[PATCH 3.10 000/139] 3.10.108-stable review
From: Willy Tarreau
Date: Wed Nov 01 2017 - 18:02:00 EST
This is the start of the stable review cycle for the 3.10.108 release,
which will also be the last release in the 3.10 branch.
All patches will be posted as a response to this one. If anyone has any
issue with these being applied, please let me know. If anyone thinks some
important patches are missing and should be added prior to the release,
please report them quickly with their respective mainline commit IDs.
Responses should be made by Sat Nov 4 22:10:41 CET 2017.
Anything received after that time might be too late. If someone
wants a bit more time for a deeper review, please let me know.
The whole patch series can be found in one patch at :
https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.108-rc1.gz
The shortlog and diffstat are appended below.
Thanks,
Willy
===============
Adam Borowski (1):
vt: fix unchecked __put_user() in tioclinux ioctls
Al Viro (3):
Bluetooth: bnep: bnep_add_connection() should verify that it's dealing
with l2cap socket
Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing
with l2cap socket
leak in O_DIRECT readv past the EOF
Alexander Potapenko (3):
sctp: don't dereference ptr before leaving _sctp_walk_{params,
errors}()
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
net/packet: check length in getsockopt() called with PACKET_HDRLEN
Andreas Gruenbacher (1):
direct-io: Prevent NULL pointer access in submit_page_section
Andrew Gabbasov (1):
usb: gadget: composite: Fix use-after-free in
usb_composite_overwrite_options
Anssi Hannula (1):
net: xilinx_emaclite: fix receive buffer overflow
Anton Blanchard (1):
powerpc: Fix emulation of mfocrf in emulate_step()
Arend van Spriel (1):
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
Arnd Bergmann (7):
wext: handle NULL extra data in iwe_stream_add_point better
x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
[media] pvrusb2: reduce stack usage pvr2_eeprom_analyze()
[media] ir-core: fix gcc-7 warning on bool arithmetic
staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
qlge: avoid memcpy buffer overflow
IB/qib: fix false-postive maybe-uninitialized warning
Baohong Liu (1):
tracing: Apply trace_clock changes to instance max buffer
Benjamin Block (1):
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
Bo Yan (1):
tracing: Erase irqsoff trace with empty write
Cheah Kok Cheong (1):
Staging: comedi: comedi_fops: Avoid orphaned proc entry
Chris Brandt (2):
usb: r8a66597-hcd: select a different endpoint on timeout
usb: r8a66597-hcd: decrease timeout
Christoph Paasch (1):
net: Set sk_prot_creator when cloning sockets to the right proto
Christophe JAILLET (1):
serial: efm32: Fix parity management in
'efm32_uart_console_get_options()'
Dan Carpenter (10):
libata: array underflow in ata_find_dev()
sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
IS_ERR()
xfrm: NULL dereference on allocation failure
xfrm: Oops on error in pfkey_msg2xfrm_state()
cpufreq: s3c2416: double free on driver init error path
KEYS: Fix an error code in request_master_key()
scsi: qla2xxx: Fix an integer overflow in sysfs code
scsi: scsi_dh_emc: return success in clariion_std_inquiry()
Darrick J. Wong (1):
ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
David Howells (2):
rxrpc: Fix several cases where a padded len isn't checked in ticket
decode
KEYS: don't let add_key() update an uninstantiated key
Eric Biggers (5):
KEYS: fix dereferencing NULL payload with nonzero length
FS-Cache: fix dereference of NULL user_key_payload
KEYS: prevent creating a different user's keyrings
KEYS: encrypted: fix dereference of NULL user_key_payload
lib/digsig: fix dereference of NULL user_key_payload
Eric Dumazet (6):
net: reduce skb_warn_bad_offload() noise
net: skb_needs_check() accepts CHECKSUM_NONE for tx
net: prevent sign extension in dev_get_stats()
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
net: ping: do not abuse udp_poll()
ipv6: fix typo in fib6_net_exit()
Feras Daoud (1):
IB/ipoib: rtnl_unlock can not come after free_netdev
Florian Fainelli (1):
net: korina: Fix NAPI versus resources freeing
Gao Feng (1):
net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
Haozhong Zhang (1):
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
Helge Deller (1):
mm: fix overflow check in expand_upwards()
Horia GeantÄ (1):
crypto: caam - fix signals handling
Ian Abbott (1):
staging: comedi: fix clean-up of comedi_class in comedi_init()
Ilya Matveychikov (1):
lib/cmdline.c: fix get_options() overflow while parsing ranges
James Hogan (1):
MIPS: Fix mips_atomic_set() retry condition
James Morse (1):
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
Jan Kara (4):
ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
ext4: fix SEEK_HOLE
ext4: avoid deadlock when expanding inode size
udf: Fix deadlock between writeback and udf_setsize()
Jason Yan (1):
md: fix super_offset endianness in super_1_rdev_size_change
Jerry Lee (1):
ext4: fix overflow caused by missing cast in ext4_resize_fs()
Jin Yao (1):
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to
its target
Joerg Roedel (1):
iommu/amd: Finish TLB flush in amd_iommu_unmap()
Johan Hovold (2):
serial: ifx6x60: fix use-after-free on module unload
USB: serial: console: fix use-after-free after failed setup
Johannes Thumshirn (1):
scsi: qla2xxx: don't disable a not previously enabled PCI device
Josh Poimboeuf (1):
mm/page_alloc: Remove kernel address exposure in free_reserved_area()
Julian Anastasov (1):
ipvs: SNAT packet replies only for NATed connections
Kazuya Mizuguchi (1):
usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
Kees Cook (1):
fs/exec.c: account for argv/envp pointers
Konstantin Khlebnikov (1):
ext4: keep existing extra fields when inode expands
Krzysztof Kozlowski (1):
PM / Domains: Fix unsafe iteration over modified list of device links
Laura Abbott (1):
x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
Leon Romanovsky (1):
net/mlx4: Remove BUG_ON from ICM allocation routine
Liping Zhang (2):
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
Maciej W. Rozycki (4):
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
Mahesh Bandewar (1):
ipv4: initialize fib_trie prior to register_netdev_notifier call.
Majd Dibbiny (1):
net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs
Marcin Nowakowski (1):
kernel/extable.c: mark core_kernel_text notrace
Martin Hicks (1):
crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
Mateusz Jurczyk (1):
fuse: initialize the flock flag in fuse_file on allocation
Michael Ellerman (1):
powerpc/64: Fix atomic64_inc_not_zero() to return an int
Michael Thalmeier (1):
usb: chipidea: debug: check before accessing ci_role
Naveen N. Rao (1):
powerpc/kprobes: Pause function_graph tracing during jprobes handling
Neal Cardwell (4):
tcp: introduce tcp_rto_delta_us() helper for xmit timer fix
tcp: enable xmit timer fix by having TLP use time when RTO should fire
tcp: fix xmit timer to only be reset if data ACKed/SACKed
tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
NeilBrown (1):
md/bitmap: disable bitmap_resize for file-backed bitmaps.
Nicholas Bellinger (1):
target: Avoid mappedlun symlink creation during lun shutdown
Oliver O'Halloran (1):
powerpc/asm: Mark cr0 as clobbered in mftb()
Pan Bian (1):
team: fix memory leaks
Paolo Bonzini (1):
kvm: async_pf: fix rcu_irq_enter() with irqs enabled
Prabhakar Lad (1):
media: platform: davinci: return -EINVAL for
VPFE_CMD_S_CCDC_RAW_PARAMS ioctl
Radim KrÄmÃÅ (1):
KVM: x86: zero base3 of unusable segments
Russell King (1):
net: phy: fix marvell phy status reading
Sabrina Dubroca (2):
ipv6: fix memory leak with multiple tables during netns destruction
ip6_gre: fix endianness errors in ip6gre_err
Shaohua Li (1):
md/raid10: submit bio directly to replacement disk
Srinivas Dasari (2):
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
cfg80211: Check if PMKID attribute is of expected size
Stefan MÃtje (1):
can: esd_usb2: Fix can_dlc value for received RTR, frames
Steffen Maier (4):
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
scsi: zfcp: fix missing trace records for early returns in TMF eh
handlers
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
late response
Stephan Mueller (1):
crypto: AF_ALG - remove SGL terminator indicator when chaining
Takashi Iwai (2):
ALSA: seq: Fix use-after-free at creating a port
ALSA: core: Fix unexpected error at replacing user TLV
Tejun Heo (2):
workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
workqueue: implicit ordered attribute should be overridable
Tomasz WilczyÅski (1):
cpufreq: conservative: Allow down_threshold to take values from 1 to
10
Tony Lindgren (1):
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
Vladis Dronov (2):
xfrm: policy: check policy direction value
nl80211: check for the required netlink attributes presence
WANG Cong (2):
tcp: reset sk_rx_dst in tcp_disconnect()
ipv6: avoid unregistering inet6_dev for loopback
Wei Wang (1):
tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
Willem de Bruijn (2):
udp: consistently apply ufo or fragmentation
packet: fix tp_reserve race in packet_set_ring
Xin Long (1):
sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
Yoshihiro Shimoda (5):
usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle
usb: renesas_usbhs: fix the sequence in xfer_work()
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
Yuchung Cheng (2):
tcp: disallow cwnd undo when switching congestion control
tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction
states
satoru takeuchi (1):
btrfs: prevent to set invalid default subvolid
arch/mips/include/asm/branch.h | 5 +-
arch/mips/kernel/branch.c | 8 ++-
arch/mips/kernel/syscall.c | 2 +-
arch/mips/math-emu/cp1emu.c | 38 +++++++++++++
arch/powerpc/include/asm/atomic.h | 4 +-
arch/powerpc/include/asm/reg.h | 2 +-
arch/powerpc/kernel/kprobes.c | 11 ++++
arch/powerpc/lib/sstep.c | 13 +++++
arch/x86/include/asm/io.h | 4 +-
arch/x86/kernel/kvm.c | 2 +-
arch/x86/kvm/vmx.c | 2 +-
arch/x86/kvm/x86.c | 2 +
arch/x86/mm/numa_32.c | 1 +
crypto/algif_skcipher.c | 4 +-
drivers/acpi/apei/ghes.c | 1 +
drivers/ata/libata-scsi.c | 6 +-
drivers/base/power/domain.c | 4 +-
drivers/cpufreq/cpufreq_conservative.c | 4 +-
drivers/cpufreq/s3c2416-cpufreq.c | 1 -
drivers/crypto/caam/caamhash.c | 2 +-
drivers/crypto/caam/key_gen.c | 2 +-
drivers/crypto/talitos.c | 7 ++-
drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 2 +
drivers/infiniband/hw/qib/qib_iba7322.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 4 +-
drivers/iommu/amd_iommu.c | 1 +
drivers/md/bitmap.c | 5 ++
drivers/md/md.c | 2 +-
drivers/md/raid10.c | 19 ++++++-
drivers/media/platform/davinci/vpfe_capture.c | 22 +-------
drivers/media/rc/imon.c | 2 +-
drivers/media/usb/pvrusb2/pvrusb2-eeprom.c | 13 ++---
drivers/mfd/omap-usb-tll.c | 2 +-
drivers/misc/c2port/c2port-duramar2150.c | 4 +-
drivers/net/can/usb/esd_usb2.c | 2 +-
drivers/net/ethernet/korina.c | 8 +--
drivers/net/ethernet/mellanox/mlx4/icm.c | 7 ++-
drivers/net/ethernet/mellanox/mlx4/main.c | 2 -
drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 2 +-
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 10 +++-
drivers/net/phy/marvell.c | 2 -
drivers/net/team/team.c | 8 ++-
.../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 5 ++
drivers/s390/scsi/zfcp_dbf.c | 21 +++++--
drivers/s390/scsi/zfcp_dbf.h | 6 +-
drivers/s390/scsi/zfcp_fc.h | 6 +-
drivers/s390/scsi/zfcp_fsf.c | 3 +-
drivers/s390/scsi/zfcp_scsi.c | 8 ++-
drivers/scsi/device_handler/scsi_dh_emc.c | 2 +-
drivers/scsi/qla2xxx/qla_attr.c | 8 +--
drivers/scsi/qla2xxx/qla_os.c | 8 +--
drivers/staging/comedi/comedi_fops.c | 7 ++-
drivers/staging/iio/resolver/ad2s1210.c | 2 +-
drivers/target/target_core_fabric_configfs.c | 5 ++
drivers/target/target_core_tpg.c | 3 +
drivers/tty/serial/efm32-uart.c | 11 +++-
drivers/tty/serial/ifx6x60.c | 2 +-
drivers/tty/vt/vt.c | 6 +-
drivers/usb/chipidea/debug.c | 3 +-
drivers/usb/gadget/composite.c | 5 ++
drivers/usb/host/r8a66597-hcd.c | 6 +-
drivers/usb/renesas_usbhs/common.c | 4 +-
drivers/usb/renesas_usbhs/fifo.c | 50 +++++++++++++++--
drivers/usb/renesas_usbhs/pipe.c | 13 +++++
drivers/usb/renesas_usbhs/pipe.h | 4 ++
drivers/usb/serial/console.c | 1 +
fs/btrfs/ioctl.c | 4 ++
fs/direct-io.c | 3 +
fs/exec.c | 28 ++++++++--
fs/ext4/file.c | 57 +++++++------------
fs/ext4/inode.c | 7 +--
fs/ext4/resize.c | 3 +-
fs/ext4/xattr.c | 19 +++++--
fs/fscache/object-list.c | 7 +++
fs/fuse/file.c | 2 +-
fs/udf/inode.c | 4 +-
include/linux/key.h | 2 +
include/linux/workqueue.h | 4 +-
include/net/ipv6.h | 1 +
include/net/iw_handler.h | 3 +-
include/net/sctp/sctp.h | 4 ++
include/net/sctp/ulpevent.h | 6 +-
include/net/tcp.h | 10 ++++
include/target/target_core_base.h | 1 +
kernel/extable.c | 2 +-
kernel/trace/trace.c | 12 +++-
kernel/workqueue.c | 23 ++++++--
lib/cmdline.c | 6 +-
lib/digsig.c | 6 ++
mm/mmap.c | 2 +-
mm/page_alloc.c | 4 +-
net/8021q/vlan.c | 3 +-
net/bluetooth/bnep/core.c | 4 ++
net/bluetooth/cmtp/core.c | 3 +
net/core/dev.c | 21 ++++---
net/core/sock.c | 2 +
net/ipv4/af_inet.c | 2 +-
net/ipv4/fib_frontend.c | 9 +--
net/ipv4/ip_output.c | 7 ++-
net/ipv4/netfilter/nf_nat_snmp_basic.c | 1 +
net/ipv4/tcp.c | 6 ++
net/ipv4/tcp_cong.c | 1 +
net/ipv4/tcp_input.c | 36 ++++++------
net/ipv4/tcp_output.c | 26 ++-------
net/ipv4/udp.c | 2 +-
net/ipv6/addrconf.c | 3 +-
net/ipv6/ip6_fib.c | 25 +++++++--
net/ipv6/ip6_gre.c | 4 +-
net/ipv6/ip6_output.c | 7 ++-
net/ipv6/raw.c | 2 +-
net/key/af_key.c | 17 ++++--
net/netfilter/ipvs/ip_vs_core.c | 19 +++++--
net/netfilter/nf_conntrack_ecache.c | 2 +
net/netfilter/nf_conntrack_extend.c | 13 ++++-
net/netfilter/nf_conntrack_netlink.c | 1 +
net/netfilter/nf_nat_core.c | 2 +
net/netfilter/nfnetlink_cttimeout.c | 1 +
net/netfilter/xt_TCPMSS.c | 6 +-
net/packet/af_packet.c | 15 +++--
net/rxrpc/ar-key.c | 64 ++++++++++++----------
net/sctp/ipv6.c | 2 +
net/wireless/nl80211.c | 10 +++-
net/xfrm/xfrm_policy.c | 6 ++
security/keys/encrypted-keys/encrypted.c | 9 ++-
security/keys/internal.h | 2 +-
security/keys/key.c | 12 ++++
security/keys/keyctl.c | 4 +-
security/keys/keyring.c | 23 +++++---
security/keys/process_keys.c | 8 ++-
sound/core/control.c | 2 +-
sound/core/seq/seq_clientmgr.c | 6 +-
sound/core/seq/seq_ports.c | 7 ++-
tools/perf/ui/browser.c | 2 +-
133 files changed, 720 insertions(+), 330 deletions(-)
--
2.8.0.rc2.1.gbe9624a