Re: [PATCH 2/4] watchdog: omap_wdt: change order for setting default timeout

On 02/10/2018 12:36 PM, Marcus Folkesson wrote: watchdog_init_timeout() will preserve wdd->timeout value if no parameter nor timeout-secs dt property is set. Signed-off-by: Marcus Folkesson Reviewed-by: Guenter Roeck --- drivers/watchdog/omap_wdt.c | 4 ++-- 1 file changed, 2 insertions

Re: [PATCH 3/4] watchdog: gpio: change order for setting default timeout

On 02/10/2018 12:36 PM, Marcus Folkesson wrote: watchdog_init_timeout() will preserve wdd->timeout value if no parameter nor timeout-secs dt property is set. Signed-off-by: Marcus Folkesson Reviewed-by: Guenter Roeck --- drivers/watchdog/gpio_wdt.c | 4 ++-- 1 file changed, 2 insertions

Re: [PATCH 4/4] watchdog: lpc18xx: remove assignment of unused ret-value

On 02/10/2018 12:36 PM, Marcus Folkesson wrote: Signed-off-by: Marcus Folkesson Reviewed-by: Guenter Roeck --- drivers/watchdog/lpc18xx_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/watchdog/lpc18xx_wdt.c b/drivers/watchdog/lpc18xx_wdt.c index b4221f43

Re: Kconfig:12: can't open file "arch/powerpc64/Kconfig"

Hi test robot, 2018-02-11 12:41 GMT+09:00 kbuild test robot : > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > master > head: d48fcbd864a008802a90c58a9ceddd9436d11a49 > commit: 9e3e10c725360b9d07018cfcd5b7b6b7d325fae5 kconfig: send error messages > to stderr > da

Re: [RFC PATCH 4/7] kconfig: support new special property shell=

On Sat, Feb 10, 2018 at 12:08 PM, Linus Torvalds wrote: > On Sat, Feb 10, 2018 at 11:23 AM, Kees Cook wrote: >> >> So, if this could do something like this: >> >> config CC_HAS_STACKPROTECTOR_STRONG >> bool >> option >> shell="scripts/gcc-${ARCH}_${BITS}-ha

arch/microblaze/lib/fastcopy.S:33:2: error: #error Microblaze LE not support ASM optimized lib func. Disable OPT_LIB_ASM.

Hi Arnd, FYI, the error/warning still remains. tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: d48fcbd864a008802a90c58a9ceddd9436d11a49 commit: 71e7673dadfdae0605d4c1f66ecb4b045c79fe0f microblaze: fix endian handling date: 4 weeks ago config: microblaz

[PATCH 3.2 09/79] scsi: bfa: integer overflow in debugfs

3.2.99-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 3e351275655d3c84dc28abf170def9786db5176d upstream. We could allocate less memory than intended because we do: bfad->regdata = kzalloc(len << 2, GFP_KERNEL); The s

[PATCH 3.16 032/136] l2tp: ensure sessions are freed after their PPPOL2TP socket

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Guillaume Nault commit cdd10c9627496ad25c87ce6394e29752253c69d3 upstream. If l2tp_tunnel_delete() or l2tp_tunnel_closeall() deletes a session right after pppol2tp_release() orphaned its socket

[PATCH 3.2 38/79] ocfs2: fix issue that ocfs2_setattr() does not deal with new_i_size==i_size

3.2.99-rc1 review patch. If anyone has any objections, please let me know. -- From: Younger Liu commit d62e74be1270c89fbaf7aada8218bfdf62d00a58 upstream. The issue scenario is as following: - Create a small file and fallocate a large disk space for a file with FALLOC_FL_KEE

[PATCH 3.16 019/136] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Ladi Prosek commit 21f2d551183847bc7fbe8d866151d00cdad18752 upstream. Intel SDM 27.5.2 Loading Host Segment and Descriptor-Table Registers: "The GDTR and IDTR limits are each set to H."

[PATCH 3.16 054/136] f2fs: remove redundant lines in allocate_data_block

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Dongho Sim commit 33be828ada7274ebcade2001f16e5b4e33a4636e upstream. There are redundant lines in allocate_data_block. In this function, we call refresh_sit_entry with old seg and old curseg.

[PATCH 3.16 050/136] USB: Add delay-init quirk for Corsair K70 LUX keyboards

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Bernhard Rosenkraenzer commit a0fea6027f19c62727315aba1a7fae75a9caa842 upstream. Without this patch, K70 LUX keyboards don't work, saying usb 3-3: unable to read config index 0 descriptor/all

[PATCH 3.16 084/136] sctp: fully initialize the IPv6 address in sctp_v6_to_addr()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Potapenko commit 15339e441ec46fbc3bf3486bb1ae4845b0f1bb8d upstream. KMSAN reported use of uninitialized sctp_addr->v4.sin_addr.s_addr and sctp_addr->v6.sin6_scope_id in sctp_v6_cmp_a

[PATCH 3.16 023/136] scsi: bfa: integer overflow in debugfs

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 3e351275655d3c84dc28abf170def9786db5176d upstream. We could allocate less memory than intended because we do: bfad->regdata = kzalloc(len << 2, GFP_KERNEL); The

[PATCH 3.16 080/136] clk: ti: dra7-atl-clock: fix child-node lookups

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 33ec6dbc5a02677509d97fe36cd2105753f0f0ea upstream. Fix child node-lookup during probe, which ended up searching the whole device tree depth-first starting at parent rather

[PATCH 3.16 048/136] staging: rtl8188eu: avoid a null dereference on pmlmepriv

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit 123c0aab0050cd0e07ce18e453389fbbb0a5a425 upstream. There is a check on pmlmepriv before dereferencing it when vfree'ing pmlmepriv->free_bss_buf however the previous call

[PATCH 3.16 058/136] eCryptfs: use after free in ecryptfs_release_messaging()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit db86be3a12d0b6e5c5b51c2ab2a48f06329cb590 upstream. We're freeing the list iterator so we should be using the _safe() version of hlist_for_each_entry(). Fixes: 88b4a07e661

[PATCH 3.16 079/136] clk: ti: dra7-atl-clock: Fix of_node reference counting

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Ujfalusi commit 660e1551939931657808d47838a3f443c0e83fd0 upstream. of_find_node_by_name() will call of_node_put() on the node so we need to get it first to avoid warnings. The cfg_node n

[PATCH 3.16 068/136] ASoC: cs42l56: Fix reset GPIO name in example DT binding

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: "Andrew F. Davis" commit 8adc430603d67e76a0f8491df21654f691acda62 upstream. The binding states the reset GPIO property shall be named "cirrus,gpio-nreset" and this is what the driver looks for

[PATCH 3.16 061/136] ACPI / APEI: Remove ghes_ioremap_area

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: James Morse commit 520e18a5080d2c444a03280d99c8a35cb667d321 upstream. Now that nothing is using the ghes_ioremap_area pages, rip them out. Signed-off-by: James Morse Reviewed-by: Borislav Pe

[PATCH 3.16 082/136] s390/disassembler: increase show_code buffer size

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Vasily Gorbik commit b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 upstream. Current buffer size of 64 is too small. objdump shows that there are instructions which would require up to 75 bytes buf

[PATCH 3.16 066/136] iscsi-target: Fix non-immediate TMR reference leak

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit 3fc9fb13a4b2576aeab86c62fd64eb29ab68659c upstream. This patch fixes a se_cmd->cmd_kref reference leak that can occur when a non immediate TMR is proceeded our of comm

[PATCH 3.16 075/136] blktrace: Fix potential deadlock between delete & sysfs ops

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Waiman Long commit 5acb3cc2c2e9d3020a4fee43763c6463767f1572 upstream. The lockdep code had reported the following unsafe locking scenario: CPU0CPU1

[PATCH 3.16 051/136] platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Markus Elfring commit f6c8a317ab208aee223776327c06f23342492d54 upstream. Source code review for a specific software refactoring showed the need for another correction because the error code "-

[PATCH 3.16 057/136] powerpc/opal: Fix EBUSY bug in acquiring tokens

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: "William A. Kennington III" commit 71e24d7731a2903b1ae2bba2b2971c654d9c2aa6 upstream. The current code checks the completion map to look for the first token that is complete. In some cases, a

[PATCH 3.16 064/136] target/iscsi: Fix iSCSI task reassignment handling

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Bart Van Assche commit 59b6986dbfcdab96a971f9663221849de79a7556 upstream. Allocate a task management request structure for all task management requests, including task reassignment. This chang

[PATCH 3.16 042/136] media: omap_vout: Fix a possible null pointer dereference in omap_vout_open()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Markus Elfring commit bfba2b3e21b9426c0f9aca00f3cad8631b2da170 upstream. Move a debug message so that a null pointer access can not happen for the variable "vout" in this function. Fixes: 5c7

[PATCH 3.16 043/136] mtd: nand: Fix writing mtdoops to nand flash.

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brent Taylor commit 30863e38ebeb500a31cecee8096fb5002677dd9b upstream. When mtdoops calls mtd_panic_write(), it eventually calls panic_nand_write() in nand_base.c. In order to properly wait fo

[PATCH 3.16 039/136] USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Douglas Fischer commit 771394a54148f18926ca86414e51c69eda27d0cd upstream. Add USB PID/VID for Sierra Wireless EM7355 LTE modem QDL firmware update mode. Signed-off-by: Douglas Fischer Signed

[PATCH 3.16 044/136] isofs: fix timestamps beyond 2027

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 34be4dbf87fc3e474a842305394534216d428f5d upstream. isofs uses a 'char' variable to load the number of years since 1900 for an inode timestamp. On architectures that use a

[PATCH 3.16 063/136] target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit 1c21a48055a67ceb693e9c2587824a8de60a217c upstream. This patch fixes bug where early se_cmd exceptions that occur before backend execution can result in use-after-free

[PATCH 3.16 041/136] arm64: vdso: fix clock_getres for 4GiB-aligned res

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mark Rutland commit c80ed088a519da53f27b798a69748eaabc66aadf upstream. The vdso tries to check for a NULL res pointer in __kernel_clock_getres, but only checks the lower 32 bits as is uses CBZ

[PATCH 3.16 047/136] clk: tegra: Fix cclk_lp divisor register

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Michał Mirosław commit 54eff2264d3e9fd7e3987de1d7eba1d3581c631e upstream. According to comments in code and common sense, cclk_lp uses its own divisor, not cclk_g's. Fixes: b08e8c0ecc42 ("clk

[PATCH 3.16 065/136] iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nicholas Bellinger commit ae072726f6109bb1c94841d6fb3a82dde298ea85 upstream. Since commit 59b6986dbf fixed a potential NULL pointer dereference by allocating a se_tmr_req for ISCSI_TM_FUNC_TAS

[PATCH 3.16 055/136] Revert "f2fs: handle dirty segments inside refresh_sit_entry"

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Yunlong Song commit 65f1b80b33378501ea552ef085e9c31739af356c upstream. This reverts commit 5e443818fa0b2a2845561ee25bec181424fb2889 The commit should be reverted because call sequence of belo

[PATCH 3.16 053/136] NFC: fix device-allocation error return

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit c45e3e4c5b134b081e8af362109905427967eb19 upstream. A recent change fixing NFC device allocation itself introduced an error-handling bug by returning an error pointer in cas

[PATCH 3.16 029/136] net: bcmgenet: enable loopback during UniMAC sw_reset

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Doug Berger commit 28c2d1a7a0bfdf3617800d2beae1c67983c03d15 upstream. It is necessary for the UniMAC to be clocked at least 5 cycles while the sw_reset is asserted to ensure a clean reset. It

[PATCH 3.16 033/136] l2tp: don't register sessions in l2tp_session_create()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Guillaume Nault commit 3953ae7b218df4d1e544b98a393666f9ae58a78c upstream. Sessions created by l2tp_session_create() aren't fully initialised: some pseudo-wire specific operations need to be do

[PATCH 3.16 035/136] l2tp: protect sock pointer of struct pppol2tp_session with RCU

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Guillaume Nault commit ee40fb2e1eb5bc0ddd3f2f83c6e39a454ef5a741 upstream. pppol2tp_session_create() registers sessions that can't have their corresponding socket initialised. This socket has t

[PATCH 3.16 046/136] drm/radeon: fix atombios on big endian

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Roman Kapl commit 4f626a4ac8f57ddabf06d03870adab91e463217f upstream. The function for byteswapping the data send to/from atombios was buggy for num_bytes not divisible by four. The function mu

[PATCH 3.16 031/136] mtd: nand: omap2: Fix subpage write

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Roger Quadros commit 739c64414f01748a36e7d82c8e0611dea94412bd upstream. Since v4.12, NAND subpage writes were causing a NULL pointer dereference on OMAP platforms (omap2-nand) using OMAP_ECC_B

[PATCH 3.16 037/136] btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit 3993b112dac968612b0b213ed59cb30f50b0015b upstream. There are checks on fs_info in __btrfs_panic to avoid dereferencing a null fs_info, however, there is a call to btrfs_c

[PATCH 3.16 045/136] drm/ttm: once more fix ttm_buffer_object_transfer

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Christian König commit 4d98e5ee6084f6d7bc578c5d5f86de7156aaa4cb upstream. When the mutex is locked just in the moment we copy it we end up with a warning that we release a locked mutex. Fix t

[PATCH 3.16 040/136] arm64: vdso: minor ABI fix for clock_getres

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nathan Lynch commit e1b6b6ce55a0a25c8aa8af019095253b2133a41a upstream. The vdso implementation of clock_getres currently returns 0 (success) whenever a null timespec is provided by the caller,

[PATCH 3.16 049/136] crypto: caam - fix incorrect define

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Radu Alexe commit cc2f8ab5334a736fa0e775cfccf06c1e268667f0 upstream. Fixes: 3ebfa92f49a6 ("crypto: caam - Add new macros for building extended SEC descriptors (> 64 words)") Signed-off-by: Ra

[PATCH 3.16 072/136] rt2x00usb: mark device removed when get ENOENT usb error

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Stanislaw Gruszka commit bfa62a52cad93686bb8d8171ea5288813248a7c6 upstream. ENOENT usb error mean "specified interface or endpoint does not exist or is not enabled". Mark device not present wh

[PATCH 3.16 076/136] blktrace: fix unlocked access to init/start-stop/teardown

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Jens Axboe commit 1f2cac107c591c24b60b115d6050adc213d10fc0 upstream. sg.c calls into the blktrace functions without holding the proper queue mutex for doing setup, start/stop, or teardown. Ad

[PATCH 3.16 069/136] USB: usbfs: compute urb->actual_length for isochronous

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Alan Stern commit 2ef47001b3ee3ded579b7532ebdcf8680e4d8c54 upstream. The USB kerneldoc says that the actual_length field "is read in non-iso completion functions", but the usbfs driver uses it

[PATCH 3.16 074/136] dm: fix race between dm_get_from_kobject() and __dm_destroy()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Hou Tao commit b9a41d21dceadf8104812626ef85dc56ee8a60ed upstream. The following BUG_ON was hit when testing repeat creation and removal of DM devices: kernel BUG at drivers/md/dm.c:2919!

[PATCH 3.16 078/136] IB/mlx4: Increase maximal message size under UD QP

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mark Bloch commit 5f22a1d87c5315a98981ecf93cd8de226cffe6ca upstream. Maximal message should be used as a limit to the max message payload allowed, without the headers. The ConnectX-3 check is

[PATCH 3.16 085/136] net/sctp: Always set scope_id in sctp_inet6_skb_msgname

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: "Eric W. Biederman" commit 7c8a61d9ee1df0fb4747879fa67a99614eb62fec upstream. Alexandar Potapenko while testing the kernel with KMSAN and syzkaller discovered that in some configurations sctp

[PATCH 3.16 081/136] ocfs2: should wait dio before inode lock in ocfs2_setattr()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: alex chen commit 28f5a8a7c033cbf3e32277f4cc9c6afd74f05300 upstream. we should wait dio requests to finish before inode lock in ocfs2_setattr(), otherwise the following deadlock will happen: p

[PATCH 3.16 073/136] s390: fix transactional execution control register handling

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Heiko Carstens commit a1c5befc1c24eb9c1ee83f711e0f21ee79cbb556 upstream. Dan Horák reported the following crash related to transactional execution: User process fault: interruption code 0013

[PATCH 3.16 083/136] sctp: Fixup v4mapped behaviour to comply with Sock API

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Jason Gunthorpe commit 299ee123e19889d511092347f5fc14db0f10e3a6 upstream. The SCTP socket extensions API document describes the v4mapping option as follows: 8.1.15. Set/Clear IPv4 Mapped Add

[PATCH 3.16 088/136] KVM: vmx: Inject #GP on invalid PAT CR

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit 4566654bb9be9e8864df417bb72ceee5136b6a6a upstream. Guest which sets the PAT CR to invalid value should get a #GP. Currently, if vmx supports loading PAT CR during entry, the

[PATCH 3.16 102/136] ARM: 8721/1: mm: dump: check hardware RO bit for LPAE

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Philip Derrin commit 3b0c0c922ff4be275a8beb87ce5657d16f355b54 upstream. When CONFIG_ARM_LPAE is set, the PMD dump relies on the software read-only bit to determine whether a page is writable.

Re: [RFC PATCH 4/7] kconfig: support new special property shell=

On Sat, Feb 10, 2018 at 8:13 PM, Kees Cook wrote: > > It's been there since the very beginning when Arjan added it to > validate that the compiler actually produces a stack protector when > you give it -fstack-protector. Older gccs broke this entirely, more > recent misconfigurations (as seen with

[PATCH 3.16 086/136] dm: discard support requires all targets in a table support discards

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mike Snitzer commit 8a74d29d541cd86569139c6f3f44b2d210458071 upstream. A DM device with a mix of discard capabilities (due to some underlying devices not having discard support) _should_ just

[PATCH 3.16 090/136] parisc: Fix validity check of pointer size argument in new CAS implementation

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: John David Anglin commit 05f016d2ca7a4fab99d5d5472168506ddf95e74f upstream. As noted by Christoph Biedl, passing a pointer size of 4 in the new CAS implementation causes a kernel crash. The a

[PATCH 3.16 092/136] nfs: Fix ugly referral attributes

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Chuck Lever commit c05cefcc72416a37eba5a2b35f0704ed758a9145 upstream. Before traversing a referral and performing a mount, the mounted-on directory looks strange: dr-xr-xr-x. 2 4294967294 429

[PATCH 3.16 071/136] video: udlfb: Fix read EDID timeout

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Ladislav Michl commit c98769475575c8a585f5b3952f4b5f90266f699b upstream. While usb_control_msg function expects timeout in miliseconds, a value of HZ is used. Replace it with USB_CTRL_GET_TIME

[PATCH 3.16 094/136] lib/int_sqrt: optimize small argument

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Peter Zijlstra commit 3f3295709edea6268ff1609855f498035286af73 upstream. The current int_sqrt() computation is sub-optimal for the case of small @x. Which is the interesting case when we're g

[PATCH 3.16 077/136] IB/mlx5: Assign send CQ and recv CQ of UMR QP

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Majd Dibbiny commit 31fde034a8bd964a5c7c1a5663fc87a913158db2 upstream. The UMR's QP is created by calling mlx5_ib_create_qp directly, and therefore the send CQ and the recv CQ on the ibqp were

[PATCH 3.16 091/136] NFS: Avoid RCU usage in tracepoints

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Anna Schumaker commit 3944369db701f075092357b511fd9f5755771585 upstream. There isn't an obvious way to acquire and release the RCU lock during a tracepoint, so we can't use the rpc_peeraddr2st

[PATCH 3.16 087/136] dm bufio: fix integer overflow when limiting maximum cache size

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Biggers commit 74d4108d9e681dbbe4a2940ed8fdff1f6868184c upstream. The default max_cache_size_bytes for dm-bufio is meant to be the lesser of 25% of the size of the vmalloc area and 2% of

[PATCH 3.16 089/136] KVM: SVM: obey guest PAT

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Paolo Bonzini commit 15038e14724799b8c205beb5f20f9e54896013c3 upstream. For many years some users of assigned devices have reported worse performance on AMD processors with NPT than on AMD wit

[PATCH 3.16 098/136] route: update fnhe_expires for redirect when the fnhe exists

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long commit e39d5246111399dbc6e11cd39fd8580191b86c47 upstream. Now when creating fnhe for redirect, it sets fnhe_expires for this new route cache. But when updating the exist one, it doesn

[PATCH 3.16 093/136] NFS: Fix typo in nomigration mount option

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Joshua Watt commit f02fee227e5f21981152850744a6084ff3fa94ee upstream. The option was incorrectly masking off all other options. Signed-off-by: Joshua Watt Signed-off-by: Anna Schumaker Sign

[PATCH 3.16 097/136] nilfs2: fix race condition that causes file system corruption

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Andreas Rohner commit 31ccb1f7ba3cfe29631587d451cf5bb8ab593550 upstream. There is a race condition between nilfs_dirty_inode() and nilfs_set_file_dirty(). When a file is opened, nilfs_dirty_i

[PATCH 3.16 107/136] ALSA: usb-audio: Add sanity checks in v2 clock parsers

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 0a62d6c966956d77397c32836a5bbfe3af786fc1 upstream. The helper functions to parse and look for the clock source, selector and multiplier unit may return the descriptor with

[PATCH 3.16 101/136] apparmor: ensure that undecidable profile attachments fail

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: John Johansen commit 844b8292b6311ecd30ae63db1471edb26e01d895 upstream. Profiles that have an undecidable overlap in their attachments are being incorrectly handled. Instead of failing to atta

[PATCH 3.16 099/136] route: also update fnhe_genid when updating a route cache

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Xin Long commit cebe84c6190d741045a322f5343f717139993c08 upstream. Now when ip route flush cache and it turn out all fnhe_genid != genid. If a redirect/pmtu icmp packet comes and the old fnhe

[PATCH 3.16 095/136] autofs: don't fail mount for transient error

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: NeilBrown commit ecc0c469f27765ed1e2b967be0aa17cee1a60b76 upstream. Currently if the autofs kernel module gets an error when writing to the pipe which links to the daemon, then it marks the wh

[PATCH 3.16 100/136] nl80211: don't expose wdev->ssid for most interfaces

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Johannes Berg commit 44905265bc155e0237c76c25bf5ddf740d85a8f2 upstream. For mesh, this is simply wrong - there's no SSID, only the mesh ID, so don't expose it at all. For (P2P) client, it's wr

[PATCH 3.16 096/136] autofs: fix careless error in recent commit

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: NeilBrown commit 302ec300ef8a545a7fc7f667e5fd743b091c2eeb upstream. Commit ecc0c469f277 ("autofs: don't fail mount for transient error") was meant to replace an 'if' with a 'switch', but inste

[PATCH 3.16 103/136] ALSA: timer: Remove kernel warning at compat ioctl error paths

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 3d4e8303f2c747c8540a0a0126d0151514f6468b upstream. Some timer compat ioctls have NULL checks of timer instance with snd_BUG_ON() that bring up WARN_ON() when the debug opti

[PATCH 3.16 108/136] ixgbe: Fix skb list corruption on Power systems

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit 0a9a17e3bb4564caf4bfe2a6783ae1287667d188 upstream. This patch fixes an issue seen on Power systems with ixgbe which results in skb list corruption and an eventual kernel oops

[PATCH 3.16 104/136] ALSA: usb-audio: Add sanity checks to FE parser

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit d937cd6790a2bef2d07b500487646bd794c039bb upstream. When the usb-audio descriptor contains the malformed feature unit description with a too short length, the driver may acc

[PATCH 3.16 109/136] i40e: Use smp_rmb rather than read_barrier_depends

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit 52c6912fde0133981ee50ba08808f257829c4c93 upstream. The original issue being fixed in this patch was seen with the ixgbe driver, but the same issue exists with i40e as well, a

[PATCH 3.16 106/136] ALSA: usb-audio: Fix potential zero-division at parsing FU

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 8428a8ebde2db1e988e41a58497a28beb7ce1705 upstream. parse_audio_feature_unit() contains a code dividing potentially with zero when a malformed FU descriptor is passed. Alth

[PATCH 3.16 105/136] ALSA: usb-audio: Fix potential out-of-bound access at parsing SU

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit f658f17b5e0e339935dca23e77e0f3cad591926b upstream. The usb-audio driver may trigger an out-of-bound access at parsing a malformed selector unit, as it checks the header len

[PATCH 3.16 122/136] usbip: fix NULL pointer dereference on errors

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexander Popov commit 8c7003a3b4b4afd3734cdcc39217ef22d78a4a16 upstream. Fix NULL pointer dereference and obsolete comments forgotten when usbip server was converted from an interface driver

[PATCH 3.16 113/136] i40evf: Use smp_rmb rather than read_barrier_depends

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit f72271e2a0ae4277d53c4053f5eed8bb346ba38a upstream. The original issue being fixed in this patch was seen with the ixgbe driver, but the same issue exists with i40evf as well,

[PATCH 3.16 124/136] usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit c6688ef9f29762e65bce325ef4acd6c675806366 upstream. Harden CMD_SUBMIT path to handle malicious input that could trigger large memory allocations. Add checks to validate transf

[PATCH 3.16 111/136] igbvf: Use smp_rmb rather than read_barrier_depends

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit 1e1f9ca546556e508d021545861f6b5fc75a95fe upstream. The original issue being fixed in this patch was seen with the ixgbe driver, but the same issue exists with igbvf as well,

[PATCH 3.16 123/136] usbip: fix stub_rx: get_pipe() to validate endpoint number

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit 635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 upstream. get_pipe() routine doesn't validate the input endpoint number and uses to reference ep_in and ep_out arrays. Invalid endpoi

[PATCH 3.16 116/136] staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Viktor Slavkovic commit 443064cb0b1fb4569fe0a71209da7625129fb760 upstream. A lock-unlock is missing in ASHMEM_SET_SIZE ioctl which can result in a race condition when mmap is called. After the

[PATCH 3.16 119/136] RDS: Heap OOB write in rds_message_alloc_sgs()

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mohamed Ghannam commit c095508770aebf1b9218e77026e48345d719b17c upstream. When args->nr_local is 0, nr_pages gets also 0 due some size calculation via rds_rm_size(), which is later used to all

[PATCH 3.16 112/136] igb: Use smp_rmb rather than read_barrier_depends

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit c4cb99185b4cc96c0a1c70104dc21ae14d7e7f28 upstream. The original issue being fixed in this patch was seen with the ixgbe driver, but the same issue exists with igb as well, as

[PATCH 3.16 110/136] ixgbevf: Use smp_rmb rather than read_barrier_depends

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Brian King commit ae0c585d93dfaf923d2c7eb44b2c3ab92854ea9b upstream. The original issue being fixed in this patch was seen with the ixgbe driver, but the same issue exists with ixgbevf as well

[PATCH 3.16 118/136] Bluetooth: Prevent stack info leak from the EFS element.

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Ben Seri commit 06e7e776ca4d36547e503279aeff996cbb292c16 upstream. In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without init

[PATCH 3.16 127/136] [media] cx231xx: Fix the max number of interfaces

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit 139d28826b8e2bc7a9232fde0d2f14812914f501 upstream. The max number of interfaces was read from the wrong descriptor. Signed-off-by: Mauro Carvalho Chehab Signed-o

[PATCH 3.16 002/136] staging: lustre: ptlrpc: kfree used instead of kvfree

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Nadav Amit commit c3eec59659cf25916647d2178c541302bb4822ad upstream. rq_reqbuf is allocated using kvmalloc() but released in one occasion using kfree() instead of kvfree(). The issue was foun

[PATCH 3.16 117/136] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 2638fd0f92d4397884fd991d8f4925cb3f081901 upstream. Denys provided an awesome KASAN report pointing to an use after free in xt_TCPMSS I have provided three patches to fix t

[PATCH 3.16 115/136] x86/decoder: Add new TEST instruction pattern

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Masami Hiramatsu commit 12a78d43de767eaf8fb272facb7a7b6f2dc6a9df upstream. The kbuild test robot reported this build warning: Warning: arch/x86/tools/test_get_len found difference at :

[PATCH 3.16 114/136] ALSA: hda: Add Raven PCI ID

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Vijendar Mukunda commit 9ceace3c9c18c67676e75141032a65a8e01f9a7a upstream. This commit adds PCI ID for Raven platform Signed-off-by: Vijendar Mukunda Signed-off-by: Takashi Iwai Signed-off-

[PATCH 3.16 012/136] ext4: fix interaction between i_size, fallocate, and delalloc after a crash

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 51e3ae81ec58e95f10a98ef3dd6d7bce5d8e35a2 upstream. If there are pending writes subject to delayed allocation, then i_size will show size after the writes have completed, w

[PATCH 3.16 126/136] usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Shuah Khan commit be6123df1ea8f01ee2f896a16c2b7be3e4557a5a upstream. stub_send_ret_submit() handles urb with a potential null transfer_buffer, when it replays a packet with potential malicious

[PATCH 3.16 120/136] RDS: null pointer dereference in rds_atomic_free_op

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Mohamed Ghannam commit 7d11f77f84b27cef452cee332f4e469503084737 upstream. set rm->atomic.op_active to 0 when rds_pin_pages() fails or the user supplied address is invalid, this prevents a NULL

[PATCH 3.16 010/136] PCI/AER: Report non-fatal errors only to the affected endpoint

3.16.54-rc1 review patch. If anyone has any objections, please let me know. -- From: Gabriele Paoloni commit 86acc790717fb60fb51ea3095084e331d8711c74 upstream. Previously, if an non-fatal error was reported by an endpoint, we called report_error_detected() for the endpoint, ev

<    1   2   3   4   5   >