Add sub section to how Poky and OE-Core handle CVE security issues. This
is a generic intro chapter. Also add note that this is a process which
needs quite a bit of review and iteration to keep products and SW stack
secure, a process not a product.
Then change "Vulnerabilites in images" chapter to
"Vulnerability check at build time" since the process applies to
anything compiled with bitbake, not just images.
Explain details of how to work with cve-check.bbclass, especially
the states Patched, Unpatched and Ignored in the generated reports.
Rename recipe chapter to "Fixing CVE product name and version mappings"
since CVE check has some default which works for all recipes
but generated reports may be completely broken. Fixes are then done with
CVE_PRODUCT and CVE_VERSION.
Give some hints how to analyze "Unpatched" CVEs by checking what happens
in other Linux distros etc.
(From yocto-docs rev: 77a9c1a9fe651bf11f1d5a723b0741dd1764b2c8)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Regular security scans and updates to fix issues and updates from
upstream maintainers are best practices.
(From yocto-docs rev: 24d3337b6cbb38297877f6ce6ec78896ce93e8b2)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is a quite important tool for maintaining yocto based products
so documentation should include the best practices.
(From yocto-docs rev: 3f7d09fc3c96f29ab80a2cb893c9b4b19a75a769)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE number in the patch is a typo. CVE-2022-2053 is not related to
libtiff. So fix it.
(From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building a FIT image with device trees, each device tree lands in a
FIT section and is referenced by a FIT configuration node.
FIT images however also allow referencing the same device tree from
multiple configurations. This can be useful to reduce FIT image size
while staying compatible with existing bootloaders. Allow
kernel-fitimage.bbclass users to take advantage of this by mapping
each symlink to a regular device tree included in the FIT to a
configuration that references a common device tree section.
(From OE-Core rev: 21e240da63239826f3ef50ceef40c9519e9030d8)
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This introduces no functional change, but will come in handy in a later
commit where a file lookup will have us using the device tree name. If
we keep it like it's now, we will lose the information whether an
underscore is an original underscore or a mangled slash.
(From OE-Core rev: 8bea426ca59d17715a3b32f7e3caf3e4b6db5ce9)
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2022-39253 in git meant file:// urls within submodules were disabled. Add
a parameter to the commands in the tests to allow this to continue to work.
(Bitbake rev: 209f7ba352b60722830157054e3fc56cb9c693eb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In OE-Core d6b15d1e70b99185cf245d829ada5b6fb99ec1af,
"openssl: export necessary env vars in SDK", the value added for
SSL_CERT_FILE was in conflict with the value used elsewhere, such as
in buildtools. This makes them match and fixes buildtools testsdk
failures.
(From OE-Core rev: 7d383a7fc6da666c80f2fc037af5f49a3388eb2b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a test for special characters in user and password to qualify
decodeurl() inspired by a bug report describing that '=' signs in a
password was problematic.
Add a second test to qualify decodeurl() as related to the change in
commit 628c4bf6c89b [fetch2/__init__: handle @ in package names].
Relates to [YOCTO #14476]
(Bitbake rev: ee04cf09c7022168c035affa654773652a49793e)
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the case where hashlib is not available, the try would fail and fall
through resulting in a backtrace on the usage of the 'sig'. The backtrace
itself was confusing and made it difficult to determine what went wrong.
Update the import to be in it's own try block with an appropriate
message to indicate what went wrong.
Note, the current version of ply all of this code has been restructured
so this is not applicable upstream.
Additionally, some versions of hashlib don't appear to implement the
second FIPS related argument. Detect this and support both versions.
(Bitbake rev: 484ab42f440070c0369b81f5c69da860fa47a798)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The U-Boot signing code is a bit of a mess. The problem is that mkimage
determines the public keys to embed into a device tree based on an image
that it is signing. This results in all sorts of contortions: U-Boot has to
be available to the kernel recipe so that it can have the correct public
keys embedded. Then, the signed U-Boot has to be made available to U-Boot's
do_deploy. This same dance is then repeated for SPL. To complicate matters,
signing for U-Boot and U-Boot SPL is optional, so the whole process must be
seamlessly integrated with a non-signed build.
The complexity and interdependency of this process makes it difficult to
extend. For example, it is not possible to install a signed U-Boot binary
into the root filesystem. This is first because u-boot:do_install must run
before linux:do_assemble_fitimage, which must run before u-boot:do_deploy.
But aside from infrastructure issues, installing a signed U-Boot also can't
happen, because the kernel image might have an embedded initramfs
(containing the signed U-Boot).
However, all of this complexity is accidental. It is not necessary to embed
the public keys into U-Boot and sign the kernel in one fell swoop. Instead,
we can sign the kernel, stage it, and sign the staged kernel again to embed
the public keys into U-Boot [1]. This twice-signed kernel serves only to
provide the correct parameters to mkimage, and does not have to be
installed or deployed. By cutting the dependency of
linux:do_assemble_fitimage on u-boot:do_install, we can drastically
simplify the build process, making it much more extensible.
The process of doing this conversion is a bit involved, since the U-Boot
and Linux recipes are so intertwined at the moment. The most major change
is that uboot-sign is no longer inherited by kernel-fitimage. Similarly,
all U-Boot-related tasks have been removed from kernel-fitimage. We add a
new step to the install task to stage the kernel in /sysroot-only. The
logic to disable assemble_fitimage has been removed. We always assemble it,
even if the final fitImage will use a bundled initramfs, because U-Boot
will need it.
On the U-Boot side, much of the churn stems from multiple config support.
Previously, we took a fairly ad-hoc approach to UBOOT_CONFIG and
UBOOT_MACHINE, introducing for loops wherever we needed to deal with them.
However, I have chosen to use a much more structured approach. Each task
which needs to use the build directory uses the following pseudocode:
do_mytask() {
if ${UBOOT_CONFIG}; then
for config, type in zip(${UBOOT_CONFIG}, ${UBOOT_MACHINE}); do
cd ${config}
mytask_helper ${type}
done
else
cd ${B}
mytask_helper ""
fi
}
By explicitly placing the work in mytask_helper, we make it easier to
ensure that everything is covered, and we also allow bbappends files to
more easily extend the task (as otherwise they would need to reimplement
the loop themselves).
[1] It doesn't particularly matter what we sign. Any FIT will do, but I
chose the kernel's because we already went to the trouble of setting it up
with the correct hashes and signatures. In the future, we could create a
"dummy" image and sign that instead, but it would probably have to happen
in the kernel recipe anyway (so we have access to the appropriate
variables).
(From OE-Core rev: 5e12dc911d0c541f43aa6d0c046fb87e8b7c1f7e)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
uboot_fitimage_assemble is called from one place with the same
arguments. Instead of using shell variables as intermediaries, simplify
the function by using the bitbake variables directly. Removing a layer
of indirection makes it easier to determine what values are being
substituted in. Some variables can't be fully converted, but they will
be addressed in the a few commits.
(From OE-Core rev: 27f42c9b9a91742d3ee358aa8dc29627379b2539)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have a specific variable for the path to the boot directory. Use it
instead of open-coding this path.
(From OE-Core rev: 725b75e83bc2b2111f2ab5103b7e7f60d6d3f34e)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replacing sysroot_stage_all by a no-op recipe makes it difficult for
bbappends to stage files intentionally. Instead, just clear
SYSROOT_DIRS, allowing other bbappends to easily add new directories.
(From OE-Core rev: 849791e7086463a4c7c53c2c1ed9603a6c3a080d)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When generating our SPL-verifying certificate, we use FIT_KEY_REQ_ARGS,
which is intended for the U-Boot-verifying certificate. Instead, use
UBOOT_FIT_KEY_REQ_ARGS.
Fixes: 0e6b0fefa0 ("u-boot: Use a different Key for SPL signing")
(From OE-Core rev: a2d939ccb182a1ad29280d236b9f9e1d09527af1)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes CVE-2022-39260
Git v2.38.1 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.
Excerpt from 2.30.6 release notes:
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.
For 2.38.0 changes, see:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt
(From OE-Core rev: b304768711374066db320fe87960be81f54a8424)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Improve the fatal error message of the yocto-kernel-tools symbol_why.py
and shows the command that generate the error as it can help understand
the root cause of the error.
(From OE-Core rev: 54ae08779071f2e97bff0ff6514ede3124312c3b)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's important to use standard variable names in the
/etc/os-release file. Otherwise reporting version etc
details requires custom modifications in various tools.
(From OE-Core rev: af528f4b46e5df0a176d91d46cc6f89c7296c602)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport of patch already present upstream to fix issues with invalid
characters for GLIB when combining gstreamer1.0-libav with ffmpeg 5.x.
Remove when gstreamer1.0-libav is upgraded to 1.21.1 or above
(From OE-Core rev: 703ff945557ad307bbe4ba0b0b7f1a2e5b4b847e)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The trailing slash in ${B} caused -fdebug-prefix-map=${B}=... to not
match as intended, resulting in ${TMPDIR} ending up in files in
${PN}-dbg when externalsrc was in use, which in turn triggered buildpath
QA warnings.
(From OE-Core rev: 9b5031ed5a0d102905fa75acc418246c23df6eef)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of changing the script environment to affect the child
processes, make a copy of the environment with modifications and pass
that to subprocess.
Specifically, when dri rendering is enabled, LD_PRELOAD was being passed
to all processes created by the script which resulted in other commands
(e.g. stty) exiting with a failure like:
/bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE
Making a copy of the environment fixes this because the LD_PRELOAD is
now only passed to qemu itself.
(From OE-Core rev: 2232599d330bd5f2a9e206b490196569ad855de8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bridge helper program is invoked directly from QEMU when it needs to
attach to a network bridge. As such, it is subject to the environment of
QEMU itself. Specifically, if bridging is enabled with direct rendering
acceleration, QEMU is run with an LD_PRELOAD that attempts to preload
several uninative libraries; however /bin/sh doesn't use the uninative
loader which means it can fail to start with an error like:
/bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE
Converting the helper program to a C program resolves this problem
because it will now use the uninative loader so the preload doesn't
cause errors.
(From OE-Core rev: f698e98f2f09952b34488b8cf9e73e82bd7aea07)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In case user requested to build a binary repeatable package,
it's required to honor the SOURCE_DATE_EPOCH environment
variable. So forcefully set mtime inside all the routines
which modify fstab in case it is updated.
(From OE-Core rev: 99719a3712a88dce8450994d995803e126e49115)
Signed-off-by: Sergei Zhmylev <s.zhmylev@yadro.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code to parse arguments was inadvertently skipping all arguments in
the elif block after gl-es if it was specified on the command line.
(From OE-Core rev: 718bb8d56f6a24c86e67830a7d13af54df2ebb4e)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* fix issue introduced in:
https://git.openembedded.org/openembedded-core/commit/?id=95fbac8dcad6c93f4c9737e9fe13e92ab6befa09
* it added check for s_dir + git-dir (typically '.git') isn't
the same as ${TOPDIR} + git-dir, but due to copy-paste issue
it was just comparing it with s_dir + git-dir again, resulting
in most external repos (where git-dir is '.git') to be processed
as regular directory (not taking advantage of git write-tree).
* normally this wouldn't be an issue, but for big repo with a lot of
files this added a lot of checksums in:
d.setVarFlag('do_compile', 'file-checksums', '${@srctree_hash_files(d)}')
and I mean *a lot, e.g. in chromium build it was 380227 paths
which still wouldn't that bad, but the checksum processing in
siggen.py isn't trivial and just looping through all these
checksums takes very long time (over 1000sec on fast NVME drive
with warm cache) and then
https://git.openembedded.org/bitbake/commit/?id=b4975d2ecf615ac4c240808fbc5a3f879a93846b
made the processing a bit more complicated and the loop in
get_taskhash() function took 6448sec and to make things worse
there was no output from bitbake during that time, so even with -DDD
it looks like this:
DEBUG: virtual/libgles2 resolved to: mesa (langdale/oe-core/meta/recipes-graphics/mesa/mesa_22.2.0.bb)
Bitbake still alive (no events for 600s). Active tasks:
Bitbake still alive (no events for 1200s). Active tasks:
Bitbake still alive (no events for 1800s). Active tasks:
Bitbake still alive (no events for 2400s). Active tasks:
Bitbake still alive (no events for 3000s). Active tasks:
Bitbake still alive (no events for 3600s). Active tasks:
Bitbake still alive (no events for 4200s). Active tasks:
Bitbake still alive (no events for 4800s). Active tasks:
Bitbake still alive (no events for 5400s). Active tasks:
Bitbake still alive (no events for 6000s). Active tasks:
DEBUG: Starting bitbake-worker
without -DDD it will get stuck for almost 2 hours in:
"Initialising tasks..."
before it finally writes sstate summary like:
"Sstate summary: Wanted 3102 Local 0 Mirrors 0 Missed 3102 Current 1483 (0% match, 32% complete)"
* fix the copy&paste typo to use git work-tree in most cases, but
be aware that this issue still exists for huge local source
trees not in git
[YOCTO #14942]
(From OE-Core rev: 9102e5a94b8146cb1da27afbe41d3db999a914ff)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wayland-protocols 1.27 is now available.
This release includes two new staging protocols:
* Content type hint
This protocol enables clients to provide hints to the compositor about
what kind of content it provides, allowing compositors to optionally
adapt its behavior accordingly.
* Idle notify
This extension allows compositors to notify clients about when the user
is idle.
Apart from these two new extensions, this release also brings the usual
clarifications, cleanups and fixes. Enjoy!
Daniel Stone (1):
xdg-shell: ack_configure must be strictly monotonic
Emmanuel Gil Peyrot (1):
staging/content-type: Content type hint support
Isaac Freund (1):
ext-session-lock: add note on client termination
Jonas Ådahl (1):
build: Bump version to 1.27
Simon Ser (3):
xdg-shell: forbid loops in set_parent
ext-idle-notify: new protocol
build: alphabetically sort list of staging protocols
(From OE-Core rev: bed837c23eada26478d50b3363e2da43f57f3b7e)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Updating to the latest korg -stable release that comprises
the following commits:
c68173b2012b Linux 5.15.72
713fa3e4591f drm/i915/gem: Really move i915_gem_context.link under ref protection
a00ed4e5d5ee x86/alternative: Fix race in try_get_desc()
c3d4b8970c0d KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest
ab5c5787ab5e clk: iproc: Do not rely on node name for correct PLL setup
e748a084b51c clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
19f4e1636626 fs: split off setxattr_copy and do_setxattr function from setxattr
a0e3719e030a vdpa/ifcvf: fix the calculation of queuepair
4755d9d2c9b0 selftests: Fix the if conditions of in test_extra_filter()
c83a7606aa65 net: phy: Don't WARN for PHY_UP state in mdio_bus_phy_resume()
a8cd7e1bc7cd net: stmmac: power up/down serdes in stmmac_open/release
67c00bcf4231 wifi: mac80211: fix regression with non-QoS drivers
520e434a082d nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
e9d7d809022e net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe
8b1b908507ce cxgb4: fix missing unlock on ETHOFLD desc collect fail path
e99c7a61d89e net: sched: act_ct: fix possible refcount leak in tcf_ct_init()
815381aeff95 usbnet: Fix memory leak in usbnet_disconnect()
af91321b7372 gpio: mvebu: Fix check for pwm support on non-A8K platforms
f592ccddac68 Input: melfas_mip4 - fix return value check in mip4_probe()
ff982b1f325d Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
bde7795794f4 drm/bridge: lt8912b: fix corrupted image output
e103b0e83991 drm/bridge: lt8912b: set hdmi or dvi mode
473f653a86ee drm/bridge: lt8912b: add vsync hsync
6a12105d9d4f ASoC: tas2770: Reinit regcache on reset
75ef73d7d2b3 arm64: dts: qcom: sm8350: fix UFS PHY serdes size
5664dc84fc2e ASoC: imx-card: Fix refcount issue with of_node_put
367403bc1cfe soc: sunxi: sram: Fix debugfs info for A64 SRAM C
68d2f42cf4f6 soc: sunxi: sram: Fix probe function ordering issues
2f82b5290078 soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
861adc2b2037 soc: sunxi: sram: Prevent the driver from being unbound
8b07378ebe43 soc: sunxi: sram: Actually claim SRAM regions
d50e0e2f3d94 ARM: dts: am5748: keep usb4_tm disabled
c48e3db1df25 reset: imx7: Fix the iMX8MP PCIe PHY PERST support
606229101290 ARM: dts: am33xx: Fix MMCHS0 dma properties
bfe5dc2101ba swiotlb: max mapping size takes min align mask into account
a6a3b6b11ac0 media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args()
ab9d32844742 media: rkvdec: Disable H.264 error detection
69379139ed78 media: dvb_vb2: fix possible out of bound access
6287c9e00595 mm,hwpoison: check mm when killing accessing process
f9aed3d8a029 mm: fix madivse_pageout mishandling on non-LRU page
1299c1198878 mm/migrate_device.c: flush TLB while holding PTL
e858f7ac7395 mm: fix dereferencing possible ERR_PTR
d75ce115625e mm: prevent page_frag_alloc() from corrupting the memory
23d17e2b04c7 mm/page_alloc: fix race condition between build_all_zonelists and page allocation
fec2db7a434a mmc: hsq: Fix data stomping during mmc recovery
4fef6e1fe07c mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
4f75d0cacd65 libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
dc248ddf41ea vduse: prevent uninitialized memory accesses
ea774829699a drm/amdgpu: Add amdgpu suspend-resume code path under SRIOV
25759a7bc1f4 drm/i915/gt: Restrict forced preemption to the active context
e0f576335d05 Revert "firmware: arm_scmi: Add clock management to the SCMI power domain"
5de02ab84aec net: mt7531: only do PLL once after the reset
56e3f8d56299 mm/damon/dbgfs: fix memory leak when using debugfs_lookup()
149da9e60b8c ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
dc8cdb988453 ARM: dts: integrator: Tag PCI host with device_type
aa5c3aa3f197 x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd
476c188b9dbe clk: ingenic-tcu: Properly enable registers before accessing timers
d134b0f7a9b9 can: c_can: don't cache TX messages for C_CAN cores
6fff203793cb Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
006a5085a3a8 net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
81e759d71a6b thunderbolt: Explicitly reset plug events delay back to USB4 spec value
85a70a259916 usb: typec: ucsi: Remove incorrect warning
ac12a04c8e08 uas: ignore UAS for Thinkplus chips
528aba78ee01 usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
0a4e8f384e82 uas: add no-uas quirk for Hiksemi usb_disk
8484a356cee8 cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
ae04dd5ef180 cgroup: reduce dependency on cgroup_mutex
7a64e6dc6cb7 ALSA: hda/realtek: fix speakers and micmute on HP 855 G8
6a3bee2ead9b ALSA: hda: Fix Nvidia dp infoframe
f7392f93a2fb ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation
de5deddfa7e7 ALSA: hda: Do disconnect jacks at codec unbind
90c7e9b400c7 Linux 5.15.71
214194610a18 ext4: use locality group preallocation for small closed files
8a1ac4167dda ext4: avoid unnecessary spreading of allocations among groups
fd8b82919549 ext4: make mballoc try target group first even with mb_optimize_scan
21dada4ce19c ext4: limit the number of retries after discarding preallocations blocks
be4df018c0be ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
90bc7b630c6c ext4: make directory inode spreading reflect flexbg size
95d714d8ad3d devdax: Fix soft-reservation memory description
27bf7a5d1198 NFSv4: Fixes for nfs4_inode_return_delegation()
21b0301f2234 drm/amdgpu: don't register a dirty callback for non-atomic
6eb08245da51 i2c: mlxbf: Fix frequency calculation
dc2a0c587006 i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
621c6ab03ac3 i2c: mlxbf: incorrect base address passed during io write
c242dbf2e36f i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
c71ec39be45a workqueue: don't skip lockdep work dependency in cancel_work_sync()
929ef155e1da fsdax: Fix infinite loop in dax_iomap_rw()
9aac3819f099 drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
1c26968caf18 drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage
492db4ffcff3 drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule()
9539cfc74493 drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport()
a541c0111818 drm/amd/display: Limit user regamma to a valid value
33b128f790b6 drm/amdgpu: use dirty framebuffer helper
f76d6f309a68 drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
e5ae504c8623 drm/gma500: Fix BUG: sleeping function called from invalid context errors
e07d9154bb81 Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
5f270b61ee8b drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
d3a67c21b18f s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
faf0e1b5d82b serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
0aada772fd16 serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
4c7e17270cab serial: Create uart_xmit_advance()
4199425b1132 serial: fsl_lpuart: Reset prior to registration
cc1504f6da2e KVM: x86/mmu: Fold rmap_recycle into rmap_add
dddae48eabfb selftests: forwarding: add shebang for sch_red.sh
08483e4c0c83 bnxt: prevent skb UAF after handing over to PTP worker
f8162aed962b net: sched: fix possible refcount leak in tc_new_tfilter()
bd29ca2b398c net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
ec3a6f4ffe55 bonding: fix NULL deref in bond_rr_gen_slave_id
db145b8a04fc net/smc: Stop the CLC flow if no link to map buffers on
5daef0042d2c drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
a08cba2f50d7 perf tools: Honor namespace when synthesizing build-ids
1a83f39dc4e1 perf kcore_copy: Do not check /proc/modules is unchanged
a3b923f449a3 perf jit: Include program header in ELF files
39dc6ccdd5af perf stat: Fix BPF program section name
c6d939639fe0 can: gs_usb: gs_can_open(): fix race dev->can.state condition
e1676adedc17 net: sh_eth: Fix PHY state warning splat during system resume
71200518bbbf net: ravb: Fix PHY state warning splat during system resume
d5917b7af7ca netfilter: ebtables: fix memory leak when blob is malformed
08d7524f366a netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
91aa52652f4b netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
c721623efd09 net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
f58e43184226 net/sched: taprio: avoid disabling offload when it was never enabled
510e703e4ed0 net: enetc: deny offload of tc-based TSN features on VF interfaces
11eb9ed08856 net: enetc: move enetc_set_psfp() out of the common enetc_set_features()
c60801e4e2b5 wireguard: netlink: avoid variable-sized memcpy on sockaddr
3ebf690d1cde wireguard: ratelimiter: disable timings test by default
c2dc533a7edb net: ipa: properly limit modem routing table use
cbdab7d68f20 of: mdio: Add of_node_put() when breaking out of for_each_xx
ca86577c10bc drm/hisilicon: Add depends on MMU
68c4acee6328 drm/hisilicon/hibmc: Allow to be built if COMPILE_TEST is enabled
8547c7bfc061 sfc: fix null pointer dereference in efx_hard_start_xmit
360910b88d14 sfc: fix TX channel offset when using legacy interrupts
bc750d7127a9 i40e: Fix set max_tx_rate when it is lower than 1 Mbps
53220b99059a i40e: Fix VF set max MTU size
7249a653fe5f iavf: Fix set max MTU size with port VLAN and jumbo frames
030e0688b6b2 mlxbf_gige: clear MDIO gateway lock after read
93859f6878e7 iavf: Fix bad page state
e1dbe8a62098 um: fix default console kernel parameter
7400e2edfc9e MIPS: Loongson32: Fix PHY-mode being left unspecified
abea65fa7713 MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
831cf63c043e drm/panel: simple: Fix innolux_g121i1_l01 bus_format
408d5752b60f net: team: Unsync device addresses on ndo_stop
f50265a4f3da net: bonding: Unsync device addresses on ndo_stop
e6b277f7367e net: bonding: Share lacpdu_mcast_addr definition
8b2ab46b6c63 scsi: mpt3sas: Fix return value check of dma_get_required_mask()
89df49e561b4 scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
5826a555f77c net: phy: aquantia: wait for the suspend/resume operations to finish
4d2f1bc9067a net: core: fix flow symmetric hash
8d06006c7eb7 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
dae9d2abe25b iavf: Fix cached head and tail value for iavf_get_tx_pending
34447d64b8d2 ice: Don't double unplug aux on peer initiated reset
816eab147e5c netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
dc33ffbc361e netfilter: nf_conntrack_irc: Tighten matching on DCC message
0606c5d5fefd netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
0babb5bc85ee arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
dd5a6c5a0875 dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
1b0e46d970b4 arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
e352fea1d0fc drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
43733b6c9fda arm64: dts: rockchip: Fix typo in lisense text for PX30.Core
2929463a9eff arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
166a332463b5 firmware: arm_scmi: Fix the asynchronous reset requests
1f08a1b26cfc firmware: arm_scmi: Harden accesses to the reset domains
9ec5a534d77c xfs: validate inode fork size against fork format
5caa3a127953 xfs: fix xfs_ifree() error handling to not leak perag ref
9e7b231687fd xfs: reorder iunlink remove operation in xfs_ifree
28c7ef86b21b vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment
3c3edb82d67b arm64: topology: fix possible overflow in amu_fie_setup()
2427a04bce86 KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
61703b248be9 mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
2d6e55e0c038 mm/slub: fix to return errno if kmalloc() fails
71075d7d4632 net: mana: Add rmb after checking owner bits
19aea370fd09 can: flexcan: flexcan_mailbox_read() fix return value for drop = true
bf0197aea195 kasan: call kasan_malloc() from __kmalloc_*track_caller()
c75288a4902b riscv: fix a nasty sigreturn bug...
97da736cd11a gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
9b26723e058f gpio: mockup: Fix potential resource leakage when register a chip
18352095a0d5 gpio: mockup: fix NULL pointer dereference when removing debugfs
2279e977405b wifi: mt76: fix reading current per-tid starting sequence number for aggregation
b5bc5a274d54 efi: libstub: check Shim mode using MokSBStateRT
ef43fee9f211 efi: x86: Wipe setup_data on pure EFI boot
b173f1f8ef9e thunderbolt: Add support for Intel Maple Ridge single port controller
65b13f951fe6 usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA
7143f6cf58db media: flexcop-usb: fix endpoint type check
d8a76a2e514f btrfs: fix hang during unmount when stopping a space reclaim worker
46053262b5f5 btrfs: fix hang during unmount when stopping block group reclaim worker
b02f86689a5a iommu/vt-d: Check correct capability for sagaw determination
a963fe6d0eb6 ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
4b2fa20da623 ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
eb54e457c4ad ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
0898469913cd ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
c6a746b4fca5 ALSA: hda/realtek: Re-arrange quirk table entries
41e974cd6ecb ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
5421125bbda8 ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
84481d7a59a2 ALSA: hda: add Intel 5 Series / 3400 PCI DID
04b5bd5702ab ALSA: hda/tegra: set depop delay for tegra
e10425c5424b ALSA: core: Fix double-free at snd_card_new()
10a8c5d7d393 Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare"
06c0204a6e80 USB: serial: option: add Quectel RM520N
6cf9e8b7e67a USB: serial: option: add Quectel BG95 0x0203 composition
369b008bbe36 USB: core: Fix RST error in hub.c
d10d1e9d9f1e drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
6eede01dfd0e Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
c02431f43e12 Revert "usb: add quirks for Lenovo OneLink+ Dock"
8de5e12f587b usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
2db7a7176c45 usb: add quirks for Lenovo OneLink+ Dock
a72eee6d905e usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
f79a57d4091f usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
1a9923999459 usb: dwc3: gadget: Refactor pullup()
7604a210acbb usb: dwc3: gadget: Prevent repeat pullup()
a0b5d22b0448 usb: dwc3: Issue core soft reset before enabling run/stop
8d583ba79cde usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
167b18f25b96 staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
add40eda8258 staging: r8188eu: Remove support for devices with 8188FU chipset (0bda:f179)
55653c548612 drm/amdgpu: make sure to init common IP before gmc
25a90a11036b drm/amdgpu: Separate vf2pf work item init from virt data exchange
3e98e33d345e Linux 5.15.70
21f948cab866 ALSA: hda/sigmatel: Fix unused variable warning for beep power change
5db17805b6ba cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
39b0235284c7 KVM: SEV: add cache flush to solve SEV cache incoherency issues
d9bf46e74735 net: Find dst with sk's xfrm policy not ctl_sk
ab5140c6ddd7 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
9af7af862cb8 mksysmap: Fix the mismatch of 'L0' symbols in System.map
2340f23c770d drm/panfrost: devfreq: set opp to the recommended one to configure regulator
7e8df4920b2a MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
af88da4c737a afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
2dd0ae85fb3c net: usb: qmi_wwan: add Quectel RM520N
a5e949e088bc ALSA: hda/tegra: Align BDL entry to 4KB boundary
3d25aaf71fe0 ALSA: hda/sigmatel: Keep power up while beep is enabled
d582756bfc71 wifi: mac80211_hwsim: check length for virtio packets
17898c3b578a rxrpc: Fix calc of resend age
1bbcd88c3c99 rxrpc: Fix local destruction being repeated
87cd4c02bdb1 scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
f08a320b4b60 regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
80c7be217ba7 ASoC: nau8824: Fix semaphore unbalance at error paths
f1d57c4c99c2 arm64: dts: juno: Add missing MHU secure-irq
59b756da49bf video: fbdev: i740fb: Error out if 'pixclock' equals zero
899f4160b140 binder: remove inaccurate mmap_assert_locked()
8c2bbfb0ded3 drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
0a7d86f156fa drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
dcef16f64969 drm/amdgpu: Don't enable LTR if not supported
710ebf8f1a08 tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa
309e9f4a17cf parisc: Allow CONFIG_64BIT with ARCH=parisc
9a72466fb61b cifs: always initialize struct msghdr smb_msg completely
21c47a08f96a cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
e1aad8c56090 cifs: revalidate mapping when doing direct writes
b04e0208d025 of/device: Fix up of_dma_configure_id() stub
8fd27239ca92 parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
5f285e4c47c3 block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait
f86092d12fbb drm/meson: Fix OSD1 RGB to YCbCr coefficient
d38eb1f37538 drm/meson: Correct OSD1 global alpha value
89cfddd416ba gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
9a173db71a99 NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
cd358b2ee56f pinctrl: sunxi: Fix name for A100 R_PIO
ca2b798e53d4 pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
30fccb4fe449 pinctrl: qcom: sc8180x: Fix wrong pin numbers
cbafdbb6f6ce pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map
ba6b9f7cc110 of: fdt: fix off-by-one error in unflatten_dt_nodes()
c23065adf97f tty: serial: atmel: Preserve previous USART mode if RS485 disabled
1d01d7beccba serial: atmel: remove redundant assignment in rs485_config
f3450c33411b drm/tegra: vic: Fix build warning when CONFIG_PM=n
820b689b4a7a Linux 5.15.69
277674996dcf Input: goodix - add compatible string for GT1158
b9b39f7332c5 RDMA/irdma: Use s/g array in post send only when its valid
125c3ae8a936 usb: gadget: f_uac2: fix superspeed transfer
fa7e0266c239 usb: gadget: f_uac2: clean up some inconsistent indenting
07609e83c1b9 soc: fsl: select FSL_GUTS driver for DPIO
3998dc50ebdc mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
cd698131ef5d usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
6087747599ec platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
d4441b810bd8 perf/arm_pmu_platform: fix tests for platform_get_irq() failure
55032fb14d4a net: dsa: hellcreek: Print warning only once
985a5d3d491d drm/amd/amdgpu: skip ucode loading if ucode_size == 0
a1347be8f0ff nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
3d380f9d1e2b Input: iforce - add support for Boeder Force Feedback Wheel
b9682878abee ieee802154: cc2520: add rc code in cc2520_tx()
3a10e8edee2b gpio: mockup: remove gpio debugfs when remove device
b4ebcd6d48bc tg3: Disable tg3 device on system reboot to avoid triggering AER
f715188c23fa hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
a86c8d1b36a9 HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
2e3aeb48995a dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins
1b80691d5115 drm/msm/rd: Fix FIFO-full deadlock
a9687a2dc7e1 platform/surface: aggregator_registry: Add support for Surface Laptop Go 2
49801d5f8b67 Input: goodix - add support for GT1158
709edbac4c45 iommu/vt-d: Fix kdump kernels boot failure with scalable mode
90f922646f57 tracefs: Only clobber mode/uid/gid on remount if asked
3c90af5a773a tracing: hold caller_addr to hardirq_{enable,disable}_ip
64840a4a2d8e task_stack, x86/cea: Force-inline stack helpers
0b009e5fd146 x86/mm: Force-inline __phys_addr_nodebug()
f9571a969973 lockdep: Fix -Wunused-parameter for _THIS_IP_
dee782da3937 ARM: dts: at91: sama7g5ek: specify proper regulator output ranges
424ac5929d0a ARM: dts: at91: fix low limit for CPU regulator
8be25fa7cfd6 ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
78eb5e326a0e ARM: dts: imx: align SPI NOR node name with dtschema
3bb12efc5e4d ACPI: resource: skip IRQ override on AMD Zen platforms
a68a734b19af NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests
(From OE-Core rev: fbc8840580fe008c2deda50c0d2d5a98e9b6c564)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
