[PATCH 3.16 015/217] nbd: ratelimit error msgs after socket close

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Streetman commit da6ccaaa79caca4f38b540b651238f87215217a2 upstream. Make the "Attempted send on closed socket" error messages generated in nbd_request_handler() ratelimited. When the nbd

[PATCH 3.2 061/115] usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 6490865c67825277b29638e839850882600b48ec upstream. This patch adds a code to surely disable TX IRQ of the pipe before starting TX DMAC transfer. Otherwise, a lot of unn

[PATCH 3.16 081/217] x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas commit b894157145e4ac7598d7062bc93320898a5e059e upstream. The Home Agent and PCU PCI devices in Broadwell-EP have a non-BAR register where a BAR should be. We don't know what th

[PATCH 3.2 068/115] KVM: x86: Inject pending interrupt even if pending nmi exist

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Yuki Shibuya commit 321c5658c5e9192dea0d58ab67cf1791e45b2b26 upstream. Non maskable interrupts (NMI) are preferred to interrupts in current implementation. If a NMI is pending and NMI is blocke

[PATCH 3.2 024/115] be2iscsi: set the boot_kset pointer to NULL in case of failure

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Maurizio Lombardi commit 84bd64993f916bcf86270c67686ecf4cea7b8933 upstream. In beiscsi_setup_boot_info(), the boot_kset pointer should be set to NULL in case of failure otherwise an invalid poi

[PATCH 3.2 079/115] x86: standardize mmap_rnd() usage

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 82168140bc4cec7ec9bad39705518541149ff8b7 upstream. In preparation for splitting out ET_DYN ASLR, this refactors the use of mmap_rnd() to be used similarly to arm, and extracts

[PATCH 3.2 098/115] sctp: Fix port hash table size computation

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Neil Horman [ Upstream commit d9749fb5942f51555dc9ce1ac0dbb1806960a975 ] Dmitry Vyukov noted recently that the sctp_port_hashtable had an error in its size computation, observing that the curre

[PATCH 3.2 021/115] sched/cputime: Fix steal time accounting vs. CPU hotplug

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit e9532e69b8d1d1284e8ecf8d2586de34aec61244 upstream. On CPU hotplug the steal time accounting can keep a stale rq->prev_steal_time value over CPU down and up. So after the

[PATCH 3.2 083/115] ipv4: Don't do expensive useless work during inetdev destroy.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" commit fbd40ea0180a2d328c5adc61414dc8bab9335ce2 upstream. When an inetdev is destroyed, every address assigned to the interface is removed. And in this scenerio we do two poi

[PATCH 3.2 029/115] dm snapshot: disallow the COW and origin devices from being identical

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: DingXiang commit 4df2bf466a9c9c92f40d27c4aa9120f4e8227bfc upstream. Otherwise loading a "snapshot" table using the same device for the origin and COW devices, e.g.: echo "0 20971520 snapshot 2

[PATCH 3.2 035/115] ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 0f886ca12765d20124bd06291c82951fd49a33be upstream. create_fixed_stream_quirk() may cause a NULL-pointer dereference by accessing the non-existing endpoint when a USB device

[PATCH 3.2 075/115] parisc: Fix kernel crash with reversed copy_from_user()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit ef72f3110d8b19f4c098a0bff7ed7d11945e70c6 upstream. The kernel module testcase (lib/test_user_copy.c) exhibited a kernel crash on parisc if the parameters for copy_from_user

[PATCH 3.16 065/217] KVM: i8254: change PIT discard tick policy

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Radim Krčmář commit 7dd0fdff145c5be7146d0ac06732ae3613412ac1 upstream. Discard policy uses ack_notifiers to prevent injection of PIT interrupts before EOI from the last one. This patch change

[PATCH 3.16 112/217] gpiolib: Fix comment referring to gpio_*() in gpiod_*()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 1cfab8f8b397f7d95ad43f72ed9a1fa7d26e210e upstream. Fixes: 79a9becda8940deb ("gpiolib: export descriptor-based GPIO interface") Signed-off-by: Geert Uytterhoeven Sign

[PATCH 3.2 082/115] USB: usbip: fix potential out-of-bounds write

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Ignat Korchagin commit b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb upstream. Fix potential out-of-bounds write to urb->transfer_buffer usbip handles network communication directly in the kernel. W

[PATCH 3.2 077/115] netfilter: x_tables: validate e->target_offset early

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit bdf533de6968e9686df777dc178486f600c6e617 upstream. We should check that e->target_offset is sane before mark_source_chains gets called since it will fetch the target ent

[PATCH 3.2 101/115] net: jme: fix suspend/resume on JMC260

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Diego Viola [ Upstream commit ee50c130c82175eaa0820c96b6d3763928af2241 ] The JMC260 network card fails to suspend/resume because the call to jme_start_irq() was too early, moving the call to jm

[PATCH 3.2 066/115] USB: digi_acceleport: do sanity checking for the number of ports

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f upstream. The driver can be crashed with devices that expose crafted descriptors with too few endpoints. See: http://seclists.org/

[PATCH 3.16 013/217] [media] xc2028: avoid use after free

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 upstream. If struct xc2028_config is passed without a firmware name, the following trouble may happen: [11009.907205] xc2

[PATCH 3.16 030/217] [media] adv7511: TX_EDID_PRESENT is still 1 after a disconnect

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit b339a72e04a62f0b1882c43492fc712f1176b3e6 upstream. The V4L2_CID_TX_EDID_PRESENT control reports if an EDID is present. The adv7511 however still reported the EDID present a

[PATCH 3.2 052/115] fs/coredump: prevent fsuid=0 dumps into user-controlled directories

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 378c6520e7d29280f400ef2ceaf155c86f05a71a upstream. This commit fixes the following security hole affecting systems where all of the following conditions are fulfilled: - The

[PATCH 3.16 016/217] perf tools: handle spaces in file names obtained from /proc/pid/maps

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Marcin Ślusarz commit 89fee59b504f86925894fcc9ba79d5c933842f93 upstream. Steam frequently puts game binaries in folders with spaces. Note: "(deleted)" markers are now treated as part of the f

[PATCH 3.2 047/115] tracing: Have preempt(irqs)off trace preempt disabled functions

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (Red Hat)" commit cb86e05390debcc084cfdb0a71ed4c5dbbec517d upstream. Joel Fernandes reported that the function tracing of preempt disabled sections was not being reported when r

[PATCH 3.2 074/115] parisc: Avoid function pointers for kernel exception routines

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit e3893027a300927049efc1572f852201eb785142 upstream. We want to avoid the kernel module loader to create function pointers for the kernel fixup routines of get_user() and put_

[PATCH 3.16 040/217] mac80211: avoid excessive stack usage in sta_info

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 0ef049dc1167fe834d0ad5d63f89eddc5c70f6e4 upstream. When CONFIG_OPTIMIZE_INLINING is set, the sta_info_insert_finish function consumes more stack than normally, exceeding t

[PATCH 3.2 064/115] USB: mct_u232: add sanity checking in probe

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 4e9a0b05257f29cf4b75f3209243ed71614d062e upstream. An attack using the lack of sanity checking in probe is known. This patch checks for the existence of a second port. CVE

[PATCH 3.16 014/217] [media] xc2028: unlock on error in xc2028_set_config()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 210bd104c6acd31c3c6b8b075b3f12d4a9f6b60d upstream. We have to unlock before returning -ENOMEM. Fixes: 8dfbcc4351a0 ('[media] xc2028: avoid use after free') Signed-off-by

[PATCH 3.16 033/217] mei: fix possible integer overflow issue

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Tomas Winkler commit f862b6b24f0ffd954633a55f39251a6873b664ca upstream. There is a possible integer overflow following by a buffer overflow when accumulating messages coming from the FW to com

[PATCH 3.16 035/217] perf tools: Dont stop PMU parsing on alias parse error

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 940db6dcd3f4659303fdf6befe7416adc4d24118 upstream. When an error happens during alias parsing currently the complete parsing of all attributes of the PMU is stopped. This is

[PATCH 3.16 022/217] mtd: map: fix .set_vpp() documentation

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Linus Walleij commit 95a001f22b1c5717eafd500a43832249ddd93662 upstream. As of commit 876fe76d793d03077eb61ba3afab4a383f46c554 "mtd: maps: physmap: Add reference counter to set_vpp()" the comme

[PATCH 3.2 096/115] ipv4: fix memory leaks in ip_cmsg_send() callers

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 919483096bfe75dda338e98d56da91a263746a0a ] Dmitry reported memory leaks of IP options allocated in ip_cmsg_send() when/if this function returns an error. Callers

[PATCH 3.2 109/115] qlge: Fix receive packets drop.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Manish Chopra [ Upstream commit 2c9a266afefe137bff06bbe0fc48b4d3b3cb348c ] When running small packets [length < 256 bytes] traffic, packets were being dropped due to invalid data in those packe

[PATCH 3.16 083/217] drm/radeon: add a PX quirk list

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Alex Deucher commit 4807c5a8a0c87a210c36e3ad74c451a909d88588 upstream. Some PX laptops seems to have problems turning the dGPU on/off. Add a quirk list to disable runpm by default on those sys

[PATCH 3.16 042/217] mtd: onenand: fix deadlock in onenand_block_markbad

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen commit 5e64c29e98bfbba1b527b0a164f9493f3db9e8cb upstream. Commit 5942ddbc500d ("mtd: introduce mtd_block_markbad interface") incorrectly changed onenand_block_markbad() to call m

[PATCH 3.2 062/115] ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 902eb7fd1e4af3ac69b9b30f8373f118c92b9729 upstream. Just a minor code cleanup: unify the error paths. Signed-off-by: Takashi Iwai [bwh: Backported to 3.2: adjust context] S

[PATCH 3.2 023/115] x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas commit b894157145e4ac7598d7062bc93320898a5e059e upstream. The Home Agent and PCU PCI devices in Broadwell-EP have a non-BAR register where a BAR should be. We don't know what the

[PATCH 3.2 033/115] net: Fix use after free in the recvmmsg exit path

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnaldo Carvalho de Melo commit 34b88a68f26a75e4fded796f1a49c40f82234b7d upstream. The syzkaller fuzzer hit the following use-after-free: Call Trace: [] __asan_report_load8_noabort+0x3e/0

[PATCH 3.2 045/115] USB: usb_driver_claim_interface: add sanity checking

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 0b818e3956fc1ad976bee791eadcbb3b5fec5bfd upstream. Attacks that trick drivers into passing a NULL pointer to usb_driver_claim_interface() using forged descriptors are known

[PATCH 3.2 106/115] sh_eth: fix NULL pointer dereference in sh_eth_ring_format()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov [ Upstream commit c1b7fca65070bfadca94dd53a4e6b71cd4f69715 ] In a low memory situation, if netdev_alloc_skb() fails on a first RX ring loop iteration in sh_eth_ring_format(), '

[PATCH 3.2 112/115] ipv6: Count in extension headers in skb->network_header

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Jakub Sitnicki [ Upstream commit 3ba3458fb9c050718b95275a3310b74415e767e2 ] When sending a UDPv6 message longer than MTU, account for the length of fragmentable IPv6 extension headers in skb->n

[PATCH 3.2 105/115] ax25: add link layer header validation function

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit ea47781c26510e5d97f80f9aceafe9065bd5e3aa ] As variable length protocol, AX25 fails link layer header validation tests based on a minimum length. header_ops.va

[PATCH 3.16 039/217] mac80211: fix unnecessary frame drops in mesh fwding

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Michal Kazior commit cf44012810ccdd8fd947518e965cb04b7b8498be upstream. The ieee80211_queue_stopped() expects hw queue number but it was given raw WMM AC number instead. This could cause fram

[PATCH 3.2 102/115] sctp: lack the check for ports in sctp_v6_cmp_addr

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 40b4f0fd74e46c017814618d67ec9127ff20f157 ] As the member .cmp_addr of sctp_af_inet6, sctp_v6_cmp_addr should also check the port of addresses, just like sctp_v4_cmp_a

[PATCH 3.2 051/115] ethernet: micrel: fix some error codes

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 3af0d554c1ce11e9d0953381ff566271f9ab81a9 upstream. There were two issues here: 1) dma_mapping_error() return true/false but we want to return -ENOMEM 2) If dmaengine_prep_s

[PATCH] Documentation: fix common spelling mistakes

This fixes several spelling mistakes in the Documentation/ tree, which are caught by checkpatch.pl's spell checking. Signed-off-by: Kees Cook --- Documentation/ABI/obsolete/sysfs-driver-hid-roccat-savu | 4 ++-- Documentation/ABI/testing/sysfs-bus-event_source-devices-hv_24x7 | 2 +- Do

[PATCH 3.2 081/115] usbnet: cleanup after bind() in probe()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 1666984c8625b3db19a9abc298931d35ab7bc64b upstream. In case bind() works, but a later error forces bailing in probe() in error cases work and a timer may be scheduled. They

[PATCH 3.2 069/115] ALSA: timer: Use mod_timer() for rearming the system timer

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 4a07083ed613644c96c34a7dd2853dc5d7c70902 upstream. ALSA system timer backend stops the timer via del_timer() without sync and leaves del_timer_sync() at the close instead.

[PATCH 3.2 043/115] Input: synaptics - handle spurious release of trackstick buttons, again

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Benjamin Tissoires commit 82be788c96ed5978d3cb4a00079e26b981a3df3f upstream. Looks like the fimware 8.2 still has the extra buttons spurious release bug. Link: https://bugzilla.kernel.org/show

[PATCH 3.16 079/217] bcache: cleaned up error handling around register_cache()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Wheeler commit 9b299728ed777428b3908ac72ace5f8f84b97789 upstream. Fix null pointer dereference by changing register_cache() to return an int instead of being void. This allows it to retu

[PATCH 3.2 039/115] x86/iopl/64: Properly context-switch IOPL on Xen PV

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit b7a584598aea7ca73140cb87b40319944dd3393f upstream. On Xen PV, regs->flags doesn't reliably reflect IOPL and the exit-to-userspace code doesn't change IOPL. We need to co

[PATCH 3.2 104/115] net: validate variable length ll headers

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 2793a23aacbd754dbbb5cb75093deb7e4103bace ] Netdevice parameter hard_header_len is variously interpreted both as an upper and lower bound on link layer header

[PATCH 3.16 001/217] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream. dct_sel_base_off is declared as a u64 but we're only using the lower 32 bits because of a shift wrapping bug. This can p

[PATCH 3.2 089/115] tcp_yeah: don't set ssthresh below 2

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Neal Cardwell [ Upstream commit 83d15e70c4d8909d722c0d64747d8fb42e38a48f ] For tcp_yeah, use an ssthresh floor of 2, the same floor used by Reno and CUBIC, per RFC 5681 (equation 4). tcp_yeah_

[PATCH 3.2 094/115] ipv6/udp: use sticky pktinfo egress ifindex on connect()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Paolo Abeni [ Upstream commit 1cdda91871470f15e79375991bd2eddc6e86ddb1 ] Currently, the egress interface index specified via IPV6_PKTINFO is ignored by __ip6_datagram_connect(), so that RFC 354

[PATCH 3.2 067/115] sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Martin K. Petersen" commit f08bb1e0dbdd0297258d0b8cd4dbfcc057e57b2a upstream. During revalidate we check whether device capacity has changed before we decide whether to output disk information

[PATCH 3.2 088/115] bridge: Only call /sbin/bridge-stp for the initial network namespace

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Hannes Frederic Sowa [ Upstream commit ff62198553e43cdffa9d539f6165d3e83f8a42bc ] [I stole this patch from Eric Biederman. He wrote:] > There is no defined mechanism to pass network namespace

[PATCH 3.2 065/115] USB: cypress_m8: add endpoint sanity check

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754 upstream. An attack using missing endpoints exists. CVE-2016-3137 Signed-off-by: Oliver Neukum Signed-off-by: Johan Hovold Sign

[PATCH 3.16 004/217] PCI: imx6: Remove broken Gen2 workaround

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Lucas Stach commit a77c5422d7586003643377afdb9915e76d07d21c upstream. Remove the remnants of the workaround for erratum ERR005184 which was never completely implemented. The checks alone don'

[PATCH 3.2 053/115] rapidio/rionet: fix deadlock on SMP

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Aurelien Jacquiot commit 36915976eca58f2eefa040ba8f9939672564df61 upstream. Fix deadlocking during concurrent receive and transmit operations on SMP platforms caused by the use of incorrect loc

[PATCH 3.16 093/217] sctp: fix the transports round robin issue when init is retransmitted

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long commit 39d2adebf137de5f900843f69f5e500932e31047 upstream. prior to this patch, at the beginning if we have two paths in one assoc, they may have the same params other than the last_ti

[PATCH 3.16 011/217] unbreak allmodconfig KCONFIG_ALLCONFIG=...

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 6b87b70c5339f30e3c5b32085e69625906513dc2 upstream. Prior to 3.13 make allmodconfig KCONFIG_ALLCONFIG=/dev/null used to be equivalent to make allmodconfig; these days it

[PATCH 3.2 090/115] phonet: properly unshare skbs in phonet_rcv()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 7aaed57c5c2890634cfadf725173c7c68ea4cb4f ] Ivaylo Dimitrov reported a regression caused by commit 7866a621043f ("dev: add per net_device packet type chains"). sk

[PATCH 3.2 022/115] ipvs: correct initial offset of Call-ID header search in SIP persistence engine

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Marco Angaroni commit 7617a24f83b5d67f4dab1844956be1cebc44aec8 upstream. The IPVS SIP persistence engine is not able to parse the SIP header "Call-ID" when such header is inserted in the first

[PATCH 3.2 084/115] ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eryu Guan commit 5e1021f2b6dff1a86a468a1424d59faae2bc63c1 upstream. ext4_reserve_inode_write() in ext4_mark_inode_dirty() could fail on error (e.g. EIO) and iloc.bh can be NULL in this case. Bu

[PATCH 3.2 058/115] ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Joseph Qi commit be12b299a83fc807bbaccd2bcb8ec50cbb0cb55c upstream. When master handles convert request, it queues ast first and then returns status. This may happen that the ast is sent befor

[PATCH 3.2 040/115] x86/iopl: Fix iopl capability check on Xen PV

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit c29016cf41fe9fa994a5ecca607cf5f1cd98801e upstream. iopl(3) is supposed to work if iopl is already 3, even if unprivileged. This didn't work right on Xen PV. Fix it. Re

[PATCH 3.16 069/217] rt2x00: add new rt2800usb device Buffalo WLI-UC-G450

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Anthony Wong commit f36f299068794ffc5026f25b6a1b3ed615ea832d upstream. Add USB ID 0411:01fd for Buffalo WLI-UC-G450 wireless adapter, RT chipset 3593 Signed-off-by: Anthony Wong Acked-by: St

[PATCH 3.2 085/115] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Vijay Pandurangan [ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ] Packets that arrive from real hardware devices have ip_summed == CHECKSUM_UNNECESSARY if the hardware verified the

[PATCH 3.2 049/115] tracing: Fix crash from reading trace_pipe with sendfile

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (Red Hat)" commit a29054d9478d0435ab01b7544da4f674ab13f533 upstream. If tracing contains data and the trace_pipe file is read with sendfile(), then it can trigger a NULL pointer

[PATCH 3.16 005/217] PCI: imx6: Move link up check into imx6_pcie_wait_for_link()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Lucas Stach commit 4d107d3b5a686b5834e533a00b73bf7b1cf59df7 upstream. imx6_pcie_link_up() previously used usleep_range() to wait for the link to come up. Since it may be called while holding

[PATCH 3.2 093/115] net: dp83640: Fix tx timestamp overflow handling.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Manfred Rudigier [ Upstream commit 81e8f2e930fe76b9814c71b9d87c30760b5eb705 ] PHY status frames are not reliable, the PHY may not be able to send them during heavy receive traffic. This overflo

[PATCH 3.16 063/217] of: alloc anywhere from memblock if range not specified

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Vinayak Menon commit e53b50c0cbe392c946807abf7d07615a3c588642 upstream. early_init_dt_alloc_reserved_memory_arch passes end as 0 to __memblock_alloc_base, when limits are not specified. But __

[PATCH 3.2 071/115] usb: renesas_usbhs: fix to avoid using a disabled ep in usbhsg_queue_done()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 4fccb0767fdbdb781a9c5b5c15ee7b219443c89d upstream. This patch fixes an issue that usbhsg_queue_done() may cause kernel panic when dma callback is running and usb_ep_dis

Re: [PATCH] Documentation: fix common spelling mistakes

On 04/26/16 16:28, Kees Cook wrote: > This fixes several spelling mistakes in the Documentation/ tree, which > are caught by checkpatch.pl's spell checking. > > Signed-off-by: Kees Cook > --- > Documentation/ABI/obsolete/sysfs-driver-hid-roccat-savu | 4 ++-- > Documentation/ABI/testing

[PATCH 3.2 107/115] macvtap: always pass ethernet header in linear

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 8e2ad4113ce4671686740f808ff2795395c39eef ] The stack expects link layer headers in the skb linear section. Macvtap can create skbs with llheader in frags in e

[PATCH 3.2 086/115] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 068d8bd338e855286aea54e70d1c101569284b21 ] In sctp_close, sctp_make_abort_user may return NULL because of memory allocation failure. If this happens, it will bypass a

[PATCH 3.16 072/217] perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit e72daf3f4d764c47fb71c9bdc7f9c54a503825b1 upstream. Using PAGE_SIZE buffers makes the WRMSR to PERF_GLOBAL_CTRL in intel_pmu_enable_all() mysteriously hang on Core2. As a worka

[PATCH 3.2 054/115] ppp: take reference on channels netns

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Guillaume Nault commit 1f461dcdd296eecedac6bae2bfa90bd7eb89 upstream. Let channels hold a reference on their network namespace. Some channel types, like ppp_async and ppp_synctty, can have

[PATCH 3.2 028/115] Bluetooth: btusb: Add a new AR3012 ID 13d3:3472

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Dmitry Tunin commit 75c6aca4765dbe3d0c1507ab5052f2e373dc2331 upstream. T: Bus=01 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1

[PATCH 3.2 032/115] Input: powermate - fix oops with malicious USB descriptors

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Josh Boyer commit 9c6ba456711687b794dcf285856fc14e2c76074f upstream. The powermate driver expects at least one valid USB endpoint in its probe function. If given malicious descriptors that spe

[PATCH 3.2 057/115] ocfs2/dlm: fix race between convert and recovery

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Joseph Qi commit ac7cf246dfdbec3d8fed296c7bf30e16f5099dac upstream. There is a race window between dlmconvert_remote and dlm_move_lockres_to_recovery_list, which will cause a lock with OCFS2_LO

[PATCH 3.2 050/115] splice: handle zero nr_pages in splice_to_pipe()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Rabin Vincent commit d6785d9152147596f60234157da2b02540c3e60f upstream. Running the following command: busybox cat /sys/kernel/debug/tracing/trace_pipe > /dev/null with any tracing enabled p

[PATCH 3.2 059/115] hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 3c2e2266a5bd2d1cef258e6e54dca1d99946379f upstream. arm:pxa_defconfig can result in the following crash if the max driver is not instantiated. Unhandled fault: page dom

[PATCH 3.2 020/115] KVM: i8254: change PIT discard tick policy

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Radim Krčmář commit 7dd0fdff145c5be7146d0ac06732ae3613412ac1 upstream. Discard policy uses ack_notifiers to prevent injection of PIT interrupts before EOI from the last one. This patch changes

[PATCH 3.2 055/115] Input: ati_remote2 - fix crashes on detecting device with invalid descriptor

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Vladis Dronov commit 950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d upstream. The ati_remote2 driver expects at least two interfaces with one endpoint each. If given malicious descriptor that specify

[PATCH 3.2 095/115] net/ipv6: add sysctl option accept_ra_min_hop_limit

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Hangbin Liu [ Upstream commit 8013d1d7eafb0589ca766db6b74026f76b7f5cb4 ] Commit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface") disabled accept hop limit from RA if it is smaller

[PATCH 3.2 092/115] af_iucv: Validate socket address length in iucv_sock_bind()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Ursula Braun [ Upstream commit 52a82e23b9f2a9e1d429c5207f8575784290d008 ] Signed-off-by: Ursula Braun Reported-by: Dmitry Vyukov Reviewed-by: Evgeny Cherkashin Signed-off-by: David S. Miller

Re: [PATCH] Documentation: fix common spelling mistakes

On Tue, Apr 26, 2016 at 4:34 PM, Randy Dunlap wrote: > On 04/26/16 16:28, Kees Cook wrote: >> This fixes several spelling mistakes in the Documentation/ tree, which >> are caught by checkpatch.pl's spell checking. >> >> Signed-off-by: Kees Cook >> --- >> Documentation/ABI/obsolete/sysfs-driver-h

[PATCH 3.16 036/217] Bluetooth: btusb: Add new AR3012 ID 13d3:3395

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dmitry Tunin commit 609574eb46335cfac1421a07c0505627cbbab1f0 upstream. T: Bus=03 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1

[PATCH 3.16 031/217] [media] saa7134: Fix bytesperline not being set correctly for planar formats

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 3e71da19f9dc22e39a755d6ae9678661abb66adc upstream. bytesperline should be the bytesperline for the first plane for planar formats, not that of all planes combined. This f

[PATCH 3.2 027/115] jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: OGAWA Hirofumi commit c0a2ad9b50dd80eeccd73d9ff962234590d5ec93 upstream. On umount path, jbd2_journal_destroy() writes latest transaction ID (->j_tail_sequence) to be used at next mount. The b

[PATCH v4] ARM: dts: imx6: Add dts for Embest MarS Board

Embest MarS Board [1] is a multi-core platform based on Freescale i.MX6 Cortex-A9 Dual Core, running up to 1GHz with 1 GB of RAM, 4GB of eMMC and with a 4MB SPI flash. [1] http://www.embest-tech.com/shop/star/marsboard.html Signed-off-by: Sergio Prado --- Changes v3 -> v4: - nodes sorted alphab

Re: [GIT PULL] drm: Add support of ARC PGU display controller

On 27 April 2016 at 01:28, Alexey Brodkin wrote: > Hi Dave, > > This is DRM driver for ARC PGU - simple bitstreamer used on > Synopsys ARC SDP boards (both AXS101 and AXS103). Hi Alexey, I've pulled this tree into drm-next now, it seems to at least build here, Thanks, Dave.

[PATCH 3.2 048/115] lpfc: fix misleading indentation

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit aeb6641f8ebdd61939f462a8255b316f9bfab707 upstream. gcc-6 complains about the indentation of the lpfc_destroy_vport_work_array() call in lpfc_online(), which clearly doesn't

[PATCH v2] Documentation: fix common spelling mistakes

This fixes several spelling mistakes in the Documentation/ tree, which are caught by checkpatch.pl's spell checking. Signed-off-by: Kees Cook --- Documentation/ABI/obsolete/sysfs-driver-hid-roccat-savu | 11 ++- .../ABI/testing/sysfs-bus-event_source-devices-hv_24x7| 2 +-

[PATCH 3.2 025/115] drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Mario Kleiner commit 459ee1c3fd097ab56ababd8ff4bb7ef6a792de33 upstream. As observed on Apple iMac10,1, DCE-3.2, RV-730, link rate of 2.7 Ghz is not selected, because the args.v1.ucConfig flag s

[PATCH 3.2 078/115] netfilter: x_tables: make sure e->next_offset covers remaining blob size

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 upstream. Otherwise this function may read data beyond the ruleset blob. Signed-off-by: Florian Westphal Signed-off-by: Pablo

[PATCH 3.2 091/115] ipv6: update skb->csum when CE mark is propagated

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 34ae6a1aa0540f0f781dd265366036355fdc8930 ] When a tunnel decapsulates the outer header, it has to comply with RFC 6080 and eventually propagate CE mark into inner

[PATCH 3.16 038/217] aacraid: Fix memory leak in aac_fib_map_free

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Raghava Aditya Renukunta commit f88fa79a61726ce9434df9b4aede36961f709f17 upstream. aac_fib_map_free() calls pci_free_consistent() without checking that dev->hw_fib_va is not NULL and dev->max_

[PATCH 3.2 099/115] bio: return EINTR if copying to user space got interrupted

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Hannes Reinecke commit 2d99b55d378c996b9692a0c93dd25f4ed5d58934 upstream. Commit 35dc248383bbab0a7203fca4d722875bc81ef091 introduced a check for current->mm to see if we have a user space conte

<    1   2   3   4   5   6   7   8   9   10   >