[PATCH 4.14 10/89] block: blk_init_allocated_queue() set q->fq as NULL in the fail case

4.14-stable review patch. If anyone has any objections, please let me know. -- From: xiao jin commit 54648cf1ec2d7f4b6a71767799c45676a138ca24 upstream. We find the memory use-after-free issue in __blk_drain_queue() on the kernel 4.14. After read the latest kernel 4.18-rc6 we t

[PATCH 4.18 135/145] perf auxtrace: Fix queue resize

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Adrian Hunter commit 99cbbe56eb8bede625f410ab62ba34673ffa7d21 upstream. When the number of queues grows beyond 32, the array of queues is resized but not all members were being copied. Fix by

[PATCH 4.14 12/89] drm/i915/userptr: reject zero user_size

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Matthew Auld commit c11c7bfd213495784b22ef82a69b6489f8d0092f upstream. Operating on a zero sized GEM userptr object will lead to explosions. Fixes: 5cc9ed4b9a7a ("drm/i915: Introduce mapping

[PATCH 4.14 13/89] libertas: fix suspend and resume for SDIO connected cards

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Mack commit 7444a8092906ed44c09459780c56ba57043e39b1 upstream. Prior to commit 573185cc7e64 ("mmc: core: Invoke sdio func driver's PM callbacks from the sdio bus"), the MMC core used to

[PATCH 4.14 02/89] net: mac802154: tx: expand tailroom if necessary

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit f9c52831133050c6b82aa8b6831c92da2bbf2a0b upstream. This patch is necessary if case of AF_PACKET or other socket interface which I am aware of it and didn't allocated the

[PATCH 4.14 18/89] powerpc/fadump: handle crash memory ranges array index overflow

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Hari Bathini commit 1bd6a1c4b80a28d975287630644e6b47d0f977a5 upstream. Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. T

[PATCH 4.14 05/89] spi: pxa2xx: Add support for Intel Ice Lake

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mika Westerberg commit 22d71a5097ec7059b6cbbee678a4f88484695941 upstream. Intel Ice Lake SPI host controller follows the Intel Cannon Lake but the PCI IDs are different. Add the new PCI IDs to

[PATCH 4.14 17/89] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Yannik Sembritzki commit ea93102f32244e3f45c8b26260be77ed0cc1d16c upstream. The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing

[PATCH 4.14 14/89] media: Revert "[media] tvp5150: fix pad format frame height"

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Javier Martinez Canillas commit 1831af092308aa5a59ae61e47494e441c8be6b93 upstream. This reverts commit 0866df8dffd514185bfab0d205db76e4c02cf1e4. The v4l uAPI documentation [0] makes clear tha

[PATCH 4.14 07/89] spi: cadence: Change usleep_range() to udelay(), for atomic context

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Janek Kotas commit 931c4e9a72ae91d59c5332ffb6812911a749da8e upstream. The path "spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()" added a usleep_range() function call, which cannot

[PATCH 4.14 16/89] Replace magic for trusting the secondary keyring with #define

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Yannik Sembritzki commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream. Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a s

[PATCH 4.14 19/89] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mahesh Salgaonkar commit cd813e1cd7122f2c261dce5b54d1e0c97f80e1a5 upstream. During Machine Check interrupt on pseries platform, register r3 points RTAS extended event log passed by hypervisor.

[PATCH 4.14 15/89] mailbox: xgene-slimpro: Fix potential NULL pointer dereference

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 3512a18cbd8d09e22a790540cb9624c3c49827ba upstream. There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we wi

[PATCH 4.14 03/89] 9p/net: Fix zero-copy path in the 9p virtio transport

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chirantan Ekbote commit d28c756caee6e414d9ba367d0b92da24145af2a8 upstream. The zero-copy optimization when reading or writing large chunks of data is quite useful. However, the 9p messages cr

[PATCH 4.14 00/89] 4.14.69-stable review

This is the start of the stable review cycle for the 4.14.69 release. There are 89 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Sep 9 21:08:28 UTC 2018. Anything receiv

[PATCH 4.14 21/89] cxl: Fix wrong comparison in cxl_adapter_context_get()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vaibhav Jain commit ef6cb5f1a048fdf91ccee6d63d2bfa293338502d upstream. Function atomic_inc_unless_negative() returns a bool to indicate success/failure. However cxl_adapter_context_get() wrong

[PATCH 4.14 04/89] spi: davinci: fix a NULL pointer dereference

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Bartosz Golaszewski commit 563a53f3906a6b43692498e5b3ae891fac93a4af upstream. On non-OF systems spi->controlled_data may be NULL. This causes a NULL pointer derefence on dm365-evm. Signed-off

[PATCH 4.14 08/89] mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 9faf870e559a710c44e747ba20383ea82d8ac5d2 upstream. The DM_CM_RST register actually has bits 0-31 defaulting to 1s and bits 32-63 defaulting to 0s -- fix off-by-one in #d

[PATCH 4.14 06/89] spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Krzysztof Kozlowski commit d8ffee2f551a627ffb7b216e2da322cb9a037f77 upstream. Registers of DSPI should not be accessed before enabling its clock. On Toradex Colibri VF50 on Iris carrier board

[PATCH 4.14 33/89] dm crypt: dont decrease device limits

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit bc9e9cf0401f18e33b78d4c8a518661b8346baf7 upstream. dm-crypt should only increase device limits, it should not decrease them. This fixes a bug where the user could creat

[PATCH 4.14 30/89] dm thin: stop no_space_timeout worker when switching to write-mode

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Hou Tao commit 75294442d896f2767be34f75aca7cc2b0d01301f upstream. Now both check_for_space() and do_no_space_timeout() will read & write pool->pf.error_if_no_space. If these functions run con

[PATCH 4.14 31/89] dm cache metadata: save in-core policy_hint_size to on-disk superblock

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mike Snitzer commit fd2fa95416188a767a63979296fa3e169a9ef5ec upstream. policy_hint_size starts as 0 during __write_initial_superblock(). It isn't until the policy is loaded that policy_hint_s

[PATCH 4.14 36/89] iio: sca3000: Fix missing return in switch

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit c5b974bee9d2ceae4c441ae5a01e498c2674e100 upstream. The IIO_CHAN_INFO_LOW_PASS_FILTER_3DB_FREQUENCY case is missing a return and will fall through to the default case

[PATCH 4.14 43/89] vmw_balloon: fix VMCI use when balloon built into kernel

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit c3cc1b0fc27508da53fe955a3b23d03964410682 upstream. Currently, when all modules, including VMCI and VMware balloon are built into the kernel, the initialization of the balloon

[PATCH 4.14 40/89] vmw_balloon: fix inflation of 64-bit GFNs

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit 09755690c6b7c1eabdc4651eb3b276f8feb1e447 upstream. When balloon batching is not supported by the hypervisor, the guest frame number (GFN) must fit in 32-bit. However, due to

[PATCH 4.14 32/89] dm cache metadata: set dirty on all cache blocks after a crash

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit 5b1fe7bec8a8d0cc547a22e7ddc2bd59acd67de4 upstream. Quoting Documentation/device-mapper/cache.txt: The 'dirty' state for a cache block changes far too frequently for us

[PATCH 4.14 39/89] extcon: Release locking when sending the notification of connector state

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chanwoo Choi commit 8a9dbb779fe882325b9a0238494a7afaff2eb444 upstream. Previously, extcon used the spinlock before calling the notifier_call_chain to prevent the scheduled out of task and to p

[PATCH 4.14 22/89] ib_srpt: Fix a use-after-free in srpt_close_ch()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 995250959d22fc341b5424e3343b0ce5df672461 upstream. Avoid that KASAN reports the following: BUG: KASAN: use-after-free in srpt_close_ch+0x4f/0x1b0 [ib_srpt] Read of size

[PATCH 4.14 35/89] Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dexuan Cui commit d3b26dd7cb0e3433bfd3c1d4dcf74c6039bb49fb upstream. Before setting channel->rescind in vmbus_rescind_cleanup(), we should make sure the channel callback won't run any more, ot

[PATCH 4.14 45/89] tracing: Do not call start/stop() functions when tracing_on does not change

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit f143641bfef9a4a60c57af30de26c63057e7e695 upstream. Currently, when one echo's in 1 into tracing_on, the current tracer's "start()" function is executed, even if

[PATCH 4.14 41/89] vmw_balloon: do not use 2MB without batching

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit 5081efd112560d3febb328e627176235b250d59d upstream. If the hypervisor sets 2MB batching is on, while batching is cleared, the balloon code breaks. In this case the legacy mech

[PATCH 4.14 49/89] uprobes: Use synchronize_rcu() not synchronize_sched()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit 016f8ffc48cb01d1e7701649c728c5d2e737d295 upstream. While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and

[PATCH 4.14 42/89] vmw_balloon: VMCI_DOORBELL_SET does not check status

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit ce664331b2487a5d244a51cbdd8cb54f866fbe5d upstream. When vmballoon_vmci_init() sets a doorbell using VMCI_DOORBELL_SET, for some reason it does not consider the status and loo

[PATCH 4.14 38/89] iio: ad9523: Fix return value for ad952x_store()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lars-Peter Clausen commit 9a5094ca29ea9b1da301b31fd377c0c0c4c23034 upstream. A sysfs write callback function needs to either return the number of consumed characters or an error. The ad952x_s

[PATCH 4.14 23/89] RDMA/rxe: Set wqe->status correctly if an unexpected response is received

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 61b717d041b1976530f68f8b539b2e3a7dd8e39c upstream. Every function that returns COMPST_ERROR must set wqe->status to another value than IB_WC_SUCCESS before returning COM

Re: [PATCH v4 2/2] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation

On Fri, 7 Sep 2018, Thomas Gleixner wrote: > > + * The read-modify-write of the MSR doesn't need any race protection here, > > + * as we're running in atomic context. > > + */ > > +static void enable_stibp(void *info) > > +{ > > + u64 mask; > > + rdmsrl(MSR_IA32_SPEC_CTRL, mask); > > + mask

[PATCH] f2fs: submit bio after shutdown

Sometimes, some merged IOs could get a chance to be submitted, resulting in system hang in shutdown test. This issues IOs all the time after shutdown. Signed-off-by: Jaegeuk Kim --- fs/f2fs/data.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 8c204f8

[PATCH 4.14 53/89] cpufreq: governor: Avoid accessing invalid governor_data

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Henry Willard commit 2a3eb51e30b9ac66fe1b75877627a7e4aaeca24a upstream. If cppc_cpufreq.ko is deleted at the same time that tuned-adm is changing profiles, there is a small chance that a race

[PATCH 4.14 47/89] printk/tracing: Do not trace printk_nmi_enter()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit d1c392c9e2a301f38998a353f467f76414e38725 upstream. I hit the following splat in my tests: [ cut here ] IRQs not enabled as expected WARN

[PATCH 4.14 51/89] ovl: fix wrong use of impure dir cache in ovl_iterate()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Amir Goldstein commit 67810693077afc1ebf9e1646af300436cb8103c2 upstream. Only upper dir can be impure, but if we are in the middle of iterating a lower real dir, dir could be copied up and mar

[PATCH 4.14 52/89] drivers/block/zram/zram_drv.c: fix bug storing backing_dev

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Kalauskas commit c8bd134a4bddafe5917d163eea73873932c15e83 upstream. The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of th

[PATCH 4.14 50/89] mfd: hi655x: Fix regmap area declared size for hi655x

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Rafael David Tinoco commit 6afebb70ee7a4bde106dc1a875e7ac7997248f84 upstream. Fixes https://bugs.linaro.org/show_bug.cgi?id=3903 LTP Functional tests have caused a bad paging request when tri

[PATCH 4.14 25/89] fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed

4.14-stable review patch. If anyone has any objections, please let me know. -- From: piaojun commit 3111784bee81591ea2815011688d28b65df03627 upstream. In my testing, v9fs_fid_xattr_set will return successfully even if the backend ext4 filesystem has no space to store xattr key

[PATCH 4.14 56/89] KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paul Mackerras commit 8cfbdbdc24815417a3ab35101ccf706b9a23ff17 upstream. Commit 76fa4975f3ed ("KVM: PPC: Check if IOMMU page is contained in the pinned physical page", 2018-07-17) added some c

[PATCH 4.14 57/89] xtensa: limit offsets in __loop_cache_{all,page}

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit be75de25251f7cf3e399ca1f584716a95510d24a upstream. When building kernel for xtensa cores with big cache lines (e.g. 128 bytes or more) __loop_cache_all and __loop_cache_pag

[PATCH 4.14 24/89] 9p: fix multiple NULL-pointer-dereferences

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 10aa14527f458e9867cf3d2cc6b8cb0f6704448b upstream. Added checks to prevent GPFs from raising. Link: http://lkml.kernel.org/r/20180727110558.5479-1-tomasbort...@gmail.com

[PATCH 4.14 28/89] net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 upstream. The patch adds the flush in p9_mux_poll_stop() as it the function used by p9_conn_destroy(), in turn called by p9_fd_clo

[PATCH 4.14 27/89] net/9p/client.c: version pointer uninitialized

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 7913690dcc5e18e235769fd87c34143072f5dbea upstream. The p9_client_version() does not initialize the version pointer. If the call to p9pdu_readf() returns an error and versi

[PATCH 4.14 29/89] dm integrity: change suspending variable from bool to int

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit c21b16392701543d61e366dca84e15fe7f0cf0cf upstream. Early alpha processors can't write a byte or short atomically - they read 8 bytes, modify the byte or two bytes in reg

[PATCH 4.14 54/89] PM / sleep: wakeup: Fix build error caused by missing SRCU support

4.14-stable review patch. If anyone has any objections, please let me know. -- From: zhangyi (F) commit 3df6f61fff49632492490fb6e42646b803a9958a upstream. Commit ea0212f40c6 (power: auto select CONFIG_SRCU) made the code in drivers/base/power/wakeup.c use SRCU instead of RCU,

[PATCH 4.14 26/89] 9p/virtio: fix off-by-one error in sg list bounds check

4.14-stable review patch. If anyone has any objections, please let me know. -- From: jiangyiwen commit 23cba9cbde0bba05d772b335fe5f66aa82b9ad19 upstream. Because the value of limit is VIRTQUEUE_NUM, if index is equal to limit, it will cause sg array out of bounds, so correct t

[PATCH 4.14 55/89] KVM: VMX: fixes for vmentry_l1d_flush module parameter

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 upstream. Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach th

[PATCH 4.14 72/89] ubifs: Check data node size before truncate

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 95a22d2084d72ea067d8323cc85677dba5d97cae upstream. Check whether the size is within bounds before using it. If the size is not correct, abort and dump the bad data no

[PATCH 4.14 71/89] Revert "UBIFS: Fix potential integer overflow in allocation"

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 08acbdd6fd736b90f8d725da5a0de4de2dd6de62 upstream. This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes th

[PATCH 4.14 73/89] ubifs: xattr: Dont operate on deleted inodes

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52 upstream. xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in ubifs_jnl_change_xa

[PATCH 4.14 69/89] userns: move user access out of the mutex

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 5820f140edef111a9ea2ef414ab2428b8cb805b1 upstream. The old code would hold the userns_state_mutex indefinitely if memdup_user_nul stalled due to e.g. a userfault region. Preve

[PATCH 4.14 68/89] sys: dont hold uts_sem while accessing userspace memory

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream. Holding uts_sem as a writer while accessing userspace memory allows a namespace admin to stall all processes that attempt to

[PATCH 4.14 70/89] ubifs: Fix memory leak in lprobs self-check

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit eef19816ada3abd56d9f20c88794cc2fea83ebb2 upstream. Allocate the buffer after we return early. Otherwise memory is being leaked. Cc: Fixes: 1e51764a3c2a ("UBIFS: add

[PATCH 4.14 59/89] block, bfq: return nbytes and not zero from struct cftype .write() method

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maciej S. Szmigiero commit fc8ebd01deeb12728c83381f6ec923e4a192ffd3 upstream. The value that struct cftype .write() method returns is then directly returned to userspace as the value returned

[PATCH 4.14 20/89] powerpc/powernv/pci: Work around races in PCI bridge enabling

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Benjamin Herrenschmidt commit db2173198b9513f7add8009f225afa1f1c79bcc6 upstream. The generic code is racy when multiple children of a PCI bridge try to enable it simultaneously. This leads to

[PATCH 4.14 60/89] pnfs/blocklayout: off by one in bl_map_stripe()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0914bb965e38a055e9245637aed117efbe976e91 upstream. "dev->nr_children" is the number of children which were parsed successfully in bl_parse_stripe(). It could be all of th

[PATCH 4.14 80/89] libnvdimm: fix ars_status output length calculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vishal Verma commit 286e87718103acdf85f4ed323a37e4839a8a7c05 upstream. Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional hard

[PATCH 4.14 76/89] pwm: tiehrpwm: Fix disabling of output of PWMs

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit 38dabd91ff0bde33352ca3cc65ef515599b77a05 upstream. pwm-tiehrpwm driver disables PWM output by putting it in low output state via active AQCSFRC register in ehrpwm_pwm_disable(

[PATCH 4.14 75/89] pwm: tiehrpwm: Dont use emulation mode bits to control PWM output

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit aa49d628f6e016bcec8c6f8e704b9b18ee697329 upstream. As per AM335x TRM SPRUH73P "15.2.2.11 ePWM Behavior During Emulation", TBCTL[15:14] only have effect during emulation suspen

[PATCH 4.14 77/89] fb: fix lost console when the user unplugs a USB adapter

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8c5b044299951acd91e830a688dd920477ea1eda upstream. I have a USB display adapter using the udlfb driver and I use it on an ARM board that doesn't have any graphics card.

[PATCH 4.14 74/89] ubifs: Fix synced_i_size calculation for xattr inodes

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 59965593205fa4044850d35ee3557cf0b7edcd14 upstream. In ubifs_jnl_update() we sync parent and child inodes to the flash, in case of xattrs, the parent inode (AKA host i

[PATCH 4.14 78/89] udlfb: set optimal write delay

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit bb24153a3f13dd0dbc1f8055ad97fe346d598f66 upstream. The default delay 5 jiffies is too much when the kernel is compiled with HZ=100 - it results in jumpy cursor in Xwindo

[PATCH 4.14 79/89] getxattr: use correct xattr length

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Christian Brauner commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5 upstream. When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and si

Re: Redoing eXclusive Page Frame Ownership (XPFO) with isolated CPUs in mind (for KVM to isolate its guests per CPU)

On 08/30/2018 10:00 AM, Julian Stecklina wrote: Hey everyone, On Mon, 20 Aug 2018 15:27 Linus Torvalds wrote: On Mon, Aug 20, 2018 at 3:02 PM Woodhouse, David wrote: It's the *kernel* we don't want being able to access those pages, because of the multitude of unfixable cache load gadgets.

[PATCH 4.14 81/89] bcache: release dc->writeback_lock properly in bch_writeback_thread()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Shan Hai commit 3943b040f11ed0cc6d4585fd286a623ca8634547 upstream. The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing t

[PATCH 4.14 88/89] fs/quota: Fix spectre gadget in do_quotactl

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jeremy Cline commit 7b6924d94a60c6b8c1279ca003e8744e6cd9e8b1 upstream. 'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers

[PATCH 4.14 89/89] arm64: mm: always enable CONFIG_HOLES_IN_ZONE

4.14-stable review patch. If anyone has any objections, please let me know. -- From: James Morse commit f52bb98f5aded4c43e52f5ce19fb83f7261e9e73 upstream. Commit 6d526ee26ccd ("arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA") only enabled HOLES_IN_ZONE for NUMA systems becaus

[PATCH 4.14 61/89] NFSv4 client live hangs after live data migration recovery

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Bill Baker commit 0f90be132cbf1537d87a6a8b9e80867adac892f6 upstream. After a live data migration event at the NFS server, the client may send I/O requests to the wrong server, causing a live h

[PATCH 4.14 82/89] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eddie.Horng commit 355139a8dba446cc11a424cddbf7afebc3041ba1 upstream. The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities"), shou

[PATCH 4.14 84/89] crypto: vmx - Fix sleep-in-atomic bugs

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ondrej Mosnacek commit 0522236d4f9c5ab2e79889cb020d1acbe5da416e upstream. This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_*

[PATCH 4.14 83/89] perf auxtrace: Fix queue resize

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Adrian Hunter commit 99cbbe56eb8bede625f410ab62ba34673ffa7d21 upstream. When the number of queues grows beyond 32, the array of queues is resized but not all members were being copied. Fix by

[PATCH 4.14 48/89] livepatch: Validate module/old func name length

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kamalesh Babulal commit 6e9df95b76cad18f7b217bdad7bb8a26d63b8c47 upstream. livepatch module author can pass module name/old function name with more than the defined character limit. With obj->

[PATCH 4.14 64/89] ARM: tegra: Fix Tegra30 Cardhu PCA954x reset

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jon Hunter commit 6e1811900b6fe6f2b4665dba6bd6ed32c6b98575 upstream. On all versions of Tegra30 Cardhu, the reset signal to the NXP PCA9546 I2C mux is connected to the Tegra GPIO BB0. Currentl

[PATCH 4.14 62/89] NFSv4: Fix locking in pnfs_generic_recover_commit_reqs

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit d0fbb1d8a194c0ec0180c1d073ad709e45503a43 upstream. The use of the inode->i_lock was converted to a mutex, but we forgot to remove the old inode unlock/lock() pair that a

[PATCH 4.14 63/89] NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit 8618289c46556fd4dd259a1af02ccc448032f48d upstream. We must drop the lock before we can sleep in referring_call_exists(). Reported-by: Jia-Ju Bai Fixes: 045d2a6d076a ("

[PATCH 4.14 67/89] iommu/vt-d: Fix dev iotlb pfsid use

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 1c48db44924298ad0cb5a6386b88017539be8822 upstream. PFSID should be used in the invalidation descriptor for flushing device IOTLBs on SRIOV VFs. Signed-off-by: Jacob Pan Cc:

[PATCH 4.14 58/89] xtensa: increase ranges in ___invalidate_{i,d}cache_all

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit fec3259c9f747c039f90e99570540114c8d81a14 upstream. Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are i

[PATCH 4.9 01/63] net: 6lowpan: fix reserved space for single frames

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit ac74f87c789af40936a80131c4759f3e72579c3a upstream. This patch fixes patch add handling to take care tail and headroom for single 6lowpan frames. We need to be sure we hav

[PATCH 4.9 10/63] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mahesh Salgaonkar commit cd813e1cd7122f2c261dce5b54d1e0c97f80e1a5 upstream. During Machine Check interrupt on pseries platform, register r3 points RTAS extended event log passed by hypervisor.

[PATCH 4.14 66/89] iommu/vt-d: Add definitions for PFSID

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 0f725561e168485eff7277d683405c05b192f537 upstream. When SRIOV VF device IOTLB is invalidated, we need to provide the PF source ID such that IOMMU hardware can gauge the depth

[PATCH 4.14 65/89] mm/tlb: Remove tlb_remove_table() non-concurrent condition

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit a6f572084fbee8b30f91465f4a085d7a90901c57 upstream. Will noted that only checking mm_users is incorrect; we should also check mm_count in order to cover CPUs that have a l

[PATCH 4.9 11/63] powerpc/powernv/pci: Work around races in PCI bridge enabling

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Benjamin Herrenschmidt commit db2173198b9513f7add8009f225afa1f1c79bcc6 upstream. The generic code is racy when multiple children of a PCI bridge try to enable it simultaneously. This leads to

[PATCH 4.9 13/63] ib_srpt: Fix a use-after-free in srpt_close_ch()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 995250959d22fc341b5424e3343b0ce5df672461 upstream. Avoid that KASAN reports the following: BUG: KASAN: use-after-free in srpt_close_ch+0x4f/0x1b0 [ib_srpt] Read of size

[PATCH 4.9 12/63] cxl: Fix wrong comparison in cxl_adapter_context_get()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vaibhav Jain commit ef6cb5f1a048fdf91ccee6d63d2bfa293338502d upstream. Function atomic_inc_unless_negative() returns a bool to indicate success/failure. However cxl_adapter_context_get() wrongl

[PATCH 4.9 17/63] net/9p/client.c: version pointer uninitialized

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 7913690dcc5e18e235769fd87c34143072f5dbea upstream. The p9_client_version() does not initialize the version pointer. If the call to p9pdu_readf() returns an error and versio

[PATCH 4.9 15/63] fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed

4.9-stable review patch. If anyone has any objections, please let me know. -- From: piaojun commit 3111784bee81591ea2815011688d28b65df03627 upstream. In my testing, v9fs_fid_xattr_set will return successfully even if the backend ext4 filesystem has no space to store xattr key-

[PATCH 4.9 20/63] dm cache metadata: save in-core policy_hint_size to on-disk superblock

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mike Snitzer commit fd2fa95416188a767a63979296fa3e169a9ef5ec upstream. policy_hint_size starts as 0 during __write_initial_superblock(). It isn't until the policy is loaded that policy_hint_si

[PATCH 4.9 18/63] net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 upstream. The patch adds the flush in p9_mux_poll_stop() as it the function used by p9_conn_destroy(), in turn called by p9_fd_clos

[PATCH 4.9 02/63] net: mac802154: tx: expand tailroom if necessary

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit f9c52831133050c6b82aa8b6831c92da2bbf2a0b upstream. This patch is necessary if case of AF_PACKET or other socket interface which I am aware of it and didn't allocated the

[PATCH 4.9 19/63] dm thin: stop no_space_timeout worker when switching to write-mode

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Hou Tao commit 75294442d896f2767be34f75aca7cc2b0d01301f upstream. Now both check_for_space() and do_no_space_timeout() will read & write pool->pf.error_if_no_space. If these functions run conc

[PATCH 4.9 14/63] RDMA/rxe: Set wqe->status correctly if an unexpected response is received

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 61b717d041b1976530f68f8b539b2e3a7dd8e39c upstream. Every function that returns COMPST_ERROR must set wqe->status to another value than IB_WC_SUCCESS before returning COMP

[PATCH 4.9 22/63] iio: ad9523: Fix displayed phase

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Lars-Peter Clausen commit 5a4e33c1c53ae7d4425f7d94e60e4458a37b349e upstream. Fix the displayed phase for the ad9523 driver. Currently the most significant decimal place is dropped and all other

[PATCH 4.9 16/63] 9p/virtio: fix off-by-one error in sg list bounds check

4.9-stable review patch. If anyone has any objections, please let me know. -- From: jiangyiwen commit 23cba9cbde0bba05d772b335fe5f66aa82b9ad19 upstream. Because the value of limit is VIRTQUEUE_NUM, if index is equal to limit, it will cause sg array out of bounds, so correct th

[PATCH 4.9 04/63] spi: davinci: fix a NULL pointer dereference

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bartosz Golaszewski commit 563a53f3906a6b43692498e5b3ae891fac93a4af upstream. On non-OF systems spi->controlled_data may be NULL. This causes a NULL pointer derefence on dm365-evm. Signed-off-

[PATCH 4.9 29/63] tracing: Do not call start/stop() functions when tracing_on does not change

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit f143641bfef9a4a60c57af30de26c63057e7e695 upstream. Currently, when one echo's in 1 into tracing_on, the current tracer's "start()" function is executed, even if t

<    2   3   4   5   6   7   8   9   10   >