4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Biggers
commit 8f9c469348487844328e162db57112f7d347c49f upstream.
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key
> Just to check, has this been tested with CONFIG_REFCOUNT_FULL and
> > something poking kcov?
> >
> > Given lib/refcount.c is instrumented, the refcount_*() calls will
> > recurse back into the kcov code. It looks like that's fine, given these
> > are only manipulated in setup/teardown paths,
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit e8cfb372b38a1b8979aa7f7631fb5e7b11c3793c upstream.
Shawn Bohrer reported a following crash:
|RIP: 0010:rb_erase+0xae/0x360
[..]
Call Trace:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jonathan Hunter
commit ac4ca4b9f4623ba5e1ea7a582f286567c611e027 upstream.
The tps6586x driver creates an irqchip that is used by its various child
devices for managing interrupts. The
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Dmitry Safonov
commit d3736d82e8169768218ee0ef68718875918091a0 upstream.
Try to get reference for ldisc during tty_reopen().
If ldisc present, we don't need to do tty_ldisc_reinit() and lock
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit 4cd273bb91b3001f623f516ec726c49754571b1a upstream.
age is signed integer, so result can be negative when the timestamps
have a large delta. In this case we want to
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Hauke Mehrtens
commit 2b4dba55b04b212a7fd1f0395b41d79ee3a9801b upstream.
This makes SMP on the vrx200 work again, by removing all the MIPS CPU
interrupt specific code and making it fully use
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
commit 5631e8576a3caf606cdc375f97425a67983b420c upstream.
Yue Hu noticed that when parsing device tree the allocated platform data
was never freed. Since it's not used beyond the
There is a copy and paste bug so we set "config->test_driver" to NULL
twice instead of setting "config->test_fs". Smatch complains that it
leads to a double free:
lib/test_kmod.c:840 __kmod_config_init() warn: 'config->test_fs' double freed
Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress
On Mon, Jan 21, 2019 at 03:57:04PM +0800, Peter Xu wrote:
> From: Shaohua Li
>
> Add API to enable/disable writeprotect a vma range. Unlike mprotect,
> this doesn't split/merge vmas.
AFAICT it does not do that.
>
> Cc: Andrea Arcangeli
> Cc: Pavel Emelyanov
> Cc: Rik van Riel
> Cc: Kirill
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Adit Ranadive
commit 6325e01b6cdf4636b721cf7259c1616e3cf28ce2 upstream.
Since the IB_WR_REG_MR opcode value changed, let's set the PVRDMA device
opcodes explicitly.
Reported-by: Ruishuang
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Paul Burton
commit 16fd20aa98080c2fa666dc384036ec08c80af710 upstream.
When building using GCC 4.7 or older, -ffunction-sections & the -pg flag
used by ftrace are incompatible. This causes
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: YunQiang Su
commit a214720cbf50cd8c3f76bbb9c3f5c283910e9d33 upstream.
Octeon has an boot-time option to disable pcie.
Since MSI depends on PCI-E, we should also disable MSI also with
this
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Hans Verkuil
commit 9729d6d282a6d7ce88e64c9119cecdf79edf4e88 upstream.
The capture DV timings capabilities allowed for a minimum width and
height of 0. So passing a timings struct with 0
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Dumazet
commit 8d933670452107e41165bea70a30dffbd281bef1 upstream.
syzbot was able to crash one host with the following stack trace :
kasan: GPF could be caused by NULL-ptr deref or user
On Fri, Jan 18, 2019 at 2:43 PM Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski
>
> Add the DT binding document for the GPIO module of max77650.
>
> Signed-off-by: Bartosz Golaszewski
Very simple so not much to complain about :)
Reviewed-by: Linus Walleij
Yours,
Linus Walleij
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Shakeel Butt
commit e2c8d550a973bb34fc28bc8d0ec996f84562fb8a upstream.
The [ip,ip6,arp]_tables use x_tables_info internally and the underlying
memory is already accounted to kmemcg. Do the
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: James Morris
commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream.
From: Casey Schaufler
Check that the cred security blob has been set before trying
to clean it up. There is a case
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Willem de Bruijn
commit e7c87bd6cc4ec7b0ac1ed0a88a58f8206c577488 upstream.
Syzkaller was able to construct a packet of negative length by
redirecting from bpf_prog_test_run_skb with
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Stephen Smalley
commit 5b0e7310a2a33c06edc7eb81ffc521af9b2c5610 upstream.
levdatum->level can be NULL if we encounter an error while loading
the policy during sens_read prior to initializing
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Hans Verkuil
commit cd26d1c4d1bc947b56ae404998ae2276df7b39b7 upstream.
If a filehandle is dup()ped, then it is possible to close it from one fd
and call mmap from the other. This creates a
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 upstream.
It's possible that a pid has died before we take the rcu lock, in which
case we can't walk the ancestry list as it may be
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Stanley Chu
commit 3f7e62bba0003f9c68f599f5997c4647ef5b4f4e upstream.
The commit 356fd2663cff ("scsi: Set request queue runtime PM status back to
active on resume") fixed up the inconsistent
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ivan Mironov
commit 44759979a49bfd2d20d789add7fa81a21eb1a4ab upstream.
Changing of caching mode via /sys/devices/.../scsi_disk/.../cache_type may
fail if device responds to MODE SENSE command
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 4a5ce9ba5877e4640200d84a735361306ad1a1b8 upstream.
Push loop_ctl_mutex down to loop_get_status() to avoid the unusual
convention that the function gets called with
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jaegeuk Kim
commit 5db470e229e22b7eda6e23b5566e532c96fb5bc3 upstream.
If we don't drop caches used in old offset or block_size, we can get old data
from new offset/block_size, which gives
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 550df5fdacff94229cde0ed9b8085155654c1696 upstream.
Push loop_ctl_mutex down to loop_set_status(). We will need this to be
able to call loop_reread_partitions() without
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
commit c56c2e173773097a248fd3bace91ac8f6fc5386d upstream.
This patch moves the mapping of IV after the kmalloc(). This
avoids having to unmap in case kmalloc() fails.
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 757ecf40b7e029529768eb5f9562d5eeb3002106 upstream.
Push lo_ctl_mutex down to loop_set_fd(). We will need this to be able to
call loop_reread_partitions() without lo_ctl_mutex.
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 0a42e99b58a208839626465af194cfe640ef9493 upstream.
Now that loop_ctl_mutex is global, just get rid of loop_index_mutex as
there is no good reason to keep these two separate
On Mon 21-01-19 14:43:19, Greg Kroah-Hartman wrote:
> 4.20-stable review patch. If anyone has any objections, please let me know.
Greg, when applying this, you should also apply commit c8a83a6b54d0 "nbd:
Use set_blocksize() to set device blocksize". Otherwise some nbd
functionality would
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Tetsuo Handa
commit b1ab5fa309e6c49e4e06270ec67dd7b3e9971d04 upstream.
vfs_getattr() needs "struct path" rather than "struct file".
Let's use path_get()/path_put() rather than
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit a13165441d58b216adbd50252a9cc829d78a6bce upstream.
Push acquisition of lo_ctl_mutex down into individual ioctl handling
branches. This is a preparatory step for pushing the
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Tetsuo Handa
commit 310ca162d779efee8a2dc3731439680f3e9c1e86 upstream.
syzbot is reporting NULL pointer dereference [1] which is caused by
race condition between ioctl(loop_fd, LOOP_CLR_FD,
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit edf5ff04a45750ac8ce2435974f001dc9cfbf055 upstream.
syzbot reports following splat:
BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486
CPU: 1 PID: 9306 Comm:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 7ccd0791d98531df7cd59e92d55e4f063d48a070 upstream.
loop_clr_fd() has a weird locking convention that is expects
loop_ctl_mutex held, releases it on success and keeps it on
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 967d1dc144b50ad005e5eecdfadfbcfb3996 upstream.
__loop_release() has a single call site. Fold it there. This is
currently not a huge win but it will make following
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit a2505b799a496b7b84d9a4a14ec870ff9e42e11b upstream.
Move setting of lo_state to Lo_rundown out into the callers. That will
allow us to unlock loop_ctl_mutex while the loop
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ivan Mironov
commit 66a8d5bfb518f9f12d47e1d2dce1732279f9451e upstream.
Strict requirement of pixclock to be zero breaks support of SDL 1.2
which contains hardcoded table of supported video
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Tetsuo Handa
commit 628bd85947091830a8c4872adfd5ed1d515a9cf2 upstream.
Commit 0a42e99b58a20883 ("loop: Get rid of loop_index_mutex") forgot to
remove mutex_unlock(_ctl_mutex) from
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit c28445fa06a3a54e06938559b9514c5a7f01c90f upstream.
The nested acquisition of loop_ctl_mutex (->lo_ctl_mutex back then) has
been introduced by commit f028f3b2f987e "loop: fix
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Shuah Khan
commit 211929fd3f7c8de4d541b1cc243b82830e5ea1e8 upstream.
Commit b2d35fa5fc80 ("selftests: add headers_install to lib.mk") added
khdr target to run headers_install target from the
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit 2753ca5d9009c180dbfd4c802c80983b4b6108d1 upstream.
BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x404/0xa10
net/tipc/netlink_compat.c:335
CPU: 0 PID: 4514 Comm:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 1dded9acf6dc9a34cd27fcf8815507e4e65b3c4f upstream.
Code in loop_change_fd() drops reference to the old file (and also the
new file in a failure case) under loop_ctl_mutex.
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit c371077000f4138ee3c15fbed50101ff24bdc91d upstream.
Push loop_ctl_mutex down to loop_change_fd(). We will need this to be
able to call loop_reread_partitions() without
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 0da03cab87e6323ff2e05b14bc7d5c6fcc531efd upstream.
Calling blkdev_reread_part() under loop_ctl_mutex causes lockdep to
complain about circular lock dependency between
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 85b0a54a82e4fbceeb1aebb7cb6909edd1a24668 upstream.
Calling loop_reread_partitions() under loop_ctl_mutex causes lockdep to
complain about circular lock dependency between
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit d57f3374ba4817f7c8d26fae8a13d20ac8d31b92 upstream.
The call of __blkdev_reread_part() from loop_reread_partition() happens
only when we need to invalidate partitions from
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Rafał Miłecki
commit 321c46b91550adc03054125fa7a1639390608e1a upstream.
So far we never had any device registered for the SoC. This resulted in
some small issues that we kept ignoring like:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit 974cb0e3e7c963ced06c4e32c5b2884173fa5e01 upstream.
syzbot reported:
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10
[inline]
BUG: KMSAN:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit 8b66fee7f8ee18f9c51260e7a43ab37db5177a05 upstream.
syzbot reports following splat:
BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486
CPU: 1 PID: 11057 Comm:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Josef Bacik
commit 74d5d229b1bf60f93bff244b2dfc0eb21ec32a07 upstream.
If we flip read-only before we initiate writeback on all dirty pages for
ordered extents we've created then we'll have
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit a88289f4ddee4165d5f796bd99e09eec3133c16b upstream.
syzbot reported:
BUG: KMSAN: uninit-value in tipc_conn_rcv_sub+0x184/0x950 net/tipc/topsrv.c:373
CPU: 0 PID: 66 Comm:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit 0762216c0ad2a2fccd63890648eca491f2c83d9a upstream.
syzbot reported:
BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:484
CPU: 1 PID: 6371 Comm: syz-executor652 Not
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Arnd Bergmann
commit 5a9372f751b5350e0ce3d2ee91832f1feae2c2e5 upstream.
While reading through the sysvipc implementation, I noticed that the n32
semctl/shmctl/msgctl system calls behave
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jan Kara
commit 04906b2f542c23626b0ef6219b808406f8dddbe9 upstream.
bd_set_size() updates also block device's block size. This is somewhat
unexpected from its name and at this point, only
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Xin Long
commit 400b8b9a2a17918f8ce00786f596f530e7f30d50 upstream.
The similar issue as fixed in Commit 4a2eb0c37b47 ("sctp: initialize
sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event")
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Yufen Yu
commit 94a2c3a32b62e868dc1e3d854326745a7f1b8c7a upstream.
We recently got a stack by syzkaller like this:
BUG: sleeping function called from invalid context at mm/slab.h:361
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Ard Biesheuvel
commit 1598ecda7b239e9232dda032bfddeed9d89fab6c upstream.
kaslr_early_init() is called with the kernel mapped at its
link time offset, and if it returns with a non-zero offset,
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Vlad Tsyrklevich
commit a01421e4484327fe44f8e126793ed5a48a221e24 upstream.
Using [1] for static analysis I found that the OMAPFB_QUERY_PLANE,
OMAPFB_GET_COLOR_KEY, OMAPFB_GET_DISPLAY_INFO,
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Hans Verkuil
commit 701f49bc028edb19ffccd101997dd84f0d71e279 upstream.
kthread_run returns an error pointer, but elsewhere in the code
dev->kthread_vid_cap/out is checked against NULL.
If
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: J. Bruce Fields
commit 81c88b18de1f11f70c97f28ced8d642c00bb3955 upstream.
If we ignore the error we'll hit a null dereference a little later.
Reported-by:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: David Sterba
commit 77b7aad195099e7c6da11e94b7fa6ef5e6fb0025 upstream.
This reverts commit e73e81b6d0114d4a303205a952ab2e87c44bd279.
This patch causes a few problems:
- adds latency to
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian La Roche
commit fbfaf851902cd9293f392f3a1735e0543016d530 upstream.
If an input number x for int_sqrt64() has the highest bit set, then
fls64(x) is 64. (1UL << 64) is an overflow and
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Heinrich Schuchardt
commit 132ac39cffbcfed80ada38ef0fc6d34d95da7be6 upstream.
The memory area [0x400-0x420[ is occupied by the PSCI firmware. Any
attempt to access it from Linux leads
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Sakari Ailus
commit 7fe9f01c04c2673bd6662c35b664f0f91888b96f upstream.
The num_planes field in struct v4l2_pix_format_mplane is used in a loop
before validating it. As the use is printing a
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Leon Romanovsky
commit a9666c1cae8dbcd1a9aacd08a778bf2a28eea300 upstream.
Unsafe global rkey is considered dangerous because it exposes memory
registered for all memory in the system. Only
This is the start of the stable review cycle for the 4.19.17 release.
There are 99 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed Jan 23 13:48:56 UTC 2019.
Anything
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
commit 1bea445b0a022ee126ca328b3705cd4df18ebc14 upstream.
[2.364486] WARNING: CPU: 0 PID: 60 at ./arch/powerpc/include/asm/io.h:837
dma_nommu_map_page+0x44/0xd4
[
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Juergen Gross
commit 867cefb4cb1012f42cada1c7d1f35ac8dd276071 upstream.
Commit f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable'
sched_clock() interface") broke Xen guest time
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Julia Lawall
commit 28b170e88bc0c7509e6724717c15cb4b5686026e upstream.
Add an of_node_put when the result of of_graph_get_remote_port_parent is
not available.
The semantic match that finds
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Johan Hovold
commit 3f1bb6abdf19cfa89860b3bc9e7f31b44b6a0ba1 upstream.
Use the new of_get_compatible_child() helper to look up child nodes to
avoid ever matching non-child nodes elsewhere in
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Zhenyu Wang
commit 51b00d8509dc69c98740da2ad07308b630d3eb7d upstream.
This is to fix missed mmap range check on vGPU bar2 region
and only allow to map vGPU allocated GMADDR range, which means
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit f7fcc98dfc2d136722007fec0debbed761679b94 upstream.
The lockless workqueue garbage collector can race with packet path
garbage collector to delete list nodes, as it
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Shawn Bohrer
commit c78e7818f16f687389174c4569243abbec8dc68f upstream.
Most of the time these were the same value anyway, but when
CONFIG_LOCKDEP was enabled we would use a smaller number of
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Oliver Hartkopp
commit 0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 upstream.
Muyu Yu provided a POC where user root with CAP_NET_ADMIN can create a CAN
frame modification rule that makes the
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Biggers
commit ab57b33525c3221afaebd391458fa0cbcd56903d upstream.
Convert the bcm crypto driver to use crypto_authenc_extractkeys() so
that it picks up the fix for broken validation of
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Aymen Sghaier
commit 04e6d25c5bb244c1a37eb9fe0b604cc11a04e8c5 upstream.
Recent changes - probably DMA API related (generic and/or arm64-specific) -
exposed a case where driver maps a
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Harsh Jain
commit a7773363624b034ab198c738661253d20a8055c2 upstream.
Authencesn template in decrypt path unconditionally calls aead_request_complete
after ahash_verify which leads to
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Biggers
commit dc95b5350a8f07d73d6bde3a79ef87289698451d upstream.
Convert the ccree crypto driver to use crypto_authenc_extractkeys() so
that it picks up the fix for broken validation of
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Willem de Bruijn
[ Upstream commit 001e465f09a18857443489a57e74314a3368c805 ]
A network device stack with multiple layers of bonding devices can
trigger a false positive lockdep warning.
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Biggers
commit d45a90cb5d061fa7d411b974b950fe0b8bc5f265 upstream.
sm3_compress() calls rol32() with shift >= 32, which causes undefined
behavior. This is easily detected by enabling
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Heiner Kallweit
[ Upstream commit 11287b693d03830010356339e4ceddf47dee34fa ]
This soft dependency works around an issue where sometimes the genphy
driver is used instead of the dedicated PHY
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Dmitry Safonov
commit cf62a1a13749db0d32b5cdd800ea91a4087319de upstream.
As notted by Jiri, tty_ldisc_reinit() shouldn't rely on tty counter.
Simplify math by increasing the counter after
4.19-stable review patch. If anyone has any objections, please let me know.
--
[ Upstream commit 801df68d617e3cb831f531c99fa6003620e6b343 ]
csk leak can happen if a new TCP connection gets established after
cxgbit_accept_np() returns, to fix this leak free remaining csk in
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Jason Gunthorpe
[ Upstream commit d972f3dce8d161e2142da0ab1ef25df00e2f21a9 ]
'dev' is non NULL when the addr_len check triggers so it must goto a label
that does the dev_put otherwise dev
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit a007232066f6839d6f256bab21e825d968f1a163 upstream.
Size and 'next bit' were swapped, this bug could cause worker to
reschedule itself even if system was idle.
Fixes:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Bryan Whitehead
[ Upstream commit a0071840d2040ea1b27e5a008182b09b88defc15 ]
It has been noticed that some phys do not have the registers
required by the previous implementation.
To fix
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: JianJhen Chen
[ Upstream commit 4c84edc11b76590859b1e45dd676074c59602dc4 ]
When handling DNAT'ed packets on a bridge device, the neighbour cache entry
from lookup was used without checking
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Eric Dumazet
[ Upstream commit 7d033c9f6a7fd3821af75620a0257db87c2b552a ]
This patch makes sure the flow label in the IPv6 header
forged in ipv6_local_error() is initialized.
BUG: KMSAN:
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Cong Wang
[ Upstream commit 26d92e951fe0a44ee4aec157cabb65a818cc8151 ]
In smc_release() we release smc->clcsock before unhash the smc
sock, but a parallel smc_diag_dump() may be still reading
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Dmitry Safonov
commit 83d817f41070c48bc3eb7ec18e43000a548fca5c upstream.
tty_ldisc_reinit() doesn't race with neither tty_ldisc_hangup()
nor set_ldisc() nor tty_ldisc_release() as they use
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Stanislav Fomichev
[ Upstream commit 0b7959b6257322f7693b08a459c505d4938646f2 ]
BUG: unable to handle kernel NULL pointer dereference at 00d1
Call Trace:
?
4.19-stable review patch. If anyone has any objections, please let me know.
--
[ Upstream commit ed076c55b359cc9982ca8b065bcc01675f7365f6 ]
In case of arp failure call cxgbit_put_csk() to free csk.
Signed-off-by: Varun Prakash
Signed-off-by: Martin K. Petersen
Signed-off-by:
4.19-stable review patch. If anyone has any objections, please let me know.
--
This reverts commit c9cef2c71a89a2c926dae8151f9497e72f889315.
A wrong commit message was used for the stable commit because of a human
error (and duplicate commit subject lines).
This patch reverts
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Pablo Neira Ayuso
commit 2f971a8f425545da52ca0e6bee81f5b1ea0ccc5f upstream.
Two CPUs may race to remove a connection from the list, the existing
conn->dead will result in a use-after-free.
This is the start of the stable review cycle for the 4.9.152 release.
There are 51 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed Jan 23 12:24:02 UTC 2019.
Anything
4.19-stable review patch. If anyone has any objections, please let me know.
--
From: Florian Westphal
commit df4a902509766897f7371fdfa4c3bf8bc321b55d upstream.
'lookup' is always followed by 'add'.
Merge both and make the list-walk part of nf_conncount_add().
This also
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Guenter Roeck
If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes
the iotop application to bail out with an error message.
File
4.9-stable review patch. If anyone has any objections, please let me know.
--
From: Ying Xue
commit edf5ff04a45750ac8ce2435974f001dc9cfbf055 upstream.
syzbot reports following splat:
BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 lib/string.c:486
CPU: 1 PID: 9306 Comm:
801 - 900 of 1530 matches
Mail list logo