[PATCH 4.20 088/145] crypto: cfb - fix decryption

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Eremin-Solenikov commit fa4600734b74f74d9169c3015946d4722f8bcf79 upstream. crypto_cfb_decrypt_segment() incorrectly XOR'ed generated keystream with IV, rather than with data stream, res

Re: [PATCH] dmaengine: bcm2835: Use struct_size() in kzalloc()

On 04-01-19, 12:30, Gustavo A. R. Silva wrote: > One of the more common cases of allocation size calculations is finding the > size of a structure that has a zero-sized array at the end, along with memory > for some number of elements for that array. For example: > > struct foo { > int stuff;

[PATCH 4.20 104/145] f2fs: read page index before freeing

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Pan Bian commit 0ea295dd853e0879a9a30ab61f923c26be35b902 upstream. The function truncate_node frees the page with f2fs_put_page. However, the page index is read after that. So, the patch reads

[PATCH 4.20 103/145] powerpc/tm: Unset MSR[TS] if not recheckpointing

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Breno Leitao commit 6f5b9f018f4c7686fd944d920209d1382d320e4e upstream. There is a TM Bad Thing bug that can be caused when you return from a signal context in a suspended transaction but with

[PATCH 4.20 106/145] f2fs: fix missing unlock(sbi->gc_mutex)

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Jaegeuk Kim commit 8f31b4665c14fe19593601a250275e58c7ad0ef1 upstream. This fixes missing unlock call. Cc: Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Greg Kroah-Hartman

Re: [PATCH] dmaengine: tegra-apb: Use struct_size() in devm_kzalloc()

On 04-01-19, 15:16, Gustavo A. R. Silva wrote: > One of the more common cases of allocation size calculations is finding > the size of a structure that has a zero-sized array at the end, along > with memory for some number of elements for that array. For example: > > struct foo { > int stuff;

[PATCH 4.20 110/145] media: cec: keep track of outstanding transmits

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 32804fcb612bf867034a093f459415e485cf044b upstream. I noticed that repeatedly running 'cec-ctl --playback' would occasionally select 'Playback Device 2' instead of 'Playback

[PATCH 4.20 107/145] f2fs: fix validation of the block count in sanity_check_raw_super

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Martin Blumenstingl commit 88960068f25fcc3759455d85460234dcc9d43fef upstream. Treat "block_count" from struct f2fs_super_block as 64-bit little endian value in sanity_check_raw_super() because

Re: [PATCH] dmaengine: fsl-edma: use struct_size() in kzalloc()

On 04-01-19, 15:25, Gustavo A. R. Silva wrote: > One of the more common cases of allocation size calculations is finding the > size of a structure that has a zero-sized array at the end, along with memory > for some number of elements for that array. For example: > > struct foo { > int stuff;

[PATCH 4.20 109/145] serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Nava kishore Manne commit 260683137ab5276113fc322fdbbc578024185fee upstream. This patch Correct the RX interrupt mask value to handle the RX interrupts properly. Fixes: c8dbdc842d30 ("serial:

[PATCH 4.20 108/145] f2fs: sanity check of xattr entry size

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Jaegeuk Kim commit 64beba0558fce7b59e9a8a7afd77290e82a22163 upstream. There is a security report where f2fs_getxattr() has a hole to expose wrong memory region when the image is malformed like

[PATCH 4.20 111/145] media: cec-pin: fix broken tx_ignore_nack_until_eom error injection

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit ac791f19a273a7fe254a7596f193af6534582a9f upstream. If the tx_ignore_nack_until_eom error injection was activated, then tx_nacked was never set instead of setting it when th

[PATCH 4.20 093/145] btrfs: dev-replace: go back to suspend state if another EXCL_OP is running

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Anand Jain commit 05c49e6bc1e8866ecfd674ebeeb58cdbff9145c2 upstream. In a secnario where balance and replace co-exists as below, - start balance - pause balance - start replace - rebo

[PATCH 4.20 115/145] media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 52117be68b82ee05c96da0a7beec319906ccf6cc upstream. The use of flush_schedule_work() made no sense and caused a syzkaller error. Replace with the correct cancel_delayed_work

[PATCH 4.20 120/145] MIPS: math-emu: Write-protect delay slot emulation pages

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit adcc81f148d733b7e8e641300c5590a2cdc13bf3 upstream. Mapping the delay slot emulation page as both writeable & executable presents a security risk, in that if an exploit can w

[PATCH 4.20 112/145] media: rc: cec devices do not have a lirc chardev

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Sean Young commit e5bb9d3d755f128956ed467ae50b41d22bb680c6 upstream. This fixes an oops in ir_lirc_scancode_event(). BUG: unable to handle kernel NULL pointer dereference at 0038

[PATCH 4.20 094/145] Btrfs: fix deadlock with memory reclaim during scrub

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit a5fb11429167ee6ddeeacc554efaf5776b36433a upstream. When a transaction commit starts, it attempts to pause scrub and it blocks until the scrub is paused. So while the trans

[PATCH 4.20 113/145] media: imx274: fix stack corruption in imx274_read_reg

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Luca Ceresoli commit cea8c0077d6cf3a0cea2f18a8e914af78d46b2ff upstream. imx274_read_reg() takes a u8 pointer ("reg") and casts it to pass it to regmap_read(), which takes an unsigned int point

[PATCH 4.20 124/145] MIPS: Expand MIPS32 ASIDs to 64 bits

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit ff4dd232ec45a0e45ea69f28f069f2ab22b4908a upstream. ASIDs have always been stored as unsigned longs, ie. 32 bits on MIPS32 kernels. This is problematic because it is feasible

[PATCH 4.20 122/145] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Huacai Chen commit 92aa0718c9fa5160ad2f0e7b5bffb52f1ea1e51a upstream. This patch is borrowed from ARM64 to ensure pmd_present() returns false after pmd_mknotpresent(). This is needed for THP.

[PATCH 4.20 116/145] media: vb2: check memory model for VIDIOC_CREATE_BUFS

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 62dcb4f41836bd3c44b5b651bb6df07ea4cb1551 upstream. vb2_core_create_bufs did not check if the memory model for newly added buffers is the same as for already existing buffer

[PATCH 4.20 118/145] media: v4l2-fwnode: Fix setting V4L2_MBUS_DATA_ACTIVE_HIGH/LOW flag

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Ondrej Jirman commit fa09d06522ceac428fdc5c2b57c572f6cfd0a8bb upstream. When parallel bus is used and data-active is being parsed, incorrect flags are cleared. Clear the correct flag bits. F

[PATCH 4.20 119/145] tools lib traceevent: Fix processing of dereferenced args in bprintk events

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Steven Rostedt (VMware) commit f024cf085c423bac7512479f45c34ee9a24af7ce upstream. In the case that a bprintk event has a dereferenced pointer that is stored as a string, and there's more value

[PATCH 4.20 130/145] CIFS: use the correct length when pinning memory for direct I/O for write

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Long Li commit b6bc8a7b993e62f82415a5e3e4a6469e80fea19c upstream. The current code attempts to pin memory using the largest possible wsize based on the currect SMB credits. This doesn't cause

[PATCH 4.20 091/145] cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Macpaul Lin commit eafb27fa5283599ce6c5492ea18cf636a28222bb upstream. Mediatek Preloader is a proprietary embedded boot loader for loading Little Kernel and Linux into device DRAM. This boot

[PATCH 4.20 133/145] ARM: dts: exynos: Specify I2S assigned clocks in proper node

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Sylwester Nawrocki commit 8ac686d7dfed721102860ff2571e6b9f529ae81a upstream. The assigned parent clocks should be normally specified in the consumer device's DT node, this ensures respective d

[PATCH 4.20 095/145] btrfs: skip file_extent generation check for free_space_inode in run_delalloc_nocow

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Lu Fengqi commit 27a7ff554e8d349627a90bda275c527b7348adae upstream. The test case btrfs/001 with inode_cache mount option will encounter the following warning: WARNING: CPU: 1 PID: 23700 at

[PATCH 4.20 144/145] tpm: tpm_try_transmit() refactor error flow.

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Winkler commit 01f54664a4db0d612de0ece8e0022f21f9374e9b upstream. First, rename out_no_locality to out_locality for bailing out on both tpm_cmd_ready() and tpm_request_locality() failure

[PATCH 4.20 132/145] arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit 107352a24900fb458152b92a4e72fbdc83fd5510 upstream. We currently only halt the guest when a vCPU messes with the active state of an SPI. This is perfectly fine for GICv2, bu

[PATCH 4.20 099/145] brcmfmac: fix roamoff=1 modparam

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Stijn Tintel commit 8c892df41500469729e0d662816300196e4f463d upstream. When the update_connect_param callback is set, nl80211 expects the flag WIPHY_FLAG_SUPPORTS_FW_ROAM to be set as well. Ho

[PATCH 4.20 126/145] MIPS: Fix a R10000_LLSC_WAR logic in atomic.h

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Huacai Chen commit db1ce3f5d01d2d6d5714aefba0159d2cb5167a0b upstream. Commit 4936084c2ee2 ("MIPS: Cleanup R1_LLSC_WAR logic in atomic.h") introduce a mistake in atomic64_fetch_##op##_relax

[PATCH 4.20 100/145] brcmfmac: Fix out of bounds memory access during fw load

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit b72c51a58e6d63ef673ac96b8ab5bc98799c5f7b upstream. I ended up tracking down some rather nasty issues with f2fs (and other filesystem modules) constantly crashing on my kernel

[PATCH 4.20 143/145] parisc: Remap hugepage-aligned pages in set_kernel_text_rw()

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit dfbaecb2b707cfdc5276b548d52b437384bd6483 upstream. The alternative coding patch for parisc in kernel 4.20 broke booting machines with PA8500-PA8700 CPUs. The problem is, th

[PATCH 4.20 141/145] arm64: compat: Avoid sending SIGILL for unallocated syscall numbers

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Will Deacon commit 169113ece0f29ebe884a6cfcf57c1ace04d8a36a upstream. The ARM Linux kernel handles the EABI syscall numbers as follows: 0 - NR_SYSCALLS-1 : Invoke syscall via sy

[PATCH 4.20 098/145] Btrfs: send, fix race with transaction commits that create snapshots

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit be6821f82c3cc36e026f5afd10249988852b35ea upstream. If we create a snapshot of a snapshot currently being used by a send operation, we can end up with send failing unexpect

[PATCH 4.20 125/145] MIPS: OCTEON: mark RGMII interface disabled on OCTEON III

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen commit edefae94b7b9f10d5efe32dece5a36e9d9ecc29e upstream. Commit 885872b722b7 ("MIPS: Octeon: Add Octeon III CN7xxx interface detection") added RGMII interface detection for OCTE

[PATCH 4.19 014/170] net: ipv4: do not handle duplicate fragments as overlapping

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Michal Kubecek [ Upstream commit ade446403bfb79d3528d56071a84b15351a139ad ] Since commit 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments.") IPv4 reassembly code drops the w

[PATCH 4.20 136/145] KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit bea2ef803ade3359026d5d357348842bca9edcf1 upstream. SPIs should be checked against the VMs specific configuration, and not the architectural maximum. Cc: sta...@vger.kernel

[PATCH 4.20 134/145] rtc: m41t80: Correct alarm month range with RTC reads

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 3cc9ffbb1f51eb4320575a48e4805a8f52e0e26b upstream. Add the missing adjustment of the month range on alarm reads from the RTC, correcting an issue coming from commit 9c

[PATCH 4.20 140/145] iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Robin Murphy commit 3cd508a8c1379427afb5e16c2e0a7c986d907853 upstream. When we insert the sync sequence number into the CMD_SYNC.MSIData field, we do so in CPU-native byte order, before writin

[PATCH 4.20 138/145] KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Christoffer Dall commit fb544d1ca65a89f7a3895f7531221ceeed74ada7 upstream. We recently addressed a VMID generation race by introducing a read/write lock around accesses and updates to the vmid

[PATCH 4.19 016/170] net: mvpp2: 10G modes arent supported on all ports

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Antoine Tenart [ Upstream commit 006791772084383de779ef29f2e06f3a6e111e7d ] The mvpp2_phylink_validate() function sets all modes that are supported by a given PPv2 port. A recent change made a

[PATCH 4.19 010/170] isdn: fix kernel-infoleak in capi_unlocked_ioctl

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit d63967e475ae10f286dbd35e189cb241e0b1f284 ] Since capi_ioctl() copies 64 bytes after calling capi20_get_manufacturer() we need to ensure to not leak information t

[PATCH 4.20 127/145] CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Georgy A Bystrenin commit 9a596f5b39593414c0ec80f71b94a226286f084e upstream. While resolving a bug with locks on samba shares found a strange behavior. When a file locked by one node and we tr

[PATCH 4.19 018/170] netrom: fix locking in nr_find_socket()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 7314f5480f3e37e570104dc5e0f28823ef849e72 ] nr_find_socket(), nr_find_peer() and nr_find_listener() lock the sock after finding it in the global list. However, the c

[PATCH 4.19 019/170] net/smc: fix TCP fallback socket release

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Myungho Jung [ Upstream commit 78abe3d0dfad196959b1246003366e2610775ea6 ] clcsock can be released while kernel_accept() references it in TCP listen worker. Also, clcsock needs to wake up befor

[PATCH 4.20 131/145] arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Will Deacon commit df655b75c43fba0f2621680ab261083297fd6d16 upstream. Although bit 31 of VTCR_EL2 is RES1, we inadvertently end up setting all of the upper 32 bits to 1 as well because we defi

[PATCH 4.19 002/170] gro_cell: add napi_disable in gro_cells_destroy

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Lorenzo Bianconi [ Upstream commit 8e1da73acded4751a93d4166458a7e640f37d26c ] Add napi_disable routine in gro_cells_destroy since starting from commit c42858eaf492 ("gro_cells: remove spinlock

[PATCH 4.19 012/170] net: core: Fix Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 50d5258634aee2e62832aa086d2fb0de00e72b91 ] flen is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.19 006/170] ipv4: Fix potential Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 5648451e30a0d13d11796574919a359025d52cce ] vr.vifi is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre vari

[PATCH 4.19 001/170] ax25: fix a use-after-free in ax25_fillin_cb()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit c433570458e49bccea5c551df628d058b3526289 ] There are multiple issues here: 1. After freeing dev->ax25_ptr, we need to set it to NULL otherwise we may use a dang

[PATCH 4.20 129/145] CIFS: return correct errors when pinning memory failed for direct I/O

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Long Li commit 54e94ff94eac887ddb59cfd46b18896da5695e35 upstream. When pinning memory failed, we should return the correct error code and rewind the SMB credits. Reported-by: Murphy Zhou Sig

[PATCH 4.20 128/145] smb3: fix large reads on encrypted connections

4.20-stable review patch. If anyone has any objections, please let me know. -- From: Paul Aurich commit 6d2f84eee098540ae857998fe32f29b9e2cd9613 upstream. When passing a large read to receive_encrypted_read(), ensure that the demultiplex_thread knows that a MID was processed.

[PATCH 4.19 000/170] 4.19.14-stable review

This is the start of the stable review cycle for the 4.19.14 release. There are 170 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 9 10:43:54 UTC 2019. Anything recei

[PATCH 4.19 008/170] ipv6: tunnels: fix two use-after-free

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit cbb49697d5512ce9e61b45ce75d3ee43d7ea5524 ] xfrm6_policy_check() might have re-allocated skb->head, we need to reload ipv6 header pointer. sysbot reported : BUG

[PATCH 4.19 009/170] ip: validate header length on virtual device xmit

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit cb9f1b783850b14cbd7f87d061d784a666dfba1f ] KMSAN detected read beyond end of buffer in vti and sit devices when passing truncated packets with PF_PACKET. The

[PATCH 4.19 021/170] net/tls: allocate tls context using GFP_ATOMIC

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ganesh Goudar [ Upstream commit c6ec179a0082e2e76e3a72050c2b99d3d0f3da3f ] create_ctx can be called from atomic context, hence use GFP_ATOMIC instead of GFP_KERNEL. [ 395.962599] BUG: sleepi

[PATCH 4.19 003/170] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tyrel Datwyler [ Upstream commit 756af9c642329d54f048bac2a62f829b391f6944 ] Commit 33a48ab105a7 ("ibmveth: Fix DMA unmap error") fixed an issue in the normal code path of ibmveth_xmit_start()

[PATCH 4.19 007/170] ipv6: explicitly initialize udp6_addr in udp_sock_create6()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit fb24274546310872eeeaf3d1d53799d8414aa0f2 ] syzbot reported the use of uninitialized udp6_addr::sin6_scope_id. We can just set ::sin6_scope_id to zero, as tunnels ar

[PATCH 4.19 030/170] sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 4a2eb0c37b4759416996fbb4c45b932500cf06d3 ] syzbot reported a kernel-infoleak, which is caused by an uninitialized field(sin6_flowinfo) of addr->a.v6 in sctp_inet6add

[PATCH 4.19 031/170] sock: Make sock->sk_stamp thread-safe

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Deepa Dinamani [ Upstream commit 3a0ed3e9619738067214871e9cb826fa23b2ddb9 ] Al Viro mentioned (Message-ID <20170626041334.gz10...@zeniv.linux.org.uk>) that there is probably a race condition l

[PATCH 4.19 005/170] ip6mr: Fix potential Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 69d2c86766da2ded2b70281f1bf242cb0d58a778 ] vr.mifi is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre vari

[PATCH 4.19 039/170] VSOCK: Send reset control packet when socket is partially bound

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jorgen Hansen [ Upstream commit a915b982d8f5e4295f64b8dd37ce753874867e88 ] If a server side socket is bound to an address, but not in the listening state yet, incoming connection requests shou

[PATCH 4.19 038/170] vhost: make sure used idx is seen before log in vhost_add_used_n()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jason Wang [ Upstream commit 841df922417eb82c835e93d4b93eb6a68c99d599 ] We miss a write barrier that guarantees used idx is updated and seen before log. This will let userspace sync and copy u

[PATCH 4.19 044/170] ipv6: frags: Fix bogus skb->sk in reassembled packets

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Herbert Xu [ Upstream commit d15f5ac8deea936d3adf629421a66a88b42b8a2f ] It was reported that IPsec would crash when it encounters an IPv6 reassembled packet because skb->sk is non-zero and not

[PATCH 4.19 004/170] ieee802154: lowpan_header_create check must check daddr

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 40c3ff6d5e0809505a067dd423c110c5658c478c ] Packet sockets may call dev_header_parse with NULL daddr. Make lowpan_header_ops.create fail. Fixes: 87a93e4eceb4

[PATCH 4.19 042/170] tipc: check group dests after tipc_wait_for_cond()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 3c6306d44082ef007a258ae1b86ea58e6974ee3f ] Similar to commit 143ece654f9f ("tipc: check tsk->group in tipc_wait_for_cond()") we have to reload grp->dests too after

[PATCH 4.19 045/170] net/ipv6: Fix a test against ipv6_find_idev() return value

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET [ Upstream commit 178fe94405bffbd1acd83b6ff3b40211185ae9c9 ] 'ipv6_find_idev()' returns NULL on error, not an error pointer. Update the test accordingly and return -ENOBUFS,

[PATCH 4.19 037/170] tipc: use lock_sock() in tipc_sk_reinit()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 15ef70e286176165d28b0b8a969b422561a68dfc ] lock_sock() must be used in process context to be race-free with other lock_sock() callers, for example, tipc_release().

[PATCH 4.19 017/170] net: phy: Fix the issue that netif always links up after resuming

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kunihiko Hayashi [ Upstream commit 8742beb50f2db903d3b6d69ddd81d67ce9914453 ] Even though the link is down before entering hibernation, there is an issue that the network interface always link

[PATCH 4.19 034/170] tipc: compare remote and local protocols in tipc_udp_enable()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit fb83ed496b9a654f60cd1d58a0e1e79ec5694808 ] When TIPC_NLA_UDP_REMOTE is an IPv6 mcast address but TIPC_NLA_UDP_LOCAL is an IPv4 address, a NULL-ptr deref is triggere

[PATCH 4.19 040/170] xen/netfront: tolerate frags with no data

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross [ Upstream commit d81c5054a5d1d4999c7cdead7636b6cd4af83d36 ] At least old Xen net backends seem to send frags with no real data sometimes. In case such a fragment happens to occu

[PATCH 4.19 032/170] tcp: fix a race in inet_diag_dump_icsk()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit f0c928d878e7d01b613c9ae5c971a6b1e473a938 ] Alexei reported use after frees in inet_diag_dump_icsk() [1] Because we use refcount_set() when various sockets are s

[PATCH 4.19 043/170] net/mlx5e: Remove the false indication of software timestamping support

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Alaa Hleihel [ Upstream commit 4765420439e758bfa4808392d18b0a4cb6f06065 ] mlx5 driver falsely advertises support of software timestamping. Fix it by removing the false indication. Fixes: ef98

[PATCH 4.19 049/170] net/mlx5e: Cancel DIM work on close SQ

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tal Gilboa [ Upstream commit fa2bf86bab4bbc61e5678a42a14e40075093a98f ] TXQ SQ closure is followed by closing the corresponding CQ. A pending DIM work would try to modify the now non-existing

[PATCH 4.19 047/170] ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Stefano Brivio [ Upstream commit 7adf3246092f5e87ed0fa610e8088fae416c581f ] In ip6_neigh_lookup(), we must not return errors coming from neigh_create(): if creation of a neighbour entry fails,

[PATCH 4.19 053/170] mlxsw: core: Increase timeout during firmware flash process

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Shalom Toledo [ Upstream commit cf0b70e71b32137ccf9c1f3dd9fb30cbf89b4322 ] During the firmware flash process, some of the EMADs get timed out, which causes the driver to send them again with a

[PATCH 4.19 051/170] net: mvpp2: fix the phylink mode validation

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Antoine Tenart [ Upstream commit 1b451fb2051b464b9758c09a3492104403252e2b ] The mvpp2_phylink_validate() sets all modes that are supported by a given PPv2 port. An mistake made the 1baseT_

[PATCH 4.19 050/170] net/mlx5e: RX, Verify MPWQE stride size is in range

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Moshe Shemesh [ Upstream commit e1c15b62b7015119d3e5915cd2ae3b89d59c2576 ] Add check of MPWQE stride size is within range supported by HW. In case calculated MPWQE stride size exceed range, li

[PATCH 4.19 075/170] ALSA: hda/tegra: clear pending irq handlers

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sameer Pujar commit 63d2a9ec310d8bcc955574220d4631aa55c1a80c upstream. Even after disabling interrupts on the module, it could be possible that irq handlers are still running. System hang is s

[PATCH 4.19 020/170] net: stmmac: Fix an error code in probe()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter [ Upstream commit b26322d2ac6c1c1087af73856531bb836f6963ca ] The function should return an error if create_singlethread_workqueue() fails. Fixes: 34877a15f787 ("net: stmmac: Rew

[PATCH 4.19 076/170] usb: dwc2: host: use hrtimer for NAK retries

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Terin Stock commit 6ed30a7d8ec29d3aba46e47aa8b4a44f077dda4e upstream. Modify the wait delay utilize the high resolution timer API to allow for more precisely scheduled callbacks. A previous c

[PATCH 4.19 056/170] net: mvneta: fix operation for 64K PAGE_SIZE

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Marcin Wojtas [ Upstream commit e735fd55b94bb48363737db3b1d57627c1a16b47 ] Recent changes in the mvneta driver reworked allocation and handling of the ingress buffers to use entire pages. Apar

[PATCH 4.19 061/170] ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 5ae4f61f012a097df93de2285070ec8e34716d29 upstream. ipcm->substream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre v

[PATCH 4.19 055/170] net/mlx5e: RX, Fix wrong early return in receive queue poll

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tariq Toukan [ Upstream commit bfc698254ba97b3e3e4ebbfae0ffa1f7e2fa0717 ] When the completion queue of the RQ is empty, do not immediately return. If left-over decompressed CQEs (from the prev

[PATCH 4.19 059/170] IB/hfi1: Incorrect sizing of sge for PIO will OOPs

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Michael J. Ruhl commit dbc2970caef74e8ff41923d302aa6fb5a4812d0e upstream. An incorrect sge sizing in the HFI PIO path will cause an OOPs similar to this: BUG: unable to handle kernel NULL poi

[PATCH 4.19 029/170] qmi_wwan: Add support for Fibocom NL678 series

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist [ Upstream commit 7c3db4105ce8d69bcb5c04bfa9acd1e9119af8d5 ] Added support for Fibocom NL678 series cellular module QMI interface. Using QMI_QUIRK_SET_DTR required for Qualcomm

[PATCH 4.19 025/170] phonet: af_phonet: Fix Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit d686026b1e6ed4ea27d630d8f54f9a694db088b2 ] protocol is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre var

[PATCH 4.19 057/170] net: Use __kernel_clockid_t in uapi net_stamp.h

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Davide Caratti [ Upstream commit e2c4cf7f98a519eb4d95532bfa06bcaf3562fed5 ] Herton reports the following error when building a userspace program that includes net_stamp.h: In file included f

[PATCH 4.19 026/170] ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit aff6db454599d62191aabc208930e891748e4322 ] __ptr_ring_swap_queue() tries to move pointers from the old ring to the new one, but it forgets to check if ->producer is

[PATCH 4.19 071/170] ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit ada79fa5a0b374dd2c2262137c734da7524a8263 upstream. In IEC 61883-1/6 engine of ALSA firewire stack, a packet handler has a second argument for 'the number of bytes in pa

[PATCH 4.19 058/170] r8169: fix WoL device wakeup enable

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Heiner Kallweit [ Upstream commit 3bd8264511035dc97c902f03fa9f1d07f95f8f62 ] In rtl8169_runtime_resume() we configure WoL but don't set the device to wakeup-enabled. This prevents PME generati

[PATCH 4.19 073/170] ALSA: firewire-lib: use the same print format for without_header tracepoints

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 5ef108c53e6efd695e32aad969638ccbc35b4be9 upstream. An initial commit to add tracepoints for packets without CIP headers uses different print formats for added tracepoin

[PATCH 4.19 074/170] ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 82b01149ec94d746867d7f9156c44d775d4d2d67 upstream. The headset mic of ASUS laptops like UX533FD, UX433FN and UX333FA, whose CODEC is Realtek ALC294 has jack auto detection

[PATCH 4.19 027/170] qmi_wwan: Added support for Fibocom NL668 series

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist [ Upstream commit 110a1cc28bc383adb4885eff27e18c61ddebffb4 ] Added support for Fibocom NL668 series QMI interface. Using QMI_QUIRK_SET_DTR required for Qualcomm MDM9x07 chipset

[PATCH 4.19 077/170] USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Scott Chen commit 8d503f206c336677954160ac62f0c7d9c219cd89 upstream. Add device ids to pl2303 for the HP POS pole displays: LM920: 03f0:026b TD620: 03f0:0956 LD960TA: 03f0:4439 LD220TA: 03

[PATCH 4.19 078/170] USB: serial: option: add Fibocom NL678 series

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist commit 4b2c01ad902ec02fa962b233decd2f14be3714ba upstream. Added USB serial option driver support for Fibocom NL678 series cellular module: VID 2cb7 and PIDs 0x0104 and 0x0105.

[PATCH 4.19 072/170] ALSA: firewire-lib: fix wrong assignment for out_packet_without_header tracepoint

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit aa9a9e39b4f65733bf19d90cbd026e85a74efb99 upstream. An initial commit to add tracepoints for packets without CIP headers introduces a wrong assignment to 'data_blocks' v

[PATCH 4.19 070/170] ALSA: fireface: fix for state to fetch PCM frames

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 3d16200a3e55a39caa1c88419cb559c00316f721 upstream. According to my memo at hand and saved records, writing 0x0001 to SND_FF_REG_FETCH_PCM_FRAMES disables fetching P

[PATCH 4.19 079/170] usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai commit c85400f886e3d41e69966470879f635a2b50084c upstream. The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may be concurrently executed. The two functions both ac

<    1   2   3   4   5   6   7   8   9   10   >