[PATCH AUTOSEL for 4.4 076/101] rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL

From: Moritz Fischer [ Upstream commit 538c08f4c89580fc644e2bc64e0a4b86c925da4e ] The WDIOC_SETOPTIONS case in the watchdog ioctl would alwayss falls through to the -EINVAL case. This is wrong since thew watchdog does actually get stopped or started correctly. Fixes:

[PATCH AUTOSEL for 4.4 076/101] rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL

From: Moritz Fischer [ Upstream commit 538c08f4c89580fc644e2bc64e0a4b86c925da4e ] The WDIOC_SETOPTIONS case in the watchdog ioctl would alwayss falls through to the -EINVAL case. This is wrong since thew watchdog does actually get stopped or started correctly. Fixes: 920f91e50c5b

[PATCH AUTOSEL for 4.4 078/101] Bluetooth: hci_qca: Avoid setup failure on missing rampatch

From: Loic Poulain [ Upstream commit ba8f3597900291a93604643017fff66a14546015 ] Assuming that the original code idea was to enable in-band sleeping only if the setup_rome method returns succes and run in 'standard' mode otherwise, we should not return setup_rome return

[PATCH AUTOSEL for 4.4 078/101] Bluetooth: hci_qca: Avoid setup failure on missing rampatch

From: Loic Poulain [ Upstream commit ba8f3597900291a93604643017fff66a14546015 ] Assuming that the original code idea was to enable in-band sleeping only if the setup_rome method returns succes and run in 'standard' mode otherwise, we should not return setup_rome return value which makes

[PATCH AUTOSEL for 4.4 073/101] net: hns: fix ethtool_get_strings overflow in hns driver

From: Timmy Li [ Upstream commit 412b65d15a7f8a93794653968308fc100f2aa87c ] hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both

[PATCH AUTOSEL for 4.4 077/101] perf tests kmod-path: Don't fail if compressed modules aren't supported

From: Kim Phillips [ Upstream commit 805b151a1afd24414706a7f6ae275fbb9649be74 ] __kmod_path__parse() uses is_supported_compression() to determine and parse out compressed module file extensions. On systems without zlib, this test fails and __kmod_path__parse() continues

[PATCH AUTOSEL for 4.4 073/101] net: hns: fix ethtool_get_strings overflow in hns driver

From: Timmy Li [ Upstream commit 412b65d15a7f8a93794653968308fc100f2aa87c ] hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory

[PATCH AUTOSEL for 4.4 077/101] perf tests kmod-path: Don't fail if compressed modules aren't supported

From: Kim Phillips [ Upstream commit 805b151a1afd24414706a7f6ae275fbb9649be74 ] __kmod_path__parse() uses is_supported_compression() to determine and parse out compressed module file extensions. On systems without zlib, this test fails and __kmod_path__parse() continues to strcmp "ko" with

Re: mmotm 2018-03-07-16-19 uploaded (UML & memcg)

Hi Andrew, On Wed, 7 Mar 2018 18:41:41 -0800 Andrew Morton wrote: > > On Wed, 7 Mar 2018 18:20:12 -0800 Randy Dunlap wrote: > > > On 03/07/2018 04:20 PM, a...@linux-foundation.org wrote: > > > The mm-of-the-moment snapshot 2018-03-07-16-19

Re: mmotm 2018-03-07-16-19 uploaded (UML & memcg)

Hi Andrew, On Wed, 7 Mar 2018 18:41:41 -0800 Andrew Morton wrote: > > On Wed, 7 Mar 2018 18:20:12 -0800 Randy Dunlap wrote: > > > On 03/07/2018 04:20 PM, a...@linux-foundation.org wrote: > > > The mm-of-the-moment snapshot 2018-03-07-16-19 has been uploaded to > > > > > >

[PATCH AUTOSEL for 4.4 081/101] RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()

From: Geert Uytterhoeven [ Upstream commit 302d6424e4a293a5761997e6c9fc3dfb1e4c355f ] With gcc-4.1.2: drivers/infiniband/core/iwpm_util.c: In function ‘iwpm_send_mapinfo’: drivers/infiniband/core/iwpm_util.c:647: warning: ‘ret’ may be used uninitialized in this

[PATCH AUTOSEL for 4.4 083/101] media: bt8xx: Fix err 'bt878_probe()'

From: Christophe JAILLET [ Upstream commit 45392ff6881dbe56d41ef0b17c2e576065f8ffa1 ] This is odd to call 'pci_disable_device()' in an error path before a coresponding successful 'pci_enable_device()'. Return directly instead. Fixes: 77e0be12100a ("V4L/DVB

[PATCH AUTOSEL for 4.4 079/101] media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt

From: "Gustavo A. R. Silva" [ Upstream commit baed3c4bc4c13de93e0dba0a26d601411ebcb389 ] _channel_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _channel_ has been

[PATCH AUTOSEL for 4.4 081/101] RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()

From: Geert Uytterhoeven [ Upstream commit 302d6424e4a293a5761997e6c9fc3dfb1e4c355f ] With gcc-4.1.2: drivers/infiniband/core/iwpm_util.c: In function ‘iwpm_send_mapinfo’: drivers/infiniband/core/iwpm_util.c:647: warning: ‘ret’ may be used uninitialized in this function Indeed, if

[PATCH AUTOSEL for 4.4 083/101] media: bt8xx: Fix err 'bt878_probe()'

From: Christophe JAILLET [ Upstream commit 45392ff6881dbe56d41ef0b17c2e576065f8ffa1 ] This is odd to call 'pci_disable_device()' in an error path before a coresponding successful 'pci_enable_device()'. Return directly instead. Fixes: 77e0be12100a ("V4L/DVB (4176): Bug-fix: Fix memory

[PATCH AUTOSEL for 4.4 079/101] media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt

From: "Gustavo A. R. Silva" [ Upstream commit baed3c4bc4c13de93e0dba0a26d601411ebcb389 ] _channel_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _channel_ has been null checked. This issue

[PATCH AUTOSEL for 4.4 080/101] drm/msm: fix leak in failed get_pages

From: Prakash Kamliya [ Upstream commit 62e3a3e342af3c313ab38603811ecdb1fcc79edb ] get_pages doesn't keep a reference of the pages allocated when it fails later in the code path. This can lead to a memory leak. Keep reference of the allocated pages so that it can be

[PATCH AUTOSEL for 4.4 080/101] drm/msm: fix leak in failed get_pages

From: Prakash Kamliya [ Upstream commit 62e3a3e342af3c313ab38603811ecdb1fcc79edb ] get_pages doesn't keep a reference of the pages allocated when it fails later in the code path. This can lead to a memory leak. Keep reference of the allocated pages so that it can be freed when

[PATCH AUTOSEL for 4.4 085/101] cros_ec: fix nul-termination for firmware build info

From: Arnd Bergmann [ Upstream commit 50a0d71a5d20e1d3eff1d974fdc8559ad6d74892 ] As gcc-8 reports, we zero out the wrong byte: drivers/platform/chrome/cros_ec_sysfs.c: In function 'show_ec_version': drivers/platform/chrome/cros_ec_sysfs.c:190:12: error: array subscript

[PATCH AUTOSEL for 4.4 086/101] platform/chrome: Use proper protocol transfer function

From: Shawn Nematbakhsh [ Upstream commit d48b8c58c57f6edbe2965f0a5f62c5cf9593ca96 ] pkt_xfer should be used for protocol v3, and cmd_xfer otherwise. We had one instance of these functions correct, but not the second, fall-back case. We use the fall-back only when the first

[PATCH AUTOSEL for 4.4 085/101] cros_ec: fix nul-termination for firmware build info

From: Arnd Bergmann [ Upstream commit 50a0d71a5d20e1d3eff1d974fdc8559ad6d74892 ] As gcc-8 reports, we zero out the wrong byte: drivers/platform/chrome/cros_ec_sysfs.c: In function 'show_ec_version': drivers/platform/chrome/cros_ec_sysfs.c:190:12: error: array subscript 4294967295 is above

[PATCH AUTOSEL for 4.4 086/101] platform/chrome: Use proper protocol transfer function

From: Shawn Nematbakhsh [ Upstream commit d48b8c58c57f6edbe2965f0a5f62c5cf9593ca96 ] pkt_xfer should be used for protocol v3, and cmd_xfer otherwise. We had one instance of these functions correct, but not the second, fall-back case. We use the fall-back only when the first command returns an

[PATCH AUTOSEL for 4.4 087/101] mmc: avoid removing non-removable hosts during suspend

From: Daniel Drake [ Upstream commit de8dcc3d2c0e08e5068ee1e26fc46415c15e3637 ] The Weibu F3C MiniPC has an onboard AP6255 module, presenting two SDIO functions on a single MMC host (Bluetooth/btsdio and WiFi/brcmfmac), and the mmc layer correctly detects this as

[PATCH AUTOSEL for 4.4 087/101] mmc: avoid removing non-removable hosts during suspend

From: Daniel Drake [ Upstream commit de8dcc3d2c0e08e5068ee1e26fc46415c15e3637 ] The Weibu F3C MiniPC has an onboard AP6255 module, presenting two SDIO functions on a single MMC host (Bluetooth/btsdio and WiFi/brcmfmac), and the mmc layer correctly detects this as non-removable. After

[PATCH AUTOSEL for 4.4 082/101] rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.

From: Tsang-Shian Lin [ Upstream commit b7573a0a27bfa8270dea9b145448f6884b7cacc1 ] Reset the driver current tx read/write index to zero when inactiveps nic out of sync with HW state. Wrong driver tx read/write index will cause Tx fail. Signed-off-by: Tsang-Shian Lin

[PATCH AUTOSEL for 4.4 082/101] rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.

From: Tsang-Shian Lin [ Upstream commit b7573a0a27bfa8270dea9b145448f6884b7cacc1 ] Reset the driver current tx read/write index to zero when inactiveps nic out of sync with HW state. Wrong driver tx read/write index will cause Tx fail. Signed-off-by: Tsang-Shian Lin Signed-off-by: Ping-Ke

[PATCH AUTOSEL for 4.4 093/101] pty: cancel pty slave port buf's work in tty_release

From: Sahara [ Upstream commit 2b022ab7542df60021ab57854b3faaaf42552eaf ] In case that CONFIG_SLUB_DEBUG is on and pty is used, races between release_one_tty and flush_to_ldisc work threads may happen and lead to use-after-free condition on tty->link->port. Because

[PATCH AUTOSEL for 4.4 093/101] pty: cancel pty slave port buf's work in tty_release

From: Sahara [ Upstream commit 2b022ab7542df60021ab57854b3faaaf42552eaf ] In case that CONFIG_SLUB_DEBUG is on and pty is used, races between release_one_tty and flush_to_ldisc work threads may happen and lead to use-after-free condition on tty->link->port. Because SLUB_DEBUG is turned on,

[PATCH AUTOSEL for 4.4 094/101] coresight: Fix disabling of CoreSight TPIU

From: Robert Walker [ Upstream commit 11595db8e17faaa05fadc25746c870e31276962f ] The CoreSight TPIU should be disabled when tracing to other sinks to allow them to operate at full bandwidth. This patch fixes tpiu_disable_hw() to correctly disable the TPIU by configuring

[PATCH AUTOSEL for 4.4 094/101] coresight: Fix disabling of CoreSight TPIU

From: Robert Walker [ Upstream commit 11595db8e17faaa05fadc25746c870e31276962f ] The CoreSight TPIU should be disabled when tracing to other sinks to allow them to operate at full bandwidth. This patch fixes tpiu_disable_hw() to correctly disable the TPIU by configuring the TPIU to stop on

[PATCH AUTOSEL for 4.4 090/101] IB/umem: Fix use of npages/nmap fields

From: Artemy Kovalyov [ Upstream commit edf1a84fe37c51290e2c88154ecaf48dadff3d27 ] In ib_umem structure npages holds original number of sg entries, while nmap is number of DMA blocks returned by dma_map_sg. Fixes: c5d76f130b28 ('IB/core: Add umem function to read data

[PATCH AUTOSEL for 4.4 090/101] IB/umem: Fix use of npages/nmap fields

From: Artemy Kovalyov [ Upstream commit edf1a84fe37c51290e2c88154ecaf48dadff3d27 ] In ib_umem structure npages holds original number of sg entries, while nmap is number of DMA blocks returned by dma_map_sg. Fixes: c5d76f130b28 ('IB/core: Add umem function to read data from user-space')

[PATCH AUTOSEL for 4.4 092/101] drm/omap: DMM: Check for DMM readiness after successful transaction commit

From: Peter Ujfalusi [ Upstream commit b7ea6b286c4051e043f691781785e3c4672f014a ] Check the status of the DMM engine after it is reported that the transaction was completed as in rare cases the engine might not reached a working state. The wait_status() will print

[PATCH AUTOSEL for 4.4 092/101] drm/omap: DMM: Check for DMM readiness after successful transaction commit

From: Peter Ujfalusi [ Upstream commit b7ea6b286c4051e043f691781785e3c4672f014a ] Check the status of the DMM engine after it is reported that the transaction was completed as in rare cases the engine might not reached a working state. The wait_status() will print information in case the DMM

[PATCH AUTOSEL for 4.4 096/101] iommu/vt-d: clean up pr_irq if request_threaded_irq fails

From: Jerry Snitselaar [ Upstream commit 72d548113881dd32bf7f0b221d031e6586468437 ] It is unlikely request_threaded_irq will fail, but if it does for some reason we should clear iommu->pr_irq in the error path. Also intel_svm_finish_prq shouldn't try to clean up the page

Re: ivtv: use arch_phys_wc_add() and require PAT disabled

On Thu, Mar 08, 2018 at 04:14:11AM +, Luis R. Rodriguez wrote: > On Thu, Mar 08, 2018 at 04:06:01AM +, Luis R. Rodriguez wrote: > > On Thu, Mar 08, 2018 at 03:16:29AM +, French, Nicholas A. wrote: > > > > > > Ah, I see. So my proposed ioremap_wc call was only "working" by aliasing

[PATCH AUTOSEL for 4.4 096/101] iommu/vt-d: clean up pr_irq if request_threaded_irq fails

From: Jerry Snitselaar [ Upstream commit 72d548113881dd32bf7f0b221d031e6586468437 ] It is unlikely request_threaded_irq will fail, but if it does for some reason we should clear iommu->pr_irq in the error path. Also intel_svm_finish_prq shouldn't try to clean up the page request interrupt if

Re: ivtv: use arch_phys_wc_add() and require PAT disabled

On Thu, Mar 08, 2018 at 04:14:11AM +, Luis R. Rodriguez wrote: > On Thu, Mar 08, 2018 at 04:06:01AM +, Luis R. Rodriguez wrote: > > On Thu, Mar 08, 2018 at 03:16:29AM +, French, Nicholas A. wrote: > > > > > > Ah, I see. So my proposed ioremap_wc call was only "working" by aliasing

[PATCH AUTOSEL for 4.4 097/101] ip6_vti: adjust vti mtu according to mtu of lower device

From: Alexey Kodanev [ Upstream commit 53c81e95df1793933f87748d36070a721f6cb287 ] LTP/udp6_ipsec_vti tests fail when sending large UDP datagrams over ip6_vti that require fragmentation and the underlying device has an MTU smaller than 1500 plus some extra space for

[PATCH AUTOSEL for 4.4 091/101] vgacon: Set VGA struct resource types

From: Bjorn Helgaas [ Upstream commit c82084117f79bcae085e40da526253736a247120 ] Set the resource type when we reserve VGA-related I/O port resources. The resource code doesn't actually look at the type, so it inserts resources without a type in the tree correctly even

[PATCH AUTOSEL for 4.4 099/101] nfsd4: permit layoutget of executable-only files

From: Benjamin Coddington [ Upstream commit 66282ec1cf004c09083c29cb5e49019037937bbd ] Clients must be able to read a file in order to execute it, and for pNFS that means the client needs to be able to perform a LAYOUTGET on the file. This behavior for executable-only

[PATCH AUTOSEL for 4.4 097/101] ip6_vti: adjust vti mtu according to mtu of lower device

From: Alexey Kodanev [ Upstream commit 53c81e95df1793933f87748d36070a721f6cb287 ] LTP/udp6_ipsec_vti tests fail when sending large UDP datagrams over ip6_vti that require fragmentation and the underlying device has an MTU smaller than 1500 plus some extra space for headers. This happens because

[PATCH AUTOSEL for 4.4 091/101] vgacon: Set VGA struct resource types

From: Bjorn Helgaas [ Upstream commit c82084117f79bcae085e40da526253736a247120 ] Set the resource type when we reserve VGA-related I/O port resources. The resource code doesn't actually look at the type, so it inserts resources without a type in the tree correctly even without this change. But

[PATCH AUTOSEL for 4.4 099/101] nfsd4: permit layoutget of executable-only files

From: Benjamin Coddington [ Upstream commit 66282ec1cf004c09083c29cb5e49019037937bbd ] Clients must be able to read a file in order to execute it, and for pNFS that means the client needs to be able to perform a LAYOUTGET on the file. This behavior for executable-only files was added for OPEN

[PATCH AUTOSEL for 4.4 101/101] dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63

From: Vignesh R [ Upstream commit d087f15786021a9605b20f4c678312510be4cac1 ] Register layout of a typical TPCC_EVT_MUX_M_N register is such that the lowest numbered event is at the lowest byte address and highest numbered event at highest byte address. But TPCC_EVT_MUX_60_63

Re: [PATCH v2] perf annotate: Support to display the IPC/Cycle in tui mode

Hi, Could this patch be accepted? I'm working on the supporting for stdio mode. I just wish to post the patch series after this patch being merged. Thanks Jin Yao On 2/27/2018 5:38 PM, Jin Yao wrote: Unlike the perf report interactive annotate mode, the perf annotate doesn't display the

[PATCH AUTOSEL for 4.4 101/101] dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63

From: Vignesh R [ Upstream commit d087f15786021a9605b20f4c678312510be4cac1 ] Register layout of a typical TPCC_EVT_MUX_M_N register is such that the lowest numbered event is at the lowest byte address and highest numbered event at highest byte address. But TPCC_EVT_MUX_60_63 register layout is

Re: [PATCH v2] perf annotate: Support to display the IPC/Cycle in tui mode

Hi, Could this patch be accepted? I'm working on the supporting for stdio mode. I just wish to post the patch series after this patch being merged. Thanks Jin Yao On 2/27/2018 5:38 PM, Jin Yao wrote: Unlike the perf report interactive annotate mode, the perf annotate doesn't display the

[PATCH AUTOSEL for 4.4 100/101] clk: si5351: Rename internal plls to avoid name collisions

From: Sergej Sawazki [ Upstream commit cdba9a4fb0b53703959ac861e415816cb61aded4 ] This drivers probe fails due to a clock name collision if a clock named 'plla' or 'pllb' is already registered when registering this drivers internal plls. Fix it by renaming internal plls to

[PATCH AUTOSEL for 4.4 095/101] pinctrl: Really force states during suspend/resume

From: Florian Fainelli [ Upstream commit 981ed1bfbc6c4660b2ddaa8392893e20a6255048 ] In case a platform only defaults a "default" set of pins, but not a "sleep" set of pins, and this particular platform suspends and resumes in a way that the pin states are not preserved by

[PATCH AUTOSEL for 4.4 100/101] clk: si5351: Rename internal plls to avoid name collisions

From: Sergej Sawazki [ Upstream commit cdba9a4fb0b53703959ac861e415816cb61aded4 ] This drivers probe fails due to a clock name collision if a clock named 'plla' or 'pllb' is already registered when registering this drivers internal plls. Fix it by renaming internal plls to avoid name

[PATCH AUTOSEL for 4.4 095/101] pinctrl: Really force states during suspend/resume

From: Florian Fainelli [ Upstream commit 981ed1bfbc6c4660b2ddaa8392893e20a6255048 ] In case a platform only defaults a "default" set of pins, but not a "sleep" set of pins, and this particular platform suspends and resumes in a way that the pin states are not preserved by the hardware, when we

[PATCH AUTOSEL for 3.18 08/53] platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA

From: Santeri Toivonen [ Upstream commit f35823619db8bbaa2afea8705f239c3cecb9d22f ] Asus laptop X302UA starts up with Wi-Fi disabled, without a way to enable it. Set wapf=4 to fix the problem. Signed-off-by: Santeri Toivonen

[PATCH AUTOSEL for 3.18 08/53] platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA

From: Santeri Toivonen [ Upstream commit f35823619db8bbaa2afea8705f239c3cecb9d22f ] Asus laptop X302UA starts up with Wi-Fi disabled, without a way to enable it. Set wapf=4 to fix the problem. Signed-off-by: Santeri Toivonen Signed-off-by: Darren Hart (VMware) Signed-off-by: Sasha Levin ---

[PATCH AUTOSEL for 3.18 03/53] scsi: sg: check for valid direction before starting the request

From: Johannes Thumshirn [ Upstream commit 28676d869bbb5257b5f14c0c95ad3af3a7019dd5 ] Check for a valid direction before starting the request, otherwise we risk running into an assertion in the scsi midlayer checking for valid requests. [mkp: fixed typo] Signed-off-by:

[PATCH AUTOSEL for 3.18 03/53] scsi: sg: check for valid direction before starting the request

From: Johannes Thumshirn [ Upstream commit 28676d869bbb5257b5f14c0c95ad3af3a7019dd5 ] Check for a valid direction before starting the request, otherwise we risk running into an assertion in the scsi midlayer checking for valid requests. [mkp: fixed typo] Signed-off-by: Johannes Thumshirn

[PATCH AUTOSEL for 3.18 09/53] x86: i8259: export legacy_pic symbol

From: Hans de Goede [ Upstream commit 7ee06cb2f840a96be46233181ed4557901a74385 ] The classic PC rtc-coms driver has a workaround for broken ACPI device nodes for it which lack an irq resource. This workaround used to unconditionally hardcode the irq to 8 in these cases.

[PATCH AUTOSEL for 3.18 09/53] x86: i8259: export legacy_pic symbol

From: Hans de Goede [ Upstream commit 7ee06cb2f840a96be46233181ed4557901a74385 ] The classic PC rtc-coms driver has a workaround for broken ACPI device nodes for it which lack an irq resource. This workaround used to unconditionally hardcode the irq to 8 in these cases. This was causing irq

[PATCH AUTOSEL for 3.18 07/53] wil6210: fix memory access violation in wil_memcpy_from/toio_32

From: Dedy Lansky [ Upstream commit 0f6edfe259d161580cb4870fcc46f5490f85 ] In case count is not multiple of 4, there is a read access in wil_memcpy_toio_32() from outside src buffer boundary. In wil_memcpy_fromio_32(), in case count is not multiple of 4, there

[PATCH AUTOSEL for 3.18 04/53] scsi: sg: close race condition in sg_remove_sfp_usercontext()

From: Hannes Reinecke [ Upstream commit 97d27b0dd015e980ade63fda111fd1353276e28b ] sg_remove_sfp_usercontext() is clearing any sg requests, but needs to take 'rq_list_lock' when modifying the list. Reported-by: Christoph Hellwig Signed-off-by: Hannes Reinecke

[PATCH AUTOSEL for 3.18 07/53] wil6210: fix memory access violation in wil_memcpy_from/toio_32

From: Dedy Lansky [ Upstream commit 0f6edfe259d161580cb4870fcc46f5490f85 ] In case count is not multiple of 4, there is a read access in wil_memcpy_toio_32() from outside src buffer boundary. In wil_memcpy_fromio_32(), in case count is not multiple of 4, there is a write access to outside

[PATCH AUTOSEL for 3.18 04/53] scsi: sg: close race condition in sg_remove_sfp_usercontext()

From: Hannes Reinecke [ Upstream commit 97d27b0dd015e980ade63fda111fd1353276e28b ] sg_remove_sfp_usercontext() is clearing any sg requests, but needs to take 'rq_list_lock' when modifying the list. Reported-by: Christoph Hellwig Signed-off-by: Hannes Reinecke Reviewed-by: Johannes Thumshirn

[PATCH AUTOSEL for 3.18 02/53] perf session: Don't rely on evlist in pipe mode

From: David Carrillo-Cisneros [ Upstream commit 0973ad97c187e06aece61f685b9c3b2d93290a73 ] Session sets a number parameters that rely on evlist. These parameters are not used in pipe-mode and should not be set, since evlist is unavailable. Fix that. Signed-off-by: David

[PATCH AUTOSEL for 3.18 02/53] perf session: Don't rely on evlist in pipe mode

From: David Carrillo-Cisneros [ Upstream commit 0973ad97c187e06aece61f685b9c3b2d93290a73 ] Session sets a number parameters that rely on evlist. These parameters are not used in pipe-mode and should not be set, since evlist is unavailable. Fix that. Signed-off-by: David Carrillo-Cisneros

[PATCH AUTOSEL for 3.18 10/53] Input: ar1021_i2c - fix too long name in driver's device table

From: Dmitry Torokhov [ Upstream commit 95123fc43560d6f4a60e74f72836e63cd8848f76 ] The name field in structure i2c_device_id is 20 characters, and we expect it to be NULL-terminated, however we are trying to stuff it with 21 bytes and thus NULL-terminator is lost.

[PATCH AUTOSEL for 3.18 10/53] Input: ar1021_i2c - fix too long name in driver's device table

From: Dmitry Torokhov [ Upstream commit 95123fc43560d6f4a60e74f72836e63cd8848f76 ] The name field in structure i2c_device_id is 20 characters, and we expect it to be NULL-terminated, however we are trying to stuff it with 21 bytes and thus NULL-terminator is lost. This causes issues when one

[PATCH AUTOSEL for 4.4 098/101] RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS

From: Anton Vasilyev [ Upstream commit 744820869166c8c78be891240cf5f66e8a333694 ] Debugfs file reset_stats is created with S_IRUSR permissions, but ocrdma_dbgfs_ops_read() doesn't support OCRDMA_RESET_STATS, whereas ocrdma_dbgfs_ops_write() supports only OCRDMA_RESET_STATS.

[PATCH AUTOSEL for 3.18 11/53] ACPI/processor: Replace racy task affinity logic

From: Thomas Gleixner [ Upstream commit 8153f9ac43897f9f4786b30badc134fcc1a4fb11 ] acpi_processor_get_throttling() requires to invoke the getter function on the target CPU. This is achieved by temporarily setting the affinity of the calling user space thread to the requested

[PATCH AUTOSEL for 4.4 098/101] RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS

From: Anton Vasilyev [ Upstream commit 744820869166c8c78be891240cf5f66e8a333694 ] Debugfs file reset_stats is created with S_IRUSR permissions, but ocrdma_dbgfs_ops_read() doesn't support OCRDMA_RESET_STATS, whereas ocrdma_dbgfs_ops_write() supports only OCRDMA_RESET_STATS. The patch fixes

[PATCH AUTOSEL for 3.18 11/53] ACPI/processor: Replace racy task affinity logic

From: Thomas Gleixner [ Upstream commit 8153f9ac43897f9f4786b30badc134fcc1a4fb11 ] acpi_processor_get_throttling() requires to invoke the getter function on the target CPU. This is achieved by temporarily setting the affinity of the calling user space thread to the requested CPU and reset it to

[PATCH AUTOSEL for 3.18 05/53] kprobes/x86: Fix kprobe-booster not to boost far call instructions

From: Masami Hiramatsu [ Upstream commit bd0b90676c30fe640e7ead919b3e38846ac88ab7 ] Fix the kprobe-booster not to boost far call instruction, because a call may store the address in the single-step execution buffer to the stack, which should be modified after single

[PATCH AUTOSEL for 3.18 05/53] kprobes/x86: Fix kprobe-booster not to boost far call instructions

From: Masami Hiramatsu [ Upstream commit bd0b90676c30fe640e7ead919b3e38846ac88ab7 ] Fix the kprobe-booster not to boost far call instruction, because a call may store the address in the single-step execution buffer to the stack, which should be modified after single stepping. Currently, this

[PATCH AUTOSEL for 3.18 15/53] net: ipv6: send unsolicited NA on admin up

From: David Ahern [ Upstream commit 4a6e3c5def13c91adf2acc613837001f09af3baa ] ndisc_notify is the ipv6 equivalent to arp_notify. When arp_notify is set to 1, gratuitous arp requests are sent when the device is brought up. The same is expected when ndisc_notify is set

[PATCH AUTOSEL for 3.18 14/53] i2c: i2c-scmi: add a MS HID

From: Edgar Cherkasov [ Upstream commit e058e7a4bc89104540a8a303682248614b5df6f1 ] Description of the problem: - i2c-scmi driver contains only two identifiers "SMBUS01" and "SMBUSIBM"; - the fist HID (SMBUS01) is clearly defined in "SMBus Control Method Interface

[PATCH AUTOSEL for 3.18 15/53] net: ipv6: send unsolicited NA on admin up

From: David Ahern [ Upstream commit 4a6e3c5def13c91adf2acc613837001f09af3baa ] ndisc_notify is the ipv6 equivalent to arp_notify. When arp_notify is set to 1, gratuitous arp requests are sent when the device is brought up. The same is expected when ndisc_notify is set to 1 (per ndisc_notify in

[PATCH AUTOSEL for 3.18 14/53] i2c: i2c-scmi: add a MS HID

From: Edgar Cherkasov [ Upstream commit e058e7a4bc89104540a8a303682248614b5df6f1 ] Description of the problem: - i2c-scmi driver contains only two identifiers "SMBUS01" and "SMBUSIBM"; - the fist HID (SMBUS01) is clearly defined in "SMBus Control Method Interface Specification, version

[PATCH AUTOSEL for 3.18 06/53] kprobes/x86: Set kprobes pages read-only

From: Masami Hiramatsu [ Upstream commit d0381c81c2f782fa2131178d11e0cfb23d50d631 ] Set the pages which is used for kprobes' singlestep buffer and optprobe's trampoline instruction buffer to readonly. This can prevent unexpected (or unintended) instruction modification.

[PATCH AUTOSEL for 3.18 06/53] kprobes/x86: Set kprobes pages read-only

From: Masami Hiramatsu [ Upstream commit d0381c81c2f782fa2131178d11e0cfb23d50d631 ] Set the pages which is used for kprobes' singlestep buffer and optprobe's trampoline instruction buffer to readonly. This can prevent unexpected (or unintended) instruction modification. This also passes

[PATCH AUTOSEL for 3.18 18/53] ath: Fix updating radar flags for coutry code India

From: Mohammed Shafi Shajakhan [ Upstream commit c0c345d4cacc6a1f39d4856f37dcf6e34f51a5e4 ] As per latest regulatory update for India, channel 52, 56, 60, 64 is no longer restricted to DFS. Enabling DFS/no infra flags in driver results in applying all DFS related

[PATCH AUTOSEL for 3.18 13/53] genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs

From: Hans de Goede [ Upstream commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 ] When requesting a shared irq with IRQF_TRIGGER_NONE then the irqaction flags get filled with the trigger type from the irq_data: if (!(new->flags & IRQF_TRIGGER_MASK))

[PATCH AUTOSEL for 3.18 18/53] ath: Fix updating radar flags for coutry code India

From: Mohammed Shafi Shajakhan [ Upstream commit c0c345d4cacc6a1f39d4856f37dcf6e34f51a5e4 ] As per latest regulatory update for India, channel 52, 56, 60, 64 is no longer restricted to DFS. Enabling DFS/no infra flags in driver results in applying all DFS related restrictions (like doing CAC

[PATCH AUTOSEL for 3.18 13/53] genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs

From: Hans de Goede [ Upstream commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 ] When requesting a shared irq with IRQF_TRIGGER_NONE then the irqaction flags get filled with the trigger type from the irq_data: if (!(new->flags & IRQF_TRIGGER_MASK)) new->flags |=

[PATCH AUTOSEL for 3.18 17/53] spi: dw: Disable clock after unregistering the host

From: Marek Vasut [ Upstream commit 400c18e3dc86e04ef5afec9b86a8586ca629b9e9 ] The dw_mmio driver disables the block clock before unregistering the host. The code unregistering the host may access the SPI block registers. If register access happens with block clock disabled, this

[PATCH AUTOSEL for 3.18 17/53] spi: dw: Disable clock after unregistering the host

From: Marek Vasut [ Upstream commit 400c18e3dc86e04ef5afec9b86a8586ca629b9e9 ] The dw_mmio driver disables the block clock before unregistering the host. The code unregistering the host may access the SPI block registers. If register access happens with block clock disabled, this may lead to a

[PATCH AUTOSEL for 3.18 21/53] tcp: remove poll() flakes with FastOpen

From: Eric Dumazet [ Upstream commit 0f9fa831aecfc297b7b45d4f046759bcefcf87f0 ] When using TCP FastOpen for an active session, we send one wakeup event from tcp_finish_connect(), right before the data eventually contained in the received SYNACK is queued to

[PATCH AUTOSEL for 3.18 21/53] tcp: remove poll() flakes with FastOpen

From: Eric Dumazet [ Upstream commit 0f9fa831aecfc297b7b45d4f046759bcefcf87f0 ] When using TCP FastOpen for an active session, we send one wakeup event from tcp_finish_connect(), right before the data eventually contained in the received SYNACK is queued to sk->sk_receive_queue. This means

[PATCH AUTOSEL for 3.18 16/53] [media] media/dvb-core: Race condition when writing to CAM

From: Jasmin J [ Upstream commit e7080d4471d805d921a9ea21b32f911a91e248cb ] It started with a sporadic message in syslog: "CAM tried to send a buffer larger than the ecount size" This message is not the fault itself, but a consecutive fault, after a read error from the CAM. This

[PATCH AUTOSEL for 3.18 16/53] [media] media/dvb-core: Race condition when writing to CAM

From: Jasmin J [ Upstream commit e7080d4471d805d921a9ea21b32f911a91e248cb ] It started with a sporadic message in syslog: "CAM tried to send a buffer larger than the ecount size" This message is not the fault itself, but a consecutive fault, after a read error from the CAM. This happens only on

[PATCH AUTOSEL for 3.18 20/53] KVM: PPC: Book3S PR: Exit KVM on failed mapping

From: Alexey Kardashevskiy [ Upstream commit bd9166ffe624000140fc6b606b256df01fc0d060 ] At the moment kvmppc_mmu_map_page() returns -1 if mmu_hash_ops.hpte_insert() fails for any reason so the page fault handler resumes the guest and it faults on the same address again. This

[PATCH AUTOSEL for 3.18 20/53] KVM: PPC: Book3S PR: Exit KVM on failed mapping

From: Alexey Kardashevskiy [ Upstream commit bd9166ffe624000140fc6b606b256df01fc0d060 ] At the moment kvmppc_mmu_map_page() returns -1 if mmu_hash_ops.hpte_insert() fails for any reason so the page fault handler resumes the guest and it faults on the same address again. This adds distinction

[PATCH AUTOSEL for 3.18 32/53] Btrfs: send, fix file hole not being preserved due to inline extent

From: Filipe Manana [ Upstream commit e1cbfd7bf6dabdac561c75d08357571f44040a45 ] Normally we don't have inline extents followed by regular extents, but there's currently at least one harmless case where this happens. For example, when the page size is 4Kb and compression is

[PATCH AUTOSEL for 3.18 32/53] Btrfs: send, fix file hole not being preserved due to inline extent

From: Filipe Manana [ Upstream commit e1cbfd7bf6dabdac561c75d08357571f44040a45 ] Normally we don't have inline extents followed by regular extents, but there's currently at least one harmless case where this happens. For example, when the page size is 4Kb and compression is enabled: $

[PATCH AUTOSEL for 3.18 40/53] ia64: fix module loading for gcc-5.4

From: Sergei Trofimovich [ Upstream commit a25fb8508c1b80dce742dbeaa4d75a1e9f2c5617 ] Starting from gcc-5.4+ gcc generates MLX instructions in more cases to refer local symbols: https://gcc.gnu.org/PR60465 That caused ia64 module loader to choke on such instructions:

[PATCH AUTOSEL for 3.18 40/53] ia64: fix module loading for gcc-5.4

From: Sergei Trofimovich [ Upstream commit a25fb8508c1b80dce742dbeaa4d75a1e9f2c5617 ] Starting from gcc-5.4+ gcc generates MLX instructions in more cases to refer local symbols: https://gcc.gnu.org/PR60465 That caused ia64 module loader to choke on such instructions: fuse: invalid

[PATCH AUTOSEL for 3.18 42/53] sm501fb: don't return zero on failure path in sm501fb_start()

From: Alexey Khoroshilov [ Upstream commit dc85e9a87420613b3129d5cc5ecd79c58351c546 ] If fbmem iomemory mapping failed, sm501fb_start() breaks off initialization, deallocates resources, but returns zero. As a result, double deallocation can happen in sm501fb_stop().

[PATCH AUTOSEL for 3.18 36/53] ipmi/watchdog: fix wdog hang on panic waiting for ipmi response

From: Robert Lippert [ Upstream commit 2c1175c2e8e5487233cabde358a19577562ac83e ] Commit c49c097610fe ("ipmi: Don't call receive handler in the panic context") means that the panic_recv_free is not called during a panic and the atomic count does not drop to 0. Fix this by

[PATCH AUTOSEL for 3.18 42/53] sm501fb: don't return zero on failure path in sm501fb_start()

From: Alexey Khoroshilov [ Upstream commit dc85e9a87420613b3129d5cc5ecd79c58351c546 ] If fbmem iomemory mapping failed, sm501fb_start() breaks off initialization, deallocates resources, but returns zero. As a result, double deallocation can happen in sm501fb_stop(). Found by Linux Driver

[PATCH AUTOSEL for 3.18 36/53] ipmi/watchdog: fix wdog hang on panic waiting for ipmi response

From: Robert Lippert [ Upstream commit 2c1175c2e8e5487233cabde358a19577562ac83e ] Commit c49c097610fe ("ipmi: Don't call receive handler in the panic context") means that the panic_recv_free is not called during a panic and the atomic count does not drop to 0. Fix this by only expecting one

[PATCH AUTOSEL for 3.18 41/53] video: fbdev: udlfb: Fix buffer on stack

From: Maksim Salau [ Upstream commit 45f580c42e5c125d55dbd8099750a1998de3d917 ] Allocate buffers on HEAP instead of STACK for local array that is to be sent using usb_control_msg(). Signed-off-by: Maksim Salau Cc: Bernie Thompson

[PATCH AUTOSEL for 3.18 41/53] video: fbdev: udlfb: Fix buffer on stack

From: Maksim Salau [ Upstream commit 45f580c42e5c125d55dbd8099750a1998de3d917 ] Allocate buffers on HEAP instead of STACK for local array that is to be sent using usb_control_msg(). Signed-off-by: Maksim Salau Cc: Bernie Thompson Cc: Geert Uytterhoeven Signed-off-by: Bartlomiej

<    5   6   7   8   9   10   11   12   13   14   >