[PATCH 3.16 289/328] perf/ring_buffer: Prevent concurent ring buffer access

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jiri Olsa commit cd6fb677ce7e460c25bdd66f689734102ec7d642 upstream. Some of the scheduling tracepoints allow the perf_tp_event code to write to ring buffer under different cpu than the code

[PATCH 3.16 312/328] USB: fix the usbfs flag sanitization for control transfers

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream. Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via

[PATCH 3.16 314/328] RDMA/ucma: Fix Spectre v1 vulnerability

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" commit a3671a4f973ee9d9621d60166cc3b037c397d604 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 3.16 313/328] IB/ucm: Fix Spectre v1 vulnerability

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" commit 0295e39595e1146522f2722715dba7f7fba42217 upstream. hdr.cmd can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 3.16 300/328] proc: restrict kernel stack dumps to root

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 upstream. Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another

[PATCH 3.16 311/328] x86/percpu: Fix this_cpu_read()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit b59167ac7bafd804c91e49ad53c6d33a7394d4c8 upstream. Eric reported that a sequence count loop using this_cpu_read() got optimized out. This is wrong, this_cpu_read() must

[PATCH 3.16 309/328] net: make skb_partial_csum_set() more robust against overflows

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 52b5d6f5dcf0e5201392f7d417148ccb537dbf6f upstream. syzbot managed to crash in skb_checksum_help() [1] : BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); Root

Re: [PATCH v3] ARM: dts: Add support for Liebherr's BK4 device (vf610 based)

Hi Fabio, > Hi Fabio, > > > Hi Lukasz, > > > > On Thu, Dec 6, 2018 at 11:08 AM Lukasz Majewski > > wrote: > > > I will check this latter this week... > > > > Reading the spi dt-binding it states that the spi slave node is > > optional. > > > > If I remove it like this, then the warning

[PATCH 3.16 304/328] mach64: detect the dot clock divider correctly on sparc

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 76ebebd2464c5c8a4453c98b6dbf9c95a599e810 upstream. On Sun Ultra 5, it happens that the dot clock is not set up properly for some videomodes. For example, if we set the

[PATCH 3.16 315/328] usb: gadget: storage: Fix Spectre v1 vulnerability

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" commit 9ae24af3669111d418242caec8dd4ebd9ba26860 upstream. num can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 3.16 308/328] libertas: call into generic suspend code before turning off power

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Mack commit 4f75cdff0b986195413215eb062b7da6586f upstream. When powering down a SDIO connected card during suspend, make sure to call into the generic lbs_suspend() function before

[PATCH 3.16 310/328] net: ipv4: update fnhe_pmtu when first hop's MTU changes

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Sabrina Dubroca commit af7d6cce53694a88d6a1bb60c9a239a6a5144459 upstream. Since commit 5aad1de5ea2c ("ipv4: use separate genid for next hop exceptions"), exceptions get deprecated separately

[PATCH 3.16 326/328] mremap: properly flush TLB before releasing the page

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Linus Torvalds commit eb66ae030829605d61fbef1909ce310e29f78821 upstream. Jann Horn points out that our TLB flushing was subtly wrong for the mremap() case. What makes mremap() special is

[PATCH 3.16 301/328] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 58bc4c34d249bf1bc50730a9a209139347cfacfe upstream. 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the

[PATCH 3.16 328/328] cdrom: fix improper type cast, which can leat to information leak.

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Young_X commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 upstream. There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value

[PATCH 3.16 322/328] KEYS: encrypted: fix buffer overread in valid_master_desc()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream. With the 'encrypted' key type it was possible for userspace to provide a data blob ending with a master key description

[PATCH 3.16 292/328] drm: fb-helper: Reject all pixel format changing requests

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Eugeniy Paltsev commit db05c481977599236f12a85e55de9f5ab37b0a2c upstream. drm fbdev emulation doesn't support changing the pixel format at all, so reject all pixel format changing requests.

[PATCH 3.16 307/328] of: unittest: Disable interrupt node tests for old world MAC systems

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 8894891446c9380709451b99ab45c5c53adfd2fc upstream. On systems with OF_IMAP_OLDWORLD_MAC set in of_irq_workarounds, the devicetree interrupt parsing code is different,

[PATCH 3.16 306/328] dm cache: destroy migration_cache if cache target registration failed

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Shenghui Wang commit c7cd55504a5b0fc826a2cd9540845979d24ae542 upstream. Commit 7e6358d244e47 ("dm: fix various targets to dm_register_target after module __init resources created")

[PATCH 3.16 284/328] xhci: Add missing CAS workaround for Intel Sunrise Point xHCI

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit ffe84e01bb1b38c7eb9c6b6da127a6c136d251df upstream. The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel

[PATCH 3.16 324/328] posix-timers: Sanitize overrun handling

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 78c9c4dfbf8c04883941445a195276bb4bb92c76 upstream. The posix timer overrun handling is broken because the forwarding functions can return a huge number of overruns

[PATCH 3.16 295/328] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit 148b9aba99e0bbadf361747d21456e1589015f74 upstream. Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly

[PATCH 3.16 283/328] arm64: KVM: Tighten guest core register access from userspace

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dave Martin commit d26c25a9d19b5976b319af528886f89cf455692d upstream. We currently allow userspace to access the core register file in about any possible way, including straddling multiple

[PATCH 3.16 288/328] perf/core: Fix perf_pmu_unregister() locking

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit a9f9772114c8b07ae75bcb3654bd017461248095 upstream. When we unregister a PMU, we fail to serialize the @pmu_idr properly. Fix that by doing the entire thing under

[PATCH 3.16 035/328] drm/panel: type promotion bug in s6e8aa0_read_mtp_id()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit cd0e0ca69109d025b1a1b6609f70682db62138b0 upstream. The ARRAY_SIZE() macro is type size_t. If s6e8aa0_dcs_read() returns a negative error code, then "ret <

[PATCH 3.16 286/328] x86/vdso: Fix asm constraints on vDSO syscall fallbacks

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 715bd9d12f84d8f5cc8ad21d888f9bc304a8eb0b upstream. The syscall fallbacks in the vDSO have incorrect asm constraints. They are not marked as writing to their outputs --

[PATCH 3.16 303/328] mm: madvise(MADV_DODUMP): allow hugetlbfs pages

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Black commit d41aa5252394c065d1f04d1ceea885b70d00c9c6 upstream. Reproducer, assuming 2M of hugetlbfs available: Hugetlbfs mounted, size=2M and option user=testuser # mount | grep

[PATCH 3.16 319/328] net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: David Ahern commit 4ba4c566ba8448a05e6257e0b98a21f1a0d55315 upstream. The loop wants to skip previously dumped addresses, so loops until current index >= saved index. If the message fills it

[PATCH 3.16 272/328] asix: Check for supported Wake-on-LAN modes

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Fainelli commit c4ce446e33d7a0e978256ac6fea4c80e59d9de5f upstream. The driver currently silently accepts unsupported Wake-on-LAN modes (other than WAKE_PHY or WAKE_MAGIC) without

[PATCH 3.16 302/328] ocfs2: fix locking for res->tracking and dlm->tracking_list

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Ashish Samant commit cbe355f57c8074bc4f452e5b6e35509044c6fa23 upstream. In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This

[PATCH 3.16 144/328] netfilter: nft_set: fix allocation size overflow in privsize callback.

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Taehee Yoo commit 4ef360dd6a65f6ef337645e1b65e744034754b19 upstream. In order to determine allocation size of set, ->privsize is invoked. At this point, both desc->size and size of each data

[PATCH 3.16 207/328] usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit f9a5b4f58b280c1d26255376713c132f93837621 upstream. The steps taken by usb core to set a new interface is very different from what is done on the xHC host side. xHC

[PATCH 3.16 058/328] udlfb: fix semaphore value leak

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 9d0aa601e4cd9c0892f90d36e8488d79b72f4073 upstream. I observed that the performance of the udl fb driver degrades over time. On a freshly booted machine, it takes 6

[PATCH 3.16 114/328] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mahesh Salgaonkar commit 74e96bf44f430cf7a01de19ba6cf49b361cdfd6e upstream. The global mce data buffer that used to copy rtas error log is of 2048 (RTAS_ERROR_LOG_MAX) bytes in size. Before

[PATCH 3.16 109/328] btrfs: use correct compare function of dirty_metadata_bytes

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Ethan Lien commit d814a49198eafa6163698bdd93961302f3a877a4 upstream. We use customized, nodesize batch value to update dirty_metadata_bytes. We should also use batch version of compare

[PATCH 3.16 043/328] mtd: rawnand: mxc: remove __init qualifier from mxcnd_probe_dt

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Martin Kaiser commit 24f0ae995deb728076e3ea93fea1949a9775debf upstream. Using the sysfs unbind, bind nodes, mxcnd_probe and mxcnd_probe_dt can potentially be called at any time. After the

[PATCH 3.16 205/328] spi: rspi: Fix interrupted DMA transfers

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 8dbbaa47b96f6ea5f09f922b4e3c505cd8cf upstream. When interrupted, wait_event_interruptible_timeout() returns -ERESTARTSYS, and the SPI transfer in progress will

[PATCH 3.16 050/328] PCI: hotplug: Don't leak pci_slot on registration failure

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Lukas Wunner commit 4ce6435820d1f1cc2c2788e232735eb244bcc8a3 upstream. If addition of sysfs files fails on registration of a hotplug slot, the struct pci_slot as well as the entry in the

[PATCH 3.16 103/328] net: 6lowpan: fix reserved space for single frames

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit ac74f87c789af40936a80131c4759f3e72579c3a upstream. This patch fixes patch add handling to take care tail and headroom for single 6lowpan frames. We need to be sure we

[PATCH 3.16 041/328] s390/kvm: fix deadlock when killed by oom

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Claudio Imbrenda commit 306d6c49ac9ded4cb53b0925da52f2c2ada1 upstream. When the oom killer kills a userspace process in the page fault handler while in guest context, the fault handler

[PATCH 3.16 139/328] ubifs: Fix memory leak in lprobs self-check

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit eef19816ada3abd56d9f20c88794cc2fea83ebb2 upstream. Allocate the buffer after we return early. Otherwise memory is being leaked. Fixes: 1e51764a3c2a ("UBIFS: add new

[PATCH 3.16 088/328] udl-kms: fix crash due to uninitialized memory

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 09a00abe3a9941c2715ca83eb88172cd2f54d8fd upstream. We must use kzalloc when allocating the fb_deferred_io structure. Otherwise, the field first_io is undefined and it

[PATCH 3.16 052/328] PCI: pciehp: Fix unprotected list iteration in IRQ handler

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Lukas Wunner commit 1204e35bedf4e5015cda559ed8c84789a6dae24e upstream. Commit b440bde74f04 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device") iterates over the devices on

[PATCH 3.16 137/328] xtensa: increase ranges in ___invalidate_{i,d}cache_all

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit fec3259c9f747c039f90e99570540114c8d81a14 upstream. Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are

[PATCH 3.16 192/328] RDMA/cxgb4: Only call CQ completion handler if it is armed

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Steve Wise commit 678ea9b5baab6800692b249bdba77c3c07261d61 upstream. The function __flush_qp() always calls the ULP's CQ completion handler functions even if the CQ was not armed. This can

[PATCH 3.16 036/328] mei: bus: type promotion bug in mei_nfc_if_version()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit b40b3e9358fbafff6a4ba0f4b9658f6617146f9c upstream. We accidentally removed the check for negative returns without considering the issue of type promotion. The

[PATCH 3.16 204/328] spi: rspi: Fix leaking of unused DMA descriptors

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 3819bc8752367eae0d72fa1c473dc88ea45631a7 upstream. If dmaengine_prep_slave_sg() or dmaengine_submit() fail, we may leak unused DMA descriptors. As per

[PATCH 3.16 078/328] ALSA: virmidi: Fix too long output trigger loop

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 50e9ffb1996a5d11ff5040a266585bad4ceeca0a upstream. The virmidi output trigger tries to parse the all available bytes and process sequencer events as much as possible. In

[PATCH 3.16 130/328] fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: piaojun commit 3111784bee81591ea2815011688d28b65df03627 upstream. In my testing, v9fs_fid_xattr_set will return successfully even if the backend ext4 filesystem has no space to store xattr

[PATCH 3.16 154/328] fs/quota: Fix spectre gadget in do_quotactl

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jeremy Cline commit 7b6924d94a60c6b8c1279ca003e8744e6cd9e8b1 upstream. 'type' is user-controlled, so sanitize it after the bounds check to avoid using it in speculative execution. This covers

[PATCH 3.16 212/328] ACPI / bus: Only call dmi_check_system() on X86

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jean Delvare commit 5d128fbd8b20f8a48cb13c3eced789d1f9573ecd upstream. Calling dmi_check_system() early only works on X86. Other architectures initialize the DMI subsystem later so it's not

[PATCH 3.16 150/328] x86/process: Re-export start_thread()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Rian Hunter commit dc76803e57cc86589c4efcb5362918f9b0c0436f upstream. The consolidation of the start_thread() functions removed the export unintentionally. This breaks binfmt handlers built

[PATCH 3.16 063/328] udlfb: handle allocation failure

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 080fb5240bdcabed7387b814139c3ea172d59fc5 upstream. Allocations larger than PAGE_ALLOC_COSTLY_ORDER are unreliable and they may fail anytime. This patch fixes the udlfb

[PATCH 3.16 123/328] powerpc: Fix size calculation using resource_size()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit c42d3be0c06f0c1c416054022aa535c08a1f9b39 upstream. The problem is the the calculation should be "end - start + 1" but the plus one is missing in this calculation. Fixes:

[PATCH 3.16 152/328] ISCSI: fix minor memory leak

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Evgenii Lepikhin commit a928d28d4487402e6bd18bea1b8cc2b2ec6e6d8f upstream. This patch adds a missing kfree for sess->sess_ops memory upon transport_init_session() failure. Signed-off-by:

[PATCH 3.16 124/328] powerpc/fadump: handle crash memory ranges array index overflow

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Hari Bathini commit 1bd6a1c4b80a28d975287630644e6b47d0f977a5 upstream. Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file.

[PATCH 3.16 068/328] ALSA: vx222: Fix invalid endian conversions

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit fff71a4c050ba46e305d910c837b99ba1728135e upstream. The endian conversions used in vx2_dma_read() and vx2_dma_write() are superfluous and even wrong on big-endian machines,

[PATCH v2.1 24/34] dt-bindings: arm: Convert Rockchip board/soc bindings to json-schema

Convert Rockchip SoC bindings to DT schema format using json-schema. Cc: Mark Rutland Cc: Heiko Stuebner Cc: devicet...@vger.kernel.org Cc: linux-arm-ker...@lists.infradead.org Cc: linux-rockc...@lists.infradead.org Signed-off-by: Rob Herring [move to per-board entries and added recently added

[PATCH 3.16 203/328] spi: rspi: Handle dmaengine_prep_slave_sg() failures gracefully

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 85912a88c1ebcad04a5cfec971771195ce8d6691 upstream. As typically a shmobile SoC has less DMA channels than devices that can use DMA, we may want to prioritize access

[PATCH 3.16 146/328] tracing/blktrace: Fix to allow setting same value

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (VMware)" commit 757d9140072054528b13bbe291583d9823cde195 upstream. Masami Hiramatsu reported: Current trace-enable attribute in sysfs returns an error if user writes the

[PATCH 3.16 131/328] 9p: fix multiple NULL-pointer-dereferences

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Tomas Bortoli commit 10aa14527f458e9867cf3d2cc6b8cb0f6704448b upstream. Added checks to prevent GPFs from raising. Link: http://lkml.kernel.org/r/20180727110558.5479-1-tomasbort...@gmail.com

[PATCH 3.16 047/328] xen-netfront: fix queue name setting

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Vitaly Kuznetsov commit 2d408c0d4574b01b9ed45e02516888bf925e11a9 upstream. Commit f599c64fdf7d ("xen-netfront: Fix race between device setup and open") changed the initialization order:

[PATCH 3.16 185/328] xfrm6: call kfree_skb when skb is toobig

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Thadeu Lima de Souza Cascardo commit 215ab0f021c9fea3c18b75e7d522400ee6a49990 upstream. After commit d6990976af7c5d8f55903bfb4289b6fb030bf754 ("vti6: fix PMTU caching and reporting on xmit"),

[PATCH 3.16 177/328] x86/microcode/intel: Check microcode revision before updating sibling threads

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Ashok Raj commit c182d2b7d0ca48e0d6ff16f7d883161238c447ed upstream. After updating microcode on one of the threads of a core, the other thread sibling automatically gets the update since the

[PATCH 3.16 042/328] ARM: hisi: handle of_iomap and fix missing of_node_put

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Mc Guire commit d396cb185c0337aae5664b250cdd9a73f6eb1503 upstream. Relying on an unchecked of_iomap() which can return NULL is problematic here, an explicit check seems mandatory.

[PATCH 3.16 066/328] ALSA: seq: Fix poll() error return

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit a49a71f6e25da2acc637fcd31e73debd96ca18f8 upstream. The sanity checks in ALSA sequencer and OSS sequencer emulation codes return falsely -ENXIO from poll callback. They

Re: [PATCH 2/6] __wr_after_init: write rare for static allocation

On 06/12/2018 01:13, Andy Lutomirski wrote: + kasan_disable_current(); + if (op == WR_MEMCPY) + memcpy((void *)wr_poking_addr, (void *)src, len); + else if (op == WR_MEMSET) + memset((u8 *)wr_poking_addr, (u8)src, len); + else if (op ==

[PATCH 3.16 214/328] batman-adv: Use kref_get for batadv_nc_get_nc_node

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Sven Eckelmann commit 0de32ceee156787429035c974316f4e5098cf722 upstream. batadv_nc_get_nc_node requires that the caller already has a valid reference for orig_neigh_node. It is therefore not

[PATCH 3.16 060/328] udlfb: don't switch if we are switching to the same videomode

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 564f1807379298dfdb12ed0d5b25fcb89c238527 upstream. The udlfb driver reprograms the hardware everytime the user switches the console, that makes quite unusable when

[PATCH 3.16 125/328] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mahesh Salgaonkar commit cd813e1cd7122f2c261dce5b54d1e0c97f80e1a5 upstream. During Machine Check interrupt on pseries platform, register r3 points RTAS extended event log passed by

[PATCH 3.16 084/328] net: mvneta: fix mtu change on port without link

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Yelena Krivosheev commit 8466baf788ec3e18836bd9c91ba0b1a07af25878 upstream. It is incorrect to enable TX/RX queues (call by mvneta_port_up()) for port without link. Indeed MTU change for

[PATCH 3.16 045/328] binfmt_elf: Respect error return from `regset->active'

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Maciej W. Rozycki" commit 2f819db565e82e5f73cd42b39925098986693378 upstream. The regset API documented in defines -ENODEV as the result of the `->active' handler to be used where the

[PATCH 3.16 039/328] tty: fix termios input-speed encoding

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit fada18c48d774b9e837928ecdce6a5d5fdd11ee7 upstream. Make sure to clear the CIBAUD bits before OR-ing the new mask when encoding the termios input baud rate. This could

[PATCH 3.16 155/328] reiserfs: fix broken xattr handling (heap corruption, bad retval)

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit a13f085d111e90469faf2d9965eb39b11c114d7e upstream. This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name

[PATCH 3.16 062/328] udlfb: set optimal write delay

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit bb24153a3f13dd0dbc1f8055ad97fe346d598f66 upstream. The default delay 5 jiffies is too much when the kernel is compiled with HZ=100 - it results in jumpy cursor in

[PATCH 3.16 126/328] uprobes: Use synchronize_rcu() not synchronize_sched()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (VMware)" commit 016f8ffc48cb01d1e7701649c728c5d2e737d295 upstream. While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace,

[PATCH 3.16 040/328] tty: fix termios input-speed encoding when using BOTHER

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 1cee38f0363a88db374e50b232ca17b9a4c12fa0 upstream. When the termios CIBAUD bits are left unset (i.e. B0), we use the same output and input speed and should leave CIBAUD

[PATCH 3.16 148/328] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Paul Mackerras commit 46dec40fb741f00f1864580130779aeeaf24fb3d upstream. This fixes a bug which causes guest virtual addresses to get translated to guest real addresses incorrectly when the

[PATCH 3.16 157/328] getxattr: use correct xattr length

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Christian Brauner commit 82c9a927bc5df6e06b72d206d24a9d10cced4eb5 upstream. When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and

[PATCH 3.16 112/328] ASoC: wm8994: Mark expected switch fall-through

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" commit 2cea1542859bc812f1ec51ea71c06e927e5b922e upstream. In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through.

[PATCH 3.16 200/328] spi: sh-msiof: Add more register documentation

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 2e2b36872d7b45b1f88a590283b14c67931b777f upstream. Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown Signed-off-by: Ben Hutchings ---

[PATCH 3.16 074/328] fuse: Don't access pipe->buffers without pipe_lock()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Andrey Ryabinin commit a2477b0e67c52f4364a47c3ad70902bc2a61bd4c upstream. fuse_dev_splice_write() reads pipe->buffers to determine the size of 'bufs' array before taking the pipe_lock(). This

[PATCH 3.16 086/328] udl-kms: change down_interruptible to down

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 8456b99c16d193c4c3b7df305cf431e027f0189c upstream. If we leave urbs around, it causes not only leak, but also memory corruption. This patch fixes the function

[PATCH 3.16 107/328] net: mac802154: tx: expand tailroom if necessary

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Aring commit f9c52831133050c6b82aa8b6831c92da2bbf2a0b upstream. This patch is necessary if case of AF_PACKET or other socket interface which I am aware of it and didn't allocated

[PATCH 3.16 111/328] btrfs: rename total_bytes to avoid confusion

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Anand Jain commit 3c1dbdf54a31f4f049a33214c3096595988786bf upstream. we are assigning number_devices to the total_bytes, that's very confusing for a moment Signed-off-by: Anand Jain

[PATCH 3.16 118/328] PCI: mvebu: Fix I/O space end address calculation

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Thomas Petazzoni commit dfd0309fd7b30a5baffaf47b2fccb88b46d64d69 upstream. pcie->realio.end should be the address of last byte of the area, therefore using resource_size() of another resource

[PATCH 3.16 085/328] pinctrl: imx: off by one in imx_pinconf_group_dbg_show()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit b4859f3edb47825f62d1b2efdd75fe7945996f49 upstream. The > should really be >= here. It's harmless because pinctrl_generic_get_group() will return a NULL if group is

[PATCH 3.16 113/328] ASoC: wm8994: Fix missing break in switch

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: "Gustavo A. R. Silva" commit ad0eaee6195db1db1749dd46b9e6f4466793d178 upstream. Add missing break statement in order to prevent the code from falling through to the default case.

[PATCH 3.16 120/328] scsi: aic94xx: fix an error code in aic94xx_init()

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0756c57bce3d26da2592d834d8910b6887021701 upstream. We accidentally return success instead of -ENOMEM on this error path. Fixes: 2908d778ab3e ("[SCSI] aic94xx: new

[PATCH 3.16 038/328] tty: fix typo in comment of tty_termios_encode_baud_rate

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Matthias Brugger commit a1d51aa2214cea3f91611893610a2f769cada0e7 upstream. Signed-off-by: Matthias Brugger Signed-off-by: Greg Kroah-Hartman Signed-off-by: Ben Hutchings ---

[PATCH 3.16 048/328] ALSA: memalloc: Don't exceed over the requested size

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit dfef01e150824b0e6da750cacda8958188d29aea upstream. snd_dma_alloc_pages_fallback() tries to allocate pages again when the allocation fails with reduced size. But the first

[PATCH 3.16 115/328] dm cache metadata: save in-core policy_hint_size to on-disk superblock

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Mike Snitzer commit fd2fa95416188a767a63979296fa3e169a9ef5ec upstream. policy_hint_size starts as 0 during __write_initial_superblock(). It isn't until the policy is loaded that

[PATCH 3.16 145/328] netfilter: nf_tables: fix register ordering

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit d209df3e7f7002d9099fdb0f6df0f972b4386a63 upstream. We must register nfnetlink ops last, as that exposes nf_tables to userspace. Without this, we could theoretically

[PATCH 3.16 210/328] IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Aaron Knister commit 816e846c2eb9129a3e0afa5f920c8bbc71efecaa upstream. Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission

[PATCH 3.16 189/328] ext4: fix online resizing for bigalloc file systems with a 1k block size

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 5f8c10936fab2b69a487400f2872902e597dd320 upstream. An online resize of a file system with the bigalloc feature enabled and a 1k block size would be refused since

[PATCH 3.16 079/328] media: dvb-usb-v2/gl861: ensure USB message buffers DMA'able

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Akihiro Tsukada commit 86f65c218123c4e36fd855fbbc38147ffaf29974 upstream. i2c message buf might be on stack. Signed-off-by: Akihiro Tsukada Signed-off-by: Mauro Carvalho Chehab [bwh:

[PATCH 3.16 065/328] xfrm: fix 'passing zero to ERR_PTR()' warning

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: YueHaibing commit 934ffce1343f22ed5e2d0bd6da4440f4848074de upstream. Fix a static code checker warning: net/xfrm/xfrm_policy.c:1836 xfrm_resolve_and_create_bundle() warn: passing zero to

[PATCH 3.16 156/328] apparmor: remove no-op permission check in policy_unpack

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: John Johansen commit c037bd615885f1d9d3bdb48531bace79fae1505d upstream. The patch 736ec752d95e: "AppArmor: policy routines for loading and unpacking policy" from Jul 29, 2010, leads to the

[PATCH 3.16 134/328] KVM: arm/arm64: Skip updating PTE entry if no change

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Punit Agrawal commit 976d34e2dab10ece5ea8fe7090b7692913f89084 upstream. When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of

[PATCH 3.16 178/328] x86/microcode: Make sure boot_cpu_data.microcode is up-to-date

3.16.62-rc1 review patch. If anyone has any objections, please let me know. -- From: Prarit Bhargava commit 370a132bb2227ff76278f98370e0e701d86ff752 upstream. When preparing an MCE record for logging, boot_cpu_data.microcode is used to read out the microcode revision on the

<    1   2   3   4   5   6   7   8   >