[PATCH 3.18 008/120] net: hp100: fix always-true check for link up state

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Colin Ian King [ Upstream commit a7f38002fb69b44f8fc622ecb838665d0b8666af ] The operation ~(p100_inb(VG_LAN_CFG_1) & HP100_LINK_UP) returns a value that is always non-zero and hence the wait

[PATCH 3.18 000/120] 3.18.124-stable review

This is the start of the stable review cycle for the 3.18.124 release. There are 120 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:29 UTC 2018. Anything

[PATCH 3.18 031/120] alarmtimer: Prevent overflow for relative nanosleep

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner [ Upstream commit 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef ] Air Icy reported: UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7 signed integer overflow:

[PATCH 3.18 030/120] usb: wusbcore: security: cast sizeof to int for comparison

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Julia Lawall [ Upstream commit d3ac5598c5010a878ebbcca3b1c6188ca36b ] Comparing an int to a size, which is unsigned, causes the int to become unsigned, giving the wrong result.

[PATCH 3.18 021/120] tsl2550: fix lux1_input error in low light

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Matt Ranostay [ Upstream commit ce054546cc2c26891cefa2f284d90d93b52205de ] ADC channel 0 photodiode detects both infrared + visible light, but ADC channel 1 just detects infrared. However,

[PATCH 3.18 005/120] mm: shmem.c: Correctly annotate new inodes for lockdep

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Joel Fernandes (Google) commit b45d71fb89ab8adfe727b9d0ee188ed58582a647 upstream. Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them

[PATCH 3.18 004/120] ring-buffer: Allow for rescheduling when removing pages

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Vaibhav Nagarnaik commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 upstream. When reducing ring buffer size, pages are removed by scheduling a work item on each CPU for the corresponding CPU

[PATCH 3.18 003/120] ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Willy Tarreau commit 49434c6c575d2008c0abbc93e615019f39e01252 upstream. snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates memory using kmalloc() and partially fills it by calling

[PATCH 3.18 043/120] HID: hid-ntrig: add error handling for sysfs_create_group

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Zhouyang Jia [ Upstream commit 44d4d51de9a3534a2b63d69efda02a10e66541e4 ] When sysfs_create_group fails, the lack of error-handling code may cause unexpected results. This patch adds

[PATCH 3.18 048/120] floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Andy Whitcroft commit 65eea8edc315589d6c993cf12dbb5d0e9ef1fe4e upstream. The final field of a floppy_struct is the field "name", which is a pointer to a string in kernel memory. The kernel

[PATCH 3.18 046/120] module: exclude SHN_UNDEF symbols from kallsyms api

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Jessica Yu [ Upstream commit 9f2d1e68cf4d641def734adaccfc3823d3575e6c ] Livepatch modules are special in that we preserve their entire symbol tables in order to be able to apply relocations

[PATCH 3.18 045/120] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Liam Girdwood [ Upstream commit e01b4f624278d5efe5fb5da585ca371947b16680 ] Sometime a component or topology may configure a DAI widget with no private data leading to a dev_dbg() dereferencne

[PATCH 3.18 047/120] nfsd: fix corrupted reply to badly ordered compound

3.18-stable review patch. If anyone has any objections, please let me know. -- From: "J. Bruce Fields" [ Upstream commit 5b7b15aee641904ae269be9846610a3950cbd64c ] We're encoding a single op in the reply but leaving the number of ops zero, so the reply makes no sense.

[PATCH 3.18 039/120] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Kai-Heng Feng [ Upstream commit 1adca4b0cd65c14cb8b8c9c257720385869c3d5f ] This patch can make audio controller in AMD Raven Ridge gets runtime suspended to D3, to save ~1W power when it's

[PATCH 3.18 042/120] ARM: mvebu: declare asm symbols as character arrays in pmsu.c

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Ethan Tuttle [ Upstream commit d0d378ff451a66e486488eec842e507d28145813 ] With CONFIG_FORTIFY_SOURCE, memcpy uses the declared size of operands to detect buffer overflows. If src or dest is

[PATCH 3.18 022/120] x86/numa_emulation: Fix emulated-to-physical node mapping

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Dan Williams [ Upstream commit 3b6c62f363a19ce82bf378187ab97c9dc01e3927 ] Without this change the distance table calculation for emulated nodes may use the wrong numa node and report an

[PATCH 3.18 041/120] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Tony Lindgren [ Upstream commit 4ec7cece87b3ed21ffcd407c62fb2f151a366bc1 ] Otherwise we can get: WARNING: CPU: 0 PID: 55 at drivers/net/wireless/ti/wlcore/io.h:84 I've only seen this few

[PATCH 3.18 038/120] media: tm6000: add error handling for dvb_register_adapter

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Zhouyang Jia [ Upstream commit e95d7c6eb94c634852eaa5ff4caf3db05b5d2e86 ] When dvb_register_adapter fails, the lack of error-handling code may cause unexpected results. This patch adds

[PATCH 3.18 040/120] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter [ Upstream commit ae636fb1554833ee5133ca47bf4b2791b6739c52 ] This is a static checker fix, not something I have tested. The issue is that on the second iteration through the

[PATCH 3.18 037/120] drivers/tty: add error handling for pcmcia_loop_config

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Zhouyang Jia [ Upstream commit 85c634e919bd6ef17427f26a52920aeba12e16ee ] When pcmcia_loop_config fails, the lack of error-handling code may cause unexpected results. This patch adds

[PATCH 3.18 007/120] net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Willy Tarreau [ Upstream commit 9824dfae5741275473a23a7ed5756c7b6efacc9d ] Fields ->dev and ->next of struct ipddp_route may be copied to userspace on the SIOCFINDIPDDPRT ioctl. This is only

[PATCH 3.18 009/120] neighbour: confirm neigh entries when ARP packet is received

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Khoruzhick [ Upstream commit f0e0d04413fcce9bc76388839099aee93cd0d33b ] Update 'confirmed' timestamp when ARP packet is received. It shouldn't affect locktime logic and anyway entry

[PATCH 3.18 006/120] gso_segment: Reset skb->mac_len after modifying network header

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Toke Høiland-Jørgensen [ Upstream commit c56cae23c6b167acc68043c683c4573b80cbcc2c ] When splitting a GSO segment that consists of encapsulated packets, the skb->mac_len of the segments can

[PATCH 3.18 002/120] ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 493626f2d87a74e6dbea1686499ed6e7e600484e upstream. When executing 'fw_run_transaction()' with 'TCODE_WRITE_BLOCK_REQUEST', an address of 'payload' argument is used for

[PATCH 3.18 033/120] ALSA: snd-aoa: add of_node_put() in error path

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Mc Guire [ Upstream commit 222bce5eb88d1af656419db04bcd84b2419fb900 ] Both calls to of_find_node_by_name() and of_get_next_child() return a node pointer with refcount incremented

[PATCH 3.18 036/120] staging: android: ashmem: Fix mmap size validation

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Alistair Strachan [ Upstream commit 8632c614565d0c5fdde527889601c018e97b6384 ] The ashmem driver did not check that the size/offset of the vma passed to its .mmap() function was not larger

[PATCH 3.18 035/120] media: soc_camera: ov772x: correct setting of banding filter

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Akinobu Mita [ Upstream commit 22216ec41e919682c15345e95928f266e8ba6f9e ] The banding filter ON/OFF is controlled via bit 5 of COM8 register. It is attempted to be enabled in

[PATCH 3.18 032/120] s390/extmem: fix gcc 8 stringop-overflow warning

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Gorbik [ Upstream commit 6b2ddf33baec23dace85bd647e3fc4ac070963e8 ] arch/s390/mm/extmem.c: In function '__segment_load': arch/s390/mm/extmem.c:436:2: warning: 'strncat' specified bound

[PATCH 3.18 034/120] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Akinobu Mita [ Upstream commit 30ed2b83343bd1e07884ca7355dac70d25ffc158 ] When the subdevice doesn't provide s_power core ops callback, the v4l2_subdev_call for s_power returns -ENOIOCTLCMD.

[PATCH 4.14 26/45] of: unittest: Disable interrupt node tests for old world MAC systems

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 8894891446c9380709451b99ab45c5c53adfd2fc upstream. On systems with OF_IMAP_OLDWORLD_MAC set in of_irq_workarounds, the devicetree interrupt parsing code is different,

[PATCH 4.14 24/45] usb: cdc_acm: Do not leak URB buffers

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Romain Izard commit f2924d4b16ae138c2de6a0e73f526fb638330858 upstream. When the ACM TTY port is disconnected, the URBs it uses must be killed, and then the buffers must be freed.

[PATCH 4.14 27/45] perf annotate: Use asprintf when formatting objdump command line

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Arnaldo Carvalho de Melo commit 6810158d526e483868e519befff407b91e76b3db upstream. We were using a local buffer with an arbitrary size, that would have to get increased to avoid truncation as

[PATCH 4.14 28/45] perf tools: Fix python extension build for gcc 8

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit b7a313d84e853049062011d78cb04b6decd12f5c upstream. The gcc 8 compiler won't compile the python extension code with the following errors (one example): python.c:830:15:

[PATCH 4.14 25/45] tty: Drop tty->count on tty_reopen() failure

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Safonov commit fe32416790093b31364c08395727de17ec96ace1 upstream. In case of tty_ldisc_reinit() failure, tty->count should be decremented back, otherwise we will never release_tty().

[PATCH 4.9 23/35] x86/mm: Expand static page table for fixmap space

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Feng Tang commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream. We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup.

[PATCH] staging: mt7621-mmc: Fix lines over 80 characters in dbg.c

This patch fixes lines over 80 characters in dbg.c. Issue found by checkpatch. Signed-off-by: Nishad Kamdar --- drivers/staging/mt7621-mmc/dbg.c | 79 +++- 1 file changed, 47 insertions(+), 32 deletions(-) diff --git a/drivers/staging/mt7621-mmc/dbg.c

Re: [PATCH RFC v1 4/8] drivers: qcom: cpu_pd: add cpu power domain support using genpd

On Thu, Oct 11, 2018 at 05:27:59PM +0200, Ulf Hansson wrote: > On 11 October 2018 at 13:13, Sudeep Holla wrote: > > On Thu, Oct 11, 2018 at 02:50:51AM +0530, Raju P.L.S.S.S.N wrote: > >> RPMH based targets require that the sleep and wake state request votes > >> be sent during system low power

Re: [PATCH v5 07/17] arm64: add basic pointer authentication support

Hi Kristina, On 05/10/18 09:47, Kristina Martsenko wrote: From: Mark Rutland This patch adds basic support for pointer authentication, allowing userspace to make use of APIAKey. The kernel maintains an APIAKey value for each process (shared by all threads within), which is initialised to a

Re: [PATCH 01/11] x86/entry: remove _TIF_ALLWORK_MASK

On Thu, Oct 04, 2018 at 04:05:37PM +0200, Sebastian Andrzej Siewior wrote: > There is no user of _TIF_ALLWORK_MASK since commit 21d375b6b34ff > ("x86/entry/64: Remove the SYSCALL64 fast path"). > Remove unused define _TIF_ALLWORK_MASK. > > Signed-off-by: Sebastian Andrzej Siewior > --- >

Re: [PATCH v3 2/2] dmaengine: uniphier-mdmac: add UniPhier MIO DMAC driver

On Sun, Oct 7, 2018 at 1:23 AM Vinod wrote: > > > > +static int uniphier_mdmac_probe(struct platform_device *pdev) > > > > +{ > > > > + struct device *dev = >dev; > > > > + struct uniphier_mdmac_device *mdev; > > > > + struct dma_device *ddev; > > > > + struct resource *res; > > >

Re: [PATCH v12 2/3]: perf record: enable asynchronous trace writing

On 11.10.2018 16:46, Jiri Olsa wrote: > On Tue, Oct 09, 2018 at 11:58:53AM +0300, Alexey Budankov wrote: > > SNIP > >> +#ifdef HAVE_AIO_SUPPORT >> +int perf_mmap__aio_push(struct perf_mmap *md, void *to, >> +int push(void *to, struct aiocb *cblock, void *buf, >> size_t size,

Re: [PATCH V2 3/5] usb: xhci: tegra: Add genpd support

On Fri, Sep 28, 2018 at 03:11:48PM +0100, Jon Hunter wrote: > The generic power-domain framework has been updated to allow devices > that require more than one power-domain to create a new device for > each power-domain required and then link these new power-domain > devices to the consumer

Re: [PATCH V2 2/5] usb: xhci: tegra: Power-off power-domains on removal

On Fri, Sep 28, 2018 at 03:11:47PM +0100, Jon Hunter wrote: > Currently the XUSB power domains used by the Tegra xHCI controller are > never powered off on the removal of the driver, however, they will be > powered off on probe failure. Update the removal code to be consistent > with the probe

Re: [PATCH v2] PCI/IOV: Use VF0 cached config space size for other VFs

On Thu, 2018-10-11 at 11:51 -0500, Bjorn Helgaas wrote: > On Wed, Oct 10, 2018 at 06:00:10PM +0200, KarimAllah Ahmed wrote: > > > > Cache the config space size from VF0 and use it for all other VFs instead > > of reading it from the config space of each VF. We assume that it will be > > the same

Re: overflow on proc_nr_files

On Thu, Oct 11, 2018 at 7:10 AM, Christian Brauner wrote: > Hey, > > I've just got pinged by Lennart who discovered that you can get your > system into an unuseable state by writing something that exceeds a s64 > into /proc/sys/fs/file-max. Say, > > echo 2000 >

Re: [PATCH 03/11] x86/fpu: make __raw_xsave_addr() use feature number instead of mask

Sebastian Andrzej Siewior writes: > Most users of __raw_xsave_addr() use a feature number, shift it to a > mask and then __raw_xsave_addr() shifts it back to the feature number. > > Make __raw_xsave_addr() use the feature number as argument. > > Signed-off-by: Sebastian Andrzej Siewior > --- >

Re: [PATCH 5/5] RISC-V: Implement sparsemem

On 2018-10-11 10:24 a.m., Logan Gunthorpe wrote: > On 2018-10-11 7:37 a.m., Christoph Hellwig wrote: >>> +/* >>> + * Log2 of the upper bound of the size of a struct page. Used for sizing >>> + * the vmemmap region only, does not affect actual memory footprint. >>> + * We don't use sizeof(struct

[PATCH 3.18 016/120] ext4: dont mark mmp buffer head dirty

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Li Dongyang commit fe18d649891d813964d3aaeebad873f281627fbc upstream. Marking mmp bh dirty before writing it will make writeback pick up mmp block later and submit a write, we don't want the

[PATCH 3.18 011/120] scsi: target: iscsi: Use hex2bin instead of a re-implementation

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Vincent Pelletier commit 1816494330a83f2a064499d8ed2797045641f92c upstream. This change has the following effects, in order of descreasing importance: 1) Prevent a stack buffer overflow 2)

[PATCH 3.18 017/120] arm64: Add trace_hardirqs_off annotation in ret_to_user

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Catalin Marinas commit db3899a6477a4dccd26cbfb7f408b6be2cc068e0 upstream. When a kernel is built with CONFIG_TRACE_IRQFLAGS the following warning is produced when entering userspace for the

[PATCH 3.18 015/120] ext4: fix online resizes handling of a too-small final block group

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit f0a459dec5495a3580f8d784555e6f8f3bf7f263 upstream. Avoid growing the file system to an extent so that the last block group is too small to hold all of the metadata that

[PATCH 3.18 014/120] ext4: recalucate superblock checksum after updating free blocks/inodes

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 4274f516d4bc50648a4d97e4f67ecbd7b65cde4a upstream. When mounting the superblock, ext4_fill_super() calculates the free blocks and free inodes and stores them in the

[PATCH 3.18 012/120] ocfs2: fix ocfs2 read block panic

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Junxiao Bi commit 234b69e3e089d850a98e7b3145bd00e9b52b upstream. While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate

[PATCH 3.18 019/120] HID: sony: Support DS4 dongle

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Roderick Colenbrander commit de66a1a04c25f2560a8dca7a95e2a150b0d5e17e upstream. Add support for USB based DS4 dongle device, which allows connecting a DS4 through Bluetooth, but hides

[PATCH 3.18 013/120] ext4: avoid divide by zero fault when deleting corrupted inline directories

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 4d982e25d0bdc83d8c64e66fdeca0b89240b3b85 upstream. A specially crafted file system can trick empty_inline_dir() into reading past the last valid entry in a inline

[PATCH 3.18 018/120] HID: sony: Update device ids

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Roderick Colenbrander commit cf1015d65d7c8a5504a4c03afb60fb86bff0f032 upstream. Support additional DS4 model. Signed-off-by: Roderick Colenbrander Reviewed-by: Benjamin Tissoires

[PATCH 3.18 010/120] ipv6: fix possible use-after-free in ip6_xmit()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit bbd6528d28c1b8e80832b3b018ec402b6f5c3215 ] In the unlikely case ip6_xmit() has to call skb_realloc_headroom(), we need to call skb_set_owner_w() before

[PATCH 3.18 001/120] ASoC: cs4265: fix MMTLR Data switch control

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Sébastien Szymanski commit 90a3b7f8aba3011badacd6d8121e03aa24ac79d1 upstream. The MMTLR bit is in the CS4265_SPDIF_CTL2 register at address 0x12 bit 0 and not at address 0x0 bit 1. Fix this.

[PATCH] drivers: visorbus: fix memory leak on parser_ctx

From: Colin Ian King Currently when the call to visorchannel_signalinsert fails the error return path does not free parser_ctx. Fix this by kfree'ing it on the error return path. Detected by CoverityScan, CID#1451916 ("Resource leak") Fixes: a35e3268da51 ("staging: unisys: visorchipset:

[PATCH 4.14 00/45] 4.14.76-stable review

This is the start of the stable review cycle for the 4.14.76 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:53 UTC 2018. Anything

[PATCH 4.14 03/45] mm, thp: fix mlocking THP page with migration enabled

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kirill A. Shutemov commit e125fe405abedc1dc8a5b2229b80ee91c1434015 upstream. A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable

[PATCH 4.14 29/45] cgroup/cpuset: remove circular dependency deadlock

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Prateek Sood commit aa24163b2ee5c92120e32e99b5a93143a0f4258e upstream. Remove circular dependency deadlock in a scenario where hotplug of CPU is being done while there is updation in cgroup

[PATCH 4.14 38/45] perf utils: Move is_directory() to path.h

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit 06c3f2aa9fc68e7f3fe3d83e7569d2a2801d9f99 upstream. So that it can be used more widely, like in the next patch, when it will be used to fix a bug in 'perf test' handling of

[PATCH 4.14 30/45] ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Carl Huang commit 9ef0f58ed7b4a55da4a64641d538e0d9e46579ac upstream. The skb may be freed in tx completion context before trace_ath10k_wmi_cmd is called. This can be easily captured when

[PATCH 4.14 08/45] fbdev/omapfb: fix omapfb_memory_read infoleak

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tomi Valkeinen commit 1bafcbf59fed92af58955024452f45430d3898c5 upstream. OMAPFB_MEMORY_READ ioctl reads pixels from the LCD's memory and copies them to a userspace buffer. The code has two

[PATCH 4.14 45/45] ath10k: fix scan crash due to incorrect length calculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Zhi Chen commit c8291988806407e02a01b4b15b4504eafbcc04e0 upstream. Length of WMI scan message was not calculated correctly. The allocated buffer was smaller than what we expected. So WMI

[PATCH 4.14 32/45] nvme_fc: fix ctrl create failures racing with workq items

4.14-stable review patch. If anyone has any objections, please let me know. -- From: James Smart commit cf25809bec2c7df4b45df5b2196845d9a4a3c89b upstream. If there are errors during initial controller create, the transport will teardown the partially initialized controller

[PATCH 4.14 41/45] ubifs: Check for name being NULL while mounting

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 37f31b6ca4311b94d985fb398a72e5399ad57925 upstream. The requested device name can be NULL or an empty string. Check for that and refuse to continue. UBIFS has to do

[PATCH 4.14 05/45] KVM: x86: fix L1TFs MMIO GFN calculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit daa07cbc9ae3da2d61b7ce900c0b9107d134f2c1 upstream. One defense against L1TF in KVM is to always set the upper five bits of the *legal* physical address in the SPTEs

[PATCH 4.14 07/45] clocksource/drivers/timer-atmel-pit: Properly handle error cases

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexandre Belloni commit 52bf4a900d9cede3eb14982d0f2c5e6db6d97cc3 upstream. The smatch utility reports a possible leak: smatch warnings: drivers/clocksource/timer-atmel-pit.c:183

[PATCH 4.14 06/45] blk-mq: I/O and timer unplugs are inverted in blktrace

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit 587562d0c7cd6861f4f90a2eb811cccb1a376f5f upstream. trace_block_unplug() takes true for explicit unplugs and false for implicit unplugs. schedule() unplugs are implicit

[PATCH 4.14 43/45] virtio_balloon: fix deadlock on OOM

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michael S. Tsirkin commit c7cdff0e864713a089d7cb3a2b1136ba9a54881a upstream. fill_balloon doing memory allocations under balloon_lock can cause a deadlock when leak_balloon is called from

[PATCH 4.14 31/45] ath10k: fix kernel panic issue during pci probe

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Yu Wang commit 50e79e25250bf928369996277e85b00536b380c7 upstream. If device gone during chip reset, ar->normal_mode_fw.board is not initialized, but ath10k_debug_print_hwfw_info() will try to

[PATCH 4.14 35/45] powerpc/lib: fix book3s/32 boot failure due to code patching

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Christophe Leroy commit b45ba4a51cde29b2939365ef0c07ad34c8321789 upstream. Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early,

[PATCH 4.14 04/45] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 58bc4c34d249bf1bc50730a9a209139347cfacfe upstream. 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the

[PATCH 4.14 09/45] xen-netback: fix input validation in xenvif_set_hash_mapping()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jan Beulich commit 780e83c259fc33e8959fed8dfdad17e378d72b62 upstream. Both len and off are frontend specified values, so we need to make sure there's no overflow when adding the two for the

[PATCH 4.14 39/45] f2fs: fix invalid memory access

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chao Yu commit d3f07c049dab1a3f1740f476afd3d5e5b738c21c upstream. syzbot found the following crash on: HEAD commit:d9bd94c0bcaa Add linux-next specific files for 20180801 git tree:

[PATCH 4.14 34/45] powerpc: Avoid code patching freed init sections

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michael Neuling commit 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 upstream. This stops us from doing code patching in init sections after they've been freed. In this chain: kvm_guest_init()

[PATCH 4.14 40/45] ucma: fix a use-after-free in ucma_resolve_ip()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang commit 5fe23f262e0548ca7f19fb79f89059a60d087d22 upstream. There is a race condition between ucma_close() and ucma_resolve_ip(): CPU0CPU1

[PATCH 4.14 37/45] crypto: chelsio - Fix memory corruption in DMA Mapped buffers.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Harsh Jain commit add92a817e60e308a419693413a38d9d1e663aff upstream. Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can

[PATCH 4.18 02/44] mm: migration: fix migration of huge PMD shared pages

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mike Kravetz commit 017b1660df89f5fb4bfe66c34e35f7d2031100c7 upstream. The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using

[PATCH 4.18 19/44] selftests/x86: Add clock_gettime() tests to test_vdso

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 7c03e7035ac1cf2a6165754e4f3a49c2f1977838 upstream. Now that the vDSO implementation of clock_gettime() is getting reworked, add a selftest for it. This tests that its

[PATCH 4.18 18/44] x86/vdso: Fix asm constraints on vDSO syscall fallbacks

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 715bd9d12f84d8f5cc8ad21d888f9bc304a8eb0b upstream. The syscall fallbacks in the vDSO have incorrect asm constraints. They are not marked as writing to their outputs --

[PATCH 4.18 15/44] drm/amdgpu: Fix vce work queue was not cancelled when suspend

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Rex Zhu commit 61ea6f5831974ebd1a57baffd7cc30600a2e26fc upstream. The vce cancel_delayed_work_sync never be called. driver call the function in error path. This caused the A+A suspend hang

[PATCH 4.18 16/44] drm/syncobj: Dont leak fences when WAIT_FOR_SUBMIT is set

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jason Ekstrand commit 337fe9f5c1e7de1f391c6a692531379d2aa2ee11 upstream. We attempt to get fences earlier in the hopes that everything will already have fences and no callbacks will be

[PATCH 4.18 17/44] drm: fix use-after-free read in drm_mode_create_lease_ioctl()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 12d43deb1ee639d01a2a8d2a7a4cc8ad31224475 upstream. fd_install() moves the reference given to it into the file descriptor table of the current process. If the current process

[PATCH 4.14 33/45] powerpc/lib/code-patching: refactor patch_instruction()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Christophe Leroy commit 8cf4c05712f04a405f0dacebcca8f042b391694a upstream. patch_instruction() uses almost the same sequence as __patch_instruction() This patch refactor it so that

[PATCH 4.14 44/45] virtio_balloon: fix increment of vb->num_pfns in fill_balloon()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jan Stancek commit d9e427f6ab8142d6868eb719e6a7851aafea56b6 upstream. commit c7cdff0e8647 ("virtio_balloon: fix deadlock on OOM") changed code to increment vb->num_pfns before call to

[PATCH 4.14 42/45] rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ka-Cheong Poon commit f394ad28feffbeebab77c8bf9a203bd49b957c9a upstream. Currently, rds_ib_conn_alloc() calls rds_ib_recv_alloc_caches() without passing along the gfp_t flag. But

[PATCH 4.18 01/44] perf/core: Add sanity check to deal with pinned event failure

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Reinette Chatre commit befb1b3c2703897c5b8ffb0044dc5d0e5f27c5d7 upstream. It is possible that a failure can occur during the scheduling of a pinned event. The initial portion of

[PATCH 4.18 14/44] mac80211: allocate TXQs for active monitor interfaces

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Felix Fietkau commit 8105f9b8a8879bff7f1d43d0720c993a99c9d135 upstream. Monitor mode interfaces with the active flag are passed down to the driver. Drivers using TXQ expect that all

[PATCH 4.18 11/44] xen-netback: fix input validation in xenvif_set_hash_mapping()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jan Beulich commit 780e83c259fc33e8959fed8dfdad17e378d72b62 upstream. Both len and off are frontend specified values, so we need to make sure there's no overflow when adding the two for the

[PATCH 4.18 13/44] mmc: slot-gpio: Fix debounce time to use miliseconds again

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Marek Szyprowski commit 1b09d9c232cdaea59fb50ac437d3921ed1f1eafb upstream. The debounce value passed to mmc_gpiod_request_cd() function is in microseconds, but msecs_to_jiffies() requires the

[PATCH 4.18 12/44] mmc: core: Fix debounce time to use microseconds

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tony Lindgren commit 1d71926bbd59facc4bdb6f13117d3a1aee8b83ba upstream. The debounce value in device tree is in milliseconds but needs to be in microseconds for mmc_gpiod_request_cd().

[PATCH 4.14 36/45] ARC: clone syscall to setp r25 as thread pointer

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vineet Gupta commit c58a584f05e35d1d4342923cd7aac07d9c3d3d16 upstream. Per ARC TLS ABI, r25 is designated TP (thread pointer register). However so far kernel didn't do any special treatment,

[PATCH 4.18 10/44] fbdev/omapfb: fix omapfb_memory_read infoleak

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Tomi Valkeinen commit 1bafcbf59fed92af58955024452f45430d3898c5 upstream. OMAPFB_MEMORY_READ ioctl reads pixels from the LCD's memory and copies them to a userspace buffer. The code has two

[PATCH 4.18 20/44] x86/vdso: Only enable vDSO retpolines when enabled and supported

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 4f166564014aba65ad6f15b612f6711fd0f117ee upstream. When I fixed the vDSO build to use inline retpolines, I messed up the Makefile logic and made it unconditional. It

[PATCH 4.18 21/44] x86/vdso: Fix vDSO syscall fallback asm constraint regression

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 02e425668f5c9deb42787d10001a3b605993ad15 upstream. When I added the missing memory outputs, I failed to update the index of the first argument (ebx) on 32-bit builds,

[PATCH 4.18 23/44] mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Felix Fietkau commit 211710ca74adf790b46ab3867fcce8047b573cd1 upstream. key->sta is only valid after ieee80211_key_link, which is called later in this function. Because of that, the

[PATCH 4.18 22/44] PCI: Reprogram bridge prefetch registers on resume

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Drake commit 083874549fdfefa629dfa752785e20427dde1511 upstream. On 38+ Intel-based ASUS products, the NVIDIA GPU becomes unusable after S3 suspend/resume. The affected products

  1   2   3   4   5   6   7   8   9   10   >