This is the start of the stable review cycle for the 3.2.85 release. There are 126 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Feb 23 00:00:00 UTC 2017. Anything received after that time might be too late. A combined patch relative to 3.2.84 will be posted as an additional response to this. A shortlog and diffstat can be found below. I have not yet worked through commits marked with 'cc: stable' or 'fixed:' that were merged after 4.9, and I haven't checked through all the direct requests for inclusion in stable. So if a fix is missing from this but it falls into those categories, please be patient and let me know only if it's still missing in the next review cycle. Ben. ------------- Al Viro (1): sg_write()/bsg_write() is not fit to be called under KERNEL_DS [a0ac402cfcdc904f9772e1762b3fda112dcc56a0] Andrey Ryabinin (1): coredump: fix unfreezable coredumping task [70d78fe7c8b640b5acfad56ad341985b3810998a] Anssi Hannula (1): ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants [eb1a74b7bea17eea31915c4f76385cefe69d9795] Anton Blanchard (1): powerpc/vdso64: Use double word compare on pointers [5045ea37377ce8cca6890d32b127ad6770e6dce5] Arnd Bergmann (1): staging: iio: ad5933: avoid uninitialized variable in error case [34eee70a7b82b09dbda4cb453e0e21d460dae226] Baoquan He (1): iommu/amd: Free domain id when free a domain of struct dma_ops_domain [c3db901c54466a9c135d1e6e95fec452e8a42666] Ben Hutchings (1): net: Add __sock_queue_rcv_skb() [e6afc8ace6dd5cef5e812f26c72579da8806f5ac] Benjamin Tissoires (1): HID: core: prevent out-of-bound readings [50220dead1650609206efe91f0cc116132d59b3f] Brian King (1): scsi: ibmvfc: Fix I/O hang when port is not mapped [07d0e9a847401ffd2f09bd450d41644cd090e81d] Brian Norris (1): mwifiex: printk() overflow with 32-byte SSIDs [fcd2042e8d36cf644bd2d69c26378d17158b17df] Calvin Owens (1): sg: Fix double-free when drives detach during SG_IO [f3951a3709ff50990bf3e188c27d346792103432] Ching Huang (1): scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware [2bf7dc8443e113844d078fd6541b7f4aa544f92f] Daeho Jeong (1): ext4: reinforce check of i_dtime when clearing high fields of uid and gid [93e3b4e6631d2a74a8cf7429138096862ff9f452] Dan Carpenter (3): [media] media: info leak in __media_device_enum_links() [c88e739b1fad662240e99ecbd0bdaac871717987] scsi: zfcp: spin_lock_irqsave() is not nestable [e7cb08e894a0b876443ef8fdb0706575dc00a5d2] ser_gigaset: return -ENOMEM on error instead of success [93a97c50cbf1c007caf12db5cc23e0d5b9c8473c] Daniel Glöckner (1): mmc: block: don't use CMD23 with very old MMC cards [0ed50abb2d8fc81570b53af25621dad560cd49b3] Daniel Mentz (1): lib/genalloc.c: start search from start of chunk [62e931fac45b17c2a42549389879411572f75804] Dmitry Vyukov (1): tty: limit terminal size to 4M chars [32b2921e6a7461fe63b71217067a6cf4bddb132f] Doug Brown (1): USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad [9bfef729a3d11f04d12788d749a3ce6b47645734] Eli Cooper (1): ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() [23f4ffedb7d751c7e298732ba91ca75d224bc1a6] Erez Shitrit (1): net/mlx4_en: Process all completions in RX rings after port goes up [8d59de8f7bb3db296331c665779c653b0c8d13ba] Eric Dumazet (4): ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped [990ff4d84408fc55942ca6644f67e361737b3d8e] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE [b98b0bc8c431e3ceb4b26b0dfc8db509518fb290] net: cleanups in sock_setsockopt() [82981930125abfd39d7c8378a9cfdf5e1be2002b] tcp: take care of truncations done by sk_filter() [ac6e780070e30e4c35bd395acfe9191e6268bdd3] Ewan D. Milne (1): scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded [4d2b496f19f3c2cfaca1e8fa0710688b5ff3811d] Fabio Estevam (1): mmc: mxs: Initialize the spinlock prior to using it [f91346e8b5f46aaf12f1df26e87140584ffd1b3f] Felipe Balbi (1): usb: gadget: u_ether: remove interrupt throttling [fd9afd3cbe404998d732be6cc798f749597c5114] Florian Fainelli (1): net: ep93xx_eth: Do not crash unloading module [c823abac17926767fb50175e098f087a6ac684c3] Florian Westphal (1): netfilter: restart search if moved to other chain [95a8d19f28e6b29377a880c6264391a62e07fccc] Gmail (1): ext4: release bh in make_indexed_dir [e81d44778d1d57bbaef9e24c4eac7c8a7a401d40] Greg Kroah-Hartman (1): usb: misc: legousbtower: Fix NULL pointer deference [2fae9e5a7babada041e2e161699ade2447a01989] Hangbin Liu (1): igmp: do not remove igmp souce list info when set link down [24803f38a5c0b6c57ed800b47e695f9ce474bc3a] Ido Yariv (1): KVM: x86: fix wbinvd_dirty_mask use-after-free [bd768e146624cbec7122ed15dead8daa137d909d] Ignacio Alvarado (1): KVM: Disable irq while unregistering user notifier [1650b4ebc99da4c137bfbfc531be4a2405f951dd] Jack Morgenstein (1): net/mlx4_core: Fix deadlock when switching between polling and event fw commands [a7e1f04905e5b2b90251974dddde781301b6be37] Jakub Sitnicki (1): ipv6: Don't use ufo handling on later transformed packets [f89c56ce710afa65e1b2ead555b52c4807f34ff7] Jan Kara (1): isofs: Do not return EACCES for unknown filesystems [a2ed0b391dd9c3ef1d64c7c3e370f4a5ffcd324a] Jan Remmet (1): regulator: tps65910: Work around silicon erratum SWCZ010 [8f9165c981fed187bb483de84caf9adf835aefda] Jann Horn (1): swapfile: fix memory corruption via malformed swapfile [dd111be69114cc867f8e826284559bfbc1c40e37] Jiri Slaby (1): tty: vt, fix bogus division in csi_J [42acfc6615f47e465731c263bee0c799edb098f2] Johan Hovold (2): mfd: core: Fix device reference leak in mfd_clone_cell [722f191080de641f023feaa7d5648caf377844f5] uwb: fix device reference leaks [d6124b409ca33c100170ffde51cd8dff761454a1] Johannes Berg (1): mac80211: discard multicast and 4-addr A-MSDUs [ea720935cf6686f72def9d322298bf7e9bd53377] John David Anglin (1): parisc: Ensure consistent state when switching to kernel stack at syscall entry [6ed518328d0189e0fdf1bb7c73290d546143ea66] Kashyap Desai (1): scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices [1e793f6fc0db920400574211c48f9157a37e3945] Kees Cook (2): fbdev: color map copying bounds checking [2dc705a9930b4806250fbf5a76e55266e59389f2] net: ping: check minimum size on ICMP header length [0eab121ef8750a5c8637d51534d5e9143fb0633f] Kyle Jones (1): USB: serial: cp210x: Add ID for a Juniper console [decc5360f23e9efe0252094f47f57f254dcbb3a9] Larry Finger (1): rtlwifi: Fix missing country code for Great Britain [0c9d3491530773858ff9d705ec2a9c382f449230] Laura Abbott (1): HID: usbhid: Add HID_QUIRK_NOGET for Aten DVI KVM switch [849eca7b9dae0364e2fbe8afdf0fb610d12c9c8f] Linus Lüssing (1): batman-adv: fix splat on disabling an interface [9799c50372b23ed774791bdb87d700f1286ee8a9] Linus Torvalds (1): Fix potential infoleak in older kernels [1c109fabbd51863475cd12ac206bdd249aee35af] Long Li (1): hv: do not lose pending heartbeat vmbus packets [407a3aee6ee2d2cb46d9ba3fc380bc29f35d020c] Marc Kleine-Budde (1): can: raw: raw_setsockopt: limit number of can_filter that can be set [332b05ca7a438f857c61a3c21a88489a21532364] Marcel Hasler (1): ALSA: usb-audio: Add quirk for Syntek STK1160 [bdc3478f90cd4d2928197f36629d5cf93b64dbe9] Marcelo Ricardo Leitner (1): sctp: validate chunk len before actually using it [bf911e985d6bbaa328c20c3e05f4eb03de11fdd6] Matan Barak (1): IB/mlx4: Fix create CQ error flow [593ff73bcfdc79f79a8a0df55504f75ad3e5d1a9] Mathias Krause (1): rtnl: reset calcit fptr in rtnl_unregister() [f567e950bf51290755a2539ff2aaef4c26f735d3] Mathias Nyman (1): xhci: add restart quirk for Intel Wildcatpoint PCH [4c39135aa412d2f1381e43802523da110ca7855c] Mauro Carvalho Chehab (3): [media] cx231xx: don't return error on success [1871d718a9db649b70f0929d2778dc01bc49b286] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid [24b923f073ac37eb744f56a2c7f77107b8219ab2] [media] mb86a20s: fix the locking logic [dafb65fb98d85d8e78405e82c83e81975e5d5480] Max Staudt (1): fbdev/efifb: Fix 16 color palette entry calculation [d50b3f43db739f03fcf8c0a00664b3d2fed0496e] Michael Ellerman (1): perf: Fix perf_event_for_each() to use sibling [724b6daa13e100067c30cfc4d1ad06629609dc4e] Michal Kubeček (1): tipc: check minimum bearer MTU [3de81b758853f0b29c61e246679d20b513c4cfec] Mike Galbraith (1): reiserfs: Unlock superblock before calling reiserfs_quota_on_mount() [420902c9d086848a7548c83e0a49021514bd71b7] Miklos Szeredi (4): fuse: fix clearing suid, sgid for chown() [c01638f5d919728f565bf8b5e0a6a159642df0d9] fuse: fix killing s[ug]id in setattr [a09f99eddef44035ec764075a37bace8181bec38] fuse: invalidate dir dentry after chmod [5e2b8828ff3d79aca8c3a1730652758753205b61] fuse: listxattr: verify xattr list [cb3ae6d25a5471be62bfe6ac1fccc0e91edeaba0] Ming Lei (1): scsi: Fix use-after-free [bcd8f2e94808fcddf6ef3af5f060a36820dcc432] Oliver Hartkopp (1): can: bcm: fix warning in bcm_connect/proc_register [deb507f91f1adbf64317ad24ac46c56eeccfb754] Oliver Neukum (1): HID: usbhid: add ATEN CS962 to list of quirky devices [cf0ea4da4c7df11f7a508b2f37518e0f117f3791] Omar Sandoval (1): block: fix use-after-free in sys_ioprio_get() [8ba8682107ee2ca3347354e018865d8e1967c5f4] Ondrej Mosnáček (1): crypto: gcm - Fix IV buffer size in crypto_gcm_setkey [50d2e6dc1f83db0563c7d6603967bf9585ce934b] Pan Xinhui (1): powerpc/nvram: Fix an incorrect partition merge [11b7e154b132232535befe51c55db048069c8461] Patrick Scheuring (1): Input: i8042 - add XMG C504 to keyboard reset table [da25311c7ca8b0254a686fc0d597075b9aa3b683] Paul Bolle (1): lockdep: Silence warning if CONFIG_LOCKDEP isn't set [5cd3f5affad2109fd1458aab3f6216f2181e26ea] Paul Jakma (1): USB: serial: cp210x: add ID for the Zone DPMX [2ab13292d7a314fa45de0acc808e41aaad31989c] Paul Mackerras (1): powerpc/64: Fix incorrect return value from __copy_tofrom_user [1a34439e5a0b2235e43f96816dbb15ee1154f656] Peter Hurley (1): tty: Prevent ldisc drivers from re-using stale tty fields [dd42bf1197144ede075a9d4793123f7689e164bc] Peter Zijlstra (4): perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race [321027c1fe77f892f4ea07846aeae08cefbbb290] perf: Do not double free [130056275ade730e7a79c110212c8815202773ee] perf: Fix event->ctx locking [f63a8daa5812afef4f06c962351687e1ff9ccb2b] perf: Fix race in swevent hash [12ca6ad2e3a896256f086497a7c7406a547ee373] Petr Vandrovec (1): Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y [2ce9d2272b98743b911196c49e7af5841381c206] Philip Pettersson (1): packet: fix race condition in packet_set_ring [84ac7260236a49c79eede91617700174c2c19b0c] Punit Agrawal (1): ACPI / APEI: Fix incorrect return value of ghes_proc() [806487a8fc8f385af75ed261e9ab658fc845e633] Radim Krčmář (1): KVM: x86: drop error recovery in em_jmp_far and em_ret_far [2117d5398c81554fbf803f5fd1dc55eb78216c0c] Richard Weinberger (3): ubifs: Abort readdir upon error [c83ed4c9dbb358b9e7707486e167e940d48bfeed] ubifs: Fix regression in ubifs_readdir() [a00052a296e54205cf238c75bd98d17d5d02a6db] ubifs: Fix xattr_names length in exit paths [843741c5778398ea67055067f4cc65ae6c80ca0e] Russell King (1): ARM: dma-mapping: don't allow DMA mappings to be marked executable [0ea1ec713f04bdfac343c9702b21cd3a7c711826] Sascha Silbe (2): s390/con3270: fix insufficient space padding [6cd997db911f28f2510b771691270c52b63ed2e6] s390/con3270: fix use of uninitialised data [c14f2aac7aa147861793eed9f41f91dd530f0be1] Scot Doyle (1): vt: clear selection before resizing [009e39ae44f4191188aeb6dfbf661b771dbbe515] Sean Young (1): dib0700: fix nec repeat handling [ba13e98f2cebd55a3744c5ffaa08f9dca73bf521] Segher Boessenkool (1): powerpc: Convert cmp to cmpd in idle enter sequence [80f23935cadb1c654e81951f5a8b7ceae0acc1b4] Shao Fu (1): rtlwifi: Update regulatory database [02b5fffbe9e02f5d63fa4a801fb807cf0aab4fc9] Stefan Richter (1): firewire: net: fix fragmented datagram_size off-by-one [e9300a4b7bbae83af1f7703938c94cf6dc6d308f] Steffen Maier (10): zfcp: close window with unblocked rport during rport gone [4eeaa4f3f1d6c47b69f70e222297a4df4743363e] zfcp: fix D_ID field with actual value on tracing SAN responses [771bf03537ddfa4a4dde62ef9dfbc82e4f77ab20] zfcp: fix ELS/GS request&response length for hardware data router [70369f8e15b220f50a16348c79a61d3f7054813c] zfcp: fix fc_host port_type with NPIV [bd77befa5bcff8c51613de271913639edf85fbc2] zfcp: fix payload trace length for SAN request&response [94db3725f049ead24c96226df4a4fb375b880a77] zfcp: restore tracing of handle for port and LUN with HBA records [7c964ffe586bc0c3d9febe9bf97a2e4b2866e5b7] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace [0102a30a6ff60f4bb4c07358ca3b1f92254a6c25] zfcp: retain trace level for SCSI and HBA FSF response records [35f040df97fa0e94c7851c054ec71533c88b4b81] zfcp: trace full payload of all SAN records (req,resp,iels) [aceeffbb59bb91404a0bda32a542d7ebf878433a] zfcp: trace on request for open and close of WKA port [d27a7cb91960cf1fdd11b10071e601828cbf4b1f] Sumit Saxena (1): scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression [5e5ec1759dd663a1d5a2f10930224dd009e500e8] Takashi Iwai (2): ALSA: ali5451: Fix out-of-bound position reporting [db68577966abc1aeae4ec597b3dcfa0d56e92041] ALSA: pcm : Call kill_fasync() in stream lock [3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4] Tang.Junhui (1): dm table: fix missing dm_put_target_type() in dm_table_add_target() [dafa724bf582181d9a7d54f5cb4ca0bf8ef29269] Tariq Toukan (1): IB/uverbs: Fix leak of XRC target QPs [5b810a242c28e1d8d64d718cebe75b79d86a0b2d] Theodore Ts'o (1): ext4: sanity check the block and cluster size at mount time [8cdf3372fe8368f56315e66bea9f35053c418093] Thomas Gleixner (1): locking/rtmutex: Prevent dequeue vs. unlock race [dbb26055defd03d59f678cb5f2c992abe05b064a] Tilman Schmidt (1): isdn/gigaset: reset tty->receive_room when attaching ser_gigaset [fd98e9419d8d622a4de91f76b306af6aa627aa9c] Trond Myklebust (1): NFSv4: Open state recovery must account for file permission changes [304020fe48c6c7fff8b5a38f382b54404f0f79d3] Ulrich Weber (1): netfilter: nf_conntrack_sip: extend request line validation [444f901742d054a4cd5ff045871eac5131646cfb] Vladimir Zapolskiy (1): i2c: core: fix NULL pointer dereference under race condition [147b36d5b70c083cc76770c47d60b347e8eaf231] Willem de Bruijn (2): dccp: limit sk_filter trim to payload [4f0c40d94461cfd23893a17335b2ab78ecb333c8] rose: limit sk_filter trim to payload [f4979fcea7fd36d8e2f556abef86f80e0d5af1ba] Xin Long (1): sctp: do not return the transmit err back to sctp_sendmsg [66388f2c08dfa38071f9eceae7bb29060d9be9aa] Makefile | 4 +- arch/arm/mm/dma-mapping.c | 4 +- arch/parisc/kernel/syscall.S | 11 +- arch/powerpc/kernel/idle_power7.S | 2 +- arch/powerpc/kernel/nvram_64.c | 6 +- arch/powerpc/kernel/vdso64/datapage.S | 2 +- arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +- arch/powerpc/lib/copyuser_64.S | 2 +- arch/x86/include/asm/uaccess.h | 10 +- arch/x86/kvm/emulate.c | 36 +-- arch/x86/kvm/x86.c | 17 +- block/bsg.c | 3 + crypto/gcm.c | 2 +- drivers/acpi/apei/ghes.c | 2 +- drivers/firewire/net.c | 8 +- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 2 + drivers/hid/usbhid/hid-quirks.c | 2 + drivers/hv/hv_util.c | 10 +- drivers/i2c/i2c-core.c | 2 +- drivers/infiniband/core/uverbs_main.c | 7 +- drivers/infiniband/hw/mlx4/cq.c | 5 +- drivers/input/serio/i8042-x86ia64io.h | 7 + drivers/iommu/amd_iommu.c | 3 + drivers/isdn/gigaset/ser-gigaset.c | 15 +- drivers/md/dm-table.c | 24 +- drivers/media/dvb/dvb-usb/dib0700_core.c | 5 +- drivers/media/dvb/frontends/mb86a20s.c | 12 +- drivers/media/media-device.c | 3 + drivers/media/video/cx231xx/cx231xx-avcore.c | 5 +- drivers/media/video/cx231xx/cx231xx-cards.c | 2 +- drivers/media/video/cx231xx/cx231xx-core.c | 3 +- drivers/mfd/mfd-core.c | 2 + drivers/mmc/card/block.c | 3 +- drivers/mmc/host/mxs-mmc.c | 4 +- drivers/net/ethernet/cirrus/ep93xx_eth.c | 4 + drivers/net/ethernet/mellanox/mlx4/cmd.c | 19 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 + drivers/net/ethernet/mellanox/mlx4/mlx4.h | 2 + drivers/net/wireless/mwifiex/cfg80211.c | 13 +- drivers/net/wireless/rtlwifi/regd.c | 46 +++- drivers/net/wireless/rtlwifi/regd.h | 1 + drivers/regulator/tps65910-regulator.c | 6 + drivers/s390/char/con3270.c | 11 +- drivers/s390/scsi/zfcp_dbf.c | 162 ++++++++++-- drivers/s390/scsi/zfcp_dbf.h | 14 +- drivers/s390/scsi/zfcp_erp.c | 12 +- drivers/s390/scsi/zfcp_ext.h | 8 +- drivers/s390/scsi/zfcp_fsf.c | 22 +- drivers/s390/scsi/zfcp_fsf.h | 4 +- drivers/s390/scsi/zfcp_scsi.c | 8 +- drivers/scsi/arcmsr/arcmsr_hba.c | 9 - drivers/scsi/ibmvscsi/ibmvfc.c | 1 - drivers/scsi/megaraid/megaraid_sas.h | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 13 +- drivers/scsi/scsi_debug.c | 1 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/sg.c | 8 +- drivers/staging/iio/impedance-analyzer/ad5933.c | 17 +- drivers/tty/tty_ldisc.c | 7 + drivers/tty/vt/vt.c | 7 +- drivers/usb/gadget/u_ether.c | 7 - drivers/usb/host/xhci-pci.c | 4 +- drivers/usb/misc/legousbtower.c | 35 ++- drivers/usb/serial/cp210x.c | 2 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/storage/transport.c | 7 +- drivers/uwb/lc-rc.c | 16 +- drivers/video/efifb.c | 6 +- drivers/video/fbcmap.c | 26 +- fs/exec.c | 6 +- fs/ext4/ext4.h | 1 + fs/ext4/inode.c | 8 +- fs/ext4/namei.c | 14 +- fs/ext4/super.c | 17 +- fs/fuse/dir.c | 63 ++++- fs/ioprio.c | 2 + fs/isofs/inode.c | 8 +- fs/nfs/nfs4state.c | 3 + fs/reiserfs/super.c | 12 +- fs/ubifs/dir.c | 16 +- fs/ubifs/xattr.c | 2 + include/linux/can.h | 1 + include/linux/filter.h | 6 +- include/linux/lockdep.h | 2 +- include/net/sock.h | 10 +- include/net/tcp.h | 1 + kernel/events/core.c | 315 +++++++++++++++++++----- kernel/rtmutex.c | 68 ++++- lib/genalloc.c | 3 +- mm/swapfile.c | 2 + net/batman-adv/hard-interface.c | 1 - net/can/bcm.c | 32 ++- net/can/raw.c | 3 + net/core/filter.c | 10 +- net/core/rtnetlink.c | 1 + net/core/sock.c | 68 +++-- net/dccp/ipv4.c | 2 +- net/dccp/ipv6.c | 3 +- net/ipv4/igmp.c | 49 ++-- net/ipv4/ping.c | 4 + net/ipv4/tcp_ipv4.c | 19 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/ip6_tunnel.c | 1 + net/ipv6/tcp_ipv6.c | 6 +- net/mac80211/rx.c | 24 +- net/netfilter/nf_conntrack_core.c | 7 + net/netfilter/nf_conntrack_sip.c | 5 +- net/packet/af_packet.c | 18 +- net/rose/rose_in.c | 3 +- net/sctp/sm_sideeffect.c | 16 +- net/sctp/sm_statefuns.c | 12 +- net/tipc/bearer.h | 16 ++ net/tipc/eth_media.c | 12 +- sound/core/pcm_lib.c | 2 +- sound/pci/ali5451/ali5451.c | 2 + sound/usb/mixer_quirks.c | 22 +- sound/usb/quirks-table.h | 17 ++ 119 files changed, 1245 insertions(+), 419 deletions(-) -- Ben Hutchings Lowery's Law: If it jams, force it. If it breaks, it needed replacing anyway.