[PATCH 3.16 12/99] padata: purge get_cpu and reorder_via_wq from padata_do_serial

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Jordan commit 065cf577135a4977931c7a1e1edf442bfd9773dd upstream. With the removal of the padata timer, padata_do_serial no longer needs special CPU handling, so remove it. Signed-off-b

Re: [PATCH 0/3] tracing/kprobes: Fix event generation API etc.

Hi Steve, It seems this fixes are not picked up yet. Would you have any consideration? Thank you, On Sat, 25 Apr 2020 14:48:59 +0900 Masami Hiramatsu wrote: > Hello, > > Here are bugfix/cleanup patches for the kprobe tracer, [1/3] > is a typo fix, [2/3] is fixing boot-time tracer and [3/3] is

[PATCH 3.16 17/99] crypto: api - Check spawn->alg under lock in crypto_drop_spawn

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 7db3b61b6bba4310f454588c2ca6faf2958ad79f upstream. We need to check whether spawn->alg is NULL under lock as otherwise the algorithm could be removed from under us after we h

[PATCH 3.16 22/99] ath9k: fix storage endpoint lookup

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 0ef332951e856efa89507cdd13ba8f4fb8d4db12 upstream. Make sure to use the current alternate setting when verifying the storage interface descriptors to avoid submitting an UR

[PATCH 3.16 50/99] usb: gadget: f_ecm: Use atomic_t to track in-flight request

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Bryan O'Donoghue commit d710562e01c48d59be3f60d58b7a85958b39aeda upstream. Currently ecm->notify_req is used to flag when a request is in-flight. ecm->notify_req is set to NULL and when a requ

[PATCH 3.16 29/99] zd1211rw: fix storage endpoint lookup

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 2d68bb2687abb747558b933e80845ff31570a49c upstream. Make sure to use the current alternate setting when verifying the storage interface descriptors to avoid submitting an UR

[PATCH] power: reset: vexpress: fix build issue

An allmodconfig kernel makes CONFIG_VEXPRESS_CONFIG a module and CONFIG_POWER_RESET_VEXPRESS builtin. That makes us see this build error: aarch64-linux-gnu-ld: drivers/power/reset/vexpress-poweroff.o: in function `vexpress_reset_probe': ../drivers/power/reset/vexpress-poweroff.c:119: undefined re

[PATCH 3.16 65/99] media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Will Deacon commit 68035c80e129c4cfec659aac4180354530b26527 upstream. Way back in 2017, fuzzing the 4.14-rc2 USB stack with syzkaller kicked up the following WARNING from the UVC chain scannin

[PATCH 3.16 02/99] propagate_one(): mnt_set_mountpoint() needs mount_lock

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Al Viro commit b0d3869ce9eeacbb1bbd541909beeef4126426d5 upstream. ... to protect the modification of mp->m_count done by it. Most of the places that modify that thing also have namespace_lock

[PATCH 3.16 19/99] mmc: spi: Toggle SPI polarity, do not hardcode it

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Linus Walleij commit af3ed119329cf9690598c5a562d95dfd128e91d6 upstream. The code in mmc_spi_initsequence() tries to send a burst with high chipselect and for this reason hardcodes the device i

[PATCH 3.16 14/99] crypto: pcrypt - Do not clear MAY_SLEEP flag in original request

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit e8d998264bffade3cfe0536559f712ab9058d654 upstream. We should not be modifying the original request's MAY_SLEEP flag upon completion. It makes no sense to do so anyway. Repo

[PATCH 3.16 55/99] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Kai Li commit a09decff5c32060639a685581c380f51b14e1fc2 upstream. If the journal is dirty when the filesystem is mounted, jbd2 will replay the journal but the journal superblock will not be upd

[PATCH 3.16 87/99] mm/mempolicy.c: fix out of bounds write in mpol_parse_str()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit c7a91bc7c2e17e0a9c8b9745a2cb118891218fd1 upstream. What we are trying to do is change the '=' character to a NUL terminator and then at the end of the function we restore

[PATCH 3.16 85/99] of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Michael Ellerman commit dabf6b36b83a18d57e3d4b9d50544ed040d86255 upstream. There's an OF helper called of_dma_is_coherent(), which checks if a device has a "dma-coherent" property to see if th

[PATCH 3.16 77/99] KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 14e32321f3606e4b0970200b6e5e47ee6f1e6410 upstream. This fixes a Spectre-v1/L1TF vulnerability in picdev_write(). It replaces index computations based on the (attacked-con

[PATCH 3.16 74/99] CIFS: Fix task struct use-after-free on reconnect

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Vincent Whitchurch commit f1f27ad74557e39f67a8331a808b860f89254f2d upstream. The task which created the MID may be gone by the time cifsd attempts to call the callbacks on MIDs from cifs_recon

[PATCH 3.16 88/99] media/v4l2-core: set pages dirty upon releasing DMA buffers

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: John Hubbard commit 3c7470b6f68434acae459482ab920d1e3fabd1c7 upstream. After DMA is complete, and the device and CPU caches are synchronized, it's still required to mark the CPU pages as dirty

[PATCH 3.16 57/99] sparc32: fix struct ipc64_perm type definition

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 34ca70ef7d3a9fa7e89151597db5e37ae1d429b4 upstream. As discussed in the strace issue tracker, it appears that the sparc32 sysvipc support has been broken for the past 11 ye

[PATCH 3.16 66/99] KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 1a978d9d3e72ddfa40ac60d26301b154247ee0bc upstream. Call kvm_vcpu_uninit() if vcore creation fails to avoid leaking any resources allocated by kvm_vcpu_init(), i.e. t

[PATCH 3.16 43/99] efi: Use early_mem*() instead of early_io*()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Kiper commit abc93f8eb6e46a480485f19256bdbda36ec78a84 upstream. Use early_mem*() instead of early_io*() because all mapped EFI regions are memory (usually RAM but they could also be ROM

[PATCH 3.16 76/99] KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 3c9053a2cae7ba2ba73766a34cea41baa70f57f7 upstream. This fixes a Spectre-v1/L1TF vulnerability in x86_decode_insn(). kvm_emulate_instruction() (an ancestor of x86_decode_i

[PATCH 3.16 98/99] bonding/alb: properly access headers in bond_alb_xmit()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 38f88c45404293bbc027b956def6c10cbd45c616 upstream. syzbot managed to send an IPX packet through bond_alb_xmit() and af_packet and triggered a use-after-free. First, bond_a

[PATCH 3.16 44/99] efi/x86: Map the entire EFI vendor string before copying it

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Ard Biesheuvel commit ffc2760bcf2dba0dbef74013ed73eea8310cc52c upstream. Fix a couple of issues with the way we map and copy the vendor string: - we map only 2 bytes, which usually works since

[PATCH 3.16 83/99] KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit ea740059ecb37807ba47b84b33d1447435a8d868 upstream. This fixes a Spectre-v1/L1TF vulnerability in __kvm_set_dr() and kvm_get_dr(). Both kvm_get_dr() and kvm_set_dr() (a wr

[PATCH 3.16 59/99] KVM: nVMX: vmread should not set rflags to specify success in case of #PF

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Miaohe Lin commit a4d956b9390418623ae5d07933e2679c68b6f83c upstream. In case writing to vmread destination operand result in a #PF, vmread should not call nested_vmx_succeed() to set rflags to

[PATCH 3.16 94/99] nfs: use kmap/kunmap directly

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Fabian Frederick commit 0795bf8357c1887e2a95e6e4f5b89d0896a0d929 upstream. This patch removes useless nfs_readdir_get_array() and nfs_readdir_release_array() as suggested by Trond Myklebust n

[PATCH 3.16 58/99] KVM: x86: Don't let userspace set host-reserved cr4 bits

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit b11306b53b2540c6ba068c4deddb6a17d9f8d95b upstream. Calculate the host-reserved cr4 bits at runtime based on the system's capabilities (using logic similar to __do_cp

[PATCH 3.16 69/99] tracing: Fix very unlikely race of registering two stat tracers

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: "Steven Rostedt (VMware)" commit dfb6cd1e654315168e36d947471bd2a0ccd834ae upstream. Looking through old emails in my INBOX, I came across a patch from Luis Henriques that attempted to fix a ra

[PATCH 3.16 84/99] KVM: Check for a bad hva before dropping into the ghc slow path

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit fcfbc617547fc6d9552cb6c1c563b6a90ee98085 upstream. When reading/writing using the guest/host cache, check for a bad hva before checking for a NULL memslot, which tri

[PATCH 3.16 45/99] PCI: Don't disable bridge BARs when assigning bus resources

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Logan Gunthorpe commit 9db8dc6d0785225c42a37be7b44d1b07b31b8957 upstream. Some PCI bridges implement BARs in addition to bridge windows. For example, here's a PLX switch: 04:00.0 PCI bridg

[PATCH 3.16 67/99] KVM: PPC: Book3S PR: Free shared page if mmu initialization fails

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit cb10bf9194f4d2c5d830eddca861f7ca0fecdbb4 upstream. Explicitly free the shared page if kvmppc_mmu_init() fails during kvmppc_core_vcpu_create(), as the page is freed

[PATCH 3.16 68/99] KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit 16be9ddea268ad841457a59109963fff8c9de38d upstream. Free the vCPU's wbinvd_dirty_mask if vCPU creation fails after kvm_arch_vcpu_init(), e.g. when installing the vCPU

[PATCH 3.16 75/99] net_sched: ematch: reject invalid TCF_EM_SIMPLE

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit 55cd9f67f1e45de8517cdaab985fb8e56c0bc1d8 upstream. It is possible for malicious userspace to set TCF_EM_SIMPLE bit even for matches that should not have this bit set. This

[PATCH 3.16 71/99] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: "zhangyi (F)" commit d0a186e0d3e7ac05cc77da7c157dae5aa59f95d9 upstream. We invoke jbd2_journal_abort() to abort the journal and record errno in the jbd2 superblock when committing journal tran

[PATCH 3.16 70/99] tracing: Fix tracing_stat return values in error handling paths

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Luis Henriques commit afccc00f75bbbee4e4ae833a96c2d29a7259c693 upstream. tracing_stat_init() was always returning '0', even on the error paths. It now returns -ENODEV if tracing_init_dentry()

[PATCH 3.16 89/99] tcp: clear tp->total_retrans in tcp_disconnect()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit c13c48c00a6bc1febc73902505bdec0967bd7095 upstream. total_retrans needs to be cleared in tcp_disconnect(). tcp_disconnect() is rarely used, but it is worth fixing it. Fixe

[PATCH 3.16 95/99] NFS: Fix memory leaks and corruption in readdir

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit 4b310319c6a8ce708f1033d57145e2aa027a883c upstream. nfs_readdir_xdr_to_array() must not exit without having initialised the array, so that the page cache deletion routine

[PATCH 3.16 82/99] KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 6ec4c5eee1750d5d17951c4e1960d953376a0dda upstream. This fixes a Spectre-v1/L1TF vulnerability in set_msr_mce() and get_msr_mce(). Both functions contain index computation

[PATCH 3.16 96/99] NFS: Directory page cache pages need to be locked when read

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Trond Myklebust commit 114de38225d9b300f027e2aec9afbb6e0def154b upstream. When a NFS directory page cache page is removed from the page cache, its contents are freed through a call to nfs_read

[PATCH 3.16 61/99] KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Sean Christopherson commit e30a7d623dccdb3f880fbcad980b0cb589a1da45 upstream. Remove the bogus 64-bit only condition from the check that disables MMIO spte optimization when the system support

[PATCH 3.16 72/99] ext4, jbd2: ensure panic when aborting with zero errno

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: "zhangyi (F)" commit 51f57b01e4a3c7d7bdceffd84de35144e8c538e7 upstream. JBD2_REC_ERR flag used to indicate the errno has been updated when jbd2 aborted, and then __ext4_abort() and ext4_handle

[GIT PULL] overlayfs fixes for 5.7-rc7

Hi Linus, Please pull from: git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git tags/ovl-fixes-5.7-rc7 Fix two bugs introduced in this cycle and one introduced in v5.5. Thanks, Miklos Dan Carpenter (1): ovl: p

[PATCH 3.16 92/99] cls_rsvp: fix rsvp_policy

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet commit cb3c0e6bdf64d0d124e94ce43cbe4ccbb9b37f51 upstream. NLA_BINARY can be confusing, since .len value represents the max size of the blob. cls_rsvp really wants user space to p

[PATCH 3.16 54/99] x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Pawan Gupta commit 5efc6fa9044c3356d6046c6e1da6d02572dbed6b upstream. /proc/cpuinfo currently reports Hardware Lock Elision (HLE) feature to be present on boot cpu even if it was disabled duri

[PATCH 3.16 80/99] KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 4bf79cb089f6b1c6c632492c0271054ce52ad766 upstream. This fixes a Spectre-v1/L1TF vulnerability in kvm_lapic_reg_write(). This function contains index computations based on

[PATCH 3.16 56/99] KVM: arm64: Only sign-extend MMIO up to register width

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Christoffer Dall commit b6ae256afd32f96bec0117175b329d0dd617655e upstream. On AArch64 you can do a sign-extended load to either a 32-bit or 64-bit register, and we should only sign extend the

[PATCH 3.16 81/99] kvm: x86: use macros to compute bank MSRs

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Chen Yucong commit 81760dccf8d1fe5b128b58736fe3f56a566133cb upstream. Avoid open coded calculations for bank MSRs by using well-defined macros that hide the index of higher bank MSRs. No sema

[PATCH 3.16 78/99] KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 8c86405f606ca8508b8d9280680166ca26723695 upstream. This fixes a Spectre-v1/L1TF vulnerability in ioapic_read_indirect(). This function contains index computations based o

[PATCH 3.16 41/99] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexandre Belloni commit ee0aa926ddb0bd8ba59e33e3803b3b5804e3f5da upstream. Currently the maximum rate for peripheral clock is calculated based on a typical 133MHz MCK. The maximum frequency i

[PATCH 3.16 64/99] USB: serial: ir-usb: fix IrLAP framing

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 38c0d5bdf4973f9f5a888166e9d3e9ed0d32057a upstream. Commit f4a4cbb2047e ("USB: ir-usb: reimplement using generic framework") switched to using the generic write implementati

[PATCH 3.16 86/99] Btrfs: fix race between adding and putting tree mod seq elements and nodes

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Filipe Manana commit 7227ff4de55d931bbdc156c8ef0ce4f100c78a5b upstream. There is a race between adding and removing elements to the tree mod log list and rbtree that can lead to use-after-free

[PATCH 3.16 52/99] nfs: NFS_SWAP should depend on SWAP

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Geert Uytterhoeven commit 474c4f306eefbb21b67ebd1de802d005c7d7ecdc upstream. If CONFIG_SWAP=n, it does not make much sense to offer the user the option to enable support for swapping over NFS,

[PATCH 3.16 42/99] ARM: dts: at91: sama5d3: define clock rate range for tcb1

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Alexandre Belloni commit a7e0f3fc01df4b1b7077df777c37feae8c9e8b6d upstream. The clock rate range for the TCB1 clock is missing. define it in the device tree. Reported-by: Karl Rudbæk Olsen F

[PATCH 3.16 35/99] pxa168fb: Fix the function used to release some memory in an error handling path

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Christophe JAILLET commit 3c911fe799d1c338d94b78e7182ad452c37af897 upstream. In the probe function, some resources are allocated using 'dma_alloc_wc()', they should be released with 'dma_free_

[PATCH 3.16 90/99] ALSA: dummy: Fix PCM format loop in proc output

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit 2acf25f13ebe8beb40e97a1bbe76f36277c64f1e upstream. The loop termination for iterating over all formats should contain SNDRV_PCM_FORMAT_LAST, not less than it. Fixes: 9b151

[PATCH 3.16 97/99] cifs: fail i/o on soft mounts if sessionsetup errors out

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Ronnie Sahlberg commit b0dd940e582b6a60296b9847a54012a4b080dc72 upstream. RHBZ: 1579050 If we have a soft mount we should fail commands for session-setup failures (such as the password having

[PATCH 3.16 73/99] iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit c2f9a4e4a5abfc84c01b738496b3fd2d471e0b18 upstream. The loop counter addr is a u16 where as the upper limit of the loop is an int. In the unlikely event that the il->cfg->

[PATCH 3.16 79/99] KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Marios Pomonis commit 670564559ca35b439c8d8861fc399451ddf95137 upstream. This fixes a Spectre-v1/L1TF vulnerability in ioapic_write_indirect(). This function contains index computations based

[PATCH 3.16 23/99] rsi: fix use-after-free on failed probe and unbind

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit e93cd35101b61e4c79149be2cfc927c4b28dc60c upstream. Make sure to stop both URBs before returning after failed probe as well as on disconnect to avoid use-after-free in the c

[PATCH 3.16 99/99] sunrpc: expiry_time should be seconds not timeval

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Roberto Bergantinos Corpas commit 3d96208c30f84d6edf9ab4fac813306ac0d20c10 upstream. When upcalling gssproxy, cache_head.expiry_time is set as a timeval, not seconds since boot. As such, RPC c

[PATCH 3.16 47/99] dm space map common: fix to ensure new block isn't already in use

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Joe Thornber commit 4feaef830de7ffdd8352e1fe14ad3bf13c9688f8 upstream. The space-maps track the reference counts for disk blocks allocated by both the thin-provisioning and cache targets. The

[PATCH 3.16 93/99] kconfig: fix broken dependency in randconfig-generated .config

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Masahiro Yamada commit c8fb7d7e48d11520ad24808cfce7afb7b9c9f798 upstream. Running randconfig on arm64 using KCONFIG_SEED=0x40C5E904 (e.g. on v5.5) produces the .config with CONFIG_EFI=y and CO

[PATCH 3.16 40/99] media: iguanair: fix endpoint sanity check

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 1b257870a78b0a9ce98fdfb052c58542022ffb5b upstream. Make sure to use the current alternate setting, which need not be the first one by index, when verifying the endpoint des

[PATCH 3.16 91/99] clocksource: Prevent double add_timer_on() for watchdog_timer

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Konstantin Khlebnikov commit febac332a819f0e764aa4da62757ba21d18c182b upstream. Kernel crashes inside QEMU/KVM are observed: kernel BUG at kernel/time/timer.c:1154! BUG_ON(timer_pending(t

[PATCH 3.16 39/99] media: iguanair: add sanity checks

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Oliver Neukum commit ab1cbdf159beba7395a13ab70bc71180929ca064 upstream. The driver needs to check the endpoint types, too, as opposed to the number of endpoints. This also requires moving the

[PATCH 3.16 63/99] USB: serial: ir-usb: fix link-speed handling

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 17a0184ca17e288decdca8b2841531e34d49285f upstream. Commit e0d795e4f36c ("usb: irda: cleanup on ir-usb module") added a USB IrDA header with common defines, but mistakingly

From Michelle

Hallo, ich hoffe du hast meine Nachricht erhalten. Ich brauche schnelle Reaktionen Danke Michelle

[PATCH 3.16 60/99] x86: kvm: avoid unused variable warning

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit 7288bde1f9df6c1475675419bdd7725ce84dec56 upstream. Removing one of the two accesses of the maxphyaddr variable led to a harmless warning: arch/x86/kvm/x86.c: In function

[PATCH 3.16 49/99] usb: gadget: f_ncm: Use atomic_t to track in-flight request

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Bryan O'Donoghue commit 5b24c28cfe136597dc3913e1c00b119307a20c7e upstream. Currently ncm->notify_req is used to flag when a request is in-flight. ncm->notify_req is set to NULL and when a requ

[PATCH 3.16 38/99] ARM: tegra: Enable PLLP bypass during Tegra124 LP1

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Stephen Warren commit 1a3388d506bf5b45bb283e6a4c4706cfb4897333 upstream. For a little over a year, U-Boot has configured the flow controller to perform automatic RAM re-repair on off->on power

[PATCH 3.16 25/99] brcmfmac: abort and release host after error

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Guenter Roeck commit 863844ee3bd38219c88e82966d1df36a77716f3e upstream. With commit 216b44000ada ("brcmfmac: Fix use after free in brcmf_sdio_readframes()") applied, we see locking timeouts in

[PATCH 3.16 53/99] ubifs: Fix deadlock in concurrent bulk-read and writepage

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Zhihao Cheng commit f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 upstream. In ubifs, concurrent execution of writepage and bulk read on the same file may cause ABBA deadlock, for example (Reproduc

[PATCH 3.16 34/99] gianfar: Fix TX timestamping with a stacked DSA driver

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Vladimir Oltean commit c26a2c2ddc0115eb088873f5c309cf46b982f522 upstream. The driver wrongly assumes that it is the only entity that can set the SKBTX_IN_PROGRESS bit of the current skb. There

[PATCH 3.16 36/99] ALSA: sh: Fix compile warning wrt const

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Takashi Iwai commit f1dd4795b1523fbca7ab4344dd5a8bb439cc770d upstream. A long-standing compile warning was seen during build test: sound/sh/aica.c: In function 'load_aica_firmware': sound/

[PATCH 3.16 27/99] orinoco_usb: fix interface sanity check

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit b73e05aa543cf8db4f4927e36952360d71291d41 upstream. Make sure to use the current alternate setting when verifying the interface descriptors to avoid binding to an invalid in

[PATCH 3.16 33/99] rtc: hym8563: Return -EINVAL if the time is known to be invalid

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Paul Kocialkowski commit f236a2a2ebabad0848ad0995af7ad1dc7029e895 upstream. The current code returns -EPERM when the voltage loss bit is set. Since the bit indicates that the time value is not

[PATCH 3.16 32/99] scsi: qla2xxx: Fix mtcp dump collection failure

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Quinn Tran commit 641e0efddcbde52461e017136acd3ce7f2ef0c14 upstream. MTCP dump failed due to MB Reg 10 was picking garbage data from stack memory. Fixes: 81178772b636a ("[SCSI] qla2xxx: Imple

[PATCH 3.16 05/99] padata: avoid race in reordering

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: "Jason A. Donenfeld" commit de5540d088fe97ad583cc7d396586437b32149a5 upstream. Under extremely heavy uses of padata, crashes occur, and with list debugging turned on, this happens instead: [8

[PATCH 3.16 28/99] rsi_91x_usb: fix interface sanity check

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 3139b180906af43bc09bd3373fc2338a8271d9d9 upstream. Make sure to use the current alternate setting when verifying the interface descriptors to avoid binding to an invalid in

Re: [PATCH 14/15] PCI: brcmstb: Set bus max burst side by chip type

On Wed, May 20, 2020 at 9:44 AM Nicolas Saenz Julienne wrote: > > On Tue, 2020-05-19 at 16:34 -0400, Jim Quinlan wrote: > > From: Jim Quinlan > > > > The proper value of the parameter SCB_MAX_BURST_SIZE varies > > per chip. The 2711 family requires 128B whereas other devices > > can employ 512.

[PATCH 3.16 37/99] clk: tegra: Mark fuse clock as critical

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Stephen Warren commit bf83b96f87ae2abb1e535306ea53608e8de5dfbb upstream. For a little over a year, U-Boot on Tegra124 has configured the flow controller to perform automatic RAM re-repair on o

[PATCH 3.16 62/99] USB: serial: ir-usb: add missing endpoint sanity check

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 2988a8ae7476fe9535ab620320790d1714bdad1d upstream. Add missing endpoint sanity check to avoid dereferencing a NULL-pointer on open() in case a device lacks a bulk-out endpo

[PATCH 3.16 30/99] brcmfmac: Fix memory leak in brcmf_usbdev_qinit

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Navid Emamdoost commit 4282dc057d750c6a7dd92953564b15c26b54c22c upstream. In the implementation of brcmf_usbdev_qinit() the allocated memory for reqs is leaking if usb_alloc_urb() fails. Relea

[PATCH 3.16 31/99] crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Chuhong Yuan commit 7f8c36fe9be46862c4f3c5302f769378028a34fa upstream. Since tasklet is needed to be initialized before registering IRQ handler, adjust the position of tasklet_init to fix the

[PATCH 3.16 51/99] staging: wlan-ng: ensure error return is actually returned

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Colin Ian King commit 4cc41cbce536876678b35e03c4a8a7bb72c78fa9 upstream. Currently when the call to prism2sta_ifst fails a netdev_err error is reported, error return variable result is set to

[PATCH 3.16 26/99] brcmfmac: fix interface sanity check

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Johan Hovold commit 3428fbcd6e6c0850b1a8b2a12082b7b2aabb3da3 upstream. Make sure to use the current alternate setting when verifying the interface descriptors to avoid binding to an invalid in

[PATCH 3.16 46/99] power: supply: sbs-battery: Fix a signedness bug in sbs_get_battery_capacity()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit eb368de6de32925c65a97c1e929a31cae2155aee upstream. The "mode" variable is an enum and in this context GCC treats it as an unsigned int so the error handling is never trigg

[PATCH 3.16 24/99] brcmfmac: Fix use after free in brcmf_sdio_readframes()

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 216b44000ada87a63891a8214c347e05a4aea8fe upstream. The brcmu_pkt_buf_free_skb() function frees "pkt" so it leads to a static checker warning: drivers/net/wireless/bro

[PATCH 3.16 48/99] usb: dwc3: turn off VBUS when leaving host mode

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Bin Liu commit 09ed259fac621634d51cd986aa8d65f035662658 upstream. VBUS should be turned off when leaving the host mode. Set GCTL_PRTCAP to device mode in teardown to de-assert DRVVBUS pin to t

[PATCH 3.16 09/99] padata: Replace delayed timer with immediate workqueue in padata_reorder

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 6fc4dbcf0276279d488c5fbbfabe94734134f4fa upstream. The function padata_reorder will use a timer when it cannot progress while completed jobs are outstanding (pd->reorder_obje

[PATCH 3.16 15/99] padata: always acquire cpu_hotplug_lock before pinst->lock

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Jordan commit 38228e8848cd7dd86ccb90406af32de0cad24be3 upstream. lockdep complains when padata's paths to update cpumasks via CPU hotplug and sysfs are both taken: # echo 0 > /sys/de

[PATCH 3.16 03/99] spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: "wuxu.wu" commit 19b61392c5a852b4e8a0bf35aecb969983c5932d upstream. dw_spi_irq() and dw_spi_transfer_one concurrent calls. I find a panic in dw_writer(): txw = *(u8 *)(dws->tx), when dw->tx==

[PATCH 3.16 13/99] crypto: pcrypt - Fix user-after-free on module unload

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 07bfd9bdf568a38d9440c607b72342036011f727 upstream. On module unload of pcrypt we must unregister the crypto algorithms first and then tear down the padata structure. As othe

[PATCH 3.16 21/99] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Jan Kara commit 4d5c1adaf893b8aa52525d2b81995e949bcb3239 upstream. When we fail to allocate string for journal device name we jump to 'error' label which tries to unlock reiserfs write lock wh

[PATCH 3.16 07/99] padata: ensure the reorder timer callback runs on the correct CPU

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Mathias Krause commit cf5868c8a22dc2854b96e9569064bb92365549ca upstream. The reorder timer function runs on the CPU where the timer interrupt was handled which is not necessarily one of the CP

[PATCH 3.16 10/99] padata: initialize pd->cpu with effective cpumask

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Daniel Jordan commit ec9c7d19336ee98ecba8de80128aa405c45feebb upstream. Exercising CPU hotplug on a 5.2 kernel with recent padata fixes from cryptodev-2.6.git in an 8-CPU kvm guest... # m

[PATCH 3.16 04/99] padata: Remove unused but set variables

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Tobias Klauser commit 119a0798dc42ed4c4f96d39b8b676efcea73aec6 upstream. Remove the unused but set variable pinst in padata_parallel_worker to fix the following warning when building with 'W=1

[PATCH 3.16 18/99] crypto: api - Fix race condition in crypto_spawn_alg

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 73669cc556462f4e50376538d77ee312142e8a8a upstream. The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could d

[PATCH 3.16 16/99] crypto: af_alg - Use bh_lock_sock in sk_destruct

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 37f96694cf73ba116993a9d2d99ad6a75fa7fdb0 upstream. As af_alg_release_parent may be called from BH context (most notably due to an async request that only completes after sock

[PATCH 3.16 11/99] padata: Remove broken queue flushing

3.16.84-rc1 review patch. If anyone has any objections, please let me know. -- From: Herbert Xu commit 07928d9bfc81640bab36f5190e8725894d93b659 upstream. The function padata_flush_queues is fundamentally broken because it cannot force padata users to complete the request that

<    2   3   4   5   6   7   8   9   10   11   >