[PATCH 4.16 09/72] net: initialize skb->peeked when cloning

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit b13dda9f9aa7cac61c080c2e544d5f5d85e5 upstream. syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear

[PATCH 4.16 06/72] crypto: af_alg - fix possible uninit-value in alg_bind()

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit a466856e0b7ab269cdf9461886d007e88ff575b0 upstream. syzbot reported : BUG: KMSAN: uninit-value in alg_bind+0xe3/0xd90 crypto/af_alg.c:162 We need to check addr_len before

[PATCH 4.16 32/72] mm: sections are not offlined during memory hotremove

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Pavel Tatashin commit 27227c733852f71008e9bf165950bb2edaed3a90 upstream. Memory hotplug and hotremove operate with per-block granularity. If the machine has a large amount of memory (more tha

[PATCH 4.16 42/72] drm/vc4: Fix scaling of uni-planar formats

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezillon commit 9a0e9802217291e54c4dd1fc5462f189a4be14ec upstream. When using uni-planar formats (like RGB), the scaling parameters are stored in plane 0, not plane 1. Fixes: fc04023fa

[PATCH 4.16 04/72] kcm: Call strp_stop before strp_done in kcm_attach

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Tom Herbert commit dff8baa261174de689a44572d0ea182d7aa70598 upstream. In kcm_attach strp_done is called when sk_user_data is already set to fail the attach. strp_done needs the strp to be stop

[PATCH 4.16 16/72] memcg: fix per_node_info cleanup

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hocko commit 4eaf431f6f71bbed40a4c733ffe93a7e8cedf9d9 upstream. syzbot has triggered a NULL ptr dereference when allocation fault injection enforces a failure and alloc_mem_cgroup_per_n

[PATCH 4.16 29/72] dm integrity: use kvfree for kvmallocd memory

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit fc8cec113904a47396bf0a1afc62920d66319d36 upstream. Use kvfree instead of kfree because the array is allocated with kvmalloc. Fixes: 7eada909bfd7a ("dm: add integrity ta

[PATCH 4.16 27/72] rfkill: gpio: fix memory leak in probe error path

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 4bf01ca21e2e0e4561d1a03c48c3d740418702db upstream. Make sure to free the rfkill device in case registration fails during probe. Fixes: 5e7ca3937fbe ("net: rfkill: gpio: co

[PATCH 4.16 02/72] netfilter: ebtables: dont attempt to allocate 0-sized compat array

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 3f1e53abff84cf40b1adb3455d480dd295bf42e8 upstream. Dmitry reports 32bit ebtables on 64bit kernel got broken by a recent change that returns -EINVAL when ruleset has no

[PATCH 4.16 22/72] bdi: Fix oops in wb_workfn()

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit b8b784958eccbf8f51ebeee65282ca3fd59ea391 upstream. Syzbot has reported that it can hit a NULL pointer dereference in wb_workfn() due to wb->bdi->dev being NULL. This indicates

[PATCH 4.16 23/72] compat: fix 4-byte infoleak via uninitialized struct field

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 0a0b98734479aa5b3c671d5190e86273372cab95 upstream. Commit 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to native counterparts") removed the memset() in compat_get

[PATCH 4.16 28/72] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 upstream. Richard Jones has reported that using med_power_with_dipm on a T450s with a Sandisk SD7UB3Q256G1001 SSD (firmware versio

[PATCH 4.14 30/62] z3fold: fix reclaim lock-ups

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vitaly Wool commit 6098d7e136692f9c6e23ae362c62ec822343e4d5 upstream. Do not try to optimize in-page object layout while the page is under reclaim. This fixes lock-ups on reclaim and improves

[PATCH 4.14 35/62] can: hi311x: Acquire SPI lock on ->do_get_berr_counter

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Wunner commit 5cec9425b41dcf834c3d48776900d6acb7e96f38 upstream. hi3110_get_berr_counter() may run concurrently to the rest of the driver but neglects to acquire the lock protecting acce

[PATCH 4.16 01/72] ipvs: fix rtnl_lock lockups caused by start_sync_thread

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Julian Anastasov commit 5c64576a77894a50be80be0024bed27171b55989 upstream. syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2] We have 2 problems in start_sync_thread if erro

[PATCH 4.14 32/62] mm, oom: fix concurrent munlock and oom reaper unmap, v3

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Rientjes commit 27ae357fa82be5ab73b2ef8d39dcb8ca2563483a upstream. Since exit_mmap() is done without the protection of mm->mmap_sem, it is possible for the oom reaper to concurrently ope

[PATCH 4.16 15/72] bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog

4.16-stable review patch. If anyone has any objections, please let me know. -- From: Yonghong Song commit 3a38bb98d9abdc3856f26b5ed4332803065cd7cf upstream. syzbot reported a possible deadlock in perf_event_detach_bpf_prog. The error details:

[PATCH 4.14 61/62] KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paul Mackerras commit c3856aeb29402e94ad9b3879030165cc6a4fdc56 upstream. This fixes several bugs in the radix page fault handler relating to the way large pages in the memory backing the guest

[PATCH 4.14 53/62] smb3: directory sync should not return an error

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steve French commit 6e70c267e68d77679534dcf4aaf84e66f2cf1425 upstream. As with NFS, which ignores sync on directory handles, fsync on a directory handle is a noop for CIFS/SMB3. Do not return

[PATCH 4.14 29/62] tracing: Fix regex_match_front() to not over compare the test string

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d upstream. The regex match function regex_match_front() in the tracing filter logic, was fixed to test just the pattern l

RE: [PATCH v4 17/22] iommu/intel-svm: report device page request

Hi Jacob, Same comment with the one to patch 16, pci_get_bus_and_slot() is deprecated, may update accordingly. Thanks, Yi Liu > From: Jacob Pan [mailto:jacob.jun@linux.intel.com] > Sent: Friday, March 23, 2018 11:12 AM > > If the source device of a page request has its PASID table pointer b

[PATCH 4.14 28/62] dm integrity: use kvfree for kvmallocd memory

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit fc8cec113904a47396bf0a1afc62920d66319d36 upstream. Use kvfree instead of kfree because the array is allocated with kvmalloc. Fixes: 7eada909bfd7a ("dm: add integrity ta

[PATCH 4.14 08/62] net: fix uninit-value in __hw_addr_add_ex()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 77d36398d99f2565c0a8d43a86fd520a82e64bb8 upstream. syzbot complained : BUG: KMSAN: uninit-value in memcmp+0x119/0x180 lib/string.c:861 CPU: 0 PID: 3 Comm: kworker/0:0 Not

[PATCH 4.14 44/62] PCI / PM: Always check PME wakeup capability for runtime wakeup support

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kai Heng Feng commit 8feaec33b9868582654cd3d5355225dcb79aeca6 upstream. USB controller ASM1042 stops working after commit de3ef1eb1cd0 (PM / core: Drop run_wake flag from struct dev_pm_info).

[PATCH 4.14 39/62] drm/nouveau: Fix deadlock in nv50_mstm_register_connector()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit 352672db857290ab5b0e2b6a99c414f92bee024c upstream. Currently; we're grabbing all of the modesetting locks before adding MST connectors to fbdev. This isn't actually necessary

[PATCH 4.14 43/62] atm: zatm: Fix potential Spectre v1

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 2be147f7459db5bbf292e0a6f135037b55e20b39 upstream. pool can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.14 37/62] drm/vc4: Fix scaling of uni-planar formats

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezillon commit 9a0e9802217291e54c4dd1fc5462f189a4be14ec upstream. When using uni-planar formats (like RGB), the scaling parameters are stored in plane 0, not plane 1. Fixes: fc04023fa

[PATCH 4.14 03/62] kcm: Call strp_stop before strp_done in kcm_attach

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tom Herbert commit dff8baa261174de689a44572d0ea182d7aa70598 upstream. In kcm_attach strp_done is called when sk_user_data is already set to fail the attach. strp_done needs the strp to be stop

[PATCH 4.14 22/62] compat: fix 4-byte infoleak via uninitialized struct field

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 0a0b98734479aa5b3c671d5190e86273372cab95 upstream. Commit 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to native counterparts") removed the memset() in compat_get

[PATCH 4.14 02/62] netfilter: ebtables: dont attempt to allocate 0-sized compat array

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 3f1e53abff84cf40b1adb3455d480dd295bf42e8 upstream. Dmitry reports 32bit ebtables on 64bit kernel got broken by a recent change that returns -EINVAL when ruleset has no

[PATCH 4.14 18/62] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paul Mackerras commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream. This fixes a bug where the trap number that is returned by __kvmppc_vcore_entry gets corrupted. The effect of the corr

[PATCH 4.14 24/62] gpio: fix aspeed_gpio unmask irq

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Govert Overgaauw commit f241632fd087d3d9fbd5450f4d8c8604badd8348 upstream. The unmask function disables all interrupts in a bank when unmasking an interrupt. Only disable the given interrupt.

[PATCH 4.14 12/62] inetpeer: fix uninit-value in inet_getpeer

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit b6a37e5e25414df4b8e9140a5c6f5ee0ec6f3b90 upstream. syzbot/KMSAN reported that p->dtime was read while it was not yet initialized in : delta = (__u32)jiffies - p->d

[PATCH 4.9 14/36] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Paul Mackerras commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream. This fixes a bug where the trap number that is returned by __kvmppc_vcore_entry gets corrupted. The effect of the corru

[PATCH 4.9 30/36] thermal: exynos: Propagate error value from tmu_read()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Marek Szyprowski commit c8da6cdef57b459ac0fd5d9d348f8460a575ae90 upstream. tmu_read() in case of Exynos4210 might return error for out of bound values. Current code ignores such value, what lea

[PATCH 4.14 10/62] ipv4: fix uninit-value in ip_route_output_key_hash_rcu()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit d0ea2b12500543535be3f54e17920fffc9bb45f6 upstream. syzbot complained that res.type could be used while not initialized. Using RTN_UNSPEC as initial value seems better than

[PATCH 4.9 21/36] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 upstream. Richard Jones has reported that using med_power_with_dipm on a T450s with a Sandisk SD7UB3Q256G1001 SSD (firmware version

[PATCH 4.14 14/62] perf: Remove superfluous allocation error check

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit bfb3d7b8b906b66551424d7636182126e1d134c8 upstream. If the get_callchain_buffers fails to allocate the buffer it will decrease the nr_callchain_events right away. There's no p

[PATCH 4.9 15/36] f2fs: fix a dead loop in f2fs_fiemap()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Wei Fang commit b86e33075ed1909d8002745b56ecf73b833db143 upstream. A dead loop can be triggered in f2fs_fiemap() using the test case as below: ... fd = open(); fallocat

[PATCH 4.9 27/36] atm: zatm: Fix potential Spectre v1

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 2be147f7459db5bbf292e0a6f135037b55e20b39 upstream. pool can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1

[PATCH 4.9 20/36] rfkill: gpio: fix memory leak in probe error path

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 4bf01ca21e2e0e4561d1a03c48c3d740418702db upstream. Make sure to free the rfkill device in case registration fails during probe. Fixes: 5e7ca3937fbe ("net: rfkill: gpio: con

[PATCH 4.9 24/36] drm/vc4: Fix scaling of uni-planar formats

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezillon commit 9a0e9802217291e54c4dd1fc5462f189a4be14ec upstream. When using uni-planar formats (like RGB), the scaling parameters are stored in plane 0, not plane 1. Fixes: fc04023faf

[PATCH 4.9 22/36] tracing: Fix regex_match_front() to not over compare the test string

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d upstream. The regex match function regex_match_front() in the tracing filter logic, was fixed to test just the pattern le

[PATCH 4.9 00/36] 4.9.100-stable review

This is the start of the stable review cycle for the 4.9.100 release. There are 36 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:47:47 UTC 2018. Anything receiv

[PATCH 4.4 28/56] USB: serial: option: reimplement interface masking

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit c3a65808f04a8426481b63a4fbd9392f009f6330 upstream. Reimplement interface masking using device flags stored directly in the device-id table. This will make it easier to add a

[PATCH 4.9 03/36] kcm: Call strp_stop before strp_done in kcm_attach

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tom Herbert commit dff8baa261174de689a44572d0ea182d7aa70598 upstream. In kcm_attach strp_done is called when sk_user_data is already set to fail the attach. strp_done needs the strp to be stopp

[PATCH 4.9 07/36] net: initialize skb->peeked when cloning

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit b13dda9f9aa7cac61c080c2e544d5f5d85e5 upstream. syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear

[PATCH 4.4 36/56] net: fix uninit-value in __hw_addr_add_ex()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 77d36398d99f2565c0a8d43a86fd520a82e64bb8 upstream. syzbot complained : BUG: KMSAN: uninit-value in memcmp+0x119/0x180 lib/string.c:861 CPU: 0 PID: 3 Comm: kworker/0:0 Not t

[PATCH 4.4 50/56] Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 544a591668813583021474fa5c7ff4942244d654 upstream. Commit f44cb4b19ed4 ("Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174") is causing bluetooth to no longer work for s

[PATCH 4.4 45/56] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 upstream. Richard Jones has reported that using med_power_with_dipm on a T450s with a Sandisk SD7UB3Q256G1001 SSD (firmware version

[PATCH 4.4 31/56] ipvs: fix rtnl_lock lockups caused by start_sync_thread

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Julian Anastasov commit 5c64576a77894a50be80be0024bed27171b55989 upstream. syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2] We have 2 problems in start_sync_thread if error

[PATCH 4.4 48/56] net: atm: Fix potential Spectre v1

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit acf784bd0ce257fe43da7ca266f7a10b837479d2 upstream. ioc_data.dev_num can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.4 47/56] can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jimmy Assarsson commit 6ee00865ffe4e8c8ba4a68d26db53c7ec09bbb89 upstream. Increase rx_dropped, if alloc_can_skb() fails, not tx_dropped. Signed-off-by: Jimmy Assarsson Cc: linux-stable Signe

[PATCH 4.4 33/56] netlink: fix uninit-value in netlink_sendmsg

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 6091f09c2f79730d895149bcfe3d66140288cd0e upstream. syzbot reported : BUG: KMSAN: uninit-value in ffs arch/x86/include/asm/bitops.h:432 [inline] BUG: KMSAN: uninit-value in

[PATCH 4.4 40/56] tcp: fix TCP_REPAIR_QUEUE bound checking

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit bf2acc943a45d2b2e8a9f1a5ddff6b6e43cc69d9 upstream. syzbot is able to produce a nasty WARN_ON() in tcp_verify_left_out() with following C-repro : socket(PF_INET, SOCK_STREAM

[PATCH 4.4 21/56] RDMA/mlx5: Protect from shift operand overflow

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Leon Romanovsky commit 002bf2282b2d7318e444dca9ffcb994afc5d5f15 upstream. Ensure that user didn't supply values too large that can cause overflow. UBSAN: Undefined behaviour in drivers/infinib

[PATCH 4.4 27/56] USB: Accept bulk endpoints with 1024-byte maxpacket

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit fb5ee84ea72c5f1b6cabdd1c9d6e8648995ca7c6 upstream. Some non-compliant high-speed USB devices have bulk endpoints with a 1024-byte maxpacket size. Although such endpoints don'

[PATCH 4.4 38/56] soreuseport: initialise timewait reuseport field

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 3099a52918937ab86ec47038ad80d377ba16c531 upstream. syzbot reported an uninit-value in inet_csk_bind_conflict() [1] It turns out we never propagated sk->sk_reuseport into ti

[PATCH 4.4 19/56] xfs: prevent creating negative-sized file via INSERT_RANGE

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Darrick J. Wong commit 7d83fb14258b9961920cd86f0b921caaeb3ebe85 upstream. During the "insert range" fallocate operation, i_size grows by the specified 'len' bytes. XFS verifies that i_size + l

[PATCH 4.4 04/56] percpu: include linux/sched.h for cond_resched()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Tejun Heo commit 71546d100422bcc2c543dadeb9328728997cd23a upstream. microblaze build broke due to missing declaration of the cond_resched() invocation added recently. Let's include linux/sched

[PATCH 4.4 09/56] ath10k: rebuild crypto header in rx data frames

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Vasanthakumar Thiagarajan commit 7eccb738fce57cbe53ed903ccf43f9ab257b15b3 upstream. Rx data frames notified through HTT_T2H_MSG_TYPE_RX_IND and HTT_T2H_MSG_TYPE_RX_FRAG_IND expect PN/TSC check

[PATCH 4.4 07/56] mac80211: Add RX flag to indicate ICV stripped

4.4-stable review patch. If anyone has any objections, please let me know. -- From: David Spinadel commit cef0acd4d7d4811d2d19cd0195031bf0dfe41249 upstream. Add a flag that indicates that the WEP ICV was stripped from an RX packet, allowing the device to not transfer that if i

[PATCH 4.4 12/56] ALSA: pcm: Check PCM state at xfern compat ioctl

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit f13876e2c33a657a71bcbb10f767c0951b165020 upstream. Since snd_pcm_ioctl_xfern_compat() has no PCM state check, it may go further and hit the sanity check pcm_sanity_check() w

[PATCH 4.4 15/56] ALSA: aloop: Add missing cable lock to ctl API callbacks

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 76b3421b39bd610546931fc923edcf90c18fa395 upstream. Some control API callbacks in aloop driver are too lazy to take the loopback->cable_lock and it results in possible races

[PATCH 3.18 20/23] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 upstream. Richard Jones has reported that using med_power_with_dipm on a T450s with a Sandisk SD7UB3Q256G1001 SSD (firmware versio

[PATCH 4.4 01/56] perf/core: Fix the perf_cpu_time_max_percent check

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Tan Xiaojun commit 1572e45a924f254d9570093abde46430c3172e3d upstream. Use "proc_dointvec_minmax" instead of "proc_dointvec" to check the input value from user-space. If not, we can set a big v

[PATCH 3.18 21/23] tracing: Fix regex_match_front() to not over compare the test string

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d upstream. The regex match function regex_match_front() in the tracing filter logic, was fixed to test just the pattern l

[PATCH 3.18 15/23] net: fix uninit-value in __hw_addr_add_ex()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 77d36398d99f2565c0a8d43a86fd520a82e64bb8 upstream. syzbot complained : BUG: KMSAN: uninit-value in memcmp+0x119/0x180 lib/string.c:861 CPU: 0 PID: 3 Comm: kworker/0:0 Not

[PATCH 3.18 08/23] RDMA/mlx5: Protect from shift operand overflow

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Leon Romanovsky commit 002bf2282b2d7318e444dca9ffcb994afc5d5f15 upstream. Ensure that user didn't supply values too large that can cause overflow. UBSAN: Undefined behaviour in drivers/infini

[PATCH 3.18 17/23] perf: Remove superfluous allocation error check

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit bfb3d7b8b906b66551424d7636182126e1d134c8 upstream. If the get_callchain_buffers fails to allocate the buffer it will decrease the nr_callchain_events right away. There's no p

[PATCH 3.18 13/23] net: fix rtnh_ok()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit b1993a2de12c9e75c35729e2ffbc3a92d50c0d31 upstream. syzbot reported : BUG: KMSAN: uninit-value in rtnh_ok include/net/nexthop.h:11 [inline] BUG: KMSAN: uninit-value in fib_

[PATCH 3.18 04/23] ALSA: pcm: Check PCM state at xfern compat ioctl

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit f13876e2c33a657a71bcbb10f767c0951b165020 upstream. Since snd_pcm_ioctl_xfern_compat() has no PCM state check, it may go further and hit the sanity check pcm_sanity_check()

[PATCH 3.18 10/23] USB: serial: visor: handle potential invalid device configuration

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman commit 4842ed5bfcb9daf6660537d70503c18d38dbdbb8 upstream. If we get an invalid device configuration from a palm 3 type device, we might incorrectly parse things, and we have

[PATCH 3.18 07/23] ALSA: aloop: Add missing cable lock to ctl API callbacks

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 76b3421b39bd610546931fc923edcf90c18fa395 upstream. Some control API callbacks in aloop driver are too lazy to take the loopback->cable_lock and it results in possible races

[PATCH 3.18 01/23] percpu: include linux/sched.h for cond_resched()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Tejun Heo commit 71546d100422bcc2c543dadeb9328728997cd23a upstream. microblaze build broke due to missing declaration of the cond_resched() invocation added recently. Let's include linux/sche

Re: [PATCH 17/17] efi/libstub/arm64: handle randomized TEXT_OFFSET

On 14 May 2018 at 08:47, Ingo Molnar wrote: > > * Ard Biesheuvel wrote: > >> From: Mark Rutland >> >> When CONFIG_RANDOMIZE_TEXT_OFFSET is selected, TEXT_OFFSET is an >> arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). >> >> The EFI stub does not account for the potential misalignment o

Re: [PATCH] efi/x86: Clean up the eboot code a bit

On 14 May 2018 at 08:43, Ingo Molnar wrote: > > So I looked at arch/x86/boot/compressed/eboot.c to improve a printk message > and > ended up with the cleanups below. > > Only build tested. > > Thanks, > > Ingo > > => > Subject: efi/x86: Clean up the eboot code > From: Ingo

Re: [PATCH 17/17] efi/libstub/arm64: handle randomized TEXT_OFFSET

* Ard Biesheuvel wrote: > From: Mark Rutland > > When CONFIG_RANDOMIZE_TEXT_OFFSET is selected, TEXT_OFFSET is an > arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). > > The EFI stub does not account for the potential misalignment of > TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produ

Re: [PATCH -next] ASoC: omap: add sdma-pcm.c MODULE_LICENSE

Hi, On 2018-05-13 04:41, Randy Dunlap wrote: > From: Randy Dunlap > > ASoC: omap: add sdma-pcm.c MODULE_LICENSE > > Fixes this build warning: > > WARNING: modpost: missing MODULE_LICENSE() in sound/soc/omap/snd-soc-sdma.o I have already submitted a fix: http://mailman.alsa-project.org/piperma

[PATCH] efi/x86: Clean up the eboot code a bit

So I looked at arch/x86/boot/compressed/eboot.c to improve a printk message and ended up with the cleanups below. Only build tested. Thanks, Ingo => Subject: efi/x86: Clean up the eboot code From: Ingo Molnar Date: Mon May 14 08:33:40 CEST 2018 Various small cleanups

Re: [PATCH tip/core/rcu 0/21] Contention reduction for v4.18

On Sun, 22 Apr 2018 20:02:58 -0700 "Paul E. McKenney" wrote: > Hello! > > This series reduces lock contention on the root rcu_node structure, > and is also the first precursor to TBD changes to consolidate the > three RCU flavors (RCU-bh, RCU-preempt, and RCU-sched) into one. Hi Paul, I've bee

Re: [PATCH 15/17] efi/x86: Ignore unrealistically large option roms

* Ard Biesheuvel wrote: > + /* > + * Some firmwares contain EFI function pointers at the place where the > + * romimage and romsize fields are supposed to be. Typically the EFI > + * code is mapped at high addresses, translating to an unrealistically > + * large romsize.

Re: [PATCH v5 14/23] iommu: introduce page response function

Hi, On 05/12/2018 04:54 AM, Jacob Pan wrote: > IO page faults can be handled outside IOMMU subsystem. For an example, > when nested translation is turned on and guest owns the > first level page tables, device page request can be forwared > to the guest for handling faults. As the page response re

[PATCH v4 2/2] leds: Add Spreadtrum SC27xx breathing light controller driver

This patch adds Spreadtrum SC27xx PMIC series breathing light controller driver, which can support 3 LEDs. Each LED can work at normal PWM mode and breathing mode. Signed-off-by: Xiaotong Lu Signed-off-by: Baolin Wang --- Changes since v3: - Remove the breathing mode support, and will add in fu

[PATCH v4 1/2] dt-bindings: leds: Add SC27xx breathing light controller documentation

This patch adds the binding documentation for Spreadtrum SC27xx series breathing light controller, which supports 3 outputs: red LED, green LED and blue LED. Signed-off-by: Baolin Wang Reviewed-by: Rob Herring Acked-by: Pavel Machek --- Changes since v3: - Fix some grammar issues. - Add acked

[PATCH v3 3/6] ALSA: xen-front: Implement Xen event channel handling

From: Oleksandr Andrushchenko Handle Xen event channels: - create for all configured streams and publish corresponding ring references and event channels in Xen store, so backend can connect - implement event channels interrupt handlers - create and destroy event channels with respe

[PATCH v3 1/6] ALSA: xen-front: Introduce Xen para-virtualized sound frontend driver

From: Oleksandr Andrushchenko Introduce skeleton of the para-virtualized Xen sound frontend driver. Initial handling for Xen bus states: implement Xen bus state machine for the frontend driver according to the state diagram and recovery flow from sound para-virtualized protocol: xen/interface/io

[PATCH v3 5/6] ALSA: xen-front: Implement ALSA virtual sound driver

From: Oleksandr Andrushchenko Implement essential initialization of the sound driver: - introduce required data structures - handle driver registration - handle sound card registration - register sound driver on backend connection - remove sound driver on backend disconnect Initialize

[PATCH v3 2/6] ALSA: xen-front: Read sound driver configuration from Xen store

From: Oleksandr Andrushchenko Read configuration values from Xen store according to xen/interface/io/sndif.h protocol: - introduce configuration structures for different components, e.g. sound card, device, stream - read PCM HW parameters, e.g rate, format etc. - detect stream type (cap

[PATCH v3 6/6] MAINTAINERS: Add ALSA: xen-front: maintainer entry

From: Oleksandr Andrushchenko Add myself as sound/xen maintainer. Signed-off-by: Oleksandr Andrushchenko --- MAINTAINERS | 7 +++ 1 file changed, 7 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 92be777d060a..bd214e061359 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -15494,6

[PATCH v3 4/6] ALSA: xen-front: Implement handling of shared buffers

From: Oleksandr Andrushchenko Implement shared buffer handling according to the para-virtualized sound device protocol at xen/interface/io/sndif.h: - manage buffer memory - handle granted references - handle page directories Signed-off-by: Oleksandr Andrushchenko --- sound/xen/Makefile

[PATCH v3 0/6] ALSA: xen-front: Add Xen para-virtualized frontend driver

From: Oleksandr Andrushchenko Please note: this patch series depends on [3]. This patch series adds support for Xen [1] para-virtualized sound frontend driver. It implements the protocol from include/xen/interface/io/sndif.h with the following limitations: - mute/unmute is not supported - get/se

Re: [PATCH v2] net/mlx4_core: Fix error handling in mlx4_init_port_info.

On Sun, May 13, 2018 at 04:38:45PM -0700, Tarick Bedeir wrote: > Avoid exiting the function with a lingering sysfs file (if the first > call to device_create_file() fails while the second succeeds), and avoid > calling devlink_port_unregister() twice. > > In other words, either mlx4_init_port_info(

Re: [PATCH v2 04/13] soc: rockchip: power-domain: Fix wrong value when power up pd

On Mon, May 14, 2018 at 11:29:38AM +0800, Elaine Zhang wrote: > From: Finley Xiao > > Solve the pd could only ever turn off but never turn them on again, > If the pd registers have the writemask bits. > > Fix up the code error for commit: > commit 79bb17ce8edb3141339b5882e372d0ec7346217c >

Re: KASAN: use-after-free Read in remove_wait_queue (2)

[+ppp list and maintainer] On Wed, Feb 28, 2018 at 08:59:02AM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > f3afe530d644488a074291da04a69a296ab63046 (Tue Feb 27 22:02:39 2018 +) > Merge branch 'fixes-v4.16-rc4' of > git://git.kernel.org/pub/scm/linux/ke

Re: [PATCH 05/18 v2] regulator: max77686: Pass descriptor instead of GPIO number

On Mon, Apr 23, 2018 at 8:46 AM, Krzysztof Kozlowski wrote: > Both my previous comments remain not addressed: > 1. Name: This is also for bucks so how about naming it "max77686-regulator"? > 2. Error path here is not equivalent to old code and results in using > default driver's init data. Instea

Re: [PATCH v5 13/23] iommu: introduce device fault report API

Hi, On 05/12/2018 04:54 AM, Jacob Pan wrote: > Traditionally, device specific faults are detected and handled within > their own device drivers. When IOMMU is enabled, faults such as DMA > related transactions are detected by IOMMU. There is no generic > reporting mechanism to report faults back t

Re: [PATCH] ARM: s3c64xx: Tidy up handling of regulator GPIO lookups

On Thu, Apr 19, 2018 at 5:01 PM, Charles Keepax wrote: > From: Charles Keepax > > Rather than unconditionally registering the GPIO lookup table only do so > for devices that require it. > > Signed-off-by: Charles Keepax > --- > > Do you have any objections to the following? > > If we are lucky

Re: [PATCH] scsi: clean up generated file scsi_devinfo_tbl.c

On Sun, 13 May 2018 17:10:52 -0700 Randy Dunlap wrote: > From: Randy Dunlap > > "make clean" should remove the generated file "scsi_devinfo_tbl.c", > so list it in the clean-files variable so that the file gets > cleaned up. > > Fixes: 345e29608b4b ("scsi: scsi: Export blacklist flags to sysfs

Re: [PATCH 01/10] autofs4 - merge auto_fs.h and auto_fs4.h

On 14/05/18 11:15, Al Viro wrote: > On Mon, May 14, 2018 at 11:03:50AM +0800, Ian Kent wrote: >> The autofs module has long since been removed so there's no need to have >> two separate include files for autofs. > > Umm... Why does fs/compat_ioctl.c need either include, actually? > >> --- a/fs/c

  1   2   3   4   5   >