dev-replace: properly validate device names Johannes Berg <johannes.berg@xxxxxxxxx> wifi: nl80211: reject iftype change with mesh ID change Alexander Ofitserov <oficerovas@xxxxxxxxxxxx> gtp: fix use-after-free and null-ptr-deref in gtp_newlink() Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx> ALSA: firewire-lib: fix to check cycle continuity Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> tomoyo: fix UAF write bug in tomoyo_write_control() Dimitris Vlachos <dvlachos@xxxxxxxxxxxx> riscv: Sparse-Memory/vmemmap out-of-bounds fix David Howells <dhowells@xxxxxxxxxx> afs: Fix endless loop in directory parsing Jiri Slaby (SUSE) <jirislaby@xxxxxxxxxx> fbcon: always restore the old font data in fbcon_do_set_font() Takashi Iwai <tiwai@xxxxxxx> ALSA: Drop leftover snd-rtctimer stuff from Makefile Hans de Goede <hdegoede@xxxxxxxxxx> power: supply: bq27xxx-i2c: Do not free non existing IRQ Arnd Bergmann <arnd@xxxxxxxx> efi/capsule-loader: fix incorrect allocation size Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> tls: decrement decrypt_pending if no async completion will be called Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: use async as an in-out argument Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: assume crypto always calls our callback Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: move counting TlsDecryptErrors for sync Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: don't track the async count Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: factor out writing ContentType to cmsg Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: wrap decryption arguments in a structure Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: don't report text length from the bowels of decrypt Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: drop unnecessary arguments from tls_setup_from_iter() Jakub Kicinski <kuba@xxxxxxxxxx> tls: hw: rx: use return value of tls_device_decrypted() to carry status Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: refactor decrypt_skb_update() Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: don't issue wake ups when data is decrypted Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: don't store the decryption status in socket context Jakub Kicinski <kuba@xxxxxxxxxx> tls: rx: don't store the record type in socket context Oleksij Rempel <linux@xxxxxxxxxxxxxxxx> igb: extend PTP timestamp adjustments to i211 Lin Ma <linma@xxxxxxxxxx> rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back Florian Westphal <fw@xxxxxxxxx> netfilter: bridge: confirm multicast packets before passing them up the stack Florian Westphal <fw@xxxxxxxxx> netfilter: let reset rules clean out conntrack entries Florian Westphal <fw@xxxxxxxxx> netfilter: make function op structures const Florian Westphal <fw@xxxxxxxxx> netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Florian Westphal <fw@xxxxxxxxx> netfilter: nfnetlink_queue: silence bogus compiler warning Ignat Korchagin <ignat@xxxxxxxxxxxxxx> netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Kai-Heng Feng <kai.heng.feng@xxxxxxxxxxxxx> Bluetooth: Enforce validation on max value of connection interval Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Zijun Hu <quic_zijuhu@xxxxxxxxxxx> Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Ying Hsu <yinghsu@xxxxxxxxxxxx> Bluetooth: Avoid potential use-after-free in hci_error_reset Jakub Raczynski <j.raczynski@xxxxxxxxxxx> stmmac: Clear variable when destroying workqueue Justin Iurman <justin.iurman@xxxxxxxxx> uapi: in6: replace temporary label with rfc9486 Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx> net: usb: dm9601: fix wrong return value in dm9601_mdio_read Jakub Kicinski <kuba@xxxxxxxxxx> veth: try harder when allocating queue memory Vasily Averin <vvs@xxxxxxxxxx> net: enable memcg accounting for veth queues Oleksij Rempel <linux@xxxxxxxxxxxxxxxx> lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected Eric Dumazet <edumazet@xxxxxxxxxx> ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() Jakub Kicinski <kuba@xxxxxxxxxx> net: veth: clear GRO when clearing XDP even when down Doug Smythies <dsmythies@xxxxxxxxx> cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back Yunjian Wang <wangyunjian@xxxxxxxxxx> tun: Fix xdp_rxq_info's queue_index when detaching Florian Westphal <fw@xxxxxxxxx> net: ip_tunnel: prevent perpetual headroom growth Ryosuke Yasuoka <ryasuoka@xxxxxxxxxx> netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Han Xu <han.xu@xxxxxxx> mtd: spinand: gigadevice: Fix the get ecc status issue Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: disallow timeout for anonymous sets ------------- Diffstat: Makefile | 4 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/x86/kernel/cpu/intel.c | 178 ++++++------ drivers/cpufreq/intel_pstate.c | 3 + drivers/dma/fsl-qdma.c | 25 +- drivers/dma/ptdma/ptdma-dmaengine.c | 2 - drivers/firmware/efi/capsule-loader.c | 2 +- drivers/gpio/gpio-74x164.c | 4 +- drivers/gpio/gpiolib.c | 12 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 11 +- drivers/interconnect/core.c | 18 +- drivers/mmc/core/mmc.c | 2 + drivers/mmc/host/sdhci-xenon-phy.c | 48 +++- drivers/mtd/nand/spi/gigadevice.c | 6 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 5 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/gtp.c | 12 +- drivers/net/tun.c | 1 + drivers/net/usb/dm9601.c | 2 +- drivers/net/usb/lan78xx.c | 3 +- drivers/net/veth.c | 40 +-- drivers/power/supply/bq27xxx_battery_i2c.c | 4 +- drivers/soc/qcom/rpmhpd.c | 7 +- drivers/video/fbdev/core/fbcon.c | 8 +- fs/afs/dir.c | 4 +- fs/btrfs/dev-replace.c | 24 +- fs/cachefiles/bind.c | 3 + fs/hugetlbfs/inode.c | 6 +- include/linux/netfilter.h | 14 +- include/net/ipv6_stubs.h | 5 + include/net/netfilter/nf_conntrack.h | 8 + include/net/strparser.h | 4 + include/net/tls.h | 11 +- include/uapi/linux/bpf.h | 37 ++- include/uapi/linux/in6.h | 2 +- net/bluetooth/hci_core.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/l2cap_core.c | 8 +- net/bridge/br_netfilter_hooks.c | 96 +++++++ net/bridge/netfilter/nf_conntrack_bridge.c | 30 ++ net/core/filter.c | 67 ++++- net/core/rtnetlink.c | 11 +- net/ipv4/ip_tunnel.c | 28 +- net/ipv4/netfilter/nf_reject_ipv4.c | 1 + net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 1 + net/ipv6/netfilter/nf_reject_ipv6.c | 1 + net/mptcp/diag.c | 3 + net/mptcp/pm_netlink.c | 30 +- net/mptcp/protocol.c | 123 +++++++-- net/mptcp/subflow.c | 36 --- net/netfilter/core.c | 45 +-- net/netfilter/nf_conntrack_core.c | 21 +- net/netfilter/nf_conntrack_netlink.c | 4 +- net/netfilter/nf_conntrack_proto_tcp.c | 35 +++ net/netfilter/nf_nat_core.c | 2 +- net/netfilter/nf_tables_api.c | 7 + net/netfilter/nfnetlink_queue.c | 10 +- net/netfilter/nft_compat.c | 20 ++ net/netlink/af_netlink.c | 2 +- net/tls/tls_device.c | 6 +- net/tls/tls_sw.c | 316 ++++++++++------------ net/unix/garbage.c | 22 +- net/wireless/nl80211.c | 2 + security/tomoyo/common.c | 3 +- sound/core/Makefile | 1 - sound/firewire/amdtp-stream.c | 2 +- tools/include/uapi/linux/bpf.h | 37 ++- tools/testing/selftests/net/mptcp/config | 2 + 69 files changed, 991 insertions(+), 529 deletions(-)