December 2017 - Linux-stable-mirror

[Linux-stable-mirror] [PATCH 3.2 00/94] 3.2.97-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.2.97 release. There are 94 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Jan 1 17:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.2.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Al Viro (3): Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket [71bb99a02b32b4cc4265118e85f6035ca72923f0] Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket [96c26653ce65bf84f3212f8b00d4316c1efcbf4c] more bio_map_user_iov() leak fixes [2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058] Alan Stern (8): USB: core: prevent malicious bNumInterfaces overflow [48a4ff1c7bb5a32d2e396b03132d20d552c0eca7] USB: dummy-hcd: Fix deadlock caused by disconnect detection [ab219221a5064abfff9f78c323c4a257b16cdb81] USB: dummy-hcd: Fix erroneous synchronization change [7dbd8f4cabd96db5a50513de9d83a8105a5ffc81] USB: dummy-hcd: fix infinite-loop resubmission bug [0173a68bfb0ad1c72a6ee39cc485aa2c97540b98] USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks [f16443a034c7aa359ddf6f0f9bc40d01ca31faea] USB: gadgetfs: Fix crash caused by inadequate synchronization [520b72fc64debf8a86c3853b8e486aa5982188f0] USB: gadgetfs: fix copy_to_user while holding spinlock [6e76c01e71551cb221c1f3deacb9dcd9a7346784] usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives [113f6eb6d50cfa5e2a1cdcf1678b12661fa272ab] Andreas Engel (1): USB: serial: cp210x: add support for ELV TFD500 [c496ad835c31ad639b6865714270b3003df031f6] Andreas Gruenbacher (1): vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets [fc46820b27a2d9a46f7e90c9ceb4a64a1bc5fab8] Andrew Honig (1): KVM: VMX: remove I/O port 0x80 bypass on Intel hosts [d59d51f088014f25c2562de59b9abff4f42a7468] Andrey Konovalov (2): uwb: ensure that endpoint is interrupt [70e743e4cec3733dc13559f6184b35d358b9ef3f] uwb: properly check kthread_run return value [bbf26183b7a6236ba602f4d6a2f7cade35bba043] Ashish Samant (1): ocfs2: fstrim: Fix start offset of first cluster group during fstrim [105ddc93f06ebe3e553f58563d11ed63dbcd59f0] Baruch Siach (1): spi: uapi: spidev: add missing ioctl header [a2b4a79b88b24c49d98d45a06a014ffd22ada1a4] Ben Hutchings (2): ipsec: Fix aborted xfrm policy dump crash [1137b5e2529a8f5ca8ee709288ecba3e68044df2] security: Fix mode test in selinux_ptrace_access_check() [69f594a38967f4540ce7a29b3fd214e68a8330bd] Bin Liu (1): usb: gadget: fix spinlock dead lock in gadgetfs [d246dcb2331c5783743720e6510892eb1d2801d9] Boqun Feng (2): kvm/x86: Avoid async PF preempting the kernel incorrectly [a2b7861bb33b2538420bb5d8554153484d3f961f] kvm/x86: Handle async PF in RCU read-side critical sections [b862789aa5186d5ea3a024b7cfe0f80c3a38b980] Borislav Petkov (1): x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context [a743bbeef27b9176987ec0cb7f906ab0ab52d1da] Casey Schaufler (1): lsm: fix smack_inode_removexattr and xattr_getsecurity memleak [57e7ba04d422c3d41c8426380303ec9b7533ded9] Colin Ian King (1): staging: iio: ade7759: fix signed extension bug on shift of a u8 [13ffe9a26df4e156363579b25c904dd0b1e31bfb] Craig Gallek (1): tun/tap: sanitize TUNSETSNDBUF input [93161922c658c714715686cd0cf69b090cb9bf1d] Dan Carpenter (1): tile: array underflow in setup_maxnodemem() [637f23abca87d26e091e0d6647ec878d97d2c6cd] David Herrmann (1): Bluetooth: hidp: verify l2cap sockets [b3916db32c4a3124eee9f3742a2f4723731d7602] Dmitry Fleytman (1): usb: Increase quirk delay for USB devices [b2a542bbb3081dbd64acc8929c140d196664c406] Dmitry Torokhov (1): Input: uinput - avoid FF flush when destroying device [e8b95728f724797f958912fd9b765a695595d3a6] Eric Biggers (13): FS-Cache: fix dereference of NULL user_key_payload [d124b2c53c7bee6569d2a2d0b18b4a1afde00134] KEYS: add missing permission check for request_key() destination [4dca6ea1d9432052afb06baf2e3ae78188a4410b] KEYS: don't revoke uninstantiated key in request_key_auth_new() [f7b48cf08fa63a68b59c2894806ee478216d7f91] KEYS: encrypted: fix dereference of NULL user_key_payload [13923d0865ca96312197962522e88bc0aedccd74] KEYS: fix cred refcount leak in request_key_auth_new() [44d8143340a99b167c74365e844516b73523c087] KEYS: fix key refcount leak in keyctl_assume_authority() [884bee0215fcc239b30c062c37ca29077005e064] KEYS: fix key refcount leak in keyctl_read_key() [7fc0786d956d9e59b68d282be9b156179846ea3d] KEYS: prevent creating a different user's keyrings [237bbd29f7a049d310d907f4b2716a7feef9abf3] KEYS: trusted: fix writing past end of buffer in trusted_read() [a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1] KEYS: trusted: sanitize all key material [ee618b4619b72527aaed765f0f0b74072b281159] crypto: hmac - require that the underlying hash algorithm is unkeyed [af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1] crypto: salsa20 - fix blkcipher_walk API usage [ecaaab5649781c5a0effdaf298a925063020500e] ecryptfs: fix dereference of NULL user_key_payload [f66665c09ab489a11ca490d6a82df57cfc1bea3e] Eric Dumazet (1): tcp: fix tcp_mtu_probe() vs highest_sack [2b7cda9c35d3b940eb9ce74b30bbd5eb30db493d] Ethan Zhao (1): sched/sysctl: Check user input value of sysctl_sched_time_avg [5ccba44ba118a5000cccc50076b0344632459779] Felipe Balbi (1): usb: quirks: add quirk for WORLDE MINI MIDI keyboard [2811501e6d8f5747d08f8e25b9ecf472d0dc4c7d] Geert Uytterhoeven (2): sh: sh7722: remove nonexistent GPIO_PTQ7 to fix pinctrl registration [b78412b8300a8453b78d2c1b0b925b66493bb011] sh: sh7757: remove nonexistent GPIO_PT[JLNQ]7_RESV to fix pinctrl registration [d8ce38f69843a56da044e56b6c16aecfbc3c6e39] Gerald Schaefer (1): s390/mm: fix write access check in gup_huge_pmd() [ba385c0594e723d41790ecfb12c610e6f90c7785] Gleb Natapov (1): KVM: Do not take reference to mm during async #PF [62c49cc976af84cb0ffcb5ec07ee88da1a94e222] Guillaume Nault (6): l2tp: check ps->sock before running pppol2tp_session_ioctl() [5903f594935a3841137c86b9d5b75143a5b7121c] l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6 [8f7dc9ae4a7aece9fbc3e6637bdfa38b36bcdf09] l2tp: fix l2tp_eth module loading [9f775ead5e570e7e19015b9e4e2f3dd6e71a5935] l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() [a3c18422a4b4e108bcf6a2328f48867e1003fd95] l2tp: hold tunnel in pppol2tp_connect() [f9e56baf03f9d36043a78f16e3e8b2cfd211e09e] l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 [94d7ee0baa8b764cf64ad91ed69464c1a6a0066b] Haozhong Zhang (1): KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit [8eb3f87d903168bdbd1222776a6b1e281f50513e] Henryk Heisig (1): USB: serial: option: add support for TP-Link LTE module [837ddc4793a69b256ac5e781a5e729b448a8d983] Herbert Xu (1): crypto: shash - Fix zero-length shash ahash digest crash [b61907bb42409adf9b3120f741af7c57dd7e3db2] Jean Delvare (1): kernel/params.c: align add_sysfs_param documentation with code [630cc2b30a42c70628368a412beb4a5e5dd71abe] Jeffrey Chu (1): USB: serial: ftdi_sio: add id for Cypress WICED dev board [a6c215e21b0dc5fe9416dce90f9acc2ea53c4502] Jim Dickerson (1): usb: pci-quirks.c: Corrected timeout values used in handshake [114ec3a6f9096d211a4aff4277793ba969a62c73] Joerg Roedel (1): iommu/amd: Finish TLB flush in amd_iommu_unmap() [ce76353f169a6471542d999baf3d29b121dce9c0] Johannes Thumshirn (1): scsi: libiscsi: fix shifting of DID_REQUEUE host byte [eef9ffdf9cd39b2986367bc8395e2772bc1284ba] Kazuya Mizuguchi (1): usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet [29c7f3e68eec4ae94d85ad7b5dfdafdb8089f513] Konstantin Khlebnikov (1): Smack: remove unneeded NULL-termination from securtity label [da1b63566c469bf3e2b24182114422e16b1aa34c] LEROY Christophe (1): crypto: talitos - fix sha224 [afd62fa26343be6445479e75de9f07092a061459] Maksim Salau (1): usb: cdc_acm: Add quirk for Elatec TWN3 [765fb2f181cad669f2beb87842a05d8071f2be85] Mark Rutland (1): ARM: 8720/1: ensure dump_instr() checks addr_limit [b9dd05c7002ee0ca8b676428b2268c26399b5e31] Martin K. Petersen (1): scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP [28a0bc4120d38a394499382ba21d6965a67a3703] Mathias Nyman (1): xhci: fix finding correct bus_state structure for USB 3.1 hosts [5a838a13c9b4e5dd188b7a6eaeb894e9358ead0c] Michael S. Tsirkin (1): macvtap: fix TUNSETSNDBUF values > 64k [3ea79249e81e5ed051f2e6480cbde896d99046e8] Mohamed Ghannam (1): dccp: CVE-2017-8824: use-after-free in DCCP code [69c64866ce072dea1d1e59a0d61e0f66c0dffb76] Nicolas Dichtel (1): net: enable interface alias removal via rtnl [2459b4c635858094df78abb9ca87d99f89fe8ca5] Oleg Nesterov (1): ptrace: change __ptrace_unlink() to clear ->ptrace under ->siglock [1333ab03150478df8d6f5673a91df1e50dc6ab97] Oswald Buddenhagen (1): MIPS: AR7: Ensure that serial ports are properly set up [b084116f8587b222a2c5ef6dcd846f40f24b9420] Stefan Mätje (1): can: esd_usb2: Fix can_dlc value for received RTR, frames [72d92e865d1560723e1957ee3f393688c49ca5bf] Stefano Brivio (1): scsi: lpfc: Don't return internal MBXERR_ERROR code from probe function [5c756065e47dc3e84b00577bd109f0a8e69903d7] Steffen Maier (1): scsi: zfcp: fix erp_action use-before-initialize in REC action trace [ab31fd0ce65ec93828b617123792c1bb7c6dcc42] Takashi Iwai (9): ALSA: caiaq: Fix stray URB at probe error path [99fee508245825765ff60155fed43f970ff83a8f] ALSA: seq: Avoid invalid lockdep class warning [3510c7aa069aa83a2de6dab2b41401a198317bdc] ALSA: seq: Fix OSS sysex delivery in OSS emulation [132d358b183ac6ad8b3fea32ad5e0663456d18d1] ALSA: seq: Fix copy_from_user() call inside lock [5803b023881857db32ffefa0d269c90280a67ee0] ALSA: seq: Fix nested rwsem annotation for lockdep splat [1f20f9ff57ca23b9f5502fca85ce3977e8496cb1] ALSA: timer: Add missing mutex lock for compat ioctls [79fb0518fec8c8b4ea7f1729f54f293724b3dbb0] ALSA: timer: Limit max instances per timer [9b7d869ee5a77ed4a462372bb89af622e705bfb8] ALSA: timer: Protect the whole snd_timer_close() with open race [9984d1b5835ca29fc7025186a891ee7398d21cc7] ALSA: usx2y: Suppress kernel warning at page allocation failures [7682e399485fe19622b6fd82510b1f4551e48a25] Wanpeng Li (1): KVM: Fix stack-out-of-bounds read in write_mmio [e39d200fa5bf5b94a0948db0dae44c1b73b84a56] Willem de Bruijn (1): packet: only test po->has_vnet_hdr once in packet_snd [da7c9561015e93d10fe6aab73e9288e0d09d65a6] Xin Long (1): sctp: fix a type cast warnings that causes a_rwnd gets the wrong value [f6fc6bc0b8e0bb13a210bd7386ffdcb1a5f30ef1] Yoshihiro Shimoda (2): usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe [6124607acc88fffeaadf3aacfeb3cc1304c87387] usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction [0a2ce62b61f2c76d0213edf4e37aaf54a8ddf295] Makefile | 4 +- arch/arm/kernel/traps.c | 28 ++++++--- arch/mips/ar7/platform.c | 1 + arch/s390/mm/gup.c | 7 +-- arch/sh/include/cpu-sh4/cpu/sh7722.h | 2 +- arch/sh/include/cpu-sh4/cpu/sh7757.h | 8 +-- arch/tile/kernel/setup.c | 3 +- arch/x86/crypto/salsa20_glue.c | 7 --- arch/x86/include/asm/kvm_para.h | 4 +- arch/x86/kernel/kvm.c | 22 +++---- arch/x86/kvm/svm.c | 2 +- arch/x86/kvm/vmx.c | 7 +-- arch/x86/kvm/x86.c | 8 +-- arch/x86/oprofile/op_model_ppro.c | 4 +- crypto/hmac.c | 6 +- crypto/salsa20_generic.c | 7 --- crypto/shash.c | 13 ++-- drivers/crypto/talitos.c | 4 +- drivers/input/ff-core.c | 13 +++- drivers/input/misc/uinput.c | 18 ++++++ drivers/iommu/amd_iommu.c | 1 + drivers/net/can/usb/esd_usb2.c | 2 +- drivers/net/macvtap.c | 6 +- drivers/net/tun.c | 4 ++ drivers/s390/scsi/zfcp_aux.c | 5 ++ drivers/s390/scsi/zfcp_erp.c | 18 +++--- drivers/s390/scsi/zfcp_scsi.c | 5 ++ drivers/scsi/libiscsi.c | 2 +- drivers/scsi/lpfc/lpfc_init.c | 1 + drivers/scsi/scsi_scan.c | 3 + drivers/scsi/sd.c | 14 ++++- drivers/staging/iio/meter/ade7759.c | 2 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/config.c | 6 +- drivers/usb/core/hub.c | 2 +- drivers/usb/core/quirks.c | 4 ++ drivers/usb/gadget/dummy_hcd.c | 56 +++++++++++++---- drivers/usb/gadget/inode.c | 72 ++++++++++++++++----- drivers/usb/host/pci-quirks.c | 8 +-- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/fifo.c | 23 +++++-- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 7 +++ drivers/usb/serial/option.c | 2 + drivers/usb/storage/unusual_devs.h | 7 +++ drivers/uwb/hwa-rc.c | 2 + drivers/uwb/uwbd.c | 12 ++-- fs/bio.c | 14 +++-- fs/ecryptfs/ecryptfs_kernel.h | 25 +++++--- fs/ecryptfs/keystore.c | 9 ++- fs/fscache/object-list.c | 7 +++ fs/ocfs2/alloc.c | 24 +++++-- fs/read_write.c | 4 +- fs/xattr.c | 2 +- include/crypto/internal/hash.h | 8 +++ include/linux/input.h | 1 + include/linux/key.h | 2 + include/linux/spi/spidev.h | 1 + include/net/bluetooth/l2cap.h | 1 + include/net/tcp.h | 6 +- include/scsi/scsi_device.h | 1 + include/scsi/scsi_devinfo.h | 1 + include/sound/seq_kernel.h | 3 +- include/sound/seq_virmidi.h | 1 + include/sound/timer.h | 2 + include/trace/events/kvm.h | 7 ++- kernel/params.c | 2 +- kernel/ptrace.c | 3 +- kernel/sysctl.c | 3 +- net/bluetooth/bnep/core.c | 3 + net/bluetooth/cmtp/core.c | 3 + net/bluetooth/hidp/core.c | 2 + net/bluetooth/l2cap_sock.c | 6 ++ net/core/rtnetlink.c | 5 +- net/dccp/proto.c | 5 ++ net/ipv4/tcp_output.c | 3 +- net/l2tp/l2tp_eth.c | 51 +-------------- net/l2tp/l2tp_ip.c | 20 +++--- net/l2tp/l2tp_ppp.c | 10 ++- net/packet/af_packet.c | 4 +- net/sctp/sm_sideeffect.c | 4 +- net/xfrm/xfrm_user.c | 3 +- security/keys/encrypted-keys/encrypted.c | 7 +++ security/keys/internal.h | 2 +- security/keys/key.c | 2 + security/keys/keyctl.c | 8 +-- security/keys/keyring.c | 23 ++++--- security/keys/process_keys.c | 9 ++- security/keys/request_key.c | 46 +++++++++++--- security/keys/request_key_auth.c | 69 ++++++++++----------- security/keys/trusted.c | 71 ++++++++++----------- security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 57 ++++++++--------- sound/core/hrtimer.c | 1 + sound/core/seq/oss/seq_oss_midi.c | 4 +- sound/core/seq/oss/seq_oss_readq.c | 29 +++++++++ sound/core/seq/oss/seq_oss_readq.h | 2 + sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 27 +++++--- sound/core/timer.c | 103 +++++++++++++++++++++---------- sound/core/timer_compat.c | 17 ++++- sound/usb/caiaq/device.c | 12 +++- sound/usb/usx2y/usb_stream.c | 6 +- 104 files changed, 769 insertions(+), 416 deletions(-) -- Ben Hutchings The two most common things in the universe are hydrogen and stupidity.

6 years, 10 months

2
95
0 0

[Linux-stable-mirror] [PATCH 3.16 000/204] 3.16.52-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.52 release. There are 204 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Jan 1 17:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Adrian Salido (1): HID: i2c-hid: allocate hid buffers for real worst case [8320caeeffdefec3b58b9d4a7ed8e1079492fe7b] Al Viro (3): Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket [71bb99a02b32b4cc4265118e85f6035ca72923f0] Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket [96c26653ce65bf84f3212f8b00d4316c1efcbf4c] more bio_map_user_iov() leak fixes [2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058] Alan Stern (11): USB: core: prevent malicious bNumInterfaces overflow [48a4ff1c7bb5a32d2e396b03132d20d552c0eca7] USB: dummy-hcd: Fix deadlock caused by disconnect detection [ab219221a5064abfff9f78c323c4a257b16cdb81] USB: dummy-hcd: Fix erroneous synchronization change [7dbd8f4cabd96db5a50513de9d83a8105a5ffc81] USB: dummy-hcd: fix connection failures (wrong speed) [fe659bcc9b173bcfdd958ce2aec75e47651e74e1] USB: dummy-hcd: fix infinite-loop resubmission bug [0173a68bfb0ad1c72a6ee39cc485aa2c97540b98] USB: g_mass_storage: Fix deadlock when driver is unbound [1fbbb78f25d1291274f320462bf6908906f538db] USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks [f16443a034c7aa359ddf6f0f9bc40d01ca31faea] USB: gadgetfs: Fix crash caused by inadequate synchronization [520b72fc64debf8a86c3853b8e486aa5982188f0] USB: gadgetfs: fix copy_to_user while holding spinlock [6e76c01e71551cb221c1f3deacb9dcd9a7346784] usb-storage: fix bogus hardware error messages for ATA pass-thru devices [a4fd4a724d6c30ad671046d83be2e9be2f11d275] usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives [113f6eb6d50cfa5e2a1cdcf1678b12661fa272ab] Alex Estrin (1): Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" [612601d0013f03de9dc134809f242ba6da9ca252] Alexey Kodanev (1): vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit [36f6ee22d2d66046e369757ec6bbe1c482957ba6] Andreas Engel (1): USB: serial: cp210x: add support for ELV TFD500 [c496ad835c31ad639b6865714270b3003df031f6] Andreas Gruenbacher (2): direct-io: Prevent NULL pointer access in submit_page_section [899f0429c7d3eed886406cd72182bee3b96aa1f9] vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets [fc46820b27a2d9a46f7e90c9ceb4a64a1bc5fab8] Andrei Vagin (1): net/unix: don't show information about sockets from other namespaces [0f5da659d8f1810f44de14acf2c80cd6499623a0] Andrew Gabbasov (1): usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options [aec17e1e249567e82b26dafbb86de7d07fde8729] Andrew Honig (1): KVM: VMX: remove I/O port 0x80 bypass on Intel hosts [d59d51f088014f25c2562de59b9abff4f42a7468] Andrey Konovalov (2): uwb: ensure that endpoint is interrupt [70e743e4cec3733dc13559f6184b35d358b9ef3f] uwb: properly check kthread_run return value [bbf26183b7a6236ba602f4d6a2f7cade35bba043] Aravind Gopalakrishnan (2): pci_ids: Add PCI device IDs for F15h M60h [4cbbdb51cc921f95978360fd7a0652d493dadc3e] x86, amd_nb: Add device IDs to NB tables for F15h M60h [15895a729e02ea55433b912cc31d5c6de16359ec] Arnd Bergmann (4): ARM: 8715/1: add a private asm/unaligned.h [1cce91dfc8f7990ca3aea896bfb148f240b12860] gpio: acpi: work around false-positive -Wstring-overflow warning [e40a3ae1f794a35c4af3746291ed6fedc1fa0f6f] include/linux/of.h: provide of_n_{addr,size}_cells wrappers for !CONFIG_OF [8a1ac5dc7be09883051b1bf89a5e57d7ad850fa5] usb: gadget: dummy: fix nonsensical comparisons [7661ca09b2ff98f48693f431bb01fed62830e433] Ashish Samant (1): ocfs2: fstrim: Fix start offset of first cluster group during fstrim [105ddc93f06ebe3e553f58563d11ed63dbcd59f0] Baruch Siach (1): spi: uapi: spidev: add missing ioctl header [a2b4a79b88b24c49d98d45a06a014ffd22ada1a4] Ben Hutchings (1): ipsec: Fix aborted xfrm policy dump crash [1137b5e2529a8f5ca8ee709288ecba3e68044df2] Bo Yan (1): tracing: Erase irqsoff trace with empty write [8dd33bcb7050dd6f8c1432732f930932c9d3a33e] Borislav Petkov (3): x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS doesn't [bfc1168de949cd3e9ca18c3480b5085deff1ea7c] x86/microcode/intel: Disable late loading on model 79 [723f2828a98c8ca19842042f418fb30dd8cfc0f7] x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context [a743bbeef27b9176987ec0cb7f906ab0ab52d1da] Casey Schaufler (1): lsm: fix smack_inode_removexattr and xattr_getsecurity memleak [57e7ba04d422c3d41c8426380303ec9b7533ded9] Christophe Jaillet (1): IB/mlx5: Fix the size parameter to find_first_bit [fffd68734dc685e208e86d8c5f6522cd695a8d60] Colin Ian King (2): IB/ocrdma: fix incorrect fall-through on switch statement [06564f60859bdf7e73d70ae35d7e285e96ae9c46] staging: iio: ade7759: fix signed extension bug on shift of a u8 [13ffe9a26df4e156363579b25c904dd0b1e31bfb] Cong Wang (2): tun: call dev_get_valid_name() before register_netdevice() [0ad646c81b2182f7fa67ec0c8c825e0ee165696d] vlan: fix a use-after-free in vlan_device_event() [052d41c01b3a2e3371d66de569717353af489d63] Craig Gallek (1): tun/tap: sanitize TUNSETSNDBUF input [93161922c658c714715686cd0cf69b090cb9bf1d] Dan Carpenter (1): tile: array underflow in setup_maxnodemem() [637f23abca87d26e091e0d6647ec878d97d2c6cd] David Disseldorp (2): SMB: fix leak of validate negotiate info response buffer [fe83bebc05228e838ed5cbbc62712ab50dd40e18] SMB: fix validate negotiate info uninitialised memory use [a2d9daad1d2dfbd307ab158044d1c323d7babbde] Dmitry Fleytman (1): usb: Increase quirk delay for USB devices [b2a542bbb3081dbd64acc8929c140d196664c406] Dmitry Torokhov (3): Input: ims-psu - check if CDC union descriptor is sane [ea04efee7635c9120d015dcdeeeb6988130cb67a] Input: uinput - avoid FF flush when destroying device [e8b95728f724797f958912fd9b765a695595d3a6] Input: uinput - avoid crash when sending FF request to device going away [6b4877c7bdc6ae39ce03716df7caeecf204697eb] Dongjiu Geng (1): arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort [fd6c8c206fc5d0717b0433b191de0715122f33bb] Dragos Bogdan (2): iio: ad7793: Fix the serial interface reset [7ee3b7ebcb74714df6d94c8f500f307e1ee5dda5] iio: ad_sigma_delta: Implement a dedicated reset function [7fc10de8d49a748c476532c9d8e8fe19e548dd67] Eric Biggers (18): FS-Cache: fix dereference of NULL user_key_payload [d124b2c53c7bee6569d2a2d0b18b4a1afde00134] KEYS: add missing permission check for request_key() destination [4dca6ea1d9432052afb06baf2e3ae78188a4410b] KEYS: don't revoke uninstantiated key in request_key_auth_new() [f7b48cf08fa63a68b59c2894806ee478216d7f91] KEYS: encrypted: fix dereference of NULL user_key_payload [13923d0865ca96312197962522e88bc0aedccd74] KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] [624f5ab8720b3371367327a822c267699c1823b8] KEYS: fix cred refcount leak in request_key_auth_new() [44d8143340a99b167c74365e844516b73523c087] KEYS: fix key refcount leak in keyctl_assume_authority() [884bee0215fcc239b30c062c37ca29077005e064] KEYS: fix key refcount leak in keyctl_read_key() [7fc0786d956d9e59b68d282be9b156179846ea3d] KEYS: fix out-of-bounds read during ASN.1 parsing [2eb9eabf1e868fda15808954fb29b0f105ed65f1] KEYS: fix writing past end of user-supplied buffer in keyring_read() [e645016abc803dafc75e4b8f6e4118f088900ffb] KEYS: prevent creating a different user's keyrings [237bbd29f7a049d310d907f4b2716a7feef9abf3] KEYS: return full count in keyring_read() if buffer is too small [3239b6f29bdfb4b0a2ba59df995fc9e6f4df7f1f] KEYS: trusted: fix writing past end of buffer in trusted_read() [a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1] KEYS: trusted: sanitize all key material [ee618b4619b72527aaed765f0f0b74072b281159] crypto: hmac - require that the underlying hash algorithm is unkeyed [af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1] crypto: salsa20 - fix blkcipher_walk API usage [ecaaab5649781c5a0effdaf298a925063020500e] ecryptfs: fix dereference of NULL user_key_payload [f66665c09ab489a11ca490d6a82df57cfc1bea3e] lib/digsig: fix dereference of NULL user_key_payload [192cabd6a296cbc57b3d8c05c4c89d87fc102506] Eric Dumazet (3): netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user [e466af75c074e76107ae1cd5a2823e9c61894ffb] tcp: fastopen: fix on syn-data transmit failure [b5b7db8d680464b1d631fd016f5e093419f0bfd9] tcp: fix tcp_mtu_probe() vs highest_sack [2b7cda9c35d3b940eb9ce74b30bbd5eb30db493d] Eric W. Biederman (5): exec: Ensure mm->user_ns contains the execed files [f84df2a6f268de584a201e8911384a2d244876e3] mm: Add a user_ns owner to mm_struct and fix ptrace permission checks [bfedb589252c01fa505ac9f6f2a3d5d68d707ef4] ptrace: Capture the ptracer's creds not PT_PTRACE_CAP [64b875f7ac8a5d60a4e191479299e931ee949b67] ptrace: Don't allow accessing an undumpable mm [84d77d3f06e7e8dea057d10e8ec77ad71f721be3] ptrace: Properly initialize ptracer_cred on fork [c70d9d809fdeecedb96972457ee45c49a232d97f] Ethan Zhao (1): sched/sysctl: Check user input value of sysctl_sched_time_avg [5ccba44ba118a5000cccc50076b0344632459779] Felipe Balbi (1): usb: quirks: add quirk for WORLDE MINI MIDI keyboard [2811501e6d8f5747d08f8e25b9ecf472d0dc4c7d] Florian Westphal (1): netfilter: ipset: pernet ops must be unregistered last [e23ed762db7ed1950a6408c3be80bc56909ab3d4] Geert Uytterhoeven (4): sh: sh7264: remove nonexistent GPIO_PH[0-7] to fix pinctrl registration [eae3df7e82318d798f45dedf111e241805ec7a4a] sh: sh7269: remove nonexistent GPIO_PH[0-7] to fix pinctrl registration [d9d73e81fe82fdf4ee65a48c26531edc04108349] sh: sh7722: remove nonexistent GPIO_PTQ7 to fix pinctrl registration [b78412b8300a8453b78d2c1b0b925b66493bb011] sh: sh7757: remove nonexistent GPIO_PT[JLNQ]7_RESV to fix pinctrl registration [d8ce38f69843a56da044e56b6c16aecfbc3c6e39] Gerald Schaefer (1): s390/mm: fix write access check in gup_huge_pmd() [ba385c0594e723d41790ecfb12c610e6f90c7785] Guillaume Nault (6): l2tp: check ps->sock before running pppol2tp_session_ioctl() [5903f594935a3841137c86b9d5b75143a5b7121c] l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6 [8f7dc9ae4a7aece9fbc3e6637bdfa38b36bcdf09] l2tp: fix l2tp_eth module loading [9f775ead5e570e7e19015b9e4e2f3dd6e71a5935] l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() [a3c18422a4b4e108bcf6a2328f48867e1003fd95] l2tp: hold tunnel in pppol2tp_connect() [f9e56baf03f9d36043a78f16e3e8b2cfd211e09e] l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 [94d7ee0baa8b764cf64ad91ed69464c1a6a0066b] Gustavo A. R. Silva (1): MIPS: microMIPS: Fix incorrect mask in insn_table_MM [77238e76b9156d28d86c1e31c00ed2960df0e4de] Hante Meuleman (1): brcmfmac: Add length checks on firmware events [0aedbcaf6f182690790d98d90d5fe1e64c846c34] Haozhong Zhang (1): KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit [8eb3f87d903168bdbd1222776a6b1e281f50513e] Henryk Heisig (1): USB: serial: option: add support for TP-Link LTE module [837ddc4793a69b256ac5e781a5e729b448a8d983] Herbert Xu (1): crypto: shash - Fix zero-length shash ahash digest crash [b61907bb42409adf9b3120f741af7c57dd7e3db2] Ilya Dryomov (1): rbd: use GFP_NOIO for parent stat and data requests [1e37f2f84680fa7f8394fd444b6928e334495ccc] Ilya Lesokhin (1): IB/mlx5: Simplify mlx5_ib_cont_pages [d67bc5d4e3e100d762c0f57ea67f28bc219698a6] Jan Luebbe (1): bus: mbus: fix window size calculation for 4GB windows [2bbbd96357ce76cc45ec722c00f654aa7b189112] Jani Nikula (1): drm/i915/bios: ignore HDMI on port A [d27ffc1d00327c29b3aa97f941b42f0949f9e99f] Jann Horn (1): security: let security modules use PTRACE_MODE_* with bitmasks [3dfb7d8cdbc7ea0c2970450e60818bb3eefbad69] Jason A. Donenfeld (1): security/keys: properly zero out sensitive key material in big_key [910801809b2e40a4baedd080ef5d80b4a180e70e] Jean Delvare (1): kernel/params.c: align add_sysfs_param documentation with code [630cc2b30a42c70628368a412beb4a5e5dd71abe] Jeff Lance (1): Input: ti_am335x_tsc - fix incorrect step config for 5 wire touchscreen [cf5dd48907bebaefdb43a8ca079be77e8da2cb20] Jeffrey Chu (1): USB: serial: ftdi_sio: add id for Cypress WICED dev board [a6c215e21b0dc5fe9416dce90f9acc2ea53c4502] Jim Dickerson (1): usb: pci-quirks.c: Corrected timeout values used in handshake [114ec3a6f9096d211a4aff4277793ba969a62c73] Jimmy Assarsson (1): can: kvaser_usb: Correct return value in printout [8f65a923e6b628e187d5e791cf49393dd5e8c2f9] Joerg Roedel (1): iommu/amd: Finish TLB flush in amd_iommu_unmap() [ce76353f169a6471542d999baf3d29b121dce9c0] Johan Hovold (1): USB: serial: metro-usb: add MS7820 device id [31dc3f819bac28a0990b36510197560258ab7421] Johannes Thumshirn (1): scsi: libiscsi: fix shifting of DID_REQUEUE host byte [eef9ffdf9cd39b2986367bc8395e2772bc1284ba] John David Anglin (1): parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels [374b3bf8e8b519f61eb9775888074c6e46b3bf0c] Jonathan Basseri (1): xfrm: Clear sk_dst_cache when applying per-socket policy. [2b06cdf3e688b98fcc9945873b5d42792bd4eee0] Kazuya Mizuguchi (1): usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet [29c7f3e68eec4ae94d85ad7b5dfdafdb8089f513] Kevin Cernekee (4): brcmfmac: Add check for short event packets [dd2349121bb1b8ff688c3ca6a2a0bea9d8c142ca] netfilter: nfnetlink_cthelper: Add missing permission checks [4b380c42f7d00a395feede754f0bc2292eebe6e5] netfilter: xt_osf: Add missing permission checks [916a27901de01446bcf57ecca4783f6cff493309] netlink: Add netns check on taps [93c647643b48f0131f02e45da3bd367d80443291] Kirill A. Shutemov (1): mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() [a8f97366452ed491d13cf1e44241bc0b5740b1f0] Konstantin Khlebnikov (2): Smack: remove unneeded NULL-termination from securtity label [da1b63566c469bf3e2b24182114422e16b1aa34c] net_sched: always reset qdisc backlog in qdisc_reset() [c8e1812960eeae42e2183154927028511c4bc566] LEROY Christophe (2): crypto: talitos - Don't provide setkey for non hmac hashing algs. [56136631573baa537a15e0012055ffe8cfec1a33] crypto: talitos - fix sha224 [afd62fa26343be6445479e75de9f07092a061459] Lauro Ramos Venancio (1): sched/topology: Optimize build_group_mask() [f32d782e31bf079f600dcec126ed117b0577e85c] Li Bin (1): workqueue: Fix NULL pointer dereference [cef572ad9bd7f85035ba8272e5352040e8be0152] Luca Coelho (1): iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD [97bce57bd7f96e1218751996f549a6e61f18cc8c] Lukas Wunner (1): iio: adc: mcp320x: Fix oops on module unload [0964e40947a630a2a6f724e968246992f97bcf1c] Maksim Salau (1): usb: cdc_acm: Add quirk for Elatec TWN3 [765fb2f181cad669f2beb87842a05d8071f2be85] Marc Zyngier (1): arm64: Make sure SPsel is always set [5371513fb338fb9989c569dc071326d369d6ade8] Marek Szyprowski (1): iommu/exynos: Remove initconst attribute to avoid potential kernel oops [9d25e3cc83d731ae4eeb017fd07562fde3f80bef] Mark Rutland (3): ARM: 8720/1: ensure dump_instr() checks addr_limit [b9dd05c7002ee0ca8b676428b2268c26399b5e31] arm64: ensure __dump_instr() checks addr_limit [7a7003b1da010d2b0d1dc8bf21c10f5c73b389f1] arm64: fix dump_instr when PAN and UAO are in use [c5cea06be060f38e5400d796e61cfc8c36e52924] Martin K. Petersen (1): scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP [28a0bc4120d38a394499382ba21d6965a67a3703] Mathias Nyman (2): usb: hub: Allow reset retry for USB2 devices on connect bounce [1ac7db63333db1eeff901bfd6bbcd502b4634fa4] xhci: fix finding correct bus_state structure for USB 3.1 hosts [5a838a13c9b4e5dd188b7a6eaeb894e9358ead0c] Matt Bennett (1): ip6_gre: Reduce log level in ip6gre_err() to debug [a46496ce38eeb401344d5623c1960dbf2f1769be] Matt Fornero (1): iio: core: Return error for failed read_reg [3d62c78a6eb9a7d67bace9622b66ad51e81c5f9b] Matthew Wilcox (1): fs/mpage.c: fix mpage_writepage() for pages with buffers [f892760aa66a2d657deaf59538fb69433036767c] Mayank Rana (1): usb: xhci: Handle error condition in xhci_stop_device() [b3207c65dfafae27e7c492cb9188c0dc0eeaf3fd] Michael S. Tsirkin (1): macvtap: fix TUNSETSNDBUF values > 64k [3ea79249e81e5ed051f2e6480cbde896d99046e8] Miklos Szeredi (1): fuse: fix READDIRPLUS skipping an entry [c6cdd51404b7ac12dd95173ddfc548c59ecf037f] Mohamed Ghannam (1): dccp: CVE-2017-8824: use-after-free in DCCP code [69c64866ce072dea1d1e59a0d61e0f66c0dffb76] Nicolai Stange (1): PCI: Fix race condition with driver_override [9561475db680f7144d2223a409dd3d7e322aca03] Nicolas Dichtel (1): net: enable interface alias removal via rtnl [2459b4c635858094df78abb9ca87d99f89fe8ca5] Oleg Nesterov (1): ptrace: change __ptrace_unlink() to clear ->ptrace under ->siglock [1333ab03150478df8d6f5673a91df1e50dc6ab97] Omar Sandoval (1): Btrfs: fix incorrect {node,sector}size endianness from BTRFS_IOC_FS_INFO [bea7eafdbda3ba1d4b2ccb9cca829eefb7989bb9] Oswald Buddenhagen (1): MIPS: AR7: Ensure that serial ports are properly set up [b084116f8587b222a2c5ef6dcd846f40f24b9420] Paolo Abeni (4): IPv4: early demux can return an error code [7487449c86c65202b3b725c4524cb48dd65e4e6f] ipv4: fix broadcast packets reception [ad0ea1989cc4d5905941d0a9e62c63ad6d859cef] udp: fix bcast packet reception [996b44fcef8f216ea0b6b6e74468c5a77b5e341f] udp: perform source validation for mcast early demux [bc044e8db7962e727a75b591b9851ff2ac5cf846] Paul Burton (1): MIPS: Fix CM region target definitions [6a6cba1d945a7511cdfaf338526871195e420762] Peng Xu (1): nl80211: Define policy for packet pattern attributes [ad670233c9e1d5feb365d870e30083ef1b889177] Peter Zijlstra (3): sched/topology: Remove FORCE_SD_OVERLAP [af85596c74de2fd9abb87501ae280038ac28a3f4] sched/topology: Simplify build_overlap_sched_groups() [91eaed0d61319f58a9f8e43d41a8cbb069b4f73d] x86/uaccess, sched/preempt: Verify access_ok() context [7c4788950ba5922fde976d80b72baf46f14dee8d] Ravi Bangoria (1): powerpc/sysrq: Fix oops whem ppmu is not registered [4917fcb58cc73f6b81455e3c5f960144809ddf1a] Ricard Wanderlof (1): ASoC: adau17x1: Workaround for noise bug in ADC [1e6f4fc06f6411adf98bbbe7fcd79442cd2b2a75] Richard Schütz (1): can: c_can: don't indicate triple sampling support for D_CAN [fb5f0b3ef69b95e665e4bbe8a3de7201f09f1071] Ronnie Sahlberg (1): cifs: check rsp for NULL before dereferencing in SMB2_open [bf2afee14e07de16d3cafc67edbfc2a3cc65e4bc] Sabrina Dubroca (1): l2tp: fix race condition in l2tp_tunnel_delete [62b982eeb4589b2e6d7c01a90590e3a4c2b2ca19] Satoru Takeuchi (1): btrfs: prevent to set invalid default subvolid [6d6d282932d1a609e60dc4467677e0e863682f57] Sekhar Nori (1): ARM: dts: da850-evm: add serial and ethernet aliases [ce21574ad1922b403198ee664c4dff276f514f1d] Shrirang Bagul (1): USB: serial: qcserial: add Dell DW5818, DW5819 [f5d9644c5fca7d8e8972268598bb516a7eae17f9] Shu Wang (2): cifs: release auth_key.response for reconnect. [f5c4ba816315d3b813af16f5571f86c8d4e897bd] cifs: release cifs root_cred after exit_cifs [94183331e815617246b1baa97e0916f358c794bb] Stefan Mätje (1): can: esd_usb2: Fix can_dlc value for received RTR, frames [72d92e865d1560723e1957ee3f393688c49ca5bf] Stefan Popa (1): staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack. [f790923f146140a261ad211e5baf75d169f16fb2] Stefano Brivio (1): scsi: lpfc: Don't return internal MBXERR_ERROR code from probe function [5c756065e47dc3e84b00577bd109f0a8e69903d7] Steffen Maier (1): scsi: zfcp: fix erp_action use-before-initialize in REC action trace [ab31fd0ce65ec93828b617123792c1bb7c6dcc42] Steve French (3): SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags [1013e760d10e614dc10b5624ce9fc41563ba2e65] SMB3: Validate negotiate request must always be signed [4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd] SMB: Validate negotiate (to protect against downgrade) even if signing off [0603c96f3af50e2f9299fa410c224ab1d465e0f9] Tahsin Erdogan (1): tracing: Fix trace_pipe behavior for instance traces [75df6e688ccd517e339a7c422ef7ad73045b18a2] Takashi Iwai (10): ALSA: caiaq: Fix stray URB at probe error path [99fee508245825765ff60155fed43f970ff83a8f] ALSA: hda: Remove superfluous '-' added by printk conversion [6bf88a343db2b3c160edf9b82a74966b31cc80bd] ALSA: seq: Avoid invalid lockdep class warning [3510c7aa069aa83a2de6dab2b41401a198317bdc] ALSA: seq: Fix OSS sysex delivery in OSS emulation [132d358b183ac6ad8b3fea32ad5e0663456d18d1] ALSA: seq: Fix copy_from_user() call inside lock [5803b023881857db32ffefa0d269c90280a67ee0] ALSA: seq: Fix nested rwsem annotation for lockdep splat [1f20f9ff57ca23b9f5502fca85ce3977e8496cb1] ALSA: timer: Add missing mutex lock for compat ioctls [79fb0518fec8c8b4ea7f1729f54f293724b3dbb0] ALSA: timer: Limit max instances per timer [9b7d869ee5a77ed4a462372bb89af622e705bfb8] ALSA: timer: Protect the whole snd_timer_close() with open race [9984d1b5835ca29fc7025186a891ee7398d21cc7] ALSA: usx2y: Suppress kernel warning at page allocation failures [7682e399485fe19622b6fd82510b1f4551e48a25] Tejun Heo (1): workqueue: replace pool->manager_arb mutex with a flag [692b48258dda7c302e777d7d5f4217244478f1f6] Tyrel Datwyler (1): powerpc/pseries: Fix parent_dn reference leak in add_dt_node() [b537ca6fede69a281dc524983e5e633d79a10a08] Wanpeng Li (1): KVM: Fix stack-out-of-bounds read in write_mmio [e39d200fa5bf5b94a0948db0dae44c1b73b84a56] Will Deacon (1): arm64: fault: Route pte translation faults via do_translation_fault [760bfb47c36a07741a089bf6a28e854ffbee7dc9] Willem de Bruijn (1): packet: only test po->has_vnet_hdr once in packet_snd [da7c9561015e93d10fe6aab73e9288e0d09d65a6] Wolfgang Grandegger (1): can: gs_usb: fix busy loop if no more TX context is available [97819f943063b622eca44d3644067c190dc75039] Xin Long (4): ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err [f8d20b46ce55cf40afb30dcef6d9288f7ef46d9b] ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header [76cc0d3282d4b933fa144fa41fbc5318e0fdca24] sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect [1cc276cec9ec574d41cf47dfc0f51406b6f26ab4] sctp: fix a type cast warnings that causes a_rwnd gets the wrong value [f6fc6bc0b8e0bb13a210bd7386ffdcb1a5f30ef1] Yasuaki Ishimatsu (2): mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function [1dd2bfc86818ddbc95f98e312e7704350223fd7d] mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long [d09b0137d204bebeaafed672bc5a244e9ac92edb] Yazen Ghannam (1): x86/amd_nb: Add Fam17h Data Fabric as "Northbridge" [b791c6b6a55c402367cc544f54921074253db061] Ye Yin (1): netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed [2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f] Yoshihiro Shimoda (2): usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe [6124607acc88fffeaadf3aacfeb3cc1304c87387] usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction [0a2ce62b61f2c76d0213edf4e37aaf54a8ddf295] Makefile | 4 +- arch/alpha/kernel/ptrace.c | 2 +- arch/arm/boot/dts/da850-evm.dts | 7 ++ arch/arm/include/asm/Kbuild | 1 - arch/arm/include/asm/unaligned.h | 27 +++++ arch/arm/kernel/traps.c | 28 ++++-- arch/arm/kvm/emulate.c | 5 +- arch/arm/kvm/mmio.c | 4 +- arch/arm64/kernel/head.S | 1 + arch/arm64/kernel/traps.c | 28 +++--- arch/arm64/kvm/inject_fault.c | 16 ++- arch/arm64/mm/fault.c | 2 +- arch/blackfin/kernel/ptrace.c | 4 +- arch/cris/arch-v32/kernel/ptrace.c | 2 +- arch/ia64/kernel/ptrace.c | 2 +- arch/mips/ar7/platform.c | 1 + arch/mips/include/asm/mips-cm.h | 4 +- arch/mips/kernel/ptrace32.c | 4 +- arch/mips/mm/uasm-micromips.c | 2 +- arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/ptrace32.c | 4 +- arch/powerpc/perf/core-book3s.c | 5 + arch/powerpc/platforms/pseries/mobility.c | 4 +- arch/s390/mm/gup.c | 7 +- arch/sh/include/cpu-sh2a/cpu/sh7264.h | 4 +- arch/sh/include/cpu-sh2a/cpu/sh7269.h | 4 +- arch/sh/include/cpu-sh4/cpu/sh7722.h | 2 +- arch/sh/include/cpu-sh4/cpu/sh7757.h | 8 +- arch/tile/kernel/setup.c | 2 +- arch/x86/crypto/salsa20_glue.c | 7 -- arch/x86/include/asm/uaccess.h | 14 ++- arch/x86/kernel/amd_nb.c | 48 +++++++++ arch/x86/kernel/cpu/microcode/intel.c | 18 ++++ arch/x86/kvm/vmx.c | 7 +- arch/x86/kvm/x86.c | 8 +- arch/x86/oprofile/op_model_ppro.c | 4 +- block/bio.c | 14 ++- crypto/hmac.c | 6 +- crypto/salsa20_generic.c | 7 -- crypto/shash.c | 13 ++- drivers/block/rbd.c | 4 +- drivers/bus/mvebu-mbus.c | 2 +- drivers/crypto/talitos.c | 7 +- drivers/gpio/gpiolib-acpi.c | 2 +- drivers/gpu/drm/i915/intel_bios.c | 7 ++ drivers/hid/i2c-hid/i2c-hid.c | 3 +- drivers/iio/adc/ad7793.c | 4 +- drivers/iio/adc/ad_sigma_delta.c | 28 ++++++ drivers/iio/adc/mcp320x.c | 1 + drivers/iio/industrialio-core.c | 4 +- drivers/infiniband/hw/mlx5/mem.c | 49 ++++----- drivers/infiniband/hw/ocrdma/ocrdma_hw.c | 3 + drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 --- drivers/input/ff-core.c | 13 ++- drivers/input/misc/ims-pcu.c | 16 ++- drivers/input/misc/uinput.c | 57 +++++++---- drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/iommu/amd_iommu.c | 1 + drivers/iommu/exynos-iommu.c | 2 +- drivers/net/can/c_can/c_can_pci.c | 1 - drivers/net/can/c_can/c_can_platform.c | 1 - drivers/net/can/usb/esd_usb2.c | 2 +- drivers/net/can/usb/gs_usb.c | 10 +- drivers/net/can/usb/kvaser_usb.c | 3 +- drivers/net/macvtap.c | 6 +- drivers/net/tun.c | 7 ++ drivers/net/wireless/brcm80211/brcmfmac/fweh.c | 58 +++-------- drivers/net/wireless/brcm80211/brcmfmac/fweh.h | 68 ++++++++++--- drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 10 ++ .../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 5 + drivers/net/wireless/iwlwifi/mvm/mac80211.c | 10 +- drivers/pci/pci-sysfs.c | 11 ++- drivers/s390/scsi/zfcp_aux.c | 5 + drivers/s390/scsi/zfcp_erp.c | 18 ++-- drivers/s390/scsi/zfcp_scsi.c | 5 + drivers/scsi/libiscsi.c | 2 +- drivers/scsi/lpfc/lpfc_init.c | 1 + drivers/scsi/scsi_scan.c | 3 + drivers/scsi/sd.c | 16 ++- drivers/staging/iio/adc/ad7192.c | 4 +- drivers/staging/iio/meter/ade7759.c | 2 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/config.c | 6 +- drivers/usb/core/hub.c | 13 ++- drivers/usb/core/quirks.c | 4 + drivers/usb/gadget/composite.c | 5 + drivers/usb/gadget/dummy_hcd.c | 81 +++++++++++---- drivers/usb/gadget/f_mass_storage.c | 31 ++---- drivers/usb/gadget/f_mass_storage.h | 14 --- drivers/usb/gadget/inode.c | 55 +++++++++-- drivers/usb/gadget/mass_storage.c | 20 +--- drivers/usb/gadget/net2280.c | 5 +- drivers/usb/host/pci-quirks.c | 8 +- drivers/usb/host/xhci-hub.c | 22 ++++- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/fifo.c | 23 ++++- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 7 ++ drivers/usb/serial/metro-usb.c | 1 + drivers/usb/serial/option.c | 2 + drivers/usb/serial/qcserial.c | 4 + drivers/usb/storage/transport.c | 14 ++- drivers/usb/storage/unusual_devs.h | 7 ++ drivers/uwb/hwa-rc.c | 2 + drivers/uwb/uwbd.c | 12 ++- fs/block_dev.c | 6 +- fs/btrfs/ioctl.c | 10 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/connect.c | 8 ++ fs/cifs/file.c | 7 ++ fs/cifs/smb2pdu.c | 34 +++++-- fs/direct-io.c | 3 +- fs/ecryptfs/ecryptfs_kernel.h | 25 +++-- fs/ecryptfs/keystore.c | 9 +- fs/exec.c | 22 ++++- fs/fscache/object-list.c | 7 ++ fs/fuse/dir.c | 3 +- fs/mpage.c | 14 ++- fs/ocfs2/alloc.c | 24 +++-- fs/read_write.c | 4 +- fs/xattr.c | 2 +- include/crypto/internal/hash.h | 8 ++ include/linux/buffer_head.h | 1 + include/linux/capability.h | 2 + include/linux/iio/adc/ad_sigma_delta.h | 3 + include/linux/input.h | 1 + include/linux/key.h | 2 + include/linux/mbus.h | 4 +- include/linux/mm.h | 2 + include/linux/mm_types.h | 1 + include/linux/mmzone.h | 10 +- include/linux/netdevice.h | 3 + include/linux/of.h | 10 ++ include/linux/pci_ids.h | 2 + include/linux/preempt_mask.h | 21 ++-- include/linux/ptrace.h | 11 ++- include/linux/sched.h | 1 + include/linux/skbuff.h | 7 ++ include/net/protocol.h | 2 +- include/net/route.h | 4 +- include/net/tcp.h | 8 +- include/net/udp.h | 2 +- include/scsi/scsi_device.h | 1 + include/scsi/scsi_devinfo.h | 1 + include/sound/seq_kernel.h | 3 +- include/sound/seq_virmidi.h | 1 + include/sound/timer.h | 2 + include/trace/events/kvm.h | 7 +- include/uapi/linux/spi/spidev.h | 1 + kernel/capability.c | 36 ++++++- kernel/fork.c | 9 +- kernel/params.c | 2 +- kernel/ptrace.c | 91 +++++++++++------ kernel/sched/core.c | 21 ++-- kernel/sched/features.h | 1 - kernel/sysctl.c | 3 +- kernel/trace/trace.c | 12 ++- kernel/workqueue.c | 37 +++---- kernel/workqueue_internal.h | 3 +- lib/asn1_decoder.c | 7 +- lib/digsig.c | 6 ++ mm/huge_memory.c | 14 +-- mm/init-mm.c | 2 + mm/memory.c | 2 +- mm/memory_hotplug.c | 6 +- mm/nommu.c | 2 +- net/8021q/vlan.c | 6 +- net/bluetooth/bnep/core.c | 3 + net/bluetooth/cmtp/core.c | 3 + net/core/dev.c | 6 +- net/core/rtnetlink.c | 5 +- net/core/skbuff.c | 1 + net/dccp/proto.c | 5 + net/ipv4/ip_input.c | 22 +++-- net/ipv4/ip_vti.c | 3 +- net/ipv4/route.c | 44 +++++---- net/ipv4/tcp_ipv4.c | 9 +- net/ipv4/tcp_output.c | 12 ++- net/ipv4/udp.c | 30 ++++-- net/ipv6/ip6_gre.c | 41 ++++---- net/ipv6/ip6_vti.c | 3 +- net/l2tp/l2tp_core.c | 10 +- net/l2tp/l2tp_core.h | 5 +- net/l2tp/l2tp_eth.c | 51 +--------- net/l2tp/l2tp_ip.c | 20 ++-- net/l2tp/l2tp_ip6.c | 21 ++-- net/l2tp/l2tp_ppp.c | 10 +- net/netfilter/ipset/ip_set_core.c | 23 +++-- net/netfilter/nfnetlink_cthelper.c | 10 ++ net/netfilter/x_tables.c | 4 +- net/netfilter/xt_osf.c | 7 ++ net/netlink/af_netlink.c | 3 + net/packet/af_packet.c | 4 +- net/sched/sch_generic.c | 1 + net/sctp/input.c | 2 +- net/sctp/sm_sideeffect.c | 4 +- net/unix/diag.c | 2 + net/wireless/nl80211.c | 12 ++- net/xfrm/xfrm_state.c | 1 + net/xfrm/xfrm_user.c | 3 +- security/keys/big_key.c | 2 +- security/keys/encrypted-keys/encrypted.c | 7 ++ security/keys/internal.h | 2 +- security/keys/key.c | 2 + security/keys/keyctl.c | 8 +- security/keys/keyring.c | 72 +++++++------- security/keys/process_keys.c | 8 +- security/keys/request_key.c | 46 +++++++-- security/keys/request_key_auth.c | 69 ++++++------- security/keys/trusted.c | 69 ++++++------- security/smack/smack_lsm.c | 65 ++++++------ security/yama/yama_lsm.c | 4 +- sound/core/hrtimer.c | 1 + sound/core/seq/oss/seq_oss_midi.c | 4 +- sound/core/seq/oss/seq_oss_readq.c | 29 ++++++ sound/core/seq/oss/seq_oss_readq.h | 2 + sound/core/seq/seq_clientmgr.c | 2 +- sound/core/seq/seq_virmidi.c | 27 +++-- sound/core/timer.c | 109 ++++++++++++++------- sound/core/timer_compat.c | 17 +++- sound/pci/hda/hda_codec.c | 2 +- sound/soc/codecs/adau17x1.c | 24 ++++- sound/soc/codecs/adau17x1.h | 2 + sound/usb/caiaq/device.c | 12 ++- sound/usb/usx2y/usb_stream.c | 6 +- 226 files changed, 1733 insertions(+), 945 deletions(-) -- Ben Hutchings The two most common things in the universe are hydrogen and stupidity.

6 years, 10 months

2
205
0 0

[Linux-stable-mirror] [PATCH] drm/i915/gvt: Clear the shadow page table entry after post-sync

by Zhi Wang

A shadow page table entry needs to be cleared after being set as post-sync. This patch fixes the recent error reported in Win7-32 test. Fixes: 2707e4446688 ("drm/i915/gvt: vGPU graphics memory virtualization") Signed-off-by: Zhi Wang <zhi.a.wang(a)intel.com> CC: Stable <stable(a)vger.kernel.org> --- drivers/gpu/drm/i915/gvt/gtt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index c4f752e..a529d2b 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.c +++ b/drivers/gpu/drm/i915/gvt/gtt.c @@ -1410,12 +1410,15 @@ static int ppgtt_handle_guest_write_page_table_bytes( return ret; } else { if (!test_bit(index, spt->post_shadow_bitmap)) { + int type = spt->shadow_page.type; + ppgtt_get_shadow_entry(spt, &se, index); ret = ppgtt_handle_guest_entry_removal(gpt, &se, index); if (ret) return ret; + ops->set_pfn(&se, vgpu->gtt.scratch_pt[type].page_mfn); + ppgtt_set_shadow_entry(spt, &se, index); } - ppgtt_set_post_shadow(spt, index); } -- 2.7.4

6 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH] x86/mm: Set MODULES_END to 0xffffffffff000000

by Andrey Ryabinin

Since f06bdd4001c2 ("x86/mm: Adapt MODULES_END based on fixmap section size") kasan_mem_to_shadow(MODULES_END) could be not aligned to a page boundary. So passing page unaligned address to kasan_populate_zero_shadow() have two possible effects: 1) It may leave one page hole in supposed to be populated area. After commit 21506525fb8d ("x86/kasan/64: Teach KASAN about the cpu_entry_area") that hole happens to be in the shadow covering fixmap area and leads to crash: BUG: unable to handle kernel paging request at fffffbffffe8ee04 RIP: 0010:check_memory_region+0x5c/0x190 Call Trace: <NMI> memcpy+0x1f/0x50 ghes_copy_tofrom_phys+0xab/0x180 ghes_read_estatus+0xfb/0x280 ghes_notify_nmi+0x2b2/0x410 nmi_handle+0x115/0x2c0 default_do_nmi+0x57/0x110 do_nmi+0xf8/0x150 end_repeat_nmi+0x1a/0x1e Note, the crash likely disappeared after commit 92a0f81d8957, which changed kasan_populate_zero_shadow() call the way it was before commit 21506525fb8d. 2) Attempt to load module near MODULES_END will fail, because __vmalloc_node_range() called from kasan_module_alloc() will hit the WARN_ON(!pte_none(*pte)) in the vmap_pte_range() and bail out with error. To fix this we need to make kasan_mem_to_shadow(MODULES_END) page aligned which means that MODULES_END should be 8*PAGE_SIZE aligned. The whole point of commit f06bdd4001c2 was to move MODULES_END down if NR_CPUS is big, so the cpu_entry_area takes a lot of space. But since 92a0f81d8957 ("x86/cpu_entry_area: Move it out of the fixmap") the cpu_entry_area is no longer in fixmap, so we could just set MODULES_END to a fixed 8*PAGE_SIZE aligned address. Reported-by: Jakub Kicinski <kubakici(a)wp.pl> Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: <stable(a)vger.kernel.org> # 4.14 --- Documentation/x86/x86_64/mm.txt | 5 +---- arch/x86/include/asm/pgtable_64_types.h | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt index 51101708a03a..60a0fa2bc01f 100644 --- a/Documentation/x86/x86_64/mm.txt +++ b/Documentation/x86/x86_64/mm.txt @@ -42,7 +42,7 @@ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space ... unused hole ... ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 -ffffffffa0000000 - [fixmap start] (~1526 MB) module mapping space +ffffffffa0000000 - fffffffffeffffff (1520 MB) module mapping space [fixmap start] - ffffffffff5fffff kernel-internal fixmap range ffffffffff600000 - ffffffffff600fff (=4 kB) legacy vsyscall ABI ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole @@ -66,9 +66,6 @@ memory window (this size is arbitrary, it can be raised later if needed). The mappings are not part of any other kernel PGD and are only available during EFI runtime calls. -The module mapping space size changes based on the CONFIG requirements for the -following fixmap section. - Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all physical memory, vmalloc/ioremap space and virtual memory map are randomized. Their order is preserved but their base will be offset early at boot time. diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 3d27831bc58d..ed2da4e7f259 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -100,7 +100,7 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) /* The module sections ends with the start of the fixmap */ -#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) +#define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) #define ESPFIX_PGD_ENTRY _AC(-2, UL) -- 2.13.6

6 years, 10 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] x86, nmi, dumpstack: Fix panic when syscall interruptted by nmi

by Andy Lutomirski

On Tue, Dec 26, 2017 at 1:11 AM, 王元良 <yuanliang.wyl(a)alibaba-inc.com> wrote: > To Andy and josh： > > Forgive me for not expressing clearly， The context is that we encountered > hundreds of this panic in stable kernel, and hope this change can be merged > into the stable branch linux-3.16.y > > Regards, > Yuanliang Wang > You could try to backport the upstream fix to 3.16. Josh or I could review it. --Andy

6 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH rdma-rc 1/4] RDMA/core: Enforce requirement to hold lists_rwsem semaphore

by Leon Romanovsky

From: Leon Romanovsky <leonro(a)mellanox.com> Add comment and run time check to the __ib_device_get_by_index() function to remind that the caller should hold lists_rwsem semaphore. Cc: <stable(a)vger.kernel.org> # v4.13 Fixes: ecc82c53f9a4 ("RDMA/core: Add and expose static device index") Reviewed-by: Mark Bloch <markb(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> --- drivers/infiniband/core/device.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c index 30914f3baa5f..3aeaf11d0a83 100644 --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -134,10 +134,15 @@ static int ib_device_check_mandatory(struct ib_device *device) return 0; } +/* + * Caller to this function should hold lists_rwsem + */ struct ib_device *__ib_device_get_by_index(u32 index) { struct ib_device *device; + WARN_ON_ONCE(!rwsem_is_locked(&lists_rwsem)); + list_for_each_entry(device, &device_list, core_list) if (device->index == index) return device; @@ -526,8 +531,8 @@ int ib_register_device(struct ib_device *device, if (!add_client_context(device, client) && client->add) client->add(device); - device->index = __dev_new_index(); down_write(&lists_rwsem); + device->index = __dev_new_index(); list_add_tail(&device->core_list, &device_list); up_write(&lists_rwsem); mutex_unlock(&device_mutex); -- 2.15.1

6 years, 10 months

2
1
0 0

[Linux-stable-mirror] Patch "bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ben(a)decadent.org.uk Wed Dec 27 21:04:06 2017 From: Ben Hutchings <ben(a)decadent.org.uk> Date: Sat, 23 Dec 2017 02:26:17 +0000 Subject: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN To: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org, netdev(a)vger.kernel.org, Edward Cree <ecree(a)solarflare.com>, Jann Horn <jannh(a)google.com>, Alexei Starovoitov <ast(a)kernel.org> Message-ID: <20171223022617.GO2971(a)decadent.org.uk> Content-Disposition: inline From: Ben Hutchings <ben(a)decadent.org.uk> An UNKNOWN_VALUE is not supposed to be derived from a pointer, unless pointer leaks are allowed. Therefore, states_equal() must not treat a state with a pointer in a register as "equal" to a state with an UNKNOWN_VALUE in that register. This was fixed differently upstream, but the code around here was largely rewritten in 4.14 by commit f1174f77b50c "bpf/verifier: rework value tracking". The bug can be detected by the bpf/verifier sub-test "pointer/scalar confusion in state equality check (way 1)". Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> Cc: Edward Cree <ecree(a)solarflare.com> Cc: Jann Horn <jannh(a)google.com> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Daniel Borkmann <daniel(a)iogearbox.net> --- kernel/bpf/verifier.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2722,11 +2722,12 @@ static bool states_equal(struct bpf_veri /* If we didn't map access then again we don't care about the * mismatched range values and it's ok if our old type was - * UNKNOWN and we didn't go to a NOT_INIT'ed reg. + * UNKNOWN and we didn't go to a NOT_INIT'ed or pointer reg. */ if (rold->type == NOT_INIT || (!varlen_map_access && rold->type == UNKNOWN_VALUE && - rcur->type != NOT_INIT)) + rcur->type != NOT_INIT && + !__is_pointer_value(env->allow_ptr_leaks, rcur))) continue; /* Don't care about the reg->id in this case. */ Patches currently in stable-queue which might be from ben(a)decadent.org.uk are queue-4.9/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch

6 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH V1 0/1] Fix kernel panic caused by device ID duplication presented to the IOMMU

by Tomasz Nowicki

Here is my lspci output of ThunderX2 for which I am observing kernel panic coming from SMMUv3 driver -> arm_smmu_write_strtab_ent() -> BUG_ON(ste_live): # lspci -vt -[0000:00]-+-00.0-[01-1f]--+ [...] + [...] \-00.0-[1e-1f]----00.0-[1f]----00.0 ASPEED Technology, Inc. ASPEED Graphics Family ASP device -> 1f:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family PCI-Express to PCI/PCI-X Bridge -> 1e:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge While setting up ASP device SID in IORT dirver: iort_iommu_configure() -> pci_for_each_dma_alias() we need to walk up and iterate over each device which alias transaction from downstream devices. AST device (1f:00.0) gets BDF=0x1f00 and corresponding SID=0x1f00 from IORT. Bridge (1e:00.0) is the first alias. Following PCI Express to PCI/PCI-X Bridge spec: PCIe-to-PCI/X bridges alias transactions from downstream devices using the subordinate bus number. For bridge (1e:00.0), the subordinate is equal to 0x1f. This gives BDF=0x1f00 and SID=1f00 which is the same as downstream device. So it is possible to have two identical SIDs. The question is what we should do about such case. Presented patch prevents from registering the same ID so that SMMUv3 is not complaining later on. Tomasz Nowicki (1): iommu: Make sure device's ID array elements are unique drivers/iommu/iommu.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) -- 2.7.4

6 years, 10 months

5
7
0 0

[Linux-stable-mirror] [PATCH 5/5] tracing: Fix possible double free on failure of allocating trace buffer

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Jing Xia and Chunyan Zhang reported that on failing to allocate part of the tracing buffer, memory is freed, but the pointers that point to them are not initialized back to NULL, and later paths may try to free the freed memory again. Jing and Chunyan fixed one of the locations that does this, but missed a spot. Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com Cc: stable(a)vger.kernel.org Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code") Reported-by: Jing Xia <jing.xia(a)spreadtrum.com> Reported-by: Chunyan Zhang <chunyan.zhang(a)spreadtrum.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 0e53d46544b8..2a8d8a294345 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -7580,6 +7580,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size buf->data = alloc_percpu(struct trace_array_cpu); if (!buf->data) { ring_buffer_free(buf->buffer); + buf->buffer = NULL; return -ENOMEM; } -- 2.13.2

6 years, 10 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4/5] tracing: Fix crash when it fails to alloc ring buffer

by Steven Rostedt

From: Jing Xia <jing.xia(a)spreadtrum.com> Double free of the ring buffer happens when it fails to alloc new ring buffer instance for max_buffer if TRACER_MAX_TRACE is configured. The root cause is that the pointer is not set to NULL after the buffer is freed in allocate_trace_buffers(), and the freeing of the ring buffer is invoked again later if the pointer is not equal to Null, as: instance_mkdir() |-allocate_trace_buffers() |-allocate_trace_buffer(tr, &tr->trace_buffer...) |-allocate_trace_buffer(tr, &tr->max_buffer...) // allocate fail(-ENOMEM),first free // and the buffer pointer is not set to null |-ring_buffer_free(tr->trace_buffer.buffer) // out_free_tr |-free_trace_buffers() |-free_trace_buffer(&tr->trace_buffer); //if trace_buffer is not null, free again |-ring_buffer_free(buf->buffer) |-rb_free_cpu_buffer(buffer->buffers[cpu]) // ring_buffer_per_cpu is null, and // crash in ring_buffer_per_cpu->pages Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com Cc: stable(a)vger.kernel.org Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code") Signed-off-by: Jing Xia <jing.xia(a)spreadtrum.com> Signed-off-by: Chunyan Zhang <chunyan.zhang(a)spreadtrum.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 73652d5318b2..0e53d46544b8 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -7603,7 +7603,9 @@ static int allocate_trace_buffers(struct trace_array *tr, int size) allocate_snapshot ? size : 1); if (WARN_ON(ret)) { ring_buffer_free(tr->trace_buffer.buffer); + tr->trace_buffer.buffer = NULL; free_percpu(tr->trace_buffer.data); + tr->trace_buffer.data = NULL; return -ENOMEM; } tr->allocated_snapshot = allocate_snapshot; -- 2.13.2

6 years, 10 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2017