[PATCH 3.16 162/254] can: gs_usb: fix return value of the "set_bittiming" callback

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Wolfgang Grandegger commit d5b42e6607661b198d8b26a0c30969605b1bf5c7 upstream. The "set_bittiming" callback treats a positive return value as error! For that reason "can_changelink()" will quit

[PATCH 3.16 073/254] lib/oid_registry.c: X.509: fix the buffer overflow in the utility function for OID string

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit afdb05e9d61905220f09268535235288e6ba3a16 upstream. The sprint_oid() utility function doesn't properly check the buffer size that it causes that the warning in vsnprintf() b

[PATCH 3.16 084/254] dmaengine: jz4740: disable/unprepare clk if probe fails

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Tobias Jordan commit eb9436966fdc84cebdf222952a99898ab46d9bb0 upstream. in error path of jz4740_dma_probe(), call clk_disable_unprepare() to clean up. Found by Linux Driver Verification proje

[PATCH 3.16 212/254] KVM/x86: Check input paging mode when cs.l is set

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Lan Tianyu commit f29810335965ac1f7bcb501ee2af5f039f792416 upstream. Reported by syzkaller: WARNING: CPU: 0 PID: 27962 at arch/x86/kvm/emulate.c:5631 x86_emulate_insn+0x557/0x15f0 [kvm]

[PATCH 3.16 158/254] e1000e: Fix e1000_check_for_copper_link_ich8lan return value.

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Benjamin Poirier commit 4110e02eb45ea447ec6f5459c9934de0a273fb91 upstream. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() are the two functions that may be assigned t

[PATCH 3.16 252/254] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Mentz commit a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a upstream. The 32-bit compat v4l2 ioctl handling is implemented based on its 64-bit equivalent. It converts 32-bit data structures i

[PATCH 3.16 067/254] can: ems_usb: cancel urb on -EPIPE and -EPROTO

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Martin Kelly commit bd352e1adfe0d02d3ea7c8e3fb19183dc317e679 upstream. In mcba_usb, we have observed that when you unplug the device, the driver will endlessly resubmit failing URBs, which can

[PATCH 3.2 021/140] ALSA: seq: Remove spurious WARN_ON() at timer check

3.2.100-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 43a3542870328601be02fcc9d27b09db467336ef upstream. The use of snd_BUG_ON() in ALSA sequencer timer may lead to a spurious WARN_ON() when a slave timer is deployed as its ba

[PATCH 3.16 251/254] media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit d83a8243aaefe62ace433e4384a4f077bed86acb upstream. Some ioctls need to copy back the result even if the ioctl returned an error. However, don't do this for the error code -

[PATCH 3.16 190/254] USB: fix usbmon BUG trigger

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Pete Zaitcev commit 46eb14a6e1585d99c1b9f58d0e7389082a5f466b upstream. Automated tests triggered this by opening usbmon and accessing the mmap while simultaneously resizing the buffers. This b

[PATCH 3.16 059/254] x86/PCI: Make broadcom_postcore_init() check acpi_disabled

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Rafael J. Wysocki" commit ddec3bdee05b06f1dda20ded003c3e10e4184cab upstream. acpi_os_get_root_pointer() may return a valid address even if acpi_disabled is set, but the host bridge informatio

[PATCH 3.16 005/254] KVM: x86: Don't re-execute instruction when not passing CR2 value

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Liran Alon commit 9b8ae63798cb97e785a667ff27e43fa6220cb734 upstream. In case of instruction-decode failure or emulation failure, x86_emulate_instruction() will call reexecute_instruction() whi

[PATCH 3.16 178/254] sh_eth: fix SH7757 GEther initialization

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 5133550296d43236439494aa955bfb765a89f615 upstream. Renesas SH7757 has 2 Fast and 2 Gigabit Ether controllers, while the 'sh_eth' driver can only reset and initialize TS

[PATCH 3.16 225/254] Input: trackpoint - assume 3 buttons when buttons detection fails

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Oscar Campos commit 293b915fd9bebf33cdc906516fb28d54649a25ac upstream. Trackpoint buttons detection fails on ThinkPad 570 and 470 series, this makes the middle button of the trackpoint to not

[PATCH 3.16 103/254] MIPS: ptrace: Prevent writes to read-only FCSR bits

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit abf378be49f38c4d3e23581d3df3fa9f1b1b11d2 upstream. Correct the cases missed with commit 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling") and prevent wri

[PATCH 3.16 019/254] drm/i915: Prevent zero length "index" write

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ville Syrjälä commit 56350fb8978bbf4aafe08f21234e161dd128b417 upstream. The hardware always writes one or two bytes in the index portion of an indexed transfer. Make sure the message we send a

[PATCH 3.16 004/254] KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Liran Alon commit 1f4dcb3b213235e642088709a1c54964d23365e9 upstream. On this case, handle_emulation_failure() fills kvm_run with internal-error information which it expects to be delivered to

[PATCH 3.16 106/254] mips/ptrace: Preserve previous registers for short regset write

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Dave Martin commit d614fd58a2834cfe4efa472c33c8f3ce2338b09b upstream. Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old regist

[PATCH 3.16 076/254] 509: fix printing uninitialized stack memory when OID is empty

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 upstream. Callers of sprint_oid() do not check its return value before printing the result. In the case where the OID is zero-leng

[PATCH 3.16 071/254] ASN.1: fix out-of-bounds read when parsing indefinite length item

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit e0058f3a874ebb48b25be7ff79bc3b4e59929f90 upstream. In asn1_ber_decoder(), indefinitely-sized ASN.1 items were being passed to the action functions before their lengths had

[PATCH 3.16 146/254] tracing: Fix possible double free on failure of allocating trace buffer

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (VMware)" commit 4397f04575c44e1440ec2e49b6302785c95fd2f8 upstream. Jing Xia and Chunyan Zhang reported that on failing to allocate part of the tracing buffer, memory is freed,

[PATCH v2] extcon: int3496: Ignore incorrect IoRestriction for ID pin

The commit 70216fd937fe ("extcon: int3496: Set the id pin to direction-input if necessary") introduced a workaround for incorrect IoRestriction mode in ACPI table. Now, when GPIO ACPI library does it in generic way, see the commit 1b2ca32ab0b8 ("gpiolib: acpi: Introduce NO_RESTRICTION quir

[PATCH 3.16 082/254] dmaengine: dmatest: warn user when dma test times out

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Adam Wallis commit a9df21e34b422f79d9a9fa5c3eff8c2a53491be6 upstream. Commit adfa543e7314 ("dmatest: don't use set_freezable_with_signal()") introduced a bug (that is in fact documented by the

[PATCH 3.2 025/140] ALSA: usb-audio: Fix out-of-bound error

3.2.100-rc1 review patch. If anyone has any objections, please let me know. -- From: Jaejoong Kim commit 251552a2b0d454badc8f486e6d79100970c744b0 upstream. The snd_usb_copy_string_desc() retrieves the usb string corresponding to the index number through the usb_string(). The p

[PATCH 3.16 204/254] futex: Prevent overflow by strengthen input validation

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Li Jinyue commit fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a upstream. UBSAN reports signed integer overflow in kernel/futex.c: UBSAN: Undefined behaviour in kernel/futex.c:2041:18 signed inte

[PATCH 3.16 160/254] mmc: s3mci: mark debug_regs[] as static

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 2bd7b4aacdb6efa5ccd4749c365c171b884791d2 upstream. The global array clashes with a newly added symbol of the same name: drivers/staging/ccree/cc_debugfs.o:(.data+0x0): mu

[PATCH 3.16 089/254] ext4: fix crash when a directory's i_size is too small

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Chandan Rajendra commit 9d5afec6b8bd46d6ed821aa1579634437f58ef1f upstream. On a ppc64 machine, when mounting a fuzzed ext2 image (generated by fsfuzzer) the following call trace is seen, VFS:

[PATCH 3.16 085/254] nl80211: fix nl80211_send_iface() error paths

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Berg commit 4564b187c16327045d87596e8980c65ba7b84c50 upstream. Evidently I introduced a locking bug in my change here, the nla_put_failure sometimes needs to unlock. Fix it. Fixes: 4

[PATCH 3.16 196/254] SolutionEngine771x: fix Ether platform data

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 195e2addbce09e5afbc766efc1e6567c9ce840d3 upstream. The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board

[PATCH 3.16 219/254] can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Marc Kleine-Budde commit 8cb68751c115d176ec851ca56ecfbb411568c9e8 upstream. If an invalid CAN frame is received, from a driver or from a tun interface, a Kernel warning is generated. This pat

[PATCH 3.16 206/254] mac80211_hwsim: validate number of different channels

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Berg commit 51a1aaa631c90223888d8beac4d649dc11d2ca55 upstream. When creating a new radio on the fly, hwsim allows this to be done with an arbitrary number of channels, but cfg80211 on

[PATCH 3.16 161/254] USB: serial: cp210x: add new device ID ELV ALC 8xxx

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Christian Holl commit d14ac576d10f865970bb1324d337e5e24d79aaf4 upstream. This adds the ELV ALC 8xxx Battery Charging device to the list of USB IDs of drivers/usb/serial/cp210x.c Signed-off-by

[PATCH 3.16 046/254] xhci: Don't show incorrect WARN message about events for empty rings

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit e4ec40ec4b260efcca15089de4285a0a3411259b upstream. xHC can generate two events for a short transfer if the short TRB and last TRB in the TD are not the same TRB. The driv

[PATCH 3.16 015/254] ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej S. Szmigiero" commit 695b78b548d8a26288f041e907ff17758df9e1d5 upstream. AC'97 ops (register read / write) need SSI regmap and clock, so they have to be set after them. We also need to

[PATCH 3.16 242/254] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 3ee6d040719ae09110e5cdf24d5386abe5d1b776 upstream. The result of the VIDIOC_PREPARE_BUF ioctl was never copied back to userspace since it was missing in the switch. Signed

[PATCH 3.16 125/254] xfrm: Reinject transport-mode packets through tasklet

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit acf568ee859f098279eadf551612f103afdacb4e upstream. This is an old bugbear of mine: https://www.mail-archive.com/netdev@vger.kernel.org/msg03894.html By crafting special pac

[PATCH 3.16 192/254] USB: Gadget core: fix inconsistency in the interface tousb_add_gadget_udc_release()

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit afd7fd81f22bf90474216515dbd6088f9bd70343 upstream. The usb_add_gadget_udc_release() routine in the USB gadget core will sometimes but not always call the gadget's release fun

[PATCH 3.16 107/254] MIPS: Factor out NT_PRFPREG regset access helpers

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit a03fe72572c12e98f4173f8a535f32468e48b6ec upstream. In preparation to fix a commit 72b22bbad1e7 ("MIPS: Don't assume 64-bit FP registers for FP regset") FCSR access r

Re: [PATCH v1] extcon: int3496: Ignore incorrect IoRestriction for ID pin

On Wed, 2018-02-28 at 16:01 +0100, Hans de Goede wrote: > Hi, > > On 26-02-18 20:34, Andy Shevchenko wrote: > > The commit 70216fd937fe introduced a workaround for incorrect > > IoRestriction mode in ACPI table. > > > > Now, when GPIO ACPI library does it in generic way, just set > > an appropria

[PATCH 3.16 057/254] net_sched: red: Avoid illegal values

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Nogah Frankel commit 8afa10cbe281b10371fee5a87ab266e48d71a7f9 upstream. Check the qmin & qmax values doesn't overflow for the given Wlog value. Check that qmin <= qmax. Fixes: a783474591f2 ("

[PATCH 3.16 233/254] mac80211_hwsim: fix compiler warning on MIPS

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Andrew Bresticker commit 5d26b50813ea6206a7bbab2e645e68044f101ac5 upstream. The dividend in do_div() is expected to be an unsigned 64-bit integer, which leads to the following warning when bui

[PATCH 3.16 132/254] usb: Add device quirk for Logitech HD Pro Webcam C925e

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Dmitry Fleytman Dmitry Fleytman commit 7f038d256c723dd390d2fca942919573995f4cfd upstream. Commit e0429362ab15 ("usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e") introduced qu

Re: [PATCH v4] mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems

Hi, On Wed, Feb 28, 2018 at 3:53 AM, Evgeniy Didin wrote: > In commit 9d9491a7da2a ("mmc: dw_mmc: Fix the DTO timeout calculation") and > commit 4c2357f57dd5 ("mmc: dw_mmc: Fix the CTO timeout calculation") > have been made changes which cause multiply overflow for 32-bit systems. > The broken ti

[PATCH 3.16 148/254] include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Denys Vlasenko commit 3876488444e71238e287459c39d7692b6f718c3e upstream. Suggested by Andy. Suggested-by: Andy Lutomirski Signed-off-by: Denys Vlasenko Acked-by: Linus Torvalds Cc: Alexei

Re: [PATCH v2 07/15] KVM: s390: Interfaces to configure/deconfigure guest's AP matrix

On 27/02/2018 15:28, Tony Krowiak wrote: Provides interfaces to assign AP adapters, usage domains and control domains to a KVM guest. A KVM guest is started by executing the Start Interpretive Execution (SIE) instruction. The SIE state description is a control block that contains the state infor

[PATCH 3.16 201/254] ALSA: pcm: Remove yet superfluous WARN_ON()

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 23b19b7b50fe1867da8d431eea9cd3e4b6328c2c upstream. muldiv32() contains a snd_BUG_ON() (which is morphed as WARN_ON() with debug option) for checking the case of 0 / 0. Thi

[PATCH 3.16 145/254] tracing: Fix crash when it fails to alloc ring buffer

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Jing Xia commit 24f2aaf952ee0b59f31c3a18b8b36c9e3d3c2cf5 upstream. Double free of the ring buffer happens when it fails to alloc new ring buffer instance for max_buffer if TRACER_MAX_TRACE is

[PATCH 3.16 093/254] MIPS: Clear [MSA]FPE CSR.Cause after notify_die()

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: James Hogan commit 64bedffe496820dbb6b53302d80dd0f04db33d8e upstream. When handling floating point exceptions (FPEs) and MSA FPEs the Cause bits of the appropriate control and status register

[PATCH] drm/sun4i: Handle DRM_BUS_FLAG_PIXDATA_*EDGE

Handle both positive and negative dclk polarity, according to bus_flags. Signed-off-by: Giulio Benetti --- drivers/gpu/drm/sun4i/sun4i_tcon.c | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sun4i/sun4i_tcon.c b/drivers/gpu/drm/sun4i/sun4i_tcon.c

[PATCH 3.16 027/254] serial: 8250_pci: Add Amazon PCI serial device ID

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Matt Wilson commit 3bfd1300abfe3adb18e84a89d97a0e82a22124bb upstream. This device will be used in future Amazon EC2 instances as the primary serial port (i.e., data sent to this port will be a

[PATCH 3.16 113/254] ALSA: rawmidi: Avoid racy info ioctl via ctl device

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit c1cfd9025cc394fd137a01159d74335c5ac978ce upstream. The rawmidi also allows to obtaining the information via ioctl of ctl API. It means that user can issue an ioctl to the

[PATCH 3.16 056/254] net_sched: red: Avoid devision by zero

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Nogah Frankel commit 5c472203421ab4f928aa1ae9e1dbcfdd80324148 upstream. Do not allow delta value to be zero since it is used as a divisor. Fixes: 8af2a218de38 ("sch_red: Adaptative RED AQM")

[PATCH 3.16 215/254] dm btree: fix serious bug in btree_split_beneath()

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Joe Thornber commit bc68d0a43560e950850fc69b58f0f8254b28f6d6 upstream. When inserting a new key/value pair into a btree we walk down the spine of btree nodes performing the following 2 operati

[PATCH 3.16 222/254] x86/mce: Make machine check speculation protected

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 6f41c34d69eb005e7848716bbcafc979b35037d5 upstream. The machine check idtentry uses an indirect branch directly from the low level code. This evades the speculation prote

[PATCH 3.16 176/254] ALSA: aloop: Fix inconsistent format due to incomplete rule

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit b088b53e20c7d09b5ab84c5688e609f478e5c417 upstream. The extra hw constraint rule for the formats the aloop driver introduced has a slight flaw, where it doesn't return a pos

[PATCH 3.16 240/254] media: v4l2-ioctl.c: don't copy back the result for -ENOTTY

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 181a4a2d5a0a7b43cab08a70710d727e7764ccdd upstream. If the ioctl returned -ENOTTY, then don't bother copying back the result as there is no point. Signed-off-by: Hans Verku

[PATCH 3.2 029/140] dm: fix various targets to dm_register_target after module __init resources created

3.2.100-rc1 review patch. If anyone has any objections, please let me know. -- From: "monty_pa...@sina.com" commit 7e6358d244e4706fe612a77b9c36519a33600ac0 upstream. A NULL pointer is seen if two concurrent "vgchange -ay -K " processes race to load the dm-thin-pool module: P

[PATCH 3.16 051/254] netfilter: xt_bpf: add overflow checks

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 6ab405114b0b229151ef06f4e31c7834dd09d0c0 upstream. Check whether inputs from userspace are too long (explicit length field too big or string not null-terminated) to avoid out-

[PATCH 3.16 237/254] [media] media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Tiffany Lin commit baf43c6eace43868e490f18560287fa3481b2159 upstream. In v4l2-compliance utility, test VIDIOC_CREATE_BUFS will check whether reserved filed of v4l2_create_buffers filled with z

[PATCH 3.16 221/254] cfg80211: fix station info handling bugs

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Berg commit 5762d7d3eda25c03cc2d9d45227be3f5ab6bec9e upstream. Fix two places where the structure isn't initialized to zero, and thus can't be filled properly by the driver. Fixes: 4

[PATCH 3.16 029/254] hv: kvp: Avoid reading past allocated blocks from KVP file

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Paul Meyer commit 297d6b6e56c2977fc504c61bbeeaa21296923f89 upstream. While reading in more than one block (50) of KVP records, the allocation goes per block, but the reads used the total numbe

[PATCH 3.16 207/254] cfg80211: check dev_set_name() return value

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Berg commit 59b179b48ce2a6076448a44531242ac2b3f6cef2 upstream. syzbot reported a warning from rfkill_alloc(), and after a while I think that the reason is that it was doing fault inje

[PATCH 3.16 200/254] 8021q: fix a memory leak for VLAN 0 device

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Cong Wang commit 78bbb15f2239bc8e663aa20bbe1987c91a0b75f6 upstream. A vlan device with vid 0 is allow to creat by not able to be fully cleaned up by unregister_vlan_dev() which checks for vlan

[PATCH 3.16 209/254] sctp: use the right sk after waking up from wait_buf sleep

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long commit cea0cc80a6777beb6eb643d4ad53690e1ad1d4ff upstream. Commit dfcb9f4f99f1 ("sctp: deny peeloff operation on asocs with threads sleeping on it") fixed the race between peeloff and

[PATCH 3.16 241/254] vb2: V4L2_BUF_FLAG_DONE is set after DQBUF

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ricardo Ribalda commit 3171cc2b4eb9831ab4df1d80d0410a945b8bc84e upstream. According to the doc, V4L2_BUF_FLAG_DONE is cleared after DQBUF: V4L2_BUF_FLAG_DONE 0x0004 ... After calling the

[PATCH 3.16 108/254] MIPS: Guard against any partial write attempt with PTRACE_SETREGSET

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit dc24d0edf33c3e15099688b6bbdf7bdc24bf6e91 upstream. Complement commit d614fd58a283 ("mips/ptrace: Preserve previous registers for short regset write") and ensure that

[PATCH 3.16 119/254] KVM: arm/arm64: Fix HYP unmapping going off limits

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit 7839c672e58bf62da8f2f0197fefb442c02ba1dd upstream. When we unmap the HYP memory, we try to be clever and unmap one PGD at a time. If we start with a non-PGD aligned address

[PATCH 3.16 248/254] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Mentz commit 025a26fa14f8fd55d50ab284a30c016a5be953d0 upstream. Commit b2787845fb91 ("V4L/DVB (5289): Add support for video output overlays.") added the field global_alpha to struct v4l

[PATCH 3.16 208/254] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd upstream. KVM doesn't follow the SMCCC when it comes to unimplemented calls, and inject an UNDEF instead of returning an error. Sin

[PATCH 3.16 164/254] usbip: remove kernel addresses from usb device and urb debug msgs

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit e1346fd87c71a1f61de1fe476ec8df1425ac931c upstream. usbip_dump_usb_device() and usbip_dump_urb() print kernel addresses. Remove kernel addresses from usb device and urb debug

[PATCH 3.16 138/254] iw_cxgb4: Only validate the MSN for successful completions

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Steve Wise commit f55688c45442bc863f40ad678c638785b26cdce6 upstream. If the RECV CQE is in error, ignore the MSN check. This was causing recvs that were flushed into the sw cq to be completed

[PATCH 3.16 239/254] adv7604: use correct drive strength defines

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil The prefix is ADV7604_, not ADV76XX. Fixes: f31b62e14a ("adv7604: add hdmi driver strength adjustment") Signed-off-by: Hans Verkuil Signed-off-by: Ben Hutchings --- drivers/med

Re: [PATCH 1/7] platform/x86: fujitsu-laptop: Define constants for FUNC operations

On Tue, Feb 27, 2018 at 11:15 PM, Michał Kępień wrote: > Various functions exposed by the firmware through the FUNC interface > tend to use a consistent set of integers for denoting the type of > operation to be performed for a specified feature. Use named constants > instead of integers in each

[PATCH 3.16 011/254] bcache: recover data from backing when data is clean

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Rui Hua commit e393aa2446150536929140739f09c6ecbcbea7f0 upstream. When we send a read request and hit the clean data in cache device, there is a situation called cache read race in bcache(see

[PATCH 3.16 086/254] ipv4: Use standard iovec primitive in raw_probe_proto_opt

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 32b5913a931fd753faf3d4e1124b2bc2edb364da upstream. The function raw_probe_proto_opt tries to extract the first two bytes from the user input in order to seed the IPsec lookup

[PATCH 3.16 104/254] MIPS: MSA: bugfix - disable MSA correctly for new threads/processes.

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ralf Baechle commit 9cc719ab3f4f639d629ac8ff09e9b998bc006f68 upstream. Due to the slightly odd way that new threads and processes start execution when scheduled for the very first time they we

[PATCH 3.16 110/254] MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit c8c5a3a24d395b14447a9a89d61586a913840a3b upstream. Complement commit c23b3d1a5311 ("MIPS: ptrace: Change GP regset to use correct core dump register layout") and als

[PATCH 3.16 061/254] efi: Move some sysfs files to be read-only by root

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman commit af97a77bc01ce49a466f9d4c0125479e2e2230b6 upstream. Thanks to the scripts/leaking_addresses.pl script, it was found that some EFI values should not be readable by non-

[PATCH 3.16 231/254] of: fdt: Fix return with value in void function

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings Commit 49e67dd17649 "of: fdt: add missing allocation-failure check" added a "return NULL" statement in __unflatten_device_tree(). When applied to the 3.16-stable branch, this int

[PATCH 3.16 170/254] mm/mprotect: add a cond_resched() inside change_pmd_range()

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Anshuman Khandual commit 4991c09c7c812dba13ea9be79a68b4565bb1fa4e upstream. While testing on a large CPU system, detected the following RCU stall many times over the span of the workload. Thi

[PATCH 3.16 099/254] MIPS: math-emu: Define IEEE 754-2008 feature control bits

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit f1f3b7ebac08161761c352fd070cfa07b7b94c54 upstream. Define IEEE 754-2008 feature control bits: FIR.HAS2008, FCSR.ABS2008 and FCSR.NAN2008, and update the `_ieee754_cs

[PATCH 3.16 234/254] blk-mq: fix race between timeout and freeing request

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 0048b4837affd153897ed183492070027aa9 upstream. Inside timeout handler, blk_mq_tag_to_rq() is called to retrieve the request from one tag. This way is obviously wrong becaus

[PATCH 3.16 249/254] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit a751be5b142ef6bcbbb96d9899516f4d9c8d0ef4 upstream. put_v4l2_window32() didn't copy back the clip list to userspace. Drivers can update the clip rectangles, so this should b

[PATCH 3.16 049/254] ALSA: usb-audio: Fix out-of-bound error

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Jaejoong Kim commit 251552a2b0d454badc8f486e6d79100970c744b0 upstream. The snd_usb_copy_string_desc() retrieves the usb string corresponding to the index number through the usb_string(). The p

[PATCH 3.2 057/140] staging: usbip: removed dead code from receive function

3.2.100-rc1 review patch. If anyone has any objections, please let me know. -- From: Bart Westgeest commit 5a08c5267e45fe936452051a8c126e8418984eb7 upstream. The usbip_xmit function supported sending and receiving data, however the sending part of the function was never used/e

[PATCH 3.16 163/254] ALSA: pcm: Add missing error checks in OSS emulation plugin builder

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 6708913750344a900f2e73bfe4a4d6dbbce4fe8d upstream. In the OSS emulation plugin builder where the frame size is parsed in the plugin chain, some places miss the possible err

[PATCH 3.16 135/254] net/mlx5: Stay in polling mode when command EQ destroy fails

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Moshe Shemesh commit a2fba188fd5eadd6061bef4f2f2577a43231ebf3 upstream. During unload, on mlx5_stop_eqs we move command interface from events mode to polling mode, but if command interface EQ

[PATCH 3.16 174/254] x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit b9e705ef7cfaf22db0daab91ad3cd33b0fa32eb9 upstream. Where an ALTERNATIVE is used in the middle of an inline asm block, this would otherwise lead to the following instruct

[PATCH 3.16 012/254] Input: elantech - add new icbody type 15

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Aaron Ma commit 10d900303f1c3a821eb0bef4e7b7ece16768fba4 upstream. The touchpad of Lenovo Thinkpad L480 reports it's version as 15. Signed-off-by: Aaron Ma Signed-off-by: Dmitry Torokhov Si

[PATCH 3.16 083/254] dmaengine: dmatest: move callback wait queue to thread context

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Adam Wallis commit 6f6a23a213be51728502b88741ba6a10cda2441d upstream. Commit adfa543e7314 ("dmatest: don't use set_freezable_with_signal()") introduced a bug (that is in fact documented by the

[PATCH 3.16 167/254] net: stmmac: enable EEE in MII, GMII or RGMII only

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Jerome Brunet commit 879626e3a52630316d817cbda7cec9a5446d1d82 upstream. Note in the databook - Section 4.4 - EEE : " The EEE feature is not supported when the MAC is configured to use the TBI,

[PATCH 3.16 072/254] ASN.1: check for error from ASN1_OP_END__ACT actions

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 81a7be2cd69b412ab6aeacfe5ebf1bb6e5bce955 upstream. asn1_ber_decoder() was ignoring errors from actions associated with the opcodes ASN1_OP_END_SEQ_ACT, ASN1_OP_END_SET_ACT,

[PATCH 3.16 045/254] virtio: release virtio index when fail to device_register

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: weiping zhang commit e60ea67bb60459b95a50a156296041a13e0e380e upstream. index can be reused by other virtio device. Signed-off-by: weiping zhang Reviewed-by: Cornelia Huck Signed-off-by: Mi

[PATCH 3.16 156/254] IB/ipoib: Fix race condition in neigh creation

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Erez Shitrit commit 16ba3defb8bd01a9464ba4820a487f5b196b455b upstream. When using enhanced mode for IPoIB, two threads may execute xmit in parallel to two different TX queues while the target

[PATCH 3.16 066/254] net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Tobias Jordan commit 589bf32f09852041fbd3b7ce1a9e703f95c230ba upstream. add appropriate calls to clk_disable_unprepare() by jumping to out_mdio in case orion_mdio_probe() returns -EPROBE_DEFER

[PATCH 3.16 111/254] powerpc/perf: Dereference BHRB entries safely

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Ravi Bangoria commit f41d84dddc66b164ac16acf3f584c276146f1c48 upstream. It's theoretically possible that branch instructions recorded in BHRB (Branch History Rolling Buffer) entries have alrea

[PATCH 3.16 116/254] USB: serial: option: add support for Telit ME910 PID 0x1101

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniele Palmas commit 08933099e6404f588f81c2050bfec7313e06eeaf upstream. This patch adds support for PID 0x1101 of Telit ME910. Signed-off-by: Daniele Palmas Signed-off-by: Johan Hovold Sig

[PATCH 3.16 184/254] sh_eth: fix TXALCR1 offsets

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov commit 50f3d740d376f664f6accc7e86c9afd8f1c7e1e4 upstream. The TXALCR1 offsets are incorrect in the register offset tables, most probably due to copy&paste error. Luckily, the

[PATCH 3.16 228/254] x86/microcode/intel: Extend BDW late-loading further with LLC size check

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Jia Zhang commit 7e702d17ed138cf4ae7c00e8c00681ed464587c7 upstream. Commit b94b73733171 ("x86/microcode/intel: Extend BDW late-loading with a revision check") reduced the impact of erratum BDF

[PATCH 3.16 074/254] X.509: reject invalid BIT STRING for subjectPublicKey

3.16.55-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 0f30cbea005bd3077bd98cd29277d7fc2699c1da upstream. Adding a specially crafted X.509 certificate whose subjectPublicKey ASN.1 value is zero-length caused x509_extract_key_da

<    4   5   6   7   8   9   10   11   12   13   >