[PATCH 4.14 009/124] drm/omap: fix memory barrier bug in DMM driver

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tomi Valkeinen [ Upstream commit 538f66ba204944470a653a45f8befdf97c22 ] A DMM timeout "timed out waiting for done" has been observed on DRA7 devices. The timeout happens rarely, and only

[PATCH 4.14 023/124] cdrom: fix improper type cast, which can leat to information leak.

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Young_X commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 upstream. There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value

[PATCH 4.14 025/124] scsi: qla2xxx: Fix incorrect port speed being set for FC adapters

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Himanshu Madhani commit 4c1458df9635c7e3ced155f594d2e7dfd7254e21 upstream. Fixes: 6246b8a1d26c7c ("[SCSI] qla2xxx: Enhancements to support ISP83xx.") Fixes: 1bb395485160d2 ("qla2xxx: Correct

[PATCH 4.14 024/124] ovl: fix error handling in ovl_verify_set_fh()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Amir Goldstein commit babf4770be0adc69e6d2de150f4040f175e24beb upstream. We hit a BUG on kfree of an ERR_PTR()... Reported-by: syzbot+ff03fe05c717b8250...@syzkaller.appspotmail.com Fixes:

[PATCH 4.14 004/124] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sam Bobroff [ Upstream commit f9bc28aedfb5bbd572d2d365f3095c1becd7209b ] If an error occurs during an unplug operation, it's possible for eeh_dump_dev_log() to be called when edev->pdn is

[PATCH 4.14 031/124] fuse: Fix use-after-free in fuse_dev_do_write()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit d2d2d4fb1f54eff0f3faa9762d84f6446a4bc5d0 upstream. After we found req in request_find() and released the lock, everything may happen with the req in parallel: cpu0

[PATCH 4.14 028/124] scsi: qla2xxx: shutdown chip if reset fail

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 1e4ac5d6fe0a4af17e4b6251b884485832bf75a3 upstream. If chip unable to fully initialize, use full shutdown sequence to clear out any stale FW state. Fixes: e315cd28b9ef

[PATCH 4.14 026/124] scsi: qla2xxx: Fix process response queue for ISP26XX and above

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit b86ac8fd4b2f6ec2f9ca9194c56eac12d620096f upstream. This patch improves performance for 16G and above adapter by removing additional call to process_response_queue(). [mkp:

[PATCH 4.14 021/124] 9p locks: fix glock.client_id leak in do_lock

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dominique Martinet [ Upstream commit b4dc44b3cac9e8327e0655f530ed0c46f2e6214c ] the 9p client code overwrites our glock.client_id pointing to a static buffer by an allocated string holding

[PATCH 4.14 022/124] 9p: clear dangling pointers in p9stat_free

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dominique Martinet [ Upstream commit 62e3941776fea8678bb8120607039410b1b61a65 ] p9stat_free is more of a cleanup function than a 'free' function as it only frees the content of the struct;

[PATCH 4.14 003/124] powerpc/mm: Fix page table dump to work on Radix

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman [ Upstream commit 0d923962ab69c27cca664a2d535e90ef655110ca ] When we're running on Book3S with the Radix MMU enabled the page table dump currently prints the wrong addresses

[PATCH 4.14 020/124] staging:iio:ad7606: fix voltage scales

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Alexandru Ardelean [ Upstream commit 4ee033301c898dd0835d035d0e0eb768a3d35da1 ] Fixes commit 17be2a2905a6ec9aa27cd59521495e2f490d2af0 ("staging: iio: ad7606: replace range/range_available

[PATCH 4.14 029/124] scsi: qla2xxx: Fix re-using LoopID when handle is in use

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 5c6400536481d9ef44ef94e7bf2c7b8e81534db7 upstream. This patch fixes issue where driver clears NPort ID map instead of marking handle in use. Once driver clears NPort ID from

[PATCH 4.14 030/124] fuse: Fix use-after-free in fuse_dev_do_read()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit bc78abbd55dd28e2287ec6d6502b842321a17c87 upstream. We may pick freed req in this way: [cpu0] [cpu1] fuse_dev_do_read()

[PATCH 4.14 027/124] scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 7c388f91ec1a59b0ed815b07b90536e2d57e1e1f upstream. Remove stale debug trace. Fixes: 1eb42f965ced ("qla2xxx: Make trace flags more readable") Cc: sta...@vger.kernel.org

[PATCH 4.14 089/124] ext4: fix buffer leak in __ext4_read_dirblock() on error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit de59fae0043f07de5d25e02ca360f7d57bfa5866 upstream. Fixes: dc6982ff4db1 ("ext4: refactor code to read directory blocks ...") Signed-off-by: Vasily Averin Signed-off-by:

[PATCH 4.14 090/124] mount: Retest MNT_LOCKED in do_umount

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric W. Biederman commit 25d202ed820ee347edec0bf3bf553544556bf64b upstream. It was recently pointed out that the one instance of testing MNT_LOCKED outside of the namespace_sem is in

[PATCH 4.14 085/124] ext4: fix buffer leak in ext4_xattr_get_block() on error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit ecaaf408478b6fb4d9986f9b6652f3824e374f4c upstream. Fixes: dec214d00e0d ("ext4: xattr inode deduplication") Signed-off-by: Vasily Averin Signed-off-by: Theodore Ts'o Cc:

[PATCH 4.14 091/124] mount: Dont allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Eric W. Biederman commit df7342b240185d58d3d9665c0bbf0a0f5570ec29 upstream. Jonathan Calmels from NVIDIA reported that he's able to bypass the mount visibility security check in place in the

[PATCH 4.14 086/124] ext4: release bs.bh before re-using in ext4_xattr_block_find()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit 45ae932d246f721e6584430017176cbcadfde610 upstream. bs.bh was taken in previous ext4_xattr_block_find() call, it should be released before re-using Fixes: 7e01c8e5420b

[PATCH 4.14 032/124] fuse: fix blocked_waitq wakeup

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 908a572b80f6e9577b45e81b3dfe2e22111286b8 upstream. Using waitqueue_active() is racy. Make sure we issue a wake_up() unconditionally after storing into fc->blocked.

[PATCH 4.14 040/124] um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Richard Weinberger commit 0676b957c24bfb6e495449ba7b7e72c5b5d79233 upstream. 32bit UML used to define PTRACE_SYSEMU and PTRACE_SYSEMU_SINGLESTEP own its own because many years ago not all

[PATCH 4.14 083/124] ext4: fix possible leak of sbi->s_group_desc_leak in error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 9e463084cdb22e0b56b2dfbc50461020409a5fd3 upstream. Fixes: bfe0a5f47ada ("ext4: add more mount time checks of the superblock") Reported-by: Vasily Averin Signed-off-by:

[PATCH 4.14 084/124] ext4: fix possible leak of s_journal_flag_rwsem in error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit af18e35bfd01e6d65a5e3ef84ffe8b252d1628c5 upstream. Fixes: c8585c6fcaf2 ("ext4: fix races between changing inode journal ...") Signed-off-by: Vasily Averin Signed-off-by:

[PATCH 4.14 041/124] clk: s2mps11: Fix matching when built as module and DT node contains compatible

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Krzysztof Kozlowski commit 8985167ecf57f97061599a155bb9652c84ea4913 upstream. When driver is built as module and DT node contains clocks compatible (e.g. "samsung,s2mps11-clk"), the module

[PATCH 4.14 087/124] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit 6bdc9977fcdedf47118d2caf7270a19f4b6d8a8f upstream. Fixes: 3f2571c1f91f ("ext4: factor out xattr moving") Fixes: 6dd4ee7cab7e ("ext4: Expand extra_inodes space per ...")

[PATCH 4.14 088/124] ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit 53692ec074d00589c2cf1d6d17ca76ad0adce6ec upstream. Fixes: de05ca852679 ("ext4: move call to ext4_error() into ...") Signed-off-by: Vasily Averin Signed-off-by: Theodore

[PATCH 4.14 097/124] rtc: hctosys: Add missing range error reporting

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 7ce9a992ffde8ce93d5ae5767362a5c7389ae895 upstream. Fix an issue with the 32-bit range error path in `rtc_hctosys' where no error code is set and consequently the

[PATCH 4.14 098/124] fuse: fix use-after-free in fuse_direct_IO()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Czerner commit ebacb81273599555a7a19f7754a1451206a5fc4f upstream. In async IO blocking case the additional reference to the io is taken for it to survive fuse_aio_complete(). In non

[PATCH 4.14 074/124] ext4: add missing brelse() in set_flexbg_block_bitmap()s error path

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Vasily Averin commit cea5794122125bf67559906a0762186cf417099c upstream. Fixes: 33afdcc5402d ("ext4: add a function which sets up group blocks ...") Cc: sta...@kernel.org # 3.3 Signed-off-by:

[PATCH 4.14 114/124] drm/i915: Skip vcpi allocation for MSTB ports that are gone

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit c02ba4ef16eefe663fdefcccaa57fad32d5481bf upstream. Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to

[PATCH 4.14 122/124] printk: Never set console_may_schedule in console_trylock()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sergey Senozhatsky commit fd5f7cde1b85d4c8e09ca46ce948e008a2377f64 upstream. This patch, basically, reverts commit 6b97a20d3a79 ("printk: set may_schedule for some of console_trylock()

[PATCH 4.14 120/124] CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Stefano Stabellini commit f9005571701920551bcf54a500973fb61f2e1eda upstream. xen_create_contiguous_region has now only an implementation if CONFIG_XEN_PV is defined. However, on ARM we never

[PATCH 4.9 13/83] 9p locks: fix glock.client_id leak in do_lock

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Dominique Martinet [ Upstream commit b4dc44b3cac9e8327e0655f530ed0c46f2e6214c ] the 9p client code overwrites our glock.client_id pointing to a static buffer by an allocated string holding the

[PATCH 4.14 121/124] ovl: check whiteout in ovl_create_over_whiteout()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream. Kaixuxia repors that it's possible to crash overlayfs by removing the whiteout on the upper layer before creating a

[PATCH 4.14 123/124] nvme-loop: fix kernel oops in case of unhandled command

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ming Lei commit 11d9ea6f2ca69237d35d6c55755beba3e006b106 upstream. When nvmet_req_init() fails, __nvmet_req_complete() is called to handle the target request via .queue_response(), so

[PATCH 4.14 118/124] drm/i915: Mark pin flags as u64

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chris Wilson commit 0014868b9c3c1dda1de6711cf58c3486fb422d07 upstream. Since the flags are being used to operate on a u64 variable, they too need to be marked as such so that the inverses are

[PATCH 4.14 117/124] drm/i915: Dont oops during modeset shutdown after lpe audio deinit

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ville Syrjälä commit 6a8915d0f8cf323e1beb792a33095cf652db4056 upstream. We deinit the lpe audio device before we call drm_atomic_helper_shutdown(), which means the platform device may already

[PATCH 4.9 10/83] sc16is7xx: Fix for multi-channel stall

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Phil Elwell [ Upstream commit 8344498721059754e09d30fe255a12dab8fb03ef ] The SC16IS752 is a dual-channel device. The two channels are largely independent, but the IRQ signals are wired

[PATCH 4.9 11/83] media: tvp5150: fix width alignment during set_selection()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Marco Felsch [ Upstream commit bd24db04101f45a9c1d874fe21b0c7eab7bcadec ] The driver ignored the width alignment which exists due to the UYVY colorspace format. Fix the width alignment and

[PATCH 4.9 15/83] cdrom: fix improper type cast, which can leat to information leak.

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Young_X commit e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276 upstream. There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is

[PATCH 4.14 119/124] drm/i915/execlists: Force write serialisation into context image vs execution

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Chris Wilson commit 0a823e8fd4fd67726697854578f3584ee3a49b1d upstream. Ensure that the writes into the context image are completed prior to the register mmio to trigger execution. Although

[PATCH 4.14 116/124] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Clint Taylor commit 6503493145cba4413ecd3d4d153faeef4a1e9b85 upstream. HDMI 2.0 594Mhz modes were incorrectly selecting 25.200Mhz Automatic N value mode instead of HDMI specification values.

[PATCH 4.9 12/83] powerpc/selftests: Wait all threads to join

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Breno Leitao [ Upstream commit 693b31b2fc1636f0aa7af53136d3b49f6ad9ff39 ] Test tm-tmspr might exit before all threads stop executing, because it just waits for the very last thread to join

[PATCH 4.9 23/83] e1000: avoid null pointer dereference on invalid stat type

4.9-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 5983587c8c5ef00d6886477544ad67d495bc5479 ] Currently if the stat type is invalid then data[i] is being set either by dereferencing a null pointer p, or it is reading from an

[PATCH 4.9 21/83] fuse: set FR_SENT while locked

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 4c316f2f3ff315cb48efb7435621e5bfb81df96d upstream. Otherwise fuse_dev_do_write() could come in and finish off the request, and the set_bit(FR_SENT, ...) could trigger the

[PATCH 4.9 02/83] tty: check name length in tty_find_polling_driver()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miles Chen [ Upstream commit 33a1a7be198657c8ca26ad406c4d2a89b7162bcc ] The issue is found by a fuzzing test. If tty_find_polling_driver() recevies an incorrect input such as ',,' or '0b', the

[PATCH 4.9 18/83] fuse: Fix use-after-free in fuse_dev_do_read()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit bc78abbd55dd28e2287ec6d6502b842321a17c87 upstream. We may pick freed req in this way: [cpu0] [cpu1] fuse_dev_do_read()

[PATCH 4.9 24/83] e1000: fix race condition between e1000_down() and e1000_watchdog

4.9-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 44c445c3d1b4eacff23141fa7977c3b2ec3a45c9 ] This patch fixes a race condition that can result into the interface being up and carrier on, but with transmits disabled in the hardware.

[PATCH 4.9 16/83] scsi: qla2xxx: Fix incorrect port speed being set for FC adapters

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Himanshu Madhani commit 4c1458df9635c7e3ced155f594d2e7dfd7254e21 upstream. Fixes: 6246b8a1d26c7c ("[SCSI] qla2xxx: Enhancements to support ISP83xx.") Fixes: 1bb395485160d2 ("qla2xxx: Correct

[PATCH 4.9 22/83] mm: do not bug_on on incorrect length in __mm_populate()

4.9-stable review patch. If anyone has any objections, please let me know. -- commit bb177a732c4369bb58a1fe1df8f552b6f0f7db5f upstream. syzbot has noticed that a specially crafted library can easily hit VM_BUG_ON in __mm_populate kernel BUG at mm/gup.c:1242! invalid

[PATCH 4.9 19/83] fuse: Fix use-after-free in fuse_dev_do_write()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Kirill Tkhai commit d2d2d4fb1f54eff0f3faa9762d84f6446a4bc5d0 upstream. After we found req in request_find() and released the lock, everything may happen with the req in parallel: cpu0

[PATCH 4.9 17/83] scsi: qla2xxx: shutdown chip if reset fail

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 1e4ac5d6fe0a4af17e4b6251b884485832bf75a3 upstream. If chip unable to fully initialize, use full shutdown sequence to clear out any stale FW state. Fixes: e315cd28b9ef

[PATCH 4.9 20/83] fuse: fix blocked_waitq wakeup

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 908a572b80f6e9577b45e81b3dfe2e22111286b8 upstream. Using waitqueue_active() is racy. Make sure we issue a wake_up() unconditionally after storing into fc->blocked.

[PATCH 4.9 01/83] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Sam Bobroff [ Upstream commit f9bc28aedfb5bbd572d2d365f3095c1becd7209b ] If an error occurs during an unplug operation, it's possible for eeh_dump_dev_log() to be called when edev->pdn is

[PATCH 4.9 67/83] mount: Dont allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric W. Biederman commit df7342b240185d58d3d9665c0bbf0a0f5570ec29 upstream. Jonathan Calmels from NVIDIA reported that he's able to bypass the mount visibility security check in place in the

[PATCH 4.9 71/83] rtc: hctosys: Add missing range error reporting

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 7ce9a992ffde8ce93d5ae5767362a5c7389ae895 upstream. Fix an issue with the 32-bit range error path in `rtc_hctosys' where no error code is set and consequently the

[PATCH 4.9 83/83] ovl: check whiteout in ovl_create_over_whiteout()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream. Kaixuxia repors that it's possible to crash overlayfs by removing the whiteout on the upper layer before creating a

[PATCH 4.9 37/83] libceph: bump CEPH_MSG_MAX_DATA_LEN

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit 94e6992bb560be8bffb47f287194adf070b57695 upstream. If the read is large enough, we end up spinning in the messenger: libceph: osd0 192.168.122.1:6801 io error libceph:

[PATCH 4.9 28/83] parisc: Fix exported address of os_hpmc handler

4.9-stable review patch. If anyone has any objections, please let me know. -- [ Upstream commit 99a3ae51d557d8e38a7aece65678a31f9db215ee ] In the C-code we need to put the physical address of the hpmc handler in the interrupt vector table (IVA) in order to get HPMCs working.

[PATCH 4.9 81/83] drm/i915/execlists: Force write serialisation into context image vs execution

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Chris Wilson commit 0a823e8fd4fd67726697854578f3584ee3a49b1d upstream. Ensure that the writes into the context image are completed prior to the register mmio to trigger execution. Although

[PATCH 4.9 72/83] fuse: fix use-after-free in fuse_direct_IO()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Lukas Czerner commit ebacb81273599555a7a19f7754a1451206a5fc4f upstream. In async IO blocking case the additional reference to the io is taken for it to survive fuse_aio_complete(). In non

[PATCH 4.9 82/83] KVM: arm64: Fix caching of host MDCR_EL2 value

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mark Rutland commit da5a3ce66b8bb51b0ea8a89f42aac153903f90fb upstream. At boot time, KVM stashes the host MDCR_EL2 value, but only does this when the kernel is not running in hyp mode (i.e. is

[PATCH 4.9 34/83] clk: s2mps11: Fix matching when built as module and DT node contains compatible

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Krzysztof Kozlowski commit 8985167ecf57f97061599a155bb9652c84ea4913 upstream. When driver is built as module and DT node contains clocks compatible (e.g. "samsung,s2mps11-clk"), the module

[PATCH 4.9 75/83] lib/ubsan.c: dont mark __ubsan_handle_builtin_unreachable as noreturn

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 1c23b4108d716cc848b38532063a8aca4f86add8 upstream. gcc-8 complains about the prototype for this function: lib/ubsan.c:432:1: error: ignoring attribute 'noreturn' in

[PATCH 4.9 35/83] clk: at91: Fix division by zero in PLL recalc_rate()

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Ronald Wahl commit 0f5cb0e6225cae2f029944cb8c74617aab6ddd49 upstream. Commit a982e45dc150 ("clk: at91: PLL recalc_rate() now using cached MUL and DIV values") removed a check that prevents a

[PATCH 4.9 79/83] drm/dp_mst: Check if primary mstb is null

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Stanislav Lisovskiy commit 23d8003907d094f77cf959228e2248d6db819fa7 upstream. Unfortunately drm_dp_get_mst_branch_device which is called from both drm_dp_mst_handle_down_rep and

[PATCH 4.4 010/160] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided

4.4-stable review patch. If anyone has any objections, please let me know. -- From: He Zhe commit ccde460b9ae5c2bd5e4742af0a7f623c2daad566 upstream. memory_corruption_check[{_period|_size}]()'s handlers do not check input argument before passing it to kstrtoul() or

[PATCH 4.4 011/160] x86/kconfig: Fall back to ticket spinlocks

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Wagner Sebastian writes: """ We reproducibly observe cache line starvation on a Core2Duo E6850 (2 cores), a i5-6400 SKL (4 cores) and on a NXP LS2044A ARM Cortex-A72 (4 cores). The

[PATCH 4.4 012/160] sparc: Fix single-pcr perf event counter management.

4.4-stable review patch. If anyone has any objections, please let me know. -- From: "David S. Miller" [ Upstream commit cfdc3170d214046b9509183fe9b9544dc644d40b ] It is important to clear the hw->state value for non-stopped events when they are added into the PMU. Otherwise

[PATCH 4.4 013/160] x86/fpu: Remove second definition of fpu in __fpu__restore_sig()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior [ Upstream commit 6aa676761d4c1acfa31320e55fa1f83f3fcbbc7a ] Commit: c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active")

[PATCH 4.9 70/83] nfsd: COPY and CLONE operations require the saved filehandle to be set

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Scott Mayhew commit 01310bb7c9c98752cc763b36532fab028e0f8f81 upstream. Make sure we have a saved filehandle, otherwise we'll oops with a null pointer dereference in

[PATCH 4.9 66/83] mount: Retest MNT_LOCKED in do_umount

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric W. Biederman commit 25d202ed820ee347edec0bf3bf553544556bf64b upstream. It was recently pointed out that the one instance of testing MNT_LOCKED outside of the namespace_sem is in

[PATCH 4.9 32/83] xtensa: make sure bFLT stack is 16 byte aligned

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit 0773495b1f5f1c5e23551843f87b5ff37e7af8f7 upstream. Xtensa ABI requires stack alignment to be at least 16. In noMMU configuration ARCH_SLAB_MINALIGN is used to align stack.

[PATCH 4.9 78/83] drm/rockchip: Allow driver to be shutdown on reboot/kexec

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Marc Zyngier commit 7f3ef5dedb146e3d5063b6845781ad1bb59b92b5 upstream. Leaving the DRM driver enabled on reboot or kexec has the annoying effect of leaving the display generating transactions

[PATCH 4.9 77/83] mm: migration: fix migration of huge PMD shared pages

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mike Kravetz commit 017b1660df89f5fb4bfe66c34e35f7d2031100c7 upstream. The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk

[PATCH 4.9 69/83] sunrpc: correct the computation for page_ptr when truncating

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Frank Sorenson commit 5d7a5bcb67c70cbc904057ef52d3fcfeb24420bb upstream. When truncating the encode buffer, the page_ptr is getting advanced, causing the next page to be skipped while

[PATCH 4.4 001/160] bcache: fix miss key refill->end in writeback

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Tang Junhui commit 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 upstream. refill->end record the last key of writeback, for example, at the first time, keys (1,128K) to (1,1024K) are flush to the

[PATCH 4.9 33/83] xtensa: fix boot parameters address translation

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Max Filippov commit 40dc948f234b73497c3278875eb08a01d5854d3f upstream. The bootloader may pass physical address of the boot parameters structure to the MMUv3 kernel in the register a2. Code in

[PATCH 4.9 80/83] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Clint Taylor commit 6503493145cba4413ecd3d4d153faeef4a1e9b85 upstream. HDMI 2.0 594Mhz modes were incorrectly selecting 25.200Mhz Automatic N value mode instead of HDMI specification values.

[PATCH 4.9 68/83] mount: Prevent MNT_DETACH from disconnecting locked mounts

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Eric W. Biederman commit 9c8e0a1b683525464a2abe9fb4b54404a50ed2b4 upstream. Timothy Baldwin wrote: > As per mount_namespaces(7) unprivileged users should not be able to look > under mount

[PATCH 4.9 76/83] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Mike Kravetz commit 5e41540c8a0f0e98c337dda8b391e5dda0cde7cf upstream. This bug has been experienced several times by the Oracle DB team. The BUG is in remove_inode_hugepages() as follows:

[PATCH 4.9 73/83] fuse: fix leaked notify reply

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Miklos Szeredi commit 7fabaf303458fcabb694999d6fa772cc13d4e217 upstream. fuse_request_send_notify_reply() may fail if the connection was reset for some reason (e.g. fs was unmounted). Don't

[PATCH 4.9 74/83] configfs: replace strncpy with memcpy

4.9-stable review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 1823342a1f2b47a4e6f5667f67cd28ab6bc4d6cd upstream. gcc 8.1.0 complains: fs/configfs/symlink.c:67:3: warning: 'strncpy' output truncated before terminating nul

Re: [PATCH v17 18/23] platform/x86: Intel SGX driver

On Mon, Nov 19, 2018 at 8:19 AM Jarkko Sakkinen wrote: > > On Mon, Nov 19, 2018 at 07:29:25AM -0800, Andy Lutomirski wrote: > > On Thu, Nov 15, 2018 at 5:08 PM Jarkko Sakkinen > > wrote: > > > > > > Intel Software Guard eXtensions (SGX) is a set of CPU instructions that > > > can be used by

[PATCH 4.4 083/160] soc/tegra: pmc: Fix child-node lookup

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 1dc6bd5e39a29453bdcc17348dd2a89f1aa4004e upstream. Fix child-node lookup during probe, which ended up searching the whole device tree depth-first starting at the parent

[PATCH 4.4 084/160] btrfs: Handle owner mismatch gracefully when walking up tree

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Qu Wenruo commit 65c6e82becec33731f48786e5a30f98662c86b16 upstream. [BUG] When mounting certain crafted image, btrfs will trigger kernel BUG_ON() when trying to recover balance: kernel BUG

[PATCH 4.4 086/160] btrfs: iterate all devices during trim, instead of fs_devices::alloc_list

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jeff Mahoney commit d4e329de5e5e21594df2e0dd59da9acee71f133b upstream. btrfs_trim_fs iterates over the fs_devices->alloc_list while holding the device_list_mutex. The problem is that

[PATCH 4.4 078/160] media: em28xx: fix input name for Terratec AV 350

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit 15644bfa195bd166d0a5ed76ae2d587f719c3dac upstream. Instead of using a register value, use an AMUX name, as otherwise VIDIOC_G_AUDIO would fail. Cc:

[PATCH 4.4 076/160] xen: fix xen_qlock_wait()

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Juergen Gross commit d3132b3860f6cf35ff7609a76bbcdbb814bd027c upstream. Commit a856531951dc80 ("xen: make xen_qlock_wait() nestable") introduced a regression for Xen guests running fully

[PATCH 4.4 082/160] arm64: dts: stratix10: Correct System Manager register size

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thor Thayer commit 74121b9aa3cd571ddfff014a9f47db36cae3cda9 upstream. Correct the register size of the System Manager node. Cc: sta...@vger.kernel.org Fixes: 78cd6a9d8e154 ("arm64: dts: Add

[PATCH 4.4 079/160] media: em28xx: make v4l2-compliance happier by starting sequence on zero

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit afeaade90db4c5dab93f326d9582be1d5954a198 upstream. The v4l2-compliance tool complains if a video doesn't start with a zero sequence number. While this shouldn't

[PATCH 4.4 080/160] ext4: avoid running out of journal credits when appending to an inline file

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream. Use a separate journal transaction if it turns out that we need to convert an inline file to use an data block.

[PATCH 4.4 081/160] Cramfs: fix abad comparison when wrap-arounds occur

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Nicolas Pitre commit 672ca9dd13f1aca0c17516f76fc5b0e8344b3e46 upstream. It is possible for corrupted filesystem images to produce very large block offsets that may wrap when a length is added,

[PATCH 4.4 065/160] smb3: on kerberos mount if server doesnt specify auth type use krb5

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Steve French commit 926674de6705f0f1dbf29a62fd758d0977f535d6 upstream. Some servers (e.g. Azure) do not include a spnego blob in the SMB3 negotiate protocol response, so on kerberos mounts

[PATCH 4.4 077/160] media: em28xx: use a default format if TRY_FMT fails

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Mauro Carvalho Chehab commit f823ce2a1202d47110a7ef86b65839f0be8adc38 upstream. Follow the V4L2 spec, as warned by v4l2-compliance: warn: v4l2-test-formats.cpp(732): TRY_FMT cannot

[PATCH 4.4 075/160] kgdboc: Passing ekgdboc to command line causes panic

4.4-stable review patch. If anyone has any objections, please let me know. -- From: He Zhe commit 1bd54d851f50dea6af30c3e6ff4f3e9aab5558f9 upstream. kgdboc_option_setup does not check input argument before passing it to strlen. The argument would be a NULL pointer if

[PATCH 4.4 074/160] TC: Set DMA masks for devices

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Maciej W. Rozycki commit 3f2aa244ee1a0d17ed5b6c86564d2c1b24d1c96b upstream. Fix a TURBOchannel support regression with commit 205e1b7f51e4 ("dma-mapping: warn when there is no

[PATCH 4.4 085/160] btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock

4.4-stable review patch. If anyone has any objections, please let me know. -- From: Qu Wenruo commit b72c3aba09a53fc7c1824250d71180ca154517a7 upstream. [BUG] For certain crafted image, whose csum root leaf has missing backref, if we try to trigger write with data csum, it

[PATCH 4.4 133/160] termios, tty/tty_baudrate.c: fix buffer overrun

4.4-stable review patch. If anyone has any objections, please let me know. -- From: H. Peter Anvin commit 991a25194097006ec1e0d2e0814ff920e59e3465 upstream. On architectures with CBAUDEX == 0 (Alpha and PowerPC), the code in tty_baudrate.c does not do any limit checking on

<    1   2   3   4   5   6   7   8   9   10   >