[PATCH 4.14 002/165] vti6: fix PMTU caching and reporting on xmit

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eyal Birger [ Upstream commit d6990976af7c5d8f55903bfb4289b6fb030bf754 ] When setting the skb->dst before doing the MTU check, the route PMTU caching and reporting is done on the new dst

[PATCH 4.14 017/165] usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai [ Upstream commit f36b507c14c4b6e634463a610294e9cb0065c8ea ] The driver may sleep in an interrupt handler. The function call path (from bottom to top) in Linux-4.16.7 is: [FUNC]

[PATCH 4.14 002/165] vti6: fix PMTU caching and reporting on xmit

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eyal Birger [ Upstream commit d6990976af7c5d8f55903bfb4289b6fb030bf754 ] When setting the skb->dst before doing the MTU check, the route PMTU caching and reporting is done on the new dst

[PATCH 4.14 017/165] usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai [ Upstream commit f36b507c14c4b6e634463a610294e9cb0065c8ea ] The driver may sleep in an interrupt handler. The function call path (from bottom to top) in Linux-4.16.7 is: [FUNC]

[PATCH 4.14 016/165] usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai [ Upstream commit 0602088b10a7c0b4e044a810678ef93d7cc5bf48 ] The driver may sleep with holding a spinlock. The function call paths (from bottom to top) in Linux-4.16.7 are: [FUNC]

[PATCH 4.14 016/165] usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jia-Ju Bai [ Upstream commit 0602088b10a7c0b4e044a810678ef93d7cc5bf48 ] The driver may sleep with holding a spinlock. The function call paths (from bottom to top) in Linux-4.16.7 are: [FUNC]

[PATCH 4.14 001/165] crypto: vmx - Use skcipher for ctr fallback

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paulo Flabiano Smorigo commit e666d4e9ceec94c0a88c94b7db31d56474da43b3 upstream. Signed-off-by: Paulo Flabiano Smorigo Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman ---

[PATCH 4.14 001/165] crypto: vmx - Use skcipher for ctr fallback

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paulo Flabiano Smorigo commit e666d4e9ceec94c0a88c94b7db31d56474da43b3 upstream. Signed-off-by: Paulo Flabiano Smorigo Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman ---

[PATCH 4.14 015/165] nbd: handle unexpected replies better

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik [ Upstream commit 8f3ea35929a0806ad1397db99a89ffee0140822a ] If the server or network is misbehaving and we get an unexpected reply we can sometimes miss the request not being

[PATCH 4.14 014/165] nbd: dont requeue the same request twice.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik [ Upstream commit d7d94d48a272fd7583dc3c83acb8f5ed4ef456a4 ] We can race with the snd timeout and the per-request timeout and end up requeuing the same request twice. We can't

[PATCH 4.14 010/165] scsi: target: iscsi: cxgbit: fix max iso npdu calculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Varun Prakash [ Upstream commit 1b350ea0c2f4df9aa30426614c8eb755a8c32814 ] - rounddown CXGBIT_MAX_ISO_PAYLOAD by csk->emss before calculating max_iso_npdu to get max TCP payload in multiple

[PATCH 4.14 015/165] nbd: handle unexpected replies better

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik [ Upstream commit 8f3ea35929a0806ad1397db99a89ffee0140822a ] If the server or network is misbehaving and we get an unexpected reply we can sometimes miss the request not being

[PATCH 4.14 014/165] nbd: dont requeue the same request twice.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik [ Upstream commit d7d94d48a272fd7583dc3c83acb8f5ed4ef456a4 ] We can race with the snd timeout and the per-request timeout and end up requeuing the same request twice. We can't

[PATCH 4.14 010/165] scsi: target: iscsi: cxgbit: fix max iso npdu calculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Varun Prakash [ Upstream commit 1b350ea0c2f4df9aa30426614c8eb755a8c32814 ] - rounddown CXGBIT_MAX_ISO_PAYLOAD by csk->emss before calculating max_iso_npdu to get max TCP payload in multiple

[PATCH 4.9 103/107] PM / clk: signedness bug in of_pm_clk_add_clks()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 5e2e2f9f76e157063a656351728703cb02b068f1 upstream. "count" needs to be signed for the error handling to work. I made "i" signed as well so they match. Fixes:

[PATCH 4.9 102/107] clk: rockchip: fix clk_i2sout parent selection bits on rk3399

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alberto Panizzo commit a64ad008980c65d38e6cf6858429c78e6b740c41 upstream. Register, shift and mask were wrong according to datasheet. Fixes: 115510053e5e ("clk: rockchip: add clock controller

[PATCH 4.14 013/165] drm/imx: imx-ldb: check if channel is enabled before printing warning

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lucas Stach [ Upstream commit c80d673b91a6c81d765864e10f2b15110ee900ad ] If the second LVDS channel has been disabled in the DT when using dual-channel mode we should not print a warning.

[PATCH 4.9 094/107] s390/numa: move initial setup of node_to_cpumask_map

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Martin Schwidefsky commit fb7d7518b0d65955f91c7b875c36eae7694c69bd upstream. The numa_init_early initcall sets the node_to_cpumask_map[0] to the full cpu_possible_mask. Unfortunately this

[PATCH 4.9 097/107] MIPS: Correct the 64-bit DSP accumulator register size

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit f5958b4cf4fc38ed4583ab83fb7c4cd1ab05f47b upstream. Use the `unsigned long' rather than `__u32' type for DSP accumulator registers, like with the regular MIPS

[PATCH 4.9 101/107] iscsi target: fix session creation failure handling

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mike Christie commit 26abc916a898d34c5ad159315a2f683def3c upstream. The problem is that iscsi_login_zero_tsih_s1 sets conn->sess early in iscsi_login_set_conn_values. If the function fails

[PATCH 4.9 098/107] MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit 690d9163bf4b8563a2682e619f938e6a0443947f upstream. Some versions of GCC suboptimally generate calls to the __multi3() intrinsic for MIPS64r6 builds, resulting in link

[PATCH 4.9 102/107] clk: rockchip: fix clk_i2sout parent selection bits on rk3399

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alberto Panizzo commit a64ad008980c65d38e6cf6858429c78e6b740c41 upstream. Register, shift and mask were wrong according to datasheet. Fixes: 115510053e5e ("clk: rockchip: add clock controller

[PATCH 4.14 013/165] drm/imx: imx-ldb: check if channel is enabled before printing warning

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lucas Stach [ Upstream commit c80d673b91a6c81d765864e10f2b15110ee900ad ] If the second LVDS channel has been disabled in the DT when using dual-channel mode we should not print a warning.

[PATCH 4.9 094/107] s390/numa: move initial setup of node_to_cpumask_map

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Martin Schwidefsky commit fb7d7518b0d65955f91c7b875c36eae7694c69bd upstream. The numa_init_early initcall sets the node_to_cpumask_map[0] to the full cpu_possible_mask. Unfortunately this

[PATCH 4.9 097/107] MIPS: Correct the 64-bit DSP accumulator register size

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit f5958b4cf4fc38ed4583ab83fb7c4cd1ab05f47b upstream. Use the `unsigned long' rather than `__u32' type for DSP accumulator registers, like with the regular MIPS

[PATCH 4.9 101/107] iscsi target: fix session creation failure handling

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mike Christie commit 26abc916a898d34c5ad159315a2f683def3c upstream. The problem is that iscsi_login_zero_tsih_s1 sets conn->sess early in iscsi_login_set_conn_values. If the function fails

[PATCH 4.9 098/107] MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit 690d9163bf4b8563a2682e619f938e6a0443947f upstream. Some versions of GCC suboptimally generate calls to the __multi3() intrinsic for MIPS64r6 builds, resulting in link

[PATCH 4.9 103/107] PM / clk: signedness bug in of_pm_clk_add_clks()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 5e2e2f9f76e157063a656351728703cb02b068f1 upstream. "count" needs to be signed for the error handling to work. I made "i" signed as well so they match. Fixes:

[PATCH 4.14 012/165] drm/imx: imx-ldb: disable LDB on driver bind

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lucas Stach [ Upstream commit b58262396fabd43dc869b576e3defdd23b32fe94 ] The LVDS signal integrity is only guaranteed when the correct enable sequence (first IPU DI, then LDB) is used. If the

[PATCH 4.14 011/165] scsi: libiscsi: fix possible NULL pointer dereference in case of TMF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Varun Prakash [ Upstream commit a17037e7d59075053b522048742a08ac9500bde8 ] In iscsi_check_tmf_restrictions() task->hdr is dereferenced to print the opcode, it is possible that task->hdr is

[PATCH 4.14 012/165] drm/imx: imx-ldb: disable LDB on driver bind

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lucas Stach [ Upstream commit b58262396fabd43dc869b576e3defdd23b32fe94 ] The LVDS signal integrity is only guaranteed when the correct enable sequence (first IPU DI, then LDB) is used. If the

[PATCH 4.14 011/165] scsi: libiscsi: fix possible NULL pointer dereference in case of TMF

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Varun Prakash [ Upstream commit a17037e7d59075053b522048742a08ac9500bde8 ] In iscsi_check_tmf_restrictions() task->hdr is dereferenced to print the opcode, it is possible that task->hdr is

[PATCH 4.9 100/107] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 0ee223b2e1f67cb2de9c0e3247c510d846e74d63 upstream. A long time ago the unfortunate decision was taken to add a self-deletion attribute to the sysfs SCSI device

[PATCH 4.9 099/107] scsi: sysfs: Introduce sysfs_{un,}break_active_protection()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 upstream. Introduce these two functions and export them such that the next patch can add calls to these functions from the SCSI

[PATCH 4.9 100/107] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 0ee223b2e1f67cb2de9c0e3247c510d846e74d63 upstream. A long time ago the unfortunate decision was taken to add a self-deletion attribute to the sysfs SCSI device

[PATCH 4.9 099/107] scsi: sysfs: Introduce sysfs_{un,}break_active_protection()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 upstream. Introduce these two functions and export them such that the next patch can add calls to these functions from the SCSI

[PATCH 4.9 106/107] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Scott Bauer commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream. Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int

[PATCH 4.9 096/107] kprobes: Make list and blacklist root user read only

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit f2a3ab36077222437b4826fc76111caa14562b7c upstream. Since the blacklist and list files on debugfs indicates a sensitive address information to reader, it should be

[PATCH 4.9 106/107] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Scott Bauer commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream. Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int

[PATCH 4.9 096/107] kprobes: Make list and blacklist root user read only

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit f2a3ab36077222437b4826fc76111caa14562b7c upstream. Since the blacklist and list files on debugfs indicates a sensitive address information to reader, it should be

[PATCH 4.9 107/107] staging: android: ion: check for kref overflow

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Rosenberg This patch is against 4.9. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. 4c23cbff073f3b9b ("staging: android:

[PATCH 4.9 064/107] KVM: arm/arm64: Skip updating PTE entry if no change

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Punit Agrawal commit 976d34e2dab10ece5ea8fe7090b7692913f89084 upstream. When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of

[PATCH 4.9 107/107] staging: android: ion: check for kref overflow

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Rosenberg This patch is against 4.9. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. 4c23cbff073f3b9b ("staging: android:

[PATCH 4.9 064/107] KVM: arm/arm64: Skip updating PTE entry if no change

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Punit Agrawal commit 976d34e2dab10ece5ea8fe7090b7692913f89084 upstream. When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of

[PATCH 4.9 105/107] power: generic-adc-battery: check for duplicate properties copied from iio channels

4.9-stable review patch. If anyone has any objections, please let me know. -- From: H. Nikolaus Schaller commit a427503edaaed9b75ed9746a654cece7e93e60a8 upstream. If an iio channel defines a basic property, there are duplicate entries in /sys/class/power/*/uevent. So add a

[PATCH 4.9 104/107] power: generic-adc-battery: fix out-of-bounds write when copying channel properties

4.9-stable review patch. If anyone has any objections, please let me know. -- From: H. Nikolaus Schaller commit 932d47448c3caa0fa99e84d7f5bc302aa286efd8 upstream. We did have sporadic problems in the pinctrl framework during boot where a pin group name unexpectedly became

[PATCH 4.9 105/107] power: generic-adc-battery: check for duplicate properties copied from iio channels

4.9-stable review patch. If anyone has any objections, please let me know. -- From: H. Nikolaus Schaller commit a427503edaaed9b75ed9746a654cece7e93e60a8 upstream. If an iio channel defines a basic property, there are duplicate entries in /sys/class/power/*/uevent. So add a

[PATCH 4.9 104/107] power: generic-adc-battery: fix out-of-bounds write when copying channel properties

4.9-stable review patch. If anyone has any objections, please let me know. -- From: H. Nikolaus Schaller commit 932d47448c3caa0fa99e84d7f5bc302aa286efd8 upstream. We did have sporadic problems in the pinctrl framework during boot where a pin group name unexpectedly became

[PATCH 4.9 095/107] s390/pci: fix out of bounds access during irq setup

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Ott commit 866f3576a72b2233a76dffb80290f8086dc49e17 upstream. During interrupt setup we allocate interrupt vectors, walk the list of msi descriptors, and fill in the message data.

[PATCH 4.9 095/107] s390/pci: fix out of bounds access during irq setup

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Ott commit 866f3576a72b2233a76dffb80290f8086dc49e17 upstream. During interrupt setup we allocate interrupt vectors, walk the list of msi descriptors, and fill in the message data.

[PATCH 4.9 072/107] x86/kvm/vmx: Remove duplicate l1d flush definitions

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 94d7a86c21a3d6046bf4616272313cb7d525075a upstream. These are already defined higher up in the file. Fixes: 7db92e165ac8 ("x86/kvm: Move l1tf setup function")

[PATCH 4.9 073/107] fuse: Dont access pipe->buffers without pipe_lock()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Ryabinin commit a2477b0e67c52f4364a47c3ad70902bc2a61bd4c upstream. fuse_dev_splice_write() reads pipe->buffers to determine the size of 'bufs' array before taking the pipe_lock(). This

[PATCH 4.4 77/80] scsi: sysfs: Introduce sysfs_{un,}break_active_protection()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 upstream. Introduce these two functions and export them such that the next patch can add calls to these functions from the SCSI

[PATCH 4/4 next] net: lan78xx: Make declaration style consistent

This patch makes some declaration more consistent. Signed-off-by: Stefan Wahren --- drivers/net/usb/lan78xx.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index a6e88a4..143091a 100644 ---

[PATCH 4.9 072/107] x86/kvm/vmx: Remove duplicate l1d flush definitions

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 94d7a86c21a3d6046bf4616272313cb7d525075a upstream. These are already defined higher up in the file. Fixes: 7db92e165ac8 ("x86/kvm: Move l1tf setup function")

[PATCH 4.9 073/107] fuse: Dont access pipe->buffers without pipe_lock()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andrey Ryabinin commit a2477b0e67c52f4364a47c3ad70902bc2a61bd4c upstream. fuse_dev_splice_write() reads pipe->buffers to determine the size of 'bufs' array before taking the pipe_lock(). This

[PATCH 4.4 77/80] scsi: sysfs: Introduce sysfs_{un,}break_active_protection()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 upstream. Introduce these two functions and export them such that the next patch can add calls to these functions from the SCSI

[PATCH 4/4 next] net: lan78xx: Make declaration style consistent

This patch makes some declaration more consistent. Signed-off-by: Stefan Wahren --- drivers/net/usb/lan78xx.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index a6e88a4..143091a 100644 ---

[PATCH 4.9 002/107] xfrm: fix missing dst_release() after policy blocking lbcast and multicast

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tommi Rantala [ Upstream commit 8cc88773855f988d6a3bbf102bbd9dd9c828eb81 ] Fix missing dst_release() when local broadcast or multicast traffic is xfrm policy blocked. For IPv4 this results to

Re: [PATCH RFC LKMM 1/7] tools/memory-model: Add extra ordering for locks and remove it for ordinary release/acquire

Andrea, On Mon, Sep 03, 2018 at 11:01:53AM +0200, Andrea Parri wrote: > On Fri, Aug 31, 2018 at 08:28:46PM +0200, Andrea Parri wrote: > > > > Yes, it's true that implementing locks with atomic_cmpxchg_acquire > > > > should be correct on all existing architectures. And Paul has invited > > > >

[PATCH 4.9 002/107] xfrm: fix missing dst_release() after policy blocking lbcast and multicast

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Tommi Rantala [ Upstream commit 8cc88773855f988d6a3bbf102bbd9dd9c828eb81 ] Fix missing dst_release() when local broadcast or multicast traffic is xfrm policy blocked. For IPv4 this results to

Re: [PATCH RFC LKMM 1/7] tools/memory-model: Add extra ordering for locks and remove it for ordinary release/acquire

Andrea, On Mon, Sep 03, 2018 at 11:01:53AM +0200, Andrea Parri wrote: > On Fri, Aug 31, 2018 at 08:28:46PM +0200, Andrea Parri wrote: > > > > Yes, it's true that implementing locks with atomic_cmpxchg_acquire > > > > should be correct on all existing architectures. And Paul has invited > > > >

[PATCH 4.9 070/107] x86/process: Re-export start_thread()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Rian Hunter commit dc76803e57cc86589c4efcb5362918f9b0c0436f upstream. The consolidation of the start_thread() functions removed the export unintentionally. This breaks binfmt handlers built as

[PATCH 4.9 070/107] x86/process: Re-export start_thread()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Rian Hunter commit dc76803e57cc86589c4efcb5362918f9b0c0436f upstream. The consolidation of the start_thread() functions removed the export unintentionally. This breaks binfmt handlers built as

[PATCH 4.9 069/107] x86/speculation/l1tf: Suggest what to do on systems with too much RAM

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 6a012288d6906fee1dbc244050ade1dafe4a9c8d upstream. Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF

[PATCH 4.9 047/107] scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jim Gill [ Upstream commit e95153b64d03c2b6e8d62e51bdcc33fcad6e0856 ] Commands that are reset are returned with status SAM_STAT_COMMAND_TERMINATED. PVSCSI currently returns DID_OK |

[PATCH 4.9 069/107] x86/speculation/l1tf: Suggest what to do on systems with too much RAM

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 6a012288d6906fee1dbc244050ade1dafe4a9c8d upstream. Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF

[PATCH 4.9 047/107] scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jim Gill [ Upstream commit e95153b64d03c2b6e8d62e51bdcc33fcad6e0856 ] Commands that are reset are returned with status SAM_STAT_COMMAND_TERMINATED. PVSCSI currently returns DID_OK |

[PATCH 4.9 085/107] ASoC: dpcm: dont merge format from invalid codec dai

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jerome Brunet commit 4febced15ac8ddb9cf3e603edb111842e4863d9a upstream. When merging codec formats, dpcm_runtime_base_format() should skip the codecs which are not supporting the current

[PATCH 4.9 083/107] b43legacy/leds: Ensure NUL-termination of LED name string

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michael Buesch commit 4d77a89e3924b12f4a5628b21237e57ab4703866 upstream. strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by:

[PATCH 4.9 067/107] x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 9df9516940a61d29aedf4d91b483ca6597e7d480 upstream. On 32bit PAE kernels on 64bit hardware with enough physical bits, l1tf_pfn_limit() will overflow unsigned long. This

[PATCH 4.9 086/107] ASoC: sirf: Fix potential NULL pointer dereference

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit ae1c696a480c67c45fb23b35162183f72c6be0e1 upstream. There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we

[PATCH 4.9 093/107] s390/qdio: reset old sbal_state flags

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit 64e03ff72623b8c2ea89ca3cb660094e019ed4ae upstream. When allocating a new AOB fails, handle_outbound() is still capable of transmitting the selected buffer (just without

[PATCH 4.9 084/107] b43/leds: Ensure NUL-termination of LED name string

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michael Buesch commit 2aa650d1950fce94f696ebd7db30b8830c2c946f upstream. strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by:

[PATCH 4.9 085/107] ASoC: dpcm: dont merge format from invalid codec dai

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jerome Brunet commit 4febced15ac8ddb9cf3e603edb111842e4863d9a upstream. When merging codec formats, dpcm_runtime_base_format() should skip the codecs which are not supporting the current

[PATCH 4.9 083/107] b43legacy/leds: Ensure NUL-termination of LED name string

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michael Buesch commit 4d77a89e3924b12f4a5628b21237e57ab4703866 upstream. strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by:

[PATCH 4.9 067/107] x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit 9df9516940a61d29aedf4d91b483ca6597e7d480 upstream. On 32bit PAE kernels on 64bit hardware with enough physical bits, l1tf_pfn_limit() will overflow unsigned long. This

[PATCH 4.9 086/107] ASoC: sirf: Fix potential NULL pointer dereference

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit ae1c696a480c67c45fb23b35162183f72c6be0e1 upstream. There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we

[PATCH 4.9 093/107] s390/qdio: reset old sbal_state flags

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Julian Wiedmann commit 64e03ff72623b8c2ea89ca3cb660094e019ed4ae upstream. When allocating a new AOB fails, handle_outbound() is still capable of transmitting the selected buffer (just without

[PATCH 4.9 084/107] b43/leds: Ensure NUL-termination of LED name string

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Michael Buesch commit 2aa650d1950fce94f696ebd7db30b8830c2c946f upstream. strncpy might not NUL-terminate the string, if the name equals the buffer size. Use strlcpy instead. Signed-off-by:

[PATCH 4.9 090/107] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 upstream. On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited

[PATCH 4.9 091/107] x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit f12d11c5c184626b4befdee3d573ec8237405a33 upstream. Reset the KASAN shadow state of the task stack before rewinding RSP. Without this, a kernel oops will leave parts of the

[PATCH 4.9 089/107] x86/spectre: Add missing family 6 check to microcode check

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 1ab534e85c93945f7862378d8c8adcf408205b19 upstream. The check for Spectre microcodes does not check for family 6, only the model numbers. Add a family 6 check to avoid

[PATCH 4.9 092/107] s390: fix br_r1_trampoline for machines without exrl

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Martin Schwidefsky commit 26f843848bae973817b3587780ce6b7b0200d3e4 upstream. For machines without the exrl instruction the BFP jit generates code that uses an "br %r1" instruction located in

[PATCH 4.9 068/107] x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit b0a182f875689647b014bc01d36b340217792852 upstream. Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF

[PATCH 4.9 088/107] x86/irqflags: Mark native_restore_fl extern inline

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 1f59a4581b5ecfe9b4f049a7a2cf904d8352842d upstream. This should have been marked extern inline in order to pick up the out of line definition in

[PATCH 4.9 090/107] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 upstream. On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited

[PATCH 4.9 091/107] x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit f12d11c5c184626b4befdee3d573ec8237405a33 upstream. Reset the KASAN shadow state of the task stack before rewinding RSP. Without this, a kernel oops will leave parts of the

[PATCH 4.9 089/107] x86/spectre: Add missing family 6 check to microcode check

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 1ab534e85c93945f7862378d8c8adcf408205b19 upstream. The check for Spectre microcodes does not check for family 6, only the model numbers. Add a family 6 check to avoid

[PATCH 4.9 092/107] s390: fix br_r1_trampoline for machines without exrl

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Martin Schwidefsky commit 26f843848bae973817b3587780ce6b7b0200d3e4 upstream. For machines without the exrl instruction the BFP jit generates code that uses an "br %r1" instruction located in

[PATCH 4.9 068/107] x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vlastimil Babka commit b0a182f875689647b014bc01d36b340217792852 upstream. Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF

[PATCH 4.9 088/107] x86/irqflags: Mark native_restore_fl extern inline

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Nick Desaulniers commit 1f59a4581b5ecfe9b4f049a7a2cf904d8352842d upstream. This should have been marked extern inline in order to pick up the out of line definition in

[PATCH 4.9 079/107] fuse: Add missed unlock_page() to fuse_readpages_fill()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit 109728ccc5933151c68d1106e4065478a487a323 upstream. The above error path returns with page unlocked, so this place seems also to behave the same. Fixes: f8dbdf81821b

[PATCH 4.9 080/107] udl-kms: change down_interruptible to down

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8456b99c16d193c4c3b7df305cf431e027f0189c upstream. If we leave urbs around, it causes not only leak, but also memory corruption. This patch fixes the function

[PATCH 4.9 076/107] fuse: fix unlocked access to processing queue

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 45ff350bbd9d0f0977ff270a0d427c71520c0c37 upstream. fuse_dev_release() assumes that it's the only one referencing the fpq->processing list, but that's not true, since

[PATCH 4.9 077/107] fuse: umount should wait for all requests

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit b8f95e5d13f5f0191dcb4b9113113d241636e7cb upstream. fuse_abort_conn() does not guarantee that all async requests have actually finished aborting (i.e. their ->end()

[PATCH 4.9 079/107] fuse: Add missed unlock_page() to fuse_readpages_fill()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit 109728ccc5933151c68d1106e4065478a487a323 upstream. The above error path returns with page unlocked, so this place seems also to behave the same. Fixes: f8dbdf81821b

[PATCH 4.9 080/107] udl-kms: change down_interruptible to down

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8456b99c16d193c4c3b7df305cf431e027f0189c upstream. If we leave urbs around, it causes not only leak, but also memory corruption. This patch fixes the function

[PATCH 4.9 076/107] fuse: fix unlocked access to processing queue

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 45ff350bbd9d0f0977ff270a0d427c71520c0c37 upstream. fuse_dev_release() assumes that it's the only one referencing the fpq->processing list, but that's not true, since

[PATCH 4.9 077/107] fuse: umount should wait for all requests

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit b8f95e5d13f5f0191dcb4b9113113d241636e7cb upstream. fuse_abort_conn() does not guarantee that all async requests have actually finished aborting (i.e. their ->end()

<    6   7   8   9   10   11   12   13   14   15   >