[PATCH 4.19 008/134] mac8390: Fix mmio access size probe

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Finn Thain [ Upstream commit bb9e5c5bcd76f4474eac3baf643d7a39f7bac7bb ] The bug that Stan reported is as follows. After a restart, a 16-bit NIC may be incorrectly identified as a 32-bit NIC an

[PATCH 4.19 028/134] ila: Fix rhashtable walker list corruption

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Herbert Xu [ Upstream commit b5f9bd15b88563b55a99ed588416881367a0ce5f ] ila_xlat_nl_cmd_flush uses rhashtable walkers allocated from the stack but it never frees them. This corrupts the walke

[PATCH 4.19 027/134] vxlan: Dont call gro_cells_destroy() before device is unregistered

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Zhiqiang Liu [ Upstream commit cc4807bb609230d8959fd732b0bf3bd4c2de8eac ] Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between receive and link delete") fixed a race condition fo

[PATCH 4.19 005/134] genetlink: Fix a memory leak on error path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing [ Upstream commit ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2 ] In genl_register_family(), when idr_alloc() fails, we forget to free the memory we possibly allocate for family->attrbuf

[PATCH 4.19 007/134] ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 1c87e79a002f6a159396138cd3f3ab554a2a8887 ] Jianlin reported a crash: [ 381.484332] BUG: unable to handle kernel NULL pointer dereference at 0068 [

[PATCH 4.19 004/134] dccp: do not use ipv6 header for ipv4 flow

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit e0aa67709f89d08c8d8e5bdd9e0b649df61d0090 ] When a dual stack dccp listener accepts an ipv4 flow, it should not attempt to use an ipv6 header or inet6_iif() helpe

[PATCH 4.19 025/134] tun: properly test for IFF_UP

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 4477138fa0ae4e1b699786ef0600863ea6e6c61c ] Same reasons than the ones explained in commit 4179cb5a4c92 ("vxlan: test dev->flags & IFF_UP before calling netif_rx(

[PATCH 4.19 023/134] tipc: change to check tipc_own_id to return in tipc_net_stop

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 9926cb5f8b0f0aea535735185600d74db7608550 ] When running a syz script, a panic occurred: [ 156.088228] BUG: KASAN: use-after-free in tipc_disc_timeout+0x9c9/0xb20

[PATCH 4.19 021/134] tcp: do not use ipv6 header for ipv4 flow

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 89e4130939a20304f4059ab72179da81f5347528 ] When a dual stack tcp listener accepts an ipv4 flow, it should not attempt to use an ipv6 header or tcp_v6_iif() helpe

[PATCH 4.19 024/134] tipc: fix cancellation of topology subscriptions

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Erik Hugne [ Upstream commit 33872d79f5d1cbedaaab79669cc38f16097a9450 ] When cancelling a subscription, we have to clear the cancel bit in the request before iterating over any established sub

[PATCH 4.19 022/134] tipc: allow service ranges to be connect()ed on RDM/DGRAM

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Erik Hugne [ Upstream commit ea239314fe42ace880bdd834256834679346c80e ] We move the check that prevents connecting service ranges to after the RDM/DGRAM check, and move address sanity control

[PATCH 4.19 026/134] vrf: prevent adding upper devices

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sabrina Dubroca [ Upstream commit 1017e0987117c32783ba7c10fe2e7ff1456ba1dc ] VRF devices don't work with upper devices. Currently, it's possible to add a VRF device to a bridge or team, and to

[PATCH 4.19 020/134] sctp: use memdup_user instead of vmemdup_user

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit ef82bcfa671b9a635bab5fa669005663d8b177c5 ] In sctp_setsockopt_bindx()/__sctp_setsockopt_connectx(), it allocates memory with addrs_size which is passed from userspac

[PATCH 4.19 017/134] packets: Always register packet sk in the same order

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Maxime Chevallier [ Upstream commit a4dc6a49156b1f8d6e17251ffda17c9e6a5db78a ] When using fanouts with AF_PACKET, the demux functions such as fanout_demux_cpu will return an index in the fanou

[PATCH 4.19 019/134] sctp: get sctphdr by offset in sctp_compute_cksum

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 273160ffc6b993c7c91627f5a84799c66dfe4dee ] sctp_hdr(skb) only works when skb->transport_header is set properly. But in Netfilter, skb->transport_header for ipv6 is

[PATCH 4.19 016/134] net-sysfs: call dev_hold if kobject_init_and_add success

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing [ Upstream commit a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e ] In netdev_queue_add_kobject and rx_queue_add_kobject, if sysfs_create_group failed, kobject_put will call netdev_queue_r

[PATCH 4.19 010/134] net: aquantia: fix rx checksum offload for UDP/TCP over IPv6

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Bogdanov [ Upstream commit a7faaa0c5dc7d091cc9f72b870d7edcdd6f43f12 ] TCP/UDP checksum validity was propagated to skb only if IP checksum is valid. But for IPv6 there is no validity as

[PATCH 4.19 015/134] net: stmmac: fix memory corruption with large MTUs

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen [ Upstream commit 223a960c01227e4dbcb6f9fa06b47d73bda21274 ] When using 16K DMA buffers and ring mode, the DES3 refill is not working correctly as the function is using a bogus p

[PATCH 4.19 011/134] net: datagram: fix unbounded loop in __skb_try_recv_datagram()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Abeni [ Upstream commit 0b91bce1ebfc797ff3de60c8f4a1e6219a8a3187 ] Christoph reported a stall while peeking datagram with an offset when busy polling is enabled. __skb_try_recv_datagram(

[PATCH 5.0 124/146] usb: typec: Fix unchecked return value

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit e82adc1074a7356f1158233551df9e86b7ebfb82 upstream. Currently there is no check on platform_get_irq() return value in case it fails, hence never actually reporting any

[PATCH 5.0 129/146] mm/debug.c: fix __dump_page when mapping->host is not set

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Oscar Salvador commit 5ae2efb1dea9f537453e841714e3ee2757595aec upstream. While debugging something, I added a dump_page() into do_swap_page(), and I got the splat from below. The issue happens

[PATCH 5.0 131/146] mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Qian Cai commit f5777bc2d9cf0712554228b1a7927b6f13f5c1f0 upstream. Due to has_unmovable_pages() taking an incorrect irqsave flag instead of the isolation flag in set_migratetype_isolate(), ther

[PATCH 5.0 133/146] perf pmu: Fix parser error for uncore event alias

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kan Liang commit e94d6b7f615e6dfbaf9fba7db6011db561461d0c upstream. Perf fails to parse uncore event alias, for example: # perf stat -e unc_m_clockticks -a --no-merge sleep 1 event syntax

[PATCH 5.0 128/146] mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Yang Shi commit a7f40cfe3b7ada57af9b62fd28430eeb4a7cfcb7 upstream. When MPOL_MF_STRICT was specified and an existing page was already on a node that does not follow the policy, mbind() should r

[PATCH 5.0 132/146] mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Lars Persson commit d2b2c6dd227ba5b8a802858748ec9a780cb75b47 upstream. Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and SIGSEGV that could not be traced back to a users

[PATCH 5.0 146/146] mt76x02u: use usb_bulk_msg to upload firmware

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Stanislaw Gruszka commit 5de4db8fcb6d6fc7d9064c22841211790c0ab81b upstream. We don't need to send firmware data asynchronously, much simpler is just use synchronous usb_bulk_msg(). [ stable no

[PATCH 5.0 144/146] KVM: x86: update %rip after emulating IO

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 45def77ebf79e2e8942b89ed79294d97ce914fa0 upstream. Most (all?) x86 platforms provide a port IO based reset mechanism, e.g. OUT 92h or CF9h. Userspace may emulate sai

[PATCH 5.0 126/146] mm: add support for kmem caches in DMA32 zone

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Nicolas Boichat commit 6d6ea1e967a246f12cfe2f5fb743b70b2e608d4a upstream. Patch series "iommu/io-pgtable-arm-v7s: Use DMA32 zone for page tables", v6. This is a followup to the discussion in [

[PATCH 5.0 137/146] powerpc/64: Fix memcmp reading past the end of src/dest

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman commit d9470757398a700d9450a43508000bcfd010c7a4 upstream. Chandan reported that fstests' generic/026 test hit a crash: BUG: Unable to handle kernel data access at 0xc006

[PATCH 5.0 139/146] watchdog: Respect watchdog cpumask on CPU hotplug

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 7dd47617114921fdd8c095509e5e7b4373cc44a1 upstream. The rework of the watchdog core to use cpu_stop_work broke the watchdog cpumask on CPU hotplug. The watchdog_enable/di

[PATCH 5.0 140/146] cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 206b92353c839c0b27a0b9bec24195f93fd6cf7a upstream. Tianyu reported a crash in a CPU hotplug teardown callback when booting a kernel which has CONFIG_HOTPLUG_CPU disabled

[PATCH 5.0 143/146] KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 upstream. The CPUID flag ARCH_CAPABILITIES is unconditioinally exposed to host userspace for all x86 hosts, i.e. KVM advertis

[PATCH 5.0 141/146] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit bebd024e4815b1a170fcd21ead9cb23ce9e6 upstream. The SMT disable 'nosmt' command line argument is not working properly when CONFIG_HOTPLUG_CPU is disabled. The teardown

[PATCH 5.0 090/146] serial: max310x: Fix to avoid potential NULL pointer dereference

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Aditya Pakki commit 3a10e3dd52e80b9a97a3346020024d17b2c272d6 upstream. of_match_device can return a NULL pointer when matching device is not found. This patch avoids a scenario causing NULL poi

[PATCH 5.0 136/146] powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gautham R. Shenoy commit ce9afe08e71e3f7d64f337a6e932e50849230fc2 upstream. In cpu_to_drc_index() in the case when FW_FEATURE_DRC_INFO is absent, we currently use of_read_property() to obtain t

[PATCH 5.0 120/146] usb: xhci: dbc: Dont free all memory with spinlock held

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 8867ea262196a6945c24a0fb739575af646ec0e9 upstream. The xhci debug capability (DbC) feature did its memory cleanup with spinlock held. dma_free_coherent() warns if called wi

[PATCH 5.0 089/146] staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gao Xiang commit 33bac912840fe64dbc15556302537dc6a17cac63 upstream. After commit 419d6efc50e9, kernel cannot be crashed in the namei path. However, corrupted nameoff can do harm in the process

[PATCH 5.0 125/146] mm/hotplug: fix offline undo_isolate_page_range()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Qian Cai commit 9b7ea46a82b31c74a37e6ff1c2a1df7d53e392ab upstream. Commit f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") introduced move_pfn_range_t

[PATCH 5.0 087/146] staging: erofs: fix to handle error path of erofs_vmap()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Chao Yu commit 8bce6dcede65139a087ff240127e3f3c01363eed upstream. erofs_vmap() wrapped vmap() and vm_map_ram() to return virtual continuous memory, but both of them can failed due to a lot of r

[PATCH 5.0 082/146] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Ian Abbott commit bafd9c64056cd034a1174dcadb65cd3b294ff8f6 upstream. `ni_cdio_cmdtest()` validates Comedi asynchronous commands for the DIO subdevice (subdevice 2) of supported National Instrum

[PATCH 5.0 091/146] serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Aditya Pakki commit 32f47179833b63de72427131169809065db6745e upstream. of_match_device on failure to find a matching device can return a NULL pointer. The patch checks for such a scenrio and pa

[PATCH 5.0 135/146] objtool: Query pkg-config for libelf location

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Rolf Eike Beer commit 056d28d135bca0b1d0908990338e00e9dadaf057 upstream. If it is not in the default location, compilation fails at several points. Signed-off-by: Rolf Eike Beer Signed-off-by

[PATCH 5.0 086/146] staging: vt6655: Fix interrupt race condition on device start up.

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit 3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream. It appears on some slower systems that the driver can find its way out of the workqueue while the interrupt is disabl

[PATCH 5.0 123/146] usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 976daf9d1199932df80e7b04546d1a1bd4ed5ece upstream. PD 2.0 sinks are supposed to accept src-capabilities with a 3.0 header and simply ignore any src PDOs which the sink does

[PATCH 5.0 122/146] usb: cdc-acm: fix race during wakeup blocking TX traffic

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Romain Izard commit 93e1c8a638308980309e009cc40b5a57ef87caf1 upstream. When the kernel is compiled with preemption enabled, the URB completion handler can run in parallel with the work responsi

[PATCH 5.0 121/146] xhci: Dont let USB3 ports stuck in polling state prevent suspend

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit d92f2c59cc2cbca6bfb2cc54882b58ba76b15fd4 upstream. Commit 2f31a67f01a8 ("usb: xhci: Prevent bus suspend if a port connect change or polling state is detected") was intended

[PATCH 5.0 117/146] mm/memory.c: fix modifying of page protection by insert_pfn()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit cae85cb8add35f678cf487139d05e083ce2f570a upstream. Aneesh has reported that PPC triggers the following warning when excercising DAX code: IP set_pte_at+0x3c/0x190 LR insert

[PATCH 5.0 119/146] xhci: Fix port resume done detection for SS ports with LPM enabled

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream. A suspended SS port in U3 link state will go to U0 when resumed, but can almost immediately after that enter U1 or U2 lin

[PATCH 5.0 085/146] staging: vt6655: Remove vif check from vnt_interrupt

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream. A check for vif is made in vnt_interrupt_work. There is a small chance of leaving interrupt disabled while vif is NU

[PATCH 5.0 112/146] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Axel Lin commit c5bc6e526d3f217ed2cc3681d256dc4a2af4cc2b upstream. Current code test wrong value so it does not verify if the written data is correctly read back. Fix it. Also make it return -E

[PATCH 5.0 113/146] phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Chen-Yu Tsai commit 1396929e8a903db80425343cacca766a18ad6409 upstream. While only the first PHY supports mode switching, the remaining PHYs work in USB host mode. They should support set_mode w

[PATCH 5.0 108/146] drm/i915: Mark AML 0x87CA as ULX

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Ville Syrjälä commit 4b9a3932e7ba929baa231231e61874c7a56f8959 upstream. If I'm reading the spec right AML 0x87CA is a Y SKU, so it should be marked as ULX in our old style terminology. Cc: sta

[PATCH 5.0 114/146] usb: mtu3: fix EXTCON dependency

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 3d54d10c6afed34fd45b852bf76f55e8da31d8ef upstream. When EXTCON is a loadable module, mtu3 fails to link as built-in: drivers/usb/mtu3/mtu3_plat.o: In function `mtu3_probe'

[PATCH 5.0 115/146] USB: gadget: f_hid: fix deadlock in f_hidg_write()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Radoslav Gerganov commit 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 upstream. In f_hidg_write() the write_spinlock is acquired before calling usb_ep_queue() which causes a deadlock when dummy_hcd

[PATCH 5.0 116/146] usb: common: Consider only available nodes for dr_mode

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Fabrizio Castro commit 238e0268c82789e4c107a37045d529a6dbce51a9 upstream. There are cases where multiple device tree nodes point to the same phy node by means of the "phys" property, but we sho

[PATCH 5.0 111/146] gpio: exar: add a check for the return value of ida_simple_get fails

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit 7ecced0934e574b528a1ba6c237731e682216a74 upstream. ida_simple_get may fail and return a negative error number. The fix checks its return value; if it fails, go to err_destroy.

[PATCH 5.0 107/146] drm/vkms: fix use-after-free when drm_gem_handle_create() fails

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 36b6c9ed45afe89045973e8dee1b004dd5372d40 upstream. If drm_gem_handle_create() fails in vkms_gem_create(), then the vkms_gem_object is freed twice: once when the reference is

[PATCH 5.0 109/146] drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Zhenyu Wang commit 13bcb80b7ee79431fce361e060611134cb19e209 upstream. When MI_FLUSH_DW post write hw status page in index mode, the index value is in dword step and turned into address offset i

[PATCH 5.0 110/146] drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Manasi Navare commit 69903dfae0310afe8a15f5cd4e376ebb7c6da1d2 upstream. This patch fixes the PORT_SYNC_MODE_MASTER_SELECT macro to correctly do the left shifting to set the port sync master sel

[PATCH 5.0 099/146] ACPI / CPPC: Fix guaranteed performance handling

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Srinivas Pandruvada commit edef1ef134180149694b86386277076f566d165c upstream. As per the ACPI specification, "Guaranteed Performance Register" is a "Buffer" field and it cannot be "Integer", so

[PATCH 5.0 106/146] drm/vgem: fix use-after-free when drm_gem_handle_create() fails

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 21d2b122732318b48c10b7262e15595ce54511d3 upstream. If drm_gem_handle_create() fails in vgem_gem_create(), then the drm_vgem_gem_object is freed twice: once when the referenc

[PATCH 5.0 105/146] cpufreq: scpi: Fix use after free

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Vincent Stehlé commit 31d4c528cea4023cf36f6148c03bb960cedefeef upstream. Free the priv structure only after we are done using it. Fixes: 1690d8bb91e370ab ("cpufreq: scpi/scmi: Fix freeing of d

[PATCH 5.0 098/146] USB: serial: option: add Olicard 600

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork commit 84f3b43f7378b98b7e3096d5499de75183d4347c upstream. This is a Qualcomm based device with a QMI function on interface 4. It is mode switched from 2020:2030 using a standard ejec

[PATCH 5.0 104/146] cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Srinivas Pandruvada commit 92a3e426ec06e72b1c363179c79d30712447ff76 upstream. The ACPI specification states that if the "Guaranteed Performance Register" is not implemented, the OSPM assumes gu

[PATCH 5.0 103/146] blk-mq: fix sbitmap ws_active for shared tags

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jens Axboe commit e861857545567adec8da3bdff728efdf7db12285 upstream. We now wrap sbitmap waitqueues in an active counter, so we can avoid iterating wakeups unless we have waiters there. This wo

[PATCH 5.0 084/146] staging: speakup_soft: Fix alternate speech with other synths

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Samuel Thibault commit 45ac7b31bc6c4af885cc5b5d6c534c15bcbe7643 upstream. When switching from speakup_soft to another synth, speakup_soft would keep calling synth_buffer_getc() from softsynthx_

[PATCH 5.0 100/146] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Wentao Wang commit 3ec8002951ea173e24b466df1ea98c56b7920e63 upstream. Echo "" to /sys/module/kgdboc/parameters/kgdboc will fail with "No such device” error. This is caused by function "configu

[PATCH 5.0 097/146] USB: serial: option: add support for Quectel EM12

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kristian Evensen commit d1252f0237238b912c3e7a51bf237acf34c97983 upstream. The Quectel EM12 is a Cat. 12 LTE modem. It behaves in the exactly the same way as the EP06 (including the dynamic con

Re: [PATCH] ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233

On Mon, 01 Apr 2019 05:25:05 +0200, Jian-Hong Pan wrote: > > The Acer TravelMate B114-21 laptop cannot detect and record sound from > headset MIC. This patch adds the ALC233_FIXUP_ACER_HEADSET_MIC HDA verb > quirk chained with ALC233_FIXUP_ASUS_MIC_NO_PRESENCE pin quirk to fix > this issue. > >

[PATCH 5.0 092/146] serial: sh-sci: Fix setting SCSCR_TIE while transferring data

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Hoan Nguyen An commit 93bcefd4c6bad4c69dbc4edcd3fbf774b24d930d upstream. We disable transmission interrupt (clear SCSCR_TIE) after all data has been transmitted (if uart_circ_empty(xmit)). Whi

[PATCH 5.0 083/146] staging: olpc_dcon_xo_1: add missing const qualifier

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit ae0a6d2017f733781dcc938a471ccc2d05f9bee6 upstream. gcc noticed a mismatch between the type qualifiers after a recent cleanup: drivers/staging/olpc_dcon/olpc_dcon_xo_1.c: I

[PATCH 5.0 047/146] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kohji Okuno commit 91740fc8242b4f260cfa4d4536d8551804777fae upstream. In the current cpuidle implementation for i.MX6q, the CPU that sets 'WAIT_UNCLOCKED' and the CPU that returns to 'WAIT_CLOC

[PATCH 5.0 042/146] btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Borisov commit 7ff2c2a1a71e83f74574b8001ea88deb3c166ad7 upstream. If 'cur_level' is 7 then the bound checking at the top of the function will actually pass. Later on, it's possible to

[PATCH 5.0 050/146] NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Catalin Marinas commit 3028efe03be9c8c4cd7923f0f3c39b2871cc8a8f upstream. Commit 7b587e1a5a6c ("NFS: use locks_copy_lock() to copy locks.") changed the lock copying from memcpy() to the dedicat

[PATCH 5.0 049/146] vfio: ccw: only free cp on final interrupt

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Cornelia Huck commit 50b7f1b7236bab08ebbbecf90521e84b068d7a17 upstream. When we get an interrupt for a channel program, it is not necessarily the final interrupt; for example, the issuing guest

[PATCH 5.0 078/146] tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Razvan Stefanescu commit 69646d7a3689fbe1a65ae90397d22ac3f1b8d40f upstream. In half-duplex operation, RX should be started after TX completes. If DMA is used, there is a case when the DMA tran

[PATCH 5.0 079/146] tty: mxs-auart: fix a potential NULL pointer dereference

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit 6734330654dac550f12e932996b868c6d0dcb421 upstream. In case ioremap fails, the fix returns -ENOMEM to avoid NULL pointer dereferences. Multiple places use port.membase. Signed

[PATCH 5.0 080/146] tty: atmel_serial: fix a potential NULL pointer dereference

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit c85be041065c0be8bc48eda4c45e0319caf1d0e5 upstream. In case dmaengine_prep_dma_cyclic fails, the fix returns a proper error code to avoid NULL pointer dereference. Signed-off-

[PATCH 5.0 074/146] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit fe67888fc007a76b81e37da23ce5bd8fb95890b0 upstream. An already deleted SCSI device can exist on the Scsi_Host and remain there because something still holds a reference. A

[PATCH 5.0 077/146] tty/serial: atmel: Add is_half_duplex helper

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Razvan Stefanescu commit f3040983132bf3477acd45d2452a906e67c2fec9 upstream. Use a helper function to check that a port needs to use half duplex communication, replacing several occurrences of m

[PATCH 5.0 075/146] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit 242ec1455151267fe35a0834aa9038e4c4670884 upstream. Suppose more than one non-NPIV FCP device is active on the same channel. Send I/O to storage and have some of the pending

[PATCH 5.0 071/146] ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Darrick J. Wong commit e6a9467ea14bae8691b0f72c500510c42ea8edb8 upstream. ocfs2_reflink_inodes_lock() can swap the inode1/inode2 variables so that we always grab cluster locks in order of incre

[PATCH 5.0 073/146] scsi: sd: Quiesce warning if device does not report optimal I/O size

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Martin K. Petersen commit 1d5de5bd311be7cd54f02f7cd164f0349a75c876 upstream. Commit a83da8a4509d ("scsi: sd: Optimal I/O size should be a multiple of physical block size") split one conditional

[PATCH 5.0 072/146] scsi: sd: Fix a race between closing an sd device and sd I/O

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit c14a57264399efd39514a2329c591a4b954246d8 upstream. The scsi_end_request() function calls scsi_cmd_to_driver() indirectly and hence needs the disk->private_data pointer. A

[PATCH 5.0 067/146] ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 6ac371aa1a74240fb910c98aa3484d5ece8473d3 upstream. The ASUS X430UN and X512DK with ALC256 cannot detect the headset MIC until ALC256_FIXUP_ASUS_MIC_NO_PRESENCE quirk applie

[PATCH 5.0 066/146] ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Chris Chiu commit a806ef1cf3bbc0baadc6cdeb11f12b5dd27e91c2 upstream. The ASUS laptop P5440FF with ALC256 can't detect the headset microphone until ALC256_FIXUP_ASUS_MIC_NO_PRESENCE quirk applie

[PATCH 5.0 070/146] fs/open.c: allow opening only regular files during execve()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Tetsuo Handa commit 73601ea5b7b18eb234219ae2adf77530f389da79 upstream. syzbot is hitting lockdep warning [1] due to trying to open a fifo during an execve() operation. But we don't need to ope

[PATCH 5.0 068/146] ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Bernhard Rosenkraenzer commit e2a829b3da01b9b32c4d0291d042b8a6e2a98ca3 upstream. On an Acer Predator Helios 500 (Ryzen version), the laptop's speakers don't work out of the box. The problem ca

[PATCH 5.0 069/146] kbuild: modversions: Fix relative CRC byte order interpretation

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Fredrik Noring commit 54a7151b1496cddbb7a83546b7998103e98edc88 upstream. Fix commit 56067812d5b0 ("kbuild: modversions: add infrastructure for emitting relative CRCs") where CRCs are interprete

[PATCH 5.0 063/146] ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 2733ccebf4a937a0858e7d05a4a003b89715033f upstream. The Acer Aspire Z24-890 cannot detect the headset MIC until ALC286_FIXUP_ACER_AIO_HEADSET_MIC quirk applied. Signed-off-

[PATCH 5.0 065/146] ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit e1037354a0a75acdea2b27043c0a371ed85cf262 upstream. The ASUS laptop X441MB and X705FD with ALC256 cannot detect the headset MIC until ALC256_FIXUP_ASUS_MIC_NO_PRESENCE quirk

[PATCH 5.0 062/146] ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 667a8f73753908c4d0171e52b71774f9be5d6713 upstream. Some Acer AIO desktops like Veriton Z6860G, Z4860G and Z4660G cannot record sound from headset MIC. This patch adds the

[PATCH 5.0 044/146] Btrfs: fix assertion failure on fsync with NO_HOLES enabled

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit 0ccc3876e4b2a1559a4dbe3126dda4459d38a83b upstream. Back in commit a89ca6f24ffe4 ("Btrfs: fix fsync after truncate when no_holes feature is enabled") I added an assertion th

[PATCH 5.0 061/146] ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kailang Yang commit da484d00f020af3dd7cfcc6c4b69a7f856832883 upstream. Enable headset mode support for new WYSE NB platform. Signed-off-by: Kailang Yang Signed-off-by: Takashi Iwai Signed-of

[PATCH 5.0 055/146] ALSA: seq: oss: Fix Spectre v1 vulnerability

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit c709f14f0616482b67f9fbcb965e1493a03ff30b upstream. dev is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vuln

[PATCH 5.0 058/146] ALSA: hda/realtek - Fixed Headset Mic JD not stable

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kailang Yang commit 10f5b1b85ed10a80d45bc2db450e65bd792efaad upstream. It will be lose Mic JD state when Chrome OS boot and headset was plugged. Implement of reset combo jack JD. It will show n

[PATCH 5.0 060/146] ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kailang Yang commit 136824efaab2c095fc911048f7c7ddeda258c965 upstream. This patch will enable WYSE AIO for Headset mode. Signed-off-by: Kailang Yang Signed-off-by: Takashi Iwai Signed-off-by

[PATCH 5.0 054/146] ALSA: rawmidi: Fix potential Spectre v1 vulnerability

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 2b1d9c8f87235f593826b9cf46ec10247741fff9 upstream. info->stream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre varia

[PATCH 5.0 043/146] btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Borisov commit 139a56170de67101791d6e6c8e940c6328393fe9 upstream. qgroup_rsv_size is calculated as the product of outstanding_extent * fs_info->nodesize. The product is calculated with

[PATCH 5.0 052/146] NFSv4.1 dont free interrupted slot on open

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Olga Kornievskaia commit 0cb98abb5bd13b9a636bde603d952d722688b428 upstream. Allow the async rpc task for finish and update the open state if needed, then free the slot. Otherwise, the async rpc

<    4   5   6   7   8   9   10   11   12   13   >