Re: [PATCH] Documentation: fix common spelling mistakes

On 04/26/16 16:28, Kees Cook wrote: > This fixes several spelling mistakes in the Documentation/ tree, which > are caught by checkpatch.pl's spell checking. > > Signed-off-by: Kees Cook > --- > Documentation/ABI/obsolete/sysfs-driver-hid-roccat-savu | 4 ++-- > Documentation/ABI/testing

[PATCH 3.2 107/115] macvtap: always pass ethernet header in linear

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 8e2ad4113ce4671686740f808ff2795395c39eef ] The stack expects link layer headers in the skb linear section. Macvtap can create skbs with llheader in frags in e

[PATCH 3.2 086/115] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 068d8bd338e855286aea54e70d1c101569284b21 ] In sctp_close, sctp_make_abort_user may return NULL because of memory allocation failure. If this happens, it will bypass a

[PATCH 3.2 049/115] tracing: Fix crash from reading trace_pipe with sendfile

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (Red Hat)" commit a29054d9478d0435ab01b7544da4f674ab13f533 upstream. If tracing contains data and the trace_pipe file is read with sendfile(), then it can trigger a NULL pointer

[PATCH 3.16 005/217] PCI: imx6: Move link up check into imx6_pcie_wait_for_link()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Lucas Stach commit 4d107d3b5a686b5834e533a00b73bf7b1cf59df7 upstream. imx6_pcie_link_up() previously used usleep_range() to wait for the link to come up. Since it may be called while holding

[PATCH 3.2 093/115] net: dp83640: Fix tx timestamp overflow handling.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Manfred Rudigier [ Upstream commit 81e8f2e930fe76b9814c71b9d87c30760b5eb705 ] PHY status frames are not reliable, the PHY may not be able to send them during heavy receive traffic. This overflo

[PATCH 3.2 085/115] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Vijay Pandurangan [ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ] Packets that arrive from real hardware devices have ip_summed == CHECKSUM_UNNECESSARY if the hardware verified the

[PATCH 3.2 058/115] ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Joseph Qi commit be12b299a83fc807bbaccd2bcb8ec50cbb0cb55c upstream. When master handles convert request, it queues ast first and then returns status. This may happen that the ast is sent befor

[PATCH 3.2 040/115] x86/iopl: Fix iopl capability check on Xen PV

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit c29016cf41fe9fa994a5ecca607cf5f1cd98801e upstream. iopl(3) is supposed to work if iopl is already 3, even if unprivileged. This didn't work right on Xen PV. Fix it. Re

[PATCH 3.16 069/217] rt2x00: add new rt2800usb device Buffalo WLI-UC-G450

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Anthony Wong commit f36f299068794ffc5026f25b6a1b3ed615ea832d upstream. Add USB ID 0411:01fd for Buffalo WLI-UC-G450 wireless adapter, RT chipset 3593 Signed-off-by: Anthony Wong Acked-by: St

[PATCH 3.2 022/115] ipvs: correct initial offset of Call-ID header search in SIP persistence engine

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Marco Angaroni commit 7617a24f83b5d67f4dab1844956be1cebc44aec8 upstream. The IPVS SIP persistence engine is not able to parse the SIP header "Call-ID" when such header is inserted in the first

[PATCH 3.2 084/115] ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eryu Guan commit 5e1021f2b6dff1a86a468a1424d59faae2bc63c1 upstream. ext4_reserve_inode_write() in ext4_mark_inode_dirty() could fail on error (e.g. EIO) and iloc.bh can be NULL in this case. Bu

[PATCH 3.16 004/217] PCI: imx6: Remove broken Gen2 workaround

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Lucas Stach commit a77c5422d7586003643377afdb9915e76d07d21c upstream. Remove the remnants of the workaround for erratum ERR005184 which was never completely implemented. The checks alone don'

[PATCH 3.16 093/217] sctp: fix the transports round robin issue when init is retransmitted

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long commit 39d2adebf137de5f900843f69f5e500932e31047 upstream. prior to this patch, at the beginning if we have two paths in one assoc, they may have the same params other than the last_ti

[PATCH 3.2 090/115] phonet: properly unshare skbs in phonet_rcv()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 7aaed57c5c2890634cfadf725173c7c68ea4cb4f ] Ivaylo Dimitrov reported a regression caused by commit 7866a621043f ("dev: add per net_device packet type chains"). sk

[PATCH 3.2 089/115] tcp_yeah: don't set ssthresh below 2

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Neal Cardwell [ Upstream commit 83d15e70c4d8909d722c0d64747d8fb42e38a48f ] For tcp_yeah, use an ssthresh floor of 2, the same floor used by Reno and CUBIC, per RFC 5681 (equation 4). tcp_yeah_

[PATCH 3.2 094/115] ipv6/udp: use sticky pktinfo egress ifindex on connect()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Paolo Abeni [ Upstream commit 1cdda91871470f15e79375991bd2eddc6e86ddb1 ] Currently, the egress interface index specified via IPV6_PKTINFO is ignored by __ip6_datagram_connect(), so that RFC 354

[PATCH 3.2 067/115] sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Martin K. Petersen" commit f08bb1e0dbdd0297258d0b8cd4dbfcc057e57b2a upstream. During revalidate we check whether device capacity has changed before we decide whether to output disk information

[PATCH 3.2 088/115] bridge: Only call /sbin/bridge-stp for the initial network namespace

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Hannes Frederic Sowa [ Upstream commit ff62198553e43cdffa9d539f6165d3e83f8a42bc ] [I stole this patch from Eric Biederman. He wrote:] > There is no defined mechanism to pass network namespace

[PATCH 3.2 065/115] USB: cypress_m8: add endpoint sanity check

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754 upstream. An attack using missing endpoints exists. CVE-2016-3137 Signed-off-by: Oliver Neukum Signed-off-by: Johan Hovold Sign

[PATCH 3.2 053/115] rapidio/rionet: fix deadlock on SMP

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Aurelien Jacquiot commit 36915976eca58f2eefa040ba8f9939672564df61 upstream. Fix deadlocking during concurrent receive and transmit operations on SMP platforms caused by the use of incorrect loc

[PATCH 3.16 011/217] unbreak allmodconfig KCONFIG_ALLCONFIG=...

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit 6b87b70c5339f30e3c5b32085e69625906513dc2 upstream. Prior to 3.13 make allmodconfig KCONFIG_ALLCONFIG=/dev/null used to be equivalent to make allmodconfig; these days it

[PATCH 3.16 001/217] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 6f3508f61c814ee852c199988a62bd954c50dfc1 upstream. dct_sel_base_off is declared as a u64 but we're only using the lower 32 bits because of a shift wrapping bug. This can p

[PATCH 3.2 043/115] Input: synaptics - handle spurious release of trackstick buttons, again

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Benjamin Tissoires commit 82be788c96ed5978d3cb4a00079e26b981a3df3f upstream. Looks like the fimware 8.2 still has the extra buttons spurious release bug. Link: https://bugzilla.kernel.org/show

[PATCH 3.16 079/217] bcache: cleaned up error handling around register_cache()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Wheeler commit 9b299728ed777428b3908ac72ace5f8f84b97789 upstream. Fix null pointer dereference by changing register_cache() to return an int instead of being void. This allows it to retu

[PATCH 3.2 051/115] ethernet: micrel: fix some error codes

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 3af0d554c1ce11e9d0953381ff566271f9ab81a9 upstream. There were two issues here: 1) dma_mapping_error() return true/false but we want to return -ENOMEM 2) If dmaengine_prep_s

[PATCH] Documentation: fix common spelling mistakes

This fixes several spelling mistakes in the Documentation/ tree, which are caught by checkpatch.pl's spell checking. Signed-off-by: Kees Cook --- Documentation/ABI/obsolete/sysfs-driver-hid-roccat-savu | 4 ++-- Documentation/ABI/testing/sysfs-bus-event_source-devices-hv_24x7 | 2 +- Do

[PATCH 3.2 081/115] usbnet: cleanup after bind() in probe()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 1666984c8625b3db19a9abc298931d35ab7bc64b upstream. In case bind() works, but a later error forces bailing in probe() in error cases work and a timer may be scheduled. They

[PATCH 3.2 069/115] ALSA: timer: Use mod_timer() for rearming the system timer

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 4a07083ed613644c96c34a7dd2853dc5d7c70902 upstream. ALSA system timer backend stops the timer via del_timer() without sync and leaves del_timer_sync() at the close instead.

[PATCH 3.2 039/115] x86/iopl/64: Properly context-switch IOPL on Xen PV

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit b7a584598aea7ca73140cb87b40319944dd3393f upstream. On Xen PV, regs->flags doesn't reliably reflect IOPL and the exit-to-userspace code doesn't change IOPL. We need to co

[PATCH 3.2 105/115] ax25: add link layer header validation function

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit ea47781c26510e5d97f80f9aceafe9065bd5e3aa ] As variable length protocol, AX25 fails link layer header validation tests based on a minimum length. header_ops.va

[PATCH 3.16 039/217] mac80211: fix unnecessary frame drops in mesh fwding

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Michal Kazior commit cf44012810ccdd8fd947518e965cb04b7b8498be upstream. The ieee80211_queue_stopped() expects hw queue number but it was given raw WMM AC number instead. This could cause fram

[PATCH 3.2 102/115] sctp: lack the check for ports in sctp_v6_cmp_addr

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 40b4f0fd74e46c017814618d67ec9127ff20f157 ] As the member .cmp_addr of sctp_af_inet6, sctp_v6_cmp_addr should also check the port of addresses, just like sctp_v4_cmp_a

[PATCH 3.2 104/115] net: validate variable length ll headers

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 2793a23aacbd754dbbb5cb75093deb7e4103bace ] Netdevice parameter hard_header_len is variously interpreted both as an upper and lower bound on link layer header

[PATCH 3.2 045/115] USB: usb_driver_claim_interface: add sanity checking

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 0b818e3956fc1ad976bee791eadcbb3b5fec5bfd upstream. Attacks that trick drivers into passing a NULL pointer to usb_driver_claim_interface() using forged descriptors are known

[PATCH 3.2 106/115] sh_eth: fix NULL pointer dereference in sh_eth_ring_format()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov [ Upstream commit c1b7fca65070bfadca94dd53a4e6b71cd4f69715 ] In a low memory situation, if netdev_alloc_skb() fails on a first RX ring loop iteration in sh_eth_ring_format(), '

[PATCH 3.2 112/115] ipv6: Count in extension headers in skb->network_header

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Jakub Sitnicki [ Upstream commit 3ba3458fb9c050718b95275a3310b74415e767e2 ] When sending a UDPv6 message longer than MTU, account for the length of fragmentable IPv6 extension headers in skb->n

[PATCH 3.2 109/115] qlge: Fix receive packets drop.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Manish Chopra [ Upstream commit 2c9a266afefe137bff06bbe0fc48b4d3b3cb348c ] When running small packets [length < 256 bytes] traffic, packets were being dropped due to invalid data in those packe

[PATCH 3.16 083/217] drm/radeon: add a PX quirk list

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Alex Deucher commit 4807c5a8a0c87a210c36e3ad74c451a909d88588 upstream. Some PX laptops seems to have problems turning the dGPU on/off. Add a quirk list to disable runpm by default on those sys

[PATCH 3.16 042/217] mtd: onenand: fix deadlock in onenand_block_markbad

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen commit 5e64c29e98bfbba1b527b0a164f9493f3db9e8cb upstream. Commit 5942ddbc500d ("mtd: introduce mtd_block_markbad interface") incorrectly changed onenand_block_markbad() to call m

[PATCH 3.2 062/115] ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 902eb7fd1e4af3ac69b9b30f8373f118c92b9729 upstream. Just a minor code cleanup: unify the error paths. Signed-off-by: Takashi Iwai [bwh: Backported to 3.2: adjust context] S

[PATCH 3.2 023/115] x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas commit b894157145e4ac7598d7062bc93320898a5e059e upstream. The Home Agent and PCU PCI devices in Broadwell-EP have a non-BAR register where a BAR should be. We don't know what the

[PATCH 3.2 033/115] net: Fix use after free in the recvmmsg exit path

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnaldo Carvalho de Melo commit 34b88a68f26a75e4fded796f1a49c40f82234b7d upstream. The syzkaller fuzzer hit the following use-after-free: Call Trace: [] __asan_report_load8_noabort+0x3e/0

[PATCH 3.16 022/217] mtd: map: fix .set_vpp() documentation

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Linus Walleij commit 95a001f22b1c5717eafd500a43832249ddd93662 upstream. As of commit 876fe76d793d03077eb61ba3afab4a383f46c554 "mtd: maps: physmap: Add reference counter to set_vpp()" the comme

[PATCH 3.2 096/115] ipv4: fix memory leaks in ip_cmsg_send() callers

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 919483096bfe75dda338e98d56da91a263746a0a ] Dmitry reported memory leaks of IP options allocated in ip_cmsg_send() when/if this function returns an error. Callers

[PATCH 3.16 033/217] mei: fix possible integer overflow issue

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Tomas Winkler commit f862b6b24f0ffd954633a55f39251a6873b664ca upstream. There is a possible integer overflow following by a buffer overflow when accumulating messages coming from the FW to com

[PATCH 3.16 035/217] perf tools: Dont stop PMU parsing on alias parse error

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 940db6dcd3f4659303fdf6befe7416adc4d24118 upstream. When an error happens during alias parsing currently the complete parsing of all attributes of the PMU is stopped. This is

[PATCH 3.2 064/115] USB: mct_u232: add sanity checking in probe

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 4e9a0b05257f29cf4b75f3209243ed71614d062e upstream. An attack using the lack of sanity checking in probe is known. This patch checks for the existence of a second port. CVE

[PATCH 3.16 014/217] [media] xc2028: unlock on error in xc2028_set_config()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 210bd104c6acd31c3c6b8b075b3f12d4a9f6b60d upstream. We have to unlock before returning -ENOMEM. Fixes: 8dfbcc4351a0 ('[media] xc2028: avoid use after free') Signed-off-by

[PATCH 3.16 016/217] perf tools: handle spaces in file names obtained from /proc/pid/maps

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Marcin Ślusarz commit 89fee59b504f86925894fcc9ba79d5c933842f93 upstream. Steam frequently puts game binaries in folders with spaces. Note: "(deleted)" markers are now treated as part of the f

[PATCH 3.2 047/115] tracing: Have preempt(irqs)off trace preempt disabled functions

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (Red Hat)" commit cb86e05390debcc084cfdb0a71ed4c5dbbec517d upstream. Joel Fernandes reported that the function tracing of preempt disabled sections was not being reported when r

[PATCH 3.2 074/115] parisc: Avoid function pointers for kernel exception routines

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit e3893027a300927049efc1572f852201eb785142 upstream. We want to avoid the kernel module loader to create function pointers for the kernel fixup routines of get_user() and put_

[PATCH 3.16 040/217] mac80211: avoid excessive stack usage in sta_info

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 0ef049dc1167fe834d0ad5d63f89eddc5c70f6e4 upstream. When CONFIG_OPTIMIZE_INLINING is set, the sta_info_insert_finish function consumes more stack than normally, exceeding t

[PATCH 3.2 052/115] fs/coredump: prevent fsuid=0 dumps into user-controlled directories

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 378c6520e7d29280f400ef2ceaf155c86f05a71a upstream. This commit fixes the following security hole affecting systems where all of the following conditions are fulfilled: - The

[PATCH 3.16 030/217] [media] adv7511: TX_EDID_PRESENT is still 1 after a disconnect

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit b339a72e04a62f0b1882c43492fc712f1176b3e6 upstream. The V4L2_CID_TX_EDID_PRESENT control reports if an EDID is present. The adv7511 however still reported the EDID present a

[PATCH 3.2 077/115] netfilter: x_tables: validate e->target_offset early

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit bdf533de6968e9686df777dc178486f600c6e617 upstream. We should check that e->target_offset is sane before mark_source_chains gets called since it will fetch the target ent

[PATCH 3.2 101/115] net: jme: fix suspend/resume on JMC260

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Diego Viola [ Upstream commit ee50c130c82175eaa0820c96b6d3763928af2241 ] The JMC260 network card fails to suspend/resume because the call to jme_start_irq() was too early, moving the call to jm

[PATCH 3.2 066/115] USB: digi_acceleport: do sanity checking for the number of ports

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f upstream. The driver can be crashed with devices that expose crafted descriptors with too few endpoints. See: http://seclists.org/

[PATCH 3.16 013/217] [media] xc2028: avoid use after free

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 upstream. If struct xc2028_config is passed without a firmware name, the following trouble may happen: [11009.907205] xc2

[PATCH 3.16 112/217] gpiolib: Fix comment referring to gpio_*() in gpiod_*()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 1cfab8f8b397f7d95ad43f72ed9a1fa7d26e210e upstream. Fixes: 79a9becda8940deb ("gpiolib: export descriptor-based GPIO interface") Signed-off-by: Geert Uytterhoeven Sign

[PATCH 3.2 082/115] USB: usbip: fix potential out-of-bounds write

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Ignat Korchagin commit b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb upstream. Fix potential out-of-bounds write to urb->transfer_buffer usbip handles network communication directly in the kernel. W

[PATCH 3.2 035/115] ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 0f886ca12765d20124bd06291c82951fd49a33be upstream. create_fixed_stream_quirk() may cause a NULL-pointer dereference by accessing the non-existing endpoint when a USB device

[PATCH 3.16 065/217] KVM: i8254: change PIT discard tick policy

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Radim Krčmář commit 7dd0fdff145c5be7146d0ac06732ae3613412ac1 upstream. Discard policy uses ack_notifiers to prevent injection of PIT interrupts before EOI from the last one. This patch change

[PATCH 3.2 083/115] ipv4: Don't do expensive useless work during inetdev destroy.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" commit fbd40ea0180a2d328c5adc61414dc8bab9335ce2 upstream. When an inetdev is destroyed, every address assigned to the interface is removed. And in this scenerio we do two poi

[PATCH 3.2 029/115] dm snapshot: disallow the COW and origin devices from being identical

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: DingXiang commit 4df2bf466a9c9c92f40d27c4aa9120f4e8227bfc upstream. Otherwise loading a "snapshot" table using the same device for the origin and COW devices, e.g.: echo "0 20971520 snapshot 2

[PATCH 3.2 075/115] parisc: Fix kernel crash with reversed copy_from_user()

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Helge Deller commit ef72f3110d8b19f4c098a0bff7ed7d11945e70c6 upstream. The kernel module testcase (lib/test_user_copy.c) exhibited a kernel crash on parisc if the parameters for copy_from_user

[PATCH 3.2 079/115] x86: standardize mmap_rnd() usage

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 82168140bc4cec7ec9bad39705518541149ff8b7 upstream. In preparation for splitting out ET_DYN ASLR, this refactors the use of mmap_rnd() to be used similarly to arm, and extracts

[PATCH 3.2 098/115] sctp: Fix port hash table size computation

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Neil Horman [ Upstream commit d9749fb5942f51555dc9ce1ac0dbb1806960a975 ] Dmitry Vyukov noted recently that the sctp_port_hashtable had an error in its size computation, observing that the curre

[PATCH 3.2 021/115] sched/cputime: Fix steal time accounting vs. CPU hotplug

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit e9532e69b8d1d1284e8ecf8d2586de34aec61244 upstream. On CPU hotplug the steal time accounting can keep a stale rq->prev_steal_time value over CPU down and up. So after the

[PATCH 3.16 015/217] nbd: ratelimit error msgs after socket close

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Streetman commit da6ccaaa79caca4f38b540b651238f87215217a2 upstream. Make the "Attempted send on closed socket" error messages generated in nbd_request_handler() ratelimited. When the nbd

[PATCH 3.2 061/115] usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Yoshihiro Shimoda commit 6490865c67825277b29638e839850882600b48ec upstream. This patch adds a code to surely disable TX IRQ of the pipe before starting TX DMAC transfer. Otherwise, a lot of unn

[PATCH 3.16 081/217] x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas commit b894157145e4ac7598d7062bc93320898a5e059e upstream. The Home Agent and PCU PCI devices in Broadwell-EP have a non-BAR register where a BAR should be. We don't know what th

[PATCH 3.2 068/115] KVM: x86: Inject pending interrupt even if pending nmi exist

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Yuki Shibuya commit 321c5658c5e9192dea0d58ab67cf1791e45b2b26 upstream. Non maskable interrupts (NMI) are preferred to interrupts in current implementation. If a NMI is pending and NMI is blocke

[PATCH 3.2 024/115] be2iscsi: set the boot_kset pointer to NULL in case of failure

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Maurizio Lombardi commit 84bd64993f916bcf86270c67686ecf4cea7b8933 upstream. In beiscsi_setup_boot_info(), the boot_kset pointer should be set to NULL in case of failure otherwise an invalid poi

[PATCH 3.16 102/217] mlx4: add missing braces in verify_qp_parameters

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit baefd7015cdb304ce6c94f9679d0486c71954766 upstream. The implementation of QP paravirtualization back in linux-3.7 included some code that looks very dubious, and gcc-6 has

[PATCH 3.2 044/115] USB: iowarrior: fix oops with malicious USB descriptors

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Josh Boyer commit 4ec0ef3a82125efc36173062a50624550a900ae0 upstream. The iowarrior driver expects at least one valid endpoint. If given malicious descriptors that specify 0 for the number of e

[PATCH 3.16 043/217] PCI: Disable IO/MEM decoding for devices with non-compliant BARs

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjorn Helgaas commit b84106b4e2290c081cdab521fa832596cdfea246 upstream. The PCI config header (first 64 bytes of each device's config space) is defined by the PCI spec so generic software can

[PATCH 3.2 056/115] MAINTAINERS: Update mailing list and web page for hwmon subsystem

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 968ce1b1f45a7d76b5471b19bd035dbecc72f32d upstream. The old web page for the hwmon subsystem is no longer operational, and the mailing list has become unreliable. Move both

[PATCH 3.2 080/115] x86/mm/32: Enable full randomization on i386 and X86_32

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Hector Marco-Gisbert commit 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb upstream. Currently on i386 and on X86_64 when emulating X86_32 in legacy mode, only the stack and the executable are random

[PATCH 3.2 046/115] USB: cdc-acm: more sanity checking

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream. An attack has become available which pretends to be a quirky device circumventing normal sanity checks and crashes the ke

Re: [PATCH v4] mm: SLAB freelist randomization

On Tue, 26 Apr 2016 09:21:10 -0700 Thomas Garnier wrote: > Provides an optional config (CONFIG_FREELIST_RANDOM) to randomize the > SLAB freelist. The list is randomized during initialization of a new set > of pages. The order on different freelist sizes is pre-computed at boot > for performance.

[PATCH 3.2 031/115] rtc: vr41xx: Wire up alarm_irq_enable

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit a25f4a95ec3cded34c1250364eba704c5e4fdac4 upstream. drivers/rtc/rtc-vr41xx.c:229: warning: ‘vr41xx_rtc_alarm_irq_enable’ defined but not used Apparently the conversio

[PATCH 3.16 082/217] be2iscsi: set the boot_kset pointer to NULL in case of failure

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Maurizio Lombardi commit 84bd64993f916bcf86270c67686ecf4cea7b8933 upstream. In beiscsi_setup_boot_info(), the boot_kset pointer should be set to NULL in case of failure otherwise an invalid po

[PATCH 3.2 041/115] raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Nate Dailey commit ccfc7bf1f09d6190ef86693ddc761d5fe3fa47cb upstream. If raid1d is handling a mix of read and write errors, handle_read_error's call to freeze_array can get stuck. This can hap

[PATCH 3.2 087/115] connector: bump skb->users before callback invocation

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Westphal [ Upstream commit 55285bf09427c5abf43ee1d54e892f352092b1f1 ] Dmitry reports memleak with syskaller program. Problem is that connector bumps skb usecount but might not invoke ca

[PATCH 3.16 009/217] [media] media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Tiffany Lin commit 7df5ab8774aa383c6d2bff00688d004585d96dfd upstream. In v4l2-compliance utility, test QUERYBUF required correct length value to go through each planar to check planar's length

[PATCH 3.2 030/115] ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "Vittorio Gambaletta (VittGam)" commit 4061db03dd71d195b9973ee466f6ed32f6a3fc16 upstream. The clock measurement on the AC'97 audio card found in the IBM ThinkPad X41 will often fail, so add a q

[PATCH 3.2 103/115] cdc_ncm: toggle altsetting to force reset before setup

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork [ Upstream commit 48906f62c96cc2cd35753e59310cb70eb08cc6a5 ] Some devices will silently fail setup unless they are reset first. This is necessary even if the data interface is alread

[PATCH 3.16 007/217] ASoC: s3c24xx: use const snd_soc_component_driver pointer

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit ba4bc32eaa39ba7687f0958ae90eec94da613b46 upstream. An older patch to convert the API in the s3c i2s driver ended up passing a const pointer into a function that takes a no

[PATCH 3.16 002/217] crypto: ccp - Add hash state import and export support

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Tom Lendacky commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream. Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero") added a check to prevent ahash algorithms from succe

[PATCH 3.16 025/217] HID: core: do not scan reports if the group is already set

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Benjamin Tissoires commit 9578f41aeaee5010384f4f8484da1566e2ce4901 upstream. This allows the transport layer (I have in mind hid-logitech-dj and uhid) to set the group before it is added to th

[PATCH 3.2 110/115] xfrm: Fix crash observed during device unregistration and decryption

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "subas...@codeaurora.org" [ Upstream commit 071d36bf21bcc837be00cea55bcef8d129e7f609 ] A crash is observed when a decrypted packet is processed in receive path. get_rps_cpus() tries to derefere

[PATCH 3.16 122/217] USB: uas: Reduce can_queue to MAX_CMNDS

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans de Goede commit 55ff8cfbc4e12a7d2187df523938cc671fbebdd1 upstream. The uas driver can never queue more then MAX_CMNDS (- 1) tags and tags are shared between luns, so there is no need to c

[PATCH 3.16 114/217] vfs: show_vfsstat: do not ignore errors from show_devname method

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: "Dmitry V. Levin" commit 5f8d498d4364f544fee17125787a47553db02afa upstream. Explicitly check show_devname method return code and bail out in case of an error. This fixes regression introduced

[PATCH 3.16 163/217] KVM: x86: Inject pending interrupt even if pending nmi exist

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Yuki Shibuya commit 321c5658c5e9192dea0d58ab67cf1791e45b2b26 upstream. Non maskable interrupts (NMI) are preferred to interrupts in current implementation. If a NMI is pending and NMI is block

[PATCH 3.16 113/217] nfsd: fix deadlock secinfo+readdir compound

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: "J. Bruce Fields" commit 2f6fc056e899bd0144a08da5cacaecbe8997cd74 upstream. nfsd_lookup_dentry exits with the parent filehandle locked. fh_put also unlocks if necessary (nfsd filehandle locki

[PATCH 3.16 104/217] md: multipath: don't hardcopy bio in .make_request path

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit fafcde3ac1a418688a734365203a12483b83907a upstream. Inside multipath_make_request(), multipath maps the incoming bio into low level device's bio, but it is totally wrong to copy

[PATCH 3.16 120/217] x86/apic: Fix suspicious RCU usage in smp_trace_call_function_interrupt()

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Dave Jones commit 7834c10313fb823e538f2772be78edcdeed2e6e3 upstream. Since 4.4, I've been able to trigger this occasionally: === [ INFO: suspicious RCU usage. ] 4.

[PATCH 3.16 174/217] usb: dwc3: keystone: drop dma_mask configuration

3.16.35-rc1 review patch. If anyone has any objections, please let me know. -- From: Grygorii Strashko commit adf9a3ab90eb44e57f9dbf757acd897838b5ec21 upstream. The Keystone 2 supports DT-boot only, as result dma_mask will be always configured properly from DT - of_platform_de

[PATCH 3.2 016/115] nfsd4: fix bad bounds checking

3.2.80-rc1 review patch. If anyone has any objections, please let me know. -- From: "J. Bruce Fields" commit 4aed9c46afb80164401143aa0fdcfe3798baa9d5 upstream. A number of spots in the xdr decoding follow a pattern like n = be32_to_cpup(p++); READ_BUF(n + 4);

<    1   2   3   4   5   6   7   8   9   10   >