[PATCH 4.18 13/34] RDMA/ucma: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit a3671a4f973ee9d9621d60166cc3b037c397d604 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

Re: [PATCH v2] PCI/MSI: Don't touch MSI bits when the PCI device is disconnected

On Thu, Nov 08, 2018 at 02:09:17PM -0600, Bjorn Helgaas wrote: > [+cc Jonathan, Greg, Lukas, Russell, Sam, Oliver for discussion about > PCI error recovery in general] > > On Wed, Nov 07, 2018 at 05:42:57PM -0600, Bjorn Helgaas wrote: > > On Tue, Sep 18, 2018 at 05:15:00PM -0500, Alexandru

[PATCH 4.18 11/34] drm/edid: VSDB yCBCr420 Deep Color mode bit definitions

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Clint Taylor commit 9068e02f58740778d8270840657f1e250a2cc60f upstream. HDMI Forum VSDB YCBCR420 deep color capability bits are 2:0. Correct definitions in the header for the mask to work

[PATCH 4.14 31/31] net: fs_enet: do not call phy_stop() in interrupts

4.14-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit f8b39039cbf2a15f2b8c9f081e1cbd5dee00aaf5 ] In case of TX timeout, fs_timeout() calls phy_stop(), which triggers the following BUG_ON() as we are in interrupt. [92708.199889] kernel

[PATCH 4.18 13/34] RDMA/ucma: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit a3671a4f973ee9d9621d60166cc3b037c397d604 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

Re: [PATCH v2] PCI/MSI: Don't touch MSI bits when the PCI device is disconnected

On Thu, Nov 08, 2018 at 02:09:17PM -0600, Bjorn Helgaas wrote: > [+cc Jonathan, Greg, Lukas, Russell, Sam, Oliver for discussion about > PCI error recovery in general] > > On Wed, Nov 07, 2018 at 05:42:57PM -0600, Bjorn Helgaas wrote: > > On Tue, Sep 18, 2018 at 05:15:00PM -0500, Alexandru

[PATCH 4.18 10/34] drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Kai-Heng Feng commit 0711a43b6d84ff9189adfbf83c8bbf56eef794bf upstream. There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk

[PATCH 4.18 15/34] cdc-acm: do not reset notification buffer index upon urb unlinking

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tobias Herzog commit dae3ddba36f8c337fb59cef07d564da6fc9b7551 upstream. Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may

[PATCH 4.18 10/34] drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Kai-Heng Feng commit 0711a43b6d84ff9189adfbf83c8bbf56eef794bf upstream. There's another panel that reports "DFP 1.x compliant TMDS" but it supports 6bpc instead of 8 bpc. Apply 6 bpc quirk

[PATCH 4.18 15/34] cdc-acm: do not reset notification buffer index upon urb unlinking

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tobias Herzog commit dae3ddba36f8c337fb59cef07d564da6fc9b7551 upstream. Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may

[PATCH 4.14 23/31] USB: fix the usbfs flag sanitization for control transfers

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

[PATCH 4.14 23/31] USB: fix the usbfs flag sanitization for control transfers

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

[PATCH 4.14 24/31] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikhail Nikiforov commit 13c1c5e4d7f887cba36c5e3df3faa22071c1469f upstream. Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail

[PATCH 4.14 24/31] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikhail Nikiforov commit 13c1c5e4d7f887cba36c5e3df3faa22071c1469f upstream. Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail

[PATCH 4.14 29/31] x86/time: Correct the attribute on jiffies definition

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nathan Chancellor commit 53c13ba8ed39e89f21a0b98f4c8a241bb44e483d upstream. Clang warns that the declaration of jiffies in include/linux/jiffies.h doesn't match the definition in

[PATCH 4.14 22/31] usb: gadget: storage: Fix Spectre v1 vulnerability

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 9ae24af3669111d418242caec8dd4ebd9ba26860 upstream. num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.14 29/31] x86/time: Correct the attribute on jiffies definition

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nathan Chancellor commit 53c13ba8ed39e89f21a0b98f4c8a241bb44e483d upstream. Clang warns that the declaration of jiffies in include/linux/jiffies.h doesn't match the definition in

[PATCH 4.14 22/31] usb: gadget: storage: Fix Spectre v1 vulnerability

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 9ae24af3669111d418242caec8dd4ebd9ba26860 upstream. num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.18 20/34] usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Wan Ahmad Zainie commit 009b1948e153ae448f62f1887e2b58d0e05db51b upstream. Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is

[PATCH 4.18 20/34] usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Wan Ahmad Zainie commit 009b1948e153ae448f62f1887e2b58d0e05db51b upstream. Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is

[PATCH 4.18 21/34] usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Heikki Krogerus commit c02588a352defaf985fc1816eb6232663159e1b8 upstream. Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: Signed-off-by: Heikki Krogerus

[PATCH 4.18 21/34] usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Heikki Krogerus commit c02588a352defaf985fc1816eb6232663159e1b8 upstream. Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: Signed-off-by: Heikki Krogerus

[PATCH 4.18 22/34] USB: fix the usbfs flag sanitization for control transfers

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

[PATCH 4.18 23/34] block: dont deal with discard limit in blkdev_issue_discard()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 744889b7cbb56a64f957e65ade7cb65fe3f35714 upstream. blk_queue_split() does respect this limit via bio splitting, so no need to do that in blkdev_issue_discard(), then we can

[PATCH 4.18 05/34] clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Chen-Yu Tsai commit 80a6ec7d5e1653208eb53f6738620dab98f6f50e upstream. The default mid-level PLL bias current setting interferes with sigma delta modulation. This manifests as decreased audio

[PATCH 4.18 22/34] USB: fix the usbfs flag sanitization for control transfers

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

[PATCH 4.18 23/34] block: dont deal with discard limit in blkdev_issue_discard()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 744889b7cbb56a64f957e65ade7cb65fe3f35714 upstream. blk_queue_split() does respect this limit via bio splitting, so no need to do that in blkdev_issue_discard(), then we can

[PATCH 4.18 05/34] clk: sunxi-ng: sun4i: Set VCO and PLL bias current to lowest setting

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Chen-Yu Tsai commit 80a6ec7d5e1653208eb53f6738620dab98f6f50e upstream. The default mid-level PLL bias current setting interferes with sigma delta modulation. This manifests as decreased audio

[PATCH 4.18 03/34] bpf: fix partial copy of map_ptr when dst is scalar

4.18-stable review patch. If anyone has any objections, please let me know. -- commit 0962590e553331db2cc0aef2dc35c57f6300dbbe upstream. ALU operations on pointers such as scalar_reg += map_value_ptr are handled in adjust_ptr_min_max_vals(). Problem is however that map_ptr and

[PATCH 4.18 03/34] bpf: fix partial copy of map_ptr when dst is scalar

4.18-stable review patch. If anyone has any objections, please let me know. -- commit 0962590e553331db2cc0aef2dc35c57f6300dbbe upstream. ALU operations on pointers such as scalar_reg += map_value_ptr are handled in adjust_ptr_min_max_vals(). Problem is however that map_ptr and

[PATCH 4.18 07/34] cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 169b803397499be85bdd1e3d07d6f5e3d4bd669e upstream. the victim might've been rmdir'ed just before the lock_rename(); unlike the normal callers, we do not look the source up

[PATCH 4.18 07/34] cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 169b803397499be85bdd1e3d07d6f5e3d4bd669e upstream. the victim might've been rmdir'ed just before the lock_rename(); unlike the normal callers, we do not look the source up

[PATCH 4.18 06/34] fscache: Fix incomplete initialisation of inline key space

4.18-stable review patch. If anyone has any objections, please let me know. -- From: David Howells commit 1ff22883b0b2f7a73eb2609ffe879c9fd96f6328 upstream. The inline key in struct rxrpc_cookie is insufficiently initialized, zeroing only 3 of the 4 slots, therefore an

[PATCH 4.18 06/34] fscache: Fix incomplete initialisation of inline key space

4.18-stable review patch. If anyone has any objections, please let me know. -- From: David Howells commit 1ff22883b0b2f7a73eb2609ffe879c9fd96f6328 upstream. The inline key in struct rxrpc_cookie is insufficiently initialized, zeroing only 3 of the 4 slots, therefore an

[PATCH 4.18 30/34] x86, hibernate: Fix nosave_regions setup for hibernation

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Zhimin Gu commit cc55f7537db6af371e9c1c6a71161ee40f918824 upstream. On 32bit systems, nosave_regions(non RAM areas) located between max_low_pfn and max_pfn are not excluded from hibernation

[PATCH 4.18 30/34] x86, hibernate: Fix nosave_regions setup for hibernation

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Zhimin Gu commit cc55f7537db6af371e9c1c6a71161ee40f918824 upstream. On 32bit systems, nosave_regions(non RAM areas) located between max_low_pfn and max_pfn are not excluded from hibernation

[PATCH 4.18 31/34] x86/percpu: Fix this_cpu_read()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 upstream. Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must

[PATCH 4.18 09/34] ptp: fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit efa61c8cf2950ab5c0e66cff3cabe2a2b24e81ba upstream. pin_index can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.18 26/34] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikhail Nikiforov commit 13c1c5e4d7f887cba36c5e3df3faa22071c1469f upstream. Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail

[PATCH 4.18 33/34] x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Hellwig commit 485734f3fc77c1eb77ffe138c027b9a4bf0178f3 upstream. We already build the swiotlb code for 32-bit kernels with PAE support, but the code to actually use swiotlb has

[PATCH 4.18 29/34] x86/tsc: Force inlining of cyc2ns bits

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 4907c68abd3f60f650f98d5a69d4ec77c0bde44f upstream. Looking at the asm for native_sched_clock() I noticed we don't inline enough. Mostly caused by sharing code with

[PATCH 4.18 32/34] x86/time: Correct the attribute on jiffies definition

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Nathan Chancellor commit 53c13ba8ed39e89f21a0b98f4c8a241bb44e483d upstream. Clang warns that the declaration of jiffies in include/linux/jiffies.h doesn't match the definition in

[PATCH 4.18 31/34] x86/percpu: Fix this_cpu_read()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 upstream. Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must

[PATCH 4.18 09/34] ptp: fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit efa61c8cf2950ab5c0e66cff3cabe2a2b24e81ba upstream. pin_index can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.18 26/34] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikhail Nikiforov commit 13c1c5e4d7f887cba36c5e3df3faa22071c1469f upstream. Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail

[PATCH 4.18 33/34] x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Hellwig commit 485734f3fc77c1eb77ffe138c027b9a4bf0178f3 upstream. We already build the swiotlb code for 32-bit kernels with PAE support, but the code to actually use swiotlb has

[PATCH 4.18 29/34] x86/tsc: Force inlining of cyc2ns bits

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 4907c68abd3f60f650f98d5a69d4ec77c0bde44f upstream. Looking at the asm for native_sched_clock() I noticed we don't inline enough. Mostly caused by sharing code with

[PATCH 4.18 32/34] x86/time: Correct the attribute on jiffies definition

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Nathan Chancellor commit 53c13ba8ed39e89f21a0b98f4c8a241bb44e483d upstream. Clang warns that the declaration of jiffies in include/linux/jiffies.h doesn't match the definition in

[PATCH 4.18 25/34] tracing: Fix synthetic event to allow semicolon at end

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit a360d9e4016c1fcf41553b37ad496870dc5723d0 upstream. Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after

[PATCH 4.18 00/34] 4.18.18-stable review

This is the start of the stable review cycle for the 4.18.18 release. There are 34 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Nov 10 21:51:21 UTC 2018. Anything

[PATCH 4.18 25/34] tracing: Fix synthetic event to allow semicolon at end

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit a360d9e4016c1fcf41553b37ad496870dc5723d0 upstream. Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after

[PATCH 4.18 00/34] 4.18.18-stable review

This is the start of the stable review cycle for the 4.18.18 release. There are 34 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Nov 10 21:51:21 UTC 2018. Anything

[PATCH 4.18 28/34] sched/fair: Fix throttle_list starvation with low CFS quota

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Phil Auld commit baa9be4ffb55876923dc9716abc0a448e510ba30 upstream. With a very low cpu.cfs_quota_us setting, such as the minimum of 1000, distribute_cfs_runtime may not empty the

[PATCH 4.18 28/34] sched/fair: Fix throttle_list starvation with low CFS quota

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Phil Auld commit baa9be4ffb55876923dc9716abc0a448e510ba30 upstream. With a very low cpu.cfs_quota_us setting, such as the minimum of 1000, distribute_cfs_runtime may not empty the

[PATCH 4.18 34/34] x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior commit 2224d616528194b02424c91c2ee254b3d29942c3 upstream. Booting an i486 with "no387 nofxsr" ends with with the following crash: math_emulate: 0060:c101987d

[PATCH 4.18 04/34] gpio: mxs: Get rid of external API call

4.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 833eacc7b5913da9896bacd30db7d490aa777868 ] The MXS driver was calling back into the GPIO API from its irqchip. This is not very elegant, as we are a driver, let's just shortcut back

[PATCH 4.18 18/34] usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit 81f7567c51ad97668d1c3a48e8ecc482e64d4161 upstream. vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference

[PATCH 4.18 24/34] tracing: Fix synthetic event to accept unsigned modifier

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 282447ba6b00c64678ffdf964f44e5c8b1c68377 upstream. Fix synthetic event to accept unsigned modifier for its field type correctly. Currently, synthetic_events interface

[PATCH 4.18 08/34] fscache: Fix out of bound read in long cookie keys

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eric Sandeen commit fa520c47eaa15b9baa8ad66ac18da4a31679693b upstream. fscache_set_key() can incur an out-of-bounds read, reported by KASAN: BUG: KASAN: slab-out-of-bounds in

[PATCH 4.18 34/34] x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior commit 2224d616528194b02424c91c2ee254b3d29942c3 upstream. Booting an i486 with "no387 nofxsr" ends with with the following crash: math_emulate: 0060:c101987d

[PATCH 4.18 04/34] gpio: mxs: Get rid of external API call

4.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 833eacc7b5913da9896bacd30db7d490aa777868 ] The MXS driver was calling back into the GPIO API from its irqchip. This is not very elegant, as we are a driver, let's just shortcut back

[PATCH 4.18 18/34] usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit 81f7567c51ad97668d1c3a48e8ecc482e64d4161 upstream. vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference

[PATCH 4.18 24/34] tracing: Fix synthetic event to accept unsigned modifier

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 282447ba6b00c64678ffdf964f44e5c8b1c68377 upstream. Fix synthetic event to accept unsigned modifier for its field type correctly. Currently, synthetic_events interface

[PATCH 4.18 08/34] fscache: Fix out of bound read in long cookie keys

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eric Sandeen commit fa520c47eaa15b9baa8ad66ac18da4a31679693b upstream. fscache_set_key() can incur an out-of-bounds read, reported by KASAN: BUG: KASAN: slab-out-of-bounds in

[PATCH 4.18 17/34] cdc-acm: fix race between reset and control messaging

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream. If a device splits up a control message and a reset() happens between the parts, the message is lost and already

[PATCH 4.18 27/34] drm/sun4i: Fix an ulong overflow in the dotclock driver

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezillon commit e84cb605e02f1b3d0aee8d7157419cd8aaa06038 upstream. The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as

[PATCH 4.18 17/34] cdc-acm: fix race between reset and control messaging

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream. If a device splits up a control message and a reset() happens between the parts, the message is lost and already

[PATCH 4.18 27/34] drm/sun4i: Fix an ulong overflow in the dotclock driver

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezillon commit e84cb605e02f1b3d0aee8d7157419cd8aaa06038 upstream. The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as

[PATCH 4.18 19/34] usb: gadget: storage: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 9ae24af3669111d418242caec8dd4ebd9ba26860 upstream. num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.18 02/34] vfs: swap names of {do,vfs}_clone_file_range()

4.18-stable review patch. If anyone has any objections, please let me know. -- commit a725356b6659469d182d662f22d770d83d3bc7b5 upstream. Commit 031a072a0b8a ("vfs: call vfs_clone_file_range() under freeze protection") created a wrapper do_clone_file_range() around

[PATCH 4.18 19/34] usb: gadget: storage: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 9ae24af3669111d418242caec8dd4ebd9ba26860 upstream. num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.18 02/34] vfs: swap names of {do,vfs}_clone_file_range()

4.18-stable review patch. If anyone has any objections, please let me know. -- commit a725356b6659469d182d662f22d770d83d3bc7b5 upstream. Commit 031a072a0b8a ("vfs: call vfs_clone_file_range() under freeze protection") created a wrapper do_clone_file_range() around

[PATCH 4.18 14/34] IB/ucm: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 0295e39595e1146522f2722715dba7f7fba42217 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.18 01/34] eeprom: at24: Add support for address-width property

4.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit a2b3bf4846e5eed62ea6abb096af2c950961033c ] Provide a flexible way to determine the addressing bits of eeprom. Pass the addressing bits to driver through address-width property.

[PATCH 4.18 16/34] cdc-acm: correct counting of UART states in serial state notification

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tobias Herzog commit f976d0e5747ca65ccd0fb2a4118b193d70aa1836 upstream. The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent

[PATCH 4.14 20/31] cdc-acm: fix race between reset and control messaging

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream. If a device splits up a control message and a reset() happens between the parts, the message is lost and already

[PATCH 4.18 14/34] IB/ucm: Fix Spectre v1 vulnerability

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 0295e39595e1146522f2722715dba7f7fba42217 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.18 01/34] eeprom: at24: Add support for address-width property

4.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit a2b3bf4846e5eed62ea6abb096af2c950961033c ] Provide a flexible way to determine the addressing bits of eeprom. Pass the addressing bits to driver through address-width property.

[PATCH 4.18 16/34] cdc-acm: correct counting of UART states in serial state notification

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tobias Herzog commit f976d0e5747ca65ccd0fb2a4118b193d70aa1836 upstream. The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent

[PATCH 4.14 20/31] cdc-acm: fix race between reset and control messaging

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 9397940ed812b942c520e0c25ed4b2c64d57e8b9 upstream. If a device splits up a control message and a reset() happens between the parts, the message is lost and already

[PATCH 4.14 27/31] x86, hibernate: Fix nosave_regions setup for hibernation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Zhimin Gu commit cc55f7537db6af371e9c1c6a71161ee40f918824 upstream. On 32bit systems, nosave_regions(non RAM areas) located between max_low_pfn and max_pfn are not excluded from hibernation

[PATCH 4.14 27/31] x86, hibernate: Fix nosave_regions setup for hibernation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Zhimin Gu commit cc55f7537db6af371e9c1c6a71161ee40f918824 upstream. On 32bit systems, nosave_regions(non RAM areas) located between max_low_pfn and max_pfn are not excluded from hibernation

[PATCH 4.18 12/34] drm: fb-helper: Reject all pixel format changing requests

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eugeniy Paltsev commit db05c481977599236f12a85e55de9f5ab37b0a2c upstream. drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests.

[PATCH 4.14 28/31] x86/percpu: Fix this_cpu_read()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 upstream. Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must

[PATCH 4.14 26/31] x86/tsc: Force inlining of cyc2ns bits

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 4907c68abd3f60f650f98d5a69d4ec77c0bde44f upstream. Looking at the asm for native_sched_clock() I noticed we don't inline enough. Mostly caused by sharing code with

[PATCH 4.18 12/34] drm: fb-helper: Reject all pixel format changing requests

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eugeniy Paltsev commit db05c481977599236f12a85e55de9f5ab37b0a2c upstream. drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests.

[PATCH 4.14 28/31] x86/percpu: Fix this_cpu_read()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 upstream. Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must

[PATCH 4.14 26/31] x86/tsc: Force inlining of cyc2ns bits

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 4907c68abd3f60f650f98d5a69d4ec77c0bde44f upstream. Looking at the asm for native_sched_clock() I noticed we don't inline enough. Mostly caused by sharing code with

[PATCH 4.14 25/31] sched/fair: Fix throttle_list starvation with low CFS quota

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Phil Auld commit baa9be4ffb55876923dc9716abc0a448e510ba30 upstream. With a very low cpu.cfs_quota_us setting, such as the minimum of 1000, distribute_cfs_runtime may not empty the

[PATCH 4.14 25/31] sched/fair: Fix throttle_list starvation with low CFS quota

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Phil Auld commit baa9be4ffb55876923dc9716abc0a448e510ba30 upstream. With a very low cpu.cfs_quota_us setting, such as the minimum of 1000, distribute_cfs_runtime may not empty the

[PATCH 4.14 21/31] usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit 81f7567c51ad97668d1c3a48e8ecc482e64d4161 upstream. vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference

[PATCH 4.14 04/31] USB: serial: option: add two-endpoints device-id flag

4.14-stable review patch. If anyone has any objections, please let me know. -- commit 35aecc02b5b621782111f64cbb032c7f6a90bb32 upstream Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface

[PATCH 4.14 21/31] usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan (Samsung OSG) commit 81f7567c51ad97668d1c3a48e8ecc482e64d4161 upstream. vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference

[PATCH 4.14 04/31] USB: serial: option: add two-endpoints device-id flag

4.14-stable review patch. If anyone has any objections, please let me know. -- commit 35aecc02b5b621782111f64cbb032c7f6a90bb32 upstream Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface

[PATCH 4.9 131/171] mtd: spi-nor: Add support for is25wp series chips

4.9-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit d616f81cdd2a21edfa90a595a4e9b143f5ba8414 ] Added support for is25wp032, is25wp064 and is25wp128. Signed-off-by: Kimmo Rautkoski Reviewed-by: Marek Vasut Signed-off-by: Boris

[PATCH 4.14 19/31] cdc-acm: correct counting of UART states in serial state notification

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tobias Herzog commit f976d0e5747ca65ccd0fb2a4118b193d70aa1836 upstream. The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent

[PATCH 4.9 161/171] RDMA/ucma: Fix Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit a3671a4f973ee9d9621d60166cc3b037c397d604 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.14 15/31] drm: fb-helper: Reject all pixel format changing requests

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eugeniy Paltsev commit db05c481977599236f12a85e55de9f5ab37b0a2c upstream. drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests.

[PATCH 4.9 137/171] ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Stefano Brivio [ Upstream commit ee1abcf689353f36d9322231b4320926096bdee0 ] Commit a61bbcf28a8c ("[NET]: Store skb->timestamp as offset to a base timestamp") introduces a neighbour control

[PATCH 4.9 165/171] USB: fix the usbfs flag sanitization for control transfers

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

<    5   6   7   8   9   10   11   12   13   14   >