Update to 5.16.11rc1-1

7 files changed, 328 insertions, 26 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 562c03b5264c..eb7eea5e599c 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-rc
-	pkgver = 5.16.3rc1
+	pkgver = 5.16.11rc1
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -12,24 +12,28 @@ pkgbase = linux-rc
 	makedepends = tar
 	makedepends = xz
 	options = !strip
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.3-rc1.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.3-rc1.sign
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.16.2.tar.xz
-	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.16.2.tar.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.11-rc1.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.11-rc1.sign
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.16.10.tar.xz
+	source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.16.10.tar.sign
 	source = config
 	source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
 	source = 0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
+	source = 0003-Bluetooth-Read-codec-capabilities-only-if-supported.patch
+	source = 0004-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	validpgpkeys = A2FF3A36AAA56654109064AB19802F8B0D70FC30
 	validpgpkeys = C7E7849466FE2358343588377258734B41C31549
-	b2sums = de28a790288a265e1268cad5fc8e2e9491511e6cf8d566dcbbfb9d047659e359a498522265ee4e47fe1e380b5706260543bcbe47f011faf82d4932db743fb9be
+	b2sums = ef45618d83f7c8234af2edae8ae51239bc8ae3e1523e04e34d05be70d9216aa7240d398695e55818d84613695fe7ee0d804165968379183a07e550d083695333
 	b2sums = SKIP
-	b2sums = 6f07d9da86101ab72eadd53a9f58a4740037608a006fc622a923d4dd9578ce62cc9959711dca2e953e3fb68286f55fb14be04a4a00fc49a33c2c28bd5944532f
+	b2sums = 6394d715c765e27aafa3ef7ba34fb17522eb14c5e004b8ab54eb31b55bcb782205d516cdef5f7204739890642289cd1f2ef8ac430a7ee63698ccf3b3d7b0b118
 	b2sums = SKIP
-	b2sums = 3c6ff0fd8713cf5f0f0f939e45826bc83a7c4458665ae59094d83c416ae536fd8ed3370dec813d1b442ce727459150a0ef04a001cadb2c5ef7d3e2b01d5849da
-	b2sums = 8c06f840512d90c2339066677f1c64c07d1d9b7cd9a7d653fa7be1f806b0c66cb26892db662ef95cb6c27c996aef03566454699cfaa8d620dcb90c1f8f8d8276
-	b2sums = 863763c1880921c15f4d931194004461c1cb2bf195bb55ae04777694c15c01542e30d8f221d908b4fbb6a57e7b36e3260a97d67a109af3baeb53d6a85b671dd9
+	b2sums = b837c6c0d9b5e39047ebddececa28f7fbe078b8c6d8d95028cb6bf5265f7b754415e3eed779d5bce075b1163f9b5fdd28b06f2552abf99061a436e3665aa0c8a
+	b2sums = 4531d063ee9a7c50e357a544041285965d0b2d03d1f22df06c58ef9341502e120ec712d418a403d153fae0cd3dccd31046891d7659459358176d6e29a72024f2
+	b2sums = 33c8bc77c60c4fcc16740a95e49ec9fde853d04dceb8a47b1ae0ef4d14d05d453346efd9fb96579f28990c44664728937af79c52c8da8889a3502f2ade6eee11
+	b2sums = a5e5a53119135c5e82c0de604b8ece29716ba6452305606f009a3c8c0c990f3ec6b44d9940afa30455eb64f1f281145dcd0f72b576a0ea4520d67504a5a5f501
+	b2sums = cbf0456551864c4064193e34a7a9abdd633901063fd709549aa579090b26e486ced264d204bc19a9d099cd157e0ab9de728c43d28a8bbf2addf9f1f320b47507
 
 pkgname = linux-rc
 	pkgdesc = The release candidate kernel and modules
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index b8860dda35f6..64e8c663f407 100644
--- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,7 +1,7 @@
-From 0d81807c2280706a94cf5acc0806d1f33212b91e Mon Sep 17 00:00:00 2001
+From 7b04f8bb3c79d3f643fa5e114962c31464146412 Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Mon, 16 Sep 2019 04:53:20 +0200
-Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged
+Subject: [PATCH 1/5] ZEN: Add sysctl and CONFIG to disallow unprivileged
  CLONE_NEWUSER
 
 Our default behavior continues to match the vanilla kernel.
@@ -150,5 +150,5 @@ index 6b2e3ca7ee99..0253002184f1 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.34.1
+2.35.1
 
diff --git a/0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch b/0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
index 78b4f61f9208..13334dddaf23 100644
--- a/0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
+++ b/0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
@@ -1,7 +1,7 @@
-From abf563c100e1bde5fcf6262ee80f7a89c77d86cd Mon Sep 17 00:00:00 2001
+From c3c533a63f5d37736441595159a39059579b7ba7 Mon Sep 17 00:00:00 2001
 From: Kiran K <kiran.k@intel.com>
 Date: Wed, 13 Oct 2021 13:35:11 +0530
-Subject: [PATCH 2/3] Bluetooth: btintel: Fix bdaddress comparison with garbage
+Subject: [PATCH 2/5] Bluetooth: btintel: Fix bdaddress comparison with garbage
  value
 
 Intel Read Verision(TLV) data is parsed into a local structure variable
@@ -11,12 +11,14 @@ only if controller is present in boot loader mode.
 
 Signed-off-by: Kiran K <kiran.k@intel.com>
 Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+(cherry picked from commit 893505319c74cf3faa45a5ed9d5338ff03b66949)
 ---
  drivers/bluetooth/btintel.c | 22 ++++++++++++++--------
  1 file changed, 14 insertions(+), 8 deletions(-)
 
 diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
-index b11567b0fd9a..ef679b388bac 100644
+index 851a0c9b8fae..1a4f8b227eac 100644
 --- a/drivers/bluetooth/btintel.c
 +++ b/drivers/bluetooth/btintel.c
 @@ -2081,14 +2081,16 @@ static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
@@ -56,5 +58,5 @@ index b11567b0fd9a..ef679b388bac 100644
  	err = btintel_parse_version_tlv(hdev, &ver_tlv, skb);
  	if (err) {
 -- 
-2.34.1
+2.35.1
 
diff --git a/0003-Bluetooth-Read-codec-capabilities-only-if-supported.patch b/0003-Bluetooth-Read-codec-capabilities-only-if-supported.patch
new file mode 100644
index 000000000000..aaccf0b11137
--- /dev/null
+++ b/0003-Bluetooth-Read-codec-capabilities-only-if-supported.patch
@@ -0,0 +1,56 @@
+From 3be8afc41b8a434cb162ecaeceee4ae683f01b43 Mon Sep 17 00:00:00 2001
+From: Kiran K <kiran.k@intel.com>
+Date: Tue, 5 Oct 2021 20:15:56 +0530
+Subject: [PATCH 3/5] Bluetooth: Read codec capabilities only if supported
+
+Read codec capabilities only if HCI_READ_LOCAL_CODEC_CAPABILITIES
+command is supported. If capablities are not supported, then
+cache codec data without caps.
+
+Signed-off-by: Kiran K <kiran.k@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+For: https://bugs.archlinux.org/task/73454
+---
+ net/bluetooth/hci_codec.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/net/bluetooth/hci_codec.c b/net/bluetooth/hci_codec.c
+index f0421d0edaa3..38201532f58e 100644
+--- a/net/bluetooth/hci_codec.c
++++ b/net/bluetooth/hci_codec.c
+@@ -25,9 +25,11 @@ static int hci_codec_list_add(struct list_head *list,
+ 	}
+ 	entry->transport = sent->transport;
+ 	entry->len = len;
+-	entry->num_caps = rp->num_caps;
+-	if (rp->num_caps)
++	entry->num_caps = 0;
++	if (rp) {
++		entry->num_caps = rp->num_caps;
+ 		memcpy(entry->caps, caps, len);
++	}
+ 	list_add(&entry->list, list);
+ 
+ 	return 0;
+@@ -58,6 +60,18 @@ static void hci_read_codec_capabilities(struct hci_dev *hdev, __u8 transport,
+ 			__u32 len;
+ 
+ 			cmd->transport = i;
++
++			/* If Read_Codec_Capabilities command is not supported
++			 * then just add codec to the list without caps
++			 */
++			if (!(hdev->commands[45] & 0x08)) {
++				hci_dev_lock(hdev);
++				hci_codec_list_add(&hdev->local_codecs, cmd,
++						   NULL, NULL, 0);
++				hci_dev_unlock(hdev);
++				continue;
++			}
++
+ 			skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_CODEC_CAPS,
+ 					     sizeof(*cmd), cmd,
+ 					     HCI_CMD_TIMEOUT);
+-- 
+2.35.1
+
diff --git a/0004-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch b/0004-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch
new file mode 100644
index 000000000000..339e38c56d5d
--- /dev/null
+++ b/0004-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch
@@ -0,0 +1,231 @@
+From df85db742d688847f5600f94b6412fbe64112f4c Mon Sep 17 00:00:00 2001
+From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
+Date: Mon, 4 Oct 2021 14:07:34 -0400
+Subject: [PATCH 4/5] Bluetooth: fix deadlock for RFCOMM sk state change
+
+Syzbot reports the following task hang [1]:
+
+INFO: task syz-executor255:8499 blocked for more than 143 seconds.
+      Not tainted 5.14.0-rc7-syzkaller #0
+
+Call Trace:
+ context_switch kernel/sched/core.c:4681 [inline]
+ __schedule+0x93a/0x26f0 kernel/sched/core.c:5938
+ schedule+0xd3/0x270 kernel/sched/core.c:6017
+ __lock_sock+0x13d/0x260 net/core/sock.c:2644
+ lock_sock_nested+0xf6/0x120 net/core/sock.c:3185
+ lock_sock include/net/sock.h:1612 [inline]
+ rfcomm_sk_state_change+0xb4/0x390 net/bluetooth/rfcomm/sock.c:73
+ __rfcomm_dlc_close+0x1b6/0x8a0 net/bluetooth/rfcomm/core.c:489
+ rfcomm_dlc_close+0x1ea/0x240 net/bluetooth/rfcomm/core.c:520
+ __rfcomm_sock_close+0xac/0x260 net/bluetooth/rfcomm/sock.c:220
+ rfcomm_sock_shutdown+0xe9/0x210 net/bluetooth/rfcomm/sock.c:931
+ rfcomm_sock_release+0x5f/0x140 net/bluetooth/rfcomm/sock.c:951
+ __sock_release+0xcd/0x280 net/socket.c:649
+ sock_close+0x18/0x20 net/socket.c:1314
+ __fput+0x288/0x920 fs/file_table.c:280
+ task_work_run+0xdd/0x1a0 kernel/task_work.c:164
+ exit_task_work include/linux/task_work.h:32 [inline]
+ do_exit+0xbd4/0x2a60 kernel/exit.c:825
+ do_group_exit+0x125/0x310 kernel/exit.c:922
+ get_signal+0x47f/0x2160 kernel/signal.c:2808
+ arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865
+ handle_signal_work kernel/entry/common.c:148 [inline]
+ exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
+ exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209
+ __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
+ syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
+ do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Showing all locks held in the system:
+1 lock held by khungtaskd/1653:
+ #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at:
+ debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446
+1 lock held by krfcommd/4781:
+ #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at:
+ rfcomm_process_sessions net/bluetooth/rfcomm/core.c:1979 [inline]
+ #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at:
+ rfcomm_run+0x2ed/0x4a20 net/bluetooth/rfcomm/core.c:2086
+2 locks held by in:imklog/8206:
+ #0: ffff8880182ce5f0 (&f->f_pos_lock){+.+.}-{3:3}, at:
+ __fdget_pos+0xe9/0x100 fs/file.c:974
+ #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at:
+ raw_spin_rq_lock_nested kernel/sched/core.c:460 [inline]
+ #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock
+ kernel/sched/sched.h:1307 [inline]
+ #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock
+ kernel/sched/sched.h:1610 [inline]
+ #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at:
+ __schedule+0x233/0x26f0 kernel/sched/core.c:5852
+4 locks held by syz-executor255/8499:
+ #0: ffff888039a83690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at:
+ inode_lock include/linux/fs.h:774 [inline]
+ #0: ffff888039a83690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at:
+ __sock_release+0x86/0x280 net/socket.c:648
+ #1:
+ ffff88802fa31120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0},
+ at: lock_sock include/net/sock.h:1612 [inline]
+ #1:
+ ffff88802fa31120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0},
+ at: rfcomm_sock_shutdown+0x54/0x210 net/bluetooth/rfcomm/sock.c:928
+ #2: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at:
+ rfcomm_dlc_close+0x34/0x240 net/bluetooth/rfcomm/core.c:507
+ #3: ffff888141bd6d28 (&d->lock){+.+.}-{3:3}, at:
+ __rfcomm_dlc_close+0x162/0x8a0 net/bluetooth/rfcomm/core.c:487
+==================================================================
+
+The task hangs because of a deadlock that occurs when lock_sock() is
+called in rfcomm_sk_state_change(). One such call stack is:
+
+  rfcomm_sock_shutdown():
+    lock_sock();
+    __rfcomm_sock_close():
+      rfcomm_dlc_close():
+        __rfcomm_dlc_close():
+          rfcomm_dlc_lock();
+          rfcomm_sk_state_change():
+            lock_sock();
+
+lock_sock() has to be called when the sk state is changed because the
+lock is not always held when rfcomm_sk_state_change() is
+called. However, besides the recursive deadlock, there is also an
+issue of a lock hierarchy inversion between rfcomm_dlc_lock() and
+lock_sock() if the socket is locked in rfcomm_sk_state_change().
+
+To avoid these issues, we can instead schedule the sk state change in
+the global workqueue. This is already the implicit assumption about
+how sk state changes happen. For example, in rfcomm_sock_shutdown(),
+the call to __rfcomm_sock_close() is followed by
+bt_sock_wait_state().
+
+Additionally, the call to rfcomm_sock_kill() inside
+rfcomm_sk_state_change() should be removed. The socket shouldn't be
+killed here because only rfcomm_sock_release() calls sock_orphan(),
+which it already follows up with a call to rfcomm_sock_kill().
+
+Fixes: b7ce436a5d79 ("Bluetooth: switch to lock_sock in RFCOMM")
+Link: https://syzkaller.appspot.com/bug?extid=7d51f807c81b190a127d [1]
+Reported-by: syzbot+7d51f807c81b190a127d@syzkaller.appspotmail.com
+Tested-by: syzbot+7d51f807c81b190a127d@syzkaller.appspotmail.com
+Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
+Cc: Hillf Danton <hdanton@sina.com>
+---
+ include/net/bluetooth/rfcomm.h |  3 +++
+ net/bluetooth/rfcomm/core.c    |  2 ++
+ net/bluetooth/rfcomm/sock.c    | 34 ++++++++++++++++++++++------------
+ 3 files changed, 27 insertions(+), 12 deletions(-)
+
+diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
+index 99d26879b02a..a92799fc5e74 100644
+--- a/include/net/bluetooth/rfcomm.h
++++ b/include/net/bluetooth/rfcomm.h
+@@ -171,6 +171,7 @@ struct rfcomm_dlc {
+ 	struct rfcomm_session *session;
+ 	struct sk_buff_head   tx_queue;
+ 	struct timer_list     timer;
++	struct work_struct    state_change_work;
+ 
+ 	struct mutex  lock;
+ 	unsigned long state;
+@@ -186,6 +187,7 @@ struct rfcomm_dlc {
+ 	u8            sec_level;
+ 	u8            role_switch;
+ 	u32           defer_setup;
++	int           err;
+ 
+ 	uint          mtu;
+ 	uint          cfc;
+@@ -310,6 +312,7 @@ struct rfcomm_pinfo {
+ 	u8     role_switch;
+ };
+ 
++void __rfcomm_sk_state_change(struct work_struct *work);
+ int  rfcomm_init_sockets(void);
+ void rfcomm_cleanup_sockets(void);
+ 
+diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
+index 7324764384b6..c6494e85cd68 100644
+--- a/net/bluetooth/rfcomm/core.c
++++ b/net/bluetooth/rfcomm/core.c
+@@ -289,6 +289,7 @@ static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
+ 	d->flags      = 0;
+ 	d->mscex      = 0;
+ 	d->sec_level  = BT_SECURITY_LOW;
++	d->err        = 0;
+ 	d->mtu        = RFCOMM_DEFAULT_MTU;
+ 	d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
+ 
+@@ -306,6 +307,7 @@ struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
+ 	timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
+ 
+ 	skb_queue_head_init(&d->tx_queue);
++	INIT_WORK(&d->state_change_work, __rfcomm_sk_state_change);
+ 	mutex_init(&d->lock);
+ 	refcount_set(&d->refcnt, 1);
+ 
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
+index 4bf4ea6cbb5e..4850dafbaa05 100644
+--- a/net/bluetooth/rfcomm/sock.c
++++ b/net/bluetooth/rfcomm/sock.c
+@@ -61,19 +61,22 @@ static void rfcomm_sk_data_ready(struct rfcomm_dlc *d, struct sk_buff *skb)
+ 		rfcomm_dlc_throttle(d);
+ }
+ 
+-static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
++void __rfcomm_sk_state_change(struct work_struct *work)
+ {
++	struct rfcomm_dlc *d = container_of(work, struct rfcomm_dlc,
++					    state_change_work);
+ 	struct sock *sk = d->owner, *parent;
+ 
+ 	if (!sk)
+ 		return;
+ 
+-	BT_DBG("dlc %p state %ld err %d", d, d->state, err);
+-
+ 	lock_sock(sk);
++	rfcomm_dlc_lock(d);
+ 
+-	if (err)
+-		sk->sk_err = err;
++	BT_DBG("dlc %p state %ld err %d", d, d->state, d->err);
++
++	if (d->err)
++		sk->sk_err = d->err;
+ 
+ 	sk->sk_state = d->state;
+ 
+@@ -91,15 +94,22 @@ static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
+ 		sk->sk_state_change(sk);
+ 	}
+ 
++	rfcomm_dlc_unlock(d);
+ 	release_sock(sk);
++	sock_put(sk);
++}
+ 
+-	if (parent && sock_flag(sk, SOCK_ZAPPED)) {
+-		/* We have to drop DLC lock here, otherwise
+-		 * rfcomm_sock_destruct() will dead lock. */
+-		rfcomm_dlc_unlock(d);
+-		rfcomm_sock_kill(sk);
+-		rfcomm_dlc_lock(d);
+-	}
++static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
++{
++	struct sock *sk = d->owner;
++
++	if (!sk)
++		return;
++
++	d->err = err;
++	sock_hold(sk);
++	if (!schedule_work(&d->state_change_work))
++		sock_put(sk);
+ }
+ 
+ /* ---- Socket functions ---- */
+-- 
+2.35.1
+
diff --git a/PKGBUILD b/PKGBUILD
index d56a3f8185e4..35bbd6eba82f 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@ _srcname=linux-5.16
 _major=5.16
 ### on initial release this is null otherwise it is the current stable subversion
 ### ie 1,2,3 corresponding $_major.1, $_major.3 etc
-_minor=2
+_minor=10
 _minorc=$((_minor+1))
 ### on initial release this is just $_major
 _fullver=$_major.$_minor
@@ -31,6 +31,8 @@ source=(
   config         # the main kernel config file
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
+  0003-Bluetooth-Read-codec-capabilities-only-if-supported.patch
+  0004-Bluetooth-fix-deadlock-for-RFCOMM-sk-state-change.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -38,13 +40,15 @@ validpgpkeys=(
   'A2FF3A36AAA56654109064AB19802F8B0D70FC30'  # Jan Alexander Steffens (heftig)
   'C7E7849466FE2358343588377258734B41C31549'  # David Runge <dvzrv@archlinux.org>
 )
-b2sums=('de28a790288a265e1268cad5fc8e2e9491511e6cf8d566dcbbfb9d047659e359a498522265ee4e47fe1e380b5706260543bcbe47f011faf82d4932db743fb9be'
+b2sums=('ef45618d83f7c8234af2edae8ae51239bc8ae3e1523e04e34d05be70d9216aa7240d398695e55818d84613695fe7ee0d804165968379183a07e550d083695333'
         'SKIP'
-        '6f07d9da86101ab72eadd53a9f58a4740037608a006fc622a923d4dd9578ce62cc9959711dca2e953e3fb68286f55fb14be04a4a00fc49a33c2c28bd5944532f'
+        '6394d715c765e27aafa3ef7ba34fb17522eb14c5e004b8ab54eb31b55bcb782205d516cdef5f7204739890642289cd1f2ef8ac430a7ee63698ccf3b3d7b0b118'
         'SKIP'
-        '3c6ff0fd8713cf5f0f0f939e45826bc83a7c4458665ae59094d83c416ae536fd8ed3370dec813d1b442ce727459150a0ef04a001cadb2c5ef7d3e2b01d5849da'
-        '8c06f840512d90c2339066677f1c64c07d1d9b7cd9a7d653fa7be1f806b0c66cb26892db662ef95cb6c27c996aef03566454699cfaa8d620dcb90c1f8f8d8276'
-        '863763c1880921c15f4d931194004461c1cb2bf195bb55ae04777694c15c01542e30d8f221d908b4fbb6a57e7b36e3260a97d67a109af3baeb53d6a85b671dd9')
+        'b837c6c0d9b5e39047ebddececa28f7fbe078b8c6d8d95028cb6bf5265f7b754415e3eed779d5bce075b1163f9b5fdd28b06f2552abf99061a436e3665aa0c8a'
+        '4531d063ee9a7c50e357a544041285965d0b2d03d1f22df06c58ef9341502e120ec712d418a403d153fae0cd3dccd31046891d7659459358176d6e29a72024f2'
+        '33c8bc77c60c4fcc16740a95e49ec9fde853d04dceb8a47b1ae0ef4d14d05d453346efd9fb96579f28990c44664728937af79c52c8da8889a3502f2ade6eee11'
+        'a5e5a53119135c5e82c0de604b8ece29716ba6452305606f009a3c8c0c990f3ec6b44d9940afa30455eb64f1f281145dcd0f72b576a0ea4520d67504a5a5f501'
+        'cbf0456551864c4064193e34a7a9abdd633901063fd709549aa579090b26e486ced264d204bc19a9d099cd157e0ab9de728c43d28a8bbf2addf9f1f320b47507')
 
 
 export KBUILD_BUILD_HOST=archlinux
diff --git a/config b/config
index 40c80191b040..b6cab2ef35ff 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.16.0-arch1 Kernel Configuration
+# Linux/x86 5.16.9-arch1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0"
 CONFIG_CC_IS_GCC=y
@@ -1071,7 +1071,11 @@ CONFIG_SECRETMEM=y
 #
 # Data Access Monitoring
 #
-# CONFIG_DAMON is not set
+CONFIG_DAMON=y
+CONFIG_DAMON_VADDR=y
+CONFIG_DAMON_PADDR=y
+CONFIG_DAMON_DBGFS=y
+CONFIG_DAMON_RECLAIM=y
 # end of Data Access Monitoring
 # end of Memory Management options
 
@@ -6541,6 +6545,7 @@ CONFIG_DUMMY_CONSOLE=y
 CONFIG_DUMMY_CONSOLE_COLUMNS=80
 CONFIG_DUMMY_CONSOLE_ROWS=25
 CONFIG_FRAMEBUFFER_CONSOLE=y
+# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set
 CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
 CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
 CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
@@ -9974,7 +9979,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
 CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
 # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
 CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y
-CONFIG_ZERO_CALL_USED_REGS=y
+# CONFIG_ZERO_CALL_USED_REGS is not set
 # end of Memory initialization
 # end of Kernel hardening options
 # end of Security options