[PATCH 3.18 25/46] ALSA: aloop: Fix racy hw constraints adjustment

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 898dfe4687f460ba337a01c11549f87269a13fa2 upstream. The aloop driver tries to update the hw constraints of the connected target on the cable of the opened PCM substream.

[PATCH 3.18 39/46] USB: serial: cp210x: add new device ID ELV ALC 8xxx

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Christian Holl commit d14ac576d10f865970bb1324d337e5e24d79aaf4 upstream. This adds the ELV ALC 8xxx Battery Charging device to the list of USB IDs of drivers/usb/serial/cp210x.c

[PATCH 3.18 42/46] usbip: remove kernel addresses from usb device and urb debug msgs

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit e1346fd87c71a1f61de1fe476ec8df1425ac931c upstream. usbip_dump_usb_device() and usbip_dump_urb() print kernel addresses. Remove kernel addresses from usb device and urb debug

[PATCH 3.18 46/46] e1000e: Fix e1000_check_for_copper_link_ich8lan return value.

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Benjamin Poirier commit 4110e02eb45ea447ec6f5459c9934de0a273fb91 upstream. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() are the two functions that may be assigned

[PATCH 4.4 01/87] dm bufio: fix shrinker scans when (nr_to_scan < retain_target)

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Suren Baghdasaryan commit fbc7c07ec23c040179384a1f16b62b6030eb6bdd upstream. When system is under memory pressure it is observed that dm bufio shrinker often reclaims only one buffer per scan.

[PATCH 3.18 44/46] Bluetooth: Prevent stack info leak from the EFS element.

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Ben Seri commit 06e7e776ca4d36547e503279aeff996cbb292c16 upstream. In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without

[PATCH 4.4 10/87] MIPS: Also verify sizeof `elf_fpreg_t with PTRACE_SETREGSET

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 006501e039eec411842bb3150c41358867d320c2 upstream. Complement commit d614fd58a283 ("mips/ptrace: Preserve previous registers for short regset write") and like with the

[PATCH 3.18 45/46] uas: ignore UAS for Norelsys NS1068(X) chips

3.18-stable review patch. If anyone has any objections, please let me know. -- From: Icenowy Zheng commit 928afc85270753657b5543e052cc270c279a3fe9 upstream. The UAS mode of Norelsys NS1068(X) is reported to fail to work on several platforms with the following error message:

[PATCH 4.4 03/87] can: gs_usb: fix return value of the "set_bittiming" callback

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Wolfgang Grandegger commit d5b42e6607661b198d8b26a0c30969605b1bf5c7 upstream. The "set_bittiming" callback treats a positive return value as error! For that reason "can_changelink()" will quit

[PATCH 4.4 07/87] MIPS: Guard against any partial write attempt with PTRACE_SETREGSET

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit dc24d0edf33c3e15099688b6bbdf7bdc24bf6e91 upstream. Complement commit d614fd58a283 ("mips/ptrace: Preserve previous registers for short regset write") and ensure that

[PATCH 4.4 00/87] 4.4.112-stable review

This is the start of the stable review cycle for the 4.4.112 release. There are 87 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 17 12:33:11 UTC 2018. Anything

[PATCH 4.4 26/87] mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Joonsoo Kim commit e1409c325fdc1fef7b3d8025c51892355f065d15 upstream. pageblock_pfn_to_page() is used to check there is valid pfn and all pages in the pageblock is in a single zone. If there

[PATCH 4.4 30/87] locks: dont check for race with close when setting OFD lock

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jeff Layton commit 0752ba807b04ccd69cb4bc8bbf829a80ee208a3c upstream. We don't clean out OFD locks on close(), so there's no need to check for a race with them here. They'll get cleaned out at

[PATCH 4.4 28/87] mm/zswap: use workqueue to destroy pool

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Dan Streetman commit 200867af4dedfe7cb707f96773684de1d1fd21e6 upstream. Add a work_struct to struct zswap_pool, and change __zswap_pool_empty to use the workqueue instead of using call_rcu().

[PATCH 4.4 09/87] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit be07a6a1188372b6d19a3307ec33211fc9c9439d upstream. Fix a commit 72b22bbad1e7 ("MIPS: Don't assume 64-bit FP registers for FP regset") public API regression, then

[PATCH 4.4 17/87] ALSA: pcm: Remove incorrect snd_BUG_ON() usages

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit fe08f34d066f4404934a509b6806db1a4f700c86 upstream. syzkaller triggered kernel warnings through PCM OSS emulation at closing a stream: WARNING: CPU: 0 PID: 3502 at

[PATCH 4.4 38/87] lan78xx: use skb_cow_head() to deal with cloned skbs

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit d4ca73591916b760478d2b04334d5dcadc028e9c upstream. We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change

[PATCH 4.4 50/87] net: core: fix module type in sock_diag_bind

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Andrii Vladyka [ Upstream commit b8fd0823e0770c2d5fdbd865bccf0d5e058e5287 ] Use AF_INET6 instead of AF_INET in IPv6-related code path Signed-off-by: Andrii Vladyka Signed-off-by: David S.

[PATCH 4.4 35/87] r8152: fix the wake event

4.4-stable review patch. If anyone has any objections, please let me know. -- From: hayeswang commit 5ee3c60c8d3b88cab6496c9b7d49a01576dd9cf9 upstream. When the autosuspend is enabled and occurs before system suspend, we should wake the device before running system syspend.

[PATCH 4.4 45/87] xhci: Fix ring leak in failure path of xhci_alloc_virt_device()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Ben Hutchings This is a stable-only fix for the backport of commit 5d9b70f7d52e ("xhci: Don't add a virt_dev to the devs array before it's fully allocated"). In branches that predate commit

[PATCH 4.4 51/87] RDS: Heap OOB write in rds_message_alloc_sgs()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mohamed Ghannam [ Upstream commit c095508770aebf1b9218e77026e48345d719b17c ] When args->nr_local is 0, nr_pages gets also 0 due some size calculation via rds_rm_size(), which is later used to

[PATCH 4.4 53/87] sh_eth: fix TSU resource handling

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Sergei Shtylyov [ Upstream commit dfe8266b8dd10e12a731c985b725fcf7f0e537f0 ] When switching the driver to the managed device API, I managed to break the case of a dual Ether devices

[PATCH 4.4 65/87] bpf: move fixup_bpf_calls() function

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Alexei Starovoitov commit e245c5c6a5656e4d61aa7bb08e9694fd6e5b2b9d upstream. no functional change. move fixup_bpf_calls() to verifier.c it's being refactored in the next patch Signed-off-by:

[PATCH 4.4 21/87] ALSA: aloop: Release cable upon open error path

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 9685347aa0a5c2869058ca6ab79fd8e93084a67f upstream. The aloop runtime object and its assignment in the cable are left even when opening a substream fails. This doesn't mean

[PATCH v6 2/5] kaslr: give a warning if movable_node specified without kaslr_mem=

Signed-off-by: Chao Fan --- arch/x86/boot/compressed/kaslr.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index b071f6edd7b2..38816d3f8865 100644 --- a/arch/x86/boot/compressed/kaslr.c +++

[PATCH 4.4 69/87] bpf, array: fix overflow in max_entries and undefined behavior in index_mask

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann commit bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 upstream. syzkaller tried to alloc a map with 0xfffd entries out of a userns, and thus unprivileged. With the recently added

[PATCH 4.4 63/87] bpf: add bpf_patch_insn_single helper

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann commit c237ee5eb33bf19fe0591c04ff8db19da7323a83 upstream. Move the functionality to patch instructions out of the verifier code and into the core as the new

[PATCH v6 4/5] kaslr: calculate the memory region in kaslr_mem

If there is no kaslr_mem= region specified, use region directely. Otherwise, calculate the intersecting between efi or e820 memmap entry and kaslr_mem. Rename process_mem_region to slots_count to match slots_fetch_random, and rename new function sa process_mem_region. Signed-off-by: Chao Fan

[PATCH 4.4 79/87] uas: ignore UAS for Norelsys NS1068(X) chips

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Icenowy Zheng commit 928afc85270753657b5543e052cc270c279a3fe9 upstream. The UAS mode of Norelsys NS1068(X) is reported to fail to work on several platforms with the following error message:

[PATCH 4.4 75/87] USB: fix usbmon BUG trigger

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Pete Zaitcev commit 46eb14a6e1585d99c1b9f58d0e7389082a5f466b upstream. Automated tests triggered this by opening usbmon and accessing the mmap while simultaneously resizing the buffers. This

[PATCH 4.4 77/87] staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Viktor Slavkovic commit 443064cb0b1fb4569fe0a71209da7625129fb760 upstream. A lock-unlock is missing in ASHMEM_SET_SIZE ioctl which can result in a race condition when mmap is called. After the

[PATCH 4.4 81/87] x86/Documentation: Add PTI description

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Dave Hansen commit 01c9b17bf673b05bb401b76ec763e9730ccf1376 upstream. Add some details about how PTI works, what some of the downsides are, and how to debug it when things go wrong. Also

[PATCH v7 09/17] irqchip: Add driver for Cirrus Logic Madera codecs

The Cirrus Logic Madera codecs (Cirrus Logic CS47L35/85/90/91 and WM1840) are highly complex devices containing up to 7 programmable DSPs and many other internal sources of interrupts plus a number of GPIOs that can be used as interrupt inputs. The large number (>150) of internal interrupt sources

[PATCH 4.4 82/87] sysfs/cpu: Add vulnerability folder

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 87590ce6e373d1a5401f6539f0c59ef92dd924a9 upstream. As the meltdown/spectre problem affects several CPU architectures, it makes sense to have common way to express

[PATCH 4.4 61/87] drm/vmwgfx: Potential off by one in vmw_view_add()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0d9cac0ca0429830c40fe1a4e50e60f6221fd7b6 upstream. The vmw_view_cmd_to_type() function returns vmw_view_max (3) on error. It's one element beyond the end of the

[PATCH 4.9 01/96] dm bufio: fix shrinker scans when (nr_to_scan < retain_target)

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Suren Baghdasaryan commit fbc7c07ec23c040179384a1f16b62b6030eb6bdd upstream. When system is under memory pressure it is observed that dm bufio shrinker often reclaims only one buffer per scan.

[PATCH 4.9 17/96] ALSA: pcm: Remove incorrect snd_BUG_ON() usages

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit fe08f34d066f4404934a509b6806db1a4f700c86 upstream. syzkaller triggered kernel warnings through PCM OSS emulation at closing a stream: WARNING: CPU: 0 PID: 3502 at

[PATCH 4.9 21/96] ALSA: aloop: Release cable upon open error path

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 9685347aa0a5c2869058ca6ab79fd8e93084a67f upstream. The aloop runtime object and its assignment in the cable are left even when opening a substream fails. This doesn't mean

[PATCH 4.9 23/96] ALSA: aloop: Fix racy hw constraints adjustment

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 898dfe4687f460ba337a01c11549f87269a13fa2 upstream. The aloop driver tries to update the hw constraints of the connected target on the cable of the opened PCM substream.

[PATCH 4.9 03/96] ath10k: rebuild crypto header in rx data frames

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Vasanthakumar Thiagarajan commit 7eccb738fce57cbe53ed903ccf43f9ab257b15b3 upstream. Rx data frames notified through HTT_T2H_MSG_TYPE_RX_IND and HTT_T2H_MSG_TYPE_RX_FRAG_IND expect PN/TSC check

[PATCH 4.9 08/96] MIPS: Factor out NT_PRFPREG regset access helpers

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit a03fe72572c12e98f4173f8a535f32468e48b6ec upstream. In preparation to fix a commit 72b22bbad1e7 ("MIPS: Don't assume 64-bit FP registers for FP regset") FCSR access

Re: [PATCH 03/14] mmc: mmci: Add support for setting pad type via pinctrl

On 12 January 2018 at 13:15, wrote: > From: Patrice Chotard > > The STM32 variant hasn't the control bit to switch pads in opendrain mode. > In this case we can achieve the same result by asking to the pinmux driver > to configure pins for us. > > This patch make the mmci driver able to do this

[PATCH 4.9 47/96] drm/vmwgfx: Potential off by one in vmw_view_add()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 0d9cac0ca0429830c40fe1a4e50e60f6221fd7b6 upstream. The vmw_view_cmd_to_type() function returns vmw_view_max (3) on error. It's one element beyond the end of the

[PATCH 4.9 40/96] ethtool: do not print warning for applications using legacy API

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Stephen Hemminger [ Upstream commit 71891e2dab6b55a870f8f7735e44a2963860b5c6 ] In kernel log ths message appears on every boot: "warning: `NetworkChangeNo' uses legacy ethtool link settings

[PATCH 4.9 44/96] rbd: set max_segments to USHRT_MAX

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit 21acdf45f4958135940f0b4767185cf911d4b010 upstream. Commit d3834fefcfe5 ("rbd: bump queue_max_segments") bumped max_segments (unsigned short) to max_hw_sectors (unsigned

[PATCH 4.9 49/96] iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit ae072726f6109bb1c94841d6fb3a82dde298ea85 upstream. Since commit 59b6986dbf fixed a potential NULL pointer dereference by allocating a se_tmr_req for

[PATCH 4.9 00/96] 4.9.77-stable review

This is the start of the stable review cycle for the 4.9.77 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jan 17 12:33:26 UTC 2018. Anything

[PATCH 4.9 38/96] net: stmmac: enable EEE in MII, GMII or RGMII only

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Jerome Brunet [ Upstream commit 879626e3a52630316d817cbda7cec9a5446d1d82 ] Note in the databook - Section 4.4 - EEE : " The EEE feature is not supported when the MAC is configured to use the

[PATCH 4.9 06/96] IB/srpt: Disable RDMA access by the initiator

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit bec40c26041de61162f7be9d2ce548c756ce0f65 upstream. With the SRP protocol all RDMA operations are initiated by the target. Since no RDMA operations are initiated by the

[PATCH 4.9 53/96] bpf: prevent out-of-bounds speculation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alexei Starovoitov commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 upstream. Under speculation, CPUs may mis-predict branches in bounds checks. Thus, memory accesses under a bounds check may

[PATCH 4.9 51/96] bpf: move fixup_bpf_calls() function

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Alexei Starovoitov commit e245c5c6a5656e4d61aa7bb08e9694fd6e5b2b9d upstream. no functional change. move fixup_bpf_calls() to verifier.c it's being refactored in the next patch Signed-off-by:

[PATCH 4.9 56/96] USB: serial: cp210x: add new device ID ELV ALC 8xxx

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Christian Holl commit d14ac576d10f865970bb1324d337e5e24d79aaf4 upstream. This adds the ELV ALC 8xxx Battery Charging device to the list of USB IDs of drivers/usb/serial/cp210x.c

[PATCH 4.9 31/96] 8021q: fix a memory leak for VLAN 0 device

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Cong Wang [ Upstream commit 78bbb15f2239bc8e663aa20bbe1987c91a0b75f6 ] A vlan device with vid 0 is allow to creat by not able to be fully cleaned up by unregister_vlan_dev() which checks for

[PATCH 4.9 58/96] USB: fix usbmon BUG trigger

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Pete Zaitcev commit 46eb14a6e1585d99c1b9f58d0e7389082a5f466b upstream. Automated tests triggered this by opening usbmon and accessing the mmap while simultaneously resizing the buffers. This

[PATCH 4.9 29/96] cx82310_eth: use skb_cow_head() to deal with cloned skbs

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit a9e840a2081ed28c2b7caa6a9a0041c950b3c37d upstream. We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change

[PATCH 4.9 63/96] Bluetooth: Prevent stack info leak from the EFS element.

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ben Seri commit 06e7e776ca4d36547e503279aeff996cbb292c16 upstream. In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without

[PATCH 4.9 64/96] uas: ignore UAS for Norelsys NS1068(X) chips

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Icenowy Zheng commit 928afc85270753657b5543e052cc270c279a3fe9 upstream. The UAS mode of Norelsys NS1068(X) is reported to fail to work on several platforms with the following error message:

[PATCH 4.9 79/96] x86/alternatives: Add missing \n at end of ALTERNATIVE inline asm

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit b9e705ef7cfaf22db0daab91ad3cd33b0fa32eb9 upstream. Where an ALTERNATIVE is used in the middle of an inline asm block, this would otherwise lead to the following

[PATCH 4.9 77/96] sysfs/cpu: Fix typos in vulnerability documentation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 9ecccfaa7cb5249bd31bdceb93fcf5bedb8a24d8 upstream. Fixes: 87590ce6e ("sysfs/cpu: Add vulnerability folder") Signed-off-by: David Woodhouse Signed-off-by: Thomas

[PATCH 4.9 81/96] objtool, modules: Discard objtool annotation sections for modules

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit e390f9a9689a42f477a6073e2e7df530a4c1b740 upstream. The '__unreachable' and '__func_stack_frame_non_standard' sections are only used at compile time. They're discarded

[PATCH 4.9 83/96] objtool: Allow alternatives to be ignored

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Josh Poimboeuf commit 258c76059cece01bebae098e81bacb1af2edad17 upstream. Getting objtool to understand retpolines is going to be a bit of a challenge. For now, take advantage of the fact that

[PATCH net-next v6 1/2] net: add support for Cavium PTP coprocessor

From: Radoslaw Biernacki This patch adds support for the Precision Time Protocol Clocks and Timestamping hardware found on Cavium ThunderX processors. Signed-off-by: Radoslaw Biernacki Signed-off-by: Aleksey Makarov Acked-by: Philippe Ombredanne --- drivers/net/ethernet/cavium/Kconfig

[PATCH 4.9 88/96] x86/retpoline/entry: Convert entry assembler indirect jumps

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 2641f08bb7fc63a636a2b18173221d7040a3512e upstream. Convert indirect jumps in core 32/64bit entry assembler code to use non-speculative sequences when CONFIG_RETPOLINE is

[PATCH 4.9 85/96] x86/retpoline: Add initial retpoline support

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 76b043848fd22dbf7f8bf3a1452f8c70d557b860 upstream. Enable the use of -mindirect-branch=thunk-extern in newer GCC, and provide the corresponding thunks. Provide assembler

[PATCH 4.9 92/96] x86/retpoline/checksum32: Convert assembler indirect jumps

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 5096732f6f695001fa2d6f1335a2680b37912c69 upstream. Convert all indirect jumps in 32bit checksum assembler code to use non-speculative sequences when CONFIG_RETPOLINE is

[PATCH 4.9 67/96] x86/cpu: Factor out application of forced CPU caps

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Andy Lutomirski commit 8bf1ebca215c262e48c15a4a15f175991776f57f upstream. There are multiple call sites that apply forced CPU caps. Factor them into a helper. Signed-off-by: Andy Lutomirski

[PATCH 4.9 69/96] x86/cpufeatures: Add X86_BUG_CPU_INSECURE

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit a89f040fa34ec9cd682aed98b8f04e3c47d998bd upstream. Many x86 CPUs leak information to user space due to missing isolation of user space and kernel space page tables.

RE: [PATCH] retpoline/module: Taint kernel for missing retpoline in module

From: Andi Kleen > Sent: 12 January 2018 17:55 > > There's a risk that a kernel that has full retpoline mitigations > becomes vulnerable when a module gets loaded that hasn't been > compiled with the right compiler or the right option. > > We cannot fix it, but should at least warn the user when

[PATCH 4.9 94/96] x86/retpoline: Fill return stack buffer on vmexit

4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 117cc7a908c83697b0b737d15ae1eb5943afe35b upstream. In accordance with the Intel and AMD documentation, we need to overwrite all entries in the RSB on exiting a guest, to

[PATCH 4.14 001/118] dm bufio: fix shrinker scans when (nr_to_scan < retain_target)

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Suren Baghdasaryan commit fbc7c07ec23c040179384a1f16b62b6030eb6bdd upstream. When system is under memory pressure it is observed that dm bufio shrinker often reclaims only one buffer per

[PATCH 4.14 022/118] x86/acpi: Handle SCI interrupts above legacy space gracefully

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vikas C Sajjan commit 252714155f04c5d16989cb3aadb85fd1b5772f99 upstream. Platforms which support only IOAPIC mode, pass the SCI information above the legacy space (0-15) via the FADT

[PATCH 4.14 020/118] iw_cxgb4: reflect the original WR opcode in drain cqes

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steve Wise commit 96a236ed286776554fbd227c6d2876fd3b5dc65d upstream. The flush/drain logic was not retaining the original wr opcode in its completion. This can cause problems if the

[PATCH 4.14 018/118] iw_cxgb4: atomically flush the qp

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Steve Wise commit bc52e9ca74b9a395897bb640c6671b2cbf716032 upstream. __flush_qp() has a race condition where during the flush operation, the qp lock is released allowing another thread to

[PATCH 4.14 027/118] ALSA: pcm: Allow aborting mutex lock at OSS read/write loops

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 900498a34a3ac9c611e9b425094c8106bdd7dc1c upstream. PCM OSS read/write loops keep taking the mutex lock for the whole read/write, and this might take very long when the

[PATCH 4.14 026/118] ALSA: pcm: Abort properly at pending signal in OSS read/write loops

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 29159a4ed7044c52e3e2cf1a9fb55cec4745c60b upstream. The loops for read and write in PCM OSS emulation have no proper check of pending signals, and they keep processing even

[PATCH 4.14 030/118] ALSA: aloop: Fix racy hw constraints adjustment

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 898dfe4687f460ba337a01c11549f87269a13fa2 upstream. The aloop driver tries to update the hw constraints of the connected target on the cable of the opened PCM substream.

[PATCH 4.14 031/118] x86/acpi: Reduce code duplication in mp_override_legacy_irq()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vikas C Sajjan commit 4ee2ec1b122599f7b10c849fa7915cebb37b7edb upstream. The new function mp_register_ioapic_irq() is a subset of the code in mp_override_legacy_irq(). Replace the code

[PATCH 4.14 009/118] MIPS: Guard against any partial write attempt with PTRACE_SETREGSET

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit dc24d0edf33c3e15099688b6bbdf7bdc24bf6e91 upstream. Complement commit d614fd58a283 ("mips/ptrace: Preserve previous registers for short regset write") and ensure that

[PATCH 4.14 010/118] MIPS: Consistently handle buffer counter with PTRACE_SETREGSET

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 80b3ffce0196ea50068885d085ff981e4b8396f4 upstream. Update commit d614fd58a283 ("mips/ptrace: Preserve previous registers for short regset write") bug and consistently

[PATCH 4.14 037/118] RDS: null pointer dereference in rds_atomic_free_op

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mohamed Ghannam [ Upstream commit 7d11f77f84b27cef452cee332f4e469503084737 ] set rm->atomic.op_active to 0 when rds_pin_pages() fails or the user supplied address is invalid, this prevents a

[PATCH 4.14 046/118] ipv6: fix possible mem leaks in ipv6_make_skb()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet [ Upstream commit 862c03ee1deb7e19e0f9931682e0294ecd1fcaf9 ] ip6_setup_cork() might return an error, while memory allocations have been done and must be rolled back. Fixes:

[PATCH 4.14 057/118] rbd: reacquire lock should update lock owner client id

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Florian Margaine commit edd8ca8015800b354453b891d38960f3a474b7e4 upstream. Otherwise, future operations on this RBD using exclusive-lock are going to require the lock from a non-existent

[PATCH 4.14 040/118] net: fec: free/restore resource in related probe error pathes

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Fugang Duan [ Upstream commit d1616f07e8f1a4a490d1791316d4a68906b284aa ] Fixes in probe error path: - Restore dev_id before failed_ioremap path. Fixes: ("net: fec: restore dev_id in the

[PATCH 4.14 074/118] bpf: arsh is not supported in 32 bit alu thus reject it

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann commit 7891a87efc7116590eaba57acc3c422487802c6f upstream. The following snippet was throwing an 'unknown opcode cc' warning in BPF interpreter: 0: (18) r0 = 0x0 2: (7b)

[PATCH 4.14 072/118] bpf: prevent out-of-bounds speculation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexei Starovoitov commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 upstream. Under speculation, CPUs may mis-predict branches in bounds checks. Thus, memory accesses under a bounds check may

[PATCH 4.14 069/118] drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kenneth Graunke commit 4636bda86aa1f34f45c629477476a0dcfa04e597 upstream. Geminilake requires the 3D driver to select whether barriers are intended for compute shaders, or tessellation

[PATCH 4.14 061/118] KVM: x86: Add memory barrier on vmcs field lookup

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andrew Honig commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream. This adds a memory barrier when performing a lookup into the vmcs_field_to_offset_table. This is related to

[PATCH 4.14 065/118] KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Gibson commit ecba8297aafd50db6ae867e90844eead1611ef1c upstream. The KVM_PPC_ALLOCATE_HTAB ioctl(), implemented by kvmppc_alloc_reset_hpt() is supposed to completely clear and reset a

[PATCH 4.14 062/118] KVM: PPC: Book3S PR: Fix WIMG handling under pHyp

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexey Kardashevskiy commit 6c7d47c33ed323f14f2a3b8de925e831dbaa4e69 upstream. Commit 96df226 ("KVM: PPC: Book3S PR: Preserve storage control bits") added code to preserve WIMG bits but it

[PATCH 4.14 050/118] ipv6: sr: fix TLVs not being copied using setsockopt

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mathieu Xhonneux [ Upstream commit ccc12b11c5332c84442ef120dcd631523be75089 ] Function ipv6_push_rthdr4 allows to add an IPv6 Segment Routing Header to a socket through setsockopt, but the

Re: [PATCH v6 5/5] kaslr: add kaslr_mem=nn[KMG]!ss[KMG] to avoid memory regions

Hi Luiz, I don't know if this patch is OK for you. Of coure you can only use kaslr_mem=nn@ss to solve the 1G huge page issue. Because we know the region [0,1G] is not suitable for 1G huge page, so you can specify ksalr_mem=1G@0 of kaslr_mem=1G to solve your problem. But the regions may be too

[PATCH 4.14 092/118] x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 99c6fa2511d8a683e61468be91b83f85452115fa upstream. Add the bug bits for spectre v1/2 and force them unconditionally for all cpus. Signed-off-by: David Woodhouse

[PATCH 4.14 099/118] sysfs/cpu: Fix typos in vulnerability documentation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 9ecccfaa7cb5249bd31bdceb93fcf5bedb8a24d8 upstream. Fixes: 87590ce6e ("sysfs/cpu: Add vulnerability folder") Signed-off-by: David Woodhouse Signed-off-by: Thomas

[PATCH 4.14 093/118] sysfs/cpu: Add vulnerability folder

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixner commit 87590ce6e373d1a5401f6539f0c59ef92dd924a9 upstream. As the meltdown/spectre problem affects several CPU architectures, it makes sense to have common way to express

[PATCH 4.14 095/118] x86/tboot: Unbreak tboot with PTI enabled

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dave Hansen commit 262b6b30087246abf09d6275eb0c0dc421bcbe38 upstream. This is another case similar to what EFI does: create a new set of page tables, map some code at a low address, and jump

[PATCH 4.14 116/118] security/Kconfig: Correct the Documentation reference for PTI

4.14-stable review patch. If anyone has any objections, please let me know. -- From: W. Trevor King commit a237f762681e2a394ca67f21df2feb2b76a3609b upstream. When the config option for PTI was added a reference to documentation was added as well. But the documentation did not

[PATCH 4.14 112/118] x86/retpoline/irq32: Convert assembler indirect jumps

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Andi Kleen commit 7614e913db1f40fff819b36216484dc3808995d4 upstream. Convert all indirect jumps in 32bit irq inline asm code to use non speculative sequences. Signed-off-by: Andi Kleen

[PATCH 4.14 085/118] uas: ignore UAS for Norelsys NS1068(X) chips

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Icenowy Zheng commit 928afc85270753657b5543e052cc270c279a3fe9 upstream. The UAS mode of Norelsys NS1068(X) is reported to fail to work on several platforms with the following error message:

[PATCH 4.14 110/118] x86/retpoline/xen: Convert Xen hypercall indirect jumps

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit ea08816d5b185ab3d09e95e393f265af54560350 upstream. Convert indirect call in Xen hypercall to use non-speculative sequence, when CONFIG_RETPOLINE is enabled.

[PATCH 4.14 108/118] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse commit 9351803bd803cdbeb9b5a7850b7b6f464806e3db upstream. Convert all indirect jumps in ftrace assembler code to use non-speculative sequences when CONFIG_RETPOLINE is

<    12   13   14   15   16   17   18   19   20   21   >