[PATCH 4.4 55/91] ath9k: fix race condition in enabling/disabling IRQs

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Felix Fietkau commit 3a5e969bb2f6692a256352649355d56d018d6b88 upstream. The code currently relies on refcounting to disable IRQs from within the IRQ handler and re-enabling them again after the

[PATCH 4.4 56/91] ath9k: use correct OTP register offsets for the AR9340 and AR9550

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Christian Lamparter commit c9f1e32600816d695f817477d56490bfc2ba43c6 upstream. This patch fixes the OTP register definitions for the AR934x and AR9550 WMAC SoC. Previously, the ath9k driver was

Re: [PATCH] mm, vmscan: do not loop on too_many_isolated for ever

Michal Hocko wrote: > On Thu 09-03-17 13:05:40, Johannes Weiner wrote: > > On Tue, Mar 07, 2017 at 02:52:36PM -0500, Rik van Riel wrote: > > > It only does this to some extent. If reclaim made > > > no progress, for example due to immediately bailing > > > out because the number of already isolate

[PATCH 4.4 54/91] ath5k: drop bogus warning on drv_set_key with unsupported cipher

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Felix Fietkau commit a70e1d6fd6b5e1a81fa6171600942bee34f5128f upstream. Simply return -EOPNOTSUPP instead. Signed-off-by: Felix Fietkau Signed-off-by: Kalle Valo Signed-off-by: Greg Kroah-Ha

Re: [PATCH v5 17/39] [media] v4l2-mc: add a function to inherit controls from a pipeline

On 10/03/17 05:52, Steve Longerbeam wrote: > v4l2_pipeline_inherit_controls() will add the v4l2 controls from > all subdev entities in a pipeline to a given video device. > > Signed-off-by: Steve Longerbeam > --- > drivers/media/v4l2-core/v4l2-mc.c | 48 > +++

[PATCH 4.4 57/91] crypto: testmgr - Pad aes_ccm_enc_tv_template vector

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Laura Abbott commit 1c68bb0f62bf8de8bb30123ea840d5168f25abea upstream. Running with KASAN and crypto tests currently gives BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr

[PATCH 4.4 26/91] iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu

4.4-stable review patch. If anyone has any objections, please let me know. -- From: CQ Tang commit aaa59306b0b7e0ca4ba92cc04c5db101cbb1c096 upstream. Some of the macros are incorrect with wrong bit-shifts resulting in picking the incorrect invalidation granularity. Incorrect S

Re: [RFC PATCH 00/12] Ion cleanup in preparation for moving out of staging

On 10/03/17 10:31, Brian Starkey wrote: > Hi, > > On Thu, Mar 09, 2017 at 09:38:49AM -0800, Laura Abbott wrote: >> On 03/09/2017 02:00 AM, Benjamin Gaignard wrote: > > [snip] > >>> >>> For me those patches are going in the right direction. >>> >>> I still have few questions: >>> - since alignmen

[PATCH RFC] KVM: VMX: drop vmm_exclusive module parameter

vmm_exclusive=0 leads to KVM setting X86_CR4_VMXE always and calling VMXON only when the vcpu is loaded. X86_CR4_VMXE is used as an indication in cpu_emergency_vmxoff() (called on kdump) if VMXOFF has to be called. This is obviously not the case if both are used independtly. Calling VMXOFF without

[PATCH 4.4 25/91] regulator: Fix regulator_summary for deviceless consumers

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Leonard Crestez commit e42a46b6f52473661ad192f76a128a68fe301df4 upstream. It is allowed to call regulator_get with a NULL dev argument (_regulator_get explicitly checks for it) but this causes

[PATCH 4.4 23/91] ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hui Wang commit 29693efcea0f38cf40d0055d2401490a4f9bf8be upstream. On this machine, the micmute button is connected to Line2 of the codec and the micmute led is connected to GPIO2 of the codec.

[PATCH 4.4 59/91] arm/arm64: KVM: Enforce unconditional flush to PoC when mapping to stage-2

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit 8f36ebaf21fdae99c091c67e8b6fab33969f2667 upstream. When we fault in a page, we flush it to the PoC (Point of Coherency) if the faulting vcpu has its own caches off, so that

[PATCH 4.4 24/91] staging: rtl: fix possible NULL pointer dereference

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 6e017006022abfea5d2466cad936065f45763ad1 upstream. gcc-7 detects that wlanhdr_to_ethhdr() in two drivers calls memcpy() with a destination argument that an earlier function

[PATCH 4.4 34/91] scsi: storvsc: use tagged SRB requests if supported by the device

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Long Li commit 3cd6d3d9b1abab8dcdf0800224ce26daac24eea2 upstream. Properly set SRB flags when hosting device supports tagged queuing. This patch improves the performance on Fiber Channel disks.

Re: [PATCH v2] usb: gadget: legacy gadgets are optional

Hi, Romain Izard writes: > Hello Felipe, > > 2017-03-10 10:15 GMT+01:00 Felipe Balbi : >> >> Hi, >> >> Romain Izard writes: >>> With commit "usb: gadget: don't couple configfs to legacy gadgets" >>> it is possible to build a modular kernel with both built-in configfs >>> support and modular leg

[PATCH 4.4 44/91] ext4: Include forgotten start block on fallocate insert range

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Roman Pen commit 2a9b8cba62c0741109c33a2be700ff3d7703a7c2 upstream. While doing 'insert range' start block should be also shifted right. The bug can be easily reproduced by the following test:

[PATCH 4.4 50/91] ext4: return EROFS if device is r/o and journal replay is needed

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 4753d8a24d4588657bc0a4cd66d4e282dff15c8c upstream. If the file system requires journal recovery, and the device is read-ony, return EROFS to the mount system call. This al

Re: [PATCH v5 22/39] media: Add userspace header file for i.MX

On 10/03/17 05:53, Steve Longerbeam wrote: > This adds a header file for use by userspace programs wanting to interact > with the i.MX media driver. It defines custom v4l2 controls for the > i.MX v4l2 subdevices. > > Signed-off-by: Steve Longerbeam I would not export this while the imx driver is

[PATCH 4.4 36/91] scsi: storvsc: properly set residual data length on errors

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Long Li commit 40630f462824ee24bc00d692865c86c3828094e0 upstream. On I/O errors, the Windows driver doesn't set data_transfer_length on error conditions other than SRB_STATUS_DATA_OVERRUN. In t

[PATCH 4.4 41/91] jbd2: dont leak modified metadata buffers on an aborted journal

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit e112666b4959b25a8552d63bc564e1059be703e8 upstream. If the journal has been aborted, we shouldn't mark the underlying buffer head as dirty, since that will cause the metadat

[PATCH 4.4 53/91] target: Fix multi-session dynamic se_node_acl double free OOPs

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit 01d4d673558985d9a118e1e05026633c3e2ade9b upstream. This patch addresses a long-standing bug with multi-session (eg: iscsi-target + iser-target) se_node_acl dynamic fre

[PATCH 3.16 004/370] crypto: arm64/sha2-ce - fix for big endian

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit 174122c39c369ed924d2608fc0be0171997ce800 upstream. The SHA256 digest is an array of 8 32-bit quantities, so we should refer to them as such in order for this code to work

[PATCH 4.4 52/91] target: Obtain se_node_acl->acl_kref during get_initiator_node_acl

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit 21aaa23b0ebbd19334fa461370c03cbb076b3295 upstream. This patch addresses a long standing race where obtaining se_node_acl->acl_kref in __transport_register_session() ha

[PATCH 3.16 001/370] staging: iio: ad7606: fix improper setting of oversampling pins

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Eva Rachel Retuya commit b321a38d2407c7e425c54bc09be909a34e49f740 upstream. The oversampling ratio is controlled using the oversampling pins, OS [2:0] with OS2 being the MSB control bit, and O

[PATCH 3.16 000/370] 3.16.42-rc1 review

This is the start of the stable review cycle for the 3.16.42 release. There are 370 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 15 00:00:00 UTC 2017. Anything rece

[PATCH 3.16 022/370] scsi: megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Kashyap Desai commit 18e1c7f68a5814442abad849abe6eacbf02ffd7c upstream. For SRIOV enabled firmware, if there is a OCR(online controller reset) possibility driver set the convert flag to 1, whi

[PATCH 3.16 228/370] net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Jack Morgenstein commit 9577b174cd0323d287c994ef0891db71666d0765 upstream. When running SRIOV, warnings for SRQ LIMIT events flood the Hypervisor's message log when (correct, normally operatin

[PATCH 3.16 123/370] Input: i8042 - add Pegatron touchpad to noloop table

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Marcos Paulo de Souza commit 41c567a5d7d1a986763e58c3394782813c3bcb03 upstream. Avoid AUX loopback in Pegatron C15B touchpad, so input subsystem is able to recognize a Synaptics touchpad in th

[PATCH 3.16 253/370] USB: serial: option: add device ID for HP lt2523 (Novatel E371)

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork commit 5d03a2fd2292e71936c4235885c35ccc3c94695b upstream. Yet another laptop vendor rebranded Novatel E371. Signed-off-by: Bjørn Mork Signed-off-by: Johan Hovold Signed-off-by: B

[PATCH 3.16 306/370] printk: use rcuidle console tracepoint

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergey Senozhatsky commit fc98c3c8c9dcafd67adcce69e6ce3191d5306c9c upstream. Use rcuidle console tracepoint because, apparently, it may be issued from an idle CPU: hw-breakpoint: Failed to

[PATCH 3.2 043/199] s390/vmlogrdr: fix IUCV buffer allocation

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Gerald Schaefer commit 5457e03de918f7a3e294eb9d26a608ab8a579976 upstream. The buffer for iucv_message_receive() needs to be below 2 GB. In __iucv_message_receive(), the buffer address is casted

[PATCH 3.2 144/199] l2tp: do not use udp_ioctl()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 72fb96e7bdbbdd4421b0726992496531060f3636 upstream. udp_ioctl(), as its name suggests, is used by UDP protocols, but is also used by L2TP :( L2TP should use its own handler,

[PATCH 3.2 109/199] gro: use min_t() in skb_gro_reset_offset()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 7cfd5fd5a9813f1430290d20c0fead9b4582a307 upstream. On 32bit arches, (skb->end - skb->data) is not 'unsigned int', so we shall use min_t() instead of min() to avoid a compile

[PATCH 3.2 130/199] ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Dave Martin commit 228dbbfb5d77f8e047b2a1d78da14b7158433027 upstream. Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registe

[PATCH 3.2 107/199] vme: Fix wrong pointer utilization in ca91cx42_slave_get

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Augusto Mecking Caringi commit c8a6a09c1c617402cc9254b2bc8da359a0347d75 upstream. In ca91cx42_slave_get function, the value pointed by vme_base pointer is set through: *vme_base = ioread32(bri

[PATCH 3.2 176/199] net: sky2: Fix shutdown crash

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Jeremy Linton [ Upstream commit 06ba3b2133dc203e1e9bc36cee7f0839b79a9e8b ] The sky2 frequently crashes during machine shutdown with: sky2_get_stats+0x60/0x3d8 [sky2] dev_get_stats+0x68/0xd8 rt

[PATCH 3.2 140/199] btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Jeff Mahoney commit 2a362249187a8d0f6d942d6e1d763d150a296f47 upstream. Commit 4c63c2454ef incorrectly assumed that returning -ENOIOCTLCMD would cause the native ioctl to be called. The ->compa

[PATCH 3.2 112/199] i2c: fix kernel memory disclosure in dev interface

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Vlad Tsyrklevich commit 30f939feaeee23e21391cfc7b484f012eb189c3c upstream. i2c_smbus_xfer() does not always fill an entire block, allowing kernel stack memory disclosure through the temp variab

[PATCH 3.2 135/199] ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 37a7ea4a9b81f6a864c10a7cb0b96458df5310a3 upstream. snd_seq_pool_done() syncs with closing of all opened threads, but it aborts the wait loop with a timeout, and proceeds to

[PATCH 3.2 111/199] mmc: mxs-mmc: Fix additional cycles after transmission stop

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Stefan Wahren commit 01167c7b9cbf099c69fe411a228e4e9c7104e123 upstream. According to the code the intention is to append 8 SCK cycles instead of 4 at end of a MMC_STOP_TRANSMISSION command. But

[PATCH 3.2 142/199] scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit 2dfa6688aafdc3f74efeb1cf05fb871465d67f79 upstream. Dan Carpenter kindly reported: The patch d27a7cb91960: "zfcp: trace on request for open and close of WKA port" from Aug

[PATCH 3.2 143/199] xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Boris Ostrovsky commit 74470954857c264168d2b5a113904cf0cfd27d18 upstream. rx_refill_timer should be deleted as soon as we disconnect from the backend since otherwise it is possible for the time

[PATCH 3.2 171/199] dccp: fix out of bound access in dccp_v4_err()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 ] dccp_v4_err() does not use pskb_may_pull() and might access garbage. We only need 4 bytes at the beginning of the DCCP

[PATCH 3.2 102/199] ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Mark Rutland commit ddc37832a1349f474c4532de381498020ed71d31 upstream. On APQ8060, the kernel crashes in arch_hw_breakpoint_init, taking an undefined instruction trap within write_wb_reg. This

[PATCH 3.2 099/199] USB: serial: ch341: fix open error handling

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit f2950b78547ffb8475297ada6b92bc2d774d5461 upstream. Make sure to stop the interrupt URB before returning on errors during open. Fixes: 664d5df92e88 ("USB: usb-serial ch341:

[PATCH 3.2 100/199] USB: serial: ch341: fix resume after reset

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit ce5e292828117d1b71cbd3edf9e9137cf31acd30 upstream. Fix reset-resume handling which failed to resubmit the read and interrupt URBs, thereby leaving a port that was open befor

[PATCH 3.2 072/199] USB: serial: keyspan_pda: verify endpoints at probe

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 5d9b0f859babe96175cd33d7162a9463a875ffde upstream. Check for the expected endpoints in attach() and fail loudly if not present. Note that failing to do this appears to be b

[PATCH 3.2 183/199] igmp: Make igmp group member RFC 3376 compliant

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Michal Tesar [ Upstream commit 7ababb782690e03b78657e27bd051e20163af2d6 ] 5.2. Action on Reception of a Query When a system receives a Query, it does not respond immediately. Instead, it del

[PATCH 3.2 167/199] net: sctp, forbid negative length

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Jiri Slaby [ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ] Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(i

[PATCH 3.2 175/199] ip6_tunnel: disable caching when the traffic class is inherited

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Paolo Abeni [ Upstream commit b5c2d49544e5930c96e2632a7eece3f4325a1888 ] If an ip6 tunnel is configured to inherit the traffic class from the inner header, the dst_cache must be disabled or it

[PATCH 3.2 174/199] sock: fix sendmmsg for partial sendmsg

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Soheil Hassas Yeganeh [ Upstream commit 3023898b7d4aac65987bd2f485cc22390aae6f78 ] Do not send the next message in sendmmsg for partial sendmsg invocations. sendmmsg assumes that it can contin

[PATCH 3.2 178/199] net/dccp: fix use-after-free in dccp_invalid_packet

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 648f0c28df282636c0c8a7a19ca3ce5fc80a39c3 ] pskb_may_pull() can reallocate skb->head, we need to reload dh pointer in dccp_invalid_packet() or risk use after free.

[PATCH 3.2 179/199] netvsc: reduce maximum GSO size

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: stephen hemminger [ Upstream commit a50af86dd49ee1851d1ccf06dd0019c05b95e297 ] Hyper-V (and Azure) support using NVGRE which requires some extra space for encapsulation headers. Because of this

[PATCH 3.2 095/199] USB: serial: ch341: reinitialize chip on reconfiguration

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Aidan Thornton commit 4e46c410e050bcac36deadbd8e20449d078204e8 upstream. Changing the LCR register after initialization does not seem to be reliable on all chips (particularly not on CH341A). R

[PATCH 3.2 177/199] net/sched: pedit: make sure that offset is valid

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Amir Vadai [ Upstream commit 95c2027bfeda21a28eb245121e6a249f38d0788e ] Add a validation function to make sure offset is valid: 1. Not below skb head (could happen when offset is negative). 2.

[PATCH 3.2 189/199] tcp: fix 0 divide in __tcp_select_window()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 06425c308b92eaf60767bc71d359f4cbc7a561f8 ] syszkaller fuzzer was able to trigger a divide by zero, when TCP window scaling is not enabled. SO_RCVBUF can be used

[PATCH 3.2 166/199] tcp: fix wrong checksum calculation on MTU probing

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Douglas Caetano dos Santos [ Upstream commit 2fe664f1fcf7c4da6891f95708a7a56d3c024354 ] With TCP MTU probing enabled and offload TX checksumming disabled, tcp_mtu_probe() calculated the wrong c

[PATCH 3.2 170/199] dccp: do not send reset to already closed sockets

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 346da62cc186c4b4b1ac59f87f4482b47a047388 ] Andrey reported following warning while fuzzing with syzkaller WARNING: CPU: 1 PID: 21072 at net/dccp/proto.c:83 dccp_

[PATCH 3.2 172/199] ipv6: dccp: fix out of bound access in dccp_v6_err()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 1aa9d1a0e7eefcc61696e147d123453fc0016005 ] dccp_v6_err() does not use pskb_may_pull() and might access garbage. We only need 4 bytes at the beginning of the DCCP

[PATCH 3.2 185/199] net: socket: fix recvmmsg not returning error from sock_error

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Maxime Jayat [ Upstream commit e623a9e9dec29ae811d11f83d0074ba254aba374 ] Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"), changed the exit path of recvmmsg to always

[PATCH 3.2 184/199] ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Kefeng Wang [ Upstream commit 03e4deff4987f79c34112c5ba4eb195d4f9382b0 ] Just like commit 4acd4945cd1e ("ipv6: addrconf: Avoid calling netdevice notifiers with RCU read-side lock"), it is unnec

RE: [v2, 2/4] mtd: spi-nor: Add Octal SPI support to Cadence QSPI driver.

From: Marek Vasut [mailto:marek.va...@gmail.com] Sent: 10 March 2017 04:37 > On 03/08/2017 09:02 AM, Artur Jedrysek wrote: > > Recent versions of Cadence QSPI controller support Octal SPI transfers > > as well. This patch updates existing driver to support such feature. > > > > It is not possible

[PATCH 3.2 133/199] netlabel: out of bound access in cipso_v4_validate()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit d71b7896886345c53ef1d84bda2bc758554f5d61 upstream. syzkaller found another out of bound access in ip_options_compile(), or more exactly in cipso_v4_validate() Fixes: 20e2a8

[PATCH 3.2 182/199] drop_monitor: consider inserted data in genlmsg_end

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Reiter Wolfgang [ Upstream commit 3b48ab2248e61408910e792fe84d6ec466084c1a ] Final nlmsg_len field update must reflect inserted net_dm_drop_point data. This patch depends on previous patch: "d

[PATCH 3.2 114/199] net/mlx4_core: Fix racy CQ (Completion Queue) free

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Jack Morgenstein commit 291c566a28910614ce42d0ffe82196eddd6346f4 upstream. In function mlx4_cq_completion() and mlx4_cq_event(), the radix_tree_lookup requires a rcu_read_lock. This is mandator

[PATCH 3.2 173/199] sctp: assign assoc_id earlier in __sctp_connect

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Marcelo Ricardo Leitner [ Upstream commit 7233bc84a3aeda835d334499dc00448373caf5c0 ] sctp_wait_for_connect() currently already holds the asoc to keep it alive during the sleep, in case another

[PATCH 3.2 181/199] drop_monitor: add missing call to genlmsg_end

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Reiter Wolfgang [ Upstream commit 4200462d88f47f3759bdf4705f87e207b0f5b2e4 ] Update nlmsg_len field with genlmsg_end to enable userspace processing using nlmsg_next helper. Also adds error hand

[PATCH 3.2 180/199] ipv6: handle -EFAULT from skb_copy_bits

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Dave Jones [ Upstream commit a98f91758995cb59611e613188a6956b52c3 ] By setting certain socket options on ipv6 raw sockets, we can confuse the length calculation in rawv6_push_pending_frames

[PATCH 3.2 148/199] packet: fix races in fanout_add()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit d199fab63c11998a602205f7ee7ff7c05c97164b upstream. Multiple threads can call fanout_add() at the same time. We need to grab fanout_mutex earlier to avoid races that could l

[PATCH 3.2 169/199] net: mangle zero checksum in skb_checksum_help()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 4f2e4ad56a65f3b7d64c258e373cb71e8d2499f4 ] Sending zero checksum is ok for TCP, but not for UDP. UDPv6 receiver should by default drop a frame with a 0 checksum,

[PATCH 3.2 168/199] net: clear sk_err_soft in sk_clone_lock()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit e551c32d57c88923f99f8f010e89ca7ed0735e83 ] At accept() time, it is possible the parent has a non zero sk_err_soft, leftover from a prior error. Make sure we do n

[PATCH 3.2 163/199] net: fix sk_mem_reclaim_partial()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 1a24e04e4b50939daa3041682b38b82c896ca438 upstream. sk_mem_reclaim_partial() goal is to ensure each socket has one SK_MEM_QUANTUM forward allocation. This is needed both for

Re: [PATCH v2] selinux: check for address length in selinux_socket_bind()

On Thu, Mar 9, 2017 at 2:12 AM, David Miller wrote: > From: Alexander Potapenko > Date: Mon, 6 Mar 2017 19:46:14 +0100 > >> KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of >> uninitialized memory in selinux_socket_bind(): > ... >> (the line numbers are relative to 4.8-r

[PATCH 3.2 160/199] sch_dsmark: update backlog as well

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: WANG Cong [ Upstream commit bdf17661f63a79c3cb4209b970b1cc39e34f7543 ] Similarly, we need to update backlog too when we update qlen. Cc: Jamal Hadi Salim Signed-off-by: Cong Wang Signed-off-

[PATCH 3.2 162/199] ipmr/ip6mr: Initialize the last assert time of mfc entries.

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Tom Goff [ Upstream commit 70a0dec45174c976c64b4c8c1d0898581f759948 ] This fixes wrong-interface signaling on 32-bit platforms for entries created when jiffies > 2^31 + MFC_ASSERT_THRESH. Sign

[PATCH 3.2 138/199] catc: Use heap buffer for memory size test

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings commit 2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478 upstream. Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per defaul

RE: [v2, 4/4] dt-bindings: mtd: Add Octal SPI support to Cadence QSPI.

> From: Marek Vasut [mailto:marek.va...@gmail.com] > Sent: 10 March 2017 04:39 > On 03/08/2017 09:05 AM, Artur Jedrysek wrote: > > This patch updates Cadence QSPI Device Tree documentation to include > > information about new compatible used to indicate, whether or not > > Octal SPI transfers are

[PATCH 3.2 165/199] net: avoid sk_forward_alloc overflows

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 20c64d5cd5a2bdcdc8982a06cb05e5e1bd851a3d ] A malicious TCP receiver, sending SACK, can force the sender to split skbs in write queue and increase its memory usage

Re: [PATCH v5 15/39] [media] v4l2: add a frame interval error event

On 10/03/17 05:52, Steve Longerbeam wrote: > Add a new FRAME_INTERVAL_ERROR event to signal that a video capture or > output device has measured an interval between the reception or transmit > completion of two consecutive frames of video that is outside the nominal > frame interval by some toleran

[PATCH 3.2 164/199] tcp: fix overflow in __tcp_retransmit_skb()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit ffb4d6c8508657824bcef68a36b2a0f9d8c09d10 ] If a TCP socket gets a large write queue, an overflow can happen in a test in __tcp_retransmit_skb() preventing all ret

[PATCH 3.2 158/199] route: do not cache fib route info on local routes with oif

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Chris Friesen [ Upstream commit d6d5e999e5df67f8ec20b6be45e2229455ee3699 ] For local routes that require a particular output interface we do not want to cache the result. Caching the result ca

[PATCH 3.2 159/199] sch_htb: update backlog as well

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: WANG Cong [ Upstream commit 431e3a8e36a05a37126f34b41aa3a5a6456af04e ] We saw qlen!=0 but backlog==0 on our production machine: qdisc htb 1: dev eth0 root refcnt 2 r2q 10 default 1 direct_pack

[PATCH 3.2 121/199] powerpc: Ignore reserved field in DCSR and PVR reads and writes

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Anton Blanchard commit 178f358208ceb8b38e5cff3f815e0db4a6a70a07 upstream. IBM bit 31 (for the rest of us - bit 0) is a reserved field in the instruction definition of mtspr and mfspr. Hardware

Re: [RESEND PATCH v3 5/7] PCI: dwc: all: Modify dbi accessors to access data of 4/2/1 bytes

Hi, On Thursday 09 March 2017 08:18 PM, Niklas Cassel wrote: > On 03/09/2017 07:39 AM, Kishon Vijay Abraham I wrote: >> Previously dbi accessors can be used to access data of size 4 >> bytes. But there might be situations (like accessing >> MSI_MESSAGE_CONTROL in order to set/get the number of req

[PATCH 3.2 151/199] vfs: fix uninitialized flags in splice_to_pipe()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 5a81e6a171cdbd1fa8bc1fdd80c23d3d71816fac upstream. Flags (PIPE_BUF_FLAG_PACKET, PIPE_BUF_FLAG_GIFT) could remain on the unused part of the pipe ring buffer. Previously sp

[PATCH 3.2 161/199] net: bridge: fix old ioctl unlocked net device walk

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Nikolay Aleksandrov [ Upstream commit 31ca0458a61a502adb7ed192bf9716c6d05791a5 ] get_bridge_ifindices() is used from the old "deviceless" bridge ioctl calls which aren't called with rtnl held.

[PATCH 3.2 152/199] packet: call fanout_release, while UNREGISTERING a netdev

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Anoob Soman commit 6664498280cf17a59c3e7cf1a931444c02633ed1 upstream. If a socket has FANOUT sockopt set, a new proto_hook is registered as part of fanout_add(). When processing a NETDEV_UNREGI

[PATCH 3.2 118/199] nbd: fix use-after-free of rq/bio in the xmit path

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Jens Axboe commit 429a787be6793554ee02aacc7e1f11ebcecc4453 upstream. For writes, we can get a completion in while we're still iterating the request and bio chain. If that happens, we're reading

Re: [PATCH v5 16/39] [media] v4l2: add a new-frame before end-of-frame event

On 10/03/17 05:52, Steve Longerbeam wrote: > Add a NEW_FRAME_BEFORE_EOF event to signal that a video capture or > output device has signaled a new frame is ready before a previous > frame has completed reception or transmission. This usually indicates > a DMA read/write channel is having trouble ga

[PATCH 3.2 153/199] packet: Do not call fanout_release from atomic contexts

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Anoob Soman commit 2bd624b4611ffee36422782d16e1c944d1351e98 upstream. Commit 6664498280cf ("packet: call fanout_release, while UNREGISTERING a netdev"), unfortunately, introduced the following

[PATCH 3.2 157/199] decnet: Do not build routes to devices without decnet private data.

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" [ Upstream commit a36a0d4008488fa545c74445d69eaf56377d5d4e ] In particular, make sure we check for decnet private presence for loopback devices. Signed-off-by: David S. Mille

[PATCH 3.2 155/199] irda: Fix lockdep annotations in hashbin_delete().

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" commit 4c03b862b12f980456f9de92db6d508a4999b788 upstream. A nested lock depth was added to the hasbin_delete() code but it doesn't actually work some well and results in tons

[PATCH 3.2 156/199] lib/vsprintf.c: improve sanity check in vsnprintf()

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Rasmus Villemoes commit 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 upstream. On 64 bit, size may very well be huge even if bit 31 happens to be 0. Somehow it doesn't feel right that one can pass

[PATCH 3.2 154/199] Fix missing sanity check in /dev/sg

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 137d01df511b3afe1f05499aea05f3bafc0fb221 upstream. What happens is that a write to /dev/sg is given a request with non-zero ->iovec_count combined with zero ->dxfer_len. Or with

[PATCH 3.2 149/199] [media] siano: make it work again with CONFIG_VMAP_STACK

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit f9c85ee67164b37f9296eab3b754e543e4e96a1c upstream. Reported as a Kaffeine bug: https://bugs.kde.org/show_bug.cgi?id=375811 The USB control messages require

[PATCH 3.2 003/199] [media] ite-cir: initialize use_demodulator before using it

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicolas Iooss commit 7ec03e60ef81c19b5d3a46dd070ee966774b860f upstream. Function ite_set_carrier_params() uses variable use_demodulator after having initialized it to false in some if branches,

[PATCH 3.16 351/370] qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card

3.16.42-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork [ Upstream commit 5b9f57516337b523f7466a53939aaaea7b78141b ] Another rebranded Novatel E371. qmi_wwan should drive this device, while cdc_ether should ignore it. Even though the U

[PATCH 3.2 147/199] futex: Move futex_init() to core_initcall

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Yang Yang commit 25f71d1c3e98ef0e52371746220d66458eac75bc upstream. The UEVENT user mode helper is enabled before the initcalls are executed and is available when the root filesystem has been m

[PATCH 3.2 150/199] net: xilinx_emaclite: fix receive buffer overflow

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Anssi Hannula commit cd224553641848dd17800fe559e4ff5d208553e8 upstream. xilinx_emaclite looks at the received data to try to determine the Ethernet packet length but does not properly clamp it

[PATCH 3.2 084/199] USB: serial: ti_usb_3410_5052: fix NULL-deref at open

3.2.87-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit ef079936d3cd09e63612834fe2698eeada0d8e3f upstream. Fix NULL-pointer dereference in open() should a malicious device lack the expected endpoints: Unable to handle kernel NUL

<    1   2   3   4   5   6   7   8   9   10   >