[PATCH 4.14 012/101] net: ipv4: do not handle duplicate fragments as overlapping

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michal Kubecek [ Upstream commit ade446403bfb79d3528d56071a84b15351a139ad ] Since commit 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments.") IPv4 reassembly code drops the w

[PATCH 4.14 013/101] net: macb: restart tx after tx used bit read

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Claudiu Beznea [ Upstream commit 4298388574dae6168fa8940b3edc7ba965e8a7ab ] On some platforms (currently detected only on SAMA5D4) TX might stuck even the pachets are still present in DMA memo

[PATCH 4.14 014/101] net: phy: Fix the issue that netif always links up after resuming

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kunihiko Hayashi [ Upstream commit 8742beb50f2db903d3b6d69ddd81d67ce9914453 ] Even though the link is down before entering hibernation, there is an issue that the network interface always link

[PATCH 4.14 016/101] net/wan: fix a double free in x25_asy_open_tty()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit d5c7c745f254c6cb98b3b3f15fe789b8bd770c72 ] When x25_asy_open() fails, it already cleans up by itself, so its caller doesn't need to free the memory again. It seems

[PATCH 4.19 169/170] tpm: tpm_try_transmit() refactor error flow.

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tomas Winkler commit 01f54664a4db0d612de0ece8e0022f21f9374e9b upstream. First, rename out_no_locality to out_locality for bailing out on both tpm_cmd_ready() and tpm_request_locality() failure

[PATCH 4.14 004/101] ip6mr: Fix potential Spectre v1 vulnerability

4.14-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 69d2c86766da2ded2b70281f1bf242cb0d58a778 ] vr.mifi is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre vari

[PATCH 4.14 023/101] tipc: fix a double kfree_skb()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit acb4a33e9856d5fa3384b87d3d8369229be06d31 ] tipc_udp_xmit() drops the packet on error, there is no need to drop it again. Fixes: ef20cd4dd163 ("tipc: introduce UDP

[PATCH 4.14 022/101] tcp: fix a race in inet_diag_dump_icsk()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit f0c928d878e7d01b613c9ae5c971a6b1e473a938 ] Alexei reported use after frees in inet_diag_dump_icsk() [1] Because we use refcount_set() when various sockets are s

[PATCH 4.14 020/101] qmi_wwan: Added support for Telit LN940 series

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist [ Upstream commit 1986af16e8ed355822600c24b3d2f0be46b573df ] Added support for the Telit LN940 series cellular modules QMI interface. QMI_QUIRK_SET_DTR quirk requied for Qualco

[PATCH 4.14 034/101] qmi_wwan: Add support for Fibocom NL678 series

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist [ Upstream commit 7c3db4105ce8d69bcb5c04bfa9acd1e9119af8d5 ] Added support for Fibocom NL678 series cellular module QMI interface. Using QMI_QUIRK_SET_DTR required for Qualcomm

[PATCH 4.14 037/101] IB/hfi1: Incorrect sizing of sge for PIO will OOPs

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michael J. Ruhl commit dbc2970caef74e8ff41923d302aa6fb5a4812d0e upstream. An incorrect sge sizing in the HFI PIO path will cause an OOPs similar to this: BUG: unable to handle kernel NULL poi

[PATCH 4.14 033/101] qmi_wwan: Added support for Fibocom NL668 series

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist [ Upstream commit 110a1cc28bc383adb4885eff27e18c61ddebffb4 ] Added support for Fibocom NL668 series QMI interface. Using QMI_QUIRK_SET_DTR required for Qualcomm MDM9x07 chipset

[PATCH 4.14 024/101] vhost: make sure used idx is seen before log in vhost_add_used_n()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jason Wang [ Upstream commit 841df922417eb82c835e93d4b93eb6a68c99d599 ] We miss a write barrier that guarantees used idx is updated and seen before log. This will let userspace sync and copy u

[PATCH 4.14 032/101] tipc: compare remote and local protocols in tipc_udp_enable()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit fb83ed496b9a654f60cd1d58a0e1e79ec5694808 ] When TIPC_NLA_UDP_REMOTE is an IPv6 mcast address but TIPC_NLA_UDP_LOCAL is an IPv4 address, a NULL-ptr deref is triggere

[PATCH 4.14 030/101] net/mlx5e: Remove the false indication of software timestamping support

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alaa Hleihel [ Upstream commit 4765420439e758bfa4808392d18b0a4cb6f06065 ] mlx5 driver falsely advertises support of software timestamping. Fix it by removing the false indication. Fixes: ef98

[PATCH 4.14 031/101] tipc: use lock_sock() in tipc_sk_reinit()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 15ef70e286176165d28b0b8a969b422561a68dfc ] lock_sock() must be used in process context to be race-free with other lock_sock() callers, for example, tipc_release().

[PATCH 4.14 025/101] VSOCK: Send reset control packet when socket is partially bound

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jorgen Hansen [ Upstream commit a915b982d8f5e4295f64b8dd37ce753874867e88 ] If a server side socket is bound to an address, but not in the listening state yet, incoming connection requests shou

[PATCH 4.14 006/101] gro_cell: add napi_disable in gro_cells_destroy

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lorenzo Bianconi [ Upstream commit 8e1da73acded4751a93d4166458a7e640f37d26c ] Add napi_disable routine in gro_cells_destroy since starting from commit c42858eaf492 ("gro_cells: remove spinlock

[PATCH 4.14 005/101] ax25: fix a use-after-free in ax25_fillin_cb()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit c433570458e49bccea5c551df628d058b3526289 ] There are multiple issues here: 1. After freeing dev->ax25_ptr, we need to set it to NULL otherwise we may use a dang

[PATCH 4.14 038/101] ALSA: rme9652: Fix potential Spectre v1 vulnerability

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 0b84304ef5da92add8dc75a1b07879c5374cdb05 upstream. info->channel is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre var

[PATCH 4.14 049/101] USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Scott Chen commit 8d503f206c336677954160ac62f0c7d9c219cd89 upstream. Add device ids to pl2303 for the HP POS pole displays: LM920: 03f0:026b TD620: 03f0:0956 LD960TA: 03f0:4439 LD220TA: 03

[PATCH 4.14 009/101] ipv6: explicitly initialize udp6_addr in udp_sock_create6()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit fb24274546310872eeeaf3d1d53799d8414aa0f2 ] syzbot reported the use of uninitialized udp6_addr::sin6_scope_id. We can just set ::sin6_scope_id to zero, as tunnels ar

[PATCH 4.14 008/101] ieee802154: lowpan_header_create check must check daddr

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 40c3ff6d5e0809505a067dd423c110c5658c478c ] Packet sockets may call dev_header_parse with NULL daddr. Make lowpan_header_ops.create fail. Fixes: 87a93e4eceb4

[PATCH 4.14 040/101] ALSA: pcm: Fix potential Spectre v1 vulnerability

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 94ffb030b6d31ec840bb811be455dd2e26a4f43e upstream. stream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1

[PATCH 4.14 010/101] ipv6: tunnels: fix two use-after-free

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit cbb49697d5512ce9e61b45ce75d3ee43d7ea5524 ] xfrm6_policy_check() might have re-allocated skb->head, we need to reload ipv6 header pointer. sysbot reported : BUG

[PATCH 4.14 059/101] KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 1b3ab5ad1b8ad99bae76ec583809c5f5a31c707c upstream. Fixes: 34a1cd60d17f ("kvm: x86: vmx: move some vmx setting from vmx_init() to hardware_setup()") Cc: sta...@vger.

[PATCH 4.14 057/101] x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dan Williams commit ba6f508d0ec4adb09f0a939af6d5e19cdfa8667d upstream. Commit: f77084d96355 "x86/mm/pat: Disable preemption around __flush_tlb_all()" addressed a case where __flush_tlb_all

[PATCH 4.14 058/101] KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit e81434995081fd7efb755fd75576b35dbb0850b1 upstream. kvm_handle_fault_on_reboot() provides a generic exception fixup handler that is used to cleanly handle faults

[PATCH 4.14 054/101] s390/pci: fix sleeping in atomic during hotplug

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Ott commit 98dfd32620e970eb576ebce5ea39d905cb005e72 upstream. When triggered by pci hotplug (PEC 0x306) clp_get_state is called with spinlocks held resulting in the following warning

[PATCH 4.14 055/101] Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Patrick Dreyer commit 7db54c89f0b30a101584e09d3729144e6170059d upstream. This adds ELAN0501 to the ACPI table to support Elan touchpad found in ASUS Aspire F5-573G. Signed-off-by: Patrick Dre

[PATCH 4.14 052/101] staging: wilc1000: fix missing read_write setting when reading data

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit c58eef061dda7d843dcc0ad6fea7e597d4c377c0 upstream. Currently the cmd.read_write setting is not initialized so it contains garbage from the stack. Fix this by setting it

[PATCH 4.14 056/101] x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hocko commit 5b5e4d623ec8a34689df98e42d038a3b594d2ff9 upstream. Swap storage is restricted to max_swapfile_size (~16TB on x86_64) whenever the system is deemed affected by L1TF vulnerab

[PATCH 4.14 064/101] ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maurizio Lombardi commit 132d00becb31e88469334e1e62751c81345280e0 upstream. In case of error, ext4_try_to_write_inline_data() should unlock and release the page it holds. Fixes: f19d5870cbf7

[PATCH 4.14 061/101] perf pmu: Suppress potential format-truncation warning

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings commit 11a64a05dc649815670b1be9fe63d205cb076401 upstream. Depending on which functions are inlined in util/pmu.c, the snprintf() calls in perf_pmu__parse_{scale,unit,per_pkg,snap

[PATCH 4.14 063/101] ext4: fix possible use after free in ext4_quota_enable

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Pan Bian commit 61157b24e60fb3cd1f85f2c76a7b1d628f970144 upstream. The function frees qf_inode via iput but then pass qf_inode to lockdep_set_quota_inode on the failure path. This may result i

[PATCH 4.14 060/101] platform-msi: Free descriptors in platform_msi_domain_free()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Miquel Raynal commit 81b1e6e6a8590a19257e37a1633bec098d499c57 upstream. Since the addition of platform MSI support, there were two helpers supposed to allocate/free IRQs for a device: pla

[PATCH 4.14 068/101] ext4: check for shutdown and r/o file system in ext4_write_inode()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 18f2c4fcebf2582f96cbd5f2238f4f354a0e4847 upstream. If the file system has been shut down or is read-only, then ext4_write_inode() needs to bail out early. Also use jbd2_c

[PATCH 4.14 065/101] ext4: fix EXT4_IOC_GROUP_ADD ioctl

4.14-stable review patch. If anyone has any objections, please let me know. -- From: ruippan (潘睿) commit e647e29196b7f802f8242c39ecb7cc937f5ef217 upstream. Commit e2b911c53584 ("ext4: clean up feature test macros with predicate functions") broke the EXT4_IOC_GROUP_ADD ioctl.

[PATCH] drop_caches: Allow unmapping pages

drop_caches does not drop pages which are currently mapped. Add an option to try to unmap and drop even these pages. This provides a simple way to obtain a rough estimate of how many file pages are used in a particular use case: drop everything and check how much gets read back. # cat /proc/mem

[PATCH 4.14 072/101] clk: rockchip: fix typo in rk3188 spdif_frac parent

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Johan Jonker commit 8b19faf6fae2867e2c177212c541e8ae36aa4d32 upstream. Fix typo in common_clk_branches. Make spdif_pre parent of spdif_frac. Fixes: 667464208989 ("clk: rockchip: include downs

[PATCH 4.14 042/101] mtd: atmel-quadspi: disallow building on ebsa110

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 2a9d92fb3a1282a4659f1bb6d5684018846537b7 upstream. I ran into a link-time error with the atmel-quadspi driver on the EBSA110 platform: drivers/mtd/built-in.o: In function

[PATCH 4.14 074/101] crypto: testmgr - add AES-CFB tests

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Eremin-Solenikov commit 7da66670775d201f633577f5b15a4bbeebaaa2b0 upstream. Add AES128/192/256-CFB testvectors from NIST SP800-38A. Signed-off-by: Dmitry Eremin-Solenikov Cc: sta...@vg

[PATCH 4.14 076/101] cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Macpaul Lin commit eafb27fa5283599ce6c5492ea18cf636a28222bb upstream. Mediatek Preloader is a proprietary embedded boot loader for loading Little Kernel and Linux into device DRAM. This boot

[PATCH 4.14 071/101] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Wunner commit 56c1723426d3cfd4723bfbfce531d7b38bae6266 upstream. The IRQ handler bcm2835_spi_interrupt() first reads as much as possible from the RX FIFO, then writes as much as possible

[PATCH 4.14 095/101] CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Georgy A Bystrenin commit 9a596f5b39593414c0ec80f71b94a226286f084e upstream. While resolving a bug with locks on samba shares found a strange behavior. When a file locked by one node and we tr

[PATCH 4.14 091/101] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Huacai Chen commit 92aa0718c9fa5160ad2f0e7b5bffb52f1ea1e51a upstream. This patch is borrowed from ARM64 to ensure pmd_present() returns false after pmd_mknotpresent(). This is needed for THP.

[PATCH 4.14 101/101] ARM: dts: exynos: Specify I2S assigned clocks in proper node

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sylwester Nawrocki commit 8ac686d7dfed721102860ff2571e6b9f529ae81a upstream. The assigned parent clocks should be normally specified in the consumer device's DT node, this ensures respective d

[PATCH 4.14 094/101] MIPS: OCTEON: mark RGMII interface disabled on OCTEON III

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen commit edefae94b7b9f10d5efe32dece5a36e9d9ecc29e upstream. Commit 885872b722b7 ("MIPS: Octeon: Add Octeon III CN7xxx interface detection") added RGMII interface detection for OCTE

[PATCH 4.14 082/101] netfilter: nf_conncount: Fix garbage collection with zones

4.14-stable review patch. If anyone has any objections, please let me know. -- commit 21ba8847f857028dc83a0f341e16ecc616e34740 upstream. Currently, we use check_hlist() for garbage colleciton. However, we use the ‘zone’ from the counted entry to query the existence of existing e

[PATCH 4.14 093/101] MIPS: Expand MIPS32 ASIDs to 64 bits

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit ff4dd232ec45a0e45ea69f28f069f2ab22b4908a upstream. ASIDs have always been stored as unsigned longs, ie. 32 bits on MIPS32 kernels. This is problematic because it is feasible

[PATCH 4.14 080/101] netfilter: xt_connlimit: dont store address in the conn nodes

4.14-stable review patch. If anyone has any objections, please let me know. -- commit ce49480dba8666cba0106e8e31a942c9ce4c438a upstream. Only stored, never read. This is a leftover from commit 7d0848c8 ("netfilter: connlimit: use rbtree for per-host conntrack obj storage"),

[PATCH 4.14 090/101] MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Huacai Chen commit bb53fdf395eed103f85061bfff3b116cee123895 upstream. For multi-node Loongson-3 (NUMA configuration), r4k_blast_scache() can only flush Node-0's scache. So we add r4k_blast_sca

[PATCH 4.14 083/101] netfilter: nf_conncount: fix garbage collection confirm race

4.14-stable review patch. If anyone has any objections, please let me know. -- commit b36e4523d4d56e2595e28f16f6ccf1cd6a9fc452 upstream. Yi-Hung Wei and Justin Pettit found a race in the garbage collection scheme used by nf_conncount. When doing list walk, we lookup the tuple i

[PATCH 4.14 044/101] ALSA: fireface: fix for state to fetch PCM frames

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 3d16200a3e55a39caa1c88419cb559c00316f721 upstream. According to my memo at hand and saved records, writing 0x0001 to SND_FF_REG_FETCH_PCM_FRAMES disables fetching P

[PATCH 4.14 047/101] ALSA: firewire-lib: use the same print format for without_header tracepoints

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Sakamoto commit 5ef108c53e6efd695e32aad969638ccbc35b4be9 upstream. An initial commit to add tracepoints for packets without CIP headers uses different print formats for added tracepoin

[PATCH 4.14 078/101] btrfs: run delayed items before dropping the snapshot

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik commit 0568e82dbe2510fc1fa664f58e5c997d3f1e649e upstream. With my delayed refs patches in place we started seeing a large amount of aborts in __btrfs_free_extent: BTRFS error (de

[PATCH 4.14 077/101] Btrfs: fix fsync of files with multiple hard links in new directories

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit 41bd60676923822de1df2c50b3f9a10171f4338a upstream. The log tree has a long standing problem that when a file is fsync'ed we only check for new ancestors, created in the cu

[PATCH 4.14 048/101] ALSA: hda/tegra: clear pending irq handlers

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sameer Pujar commit 63d2a9ec310d8bcc955574220d4631aa55c1a80c upstream. Even after disabling interrupts on the module, it could be possible that irq handlers are still running. System hang is s

[PATCH 4.14 098/101] rtc: m41t80: Correct alarm month range with RTC reads

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 3cc9ffbb1f51eb4320575a48e4805a8f52e0e26b upstream. Add the missing adjustment of the month range on alarm reads from the RTC, correcting an issue coming from commit 9c

[PATCH 4.14 039/101] ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 5ae4f61f012a097df93de2285070ec8e34716d29 upstream. ipcm->substream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre v

[PATCH 4.14 096/101] arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Will Deacon commit df655b75c43fba0f2621680ab261083297fd6d16 upstream. Although bit 31 of VTCR_EL2 is RES1, we inadvertently end up setting all of the upper 32 bits to 1 as well because we defi

[PATCH 4.14 086/101] serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Nava kishore Manne commit 260683137ab5276113fc322fdbbc578024185fee upstream. This patch Correct the RX interrupt mask value to handle the RX interrupts properly. Fixes: c8dbdc842d30 ("serial:

[PATCH 4.14 087/101] media: vivid: free bitmap_cap when updating std/timings/etc.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 560ccb75c2caa6b1039dec1a53cd2ef526f5bf03 upstream. When vivid_update_format_cap() is called it should free any overlay bitmap since the compose size will change. Signed-of

[PATCH 4.14 084/101] netfilter: nf_conncount: dont skip eviction when age is negative

4.14-stable review patch. If anyone has any objections, please let me know. -- commit 4cd273bb91b3001f623f516ec726c49754571b1a upstream. (not in Linus's tree now, but in nf.git + linux-next.git already.) age is signed integer, so result can be negative when the timestamps have

[PATCH 4.9 19/71] tipc: fix a double kfree_skb()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit acb4a33e9856d5fa3384b87d3d8369229be06d31 ] tipc_udp_xmit() drops the packet on error, there is no need to drop it again. Fixes: ef20cd4dd163 ("tipc: introduce UDP r

[PATCH 4.9 18/71] sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 4a2eb0c37b4759416996fbb4c45b932500cf06d3 ] syzbot reported a kernel-infoleak, which is caused by an uninitialized field(sin6_flowinfo) of addr->a.v6 in sctp_inet6addr

[PATCH 4.9 10/71] ipv6: tunnels: fix two use-after-free

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit cbb49697d5512ce9e61b45ce75d3ee43d7ea5524 ] xfrm6_policy_check() might have re-allocated skb->head, we need to reload ipv6 header pointer. sysbot reported : BUG:

[PATCH 4.9 16/71] packet: validate address length

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 99137b7888f4058087895d035d81c6b2d31015c5 ] Packet sockets with SOCK_DGRAM may pass an address for use in dev_hard_header. Ensure that it is of sufficient leng

[PATCH 4.9 15/71] net/wan: fix a double free in x25_asy_open_tty()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit d5c7c745f254c6cb98b3b3f15fe789b8bd770c72 ] When x25_asy_open() fails, it already cleans up by itself, so its caller doesn't need to free the memory again. It seems

[PATCH 4.9 17/71] packet: validate address length if non-zero

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 6b8d95f1795c42161dc0984b6863e95d6acf24ed ] Validate packet socket address length if a length is given. Zero length is equivalent to not setting an address. F

[PATCH 4.9 14/71] netrom: fix locking in nr_find_socket()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 7314f5480f3e37e570104dc5e0f28823ef849e72 ] nr_find_socket(), nr_find_peer() and nr_find_listener() lock the sock after finding it in the global list. However, the ca

[PATCH 4.9 01/71] NFC: nxp-nci: Include unaligned.h instead of access_ok.h

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 2eee74b7e2a496dea49847c36fd09320505f45b7 upstream. Directly including access_ok.h can result in the following compile errors if an architecture such as ia64 does not suppor

[PATCH 4.9 12/71] net: ipv4: do not handle duplicate fragments as overlapping

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michal Kubecek [ Upstream commit ade446403bfb79d3528d56071a84b15351a139ad ] Since commit 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments.") IPv4 reassembly code drops the wh

[PATCH 4.9 08/71] ieee802154: lowpan_header_create check must check daddr

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 40c3ff6d5e0809505a067dd423c110c5658c478c ] Packet sockets may call dev_header_parse with NULL daddr. Make lowpan_header_ops.create fail. Fixes: 87a93e4eceb4

[PATCH 4.9 02/71] ip6mr: Fix potential Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 69d2c86766da2ded2b70281f1bf242cb0d58a778 ] vr.mifi is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre varia

[PATCH 4.9 07/71] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tyrel Datwyler [ Upstream commit 756af9c642329d54f048bac2a62f829b391f6944 ] Commit 33a48ab105a7 ("ibmveth: Fix DMA unmap error") fixed an issue in the normal code path of ibmveth_xmit_start() t

[PATCH 4.9 03/71] ipv4: Fix potential Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 5648451e30a0d13d11796574919a359025d52cce ] vr.vifi is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre varia

[PATCH 4.9 13/71] net: phy: Fix the issue that netif always links up after resuming

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kunihiko Hayashi [ Upstream commit 8742beb50f2db903d3b6d69ddd81d67ce9914453 ] Even though the link is down before entering hibernation, there is an issue that the network interface always links

[PATCH 4.9 09/71] ipv6: explicitly initialize udp6_addr in udp_sock_create6()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit fb24274546310872eeeaf3d1d53799d8414aa0f2 ] syzbot reported the use of uninitialized udp6_addr::sin6_scope_id. We can just set ::sin6_scope_id to zero, as tunnels are

[PATCH 4.9 06/71] ax25: fix a use-after-free in ax25_fillin_cb()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit c433570458e49bccea5c551df628d058b3526289 ] There are multiple issues here: 1. After freeing dev->ax25_ptr, we need to set it to NULL otherwise we may use a dangl

[PATCH 4.9 04/71] net: core: Fix Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit 50d5258634aee2e62832aa086d2fb0de00e72b91 ] flen is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant

[PATCH 4.9 05/71] phonet: af_phonet: Fix Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" [ Upstream commit d686026b1e6ed4ea27d630d8f54f9a694db088b2 ] protocol is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre vari

[PATCH 4.9 21/71] VSOCK: Send reset control packet when socket is partially bound

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jorgen Hansen [ Upstream commit a915b982d8f5e4295f64b8dd37ce753874867e88 ] If a server side socket is bound to an address, but not in the listening state yet, incoming connection requests shoul

[PATCH 4.9 30/71] ALSA: rme9652: Fix potential Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 0b84304ef5da92add8dc75a1b07879c5374cdb05 upstream. info->channel is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre vari

[PATCH 4.9 00/71] 4.9.149-stable review

This is the start of the stable review cycle for the 4.9.149 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 9 10:53:04 UTC 2019. Anything receiv

[PATCH 4.9 31/71] ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 5ae4f61f012a097df93de2285070ec8e34716d29 upstream. ipcm->substream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre va

[PATCH 4.9 33/71] ALSA: emux: Fix potential Spectre v1 vulnerabilities

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 4aea96f4237cea0c51a8bc87c0db31f0f932f1f0 upstream. info.mode and info.port are indirectly controlled by user-space, hence leading to a potential exploitation of the S

[PATCH 4.9 32/71] ALSA: pcm: Fix potential Spectre v1 vulnerability

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 94ffb030b6d31ec840bb811be455dd2e26a4f43e upstream. stream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 v

[PATCH 4.9 34/71] mtd: atmel-quadspi: disallow building on ebsa110

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 2a9d92fb3a1282a4659f1bb6d5684018846537b7 upstream. I ran into a link-time error with the atmel-quadspi driver on the EBSA110 platform: drivers/mtd/built-in.o: In function

[PATCH 4.9 37/71] USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Scott Chen commit 8d503f206c336677954160ac62f0c7d9c219cd89 upstream. Add device ids to pl2303 for the HP POS pole displays: LM920: 03f0:026b TD620: 03f0:0956 LD960TA: 03f0:4439 LD220TA: 03f

[PATCH 4.9 36/71] ALSA: hda/tegra: clear pending irq handlers

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Sameer Pujar commit 63d2a9ec310d8bcc955574220d4631aa55c1a80c upstream. Even after disabling interrupts on the module, it could be possible that irq handlers are still running. System hang is se

[PATCH 4.9 38/71] USB: serial: option: add Fibocom NL678 series

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jörgen Storvist commit 4b2c01ad902ec02fa962b233decd2f14be3714ba upstream. Added USB serial option driver support for Fibocom NL678 series cellular module: VID 2cb7 and PIDs 0x0104 and 0x0105. R

[PATCH 4.9 22/71] xen/netfront: tolerate frags with no data

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross [ Upstream commit d81c5054a5d1d4999c7cdead7636b6cd4af83d36 ] At least old Xen net backends seem to send frags with no real data sometimes. In case such a fragment happens to occur

[PATCH 4.9 39/71] usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai commit c85400f886e3d41e69966470879f635a2b50084c upstream. The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may be concurrently executed. The two functions both acc

[PATCH 4.9 35/71] ALSA: hda: add mute LED support for HP EliteBook 840 G4

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mantas Mikulėnas commit 40906ebe3af6a48457151b3c6726b480f6a6cb13 upstream. Tested with 4.19.9. v2: Changed from CXT_FIXUP_MUTE_LED_GPIO to CXT_FIXUP_HP_DOCK because that's what the existin

[PATCH 4.9 41/71] qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork commit 102cd909635612c0be784a519651954a7924c786 upstream. SIMCOM are reusing a single device ID for many (all of their?) different modems, based on different chipsets and firmwares.

[PATCH 4.9 40/71] staging: wilc1000: fix missing read_write setting when reading data

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit c58eef061dda7d843dcc0ad6fea7e597d4c377c0 upstream. Currently the cmd.read_write setting is not initialized so it contains garbage from the stack. Fix this by setting it t

[PATCH 4.9 42/71] Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Patrick Dreyer commit 7db54c89f0b30a101584e09d3729144e6170059d upstream. This adds ELAN0501 to the ACPI table to support Elan touchpad found in ASUS Aspire F5-573G. Signed-off-by: Patrick Drey

[PATCH 4.9 50/71] ext4: force inode writes when nfsd calls commit_metadata()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit fde872682e175743e0c3ef939c89e3c6008a1529 upstream. Some time back, nfsd switched from calling vfs_fsync() to using a new commit_metadata() hook in export_operations(). If

[PATCH 4.9 48/71] ext4: fix EXT4_IOC_GROUP_ADD ioctl

4.9-stable review patch. If anyone has any objections, please let me know. -- From: ruippan (潘睿) commit e647e29196b7f802f8242c39ecb7cc937f5ef217 upstream. Commit e2b911c53584 ("ext4: clean up feature test macros with predicate functions") broke the EXT4_IOC_GROUP_ADD ioctl. T

<    1   2   3   4   5   6   7   8   9   10   >