[PATCH 4.19 128/134] bpf: do not restore dst_reg when cur_state is freed

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xu Yu commit 0803278b0b4d8eeb2b461fb698785df65a725d9e upstream. Syzkaller hit 'KASAN: use-after-free Write in sanitize_ptr_alu' bug. Call trace: dump_stack+0xbf/0x12e

[PATCH 4.19 114/134] mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Lars Persson commit d2b2c6dd227ba5b8a802858748ec9a780cb75b47 upstream. Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and SIGSEGV that could not be traced back to a

[PATCH 4.19 133/134] usb: typec: class: Dont use port parent for getting mux handles

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Heikki Krogerus commit 23481121c81d984193edf1532f5e123637e50903 upstream. It is not possible to use the parent of the port device when requesting mux handles as the parent may be a multiport

[PATCH 4.19 132/134] platform: x86: intel_cht_int33fe: Add connections for the USB Type-C port

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Heikki Krogerus commit 495965a1002a0b301bf4fbfd1aed3233f3e7db1b upstream. Assigning the mux to the USB Type-C port on top of fusb302. That will prepare this driver for the change in the USB

[PATCH 4.19 127/134] staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Gao Xiang commit 33bac912840fe64dbc15556302537dc6a17cac63 upstream. After commit 419d6efc50e9, kernel cannot be crashed in the namei path. However, corrupted nameoff can do harm in the

[PATCH 4.19 120/134] watchdog: Respect watchdog cpumask on CPU hotplug

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 7dd47617114921fdd8c095509e5e7b4373cc44a1 upstream. The rework of the watchdog core to use cpu_stop_work broke the watchdog cpumask on CPU hotplug. The

[PATCH 4.19 123/134] KVM: Reject device ioctls from processes other than the VMs creator

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream. KVM's API requires thats ioctls must be issued from the same process that created the VM. In other words,

[PATCH 4.19 124/134] KVM: x86: update %rip after emulating IO

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 45def77ebf79e2e8942b89ed79294d97ce914fa0 upstream. Most (all?) x86 platforms provide a port IO based reset mechanism, e.g. OUT 92h or CF9h. Userspace may emulate

[PATCH 4.19 125/134] KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 upstream. The CPUID flag ARCH_CAPABILITIES is unconditioinally exposed to host userspace for all x86 hosts, i.e. KVM

[PATCH 4.19 121/134] cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 206b92353c839c0b27a0b9bec24195f93fd6cf7a upstream. Tianyu reported a crash in a CPU hotplug teardown callback when booting a kernel which has CONFIG_HOTPLUG_CPU

[PATCH 4.19 106/134] usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Yasushi Asano commit 40fc165304f0faaae78b761f8ee30b5d216b1850 upstream. When plugging BUFFALO LUA4-U3-AGT USB3.0 to Gigabit Ethernet LAN Adapter, warning messages filled up dmesg. [

[PATCH 4.19 077/134] drm/rockchip: vop: reset scale mode when win is disabled

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jonas Karlman commit e9abc611a941d4051cde1d94b2ab7473fdb50102 upstream. NV12 framebuffers produced by the VPU shows distorted on RK3288 after win has been disabled when scaling is active.

[PATCH 4.19 109/134] xhci: Dont let USB3 ports stuck in polling state prevent suspend

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Mathias Nyman commit d92f2c59cc2cbca6bfb2cc54882b58ba76b15fd4 upstream. Commit 2f31a67f01a8 ("usb: xhci: Prevent bus suspend if a port connect change or polling state is detected") was

[PATCH 4.19 070/134] kbuild: modversions: Fix relative CRC byte order interpretation

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Fredrik Noring commit 54a7151b1496cddbb7a83546b7998103e98edc88 upstream. Fix commit 56067812d5b0 ("kbuild: modversions: add infrastructure for emitting relative CRCs") where CRCs are

[PATCH 4.19 079/134] tty: atmel_serial: fix a potential NULL pointer dereference

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit c85be041065c0be8bc48eda4c45e0319caf1d0e5 upstream. In case dmaengine_prep_dma_cyclic fails, the fix returns a proper error code to avoid NULL pointer dereference.

[PATCH 4.19 076/134] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit 242ec1455151267fe35a0834aa9038e4c4670884 upstream. Suppose more than one non-NPIV FCP device is active on the same channel. Send I/O to storage and have some of the

[PATCH 4.19 075/134] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Steffen Maier commit fe67888fc007a76b81e37da23ce5bd8fb95890b0 upstream. An already deleted SCSI device can exist on the Scsi_Host and remain there because something still holds a reference.

[PATCH 4.19 101/134] gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Axel Lin commit c5bc6e526d3f217ed2cc3681d256dc4a2af4cc2b upstream. Current code test wrong value so it does not verify if the written data is correctly read back. Fix it. Also make it return

[PATCH 4.19 100/134] gpio: exar: add a check for the return value of ida_simple_get fails

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kangjie Lu commit 7ecced0934e574b528a1ba6c237731e682216a74 upstream. ida_simple_get may fail and return a negative error number. The fix checks its return value; if it fails, go to

[PATCH 4.19 103/134] usb: mtu3: fix EXTCON dependency

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 3d54d10c6afed34fd45b852bf76f55e8da31d8ef upstream. When EXTCON is a loadable module, mtu3 fails to link as built-in: drivers/usb/mtu3/mtu3_plat.o: In function

[PATCH 4.19 104/134] USB: gadget: f_hid: fix deadlock in f_hidg_write()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Radoslav Gerganov commit 072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 upstream. In f_hidg_write() the write_spinlock is acquired before calling usb_ep_queue() which causes a deadlock when

[PATCH 4.19 091/134] USB: serial: mos7720: fix mos_parport refcount imbalance on error path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Lin Yi commit 2908b076f5198d231de62713cb2b633a3a4b95ac upstream. The write_parport_reg_nonblock() helper takes a reference to the struct mos_parport, but failed to release it in a couple of

[PATCH 4.19 097/134] drm/vgem: fix use-after-free when drm_gem_handle_create() fails

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 21d2b122732318b48c10b7262e15595ce54511d3 upstream. If drm_gem_handle_create() fails in vgem_gem_create(), then the drm_vgem_gem_object is freed twice: once when the

[PATCH 4.19 085/134] staging: erofs: fix to handle error path of erofs_vmap()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Chao Yu commit 8bce6dcede65139a087ff240127e3f3c01363eed upstream. erofs_vmap() wrapped vmap() and vm_map_ram() to return virtual continuous memory, but both of them can failed due to a lot of

[PATCH 4.19 096/134] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing commit 23da9588037ecdd4901db76a5b79a42b529c4ec3 upstream. Syzkaller reports: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1]

[PATCH 4.19 090/134] USB: serial: ftdi_sio: add additional NovaTech products

4.19-stable review patch. If anyone has any objections, please let me know. -- From: George McCollister commit 422c2537ba9d42320f8ab6573940269f87095320 upstream. Add PIDs for the NovaTech OrionLX+ and Orion I/O so they can be automatically detected. Signed-off-by: George

[PATCH 4.19 072/134] ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Darrick J. Wong commit e6a9467ea14bae8691b0f72c500510c42ea8edb8 upstream. ocfs2_reflink_inodes_lock() can swap the inode1/inode2 variables so that we always grab cluster locks in order of

[PATCH 4.19 092/134] USB: serial: option: set driver_info for SIM5218 and compatibles

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Mans Rullgard commit f8df5c2c3e2df5ffaf9fb5503da93d477a8c7db4 upstream. The SIMCom SIM5218 and compatible devices have 5 USB interfaces, only 4 of which are serial ports. The fifth is a

[PATCH 4.19 093/134] USB: serial: option: add support for Quectel EM12

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kristian Evensen commit d1252f0237238b912c3e7a51bf237acf34c97983 upstream. The Quectel EM12 is a Cat. 12 LTE modem. It behaves in the exactly the same way as the EP06 (including the dynamic

[PATCH 4.19 094/134] USB: serial: option: add Olicard 600

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Bjørn Mork commit 84f3b43f7378b98b7e3096d5499de75183d4347c upstream. This is a Qualcomm based device with a QMI function on interface 4. It is mode switched from 2020:2030 using a standard

[PATCH 4.19 089/134] USB: serial: cp210x: add new device id

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman commit a595ecdd5f60b2d93863cebb07eec7f935839b54 upstream. Lorenz Messtechnik has a device that is controlled by the cp210x driver, so add the device id to the driver. The

[PATCH 4.19 087/134] serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Aditya Pakki commit 32f47179833b63de72427131169809065db6745e upstream. of_match_device on failure to find a matching device can return a NULL pointer. The patch checks for such a scenrio and

[PATCH 4.19 088/134] serial: sh-sci: Fix setting SCSCR_TIE while transferring data

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Hoan Nguyen An commit 93bcefd4c6bad4c69dbc4edcd3fbf774b24d930d upstream. We disable transmission interrupt (clear SCSCR_TIE) after all data has been transmitted (if uart_circ_empty(xmit)).

[PATCH 4.19 082/134] staging: speakup_soft: Fix alternate speech with other synths

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Samuel Thibault commit 45ac7b31bc6c4af885cc5b5d6c534c15bcbe7643 upstream. When switching from speakup_soft to another synth, speakup_soft would keep calling synth_buffer_getc() from

[PATCH 4.19 084/134] staging: vt6655: Fix interrupt race condition on device start up.

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit 3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream. It appears on some slower systems that the driver can find its way out of the workqueue while the interrupt is

[PATCH 4.19 083/134] staging: vt6655: Remove vif check from vnt_interrupt

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Malcolm Priestley commit cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream. A check for vif is made in vnt_interrupt_work. There is a small chance of leaving interrupt disabled while vif is

[PATCH 4.19 081/134] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Ian Abbott commit bafd9c64056cd034a1174dcadb65cd3b294ff8f6 upstream. `ni_cdio_cmdtest()` validates Comedi asynchronous commands for the DIO subdevice (subdevice 2) of supported National

[PATCH 4.19 067/134] ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Chris Chiu commit a806ef1cf3bbc0baadc6cdeb11f12b5dd27e91c2 upstream. The ASUS laptop P5440FF with ALC256 can't detect the headset microphone until ALC256_FIXUP_ASUS_MIC_NO_PRESENCE quirk

[PATCH 4.19 036/134] powerpc/fsl: Add nospectre_v2 command line argument

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit f633a8ad636efb5d4bba1a047d4a0f1ef719aa06 upstream. When the command line argument is present, the Spectre variant 2 mitigations are disabled. Signed-off-by: Diana

[PATCH 4.19 037/134] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit 10c5e83afd4a3f01712d97d3bb1ae34d5b74a185 upstream. In order to protect against speculation attacks on indirect branches, the branch predictor is flushed at kernel entry

[PATCH 4.19 038/134] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit 7fef436295bf6c05effe682c8797dfcb0deb112a upstream. In order to protect against speculation attacks on indirect branches, the branch predictor is flushed at kernel entry

[PATCH 4.19 080/134] tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Nathan Chancellor commit c5cbc78acf693f5605d4a85b1327fa7933daf092 upstream. When building with -Wsometimes-uninitialized, Clang warns: drivers/tty/serial/qcom_geni_serial.c:1079:6: warning:

[PATCH 4.19 029/134] net: sched: fix cleanup NULL pointer exception in act_mirr

4.19-stable review patch. If anyone has any objections, please let me know. -- From: John Hurley [ Upstream commit 064c5d6881e897077639e04973de26440ee205e6 ] A new mirred action is created by the tcf_mirred_init function. This contains a list head struct which is inserted

[PATCH 4.19 061/134] ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kailang Yang commit 136824efaab2c095fc911048f7c7ddeda258c965 upstream. This patch will enable WYSE AIO for Headset mode. Signed-off-by: Kailang Yang Signed-off-by: Takashi Iwai

[PATCH 4.19 062/134] ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kailang Yang commit da484d00f020af3dd7cfcc6c4b69a7f856832883 upstream. Enable headset mode support for new WYSE NB platform. Signed-off-by: Kailang Yang Signed-off-by: Takashi Iwai

[PATCH 4.19 066/134] ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit e1037354a0a75acdea2b27043c0a371ed85cf262 upstream. The ASUS laptop X441MB and X705FD with ALC256 cannot detect the headset MIC until ALC256_FIXUP_ASUS_MIC_NO_PRESENCE

[PATCH 4.19 058/134] ALSA: seq: oss: Fix Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit c709f14f0616482b67f9fbcb965e1493a03ff30b upstream. dev is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1

[PATCH 4.19 064/134] ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 2733ccebf4a937a0858e7d05a4a003b89715033f upstream. The Acer Aspire Z24-890 cannot detect the headset MIC until ALC286_FIXUP_ACER_AIO_HEADSET_MIC quirk applied.

[PATCH 4.19 032/134] tun: add a missing rcu_read_unlock() in error path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 9180bb4f046064dfa4541488102703b402bb04e1 upstream. In my latest patch I missed one rcu_read_unlock(), in case device is down. Fixes: 4477138fa0ae ("tun: properly test for

[PATCH 4.19 059/134] ALSA: pcm: Fix possible OOB access in PCM oss plugins

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit ca0214ee2802dd47239a4e39fb21c5b00ef61b22 upstream. The PCM OSS emulation converts and transfers the data on the fly via "plugins". The data is converted over the

[PATCH 4.19 063/134] ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Jian-Hong Pan commit 667a8f73753908c4d0171e52b71774f9be5d6713 upstream. Some Acer AIO desktops like Veriton Z6860G, Z4860G and Z4660G cannot record sound from headset MIC. This patch adds

[PATCH 4.19 065/134] ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Chris Chiu commit c7531e31c8a440b5fe6bd62664def5bcb6262f96 upstream. The Acer laptop Aspire E5-523G and ES1-432 with ALC255 can't detect the headset microphone until

[PATCH 4.19 044/134] powerpc/security: Fix spectre_v2 reporting

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman commit 92edf8df0ff2ae86cc632eeca0e651fd8431d40d upstream. When I updated the spectre_v2 reporting to handle software count cache flush I got the logic wrong when there's no

[PATCH 4.19 047/134] btrfs: dont report readahead errors and dont update statistics

4.19-stable review patch. If anyone has any objections, please let me know. -- From: David Sterba commit 0cc068e6ee59c1fffbfa977d8bf868b7551d80ac upstream. As readahead is an optimization, all errors are usually filtered out, but still properly handled when the real read call

[PATCH 4.19 048/134] btrfs: raid56: properly unmap parity page in finish_parity_scrub()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Andrea Righi commit 3897b6f0a859288c22fb793fad11ec2327e60fcd upstream. Parity page is incorrectly unmapped in finish_parity_scrub(), triggering a reference counter bug on i386, i.e.: [

[PATCH 4.19 045/134] Btrfs: fix incorrect file size after shrinking truncate and fsync

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit bf504110bc8aa05df48b0e5f0aa84bfb81e0574b upstream. If we do a shrinking truncate against an inode which is already present in the respective log tree and then rename it,

[PATCH 4.19 056/134] net: dsa: qca8k: remove leftover phy accessors

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Christian Lamparter commit 1eec7151ae0e134bd42e3f128066b2ff8da21393 upstream. This belated patch implements Andrew Lunn's request of "remove the phy_read() and phy_write() functions."

[PATCH 4.19 053/134] vfio: ccw: only free cp on final interrupt

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Cornelia Huck commit 50b7f1b7236bab08ebbbecf90521e84b068d7a17 upstream. When we get an interrupt for a channel program, it is not necessarily the final interrupt; for example, the issuing

[PATCH 4.19 057/134] ALSA: rawmidi: Fix potential Spectre v1 vulnerability

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 2b1d9c8f87235f593826b9cf46ec10247741fff9 upstream. info->stream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre

[PATCH 4.19 031/134] thunderx: eliminate extra calls to put_page() for pages held for recycling

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dean Nelson [ Upstream commit cd35ef91490ad8049dd180bb060aff7ee192eda9 ] For the non-XDP case, commit 773225388dae15e72790 ("net: thunderx: Optimize page recycling for XDP") added code to

[PATCH 4.19 042/134] powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit 039daac5526932ec731e4499613018d263af8b3e upstream. Fixed the following build warning: powerpc-linux-gnu-ld: warning: orphan section `__btb_flush_fixup' from

[PATCH 4.19 046/134] btrfs: remove WARN_ON in log_dir_items

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Josef Bacik commit 2cc8334270e281815c3850c3adea363c51f21e0d upstream. When Filipe added the recursive directory logging stuff in 2f2ff0ee5e430 ("Btrfs: fix metadata inconsistencies after

[PATCH 4.19 050/134] Btrfs: fix assertion failure on fsync with NO_HOLES enabled

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit 0ccc3876e4b2a1559a4dbe3126dda4459d38a83b upstream. Back in commit a89ca6f24ffe4 ("Btrfs: fix fsync after truncate when no_holes feature is enabled") I added an assertion

[PATCH 4.19 052/134] powerpc: bpf: Fix generation of load/store DW instructions

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Naveen N. Rao commit 86be36f6502c52ddb4b85938145324fd07332da1 upstream. Yauheni Kaliuta pointed out that PTR_TO_STACK store/load verifier test was failing on powerpc64 BE, and rightfully

[PATCH 4.19 041/134] powerpc/fsl: Update Spectre v2 reporting

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit dfa88658fb0583abb92e062c7a9cd5a5b94f2a46 upstream. Report branch predictor state flush as a mitigation for Spectre variant 2. Signed-off-by: Diana Craciun

[PATCH 4.19 051/134] ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Kohji Okuno commit 91740fc8242b4f260cfa4d4536d8551804777fae upstream. In the current cpuidle implementation for i.MX6q, the CPU that sets 'WAIT_UNCLOCKED' and the CPU that returns to

[PATCH 4.19 039/134] powerpc/fsl: Flush branch predictor when entering KVM

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Diana Craciun commit e7aa61f47b23afbec41031bc47ca8d6cb6516abc upstream. Switching from the guest to host is another place where the speculative accesses can be exploited. Flush the branch

[PATCH 5.0 016/146] net-sysfs: call dev_hold if kobject_init_and_add success

5.0-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing [ Upstream commit a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e ] In netdev_queue_add_kobject and rx_queue_add_kobject, if sysfs_create_group failed, kobject_put will call

[PATCH 4.19 008/134] mac8390: Fix mmio access size probe

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Finn Thain [ Upstream commit bb9e5c5bcd76f4474eac3baf643d7a39f7bac7bb ] The bug that Stan reported is as follows. After a restart, a 16-bit NIC may be incorrectly identified as a 32-bit NIC

[PATCH 4.19 028/134] ila: Fix rhashtable walker list corruption

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Herbert Xu [ Upstream commit b5f9bd15b88563b55a99ed588416881367a0ce5f ] ila_xlat_nl_cmd_flush uses rhashtable walkers allocated from the stack but it never frees them. This corrupts the

[PATCH 4.19 027/134] vxlan: Dont call gro_cells_destroy() before device is unregistered

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Zhiqiang Liu [ Upstream commit cc4807bb609230d8959fd732b0bf3bd4c2de8eac ] Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between receive and link delete") fixed a race condition

[PATCH 4.19 005/134] genetlink: Fix a memory leak on error path

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing [ Upstream commit ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2 ] In genl_register_family(), when idr_alloc() fails, we forget to free the memory we possibly allocate for

[PATCH 4.19 007/134] ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 1c87e79a002f6a159396138cd3f3ab554a2a8887 ] Jianlin reported a crash: [ 381.484332] BUG: unable to handle kernel NULL pointer dereference at 0068

[PATCH 4.19 004/134] dccp: do not use ipv6 header for ipv4 flow

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit e0aa67709f89d08c8d8e5bdd9e0b649df61d0090 ] When a dual stack dccp listener accepts an ipv4 flow, it should not attempt to use an ipv6 header or inet6_iif()

[PATCH 4.19 025/134] tun: properly test for IFF_UP

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 4477138fa0ae4e1b699786ef0600863ea6e6c61c ] Same reasons than the ones explained in commit 4179cb5a4c92 ("vxlan: test dev->flags & IFF_UP before calling

[PATCH 4.19 023/134] tipc: change to check tipc_own_id to return in tipc_net_stop

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 9926cb5f8b0f0aea535735185600d74db7608550 ] When running a syz script, a panic occurred: [ 156.088228] BUG: KASAN: use-after-free in tipc_disc_timeout+0x9c9/0xb20

[PATCH 4.19 021/134] tcp: do not use ipv6 header for ipv4 flow

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 89e4130939a20304f4059ab72179da81f5347528 ] When a dual stack tcp listener accepts an ipv4 flow, it should not attempt to use an ipv6 header or tcp_v6_iif()

[PATCH 4.19 024/134] tipc: fix cancellation of topology subscriptions

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Erik Hugne [ Upstream commit 33872d79f5d1cbedaaab79669cc38f16097a9450 ] When cancelling a subscription, we have to clear the cancel bit in the request before iterating over any established

[PATCH 4.19 022/134] tipc: allow service ranges to be connect()ed on RDM/DGRAM

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Erik Hugne [ Upstream commit ea239314fe42ace880bdd834256834679346c80e ] We move the check that prevents connecting service ranges to after the RDM/DGRAM check, and move address sanity control

[PATCH 4.19 026/134] vrf: prevent adding upper devices

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Sabrina Dubroca [ Upstream commit 1017e0987117c32783ba7c10fe2e7ff1456ba1dc ] VRF devices don't work with upper devices. Currently, it's possible to add a VRF device to a bridge or team, and

[PATCH 4.19 020/134] sctp: use memdup_user instead of vmemdup_user

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit ef82bcfa671b9a635bab5fa669005663d8b177c5 ] In sctp_setsockopt_bindx()/__sctp_setsockopt_connectx(), it allocates memory with addrs_size which is passed from

[PATCH 4.19 017/134] packets: Always register packet sk in the same order

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Maxime Chevallier [ Upstream commit a4dc6a49156b1f8d6e17251ffda17c9e6a5db78a ] When using fanouts with AF_PACKET, the demux functions such as fanout_demux_cpu will return an index in the

[PATCH 4.19 019/134] sctp: get sctphdr by offset in sctp_compute_cksum

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Xin Long [ Upstream commit 273160ffc6b993c7c91627f5a84799c66dfe4dee ] sctp_hdr(skb) only works when skb->transport_header is set properly. But in Netfilter, skb->transport_header for ipv6 is

[PATCH 4.19 016/134] net-sysfs: call dev_hold if kobject_init_and_add success

4.19-stable review patch. If anyone has any objections, please let me know. -- From: YueHaibing [ Upstream commit a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e ] In netdev_queue_add_kobject and rx_queue_add_kobject, if sysfs_create_group failed, kobject_put will call

[PATCH 4.19 010/134] net: aquantia: fix rx checksum offload for UDP/TCP over IPv6

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Dmitry Bogdanov [ Upstream commit a7faaa0c5dc7d091cc9f72b870d7edcdd6f43f12 ] TCP/UDP checksum validity was propagated to skb only if IP checksum is valid. But for IPv6 there is no validity as

[PATCH 4.19 015/134] net: stmmac: fix memory corruption with large MTUs

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Aaro Koskinen [ Upstream commit 223a960c01227e4dbcb6f9fa06b47d73bda21274 ] When using 16K DMA buffers and ring mode, the DES3 refill is not working correctly as the function is using a bogus

[PATCH 4.19 011/134] net: datagram: fix unbounded loop in __skb_try_recv_datagram()

4.19-stable review patch. If anyone has any objections, please let me know. -- From: Paolo Abeni [ Upstream commit 0b91bce1ebfc797ff3de60c8f4a1e6219a8a3187 ] Christoph reported a stall while peeking datagram with an offset when busy polling is enabled.

[PATCH 5.0 124/146] usb: typec: Fix unchecked return value

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit e82adc1074a7356f1158233551df9e86b7ebfb82 upstream. Currently there is no check on platform_get_irq() return value in case it fails, hence never actually reporting

[PATCH 5.0 129/146] mm/debug.c: fix __dump_page when mapping->host is not set

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Oscar Salvador commit 5ae2efb1dea9f537453e841714e3ee2757595aec upstream. While debugging something, I added a dump_page() into do_swap_page(), and I got the splat from below. The issue

[PATCH 5.0 131/146] mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate()

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Qian Cai commit f5777bc2d9cf0712554228b1a7927b6f13f5c1f0 upstream. Due to has_unmovable_pages() taking an incorrect irqsave flag instead of the isolation flag in set_migratetype_isolate(),

[PATCH 5.0 133/146] perf pmu: Fix parser error for uncore event alias

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Kan Liang commit e94d6b7f615e6dfbaf9fba7db6011db561461d0c upstream. Perf fails to parse uncore event alias, for example: # perf stat -e unc_m_clockticks -a --no-merge sleep 1 event syntax

[PATCH 5.0 128/146] mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Yang Shi commit a7f40cfe3b7ada57af9b62fd28430eeb4a7cfcb7 upstream. When MPOL_MF_STRICT was specified and an existing page was already on a node that does not follow the policy, mbind() should

[PATCH 5.0 132/146] mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Lars Persson commit d2b2c6dd227ba5b8a802858748ec9a780cb75b47 upstream. Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and SIGSEGV that could not be traced back to a

[PATCH 5.0 146/146] mt76x02u: use usb_bulk_msg to upload firmware

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Stanislaw Gruszka commit 5de4db8fcb6d6fc7d9064c22841211790c0ab81b upstream. We don't need to send firmware data asynchronously, much simpler is just use synchronous usb_bulk_msg(). [ stable

[PATCH 5.0 144/146] KVM: x86: update %rip after emulating IO

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 45def77ebf79e2e8942b89ed79294d97ce914fa0 upstream. Most (all?) x86 platforms provide a port IO based reset mechanism, e.g. OUT 92h or CF9h. Userspace may emulate

[PATCH 5.0 126/146] mm: add support for kmem caches in DMA32 zone

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Nicolas Boichat commit 6d6ea1e967a246f12cfe2f5fb743b70b2e608d4a upstream. Patch series "iommu/io-pgtable-arm-v7s: Use DMA32 zone for page tables", v6. This is a followup to the discussion in

[PATCH 5.0 137/146] powerpc/64: Fix memcmp reading past the end of src/dest

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman commit d9470757398a700d9450a43508000bcfd010c7a4 upstream. Chandan reported that fstests' generic/026 test hit a crash: BUG: Unable to handle kernel data access at

[PATCH 5.0 139/146] watchdog: Respect watchdog cpumask on CPU hotplug

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 7dd47617114921fdd8c095509e5e7b4373cc44a1 upstream. The rework of the watchdog core to use cpu_stop_work broke the watchdog cpumask on CPU hotplug. The

[PATCH 5.0 140/146] cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 206b92353c839c0b27a0b9bec24195f93fd6cf7a upstream. Tianyu reported a crash in a CPU hotplug teardown callback when booting a kernel which has CONFIG_HOTPLUG_CPU disabled

[PATCH 5.0 143/146] KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts

5.0-stable review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 0cf9135b773bf32fba9dd8e6699c1b331ee4b749 upstream. The CPUID flag ARCH_CAPABILITIES is unconditioinally exposed to host userspace for all x86 hosts, i.e. KVM

<    3   4   5   6   7   8   9   10   11   12   >