[PATCH 3.18 19/32] iio: ad7793: Fix the serial interface reset

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Dragos Bogdan commit 7ee3b7ebcb74714df6d94c8f500f307e1ee5dda5 upstream. The serial interface can be reset by writing 32 consecutive 1s to the device. 'ret' was initialized correctly but its va

[PATCH 3.18 07/32] ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 upstream. When a USB-audio device receives a maliciously adjusted or corrupted buffer descriptor, the USB-audio driver may access a

[PATCH 3.18 16/32] iio: ad_sigma_delta: Implement a dedicated reset function

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Dragos Bogdan commit 7fc10de8d49a748c476532c9d8e8fe19e548dd67 upstream. Since most of the SD ADCs have the option of reseting the serial interface by sending a number of SCLKs with CS = 0 and

[PATCH 3.18 09/32] USB: dummy-hcd: fix connection failures (wrong speed)

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit fe659bcc9b173bcfdd958ce2aec75e47651e74e1 upstream. The dummy-hcd UDC driver is not careful about the way it handles connection speeds. It ignores the module parameter that i

[PATCH 3.18 30/32] ext4: fix data corruption for mmap writes

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a056bdaae7a181f7dcc876cfab2f94538e508709 upstream. mpage_submit_page() can race with another process growing i_size and writing data via mmap to the written-back page. As mpage

[PATCH 4.4 10/47] USB: dummy-hcd: fix connection failures (wrong speed)

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit fe659bcc9b173bcfdd958ce2aec75e47651e74e1 upstream. The dummy-hcd UDC driver is not careful about the way it handles connection speeds. It ignores the module parameter that is

[PATCH 3.18 29/32] fs/super.c: fix race between freeze_super() and thaw_super()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Oleg Nesterov commit 89f39af129382a40d7cd1f6914617282cfeee28e upstream. Change thaw_super() to check frozen != SB_FREEZE_COMPLETE rather than frozen == SB_UNFROZEN, otherwise it can race with

[PATCH 3.18 25/32] driver core: platform: Dont read past the end of "driver_override" buffer

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Nicolai Stange commit bf563b01c2895a4bfd1a29cc5abc67fe706ecffd upstream. When printing the driver_override parameter when it is 4095 and 4094 bytes long, the printing code would access invalid

[PATCH 3.18 23/32] lsm: fix smack_inode_removexattr and xattr_getsecurity memleak

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Casey Schaufler commit 57e7ba04d422c3d41c8426380303ec9b7533ded9 upstream. security_inode_getsecurity() provides the text string value of a security attribute. It does not provide a "secctx". T

[PATCH 3.18 22/32] uwb: ensure that endpoint is interrupt

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit 70e743e4cec3733dc13559f6184b35d358b9ef3f upstream. hwarc_neep_init() assumes that endpoint 0 is interrupt, but there's no check for that, which results in a WARNING in

[PATCH 3.18 26/32] HID: i2c-hid: allocate hid buffers for real worst case

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Adrian Salido commit 8320caeeffdefec3b58b9d4a7ed8e1079492fe7b upstream. The buffer allocation is not currently accounting for an extra byte for the report id. This can cause an out of bounds a

[PATCH 4.4 24/47] iwlwifi: add workaround to disable wide channels in 5GHz

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Luca Coelho commit 01a9c948a09348950515bf2abb6113ed83e696d8 upstream. The OTP in some SKUs have erroneously allowed 40MHz and 80MHz channels in the 5.2GHz band. The firmware has been modified

[PATCH 4.4 03/47] USB: gadgetfs: fix copy_to_user while holding spinlock

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 6e76c01e71551cb221c1f3deacb9dcd9a7346784 upstream. The gadgetfs driver as a long-outstanding FIXME, regarding a call of copy_to_user() made while holding a spinlock. This pat

[PATCH 4.4 08/47] ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 upstream. When a USB-audio device receives a maliciously adjusted or corrupted buffer descriptor, the USB-audio driver may access an

[PATCH 4.4 29/47] USB: fix out-of-bounds in usb_set_configuration

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman commit bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb upstream. Andrey Konovalov reported a possible out-of-bounds problem for a USB interface association descriptor. He writes:

[PATCH 4.4 39/47] uwb: properly check kthread_run return value

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit bbf26183b7a6236ba602f4d6a2f7cade35bba043 upstream. uwbd_start() calls kthread_run() and checks that the return value is not NULL. But the return value is not NULL in cas

[PATCH 4.4 40/47] uwb: ensure that endpoint is interrupt

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit 70e743e4cec3733dc13559f6184b35d358b9ef3f upstream. hwarc_neep_init() assumes that endpoint 0 is interrupt, but there's no check for that, which results in a WARNING in U

[PATCH 4.4 46/47] ext4: Dont clear SGID when inheriting ACLs

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a3bb2d5587521eea6dab2d05326abb0afb460abd upstream. When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit set, DIR1 is expected to have SGID bit set (and ownin

[PATCH 4.9 010/105] usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 0a2ce62b61f2c76d0213edf4e37aaf54a8ddf295 upstream. This patch fixes an issue that the usbhsf_fifo_clear() is possible to cause 10 msec delay if the pipe is RX direction

[PATCH 4.4 34/47] staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack.

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Stefan Popa commit f790923f146140a261ad211e5baf75d169f16fb2 upstream. Depends on: 691c4b95d1 ("iio: ad_sigma_delta: Implement a dedicated reset function") SPI host drivers can use DMA to tran

[PATCH 4.4 30/47] xhci: fix finding correct bus_state structure for USB 3.1 hosts

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 5a838a13c9b4e5dd188b7a6eaeb894e9358ead0c upstream. xhci driver keeps a bus_state structure for each hcd (usb2 and usb3) The structure is picked based on hcd speed, but dri

[PATCH 4.4 32/47] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of twl4030_madc_probe()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET commit 7f70be6e4025db0551e6863e7eb9cca07122695c upstream. Commit 7cc97d77ee8a has introduced a call to 'regulator_disable()' in the .remove function. So we should also have s

[PATCH 4.9 014/105] USB: dummy-hcd: fix connection failures (wrong speed)

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit fe659bcc9b173bcfdd958ce2aec75e47651e74e1 upstream. The dummy-hcd UDC driver is not careful about the way it handles connection speeds. It ignores the module parameter that is

[PATCH 4.4 36/47] iio: ad7793: Fix the serial interface reset

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Dragos Bogdan commit 7ee3b7ebcb74714df6d94c8f500f307e1ee5dda5 upstream. The serial interface can be reset by writing 32 consecutive 1s to the device. 'ret' was initialized correctly but its val

[PATCH 4.4 43/47] nvme: protect against simultaneous shutdown invocations

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Keith Busch commit 77bf25ea70200cddf083f74b7f617e5f07fac8bd upstream. [Back-ported to 4.4. The difference is the file location of the struct definition that's adding the mutex. This fixes repo

[PATCH 4.4 28/47] usb: Increase quirk delay for USB devices

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Fleytman commit b2a542bbb3081dbd64acc8929c140d196664c406 upstream. Commit e0429362ab15 ("usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e") introduced quirk to workaround

[PATCH 4.9 015/105] USB: dummy-hcd: fix infinite-loop resubmission bug

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 0173a68bfb0ad1c72a6ee39cc485aa2c97540b98 upstream. The dummy-hcd HCD/UDC emulator tries not to do too much work during each timer interrupt. But it doesn't try very hard; cur

[PATCH 4.9 029/105] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of twl4030_madc_probe()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET commit 7f70be6e4025db0551e6863e7eb9cca07122695c upstream. Commit 7cc97d77ee8a has introduced a call to 'regulator_disable()' in the .remove function. So we should also have s

[PATCH 4.9 024/105] xhci: fix finding correct bus_state structure for USB 3.1 hosts

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 5a838a13c9b4e5dd188b7a6eaeb894e9358ead0c upstream. xhci driver keeps a bus_state structure for each hcd (usb2 and usb3) The structure is picked based on hcd speed, but dri

[PATCH 4.9 031/105] staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack.

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Stefan Popa commit f790923f146140a261ad211e5baf75d169f16fb2 upstream. Depends on: 691c4b95d1 ("iio: ad_sigma_delta: Implement a dedicated reset function") SPI host drivers can use DMA to tran

[PATCH 4.9 033/105] IIO: BME280: Updates to Humidity readings need ctrl_reg write!

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Colin Parker commit 4b1f0c31f96c45e8521dd84aae50f2aa4aecfb7b upstream. The ctrl_reg register needs to be written after any write to the humidity registers. The value written to the ctrl_reg reg

[PATCH 4.9 020/105] USB: uas: fix bug in handling of alternate settings

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 786de92b3cb26012d3d0f00ee37adf14527f35c4 upstream. The uas driver has a subtle bug in the way it handles alternate settings. The uas_find_uas_alt_setting() routine returns an

[PATCH 4.9 019/105] USB: g_mass_storage: Fix deadlock when driver is unbound

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 1fbbb78f25d1291274f320462bf6908906f538db upstream. As a holdover from the old g_file_storage gadget, the g_mass_storage legacy gadget driver attempts to unregister itself when

[PATCH 4.9 037/105] uwb: properly check kthread_run return value

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit bbf26183b7a6236ba602f4d6a2f7cade35bba043 upstream. uwbd_start() calls kthread_run() and checks that the return value is not NULL. But the return value is not NULL in cas

[PATCH 4.9 038/105] uwb: ensure that endpoint is interrupt

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit 70e743e4cec3733dc13559f6184b35d358b9ef3f upstream. hwarc_neep_init() assumes that endpoint 0 is interrupt, but there's no check for that, which results in a WARNING in U

[PATCH 4.9 005/105] usb: gadget: udc: renesas_usb3: fix Pn_RAMMAP.Pn_MPKT value

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 73f2f5745f18b4ccfe9484deac4e84a1378d19fd upstream. According to the datasheet of R-Car Gen3, the Pn_RAMMAP.Pn_MPKT should be set to one of 8, 16, 32, 64, 512 and 1024.

[PATCH 4.9 040/105] mm, oom_reaper: skip mm structs with mmu notifiers

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hocko commit 4d4bbd8526a8fbeb2c090ea360211fceff952383 upstream. Andrea has noticed that the oom_reaper doesn't invalidate the range via mmu notifiers (mmu_notifier_invalidate_range_start

[PATCH 4.9 009/105] usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 6124607acc88fffeaadf3aacfeb3cc1304c87387 upstream. This patch fixes an issue that the driver sets the BCLR bit of {C,Dn}FIFOCTR register to 1 even when it's non-DCP pip

[PATCH 4.9 057/105] tcp: fastopen: fix on syn-data transmit failure

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit b5b7db8d680464b1d631fd016f5e093419f0bfd9 ] Our recent change exposed a bug in TCP Fastopen Client that syzkaller found right away [1] When we prepare skb with S

[PATCH 4.9 041/105] lib/ratelimit.c: use deferred printk() version

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Sergey Senozhatsky commit 656d61ce9666209c4c4a13c71902d3ee70d1ff6f upstream. printk_ratelimit() invokes ___ratelimit() which may invoke a normal printk() (pr_warn() in this particular case) to

[PATCH 4.9 055/105] ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 8c22dab03ad072e45060c299c70d02a4f6fc4aab ] If ipv6 has been disabled from cmdline since kernel started, it makes no sense to allow users to create any ip6 tunnel. Ot

[PATCH 4.9 050/105] bpf/verifier: reject BPF_ALU64|BPF_END

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Edward Cree [ Upstream commit e67b8a685c7c984e834e3181ef4619cd7025a136 ] Neither ___bpf_prog_run nor the JITs accept it. Also adds a new test case. Fixes: 17a5267067f3 ("bpf: verifier (add ve

[PATCH 4.9 054/105] net: phy: Fix mask value write on gmii2rgmii converter speed register

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Fahad Kunnathadi [ Upstream commit f2654a4781318dc7ab8d6cde66f1fa39eab980a9 ] To clear Speed Selection in MDIO control register(0x10), ie, clear bits 6 and 13 to zero while keeping other bits

[PATCH 4.9 065/105] l2tp: Avoid schedule while atomic in exit_net

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ridge Kennedy [ Upstream commit 12d656af4e3d2781b9b9f52538593e1717e7c979 ] While destroying a network namespace that contains a L2TP tunnel a "BUG: scheduling while atomic" can be observed. E

[PATCH 4.9 064/105] vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alexey Kodanev [ Upstream commit 36f6ee22d2d66046e369757ec6bbe1c482957ba6 ] When running LTP IPsec tests, KASan might report: BUG: KASAN: use-after-free in vti_tunnel_xmit+0xeee/0xff0 [ip_vti

[PATCH 4.9 068/105] net: dsa: Fix network device registration order

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Florian Fainelli [ Upstream commit e804441cfe0b60f6c430901946a69c01eac09df1 ] We cannot be registering the network device first, then setting its carrier off and finally connecting it to a PHY

[PATCH 4.9 063/105] net: qcom/emac: specify the correct size when mapping a DMA buffer

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Timur Tabi [ Upstream commit a93ad944f4ff9a797abff17c73fc4b1e4a1d9141 ] When mapping the RX DMA buffers, the driver was accidentally specifying zero for the buffer length. Under normal circum

[PATCH 4.9 069/105] packet: in packet_do_bind, test fanout with bind_lock held

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 4971613c1639d8e5f102c4e797c3bf8f83a5a69e ] Once a socket has po->fanout set, it remains a member of the group until it is destroyed. The prot_hook must be co

[PATCH 4.9 076/105] net: rtnetlink: fix info leak in RTM_GETSTATS call

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Aleksandrov [ Upstream commit ce024f42c2e28b6bce4ecc1e891b42f57f753892 ] When RTM_GETSTATS was added the fields of its header struct were not all initialized when returning the result

[PATCH 4.9 045/105] ALSA: usx2y: Suppress kernel warning at page allocation failures

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 7682e399485fe19622b6fd82510b1f4551e48a25 upstream. The usx2y driver allocates the stream read/write buffers in continuous pages depending on the stream setup, and this may s

[PATCH 4.9 079/105] powerpc/tm: Fix illegal TM state in signal handler

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo Romero commit 044215d145a7a8a60ffa8fdc859d110a795fa6ea upstream. Currently it's possible that on returning from the signal handler through the restore_tm_sigcontexts() code path (e.g. f

[PATCH 4.9 074/105] ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit d41bb33ba33b8f8debe54ed36be6925eb496e354 ] Now when updating mtu in tx path, it doesn't consider ARPHRD_ETHER tunnel device, like ip6gre_tap tunnel, for which it sho

[PATCH 4.9 047/105] net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Pirko [ Upstream commit 255cd50f207ae8ec7b22663246c833407744e634 ] Recent commit d7fb60b9cafb ("net_sched: get rid of tcfa_rcu") removed freeing in call_rcu, which changed already existin

[PATCH 4.9 071/105] net: Set sk_prot_creator when cloning sockets to the right proto

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Paasch [ Upstream commit 9d538fa60bad4f7b23193c89e843797a1cf71ef3 ] sk->sk_prot and sk->sk_prot_creator can differ when the app uses IPV6_ADDRFORM (transforming an IPv6-socket to an

[PATCH 4.9 092/105] iwlwifi: add workaround to disable wide channels in 5GHz

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Luca Coelho commit 01a9c948a09348950515bf2abb6113ed83e696d8 upstream. The OTP in some SKUs have erroneously allowed 40MHz and 80MHz channels in the 5.2GHz band. The firmware has been modified

[PATCH 4.9 090/105] netlink: fix nla_put_{u8,u16,u32} for KASAN

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit b4391db42308c9940944b5d7be5ca4b78fb88dd0 upstream. When CONFIG_KASAN is enabled, the "--param asan-stack=1" causes rather large stack frames in some functions. This goes un

[PATCH 4.9 094/105] brcmfmac: add length check in brcmf_cfg80211_escan_handler()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Arend Van Spriel commit 17df6453d4be17910456e99c5a85025aa1b7a246 upstream. Upon handling the firmware notification for scans the length was checked properly and may result in corrupting kernel

[PATCH 4.9 101/105] ext4: fix data corruption for mmap writes

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a056bdaae7a181f7dcc876cfab2f94538e508709 upstream. mpage_submit_page() can race with another process growing i_size and writing data via mmap to the written-back page. As mpage_

[PATCH 4.9 098/105] mmc: core: add driver strength selection when selecting hs400es

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Chanho Min commit fb458864d9a78cc433fec7979acbe4078c82d7a8 upstream. The driver strength selection is missed and required when selecting hs400es. So, It is added here. Fixes: 81ac2af65793ecf (

[PATCH 4.9 103/105] ext4: dont allow encrypted operations without keys

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 173b8439e1ba362007315868928bf9d26e5cc5a6 upstream. While we allow deletes without the key, the following should not be permitted: # cd /vdc/encrypted-dir-without-key # ls

[PATCH 4.9 044/105] Revert "ALSA: echoaudio: purge contradictions between dimension matrix members and total number of members"

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 51db452df07bb4c5754b73789253ba21681d9dc2 upstream. This reverts commit 275353bb684e to fix a regression which can abort 'alsactl' program in alsa-utils due to assertion

[PATCH 4.9 086/105] HID: wacom: leds: Dont try to control the EKRs read-only LEDs

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Aaron Armstrong Skomra commit 74aebed6dc13425233f2224668353cff7a112776 upstream. Commit a50aac7193f1 introduces 'led.groups' and adds EKR support for these groups. However, unlike the other dev

[PATCH 4.9 080/105] percpu: make this_cpu_generic_read() atomic w.r.t. interrupts

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mark Rutland commit e88d62cd4b2f0b1ae55e9008e79c2794b1fc914d upstream. As raw_cpu_generic_read() is a plain read from a raw_cpu_ptr() address, it's possible (albeit unlikely) that the compiler

[PATCH 4.13 023/160] net: ipv6: fix regression of no RTM_DELADDR sent after DAD failure

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Mike Manning [ Upstream commit 6819a14ecbe2e089e5c5bb74edecafdde2028a00 ] Commit f784ad3d79e5 ("ipv6: do not send RTM_DELADDR for tentative addresses") incorrectly assumes that no RTM_NEWADDR

[PATCH 4.13 026/160] net: change skb->mac_header when Generic XDP calls adjust_head

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Edward Cree [ Upstream commit 92dd5452c1be873a1193561f4f691763103d22ac ] Since XDP's view of the packet includes the MAC header, moving the start- of-packet with bpf_xdp_adjust_head needs to

[PATCH 4.13 018/160] net/sched: cls_matchall: fix crash when used with classful qdisc

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Davide Caratti [ Upstream commit 3ff4cbec87da48b0ec1f7b6196607b034de0c680 ] this script, edited from Linux Advanced Routing and Traffic Control guide tc q a dev en0 root handle 1: htb defaul

[PATCH 4.13 001/160] [media] imx-media-of: avoid uninitialized variable warning

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann Replaces upstream commit 0b2e9e7947e7 ("media: staging/imx: remove confusing IS_ERR_OR_NULL usage") We get a harmless warning about a potential uninitialized variable use in the

[PATCH 4.13 012/160] bpf/verifier: reject BPF_ALU64|BPF_END

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Edward Cree [ Upstream commit e67b8a685c7c984e834e3181ef4619cd7025a136 ] Neither ___bpf_prog_run nor the JITs accept it. Also adds a new test case. Fixes: 17a5267067f3 ("bpf: verifier (add v

[PATCH 4.13 017/160] ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 8c22dab03ad072e45060c299c70d02a4f6fc4aab ] If ipv6 has been disabled from cmdline since kernel started, it makes no sense to allow users to create any ip6 tunnel. O

[PATCH 4.13 025/160] bpf: one perf event close wont free bpf program attached by another perf event

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Yonghong Song [ Upstream commit ec9dd352d591f0c90402ec67a317c1ed4fb2e638 ] This patch fixes a bug exhibited by the following scenario: 1. fd1 = perf_event_open with attr.config = ID1 2. a

[PATCH 4.13 029/160] net: stmmac: Cocci spatch "of_table"

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Meyer [ Upstream commit f0ef1f4f2b772c0a1c8b35a6ae3edf974cc110dd ] Make sure (of/i2c/platform)_device_id tables are NULL terminated. Found by coccinelle spatch "misc/of_table.cocci" S

[PATCH 4.13 036/160] packet: in packet_do_bind, test fanout with bind_lock held

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 4971613c1639d8e5f102c4e797c3bf8f83a5a69e ] Once a socket has po->fanout set, it remains a member of the group until it is destroyed. The prot_hook must be c

[PATCH 4.13 005/160] openvswitch: Fix an error handling path in ovs_nla_init_match_and_action()

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET [ Upstream commit 5829e62ac17a40ab08c1b905565604a4b5fa7af6 ] All other error handling paths in this function go through the 'error' label. This one should do the same. Fix

[PATCH 4.13 007/160] net: bonding: fix tlb_dynamic_lb default value

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Nikolay Aleksandrov [ Upstream commit f13ad104b4e886a03e75f130daf579ef9bf33dfc ] Commit 8b426dc54cf4 ("bonding: remove hardcoded value") changed the default value for tlb_dynamic_lb which lea

[PATCH 4.13 009/160] net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Pirko [ Upstream commit 255cd50f207ae8ec7b22663246c833407744e634 ] Recent commit d7fb60b9cafb ("net_sched: get rid of tcfa_rcu") removed freeing in call_rcu, which changed already existi

[PATCH 4.13 047/160] socket, bpf: fix possible use after free

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit eefca20eb20c66b06cf5ed09b49b1a7caaa27b7b ] Starting from linux-4.4, 3WHS no longer takes the listener lock. Since this time, we might hit a use-after-free in s

[PATCH 4.13 052/160] USB: gadgetfs: fix copy_to_user while holding spinlock

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 6e76c01e71551cb221c1f3deacb9dcd9a7346784 upstream. The gadgetfs driver as a long-outstanding FIXME, regarding a call of copy_to_user() made while holding a spinlock. This pa

[PATCH 4.13 038/160] net: dsa: mv88e6xxx: lock mutex when freeing IRQs

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Vivien Didelot [ Upstream commit b32ca44a88def4bf92626d8777494c6f14638c42 ] mv88e6xxx_g2_irq_free locks the registers mutex, but not mv88e6xxx_g1_irq_free, which results in a stack trace from

[PATCH 4.13 055/160] usb: gadget: udc: renesas_usb3: fix Pn_RAMMAP.Pn_MPKT value

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 73f2f5745f18b4ccfe9484deac4e84a1378d19fd upstream. According to the datasheet of R-Car Gen3, the Pn_RAMMAP.Pn_MPKT should be set to one of 8, 16, 32, 64, 512 and 1024.

[PATCH 4.13 054/160] usb: gadget: udc: renesas_usb3: fix for no-data control transfer

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 4dcf4bab4a409e81284b8202137e4a85b96b34de upstream. When bRequestType & USB_DIR_IN is false and req.length is 0 in control transfer, since it means non-data, this drive

[PATCH 4.13 058/160] usb-storage: fix bogus hardware error messages for ATA pass-thru devices

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit a4fd4a724d6c30ad671046d83be2e9be2f11d275 upstream. Ever since commit a621bac3044e ("scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands"), people have been gett

[PATCH 4.13 064/160] USB: dummy-hcd: fix connection failures (wrong speed)

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit fe659bcc9b173bcfdd958ce2aec75e47651e74e1 upstream. The dummy-hcd UDC driver is not careful about the way it handles connection speeds. It ignores the module parameter that i

[PATCH 4.13 062/160] usb: pci-quirks.c: Corrected timeout values used in handshake

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Jim Dickerson commit 114ec3a6f9096d211a4aff4277793ba969a62c73 upstream. Servers were emitting failed handoff messages but were not waiting the full 1 second as designated in section 4.22.1 of

Re: [GIT PULL] nfsd changes for 4.14-rc

On Tue, Oct 10, 2017 at 12:27 PM, J. Bruce Fields wrote: > > I just deleted redid the tag with the same name. (Does it cause a > problem that the old object is still sitting around somewhere with the > same name but nothing pointing at it? I'm assuming not.) Thanks, that worked fine.

[PATCH 4.13 074/160] usb: xhci: Free the right ring in xhci_add_endpoint()

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Lu Baolu commit 9821786d7c90eee2f6852261893d9703801aae47 upstream. In the xhci_add_endpoint(), a new ring was allocated and saved at xhci_virt_ep->new_ring. Hence, when error happens, we need

[PATCH 4.13 046/160] l2tp: fix l2tp_eth module loading

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Guillaume Nault [ Upstream commit 9f775ead5e570e7e19015b9e4e2f3dd6e71a5935 ] The l2tp_eth module crashes if its netlink callbacks are run when the pernet data aren't initialised. We should n

[PATCH 4.13 043/160] ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit d41bb33ba33b8f8debe54ed36be6925eb496e354 ] Now when updating mtu in tx path, it doesn't consider ARPHRD_ETHER tunnel device, like ip6gre_tap tunnel, for which it sh

[PATCH 4.13 042/160] ip6_gre: ip6gre_tap device should keep dst

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 2d40557cc702ed8e5edd9bd422233f86652d932e ] The patch 'ip_gre: ipgre_tap device should keep dst' fixed a issue that ipgre_tap mtu couldn't be updated in tx path. Th

[PATCH 4.13 089/160] iio: ad7793: Fix the serial interface reset

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Dragos Bogdan commit 7ee3b7ebcb74714df6d94c8f500f307e1ee5dda5 upstream. The serial interface can be reset by writing 32 consecutive 1s to the device. 'ret' was initialized correctly but its va

[PATCH 4.13 090/160] iio: adc: stm32: fix bad error check on max_channels

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Fabrice Gasnier commit 4fb840c95f82652cece7352be9080884cafb92a0 upstream. Fix a bad error check when counting 'st,adc-channels' array elements. This is seen when all channels are in use simult

[PATCH 4.13 099/160] mm: fix RODATA_TEST failure "rodata_test: test data was not read only"

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Christophe Leroy commit a872eb2131e91ce7c89a974a5e22a272b12f upstream. On powerpc, RODATA_TEST fails with message the following messages: Freeing unused kernel memory: 528K rodata_tes

[PATCH 4.13 105/160] ALSA: compress: Remove unused variable

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Guneshwor Singh commit a931b9ce93841a5b66b709ba5a244276e345e63b upstream. Commit 04c5d5a430fc ("ALSA: compress: Embed struct device") removed the statement that used 'str' but didn't remove th

[PATCH 4.13 103/160] lib/ratelimit.c: use deferred printk() version

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Sergey Senozhatsky commit 656d61ce9666209c4c4a13c71902d3ee70d1ff6f upstream. printk_ratelimit() invokes ___ratelimit() which may invoke a normal printk() (pr_warn() in this particular case) to

[PATCH 4.13 109/160] powerpc: Fix action argument for cpufeatures-based TLB flush

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Jeremy Kerr commit 3b7af5c0fd9631762d1c4d7b4cee76f571dd3c2c upstream. Commit 41d0c2ecde19 ("powerpc/powernv: Fix local TLB flush for boot and MCE on POWER9") introduced calls to __flush_tlb_po

[PATCH 4.13 095/160] staging: vchiq_2835_arm: Fix NULL ptr dereference in free_pagelist

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Stefan Wahren commit 974d4d03fc020af4fa4e9e72a86f0fefa37803c5 upstream. This fixes a NULL pointer dereference on RPi 2 with multi_v7_defconfig. The function page_address() could return NULL wi

[PATCH 4.13 092/160] iio: adc: mcp320x: Fix oops on module unload

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Wunner commit 0964e40947a630a2a6f724e968246992f97bcf1c upstream. The driver calls spi_get_drvdata() in its ->remove hook even though it has never called spi_set_drvdata(). Stack trace f

[PATCH 4.13 113/160] intel_th: pci: Add Lewisburg PCH support

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Shishkin commit 24600840c74112ad04a9ddd99d7d7f731dcaa1cb upstream. This adds Intel(R) Trace Hub PCI ID for Lewisburg PCH. Signed-off-by: Alexander Shishkin Signed-off-by: Greg Kroa

[PATCH 4.13 094/160] uwb: ensure that endpoint is interrupt

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Konovalov commit 70e743e4cec3733dc13559f6184b35d358b9ef3f upstream. hwarc_neep_init() assumes that endpoint 0 is interrupt, but there's no check for that, which results in a WARNING in

[PATCH 4.13 098/160] mm, oom_reaper: skip mm structs with mmu notifiers

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hocko commit 4d4bbd8526a8fbeb2c090ea360211fceff952383 upstream. Andrea has noticed that the oom_reaper doesn't invalidate the range via mmu notifiers (mmu_notifier_invalidate_range_star

[PATCH 4.13 117/160] vmbus: dont acquire the mutex in vmbus_hvsock_device_unregister()

4.13-stable review patch. If anyone has any objections, please let me know. -- From: Dexuan Cui commit 33c150c2ee4a65a59190a124b45d05b1abf9478e upstream. Due to commit 54a66265d675 ("Drivers: hv: vmbus: Fix rescind handling"), we need this patch to resolve the below deadlock:

<    4   5   6   7   8   9   10   11   12   13   >