[PATCH 4.4 029/131] serial: sprd: adjust TIMEOUT to a big value

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Wei Qiao commit e1dc9b08051a2c2e694edf48d1e704f07c7c143c upstream. SPRD_TIMEOUT was 256, which is too small to wait until the status switched to workable in a while loop, so that the earlycon c

[PATCH 4.4 030/131] Hang/soft lockup in d_invalidate with simultaneous calls

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 81be24d263dbeddaba35827036d6f6787a59c2c3 upstream. It's not hard to trigger a bunch of d_invalidate() on the same dentry in parallel. They end up fighting each other - any dentr

Re: [PATCH v3 2/4] x86/microcode: Fix __user annotations around generic_load_microcode()

On Fri, Mar 29, 2019 at 10:46:50PM +0100, Jann Horn wrote: > generic_load_microcode() deals with a pointer that can be either a kernel > pointer or a user pointer. Pass it around as a __user pointer so that it > can't be dereferenced accidentally while its address space is unknown. > Use explicit c

[PATCH 4.4 033/131] serial: sprd: clear timeout interrupt only rather than all interrupts

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Lanqing Liu commit 4350782570b919f254c1e083261a21c19fcaee90 upstream. On Spreadtrum's serial device, nearly all of interrupts would be cleared by hardware except timeout interrupt. This patch

[PATCH 4.4 036/131] rtc: Fix overflow when converting time64_t to rtc_time

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Baolin Wang commit 36d46cdb43efea74043e29e2a62b13e9aca31452 upstream. If we convert one large time values to rtc_time, in the original formula 'days * 86400' can be overflowed in 'unsigned int'

[PATCH 4.4 034/131] lib/int_sqrt: optimize small argument

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 3f3295709edea6268ff1609855f498035286af73 upstream. The current int_sqrt() computation is sub-optimal for the case of small @x. Which is the interesting case when we're go

[PATCH 4.4 038/131] Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Marcel Holtmann commit af3d5d1c87664a4f150fcf3534c6567cb19909b0 upstream. When doing option parsing for standard type values of 1, 2 or 4 octets, the value is converted directly into a variable

[PATCH 4.4 005/131] MIPS: Fix kernel crash for R6 in jump label branch function

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Archer Yan commit 47c25036b60f27b86ab44b66a8861bcf81cde39b upstream. Insert Branch instruction instead of NOP to make sure assembler don't patch code in forbidden slot. In jump label function,

[PATCH 4.4 037/131] ath10k: avoid possible string overflow

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 6707ba0105a2d350710bc0a537a98f49eb4b895d upstream. The way that 'strncat' is used here raised a warning in gcc-8: drivers/net/wireless/ath/ath10k/wmi.c: In function 'ath1

[PATCH 4.4 009/131] ext4: brelse all indirect buffer in ext4_ind_remove_space()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: zhangyi (F) commit 674a2b27234d1b7afcb0a9162e81b2e53aeef217 upstream. All indirect buffers get by ext4_find_shared() should be released no mater the branch should be freed or not. But now, we f

[PATCH 4.4 006/131] futex: Ensure that futex address is aligned in handle_futex_death()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Chen Jie commit 5a07168d8d89b00fe1760120714378175b3ef992 upstream. The futex code requires that the user space addresses of futexes are 32bit aligned. sys_futex() checks this in futex_get_keys(

[PATCH 4.4 007/131] ext4: fix NULL pointer dereference while journal is aborted

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jiufei Xue commit fa30dde38aa8628c73a6dded7cb0bba38c27b576 upstream. We see the following NULL pointer dereference while running xfstests generic/475: BUG: unable to handle kernel NULL pointer

[PATCH 4.4 010/131] mmc: tmio_mmc_core: dont claim spurious interrupts

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 5c27ff5db1491a947264d6d4e4cbe43ae6535bae upstream. I have encountered an interrupt storm during the eMMC chip probing (and the chip finally didn't get detected). It turn

[PATCH 4.4 051/131] net: diag: support v4mapped sockets in inet_diag_find_one_icsk()

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 7c1306723ee916ea9f1fa7d9e4c7a6d029ca7aaf ] Lorenzo reported that we could not properly find v4mapped sockets in inet_diag_find_one_icsk(). This patch fixes the issue. Reported-by: Lo

[PATCH 4.4 002/131] drm/vmwgfx: Dont double-free the mode stored in par->set_mode

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Zimmermann commit c2d311553855395764e2e5bf401d987ba65c2056 upstream. When calling vmw_fb_set_par(), the mode stored in par->set_mode gets free'd twice. The first free is in vmw_fb_kms_de

[PATCH 4.4 040/131] sched/fair: Fix new tasks load avg removed from source CPU in wake_up_new_task()

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 0905f04eb21fc1c2e690bed5d0418a061d56c225 ] If a newly created task is selected to go to a different CPU in fork balance when it wakes up the first time, its load averages should not b

[PATCH 4.4 056/131] coresight: release reference taken by bus_find_device()

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit f2dfab3568fc32afeac8b698481e80e7ab2dc658 ] The reference count taken by function bus_find_device() needs to be released if a child device is found, something this patch is adding. Re

[PATCH 4.4 054/131] coresight: fixing lockdep error

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit a9ddc71f5840c2711e530f2e055b278f79948b29 ] On some platform the following lockdep error occurs when doing simple manipulations: [ 23.197021] [ 23.198608]

[PATCH 4.4 052/131] Revert "mmc: block: dont use parameter prefix if built as module"

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit a5ebb87db84392edfd3142c3a6a78431d820a789 ] This reverts commit 829b6962f7e3cfc06f7c5c26269fd47ad48cf503. Revert this change as it causes a sysfs path to change and therefore introduc

[PATCH 4.4 053/131] writeback: initialize inode members that track writeback history

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 3d65ae4634ed8350aee98a4e6f4e41fe40c7d282 ] inode struct members that track cgroup writeback information should be reinitialized when inode gets allocated from kmem_cache. Otherwise, t

[PATCH 4.4 059/131] stm class: Fix link list locking

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit c74f7e8281add80bdfa0ad2998b8df287b13df73 ] Currently, the list of stm_sources linked to an stm device is protected by a spinlock, which also means that sources' .unlink() method is ca

[PATCH 4.4 057/131] coresight: remove csdevs link from topology

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit ad725aee070caf8fa93d84d6fb78321f9642db18 ] In function 'coresight_unregister()', all references to the csdev that is being taken away need to be removed from the topology. Otherwise

[PATCH 4.4 058/131] stm class: Fix locking in unbinding policy path

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4c127fd16e6b33ecb7badc091480c84ea9aebeb6 ] Right now, if stm device removal has to unbind from a policy (that is, an stm device that has STP policy, gets removed), it will trigger a n

[PATCH 4.4 061/131] stm class: Support devices with multiple instances

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 59be422e4ce10e3d49d4c9407a80fab8a9b7bc84 ] By convention, the name of the stm policy directory in configfs consists of the device name to which it applies and the actual policy name,

[PATCH 4.4 065/131] stm class: Fix a race in unlinking

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b4ca34aaf78ed0cdfc15956d377064104257a437 ] There is a window in stm_source_link_drop(), during which the source's link may change before locks are acquired. When this happens, it thro

[PATCH 4.4 066/131] coresight: "DEVICE_ATTR_RO" should defined as static.

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit bf16e5b8cdeabc1fe6565af0be475bb2084dc388 ] "DEVICE_ATTR_RO(name)" should be defined as static. And there is an unnecessary space at the front of the code. The sparse tool output logs

[PATCH 4.4 068/131] asm-generic: Fix local variable shadow in __set_fixmap_offset

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 3694bd76781b76c4f8d2ecd85018feeb1609f0e5 ] Currently __set_fixmap_offset is a macro function which has a local variable called 'addr'. If a caller passes a 'phys' parameter which is d

[PATCH 4.4 067/131] coresight: etm4x: Check every parameter used by dma_xx_coherent.

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 61390593f72377c3a8f41ef998462e2d3985adac ] The dma_alloc_coherent return an "void *" not an "void __iomen *". It uses the wrong parameters when calls dma_free_coherent function. The

[PATCH 4.4 072/131] staging: goldfish: audio: fix compiliation on arm

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4532150762ceb0d6fd765ebcb3ba6966fbb8faab ] We do actually need slab.h, by luck we get it on other platforms but not always on ARM. Include it properly. Signed-off-by: Greg Hackmann

[PATCH 4.4 042/131] arm64: fix COMPAT_SHMLBA definition for large pages

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b9b7aebb42d1b1392f3111de61136bb6cf3aae3f ] ARM glibc uses (4 * __getpagesize()) for SHMLBA, which is correct for 4KB pages and works fine for 64KB pages, but the kernel uses a hardcod

[PATCH 4.4 074/131] arm64/kernel: fix incorrect EL0 check in inv_entry macro

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b660950c60a7278f9d8deb7c32a162031207c758 ] The implementation of macro inv_entry refers to its 'el' argument without the required leading backslash, which results in an undefined symb

[PATCH 4.4 071/131] staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 1328d8efef17d5e16bd6e9cfe59130a833674534 ] In carveout heap, change minimum allocation order from 12 to PAGE_SHIFT. After this change each bit in bitmap (genalloc - General purpose sp

[PATCH 4.4 069/131] staging: ashmem: Avoid deadlock with mmap/shrink

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 18e77054de741ef3ed2a2489bc9bf82a318b2d5e ] Both ashmem_mmap and ashmem_shrink take the ashmem_lock. It may be possible for ashmem_mmap to invoke ashmem_shrink: -000|mutex_lock(lock =

[PATCH 4.4 073/131] ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 1b9bdf5c1661873a10e193b8cbb803a87fe5c4a1 ] The code enabled by the ARM_CPU_SUSPEND config option is used by kernel subsystems for purposes that go beyond system suspend so its config

[PATCH 4.4 070/131] staging: ashmem: Add missing include

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 90a2f171383b5ae43b33ab4d9d566b9765622ac7 ] Include into ashmem.h to ensure referenced types are defined Cc: Android Kernel Team Cc: Greg KH Signed-off-by: Rom Lemarchand [jstultz

[PATCH 4.4 077/131] arm64: kernel: Include _AC definition in page.h

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 812264550dcba6cdbe84bfac2f27e7d23b5b8733 ] page.h uses '_AC' in the definition of PAGE_SIZE, but doesn't include linux/const.h where this is defined. This produces build warnings when

[PATCH 4.4 043/131] efi: stub: define DISABLE_BRANCH_PROFILING for all architectures

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b523e185bba36164ca48a190f5468c140d815414 ] This moves the DISABLE_BRANCH_PROFILING define from the x86 specific to the general CFLAGS definition for the stub. This fixes build errors

[PATCH 4.4 044/131] ARM: 8458/1: bL_switcher: add GIC dependency

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 6c044fecdf78be3fda159a5036bb33700cdd5e59 ] It is not possible to build the bL_switcher code if the GIC driver is disabled, because it relies on calling into some gic specific interfac

[PATCH 4.4 045/131] ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit ad84f56bf6d620fe6ed4d57ce6ec9945684d7f35 ] The VMSA field of MMFR0 (bottom 4 bits) is incremented for each added feature. PXN is supported if the value is >= 4 and LPAE is supported

[PATCH 4.4 047/131] vmstat: make vmstat_updater deferrable again and shut down on idle

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 0eb77e9880321915322d42913c3b53241739c8aa ] Currently the vmstat updater is not deferrable as a result of commit ba4877b9ca51 ("vmstat: do not use deferrable delayed work for vmstat_up

[PATCH 4.4 048/131] hid-sensor-hub.c: fix wrong do_div() usage

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 8d43b49e7e0070f96ac46d30659a336c0224fa0b ] do_div() must only be used with a u64 dividend. Signed-off-by: Nicolas Pitre Signed-off-by: Sasha Levin --- drivers/hid/hid-sensor-hub.c

[PATCH 4.4 076/131] perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit dcb10a967ce82d5ad20570693091139ae716ff76 ] When ring buffer's AUX area is unmapped and rb->aux_mmap_count drops to zero, new AUX transactions into this buffer can still be started, ev

[PATCH 4.4 075/131] =?UTF-8?q?mac80211:=20fix=20"warning:=20=E2=80=98target=5Fmetric?= =?UTF-8?q?=E2=80=99=20may=20be=20used=20uninitialized"?=

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b4201cc4fc6e1c57d6d306b1f787865043d60129 ] This fixes: net/mac80211/mesh_hwmp.c:603:26: warning: ‘target_metric’ may be used uninitialized in this function target_metric is only co

[PATCH 4.4 039/131] Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Marcel Holtmann commit 7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 upstream. The function l2cap_get_conf_opt will return L2CAP_CONF_OPT_SIZE + opt->len as length value. The opt->len however is in

[PATCH 4.4 091/131] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas [ Upstream commit fae846e2b7124d4b076ef17791c73addf3b26350 ] The device ID alone does not uniquely identify a device. Test both the vendor and device ID to make sure we don't mis

[PATCH 4.4 092/131] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Paasch [ Upstream commit 398f0132c14754fcd03c1c4f8e7176d001ce8ea1 ] Since commit fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check") one can now allocate packet r

[PATCH 4.4 089/131] stmmac: copy unicast mac address to MAC registers

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit a830405ee452ddc4101c3c9334e6fedd42c6b357 ] Currently stmmac driver not copying the valid ethernet MAC address to MAC registers. This patch takes care of updating the MAC register with

[PATCH 4.4 090/131] dccp: do not use ipv6 header for ipv4 flow

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit e0aa67709f89d08c8d8e5bdd9e0b649df61d0090 ] When a dual stack dccp listener accepts an ipv4 flow, it should not attempt to use an ipv6 header or inet6_iif() helper

[PATCH v2] avia-hx711.yaml: transform DT binding to YAML

replace avia-hx711.txt by avia-hx711.yaml as yaml devicetree documentation for avia hx711 iio adc sensor Signed-off-by: Andreas Klinger --- .../devicetree/bindings/iio/adc/avia-hx711.txt | 24 .../devicetree/bindings/iio/adc/avia-hx711.yaml| 66 ++ 2 files ch

[PATCH 4.4 097/131] vxlan: Dont call gro_cells_destroy() before device is unregistered

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Zhiqiang Liu [ Upstream commit cc4807bb609230d8959fd732b0bf3bd4c2de8eac ] Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between receive and link delete") fixed a race condition for

[RFC PATCH 3/5] documention: leds: Add multicolor class documentation

Add the support documentation on the multicolor LED framework. This document defines the directores and file generated by the multicolor framework. It also documents usage. Signed-off-by: Dan Murphy --- Documentation/leds/leds-class-multicolor.txt | 99 1 file changed, 99 i

[PATCH 4.4 098/131] sctp: get sctphdr by offset in sctp_compute_cksum

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 273160ffc6b993c7c91627f5a84799c66dfe4dee ] sctp_hdr(skb) only works when skb->transport_header is set properly. But in Netfilter, skb->transport_header for ipv6 is n

[PATCH 4.4 081/131] ipv6: fix endianness error in icmpv6_err

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit dcb94b88c09ce82a80e188d49bcffdc83ba215a6 ] IPv6 ping socket error handler doesn't correctly convert the new 32 bit mtu to host endianness before using. Cc: Lorenzo Colitti Fixes: 6d

[PATCH 4.4 105/131] ALSA: seq: oss: Fix Spectre v1 vulnerability

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit c709f14f0616482b67f9fbcb965e1493a03ff30b upstream. dev is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vuln

[PATCH 4.4 099/131] mac8390: Fix mmio access size probe

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Finn Thain [ Upstream commit bb9e5c5bcd76f4474eac3baf643d7a39f7bac7bb ] The bug that Stan reported is as follows. After a restart, a 16-bit NIC may be incorrectly identified as a 32-bit NIC and

[PATCH 4.4 108/131] scsi: sd: Fix a race between closing an sd device and sd I/O

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit c14a57264399efd39514a2329c591a4b954246d8 upstream. The scsi_end_request() function calls scsi_cmd_to_driver() indirectly and hence needs the disk->private_data pointer. A

[PATCH 4.4 104/131] ALSA: rawmidi: Fix potential Spectre v1 vulnerability

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 2b1d9c8f87235f593826b9cf46ec10247741fff9 upstream. info->stream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre varia

[PATCH 4.4 106/131] ALSA: pcm: Fix possible OOB access in PCM oss plugins

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit ca0214ee2802dd47239a4e39fb21c5b00ef61b22 upstream. The PCM OSS emulation converts and transfers the data on the fly via "plugins". The data is converted over the dynamicall

[PATCH 4.4 107/131] ALSA: pcm: Dont suspend stream in unrecoverable PCM state

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 113ce08109f8e3b091399e7cc32486df1cff48e7 upstream. Currently PCM core sets each opened stream forcibly to SUSPENDED state via snd_pcm_suspend_all() call, and the user-space

[PATCH 4.4 100/131] btrfs: remove WARN_ON in log_dir_items

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik commit 2cc8334270e281815c3850c3adea363c51f21e0d upstream. When Filipe added the recursive directory logging stuff in 2f2ff0ee5e430 ("Btrfs: fix metadata inconsistencies after direct

[PATCH 4.4 102/131] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Kohji Okuno commit 91740fc8242b4f260cfa4d4536d8551804777fae upstream. In the current cpuidle implementation for i.MX6q, the CPU that sets 'WAIT_UNCLOCKED' and the CPU that returns to 'WAIT_CLOC

[PATCH 4.4 112/131] staging: vt6655: Remove vif check from vnt_interrupt

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream. A check for vif is made in vnt_interrupt_work. There is a small chance of leaving interrupt disabled while vif is NU

[PATCH 4.4 113/131] staging: vt6655: Fix interrupt race condition on device start up.

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit 3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream. It appears on some slower systems that the driver can find its way out of the workqueue while the interrupt is disabl

[PATCH 4.4 110/131] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit 242ec1455151267fe35a0834aa9038e4c4670884 upstream. Suppose more than one non-NPIV FCP device is active on the same channel. Send I/O to storage and have some of the pending

[PATCH 4.4 111/131] tty: atmel_serial: fix a potential NULL pointer dereference

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit c85be041065c0be8bc48eda4c45e0319caf1d0e5 upstream. In case dmaengine_prep_dma_cyclic fails, the fix returns a proper error code to avoid NULL pointer dereference. Signed-off-

[PATCH 4.4 116/131] USB: serial: cp210x: add new device id

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman commit a595ecdd5f60b2d93863cebb07eec7f935839b54 upstream. Lorenz Messtechnik has a device that is controlled by the cp210x driver, so add the device id to the driver. The de

[PATCH 4.4 115/131] serial: sh-sci: Fix setting SCSCR_TIE while transferring data

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Hoan Nguyen An commit 93bcefd4c6bad4c69dbc4edcd3fbf774b24d930d upstream. We disable transmission interrupt (clear SCSCR_TIE) after all data has been transmitted (if uart_circ_empty(xmit)). Whi

[PATCH 4.4 117/131] USB: serial: ftdi_sio: add additional NovaTech products

4.4-stable review patch. If anyone has any objections, please let me know. -- From: George McCollister commit 422c2537ba9d42320f8ab6573940269f87095320 upstream. Add PIDs for the NovaTech OrionLX+ and Orion I/O so they can be automatically detected. Signed-off-by: George McCol

[PATCH 4.4 123/131] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Axel Lin commit c5bc6e526d3f217ed2cc3681d256dc4a2af4cc2b upstream. Current code test wrong value so it does not verify if the written data is correctly read back. Fix it. Also make it return -E

[PATCH 4.4 122/131] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

4.4-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing commit 23da9588037ecdd4901db76a5b79a42b529c4ec3 upstream. Syzkaller reports: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] S

[PATCH 4.4 087/131] mmc: mmc: fix switch timeout issue caused by jiffies precision

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 987aa5f8059613bf85cbb6f64ffbd34f5cb7a9d1 ] with CONFIG_HZ=100, the precision of jiffies is 10ms, and the generic_cmd6_time of some card is also 10ms. then, may be current time is only

[PATCH 4.4 088/131] cfg80211: size various nl80211 messages correctly

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4ef8c1c93f848e360754f10eb2e7134c872b6597 ] Ilan reported that sometimes nl80211 messages weren't working if the frames being transported got very large, which was really a problem for

[PATCH 4.4 120/131] USB: serial: option: add Olicard 600

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork commit 84f3b43f7378b98b7e3096d5499de75183d4347c upstream. This is a Qualcomm based device with a QMI function on interface 4. It is mode switched from 2020:2030 using a standard ejec

[PATCH 4.4 118/131] USB: serial: mos7720: fix mos_parport refcount imbalance on error path

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Lin Yi commit 2908b076f5198d231de62713cb2b633a3a4b95ac upstream. The write_parport_reg_nonblock() helper takes a reference to the struct mos_parport, but failed to release it in a couple of err

[PATCH 4.4 085/131] video: fbdev: Set pixclock = 0 in goldfishfb

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit ace6033ec5c356615eaa3582fb1946e9eaff6662 ] User space Android code identifies pixclock == 0 as a sign for emulation and will set the frame rate to 60 fps when reading this value, whic

[PATCH 4.4 131/131] stm class: Hide STM-specific options if STM is disabled

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4a2e2b19f96acfc037a9773c7729d133ce1e7e3b ] If STM=n, it doesn't make sense to ask about STM_DUMMY and STM_SOURCE_CONSOLE support, which are not even built when enabled anyway. Hence h

general protection fault in refcount_sub_and_test_checked

Hello, syzbot found the following crash on: HEAD commit:35f861e3 net: bridge: use netif_is_bridge_port() git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=10a188ab20 kernel config: https://syzkaller.appspot.com/x/.config?x=8e9bc94c16d346a6 dashboard link

[PATCH 4.4 084/131] cpu/hotplug: Handle unbalanced hotplug enable/disable

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 01b41159066531cc8d664362ff0cd89dd137bbfa ] When cpu_hotplug_enable() is called unbalanced w/o a preceeding cpu_hotplug_disable() the code emits a warning, but happily decrements the d

[PATCH 4.4 079/131] stm class: Do not leak the chrdev in error path

4.4-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit cbe4a61d1ddc4790d950ca8c33ef79ee68ef5e2b ] Currently, the error path of stm_register_device() forgets to unregister the chrdev. Fix this. Reported-by: Alan Cox Signed-off-by: Alexan

[PATCH 4.4 126/131] KVM: Reject device ioctls from processes other than the VMs creator

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream. KVM's API requires thats ioctls must be issued from the same process that created the VM. In other words, userspac

[PATCH 4.4 121/131] Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Wentao Wang commit 3ec8002951ea173e24b466df1ea98c56b7920e63 upstream. Echo "" to /sys/module/kgdboc/parameters/kgdboc will fail with "No such device” error. This is caused by function "configu

[PATCH 4.4 127/131] xhci: Fix port resume done detection for SS ports with LPM enabled

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit 6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream. A suspended SS port in U3 link state will go to U0 when resumed, but can almost immediately after that enter U1 or U2 lin

[PATCH 4.4 125/131] x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit bebd024e4815b1a170fcd21ead9cb23ce9e6 upstream. The SMT disable 'nosmt' command line argument is not working properly when CONFIG_HOTPLUG_CPU is disabled. The teardown

[PATCH 3.18 05/50] ext4: brelse all indirect buffer in ext4_ind_remove_space()

3.18-stable review patch. If anyone has any objections, please let me know. -- From: zhangyi (F) commit 674a2b27234d1b7afcb0a9162e81b2e53aeef217 upstream. All indirect buffers get by ext4_find_shared() should be released no mater the branch should be freed or not. But now, we

[PATCH 3.18 04/50] ext4: fix data corruption caused by unaligned direct AIO

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Czerner commit 372a03e01853f860560eade508794dd274e9b390 upstream. Ext4 needs to serialize unaligned direct AIO because the zeroing of partial blocks of two competing unaligned AIOs can r

[PATCH 3.18 03/50] ext4: fix NULL pointer dereference while journal is aborted

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Jiufei Xue commit fa30dde38aa8628c73a6dded7cb0bba38c27b576 upstream. We see the following NULL pointer dereference while running xfstests generic/475: BUG: unable to handle kernel NULL pointer

[PATCH 3.18 06/50] mmc: tmio_mmc_core: dont claim spurious interrupts

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 5c27ff5db1491a947264d6d4e4cbe43ae6535bae upstream. I have encountered an interrupt storm during the eMMC chip probing (and the chip finally didn't get detected). It tur

[PATCH 3.18 18/50] staging: goldfish: audio: fix compiliation on arm

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4532150762ceb0d6fd765ebcb3ba6966fbb8faab ] We do actually need slab.h, by luck we get it on other platforms but not always on ARM. Include it properly. Signed-off-by: Greg Hackmann

[PATCH 3.18 07/50] media: v4l2-ctrls.c/uvc: zero v4l2_event

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit f45f3f753b0a3d739acda8e311b4f744d82dc52a upstream. Control events can leak kernel memory since they do not fully zero the event. The same code is present in both v4l2-ctrls

Re: [PATCH AUTOSEL 4.19 28/57] nvme-pci: fix conflicting p2p resource adds

On 3/29/2019 7:28 PM, Sasha Levin wrote: From: Keith Busch [ Upstream commit 9fe5c59ff6a1e5e26a39b75489a1420e7eaaf0b1 ] The nvme pci driver had been adding its CMB resource to the P2P DMA subsystem everytime on on a controller reset. This results in the following warning:

[PATCH 3.18 20/50] arm64/kernel: fix incorrect EL0 check in inv_entry macro

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit b660950c60a7278f9d8deb7c32a162031207c758 ] The implementation of macro inv_entry refers to its 'el' argument without the required leading backslash, which results in an undefined sym

[PATCH 3.18 21/50] arm64: kernel: Include _AC definition in page.h

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 812264550dcba6cdbe84bfac2f27e7d23b5b8733 ] page.h uses '_AC' in the definition of PAGE_SIZE, but doesn't include linux/const.h where this is defined. This produces build warnings whe

[PATCH 3.18 26/50] mmc: mmc: fix switch timeout issue caused by jiffies precision

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 987aa5f8059613bf85cbb6f64ffbd34f5cb7a9d1 ] with CONFIG_HZ=100, the precision of jiffies is 10ms, and the generic_cmd6_time of some card is also 10ms. then, may be current time is onl

[PATCH 3.18 10/50] mmc: block: Allow more than 8 partitions per card

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 382c55f88ffeb218c446bf0c46d0fc25d2795fe2 ] It is quite common for Android devices to utilize more then 8 partitions on internal eMMC storage. The vanilla kernel can support this via

[PATCH 3.18 29/50] mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas [ Upstream commit fae846e2b7124d4b076ef17791c73addf3b26350 ] The device ID alone does not uniquely identify a device. Test both the vendor and device ID to make sure we don't mi

[PATCH 3.18 24/50] video: fbdev: Set pixclock = 0 in goldfishfb

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit ace6033ec5c356615eaa3582fb1946e9eaff6662 ] User space Android code identifies pixclock == 0 as a sign for emulation and will set the frame rate to 60 fps when reading this value, whi

[PATCH 3.18 25/50] arm64: kconfig: drop CONFIG_RTC_LIB dependency

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 99a507771fa57238dc7ffe674ae06090333d02c9 ] The rtc-lib dependency is not required, and seems it was just copy-pasted from ARM's Kconfig. If platform requires rtc-lib, they should sel

[PATCH 3.18 27/50] cfg80211: size various nl80211 messages correctly

3.18-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 4ef8c1c93f848e360754f10eb2e7134c872b6597 ] Ilan reported that sometimes nl80211 messages weren't working if the frames being transported got very large, which was really a problem fo

[PATCH 3.18 30/50] net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Paasch [ Upstream commit 398f0132c14754fcd03c1c4f8e7176d001ce8ea1 ] Since commit fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check") one can now allocate packet

Re: [PATCH] fs/open: Fix most outstanding security bugs

On Mon, Apr 01, 2019 at 11:01:13AM +0200, Johannes Thumshirn wrote: > Over the last 20 years, the Linux kernel has accumulated hundreds if not > thousands of security vulnerabilities. > > One common pattern in most of these security related reports is processes > called "syzkaller", "trinity" or "

  1   2   3   4   5   6   7   8   9   10   >