[PATCH 3.16 006/233] netxen_nic: set rcode to the return status from the call to netxen_issue_cmd

3.16.48-rc1 review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit 0fe20fafd1791f993806d417048213ec57b81045 upstream. Currently rcode is being initialized to NX_RCODE_SUCCESS and later it is checked to see if it is not NX_RCODE_SUCCESS w

[PATCH 3.16 007/233] s390/qeth: handle sysfs error during initialization

3.16.48-rc1 review patch. If anyone has any objections, please let me know. -- From: Ursula Braun commit 9111e7880ccf419548c7b0887df020b08eadb075 upstream. When setting up the device from within the layer discipline's probe routine, creating the layer-specific sysfs attributes

[PATCH 3.16 008/233] s390/qeth: unbreak OSM and OSN support

3.16.48-rc1 review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit 2d2ebb3ed0c6acfb014f98e427298673a5d07b82 upstream. commit b4d72c08b358 ("qeth: bridgeport support - basic control") broke the support for OSM and OSN devices as follows:

[PATCH 3.16 001/233] iio: proximity: as3935: recalibrate RCO after resume

3.16.48-rc1 review patch. If anyone has any objections, please let me know. -- From: Matt Ranostay commit 6272c0de13abf1480f701d38288f28a11b4301c4 upstream. According to the datasheet the RCO must be recalibrated on every power-on-reset. Also remove mutex locking in the calibr

[PATCH 3.2 005/106] USB: serial: ftdi_sio: fix setting latency for unprivileged users

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Anthony Mallet commit bb246681b3ed0967489a7401ad528c1aaa1a4c2e upstream. Commit 557aaa7ffab6 ("ft232: support the ASYNC_LOW_LATENCY flag") enables unprivileged users to set the FTDI latency tim

[PATCH 3.2 006/106] USB: serial: ir-usb: fix big-endian baud-rate debug printk

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit ad0ccac76dcc92c3331f4c94c9fc54f8bf1ab20c upstream. Add missing endianness conversion when printing the supported baud rates. Found using sparse: warning: restricte

[PATCH 3.2 058/106] alarmtimer: Rate limit periodic intervals

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit ff86bf0c65f14346bf2440534f9ba5ac232c39a0 upstream. The alarmtimer code has another source of potentially rearming itself too fast. Interval timers with a very samll inter

[PATCH 3.2 020/106] USB: hub: fix non-SS hub-descriptor handling

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit bec444cd1c94c48df409a35ad4e5b143c245c3f7 upstream. Add missing sanity check on the non-SuperSpeed hub-descriptor length in order to avoid parsing and leaking two bytes of un

[PATCH 3.2 021/106] USB: hub: fix SS max number of ports

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 93491ced3c87c94b12220dbac0527e1356702179 upstream. Add define for the maximum number of ports on a SuperSpeed hub as per USB 3.1 spec Table 10-5, and use it when verifying t

[PATCH 3.2 031/106] usb: musb: tusb6010_omap: Do not reset the other direction's packet size

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Ujfalusi commit 6df2b42f7c040d57d9ecb67244e04e905ab87ac6 upstream. We have one register for each EP to set the maximum packet size for both TX and RX. If for example an RX programming wou

[PATCH 3.2 034/106] powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman commit e41e53cd4fe331d0d1f06f8e4ed7e2cc63ee2c34 upstream. virt_addr_valid() is supposed to tell you if it's OK to call virt_to_page() on an address. What this means in practice

[PATCH 3.2 071/106] perf script python: Updated trace_unhandled() signature

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit 1bf8d5a4a5da19b1f6e7958fe67db4118fa7a1c1 upstream. Default function signature of trace_unhandled() got changed to include a field dict, but its documentation, perf-script-p

[PATCH 3.2 041/106] crypto: gcm - wait for crypto op not signal safe

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Gilad Ben-Yossef commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream. crypto_gcm_setkey() was using wait_for_completion_interruptible() to wait for completion of async crypto op but if a s

[PATCH 3.2 068/106] perf script: Fix outdated comment for perf-trace-python

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit c76132dc5182776b98e946d674cb41c421661ea9 upstream. Script generated by the '--gen-script' option contains an outdated comment. It mentions a 'perf-trace-python' document wh

[PATCH 3.2 022/106] mac80211: strictly check mesh address extension mode

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Rajkumar Manoharan commit 5667c86acf021e6dcf02584408b4484a273ac68f upstream. Mesh forwarding path checks for address extension mode to fetch appropriate proxied address and MPP address. Existin

[PATCH 3.2 028/106] usb: host: xhci-mem: allocate zeroed Scratchpad Buffer

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Chen commit 7480d912d549f414e0ce39331870899e89a5598c upstream. According to xHCI ch4.20 Scratchpad Buffers, the Scratchpad Buffer needs to be zeroed. ... The following op

[PATCH 3.2 057/106] alarmtimer: Prevent overflow of relative timers

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit f4781e76f90df7aec400635d73ea4c35ee1d4765 upstream. Andrey reported a alartimer related RCU stall while fuzzing the kernel with syzkaller. The reason for this is an overf

[PATCH 3.2 072/106] perf script python: Remove dups in documentation examples

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit 14fc42fa1b3e7ea5160c84d0e686a3a0c1ffe619 upstream. Few shell command examples in perf-script-python.txt has few nitpicks include: - tools/perf/scripts/python directory lis

[PATCH 3.2 069/106] perf script: Fix documentation errors

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit 34d4453dac257be53c21abf2f713c992fb692b5c upstream. This commit fixes two errors in documents for perf-script-python and perf-script-perl as below: - /sys/kernel/debug/trac

[PATCH 3.2 026/106] usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Apollo Lake

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Wan Ahmad Zainie commit 6c97cfc1a097b1e0786c836e92b7a72b4d031e25 upstream. Intel Apollo Lake also requires XHCI_PME_STUCK_QUIRK. Adding its PCI ID to quirk. Signed-off-by: Wan Ahmad Zainie Si

[PATCH 3.2 024/106] tracing/kprobes: Enforce kprobes teardown after testing

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 30e7d894c1478c88d50ce94ddcdbd7f9763d9cdd upstream. Enabling the tracer selftest triggers occasionally the warning in text_poke(), which warns when the to be modified page

[PATCH 3.2 030/106] USB: xhci: fix lock-inversion problem

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 63aea0dbab90a2461faaae357cbc8cfd6c8de9fe upstream. With threaded interrupts, bottom-half handlers are called with interrupts enabled. Therefore they can't safely use spin_loc

[PATCH 3.2 025/106] xhci: workaround for hosts missing CAS bit

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 346e99736c3ce328fd42d678343b70243aca5f36 upstream. If a device is unplugged and replugged during Sx system suspend some Intel xHC hosts will overwrite the CAS (Cold attach

[PATCH 3.2 040/106] i2c: i2c-tiny-usb: fix buffer not being DMA capable

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Sebastian Reichel commit 5165da5923d6c7df6f2927b0113b2e4d9288661e upstream. Since v4.9 i2c-tiny-usb generates the below call trace and longer works, since it can't communicate with the USB devi

[PATCH 3.2 035/106] KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Wanpeng Li commit cbfc6c9184ce71b52df4b1d82af5afc81a709178 upstream. Huawei folks reported a read out-of-bounds vulnerability in kvm pio emulation. - "inb" instruction to access PIT Mod/Comman

[PATCH 3.2 062/106] net: ping: do not abuse udp_poll()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream. Alexander reported various KASAN messages triggered in recent kernels The problem is that ping sockets should not use udp

[PATCH 3.2 032/106] drivers: char: mem: Check for address space wraparound with mmap()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Julius Werner commit b299cde245b0b76c977f4291162cf668e087b408 upstream. /dev/mem currently allows mmap() mappings that wrap around the end of the physical address space, which should probably b

[PATCH 3.2 037/106] KVM: x86: zero base3 of unusable segments

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Radim Krčmář commit f0367ee1d64d27fa08be2407df5c125442e885e3 upstream. Static checker noticed that base3 could be used uninitialized if the segment was not present (useable). Random stack valu

[PATCH 3.2 038/106] osf_wait4(): fix infoleak

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit a8c39544a6eb2093c04afd5005b6192bd0e880c6 upstream. failing sys_wait4() won't fill struct rusage... Signed-off-by: Al Viro Signed-off-by: Ben Hutchings --- arch/alpha/kernel/o

[PATCH 3.2 029/106] usb: host: xhci: simplify irq handler return

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Felipe Balbi commit 76a35293b901915c5dcb4a87a4a0da8d7caf39fe upstream. Instead of having several return points, let's use a local variable and a single place to return. This makes the code slig

[PATCH 3.2 023/106] of: fdt: add missing allocation-failure check

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 49e67dd17649b60b4d54966e18ec9c80198227f0 upstream. The memory allocator passed to __unflatten_device_tree() (e.g. a wrapped kzalloc) can fail so add the missing sanity check

[PATCH 3.2 033/106] watchdog: pcwd_usb: fix NULL-deref at probe

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 46c319b848268dab3f0e7c4a5b6e9146d3bca8a4 upstream. Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints.

[PATCH 3.2 036/106] KVM: x86: fix use of uninitialized memory as segment descriptor in emulator.

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Gleb Natapov commit 378a8b099fc207ddcb91b19a8c1457667e0af398 upstream. If VMX reports segment as unusable, zero descriptor passed by the emulator before returning. Such descriptor will be consi

[PATCH 3.2 067/106] perf probe: Fix examples section of documentation

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit d89269a89ebb6a74512f3f40e89cd12017f60a75 upstream. An example in perf-probe documentation for pattern of function name based probe addition is not providing example command

[PATCH 3.2 039/106] ext4: keep existing extra fields when inode expands

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Konstantin Khlebnikov commit 887a9730614727c4fff7cb756711b190593fc1df upstream. ext4_expand_extra_isize() should clear only space between old and new size. Fixes: 6dd4ee7cab7e # v2.6.23 Signed

[PATCH 3.2 027/106] xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit a0c16630d35a874e82bdf2088f58ecaca1024315 upstream. Intel Denverton microserver is Atom based and need the PME and CAS quirks as well. Signed-off-by: Mathias Nyman Signed-

[PATCH 3.2 043/106] block: fix an error code in add_partition()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 7bd897cfce1eb373892d35d7f73201b0f9b221c4 upstream. We don't set an error code on this path. It means that we return NULL instead of an error pointer and the caller does a

[PATCH 3.2 042/106] ALSA: hda - apply STAC_9200_DELL_M22 quirk for Dell Latitude D430

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Tsoy commit 1fc2e41f7af4572b07190f9dec28396b418e9a36 upstream. This model is actually called 92XXM2-8 in Windows driver. But since pin configs for M22 and M28 are identical, just reus

[PATCH 3.2 101/106] ptrace: use fsuid, fsgid, effective creds for fs access checks

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit caaee6234d05a58c5b4d05e7bf766131b810a657 upstream. By checking the effective credentials instead of the real UID / permitted capabilities, ensure that the calling process actua

[PATCH 3.2 051/106] ext4: fix data corruption for mmap writes

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a056bdaae7a181f7dcc876cfab2f94538e508709 upstream. mpage_submit_page() can race with another process growing i_size and writing data via mmap to the written-back page. As mpage_

[PATCH 3.2 059/106] [media] rc-core: race condition during ir_raw_event_register()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Young commit 963761a0b2e85663ee4a5630f72930885a06598a upstream. A rc device can call ir_raw_event_handle() after rc_allocate_device(), but before rc_register_device() has completed. This i

[PATCH 3.2 047/106] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Liping Zhang commit fefa92679dbe0c613e62b6c27235dcfbe9640ad1 upstream. If nf_conntrack_htable_size was adjusted by the user during the ct dump operation, we may invoke nf_ct_put twice for the s

[PATCH 3.2 070/106] perf script python: Fix wrong code snippets in documentation

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: SeongJae Park commit 26ddb8722df865aa67fbe459107d2f3f8e5c6829 upstream. This commit fixes wrong code snippets for trace_begin() and trace_end() function example definition. Signed-off-by: Seon

[PATCH 3.2 046/106] dmaengine: ep93xx: Always start from BASE0

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Sverdlin commit 0037ae47812b1f431cc602100d1d51f37d77b61e upstream. The current buffer is being reset to zero on device_free_chan_resources() but not on device_terminate_all(). It coul

[PATCH 3.2 064/106] [media] vb2: Fix an off by one error in 'vb2_plane_vaddr'

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET commit 5ebb6dd36c9f5fb37b1077b393c254d70a14cb46 upstream. We should ensure that 'plane_no' is '< vb->num_planes' as done in 'vb2_plane_cookie' just a few lines below. Fixes:

[PATCH 3.2 066/106] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit f0c62e9878024300319ba2438adc7b06c6b9c448 upstream. If vmalloc() fails then we need to a bit of cleanup before returning. Fixes: fb1d9738ca05 ("drm/vmwgfx: Add DRM driver f

[PATCH 3.2 082/106] selinux: fix double free in selinux_parse_opts_str()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Paul Moore commit 023f108dcc187e34ef864bf10ed966cf25e14e2a upstream. This patch is based on a discussion generated by an earlier patch from Tetsuo Handa: * https://marc.info/?t=14903565931

[PATCH 3.2 054/106] usb: gadget: f_mass_storage: Serialize wake and sleep execution

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Thinh Nguyen commit dc9217b69dd6089dcfeb86ed4b3c671504326087 upstream. f_mass_storage has a memorry barrier issue with the sleep and wake functions that can cause a deadlock. This results in in

[PATCH 3.2 048/106] ASoC: Fix use-after-free at card unregistration

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 4efda5f2130da033aeedc5b3205569893b910de2 upstream. soc_cleanup_card_resources() call snd_card_free() at the last of its procedure. This turned out to lead to a use-after-fr

[PATCH 3.2 050/106] net: ethernet: ax88796: don't call free_irq without request_irq first

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Uwe Kleine-König commit 82533ad9a1ce3a7a6863849a552c2cc041b55e0d upstream. The function ax_init_dev (which is called only from the driver's .probe function) calls free_irq in the error path wit

[PATCH 3.2 056/106] drivers: char: mem: Fix wraparound check to allow mappings up to the end

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Julius Werner commit 32829da54d9368103a2f03269a5120aa9ee4d5da upstream. A recent fix to /dev/mem prevents mappings from wrapping around the end of physical address space. However, the check was

[PATCH 3.2 055/106] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings commit 6e80ac5cc992ab6256c3dae87f7e57db15e1a58c upstream. xfrm6_find_1stfragopt() may now return an error code and we must not treat it as a length. Fixes: 2423496af35d ("ipv6: P

[PATCH 3.2 081/106] usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Corentin Labbe commit d2f48f05cd2a2a0a708fbfa45f1a00a87660d937 upstream. When plugging an USB webcam I see the following message: [106385.615559] xhci_hcd :04:00.0: WARN Successful completi

[PATCH 3.2 045/106] drm/gma500/psb: Actually use VBT mode when it is found

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Patrik Jakobsson commit 82bc9a42cf854fdf63155759c0aa790bd1f361b0 upstream. With LVDS we were incorrectly picking the pre-programmed mode instead of the prefered mode provided by VBT. Make sure

[PATCH 3.2 044/106] libceph: NULL deref on crush_decode() error path

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 293dffaad8d500e1a5336eeb90d544cf40d4fbd8 upstream. If there is not enough space then ceph_decode_32_safe() does a goto bad. We need to return an error code in that situatio

[PATCH 3.2 080/106] configfs: Fix race between create_link and configfs_rmdir

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit ba80aa909c99802c428682c352b0ee0baac0acd3 upstream. This patch closes a long standing race in configfs between the creation of a new symlink in create_link(), while the

[PATCH 3.2 052/106] ext4: fix fdatasync(2) after extent manipulation operations

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 67a7d5f561f469ad2fa5154d2888258ab8e6df7c upstream. Currently, extent manipulation operations such as hole punch, range zeroing, or extent shifting do not record the fact that fi

[PATCH 3.2 049/106] scsi: qla2xxx: don't disable a not previously enabled PCI device

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Thumshirn commit ddff7ed45edce4a4c92949d3c61cd25d229c4a14 upstream. When pci_enable_device() or pci_enable_device_mem() fail in qla2x00_probe_one() we bail out but do a call to pci_dis

[PATCH 3.2 061/106] ipv6: Fix leak in ipv6_gso_segment().

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" commit e3e86b5119f81e5e2499bea7ea1ebe8ac6aab789 upstream. If ip6_find_1stfragopt() fails and we return an error we have to free up 'segs' because nobody else is going to. Fix

[PATCH 3.2 060/106] net: add kfree_skb_list()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings Extracted from upstream commit bd8a7036c06c "gre: fix a possible skb leak". This patch adds a kfree_skb_list() helper. Signed-off-by: Ben Hutchings --- --- a/include/linux/skbuf

[PATCH 3.2 053/106] net: phy: fix marvell phy status reading

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Russell King commit 898805e0cdf7fd860ec21bf661d3a0285a3defbd upstream. The Marvell driver incorrectly provides phydev->lp_advertising as the logical and of the link partner's advert and our adv

[PATCH 3.2 100/106] xen: fix bio vec merging

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Roger Pau Monne commit 462cdace790ac2ed6aad1b19c9c0af0143b6aab0 upstream. The current test for bio vec merging is not fully accurate and can be tricked into merging bios when certain grant comb

[PATCH 3.2 073/106] KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Wanpeng Li commit a3641631d14571242eec0d30c9faa786cbf52d44 upstream. If "i" is the last element in the vcpu->arch.cpuid_entries[] array, it potentially can be exploited the vulnerability. this

[PATCH 3.2 084/106] xfrm: NULL dereference on allocation failure

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit e747f64336fc15e1c823344942923195b800aa1e upstream. The default error code in pfkey_msg2xfrm_state() is -ENOBUFS. We added a new call to security_xfrm_state_alloc() which s

[PATCH 3.2 076/106] fix ufs_isblockset()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 414cf7186dbec29bd946c138d6b5c09da5955a08 upstream. Signed-off-by: Al Viro Signed-off-by: Ben Hutchings --- fs/ufs/util.h | 10 +++--- 1 file changed, 7 insertions(+), 3 de

[PATCH 3.2 078/106] excessive checks in ufs_write_failed() and ufs_evict_inode()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit babef37dccbaa49249a22bae9150686815d7be71 upstream. As it is, short copy in write() to append-only file will fail to truncate the excessive allocated blocks. As the matter of fac

[PATCH 3.2 075/106] KEYS: fix dereferencing NULL payload with nonzero length

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 5649645d725c73df4302428ee4e02c869248b4c5 upstream. sys_add_key() and the KEYCTL_UPDATE operation of sys_keyctl() allowed a NULL payload with nonzero length to be passed to t

[PATCH 3.2 063/106] [media] vb2: fix plane index sanity check in vb2_plane_cookie()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Zhaowei Yuan commit a9ae4692eda4b99f85757b15d60971ff78a0a0e2 upstream. It's also invalid when plane_no is equal to vb->num_planes Signed-off-by: Zhaowei Yuan Signed-off-by: Hans Verkuil Sign

[PATCH 3.2 077/106] ufs: set correct ->s_maxsize

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 6b0d144fa758869bdd652c50aa41aaf601232550 upstream. Signed-off-by: Al Viro [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings --- fs/ufs/super.c | 18 +++

[PATCH 3.2 083/106] xfrm: Oops on error in pfkey_msg2xfrm_state()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 1e3d0c2c70cd3edb5deed186c5f5c75f2b84a633 upstream. There are some missing error codes here so we accidentally return NULL instead of an error pointer. It results in a NULL

[PATCH 3.2 079/106] KVM: async_pf: avoid async pf injection when in guest mode

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Wanpeng Li commit 9bc1f09f6fa76fdf31eb7d6a4a4df43574725f93 upstream. INFO: task gnome-terminal-:1734 blocked for more than 120 seconds. Not tainted 4.12.0-rc4+ #8 "echo 0 > /proc/sys/k

[PATCH 3.2 065/106] net: ethoc: enable NAPI before poll may be scheduled

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit d220b942a4b6a0640aee78841608f4aa5e8e185e upstream. ethoc_reset enables device interrupts, ethoc_interrupt may schedule a NAPI poll before NAPI is enabled in the ethoc_open,

[PATCH 3.2 092/106] powerpc/64: Initialise thread_info for emergency stacks

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Piggin commit 34f19ff1b5a0d11e46df479623d6936460105c9f upstream. Emergency stacks have their thread_info mostly uninitialised, which in particular means garbage preempt_count values.

[PATCH 3.2 102/106] mm: fix move/migrate_pages() race on task struct

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Christoph Lameter commit 3268c63eded4612a3d07b56d1e02ce7731e6608e upstream. Migration functions perform the rcu_read_unlock too early. As a result the task pointed to may change from under us.

[PATCH 3.2 074/106] MIPS: kprobes: flush_insn_slot should flush only if probe initialised

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Marcin Nowakowski commit 698b851073ddf5a894910d63ca04605e0473414e upstream. When ftrace is used with kprobes, it is possible for a kprobe to contain an invalid location (ie. only initialised to

[PATCH 3.2 104/106] mm: fix NULL ptr dereference in move_pages

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Sasha Levin commit 6e8b09eaf268bceac0c62e389b4bc0cb83dfb8e5 upstream. Commit 3268c63 ("mm: fix move/migrate_pages() race on task struct") has added an odd construct where 'mm' is checked for be

[PATCH 3.2 013/106] uwb: fix device quirk on big-endian hosts

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 41318a2b82f5d5fe1fb408f6d6e0b22aa557111d upstream. Add missing endianness conversion when using the USB device-descriptor idProduct field to apply a hardware quirk. Fixes:

[PATCH 3.2 103/106] mm: fix NULL ptr dereference in migrate_pages

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Sasha Levin commit f2a9ef880763d7fbd657a3af646e132a90d70d34 upstream. Commit 3268c63 ("mm: fix move/migrate_pages() race on task struct") has added an odd construct where 'mm' is checked for be

[PATCH 3.2 096/106] MIPS: Fix IRQ tracing & lockdep when rescheduling

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit d8550860d910c6b7b70f830f59003b33daaa52c9 upstream. When the scheduler sets TIF_NEED_RESCHED & we call into the scheduler from arch/mips/kernel/entry.S we disable interrupts.

[PATCH 3.2 085/106] powerpc/kprobes: Pause function_graph tracing during jprobes handling

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: "Naveen N. Rao" commit a9f8553e935f26cb5447f67e280946b0923cd2dc upstream. This fixes a crash when function_graph and jprobes are used together. This is essentially commit 237d28db036e ("ftrace/

[PATCH 3.2 099/106] xfrm: policy: check policy direction value

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Vladis Dronov commit 7bab09631c2a303f87a7eb7e3d69e888673b9b7e upstream. The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used as an array index. This can lead to an out-

[PATCH 3.2 095/106] net: prevent sign extension in dev_get_stats()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 6f64ec74515925cced6df4571638b5a099a49aae upstream. Similar to the fix provided by Dominik Heidler in commit 9b3dc0a17d73 ("l2tp: cast l2tp traffic counter to unsigned") we n

[PATCH 3.2 093/106] autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: NeilBrown commit 9fa4eb8e490a28de40964b1b0e583d8db4c7e57c upstream. If a positive status is passed with the AUTOFS_DEV_IOCTL_FAIL ioctl, autofs4_d_automount() will return ERR_PTR(status) w

[PATCH 3.2 087/106] signal: Only reschedule timers on signals timers have sent

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: "Eric W. Biederman" commit 57db7e4a2d92c2d3dfbca4ef8057849b2682436b upstream. Thomas Gleixner wrote: > The CRIU support added a 'feature' which allows a user space task to send > arbitrary (ke

[PATCH 3.2 094/106] lib/cmdline.c: fix get_options() overflow while parsing ranges

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Ilya Matveychikov commit a91e0f680bcd9e10c253ae8b62462a38bd48f09f upstream. When using get_options() it's possible to specify a range of numbers, like 1-100500. The problem is that it doesn't

[PATCH 3.2 105/106] Sanitize 'move_pages()' permission checks

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit 197e7e521384a23b9e585178f3f11c9fa08274b9 upstream. The 'move_paghes()' system call was introduced long long ago with the same permission checks as for sending a signal (ex

[PATCH 3.2 086/106] swap: cond_resched in swap_cgroup_prepare()

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Yu Zhao commit ef70762948dde012146926720b70e79736336764 upstream. I saw need_resched() warnings when swapping on large swapfile (TBs) because continuously allocating many pages in swap_cgroup_p

[PATCH 3.2 097/106] tracing/kprobes: Allow to create probe with a module name starting with a digit

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Sabrina Dubroca commit 9e52b32567126fe146f198971364f68d3bc5233f upstream. Always try to parse an address, since kstrtoul() will safely fail when given a symbol as input. If that fails (which wi

[PATCH 3.2 106/106] net: phy: marvell: Limit errata to 88m1101

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Andrew Lunn commit f2899788353c13891412b273fdff5f02d49aa40f upstream. The 88m1101 has an errata when configuring autoneg. However, it was being applied to many other Marvell PHYs as well. Limit

[PATCH 3.2 018/106] USB: usbip: fix nonconforming hub descriptor

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit ec963b412a54aac8e527708ecad06a6988a86fb4 upstream. Fix up the root-hub descriptor to accommodate the variable-length DeviceRemovable and PortPwrCtrlMask fields, while markin

[PATCH 3.2 098/106] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Wei Wang commit 499350a5a6e7512d9ed369ed63a4244b6536f4f8 upstream. When tcp_disconnect() is called, inet_csk_delack_init() sets icsk->icsk_ack.rcv_mss to 0. This could potentially cause tcp_rec

[PATCH 3.2 089/106] drm/radeon: add a quirk for Toshiba Satellite L20-183

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Alex Deucher commit acfd6ee4fa7ebeee75511825fe02be3f7ac1d668 upstream. Fixes resume from suspend. bug: https://bugzilla.kernel.org/show_bug.cgi?id=196121 Reported-by: Przemek Signed-off-by: A

[PATCH 3.2 019/106] USB: hub: fix SS hub-descriptor handling

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 2c25a2c818023df64463aac3288a9f969491e507 upstream. A SuperSpeed hub descriptor does not have any variable-length fields so bail out when reading a short descriptor. This av

[PATCH 3.2 090/106] rtnetlink: add IFLA_GROUP to ifla_policy

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Serhey Popovych commit db833d40ad3263b2ee3b59a1ba168bb3cfed8137 upstream. Network interface groups support added while ago, however there is no IFLA_GROUP attribute description in policy and ne

[PATCH 3.2 088/106] Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Drake commit 817ae460c784f32cd45e60b2b1b21378c3c6a847 upstream. Without this quirk, the touchpad is not responsive on this product, with the following message repeated in the logs: psm

[PATCH 3.2 003/106] tcp: avoid fragmenting peculiar skbs in SACK

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Yuchung Cheng commit b451e5d24ba6687c6f0e7319c727a709a1846c06 upstream. This patch fixes a bug in splitting an SKB during SACK processing. Specifically if an skb contains multiple packets and i

[PATCH 3.2 091/106] ipv6: avoid unregistering inet6_dev for loopback

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: WANG Cong commit 60abc0be96e00ca71bac083215ac91ad2e575096 upstream. The per netns loopback_dev->ip6_ptr is unregistered and set to NULL when its mtu is set to smaller than IPV6_MIN_MTU, this le

[PATCH 3.2 000/106] 3.2.93-rc1 review

This is the start of the stable review cycle for the 3.2.93 release. There are 106 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Sep 12 12:00:00 UTC 2017. Anything recei

[PATCH 3.2 016/106] usb: r8a66597-hcd: select a different endpoint on timeout

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Chris Brandt commit 1f873d857b6c2fefb4dada952674aa01bcfb92bd upstream. If multiple endpoints on a single device have pending IN URBs and one endpoint times out due to NAKs (perfectly legal), se

[PATCH 3.2 004/106] net: irda: irda-usb: fix firmware name on big-endian hosts

3.2.93-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 75cf067953d5ee543b3bda90bbfcbee5e1f94ae8 upstream. Add missing endianness conversion when using the USB device-descriptor bcdDevice field to construct a firmware file name.

<    1   2   3   4   5   6   >