[PATCH 4.19 36/99] crypto: authenc - fix parsing key with misaligned rta_len

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 8f9c469348487844328e162db57112f7d347c49f upstream. Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte 'enckeylen', followed by an authentication key

RE: [PATCH] kcov: convert kcov.refcount to refcount_t

> Just to check, has this been tested with CONFIG_REFCOUNT_FULL and > > something poking kcov? > > > > Given lib/refcount.c is instrumented, the refcount_*() calls will > > recurse back into the kcov code. It looks like that's fine, given these > > are only manipulated in setup/teardown paths,

[PATCH 4.19 09/99] netfilter: nf_conncount: restart search when nodes have been erased

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit e8cfb372b38a1b8979aa7f7631fb5e7b11c3793c upstream. Shawn Bohrer reported a following crash: |RIP: 0010:rb_erase+0xae/0x360 [..] Call Trace:

[PATCH 4.19 50/99] mfd: tps6586x: Handle interrupts on suspend

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jonathan Hunter commit ac4ca4b9f4623ba5e1ea7a582f286567c611e027 upstream. The tps6586x driver creates an irqchip that is used by its various child devices for managing interrupts. The

[PATCH 4.19 04/99] tty: Dont hold ldisc lock in tty_reopen() if ldisc present

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Safonov commit d3736d82e8169768218ee0ef68718875918091a0 upstream. Try to get reference for ldisc during tty_reopen(). If ldisc present, we don't need to do tty_ldisc_reinit() and lock

[PATCH 4.19 07/99] netfilter: nf_conncount: dont skip eviction when age is negative

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit 4cd273bb91b3001f623f516ec726c49754571b1a upstream. age is signed integer, so result can be negative when the timestamps have a large delta. In this case we want to

[PATCH 4.19 47/99] MIPS: lantiq: Fix IPI interrupt handling

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Hauke Mehrtens commit 2b4dba55b04b212a7fd1f0395b41d79ee3a9801b upstream. This makes SMP on the vrx200 work again, by removing all the MIPS CPU interrupt specific code and making it fully use

[PATCH 4.19 56/99] pstore/ram: Avoid allocation and leak of platform data

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 5631e8576a3caf606cdc375f97425a67983b420c upstream. Yue Hu noticed that when parsing device tree the allocated platform data was never freed. Since it's not used beyond the

[PATCH] lib/test_kmod: Potential double free in error handling

There is a copy and paste bug so we set "config->test_driver" to NULL twice instead of setting "config->test_fs". Smatch complains that it leads to a double free: lib/test_kmod.c:840 __kmod_config_init() warn: 'config->test_fs' double freed Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress

Re: [PATCH RFC 06/24] userfaultfd: wp: support write protection for userfault vma range

On Mon, Jan 21, 2019 at 03:57:04PM +0800, Peter Xu wrote: > From: Shaohua Li > > Add API to enable/disable writeprotect a vma range. Unlike mprotect, > this doesn't split/merge vmas. AFAICT it does not do that. > > Cc: Andrea Arcangeli > Cc: Pavel Emelyanov > Cc: Rik van Riel > Cc: Kirill

[PATCH 4.19 53/99] RDMA/vmw_pvrdma: Return the correct opcode when creating WR

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Adit Ranadive commit 6325e01b6cdf4636b721cf7259c1616e3cf28ce2 upstream. Since the IB_WR_REG_MR opcode value changed, let's set the PVRDMA device opcodes explicitly. Reported-by: Ruishuang

[PATCH 4.19 54/99] kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Paul Burton commit 16fd20aa98080c2fa666dc384036ec08c80af710 upstream. When building using GCC 4.7 or older, -ffunction-sections & the -pg flag used by ftrace are incompatible. This causes

[PATCH 4.19 59/99] Disable MSI also when pcie-octeon.pcie_disable on

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YunQiang Su commit a214720cbf50cd8c3f76bbb9c3f5c283910e9d33 upstream. Octeon has an boot-time option to disable pcie. Since MSI depends on PCI-E, we should also disable MSI also with this

[PATCH 4.19 63/99] media: vivid: set min width/height to a value > 0

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 9729d6d282a6d7ce88e64c9119cecdf79edf4e88 upstream. The capture DV timings capabilities allowed for a minimum width and height of 0. So passing a timings struct with 0

[PATCH 4.19 65/99] ipv6: make icmp6_send() robust against null skb->dev

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 8d933670452107e41165bea70a30dffbd281bef1 upstream. syzbot was able to crash one host with the following stack trace : kasan: GPF could be caused by NULL-ptr deref or user

Re: [PATCH 04/13] dt-bindings: gpio: add DT bindings for max77650

On Fri, Jan 18, 2019 at 2:43 PM Bartosz Golaszewski wrote: > From: Bartosz Golaszewski > > Add the DT binding document for the GPIO module of max77650. > > Signed-off-by: Bartosz Golaszewski Very simple so not much to complain about :) Reviewed-by: Linus Walleij Yours, Linus Walleij

[PATCH 4.19 69/99] netfilter: ebtables: account ebt_table_info to kmemcg

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Shakeel Butt commit e2c8d550a973bb34fc28bc8d0ec996f84562fb8a upstream. The [ip,ip6,arp]_tables use x_tables_info internally and the underlying memory is already accounted to kmemcg. Do the

[PATCH 4.19 66/99] LSM: Check for NULL cred-security on free

4.19-stable review patch. If anyone has any objections, please let me know. -- From: James Morris commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream. From: Casey Schaufler Check that the cred security blob has been set before trying to clean it up. There is a case

[PATCH 4.19 64/99] bpf: in __bpf_redirect_no_mac pull mac only if present

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn commit e7c87bd6cc4ec7b0ac1ed0a88a58f8206c577488 upstream. Syzkaller was able to construct a packet of negative length by redirecting from bpf_prog_test_run_skb with

[PATCH 4.19 71/99] selinux: fix GPF on invalid policy

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Stephen Smalley commit 5b0e7310a2a33c06edc7eb81ffc521af9b2c5610 upstream. levdatum->level can be NULL if we encounter an error while loading the policy during sens_read prior to initializing

[PATCH 4.19 67/99] media: vb2: vb2_mmap: move lock up

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit cd26d1c4d1bc947b56ae404998ae2276df7b39b7 upstream. If a filehandle is dup()ped, then it is possible to close it from one fd and call mmap from the other. This creates a

[PATCH 4.19 42/99] Yama: Check for pid death before checking ancestry

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kees Cook commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 upstream. It's possible that a pid has died before we take the rcu lock, in which case we can't walk the ancestry list as it may be

[PATCH 4.19 43/99] scsi: core: Synchronize request queue PM status only on successful resume

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Stanley Chu commit 3f7e62bba0003f9c68f599f5997c4647ef5b4f4e upstream. The commit 356fd2663cff ("scsi: Set request queue runtime PM status back to active on resume") fixed up the inconsistent

[PATCH 4.19 44/99] scsi: sd: Fix cache_type_store()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ivan Mironov commit 44759979a49bfd2d20d789add7fa81a21eb1a4ab upstream. Changing of caching mode via /sys/devices/.../scsi_disk/.../cache_type may fail if device responds to MODE SENSE command

[PATCH 4.19 87/99] loop: Push loop_ctl_mutex down to loop_get_status()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 4a5ce9ba5877e4640200d84a735361306ad1a1b8 upstream. Push loop_ctl_mutex down to loop_get_status() to avoid the unusual convention that the function gets called with

[PATCH 4.19 97/99] loop: drop caches if offset or block_size are changed

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jaegeuk Kim commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 upstream. If we don't drop caches used in old offset or block_size, we can get old data from new offset/block_size, which gives

[PATCH 4.19 88/99] loop: Push loop_ctl_mutex down to loop_set_status()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 550df5fdacff94229cde0ed9b8085155654c1696 upstream. Push loop_ctl_mutex down to loop_set_status(). We will need this to be able to call loop_reread_partitions() without

[PATCH 4.19 37/99] crypto: talitos - reorder code in talitos_edesc_alloc()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Christophe Leroy commit c56c2e173773097a248fd3bace91ac8f6fc5386d upstream. This patch moves the mapping of IV after the kmalloc(). This avoids having to unmap in case kmalloc() fails.

[PATCH 4.19 89/99] loop: Push loop_ctl_mutex down to loop_set_fd()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 757ecf40b7e029529768eb5f9562d5eeb3002106 upstream. Push lo_ctl_mutex down to loop_set_fd(). We will need this to be able to call loop_reread_partitions() without lo_ctl_mutex.

[PATCH 4.19 83/99] loop: Get rid of loop_index_mutex

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 0a42e99b58a208839626465af194cfe640ef9493 upstream. Now that loop_ctl_mutex is global, just get rid of loop_index_mutex as there is no good reason to keep these two separate

Re: [PATCH 4.20 085/111] blockdev: Fix livelocks on loop device

On Mon 21-01-19 14:43:19, Greg Kroah-Hartman wrote: > 4.20-stable review patch. If anyone has any objections, please let me know. Greg, when applying this, you should also apply commit c8a83a6b54d0 "nbd: Use set_blocksize() to set device blocksize". Otherwise some nbd functionality would

[PATCH 4.19 80/99] block/loop: Dont grab "struct file" for vfs_getattr() operation.

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tetsuo Handa commit b1ab5fa309e6c49e4e06270ec67dd7b3e9971d04 upstream. vfs_getattr() needs "struct path" rather than "struct file". Let's use path_get()/path_put() rather than

[PATCH 4.19 84/99] loop: Push lo_ctl_mutex down into individual ioctls

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a13165441d58b216adbd50252a9cc829d78a6bce upstream. Push acquisition of lo_ctl_mutex down into individual ioctl handling branches. This is a preparatory step for pushing the

[PATCH 4.19 81/99] block/loop: Use global lock for ioctl() operation.

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tetsuo Handa commit 310ca162d779efee8a2dc3731439680f3e9c1e86 upstream. syzbot is reporting NULL pointer dereference [1] which is caused by race condition between ioctl(loop_fd, LOOP_CLR_FD,

[PATCH 4.19 77/99] tipc: fix uninit-value in tipc_nl_compat_link_set

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit edf5ff04a45750ac8ce2435974f001dc9cfbf055 upstream. syzbot reports following splat: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486 CPU: 1 PID: 9306 Comm:

[PATCH 4.19 86/99] loop: Push loop_ctl_mutex down into loop_clr_fd()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 7ccd0791d98531df7cd59e92d55e4f063d48a070 upstream. loop_clr_fd() has a weird locking convention that is expects loop_ctl_mutex held, releases it on success and keeps it on

[PATCH 4.19 82/99] loop: Fold __loop_release into loop_release

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 967d1dc144b50ad005e5eecdfadfbcfb3996 upstream. __loop_release() has a single call site. Fold it there. This is currently not a huge win but it will make following

[PATCH 4.19 85/99] loop: Split setting of lo_state from loop_clr_fd

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit a2505b799a496b7b84d9a4a14ec870ff9e42e11b upstream. Move setting of lo_state to Lo_rundown out into the callers. That will allow us to unlock loop_ctl_mutex while the loop

[PATCH 4.19 98/99] drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ivan Mironov commit 66a8d5bfb518f9f12d47e1d2dce1732279f9451e upstream. Strict requirement of pixclock to be zero breaks support of SDL 1.2 which contains hardcoded table of supported video

[PATCH 4.19 96/99] loop: Fix double mutex_unlock(_ctl_mutex) in loop_control_ioctl()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Tetsuo Handa commit 628bd85947091830a8c4872adfd5ed1d515a9cf2 upstream. Commit 0a42e99b58a20883 ("loop: Get rid of loop_index_mutex") forgot to remove mutex_unlock(_ctl_mutex) from

[PATCH 4.19 95/99] loop: Get rid of nested acquisition of loop_ctl_mutex

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit c28445fa06a3a54e06938559b9514c5a7f01c90f upstream. The nested acquisition of loop_ctl_mutex (->lo_ctl_mutex back then) has been introduced by commit f028f3b2f987e "loop: fix

[PATCH 4.19 99/99] selftests: Fix test errors related to lib.mk khdr target

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit 211929fd3f7c8de4d541b1cc243b82830e5ea1e8 upstream. Commit b2d35fa5fc80 ("selftests: add headers_install to lib.mk") added khdr target to run headers_install target from the

[PATCH 4.19 79/99] tipc: fix uninit-value in tipc_nl_compat_doit

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit 2753ca5d9009c180dbfd4c802c80983b4b6108d1 upstream. BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x404/0xa10 net/tipc/netlink_compat.c:335 CPU: 0 PID: 4514 Comm:

[PATCH 4.19 94/99] loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 1dded9acf6dc9a34cd27fcf8815507e4e65b3c4f upstream. Code in loop_change_fd() drops reference to the old file (and also the new file in a failure case) under loop_ctl_mutex.

[PATCH 4.19 90/99] loop: Push loop_ctl_mutex down to loop_change_fd()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit c371077000f4138ee3c15fbed50101ff24bdc91d upstream. Push loop_ctl_mutex down to loop_change_fd(). We will need this to be able to call loop_reread_partitions() without

[PATCH 4.19 93/99] loop: Fix deadlock when calling blkdev_reread_part()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 0da03cab87e6323ff2e05b14bc7d5c6fcc531efd upstream. Calling blkdev_reread_part() under loop_ctl_mutex causes lockdep to complain about circular lock dependency between

[PATCH 4.19 92/99] loop: Move loop_reread_partitions() out of loop_ctl_mutex

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 85b0a54a82e4fbceeb1aebb7cb6909edd1a24668 upstream. Calling loop_reread_partitions() under loop_ctl_mutex causes lockdep to complain about circular lock dependency between

[PATCH 4.19 91/99] loop: Move special partition reread handling in loop_clr_fd()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit d57f3374ba4817f7c8d26fae8a13d20ac8d31b92 upstream. The call of __blkdev_reread_part() from loop_reread_partition() happens only when we need to invalidate partitions from

[PATCH 4.19 46/99] MIPS: BCM47XX: Setup struct device for the SoC

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Rafał Miłecki commit 321c46b91550adc03054125fa7a1639390608e1a upstream. So far we never had any device registered for the SoC. This resulted in some small issues that we kept ignoring like:

[PATCH 4.19 78/99] tipc: fix uninit-value in tipc_nl_compat_name_table_dump

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit 974cb0e3e7c963ced06c4e32c5b2884173fa5e01 upstream. syzbot reported: BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline] BUG: KMSAN:

[PATCH 4.19 75/99] tipc: fix uninit-value in tipc_nl_compat_link_reset_stats

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit 8b66fee7f8ee18f9c51260e7a43ab37db5177a05 upstream. syzbot reports following splat: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486 CPU: 1 PID: 11057 Comm:

[PATCH 4.19 41/99] btrfs: wait on ordered extents on abort cleanup

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik commit 74d5d229b1bf60f93bff244b2dfc0eb21ec32a07 upstream. If we flip read-only before we initiate writeback on all dirty pages for ordered extents we've created then we'll have

[PATCH 4.19 74/99] tipc: fix uninit-value in in tipc_conn_rcv_sub

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit a88289f4ddee4165d5f796bd99e09eec3133c16b upstream. syzbot reported: BUG: KMSAN: uninit-value in tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373 CPU: 0 PID: 66 Comm:

[PATCH 4.19 76/99] tipc: fix uninit-value in tipc_nl_compat_bearer_enable

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit 0762216c0ad2a2fccd63890648eca491f2c83d9a upstream. syzbot reported: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:484 CPU: 1 PID: 6371 Comm: syz-executor652 Not

[PATCH 4.19 45/99] mips: fix n32 compat_ipc_parse_version

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 5a9372f751b5350e0ce3d2ee91832f1feae2c2e5 upstream. While reading through the sysvipc implementation, I noticed that the n32 semctl/shmctl/msgctl system calls behave

[PATCH 4.19 72/99] blockdev: Fix livelocks on loop device

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 04906b2f542c23626b0ef6219b808406f8dddbe9 upstream. bd_set_size() updates also block device's block size. This is somewhat unexpected from its name and at this point, only

[PATCH 4.19 73/99] sctp: allocate sctp_sockaddr_entry with kzalloc

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long commit 400b8b9a2a17918f8ce00786f596f530e7f30d50 upstream. The similar issue as fixed in Commit 4a2eb0c37b47 ("sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event")

[PATCH 4.19 70/99] block: use rcu_work instead of call_rcu to avoid sleep in softirq

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Yufen Yu commit 94a2c3a32b62e868dc1e3d854326745a7f1b8c7a upstream. We recently got a stack by syzkaller like this: BUG: sleeping function called from invalid context at mm/slab.h:361

[PATCH 4.19 57/99] arm64: kaslr: ensure randomized quantities are clean to the PoC

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit 1598ecda7b239e9232dda032bfddeed9d89fab6c upstream. kaslr_early_init() is called with the kernel mapped at its link time offset, and if it returns with a non-zero offset,

[PATCH 4.19 61/99] omap2fb: Fix stack memory disclosure

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Vlad Tsyrklevich commit a01421e4484327fe44f8e126793ed5a48a221e24 upstream. Using [1] for static analysis I found that the OMAPFB_QUERY_PLANE, OMAPFB_GET_COLOR_KEY, OMAPFB_GET_DISPLAY_INFO,

[PATCH 4.19 62/99] media: vivid: fix error handling of kthread_run

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Hans Verkuil commit 701f49bc028edb19ffccd101997dd84f0d71e279 upstream. kthread_run returns an error pointer, but elsewhere in the code dev->kthread_vid_cap/out is checked against NULL. If

[PATCH 4.19 68/99] sunrpc: handle ENOMEM in rpcb_getport_async

4.19-stable review patch. If anyone has any objections, please let me know. -- From: J. Bruce Fields commit 81c88b18de1f11f70c97f28ced8d642c00bb3955 upstream. If we ignore the error we'll hit a null dereference a little later. Reported-by:

[PATCH 4.19 40/99] Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"

4.19-stable review patch. If anyone has any objections, please let me know. -- From: David Sterba commit 77b7aad195099e7c6da11e94b7fa6ef5e6fb0025 upstream. This reverts commit e73e81b6d0114d4a303205a952ab2e87c44bd279. This patch causes a few problems: - adds latency to

[PATCH 4.19 60/99] fix int_sqrt64() for very large numbers

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian La Roche commit fbfaf851902cd9293f392f3a1735e0543016d530 upstream. If an input number x for int_sqrt64() has the highest bit set, then fls64(x) is 64. (1UL << 64) is an overflow and

[PATCH 4.19 58/99] arm64: dts: marvell: armada-ap806: reserve PSCI area

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Heinrich Schuchardt commit 132ac39cffbcfed80ada38ef0fc6d34d95da7be6 upstream. The memory area [0x400-0x420[ is occupied by the PSCI firmware. Any attempt to access it from Linux leads

[PATCH 4.19 51/99] media: v4l: ioctl: Validate num_planes for debug messages

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sakari Ailus commit 7fe9f01c04c2673bd6662c35b664f0f91888b96f upstream. The num_planes field in struct v4l2_pix_format_mplane is used in a loop before validating it. As the use is printing a

[PATCH 4.19 52/99] RDMA/nldev: Dont expose unsafe global rkey to regular user

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Leon Romanovsky commit a9666c1cae8dbcd1a9aacd08a778bf2a28eea300 upstream. Unsafe global rkey is considered dangerous because it exposes memory registered for all memory in the system. Only

[PATCH 4.19 00/99] 4.19.17-stable review

This is the start of the stable review cycle for the 4.19.17 release. There are 99 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 23 13:48:56 UTC 2019. Anything

[PATCH 4.19 38/99] crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Christophe Leroy commit 1bea445b0a022ee126ca328b3705cd4df18ebc14 upstream. [2.364486] WARNING: CPU: 0 PID: 60 at ./arch/powerpc/include/asm/io.h:837 dma_nommu_map_page+0x44/0xd4 [

[PATCH 4.19 39/99] xen: Fix x86 sched_clock() interface for xen

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross commit 867cefb4cb1012f42cada1c7d1f35ac8dd276071 upstream. Commit f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface") broke Xen guest time

[PATCH 4.19 49/99] OF: properties: add missing of_node_put

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Julia Lawall commit 28b170e88bc0c7509e6724717c15cb4b5686026e upstream. Add an of_node_put when the result of of_graph_get_remote_port_parent is not available. The semantic match that finds

[PATCH 4.19 55/99] net: dsa: realtek-smi: fix OF child-node lookup

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 3f1bb6abdf19cfa89860b3bc9e7f31b44b6a0ba1 upstream. Use the new of_get_compatible_child() helper to look up child nodes to avoid ever matching non-child nodes elsewhere in

[PATCH 4.19 48/99] drm/i915/gvt: Fix mmap range check

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Zhenyu Wang commit 51b00d8509dc69c98740da2ad07308b630d3eb7d upstream. This is to fix missed mmap range check on vGPU bar2 region and only allow to map vGPU allocated GMADDR range, which means

[PATCH 4.19 08/99] netfilter: nf_conncount: split gc in two phases

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit f7fcc98dfc2d136722007fec0debbed761679b94 upstream. The lockless workqueue garbage collector can race with packet path garbage collector to delete list nodes, as it

[PATCH 4.19 06/99] netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Shawn Bohrer commit c78e7818f16f687389174c4569243abbec8dc68f upstream. Most of the time these were the same value anyway, but when CONFIG_LOCKDEP was enabled we would use a smaller number of

[PATCH 4.19 05/99] can: gw: ensure DLC boundaries after CAN frame modification

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Oliver Hartkopp commit 0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 upstream. Muyu Yu provided a POC where user root with CAP_NET_ADMIN can create a CAN frame modification rule that makes the

[PATCH 4.19 35/99] crypto: bcm - convert to use crypto_authenc_extractkeys()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit ab57b33525c3221afaebd391458fa0cbcd56903d upstream. Convert the bcm crypto driver to use crypto_authenc_extractkeys() so that it picks up the fix for broken validation of

[PATCH 4.19 32/99] crypto: caam - fix zero-length buffer DMA mapping

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Aymen Sghaier commit 04e6d25c5bb244c1a37eb9fe0b604cc11a04e8c5 upstream. Recent changes - probably DMA API related (generic and/or arm64-specific) - exposed a case where driver maps a

[PATCH 4.19 33/99] crypto: authencesn - Avoid twice completion call in decrypt path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Harsh Jain commit a7773363624b034ab198c738661253d20a8055c2 upstream. Authencesn template in decrypt path unconditionally calls aead_request_complete after ahash_verify which leads to

[PATCH 4.19 34/99] crypto: ccree - convert to use crypto_authenc_extractkeys()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit dc95b5350a8f07d73d6bde3a79ef87289698451d upstream. Convert the ccree crypto driver to use crypto_authenc_extractkeys() so that it picks up the fix for broken validation of

[PATCH 4.19 28/99] bonding: update nest level on unlink

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Willem de Bruijn [ Upstream commit 001e465f09a18857443489a57e74314a3368c805 ] A network device stack with multiple layers of bonding devices can trigger a false positive lockdep warning.

[PATCH 4.19 31/99] crypto: sm3 - fix undefined shift by >= width of value

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit d45a90cb5d061fa7d411b974b950fe0b8bc5f265 upstream. sm3_compress() calls rol32() with shift >= 32, which causes undefined behavior. This is easily detected by enabling

[PATCH 4.19 30/99] r8169: load Realtek PHY driver module before r8169

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Heiner Kallweit [ Upstream commit 11287b693d03830010356339e4ceddf47dee34fa ] This soft dependency works around an issue where sometimes the genphy driver is used instead of the dedicated PHY

[PATCH 4.19 03/99] tty: Simplify tty->count math in tty_reopen()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Safonov commit cf62a1a13749db0d32b5cdd800ea91a4087319de upstream. As notted by Jiri, tty_ldisc_reinit() shouldn't rely on tty counter. Simplify math by increasing the counter after

[PATCH 4.19 16/99] scsi: target: iscsi: cxgbit: fix csk leak

4.19-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 801df68d617e3cb831f531c99fa6003620e6b343 ] csk leak can happen if a new TCP connection gets established after cxgbit_accept_np() returns, to fix this leak free remaining csk in

[PATCH 4.19 22/99] packet: Do not leak dev refcounts on error exit

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jason Gunthorpe [ Upstream commit d972f3dce8d161e2142da0ab1ef25df00e2f21a9 ] 'dev' is non NULL when the addr_len check triggers so it must goto a label that does the dev_put otherwise dev

[PATCH 4.19 13/99] netfilter: nf_conncount: fix argument order to find_next_bit

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit a007232066f6839d6f256bab21e825d968f1a163 upstream. Size and 'next bit' were swapped, this bug could cause worker to reschedule itself even if system was idle. Fixes:

[PATCH 4.19 25/99] lan743x: Remove phy_read from link status change function

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Bryan Whitehead [ Upstream commit a0071840d2040ea1b27e5a008182b09b88defc15 ] It has been noticed that some phys do not have the registers required by the previous implementation. To fix

[PATCH 4.19 21/99] net: bridge: fix a bug on using a neighbour cache entry without checking its state

4.19-stable review patch. If anyone has any objections, please let me know. -- From: JianJhen Chen [ Upstream commit 4c84edc11b76590859b1e45dd676074c59602dc4 ] When handling DNAT'ed packets on a bridge device, the neighbour cache entry from lookup was used without checking

[PATCH 4.19 20/99] ipv6: fix kernel-infoleak in ipv6_local_error()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 7d033c9f6a7fd3821af75620a0257db87c2b552a ] This patch makes sure the flow label in the IPv6 header forged in ipv6_local_error() is initialized. BUG: KMSAN:

[PATCH 4.19 26/99] smc: move unhash as early as possible in smc_release()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 26d92e951fe0a44ee4aec157cabb65a818cc8151 ] In smc_release() we release smc->clcsock before unhash the smc sock, but a parallel smc_diag_dump() may be still reading

[PATCH 4.19 02/99] tty: Hold tty_ldisc_lock() during tty_reopen()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Safonov commit 83d817f41070c48bc3eb7ec18e43000a548fca5c upstream. tty_ldisc_reinit() doesn't race with neither tty_ldisc_hangup() nor set_ldisc() nor tty_ldisc_release() as they use

[PATCH 4.19 24/99] tun: publish tfile after its fully initialized

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Stanislav Fomichev [ Upstream commit 0b7959b6257322f7693b08a459c505d4938646f2 ] BUG: unable to handle kernel NULL pointer dereference at 00d1 Call Trace: ?

[PATCH 4.19 17/99] scsi: target: iscsi: cxgbit: fix csk leak - 2

4.19-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit ed076c55b359cc9982ca8b065bcc01675f7365f6 ] In case of arp failure call cxgbit_put_csk() to free csk. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen Signed-off-by:

[PATCH 4.19 15/99] Revert "scsi: target: iscsi: cxgbit: fix csk leak"

4.19-stable review patch. If anyone has any objections, please let me know. -- This reverts commit c9cef2c71a89a2c926dae8151f9497e72f889315. A wrong commit message was used for the stable commit because of a human error (and duplicate commit subject lines). This patch reverts

[PATCH 4.19 11/99] netfilter: nf_conncount: move all list iterations under spinlock

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Pablo Neira Ayuso commit 2f971a8f425545da52ca0e6bee81f5b1ea0ccc5f upstream. Two CPUs may race to remove a connection from the list, the existing conn->dead will result in a use-after-free.

[PATCH 4.9 00/51] 4.9.152-stable review

This is the start of the stable review cycle for the 4.9.152 release. There are 51 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 23 12:24:02 UTC 2019. Anything

[PATCH 4.19 10/99] netfilter: nf_conncount: merge lookup and add functions

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Florian Westphal commit df4a902509766897f7371fdfa4c3bf8bc321b55d upstream. 'lookup' is always followed by 'add'. Merge both and make the list-walk part of nf_conncount_add(). This also

[PATCH 4.9 08/51] proc: Remove empty line in /proc/self/status

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes the iotop application to bail out with an error message. File

[PATCH 4.9 43/51] tipc: fix uninit-value in tipc_nl_compat_link_set

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ying Xue commit edf5ff04a45750ac8ce2435974f001dc9cfbf055 upstream. syzbot reports following splat: BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486 CPU: 1 PID: 9306 Comm:

<    4   5   6   7   8   9   10   11   12   13   >