March 2018 - Linux-stable-mirror

Patch "NFS: don't try to cross a mountpount when there isn't one there." has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled NFS: don't try to cross a mountpount when there isn't one there. to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfs-don-t-try-to-cross-a-mountpount-when-there-isn-t-one-there.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: NeilBrown <neilb(a)suse.com> Date: Wed, 15 Mar 2017 12:40:44 +1100 Subject: NFS: don't try to cross a mountpount when there isn't one there. From: NeilBrown <neilb(a)suse.com> [ Upstream commit 99bbf6ecc694dfe0b026e15359c5aa2a60b97a93 ] consider the sequence of commands: mkdir -p /import/nfs /import/bind /import/etc mount --bind / /import/bind mount --make-private /import/bind mount --bind /import/etc /import/bind/etc exportfs -o rw,no_root_squash,crossmnt,async,no_subtree_check localhost:/ mount -o vers=4 localhost:/ /import/nfs ls -l /import/nfs/etc You would not expect this to report a stale file handle. Yet it does. The manipulations under /import/bind cause the dentry for /etc to get the DCACHE_MOUNTED flag set, even though nothing is mounted on /etc. This causes nfsd to call nfsd_cross_mnt() even though there is no mountpoint. So an upcall to mountd for "/etc" is performed. The 'crossmnt' flag on the export of / causes mountd to report that /etc is exported as it is a descendant of /. It assumes the kernel wouldn't ask about something that wasn't a mountpoint. The filehandle returned identifies the filesystem and the inode number of /etc. When this filehandle is presented to rpc.mountd, via "nfsd.fh", the inode cannot be found associated with any name in /etc/exports, or with any mountpoint listed by getmntent(). So rpc.mountd says the filehandle doesn't exist. Hence ESTALE. This is fixed by teaching nfsd not to trust DCACHE_MOUNTED too much. It is just a hint, not a guarantee. Change nfsd_mountpoint() to return '1' for a certain mountpoint, '2' for a possible mountpoint, and 0 otherwise. Then change nfsd_crossmnt() to check if follow_down() actually found a mountpount and, if not, to avoid performing a lookup if the location is not known to certainly require an export-point. Signed-off-by: NeilBrown <neilb(a)suse.com> Signed-off-by: J. Bruce Fields <bfields(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/nfsd/vfs.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -94,6 +94,12 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, s err = follow_down(&path); if (err < 0) goto out; + if (path.mnt == exp->ex_path.mnt && path.dentry == dentry && + nfsd_mountpoint(dentry, exp) == 2) { + /* This is only a mountpoint in some other namespace */ + path_put(&path); + goto out; + } exp2 = rqst_exp_get_by_name(rqstp, &path); if (IS_ERR(exp2)) { @@ -167,16 +173,26 @@ static int nfsd_lookup_parent(struct svc /* * For nfsd purposes, we treat V4ROOT exports as though there was an * export at *every* directory. + * We return: + * '1' if this dentry *must* be an export point, + * '2' if it might be, if there is really a mount here, and + * '0' if there is no chance of an export point here. */ int nfsd_mountpoint(struct dentry *dentry, struct svc_export *exp) { - if (d_mountpoint(dentry)) + if (!d_inode(dentry)) + return 0; + if (exp->ex_flags & NFSEXP_V4ROOT) return 1; if (nfsd4_is_junction(dentry)) return 1; - if (!(exp->ex_flags & NFSEXP_V4ROOT)) - return 0; - return d_inode(dentry) != NULL; + if (d_mountpoint(dentry)) + /* + * Might only be a mountpoint in a different namespace, + * but we need to check. + */ + return 2; + return 0; } __be32 Patches currently in stable-queue which might be from neilb(a)suse.com are queue-4.9/dm-ensure-bio-submission-follows-a-depth-first-tree-walk.patch queue-4.9/md-raid10-wait-up-frozen-array-in-handle_write_completed.patch queue-4.9/nfs-don-t-try-to-cross-a-mountpount-when-there-isn-t-one-there.patch queue-4.9/md-raid10-skip-spare-disk-as-first-disk.patch

6 years, 9 months

1
0
0 0

Patch "netvsc: Deal with rescinded channels correctly" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netvsc: Deal with rescinded channels correctly to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netvsc-deal-with-rescinded-channels-correctly.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: "K. Y. Srinivasan" <kys(a)microsoft.com> Date: Wed, 19 Apr 2017 13:53:49 -0700 Subject: netvsc: Deal with rescinded channels correctly From: "K. Y. Srinivasan" <kys(a)microsoft.com> [ Upstream commit 73e64fa4f417b22d8d5521999a631ced8e2d442e ] We will not be able to send packets over a channel that has been rescinded. Make necessary adjustments so we can properly cleanup even when the channel is rescinded. This issue can be trigerred in the NIC hot-remove path. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/hyperv/netvsc.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -151,6 +151,13 @@ static void netvsc_destroy_buf(struct hv sizeof(struct nvsp_message), (unsigned long)revoke_packet, VM_PKT_DATA_INBAND, 0); + /* If the failure is because the channel is rescinded; + * ignore the failure since we cannot send on a rescinded + * channel. This would allow us to properly cleanup + * even when the channel is rescinded. + */ + if (device->channel->rescind) + ret = 0; /* * If we failed here, we might as well return and * have a leak rather than continue and a bugchk @@ -211,6 +218,15 @@ static void netvsc_destroy_buf(struct hv sizeof(struct nvsp_message), (unsigned long)revoke_packet, VM_PKT_DATA_INBAND, 0); + + /* If the failure is because the channel is rescinded; + * ignore the failure since we cannot send on a rescinded + * channel. This would allow us to properly cleanup + * even when the channel is rescinded. + */ + if (device->channel->rescind) + ret = 0; + /* If we failed here, we might as well return and * have a leak rather than continue and a bugchk */ Patches currently in stable-queue which might be from kys(a)microsoft.com are queue-4.9/netvsc-deal-with-rescinded-channels-correctly.patch

6 years, 9 months

1
0
0 0

Patch "netfilter: xt_CT: fix refcnt leak on error path" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: xt_CT: fix refcnt leak on error path to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-xt_ct-fix-refcnt-leak-on-error-path.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: Gao Feng <fgao(a)ikuai8.com> Date: Fri, 14 Apr 2017 10:00:08 +0800 Subject: netfilter: xt_CT: fix refcnt leak on error path From: Gao Feng <fgao(a)ikuai8.com> [ Upstream commit 470acf55a021713869b9bcc967268ac90c8a0fac ] There are two cases which causes refcnt leak. 1. When nf_ct_timeout_ext_add failed in xt_ct_set_timeout, it should free the timeout refcnt. Now goto the err_put_timeout error handler instead of going ahead. 2. When the time policy is not found, we should call module_put. Otherwise, the related cthelper module cannot be removed anymore. It is easy to reproduce by typing the following command: # iptables -t raw -A OUTPUT -p tcp -j CT --helper ftp --timeout xxx Signed-off-by: Gao Feng <fgao(a)ikuai8.com> Signed-off-by: Liping Zhang <zlpnobody(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/xt_CT.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -168,8 +168,10 @@ xt_ct_set_timeout(struct nf_conn *ct, co goto err_put_timeout; } timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC); - if (timeout_ext == NULL) + if (!timeout_ext) { ret = -ENOMEM; + goto err_put_timeout; + } rcu_read_unlock(); return ret; @@ -201,6 +203,7 @@ static int xt_ct_tg_check(const struct x struct xt_ct_target_info_v1 *info) { struct nf_conntrack_zone zone; + struct nf_conn_help *help; struct nf_conn *ct; int ret = -EOPNOTSUPP; @@ -249,7 +252,7 @@ static int xt_ct_tg_check(const struct x if (info->timeout[0]) { ret = xt_ct_set_timeout(ct, par, info->timeout); if (ret < 0) - goto err3; + goto err4; } __set_bit(IPS_CONFIRMED_BIT, &ct->status); nf_conntrack_get(&ct->ct_general); @@ -257,6 +260,10 @@ out: info->ct = ct; return 0; +err4: + help = nfct_help(ct); + if (help) + module_put(help->helper->me); err3: nf_ct_tmpl_free(ct); err2: Patches currently in stable-queue which might be from fgao(a)ikuai8.com are queue-4.9/netfilter-xt_ct-fix-refcnt-leak-on-error-path.patch

6 years, 9 months

1
0
0 0

Patch "netfilter: x_tables: unlock on error in xt_find_table_lock()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: x_tables: unlock on error in xt_find_table_lock() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-x_tables-unlock-on-error-in-xt_find_table_lock.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Fri, 28 Apr 2017 15:57:56 +0300 Subject: netfilter: x_tables: unlock on error in xt_find_table_lock() From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit 7dde07e9c53617549d67dd3e1d791496d0d3868e ] According to my static checker we should unlock here before the return. That seems reasonable to me as well. Fixes" b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Acked-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/x_tables.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1006,8 +1006,10 @@ struct xt_table *xt_find_table_lock(stru list_for_each_entry(t, &init_net.xt.tables[af], list) { if (strcmp(t->name, name)) continue; - if (!try_module_get(t->me)) + if (!try_module_get(t->me)) { + mutex_unlock(&xt[af].mutex); return NULL; + } mutex_unlock(&xt[af].mutex); if (t->table_init(net) != 0) { Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.9/netfilter-x_tables-unlock-on-error-in-xt_find_table_lock.patch queue-4.9/asoc-intel-skylake-uninitialized-variable-in-probe_codec.patch queue-4.9/mmc-host-omap_hsmmc-checking-for-null-instead-of-is_err.patch queue-4.9/qed-unlock-on-error-in-qed_vf_pf_acquire.patch queue-4.9/hsi-ssi_protocol-double-free-in-ssip_pn_xmit.patch queue-4.9/cifs-small-underflow-in-cnvrtdosunixtm.patch queue-4.9/ib-rdmavt-restore-irqs-on-error-path-in-rvt_create_ah.patch

6 years, 9 months

1
0
0 0

Patch "netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nft_dynset-continue-to-next-expr-if-_op_add-succeeded.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: Liping Zhang <zlpnobody(a)gmail.com> Date: Sun, 23 Apr 2017 18:29:30 +0800 Subject: netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded From: Liping Zhang <zlpnobody(a)gmail.com> [ Upstream commit 277a292835c196894ef895d5e1fd6170bb916f55 ] Currently, after adding the following nft rules: # nft add set x target1 { type ipv4_addr \; flags timeout \;} # nft add rule x y set add ip daddr timeout 1d @target1 counter the counters will always be zero despite of the elements are added to the dynamic set "target1" or not, as we will break the nft expr traversal unconditionally: # nft list ruleset ... set target1 { ... elements = { 8.8.8.8 expires 23h59m53s} } chain output { ... set add ip daddr timeout 1d @target1 counter packets 0 bytes 0 ^ ^ ... } Since we add the elements to the set successfully, we should continue to the next expression. Additionally, if elements are added to "flow table" successfully, we will _always_ continue to the next expr, even if the operation is _OP_ADD. So it's better to keep them to be consistent. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Reported-by: Robert White <rwhite(a)pobox.com> Signed-off-by: Liping Zhang <zlpnobody(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nft_dynset.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -82,8 +82,7 @@ static void nft_dynset_eval(const struct nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { timeout = priv->timeout ? : set->timeout; *nft_set_ext_expiration(ext) = jiffies + timeout; - } else if (sexpr == NULL) - goto out; + } if (sexpr != NULL) sexpr->ops->eval(sexpr, regs, pkt); @@ -92,7 +91,7 @@ static void nft_dynset_eval(const struct regs->verdict.code = NFT_BREAK; return; } -out: + if (!priv->invert) regs->verdict.code = NFT_BREAK; } Patches currently in stable-queue which might be from zlpnobody(a)gmail.com are queue-4.9/netfilter-nf_ct_helper-permit-cthelpers-with-different-names-via-nfnetlink.patch queue-4.9/netfilter-xt_ct-fix-refcnt-leak-on-error-path.patch queue-4.9/netfilter-nft_dynset-continue-to-next-expr-if-_op_add-succeeded.patch

6 years, 9 months

1
0
0 0

Patch "netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_ct_helper-permit-cthelpers-with-different-names-via-nfnetlink.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: Liping Zhang <zlpnobody(a)gmail.com> Date: Sat, 15 Apr 2017 19:27:42 +0800 Subject: netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink From: Liping Zhang <zlpnobody(a)gmail.com> [ Upstream commit 66e5a6b18bd09d0431e97cd3c162e76c5c2aebba ] cthelpers added via nfnetlink may have the same tuple, i.e. except for the l3proto and l4proto, other fields are all zero. So even with the different names, we will also fail to add them: # nfct helper add ssdp inet udp # nfct helper add tftp inet udp nfct v1.4.3: netlink error: File exists So in order to avoid unpredictable behaviour, we should: 1. cthelpers can be selected by nft ct helper obj or xt_CT target, so report error if duplicated { name, l3proto, l4proto } tuple exist. 2. cthelpers can be selected by nf_ct_tuple_src_mask_cmp when nf_ct_auto_assign_helper is enabled, so also report error if duplicated { l3proto, l4proto, src-port } tuple exist. Also note, if the cthelper is added from userspace, then the src-port will always be zero, it's invalid for nf_ct_auto_assign_helper, so there's no need to check the second point listed above. Fixes: 893e093c786c ("netfilter: nf_ct_helper: bail out on duplicated helpers") Signed-off-by: Liping Zhang <zlpnobody(a)gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netfilter/nf_conntrack_helper.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -379,17 +379,33 @@ int nf_conntrack_helper_register(struct struct nf_conntrack_tuple_mask mask = { .src.u.all = htons(0xFFFF) }; unsigned int h = helper_hash(&me->tuple); struct nf_conntrack_helper *cur; - int ret = 0; + int ret = 0, i; BUG_ON(me->expect_policy == NULL); BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES); BUG_ON(strlen(me->name) > NF_CT_HELPER_NAME_LEN - 1); mutex_lock(&nf_ct_helper_mutex); - hlist_for_each_entry(cur, &nf_ct_helper_hash[h], hnode) { - if (nf_ct_tuple_src_mask_cmp(&cur->tuple, &me->tuple, &mask)) { - ret = -EEXIST; - goto out; + for (i = 0; i < nf_ct_helper_hsize; i++) { + hlist_for_each_entry(cur, &nf_ct_helper_hash[i], hnode) { + if (!strcmp(cur->name, me->name) && + (cur->tuple.src.l3num == NFPROTO_UNSPEC || + cur->tuple.src.l3num == me->tuple.src.l3num) && + cur->tuple.dst.protonum == me->tuple.dst.protonum) { + ret = -EEXIST; + goto out; + } + } + } + + /* avoid unpredictable behaviour for auto_assign_helper */ + if (!(me->flags & NF_CT_HELPER_F_USERSPACE)) { + hlist_for_each_entry(cur, &nf_ct_helper_hash[h], hnode) { + if (nf_ct_tuple_src_mask_cmp(&cur->tuple, &me->tuple, + &mask)) { + ret = -EEXIST; + goto out; + } } } hlist_add_head_rcu(&me->hnode, &nf_ct_helper_hash[h]); Patches currently in stable-queue which might be from zlpnobody(a)gmail.com are queue-4.9/netfilter-nf_ct_helper-permit-cthelpers-with-different-names-via-nfnetlink.patch queue-4.9/netfilter-xt_ct-fix-refcnt-leak-on-error-path.patch queue-4.9/netfilter-nft_dynset-continue-to-next-expr-if-_op_add-succeeded.patch

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c426a717c3c633c743bfa84af902012aa84063f4: Linux 4.9.85 (2018-02-28 10:18:34 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-19032018 for you to fetch changes up to 7c02023d2c1b441194845e771e780b0471d3f311: dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (2018-03-03 14:38:51 -0500) - ---------------------------------------------------------------- for-greg-4.9-19032018 - ---------------------------------------------------------------- Abel Vesa (1): ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER Adam Borowski (1): btrfs: fix a bogus warning when converting only data or metadata Alexandre Belloni (1): rtc: ac100: Fix multiple race conditions Alexey Kardashevskiy (3): vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check vfio/spapr_tce: Check kzalloc() return when preregistering memory KVM: PPC: Book3S PR: Exit KVM on failed mapping Alexey Khoroshilov (1): sm501fb: don't return zero on failure path in sm501fb_start() Alexey Kodanev (1): ip6_vti: adjust vti mtu according to mtu of lower device Anton Vasilyev (1): RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS Arnd Bergmann (1): cros_ec: fix nul-termination for firmware build info Artemy Kovalyov (1): IB/umem: Fix use of npages/nmap fields Balaji Pothunoori (1): ath10k: handling qos at STA side based on AP WMM enable/disable Baoquan He (1): x86/KASLR: Fix kexec kernel boot crash when KASLR randomization fails Benjamin Coddington (2): NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete() nfsd4: permit layoutget of executable-only files Bernd Faust (1): e1000e: fix timing for 82579 Gigabit Ethernet controller Bharat Kumar Reddy Gooty (1): clk: ns2: Correct SDIO bits Bharat Potnuri (1): iser-target: avoid reinitializing rdma contexts for isert commands Bjorn Helgaas (1): vgacon: Set VGA struct resource types BjÃ¸rn Mork (1): qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect Brian King (1): ibmvnic: Disable irq prior to close Brian Norris (2): mwifiex: don't leak 'chan_stats' on reset pinctrl: rockchip: enable clock when reading pin direction register Christophe JAILLET (1): media: bt8xx: Fix err 'bt878_probe()' Christophe Leroy (1): net: ethernet: ucc_geth: fix MEM_PART_MURAM mode Chuck Lever (1): xprtrdma: Cancel refresh worker during buffer shutdown Chunming Zhou (1): drm/amdgpu: fix gpu reset crash Colin Ian King (1): iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value Dan Carpenter (7): HSI: ssi_protocol: double free in ssip_pn_xmit() ASoC: Intel: Skylake: Uninitialized variable in probe_codec() mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() netfilter: x_tables: unlock on error in xt_find_table_lock() IB/rdmavt: restore IRQs on error path in rvt_create_ah() qed: Unlock on error in qed_vf_pf_acquire() cifs: small underflow in cnvrtDosUnixTm() Dan Williams (1): tools/testing/nvdimm: fix nfit_test shutdown crash Daniel Drake (1): mmc: avoid removing non-removable hosts during suspend David Ahern (1): net: ipv6: send unsolicited NA on admin up David Carrillo-Cisneros (1): perf session: Don't rely on evlist in pipe mode David Gibson (1): scsi: virtio_scsi: Always try to read VPD pages David Rientjes (1): mm, vmstat: suppress pcp stats for unpopulated zones in zoneinfo Dean Jenkins (3): Bluetooth: Avoid bt_accept_unlink() double unlinking Bluetooth: hci_ldisc: Add protocol check to hci_uart_dequeue() Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() Dedy Lansky (1): wil6210: fix memory access violation in wil_memcpy_from/toio_32 Deepa Dinamani (1): time: Change posix clocks ops interfaces to use timespec64 Dmitry Monakhov (1): tcm_fileio: Prevent information leak for short reads Dmitry Torokhov (1): Input: ar1021_i2c - fix too long name in driver's device table Dong Aisheng (1): regulator: anatop: set default voltage selector for pcie Edgar Cherkasov (1): i2c: i2c-scmi: add a MS HID Emil Tantilov (1): ixgbevf: fix size of queue stats length Emmanuel Grumbach (2): iwlwifi: split the handler and the wake parts of the notification infra mac80211: don't parse encrypted management frames in ieee80211_frame_acked Erez Shitrit (1): IB/ipoib: Avoid memory leak if the SA returns a different DGID Eric Dumazet (1): tcp: remove poll() flakes with FastOpen Feras Daoud (2): IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow IB/ipoib: Update broadcast object if PKey value was changed in index 0 Filipe Manana (3): Btrfs: fix incorrect space accounting after failure to insert inline extent Btrfs: send, fix file hole not being preserved due to inline extent Btrfs: fix extent map leak during fallocate error path Finn Thain (1): scsi: mac_esp: Replace bogus memory barrier with spinlock Florian Fainelli (1): pinctrl: Really force states during suspend/resume Ganapathi Bhat (1): mwifiex: Fix invalid port issue Gao Feng (1): netfilter: xt_CT: fix refcnt leak on error path Geert Uytterhoeven (1): RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() Guenter Roeck (1): watchdog: Fix potential kref imbalance when opening watchdog Guoqing Jiang (1): md/raid10: wait up frozen array in handle_write_completed Gustavo A. R. Silva (1): media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt H. Nikolaus Schaller (1): omapdrm: panel: fix compatible vendor string for td028ttec1 Hamad Kadmany (1): wil6210: fix protection against connections during reset Hannes Reinecke (1): scsi: sg: close race condition in sg_remove_sfp_usercontext() Hans de Goede (6): x86: i8259: export legacy_pic symbol rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs ACPI / PMIC: xpower: Fix power_table addresses power: supply: bq24190_charger: Add disable-reset device-property ACPI / power: Delay turning off unused power resources after suspend James Smart (2): Fix driver usage of 128B WQEs when WQ_CREATE is V1. Fix Express lane queue creation. Jan Kara (1): jbd2: Fix lockdep splat with generic/270 test Jarno Rajahalme (1): openvswitch: Delete conntrack entry clashing with an expectation. Jasmin J (1): [media] media/dvb-core: Race condition when writing to CAM Jerry Snitselaar (1): iommu/vt-d: clean up pr_irq if request_threaded_irq fails Jin Yao (1): perf evsel: Return exact sub event which failed with EPERM for wildcards Jiri Benc (1): vxlan: correctly handle ipv6.disable module parameter Joel Stanley (1): ARM: dts: aspeed-evb: Add unit name to memory node Johannes Berg (2): iwlwifi: mvm: fix RX SKB header size and align it properly mac80211_hwsim: use per-interface power level Johannes Thumshirn (2): scsi: sg: check for valid direction before starting the request IB/rxe: Don't clamp residual length to mtu Johannes Weiner (1): mm: fix check for reclaimable pages in PF_MEMALLOC reclaim throttling John Stultz (1): usb: dwc2: Make sure we disconnect the gadget state K. Y. Srinivasan (1): netvsc: Deal with rescinded channels correctly Kedareswara rao Appana (1): dmaengine: zynqmp_dma: Fix race condition in the probe Keerthy (1): mfd: palmas: Reset the POWERHOLD mux during power off Kim Phillips (1): perf tests kmod-path: Don't fail if compressed modules aren't supported Kishon Vijay Abraham I (1): ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP Kuppuswamy Sathyanarayanan (2): gpio: gpio-wcove: fix irq pending status bit width gpio: gpio-wcove: fix GPIO IRQ status mask Lars-Peter Clausen (1): clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() Laxman Dewangan (1): pwm: tegra: Increase precision in PWM rate calculation Liad Kaufman (1): iwlwifi: a000: fix memory offsets and lengths Liam Breck (1): power: supply: bq24190_charger: Limit over/under voltage fault logging Liping Zhang (2): netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded Logan Gunthorpe (1): drm/tilcdc: ensure nonatomic iowrite64 is not used Loic Poulain (2): Bluetooth: hci_qca: Avoid setup failure on missing rampatch Bluetooth: btqcomsmd: Fix skb double free corruption Lv Zheng (1): ACPICA: iasl: Fix IORT SMMU GSI disassembling Maarten Maathuis (1): platform/x86: intel-vbtn: add volume up and down Mahesh Bandewar (1): bonding: handle link transition from FAIL to UP correctly Maksim Salau (1): video: fbdev: udlfb: Fix buffer on stack Maor Gottlieb (4): IB/mlx4: Take write semaphore when changing the vma struct IB/mlx4: Change vma from shared to private IB/mlx5: Take write semaphore when changing the vma struct IB/mlx5: Change vma from shared to private Marek Vasut (1): spi: dw: Disable clock after unregistering the host Mario Kleiner (1): drm/nouveau/kms: Increase max retries in scanout position queries. Mark Rutland (1): drivers/perf: arm_pmu: handle no platform_device Martin Brandenburg (1): orangefs: do not wait for timeout if umounting Masami Hiramatsu (2): kprobes/x86: Fix kprobe-booster not to boost far call instructions kprobes/x86: Set kprobes pages read-only Michael Ellerman (1): powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() Michael Mera (1): ath10k: fix out of bounds access to local buffer Michael Scott (1): Bluetooth: 6lowpan: fix delay work init in add_peer_chan() Michael Trimarchi (1): power: supply: pda_power: move from timer to delayed_work Michal Hocko (1): oom: improve oom disable handling Mikhail Paulyshka (1): ALSA: hda - Fix headset microphone detection for ASUS N551 and N751 Ming Lei (1): mtip32xx: use runtime tag to initialize command header Mohammed Shafi Shajakhan (3): ath10k: fix compile time sanity check for CE4 buffer size ath: Fix updating radar flags for coutry code India mac80211: Fix possible sband related NULL pointer de-reference Moni Shoua (1): IB/mlx5: Set correct SL in completion for RoCE Moritz Fischer (2): rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL Naoya Horiguchi (1): mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page NeilBrown (2): NFS: don't try to cross a mountpount when there isn't one there. dm: ensure bio submission follows a depth-first tree walk Nicholas Piggin (1): powerpc/64s: Remove SAO feature from Power9 DD1 Oleksij Rempel (1): platform/x86: asus-wmi: try to set als by default Pan Bian (8): tipc: check return value of nlmsg_new wan: pc300too: abort path on failure qlcnic: fix unchecked return value mt7601u: check return value of alloc_skb libertas: check return value of alloc_workqueue rndis_wlan: add return value validation staging: wilc1000: fix unchecked return value power: supply: isp1704: Fix unchecked return value of devm_kzalloc Paolo Abeni (1): ipvs: explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled Parav Pandit (1): RDMA/cma: Use correct size when writing netlink stats Paul Burton (1): irqchip/mips-gic: Separate IPI reservation & usage tracking Peter Ujfalusi (1): drm/omap: DMM: Check for DMM readiness after successful transaction commit Peter Zijlstra (1): block/mq: Cure cpu hotplug lock inversion Pierre-Louis Bossart (1): ASoC: Intel: Atom: update Thinkpad 10 quirk Prakash Kamliya (1): drm/msm: fix leak in failed get_pages Rajendra Nayak (1): clk: qcom: msm8996: Fix the vfe1 powerdomain name Rask Ingemann Lambertsen (1): dt-bindings: mfd: axp20x: Add "xpowers,master-mode" property for AXP806 PMICs Robert Lippert (1): ipmi/watchdog: fix wdog hang on panic waiting for ipmi response Robert Walker (1): coresight: Fix disabling of CoreSight TPIU Ron Economos (1): media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart Sahara (1): pty: cancel pty slave port buf's work in tty_release Sameer Wadgaonkar (1): staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y Santeri Toivonen (1): platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA Scott Wood (1): bnx2x: Align RX buffers Sebastian Reichel (1): Input: twl4030-pwrbutton - use correct device for irq request Sergei Trofimovich (1): ia64: fix module loading for gcc-5.4 Sergej Sawazki (1): clk: si5351: Rename internal plls to avoid name collisions Shaohua Li (1): md/raid10: skip spare disk as 'first' disk Shawn Nematbakhsh (1): platform/chrome: Use proper protocol transfer function Shrirang Bagul (1): iio: st_pressure: st_accel: Initialise sensor platform data properly Stefan Potyra (1): serial: 8250_dw: Disable clock on error Stephane Eranian (1): perf stat: Fix bug in handling events in error state Stephen Boyd (1): clk: Don't touch hardware when reparenting during registration Subhransu S. Prusty (1): ALSA: hda: Add Geminilake id to SKL_PLUS Suman Anna (1): iommu/omap: Register driver before setting IOMMU ops Tadeusz Struk (1): IB/hfi1: Fix softlockup issue Thomas Gleixner (3): ACPI/processor: Fix error handling in __acpi_processor_start() ACPI/processor: Replace racy task affinity logic cpufreq/sh: Replace racy task affinity logic Tiantian Feng (1): x86/reboot: Turn off KVM when halting a CPU Timmy Li (1): net: hns: fix ethtool_get_strings overflow in hns driver Trond Myklebust (2): pNFS: Fix use after free issues in pnfs_do_read() pNFS: Fix a deadlock when coalescing writes and returning the layout Tsang-Shian Lin (1): rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. Valentin Longchamp (1): soc/fsl/qe: round brg_freq to 1kHz granularity Vignesh R (1): dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 Vitaly Kuznetsov (1): x86/xen: split xen_smp_prepare_boot_cpu() Vlad Tsyrklevich (1): infiniband/uverbs: Fix integer overflows Yuyang Du (1): usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() yangbo lu (1): mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a .../{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} | 4 +- Documentation/devicetree/bindings/mfd/axp20x.txt | 3 + arch/alpha/kernel/console.c | 1 + arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- arch/arm/kernel/ftrace.c | 11 +-- arch/arm/mach-omap2/clockdomains7xx_data.c | 2 +- arch/ia64/kernel/module.c | 4 +- arch/powerpc/include/asm/cputable.h | 3 +- arch/powerpc/kvm/book3s_64_mmu_host.c | 5 +- arch/powerpc/kvm/book3s_pr.c | 6 +- arch/powerpc/mm/tlb_nohash.c | 2 +- arch/x86/boot/compressed/kaslr.c | 11 ++- arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/kprobes/core.c | 6 ++ arch/x86/kernel/kprobes/opt.c | 3 + arch/x86/kernel/smp.c | 3 + arch/x86/xen/smp.c | 49 +++++++----- block/blk-mq.c | 4 +- drivers/acpi/pmic/intel_pmic_xpower.c | 50 ++++++------- drivers/acpi/power.c | 10 +++ drivers/acpi/processor_driver.c | 10 ++- drivers/acpi/processor_throttling.c | 62 +++++++++------- drivers/acpi/sleep.c | 1 + drivers/acpi/sleep.h | 1 + drivers/block/mtip32xx/mtip32xx.c | 36 ++++++--- drivers/bluetooth/btqcomsmd.c | 3 +- drivers/bluetooth/hci_ldisc.c | 11 ++- drivers/bluetooth/hci_qca.c | 3 + drivers/char/ipmi/ipmi_watchdog.c | 8 +- drivers/clk/bcm/clk-ns2.c | 2 +- drivers/clk/clk-axi-clkgen.c | 29 ++++++-- drivers/clk/clk-si5351.c | 2 +- drivers/clk/clk.c | 7 +- drivers/clk/qcom/mmcc-msm8996.c | 2 +- drivers/cpufreq/sh-cpufreq.c | 45 ++++++----- drivers/dma/ti-dma-crossbar.c | 10 ++- drivers/dma/xilinx/zynqmp_dma.c | 3 +- drivers/gpio/gpio-wcove.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +- drivers/gpu/drm/msm/msm_gem.c | 14 +++- drivers/gpu/drm/nouveau/nouveau_display.c | 2 +- .../drm/omapdrm/displays/panel-tpo-td028ttec1.c | 3 + drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 5 ++ drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +- drivers/hsi/clients/ssi_protocol.c | 5 +- drivers/hwtracing/coresight/coresight-tpiu.c | 13 +++- drivers/i2c/busses/i2c-scmi.c | 4 + drivers/iio/accel/st_accel_core.c | 7 +- .../iio/common/hid-sensors/hid-sensor-attributes.c | 4 +- drivers/iio/pressure/st_pressure_core.c | 8 +- drivers/infiniband/core/cma.c | 2 +- drivers/infiniband/core/iwpm_util.c | 1 + drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 13 +++- drivers/infiniband/hw/hfi1/chip.c | 86 +++++++++++++--------- drivers/infiniband/hw/hfi1/hfi.h | 7 +- drivers/infiniband/hw/hfi1/init.c | 2 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/infiniband/hw/mlx5/cq.c | 19 ++++- drivers/infiniband/hw/mlx5/main.c | 5 +- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/infiniband/sw/rdmavt/ah.c | 2 +- drivers/infiniband/sw/rxe/rxe_resp.c | 2 - drivers/infiniband/ulp/ipoib/ipoib_ib.c | 13 ++++ drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 ++++ drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 11 ++- drivers/infiniband/ulp/isert/ib_isert.c | 7 ++ drivers/infiniband/ulp/isert/ib_isert.h | 1 + drivers/input/misc/twl4030-pwrbutton.c | 2 +- drivers/input/touchscreen/ar1021_i2c.c | 2 +- drivers/iommu/intel-svm.c | 9 ++- drivers/iommu/omap-iommu.c | 21 +++++- drivers/irqchip/irq-mips-gic.c | 12 +-- drivers/md/dm.c | 33 ++++++--- drivers/md/raid10.c | 6 ++ drivers/media/dvb-core/dvb_ca_en50221.c | 23 ++++++ drivers/media/dvb-frontends/si2168.c | 3 + drivers/media/pci/bt8xx/bt878.c | 3 +- .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 4 +- drivers/mfd/palmas.c | 14 ++++ drivers/mmc/core/core.c | 8 ++ drivers/mmc/host/omap_hsmmc.c | 4 +- drivers/mmc/host/sdhci-of-esdhc.c | 14 ++++ drivers/net/bonding/bond_main.c | 3 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 + drivers/net/ethernet/freescale/ucc_geth.c | 8 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- .../net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 18 +++++ drivers/net/ethernet/intel/e1000e/netdev.c | 6 ++ drivers/net/ethernet/intel/ixgbevf/ethtool.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 2 + drivers/net/hyperv/netvsc.c | 16 ++++ drivers/net/usb/qmi_wwan.c | 4 +- drivers/net/vxlan.c | 10 ++- drivers/net/wan/pc300too.c | 1 + drivers/net/wireless/ath/ath10k/ce.c | 2 +- drivers/net/wireless/ath/ath10k/debug.c | 16 ++-- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/ath/regd.c | 19 +++-- drivers/net/wireless/ath/wil6210/main.c | 20 ++++- drivers/net/wireless/ath/wil6210/wmi.c | 11 ++- drivers/net/wireless/intel/iwlwifi/iwl-a000.c | 6 +- .../net/wireless/intel/iwlwifi/iwl-notif-wait.c | 10 +-- .../net/wireless/intel/iwlwifi/iwl-notif-wait.h | 25 +++++-- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 18 ++++- drivers/net/wireless/mac80211_hwsim.c | 9 +-- drivers/net/wireless/marvell/libertas/if_spi.c | 5 ++ drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 4 +- drivers/net/wireless/mediatek/mt7601u/mcu.c | 10 ++- drivers/net/wireless/realtek/rtlwifi/pci.c | 7 ++ drivers/net/wireless/rndis_wlan.c | 4 + drivers/perf/arm_pmu.c | 12 ++- drivers/pinctrl/core.c | 24 ++++-- drivers/pinctrl/pinctrl-rockchip.c | 8 ++ drivers/platform/chrome/cros_ec_proto.c | 8 +- drivers/platform/chrome/cros_ec_sysfs.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 22 ++++++ drivers/platform/x86/asus-wmi.c | 12 +++ drivers/platform/x86/asus-wmi.h | 1 + drivers/platform/x86/intel-vbtn.c | 4 + drivers/power/supply/bq24190_charger.c | 10 ++- drivers/power/supply/isp1704_charger.c | 4 + drivers/power/supply/pda_power.c | 49 ++++++------ drivers/ptp/ptp_clock.c | 18 ++--- drivers/pwm/pwm-tegra.c | 7 +- drivers/regulator/anatop-regulator.c | 5 ++ drivers/rtc/rtc-ac100.c | 19 +++-- drivers/rtc/rtc-cmos.c | 17 ++++- drivers/rtc/rtc-ds1374.c | 10 ++- drivers/scsi/lpfc/lpfc_init.c | 6 +- drivers/scsi/lpfc/lpfc_sli.c | 3 + drivers/scsi/mac_esp.c | 33 ++++++--- drivers/scsi/sg.c | 58 +++++++++++---- drivers/scsi/virtio_scsi.c | 24 ++++++ drivers/soc/fsl/qe/qe.c | 13 ++++ drivers/spi/spi-dw-mmio.c | 2 +- drivers/staging/unisys/visorhba/visorhba_main.c | 8 +- drivers/staging/wilc1000/linux_mon.c | 2 + drivers/target/target_core_file.c | 23 ++++-- drivers/tty/serial/8250/8250_dw.c | 3 +- drivers/tty/sysrq.c | 2 +- drivers/tty/tty_io.c | 2 + drivers/usb/dwc2/hcd.c | 1 + drivers/usb/gadget/udc/dummy_hcd.c | 20 ++--- drivers/vfio/vfio_iommu_spapr_tce.c | 13 ++++ drivers/video/console/vgacon.c | 34 +++++++-- .../omap2/omapfb/displays/panel-tpo-td028ttec1.c | 3 + drivers/video/fbdev/sm501fb.c | 1 + drivers/video/fbdev/udlfb.c | 14 +++- drivers/watchdog/watchdog_dev.c | 6 +- fs/btrfs/file.c | 4 +- fs/btrfs/inode.c | 6 +- fs/btrfs/send.c | 23 +++++- fs/btrfs/volumes.c | 12 ++- fs/cifs/netmisc.c | 6 +- fs/jbd2/journal.c | 15 +++- fs/nfs/pagelist.c | 6 +- fs/nfs/pnfs.c | 18 +++-- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/vfs.c | 24 +++++- fs/orangefs/waitqueue.c | 9 ++- include/acpi/actbl2.h | 9 +++ include/linux/posix-clock.h | 10 +-- include/soc/fsl/qe/qe.h | 1 + kernel/irq/manage.c | 4 +- kernel/time/posix-clock.c | 34 ++++++--- mm/memory-failure.c | 8 ++ mm/oom_kill.c | 2 + mm/vmscan.c | 6 +- mm/vmstat.c | 20 +++-- net/bluetooth/6lowpan.c | 10 ++- net/bluetooth/af_bluetooth.c | 24 ++++++ net/ipv4/tcp_input.c | 16 ++-- net/ipv6/ip6_vti.c | 20 +++++ net/ipv6/ndisc.c | 2 + net/mac80211/cfg.c | 30 ++++---- net/mac80211/ibss.c | 6 +- net/mac80211/ieee80211_i.h | 36 +++++---- net/mac80211/mesh.c | 29 +++++--- net/mac80211/mesh_plink.c | 37 +++++++--- net/mac80211/mlme.c | 14 +++- net/mac80211/rate.c | 4 +- net/mac80211/sta_info.c | 13 +++- net/mac80211/status.c | 1 + net/mac80211/tdls.c | 29 +++++--- net/mac80211/tx.c | 5 +- net/mac80211/util.c | 6 +- net/netfilter/ipvs/ip_vs_ctl.c | 22 ++++-- net/netfilter/nf_conntrack_helper.c | 26 +++++-- net/netfilter/nft_dynset.c | 5 +- net/netfilter/x_tables.c | 4 +- net/netfilter/xt_CT.c | 11 ++- net/openvswitch/conntrack.c | 30 +++++++- net/sunrpc/xprtrdma/verbs.c | 1 + net/tipc/node.c | 2 + sound/pci/hda/hda_intel.c | 4 +- sound/pci/hda/patch_realtek.c | 12 ++- sound/soc/intel/atom/sst/sst_acpi.c | 16 +++- sound/soc/intel/skylake/skl.c | 2 +- tools/perf/builtin-stat.c | 12 ++- tools/perf/tests/kmod-path.c | 2 + tools/perf/util/evsel.c | 12 ++- tools/perf/util/session.c | 16 +++- tools/testing/nvdimm/test/nfit.c | 10 ++- 209 files changed, 1698 insertions(+), 602 deletions(-) rename Documentation/devicetree/bindings/display/panel/{toppoly,td028ttec1.txt => tpo,td028ttec1.txt} (84%) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJar9l6AAoJEN6mb/eXdyzcTIIP/A7cy/XhzZkFkwklC3m2pInZ eCXSQcEbZVWE+ET9qPkLxf6SO025RDK1s0IIG7PgP5htj/f8G/zZkIVHdK9TJnjq 2e5v0Veqr1ZEq7FInjo4KSZYaJ1q/T/UZFEutFx5eYllgNqLlvg5gqMllgQl6lM6 haR1Y2z1FLcknGWyEN62AFzZdV4UHvW2smGV3ELRXxzQCzNFhU9xSuSBKG8gFKAY J+L84FQIqpWnrajB7ZPwV/lbjzo3E2CHtIBLYHLj7mI6iY9KCKKYofFZ4HJ26FEB P/TnzeInwVywLXXWZqBSC5Pz2gVJf2HbXpmm1chu24WYUMvv9fJ/0xgl9OrSivRD nR2ELMS8JbJO55otfVvfvFYRpYAYNRTvjSslq77cpURaSBkWWOJDjRCDjv5yBf7G 8D+/EFhK+aERDU1HQdsgTy/Lx3/1COZIenOfXnAGxOx+YlqFzAXnGa88xC+Prgpr JXwM9ty8bt4u2dCzVW46/eWtrmWLLuNJAPGenYUIsJi0vh8Z1UYN2/8TIODLBm33 RQ51J0fyIGhIhXoYb41r0rWKnpe01f21t+m1X4OGsy7UCbzZHY3rCcEeeRhKnE1v Vo6CQPsF29RVMYKKtb/cEuMsjHsFGe5qm5USnbM20gYdDG7ywh+R8Iijzism1CG0 E3fq9ct3/SCgvWjZlnku =rr03 -----END PGP SIGNATURE-----

6 years, 9 months

2
1
0 0

Patch "net: ipv6: send unsolicited NA on admin up" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ipv6: send unsolicited NA on admin up to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-send-unsolicited-na-on-admin-up.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: David Ahern <dsa(a)cumulusnetworks.com> Date: Wed, 12 Apr 2017 11:49:04 -0700 Subject: net: ipv6: send unsolicited NA on admin up From: David Ahern <dsa(a)cumulusnetworks.com> [ Upstream commit 4a6e3c5def13c91adf2acc613837001f09af3baa ] ndisc_notify is the ipv6 equivalent to arp_notify. When arp_notify is set to 1, gratuitous arp requests are sent when the device is brought up. The same is expected when ndisc_notify is set to 1 (per ndisc_notify in Documentation/networking/ip-sysctl.txt). The NA is not sent on NETDEV_UP event; add it. Fixes: 5cb04436eef6 ("ipv6: add knob to send unsolicited ND on link-layer address change") Signed-off-by: David Ahern <dsa(a)cumulusnetworks.com> Acked-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ndisc.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1723,6 +1723,8 @@ static int ndisc_netdev_event(struct not case NETDEV_CHANGEADDR: neigh_changeaddr(&nd_tbl, dev); fib6_run_gc(0, net, false); + /* fallthrough */ + case NETDEV_UP: idev = in6_dev_get(dev); if (!idev) break; Patches currently in stable-queue which might be from dsa(a)cumulusnetworks.com are queue-4.9/net-ipv6-send-unsolicited-na-on-admin-up.patch

6 years, 9 months

1
0
0 0

Patch "net: hns: fix ethtool_get_strings overflow in hns driver" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: hns: fix ethtool_get_strings overflow in hns driver to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-hns-fix-ethtool_get_strings-overflow-in-hns-driver.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:24 CET 2018 From: Timmy Li <lixiaoping3(a)huawei.com> Date: Tue, 2 May 2017 10:46:52 +0800 Subject: net: hns: fix ethtool_get_strings overflow in hns driver From: Timmy Li <lixiaoping3(a)huawei.com> [ Upstream commit 412b65d15a7f8a93794653968308fc100f2aa87c ] hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the the following can be observed without this patch: [ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=ffff801fb0b69030, len=80 [ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070. [ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70) [ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt.kkkk [ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k [ 43.115218] Next obj: start=ffff801fb0b69098, len=80 [ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b. [ 43.115229] Last user: [<ffff0000084b11b0>](acpi_os_release_object+0x28/0x38) [ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kkkkkppe1_tx_ [ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai Signed-off-by: Timmy Li <lixiaoping3(a)huawei.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c @@ -671,7 +671,7 @@ static void hns_gmac_get_strings(u32 str static int hns_gmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_gmac_stats_string); return 0; --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe int hns_ppe_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ETH_PPE_STATIC_NUM; return 0; } --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c @@ -798,7 +798,7 @@ void hns_rcb_get_stats(struct hnae_queue */ int hns_rcb_get_ring_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return HNS_RING_STATIC_REG_NUM; return 0; --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c @@ -776,7 +776,7 @@ static void hns_xgmac_get_strings(u32 st */ static int hns_xgmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_xgmac_stats_string); return 0; Patches currently in stable-queue which might be from lixiaoping3(a)huawei.com are queue-4.9/net-hns-fix-ethtool_get_strings-overflow-in-hns-driver.patch

6 years, 9 months

1
0
0 0

Patch "net: ethernet: ucc_geth: fix MEM_PART_MURAM mode" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ethernet: ucc_geth: fix MEM_PART_MURAM mode to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ethernet-ucc_geth-fix-mem_part_muram-mode.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:40:23 CET 2018 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Tue, 7 Feb 2017 10:05:09 +0100 Subject: net: ethernet: ucc_geth: fix MEM_PART_MURAM mode From: Christophe Leroy <christophe.leroy(a)c-s.fr> [ Upstream commit 8b8642af15ed14b9a7a34d3401afbcc274533e13 ] Since commit 5093bb965a163 ("powerpc/QE: switch to the cpm_muram implementation"), muram area is not part of immrbar mapping anymore so immrbar_virt_to_phys() is not usable anymore. Fixes: 5093bb965a163 ("powerpc/QE: switch to the cpm_muram implementation") Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Acked-by: David S. Miller <davem(a)davemloft.net> Acked-by: Li Yang <pku.leo(a)gmail.com> Signed-off-by: Scott Wood <oss(a)buserror.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/ucc_geth.c | 8 +++----- include/soc/fsl/qe/qe.h | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) --- a/drivers/net/ethernet/freescale/ucc_geth.c +++ b/drivers/net/ethernet/freescale/ucc_geth.c @@ -2594,11 +2594,10 @@ static int ucc_geth_startup(struct ucc_g } else if (ugeth->ug_info->uf_info.bd_mem_part == MEM_PART_MURAM) { out_be32(&ugeth->p_send_q_mem_reg->sqqd[i].bd_ring_base, - (u32) immrbar_virt_to_phys(ugeth-> - p_tx_bd_ring[i])); + (u32)qe_muram_dma(ugeth->p_tx_bd_ring[i])); out_be32(&ugeth->p_send_q_mem_reg->sqqd[i]. last_bd_completed_address, - (u32) immrbar_virt_to_phys(endOfRing)); + (u32)qe_muram_dma(endOfRing)); } } @@ -2844,8 +2843,7 @@ static int ucc_geth_startup(struct ucc_g } else if (ugeth->ug_info->uf_info.bd_mem_part == MEM_PART_MURAM) { out_be32(&ugeth->p_rx_bd_qs_tbl[i].externalbdbaseptr, - (u32) immrbar_virt_to_phys(ugeth-> - p_rx_bd_ring[i])); + (u32)qe_muram_dma(ugeth->p_rx_bd_ring[i])); } /* rest of fields handled by QE */ } --- a/include/soc/fsl/qe/qe.h +++ b/include/soc/fsl/qe/qe.h @@ -243,6 +243,7 @@ static inline int qe_alive_during_sleep( #define qe_muram_free cpm_muram_free #define qe_muram_addr cpm_muram_addr #define qe_muram_offset cpm_muram_offset +#define qe_muram_dma cpm_muram_dma #define qe_setbits32(_addr, _v) iowrite32be(ioread32be(_addr) | (_v), (_addr)) #define qe_clrbits32(_addr, _v) iowrite32be(ioread32be(_addr) & ~(_v), (_addr)) Patches currently in stable-queue which might be from christophe.leroy(a)c-s.fr are queue-4.9/net-ethernet-ucc_geth-fix-mem_part_muram-mode.patch

6 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2018