[PATCH 4.14 05/89] spi: pxa2xx: Add support for Intel Ice Lake

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mika Westerberg commit 22d71a5097ec7059b6cbbee678a4f88484695941 upstream. Intel Ice Lake SPI host controller follows the Intel Cannon Lake but the PCI IDs are different. Add the new PCI IDs

[PATCH 4.14 17/89] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Yannik Sembritzki commit ea93102f32244e3f45c8b26260be77ed0cc1d16c upstream. The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing

[PATCH 4.14 14/89] media: Revert "[media] tvp5150: fix pad format frame height"

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Javier Martinez Canillas commit 1831af092308aa5a59ae61e47494e441c8be6b93 upstream. This reverts commit 0866df8dffd514185bfab0d205db76e4c02cf1e4. The v4l uAPI documentation [0] makes clear

[PATCH 4.14 07/89] spi: cadence: Change usleep_range() to udelay(), for atomic context

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Janek Kotas commit 931c4e9a72ae91d59c5332ffb6812911a749da8e upstream. The path "spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()" added a usleep_range() function call, which

[PATCH 4.14 16/89] Replace magic for trusting the secondary keyring with #define

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Yannik Sembritzki commit 817aef260037f33ee0f44c17fe341323d3aebd6d upstream. Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a

[PATCH 4.14 19/89] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mahesh Salgaonkar commit cd813e1cd7122f2c261dce5b54d1e0c97f80e1a5 upstream. During Machine Check interrupt on pseries platform, register r3 points RTAS extended event log passed by

[PATCH 4.14 15/89] mailbox: xgene-slimpro: Fix potential NULL pointer dereference

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 3512a18cbd8d09e22a790540cb9624c3c49827ba upstream. There is a potential execution path in which function platform_get_resource() returns NULL. If this happens, we

[PATCH 4.14 03/89] 9p/net: Fix zero-copy path in the 9p virtio transport

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chirantan Ekbote commit d28c756caee6e414d9ba367d0b92da24145af2a8 upstream. The zero-copy optimization when reading or writing large chunks of data is quite useful. However, the 9p messages

[PATCH 4.14 13/89] libertas: fix suspend and resume for SDIO connected cards

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Mack commit 7444a8092906ed44c09459780c56ba57043e39b1 upstream. Prior to commit 573185cc7e64 ("mmc: core: Invoke sdio func driver's PM callbacks from the sdio bus"), the MMC core used

[PATCH 4.14 13/89] libertas: fix suspend and resume for SDIO connected cards

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Mack commit 7444a8092906ed44c09459780c56ba57043e39b1 upstream. Prior to commit 573185cc7e64 ("mmc: core: Invoke sdio func driver's PM callbacks from the sdio bus"), the MMC core used

[PATCH 4.14 01/89] net: 6lowpan: fix reserved space for single frames

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit ac74f87c789af40936a80131c4759f3e72579c3a upstream. This patch fixes patch add handling to take care tail and headroom for single 6lowpan frames. We need to be sure we

[PATCH 4.14 10/89] block: blk_init_allocated_queue() set q->fq as NULL in the fail case

4.14-stable review patch. If anyone has any objections, please let me know. -- From: xiao jin commit 54648cf1ec2d7f4b6a71767799c45676a138ca24 upstream. We find the memory use-after-free issue in __blk_drain_queue() on the kernel 4.14. After read the latest kernel 4.18-rc6 we

[PATCH 4.18 135/145] perf auxtrace: Fix queue resize

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Adrian Hunter commit 99cbbe56eb8bede625f410ab62ba34673ffa7d21 upstream. When the number of queues grows beyond 32, the array of queues is resized but not all members were being copied. Fix by

[PATCH 4.14 12/89] drm/i915/userptr: reject zero user_size

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Matthew Auld commit c11c7bfd213495784b22ef82a69b6489f8d0092f upstream. Operating on a zero sized GEM userptr object will lead to explosions. Fixes: 5cc9ed4b9a7a ("drm/i915: Introduce mapping

[PATCH 4.14 01/89] net: 6lowpan: fix reserved space for single frames

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit ac74f87c789af40936a80131c4759f3e72579c3a upstream. This patch fixes patch add handling to take care tail and headroom for single 6lowpan frames. We need to be sure we

[PATCH 4.14 10/89] block: blk_init_allocated_queue() set q->fq as NULL in the fail case

4.14-stable review patch. If anyone has any objections, please let me know. -- From: xiao jin commit 54648cf1ec2d7f4b6a71767799c45676a138ca24 upstream. We find the memory use-after-free issue in __blk_drain_queue() on the kernel 4.14. After read the latest kernel 4.18-rc6 we

[PATCH 4.18 135/145] perf auxtrace: Fix queue resize

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Adrian Hunter commit 99cbbe56eb8bede625f410ab62ba34673ffa7d21 upstream. When the number of queues grows beyond 32, the array of queues is resized but not all members were being copied. Fix by

[PATCH 4.14 12/89] drm/i915/userptr: reject zero user_size

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Matthew Auld commit c11c7bfd213495784b22ef82a69b6489f8d0092f upstream. Operating on a zero sized GEM userptr object will lead to explosions. Fixes: 5cc9ed4b9a7a ("drm/i915: Introduce mapping

[PATCH 4.18 128/145] getxattr: use correct xattr length

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Christian Brauner commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5 upstream. When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and

[PATCH 4.18 129/145] libnvdimm: Use max contiguous area for namespace size

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Keith Busch commit 12e3129e29b406c41bc89231092a20d79dbf802c upstream. This patch will find the max contiguous area to determine the largest pmem namespace size that can be created. If the

[PATCH 4.18 133/145] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eddie.Horng commit 355139a8dba446cc11a424cddbf7afebc3041ba1 upstream. The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities"),

[PATCH 4.18 126/145] udlfb: handle allocation failure

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 080fb5240bdcabed7387b814139c3ea172d59fc5 upstream. Allocations larger than PAGE_ALLOC_COSTLY_ORDER are unreliable and they may fail anytime. This patch fixes the udlfb

[PATCH 4.18 132/145] kconfig: fix "Cant open ..." in parallel build

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masahiro Yamada commit 98a4afbfafd226636cd6bb6a1208b3693daff2b1 upstream. If you run "make menuconfig" or "make nconfig" with -j option in a fresh source tree, you will see several "Can't

[PATCH 4.18 131/145] bcache: release dc->writeback_lock properly in bch_writeback_thread()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Shan Hai commit 3943b040f11ed0cc6d4585fd286a623ca8634547 upstream. The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing

[PATCH 4.18 128/145] getxattr: use correct xattr length

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Christian Brauner commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5 upstream. When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and

[PATCH 4.18 129/145] libnvdimm: Use max contiguous area for namespace size

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Keith Busch commit 12e3129e29b406c41bc89231092a20d79dbf802c upstream. This patch will find the max contiguous area to determine the largest pmem namespace size that can be created. If the

[PATCH 4.18 133/145] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Eddie.Horng commit 355139a8dba446cc11a424cddbf7afebc3041ba1 upstream. The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities"),

[PATCH 4.18 126/145] udlfb: handle allocation failure

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 080fb5240bdcabed7387b814139c3ea172d59fc5 upstream. Allocations larger than PAGE_ALLOC_COSTLY_ORDER are unreliable and they may fail anytime. This patch fixes the udlfb

[PATCH 4.18 132/145] kconfig: fix "Cant open ..." in parallel build

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Masahiro Yamada commit 98a4afbfafd226636cd6bb6a1208b3693daff2b1 upstream. If you run "make menuconfig" or "make nconfig" with -j option in a fresh source tree, you will see several "Can't

[PATCH 4.18 131/145] bcache: release dc->writeback_lock properly in bch_writeback_thread()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Shan Hai commit 3943b040f11ed0cc6d4585fd286a623ca8634547 upstream. The writeback thread would exit with a lock held when the cache device is detached via sysfs interface, fix it by releasing

[PATCH 4.18 144/145] cpuidle: menu: Retain tick when shallow state is selected

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Rafael J. Wysocki commit 757ab15c3f4968b5a29caf3fe8b67660ce84c3cd upstream. The case addressed by commit 5ef499cd571c (cpuidle: menu: Handle stopped tick more aggressively) in the stopped

[PATCH 4.18 144/145] cpuidle: menu: Retain tick when shallow state is selected

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Rafael J. Wysocki commit 757ab15c3f4968b5a29caf3fe8b67660ce84c3cd upstream. The case addressed by commit 5ef499cd571c (cpuidle: menu: Handle stopped tick more aggressively) in the stopped

[PATCH 4.18 143/145] udf: Fix mounting of Win7 created UDF filesystems

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit ee4af50ca94f58afc3532662779b9cf80bbe27c8 upstream. Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not

[PATCH 4.18 130/145] libnvdimm: fix ars_status output length calculation

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vishal Verma commit 286e87718103acdf85f4ed323a37e4839a8a7c05 upstream. Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional

[PATCH 4.18 145/145] arm64: mm: always enable CONFIG_HOLES_IN_ZONE

4.18-stable review patch. If anyone has any objections, please let me know. -- From: James Morse commit f52bb98f5aded4c43e52f5ce19fb83f7261e9e73 upstream. Commit 6d526ee26ccd ("arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA") only enabled HOLES_IN_ZONE for NUMA systems

[PATCH 4.18 143/145] udf: Fix mounting of Win7 created UDF filesystems

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit ee4af50ca94f58afc3532662779b9cf80bbe27c8 upstream. Win7 is creating UDF filesystems with single partition with number 8192. Current partition descriptor scanning code does not

[PATCH 4.18 130/145] libnvdimm: fix ars_status output length calculation

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vishal Verma commit 286e87718103acdf85f4ed323a37e4839a8a7c05 upstream. Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional

[PATCH 4.18 145/145] arm64: mm: always enable CONFIG_HOLES_IN_ZONE

4.18-stable review patch. If anyone has any objections, please let me know. -- From: James Morse commit f52bb98f5aded4c43e52f5ce19fb83f7261e9e73 upstream. Commit 6d526ee26ccd ("arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA") only enabled HOLES_IN_ZONE for NUMA systems

[PATCH 4.18 142/145] fs/quota: Fix spectre gadget in do_quotactl

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jeremy Cline commit 7b6924d94a60c6b8c1279ca003e8744e6cd9e8b1 upstream. 'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers

[PATCH 4.18 136/145] crypto: vmx - Fix sleep-in-atomic bugs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ondrej Mosnacek commit 0522236d4f9c5ab2e79889cb020d1acbe5da416e upstream. This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_*

[PATCH 4.18 136/145] crypto: vmx - Fix sleep-in-atomic bugs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ondrej Mosnacek commit 0522236d4f9c5ab2e79889cb020d1acbe5da416e upstream. This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_*

[PATCH 4.18 142/145] fs/quota: Fix spectre gadget in do_quotactl

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jeremy Cline commit 7b6924d94a60c6b8c1279ca003e8744e6cd9e8b1 upstream. 'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers

[PATCH 4.18 137/145] crypto: aesni - Use unaligned loads from gcm_context_data

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dave Watson commit e5b954e8d11fdde55eed35017370a3a0d8837754 upstream. A regression was reported bisecting to 1476db2d12 "Move HashKey computation from stack to gcm_context". That diff moved

[PATCH 4.18 138/145] crypto: arm64/sm4-ce - check for the right CPU feature bit

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit 7fa885e2a22fd0f91a2c23d9275f5021f618ff5a upstream. ARMv8.2 specifies special instructions for the SM3 cryptographic hash and the SM4 symmetric cipher. While it is

[PATCH 4.18 137/145] crypto: aesni - Use unaligned loads from gcm_context_data

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dave Watson commit e5b954e8d11fdde55eed35017370a3a0d8837754 upstream. A regression was reported bisecting to 1476db2d12 "Move HashKey computation from stack to gcm_context". That diff moved

[PATCH 4.18 138/145] crypto: arm64/sm4-ce - check for the right CPU feature bit

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit 7fa885e2a22fd0f91a2c23d9275f5021f618ff5a upstream. ARMv8.2 specifies special instructions for the SM3 cryptographic hash and the SM4 symmetric cipher. While it is

[PATCH 4.18 127/145] udlfb: set line_length in dlfb_ops_set_par

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 0ac319b7af1bb24a33365d0ec82a2f56a59b2a78 upstream. Set the variable "line_length" in the function dlfb_ops_set_par. Without this, we get garbage if we select different

[PATCH 4.18 093/145] KVM: VMX: fixes for vmentry_l1d_flush module parameter

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 upstream. Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach

[PATCH 4.18 127/145] udlfb: set line_length in dlfb_ops_set_par

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 0ac319b7af1bb24a33365d0ec82a2f56a59b2a78 upstream. Set the variable "line_length" in the function dlfb_ops_set_par. Without this, we get garbage if we select different

[PATCH 4.18 093/145] KVM: VMX: fixes for vmentry_l1d_flush module parameter

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 upstream. Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach

[PATCH 4.18 098/145] pnfs/blocklayout: off by one in bl_map_stripe()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0914bb965e38a055e9245637aed117efbe976e91 upstream. "dev->nr_children" is the number of children which were parsed successfully in bl_parse_stripe(). It could be all of

[PATCH 4.18 099/145] nfsd: fix leaked file lock with nfs exported overlayfs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Amir Goldstein commit 64bed6cbe38bc95689fb9399872d9ce250192f90 upstream. nfsd and lockd call vfs_lock_file() to lock/unlock the inode returned by locks_inode(file). Many places in nfsd/lockd

[PATCH 4.18 098/145] pnfs/blocklayout: off by one in bl_map_stripe()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0914bb965e38a055e9245637aed117efbe976e91 upstream. "dev->nr_children" is the number of children which were parsed successfully in bl_parse_stripe(). It could be all of

[PATCH 4.18 099/145] nfsd: fix leaked file lock with nfs exported overlayfs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Amir Goldstein commit 64bed6cbe38bc95689fb9399872d9ce250192f90 upstream. nfsd and lockd call vfs_lock_file() to lock/unlock the inode returned by locks_inode(file). Many places in nfsd/lockd

[PATCH 4.18 100/145] NFSv4 client live hangs after live data migration recovery

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Bill Baker commit 0f90be132cbf1537d87a6a8b9e80867adac892f6 upstream. After a live data migration event at the NFS server, the client may send I/O requests to the wrong server, causing a live

[PATCH 4.18 101/145] NFSv4: Fix locking in pnfs_generic_recover_commit_reqs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit d0fbb1d8a194c0ec0180c1d073ad709e45503a43 upstream. The use of the inode->i_lock was converted to a mutex, but we forgot to remove the old inode unlock/lock() pair that

[PATCH 4.18 100/145] NFSv4 client live hangs after live data migration recovery

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Bill Baker commit 0f90be132cbf1537d87a6a8b9e80867adac892f6 upstream. After a live data migration event at the NFS server, the client may send I/O requests to the wrong server, causing a live

[PATCH 4.18 101/145] NFSv4: Fix locking in pnfs_generic_recover_commit_reqs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit d0fbb1d8a194c0ec0180c1d073ad709e45503a43 upstream. The use of the inode->i_lock was converted to a mutex, but we forgot to remove the old inode unlock/lock() pair that

[PATCH 4.18 097/145] block, bfq: return nbytes and not zero from struct cftype .write() method

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Maciej S. Szmigiero commit fc8ebd01deeb12728c83381f6ec923e4a192ffd3 upstream. The value that struct cftype .write() method returns is then directly returned to userspace as the value returned

[PATCH 4.18 125/145] udlfb: make a local copy of fb_ops

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 2c29cfc3eaf11779176bf41475cfca49bccba11c upstream. The defio subsystem overwrites the method fb_osp->mmap. That method is stored in module's static data - and that

[PATCH 4.18 102/145] NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit 8618289c46556fd4dd259a1af02ccc448032f48d upstream. We must drop the lock before we can sleep in referring_call_exists(). Reported-by: Jia-Ju Bai Fixes: 045d2a6d076a

[PATCH 4.18 097/145] block, bfq: return nbytes and not zero from struct cftype .write() method

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Maciej S. Szmigiero commit fc8ebd01deeb12728c83381f6ec923e4a192ffd3 upstream. The value that struct cftype .write() method returns is then directly returned to userspace as the value returned

[PATCH 4.18 125/145] udlfb: make a local copy of fb_ops

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 2c29cfc3eaf11779176bf41475cfca49bccba11c upstream. The defio subsystem overwrites the method fb_osp->mmap. That method is stored in module's static data - and that

[PATCH 4.18 102/145] NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit 8618289c46556fd4dd259a1af02ccc448032f48d upstream. We must drop the lock before we can sleep in referring_call_exists(). Reported-by: Jia-Ju Bai Fixes: 045d2a6d076a

[PATCH 4.18 124/145] udlfb: set optimal write delay

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit bb24153a3f13dd0dbc1f8055ad97fe346d598f66 upstream. The default delay 5 jiffies is too much when the kernel is compiled with HZ=100 - it results in jumpy cursor in

[PATCH 4.18 124/145] udlfb: set optimal write delay

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit bb24153a3f13dd0dbc1f8055ad97fe346d598f66 upstream. The default delay 5 jiffies is too much when the kernel is compiled with HZ=100 - it results in jumpy cursor in

[PATCH 4.18 062/145] Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dexuan Cui commit 50229128727f7e11840ca1b2b501f880818d56b6 upstream. I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of

[PATCH 4.18 062/145] Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dexuan Cui commit 50229128727f7e11840ca1b2b501f880818d56b6 upstream. I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of

[PATCH 4.18 120/145] fb: fix lost console when the user unplugs a USB adapter

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8c5b044299951acd91e830a688dd920477ea1eda upstream. I have a USB display adapter using the udlfb driver and I use it on an ARM board that doesn't have any graphics card.

[PATCH 4.18 121/145] udlfb: fix semaphore value leak

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 9d0aa601e4cd9c0892f90d36e8488d79b72f4073 upstream. I observed that the performance of the udl fb driver degrades over time. On a freshly booted machine, it takes 6

[PATCH 4.18 120/145] fb: fix lost console when the user unplugs a USB adapter

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8c5b044299951acd91e830a688dd920477ea1eda upstream. I have a USB display adapter using the udlfb driver and I use it on an ARM board that doesn't have any graphics card.

[PATCH 4.18 121/145] udlfb: fix semaphore value leak

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 9d0aa601e4cd9c0892f90d36e8488d79b72f4073 upstream. I observed that the performance of the udl fb driver degrades over time. On a freshly booted machine, it takes 6

[PATCH 4.18 114/145] ubifs: Check data node size before truncate

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 95a22d2084d72ea067d8323cc85677dba5d97cae upstream. Check whether the size is within bounds before using it. If the size is not correct, abort and dump the bad data

[PATCH 4.18 122/145] udlfb: fix display corruption of the last line

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 4e705e17ce3409a1f492cfd5dadcf6a4f6075842 upstream. The displaylink hardware has such a peculiarity that it doesn't render a command until next command is received. This

[PATCH 4.18 116/145] ubifs: Fix directory size calculation for symlinks

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 00ee8b60102862f4daf0814d12a2ea2744fc0b9b upstream. We have to account the name of the symlink and not the target length. Fixes: ca7f85be8d6c ("ubifs: Add support

[PATCH 4.18 114/145] ubifs: Check data node size before truncate

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 95a22d2084d72ea067d8323cc85677dba5d97cae upstream. Check whether the size is within bounds before using it. If the size is not correct, abort and dump the bad data

[PATCH 4.18 122/145] udlfb: fix display corruption of the last line

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 4e705e17ce3409a1f492cfd5dadcf6a4f6075842 upstream. The displaylink hardware has such a peculiarity that it doesn't render a command until next command is received. This

[PATCH 4.18 116/145] ubifs: Fix directory size calculation for symlinks

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 00ee8b60102862f4daf0814d12a2ea2744fc0b9b upstream. We have to account the name of the symlink and not the target length. Fixes: ca7f85be8d6c ("ubifs: Add support

[PATCH 4.18 096/145] xtensa: increase ranges in ___invalidate_{i,d}cache_all

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit fec3259c9f747c039f90e99570540114c8d81a14 upstream. Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are

[PATCH 4.18 113/145] Revert "UBIFS: Fix potential integer overflow in allocation"

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 08acbdd6fd736b90f8d725da5a0de4de2dd6de62 upstream. This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes

[PATCH 4.18 117/145] ubifs: Fix synced_i_size calculation for xattr inodes

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 59965593205fa4044850d35ee3557cf0b7edcd14 upstream. In ubifs_jnl_update() we sync parent and child inodes to the flash, in case of xattrs, the parent inode (AKA host

[PATCH 4.18 118/145] pwm: tiehrpwm: Dont use emulation mode bits to control PWM output

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit aa49d628f6e016bcec8c6f8e704b9b18ee697329 upstream. As per AM335x TRM SPRUH73P "15.2.2.11 ePWM Behavior During Emulation", TBCTL[15:14] only have effect during emulation

[PATCH 4.18 119/145] pwm: tiehrpwm: Fix disabling of output of PWMs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit 38dabd91ff0bde33352ca3cc65ef515599b77a05 upstream. pwm-tiehrpwm driver disables PWM output by putting it in low output state via active AQCSFRC register in

[PATCH 4.18 096/145] xtensa: increase ranges in ___invalidate_{i,d}cache_all

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit fec3259c9f747c039f90e99570540114c8d81a14 upstream. Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are

[PATCH 4.18 113/145] Revert "UBIFS: Fix potential integer overflow in allocation"

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 08acbdd6fd736b90f8d725da5a0de4de2dd6de62 upstream. This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes

[PATCH 4.18 117/145] ubifs: Fix synced_i_size calculation for xattr inodes

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 59965593205fa4044850d35ee3557cf0b7edcd14 upstream. In ubifs_jnl_update() we sync parent and child inodes to the flash, in case of xattrs, the parent inode (AKA host

[PATCH 4.18 118/145] pwm: tiehrpwm: Dont use emulation mode bits to control PWM output

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit aa49d628f6e016bcec8c6f8e704b9b18ee697329 upstream. As per AM335x TRM SPRUH73P "15.2.2.11 ePWM Behavior During Emulation", TBCTL[15:14] only have effect during emulation

[PATCH 4.18 119/145] pwm: tiehrpwm: Fix disabling of output of PWMs

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Vignesh R commit 38dabd91ff0bde33352ca3cc65ef515599b77a05 upstream. pwm-tiehrpwm driver disables PWM output by putting it in low output state via active AQCSFRC register in

[PATCH 4.18 115/145] ubifs: xattr: Dont operate on deleted inodes

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52 upstream. xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in

[PATCH 4.18 115/145] ubifs: xattr: Dont operate on deleted inodes

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52 upstream. xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in

[PATCH 4.18 112/145] ubifs: Fix memory leak in lprobs self-check

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit eef19816ada3abd56d9f20c88794cc2fea83ebb2 upstream. Allocate the buffer after we return early. Otherwise memory is being leaked. Cc: Fixes: 1e51764a3c2a ("UBIFS:

[PATCH 4.18 112/145] ubifs: Fix memory leak in lprobs self-check

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit eef19816ada3abd56d9f20c88794cc2fea83ebb2 upstream. Allocate the buffer after we return early. Otherwise memory is being leaked. Cc: Fixes: 1e51764a3c2a ("UBIFS:

[PATCH 4.18 110/145] sys: dont hold uts_sem while accessing userspace memory

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream. Holding uts_sem as a writer while accessing userspace memory allows a namespace admin to stall all processes that attempt

[PATCH 4.18 095/145] xtensa: limit offsets in __loop_cache_{all,page}

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit be75de25251f7cf3e399ca1f584716a95510d24a upstream. When building kernel for xtensa cores with big cache lines (e.g. 128 bytes or more) __loop_cache_all and

[PATCH 4.18 107/145] iommu/ipmmu-vmsa: Dont register as BUS IOMMU if machine doesnt have IPMMU-VMSA

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Osipenko commit 5c5c87411488af3cd082221e567498d813d0fe83 upstream. This fixes kernel crashing on NVIDIA Tegra if kernel is compiled in a multiplatform configuration and IPMMU-VMSA

[PATCH 4.18 111/145] userns: move user access out of the mutex

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 5820f140edef111a9ea2ef414ab2428b8cb805b1 upstream. The old code would hold the userns_state_mutex indefinitely if memdup_user_nul stalled due to e.g. a userfault region.

[PATCH 4.18 109/145] iommu/vt-d: Fix dev iotlb pfsid use

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 1c48db44924298ad0cb5a6386b88017539be8822 upstream. PFSID should be used in the invalidation descriptor for flushing device IOTLBs on SRIOV VFs. Signed-off-by: Jacob Pan Cc:

[PATCH 4.18 108/145] iommu/vt-d: Add definitions for PFSID

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 0f725561e168485eff7277d683405c05b192f537 upstream. When SRIOV VF device IOTLB is invalidated, we need to provide the PF source ID such that IOMMU hardware can gauge the depth

[PATCH 4.18 109/145] iommu/vt-d: Fix dev iotlb pfsid use

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 1c48db44924298ad0cb5a6386b88017539be8822 upstream. PFSID should be used in the invalidation descriptor for flushing device IOTLBs on SRIOV VFs. Signed-off-by: Jacob Pan Cc:

[PATCH 4.18 108/145] iommu/vt-d: Add definitions for PFSID

4.18-stable review patch. If anyone has any objections, please let me know. -- From: Jacob Pan commit 0f725561e168485eff7277d683405c05b192f537 upstream. When SRIOV VF device IOTLB is invalidated, we need to provide the PF source ID such that IOMMU hardware can gauge the depth

<    3   4   5   6   7   8   9   10   11   12   >