This is the start of the stable review cycle for the 4.4.72 release. There are 90 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jun 14 15:25:30 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.72-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.4.72-rc1 Mark Rutland <mark.rutland@xxxxxxx> arm64: ensure extension of smp_store_release value Mark Rutland <mark.rutland@xxxxxxx> arm64: armv8_deprecated: ensure extension of addr Kees Cook <keescook@xxxxxxxxxxxx> usercopy: Adjust tests to deal with SMAP/PAN Amey Telawane <ameyt@xxxxxxxxxxxxxx> tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() Mike Marciniszyn <mike.marciniszyn@xxxxxxxxx> RDMA/qib,hfi1: Fix MR reference count leak on write with immediate Kristina Martsenko <kristina.martsenko@xxxxxxx> arm64: entry: improve data abort handling of tagged pointers Kristina Martsenko <kristina.martsenko@xxxxxxx> arm64: hw_breakpoint: fix watchpoint matching for tagged pointers Artem Savkov <asavkov@xxxxxxxxxx> Make __xfs_xattr_put_listen preperly report errors. Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> NFSv4: Don't perform cached access checks before we've OPENed the file Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> NFS: Ensure we revalidate attributes before using execute_ok() Michal Hocko <mhocko@xxxxxxxx> mm: consider memblock reservations for deferred memory initialization sizing Eric Dumazet <edumazet@xxxxxxxxxx> net: better skb->sender_cpu and skb->napi_id cohabitation Takatoshi Akiyama <takatoshi.akiyama.kj@xxxxxxxxxxxxxxxxxxxxxxxx> serial: sh-sci: Fix panic when serial console and DMA are enabled Peter Hurley <peter@xxxxxxxxxxxxxxxxxx> tty: Drop krefs for interrupted tty lock Julius Werner <jwerner@xxxxxxxxxxxx> drivers: char: mem: Fix wraparound check to allow mappings up to the end Takashi Iwai <tiwai@xxxxxxx> ASoC: Fix use-after-free at card unregistration Takashi Iwai <tiwai@xxxxxxx> ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT Takashi Iwai <tiwai@xxxxxxx> ALSA: timer: Fix race between read and ioctl Ben Skeggs <bskeggs@xxxxxxxxxx> drm/nouveau/tmr: fully separate alarm execution/pending lists Sinclair Yeh <syeh@xxxxxxxxxx> drm/vmwgfx: Make sure backup_handle is always valid Vladis Dronov <vdronov@xxxxxxxxxx> drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() Dan Carpenter <dan.carpenter@xxxxxxxxxx> drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() Jin Yao <yao.jin@xxxxxxxxxxxxxxx> perf/core: Drop kernel samples even though :u is specified Michael Bringmann <mwb@xxxxxxxxxxxxxxxxxx> powerpc/hotplug-mem: Fix missing endian conversion of aa_index Michael Ellerman <mpe@xxxxxxxxxxxxxx> powerpc/numa: Fix percpu allocations to be NUMA aware Russell Currey <ruscur@xxxxxxxxxx> powerpc/eeh: Avoid use after free in eeh_handle_special_event() Johannes Thumshirn <jthumshirn@xxxxxxx> scsi: qla2xxx: don't disable a not previously enabled PCI device Marc Zyngier <marc.zyngier@xxxxxxx> KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages Jeff Mahoney <jeffm@xxxxxxxx> btrfs: fix memory leak in update_space_info failure path David Sterba <dsterba@xxxxxxxx> btrfs: use correct types for page indices in btrfs_page_exists_in_range Frederic Barrat <fbarrat@xxxxxxxxxxxxxxxxxx> cxl: Fix error path on bad ioctl Al Viro <viro@xxxxxxxxxxxxxxxxxx> ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path Al Viro <viro@xxxxxxxxxxxxxxxxxx> ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments() Al Viro <viro@xxxxxxxxxxxxxxxxxx> ufs: set correct ->s_maxsize Al Viro <viro@xxxxxxxxxxxxxxxxxx> ufs: restore maintaining ->i_blocks Al Viro <viro@xxxxxxxxxxxxxxxxxx> fix ufs_isblockset() Al Viro <viro@xxxxxxxxxxxxxxxxxx> ufs: restore proper tail allocation Fabian Frederick <fabf@xxxxxxxxx> fs: add i_blocksize() Tejun Heo <tj@xxxxxxxxxx> cpuset: consider dying css as offline Ulrik De Bie <ulrik.debie-os@xxxxxxxxx> Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled Eric Anholt <eric@xxxxxxxxxx> drm/msm: Expose our reservation object when exporting a dmabuf. Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> target: Re-add check to reject control WRITEs with overflow data David Arcari <darcari@xxxxxxxxxx> cpufreq: cpufreq_register_driver() should return -ENODEV if init fails Daniel Micay <danielmicay@xxxxxxxxx> stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms Eric Biggers <ebiggers3@xxxxxxxxx> random: properly align get_random_int_hash Daniel Cashman <dcashman@xxxxxxxxxxx> drivers: char: random: add get_random_long() Matt Ranostay <matt.ranostay@xxxxxxxxxxxx> iio: proximity: as3935: fix AS3935_INT mask Franziska Naepelt <franziska.naepelt@xxxxxxx> iio: light: ltr501 Fix interchanged als/ps register field Oleg Drokin <green@xxxxxxxxxxxxxx> staging/lustre/lov: remove set_fs() call from lov_getstripe() Michael Thalmeier <michael.thalmeier@xxxxxxx> usb: chipidea: debug: check before accessing ci_role Jisheng Zhang <jszhang@xxxxxxxxxxx> usb: chipidea: udc: fix NULL pointer dereference if udc_start failed Thinh Nguyen <Thinh.Nguyen@xxxxxxxxxxxx> usb: gadget: f_mass_storage: Serialize wake and sleep execution Jan Kara <jack@xxxxxxx> ext4: fix fdatasync(2) after extent manipulation operations Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx> ext4: keep existing extra fields when inode expands Jan Kara <jack@xxxxxxx> ext4: fix SEEK_HOLE Dongli Zhang <dongli.zhang@xxxxxxxxxx> xen-netfront: cast grant table reference first to type int Dongli Zhang <dongli.zhang@xxxxxxxxxx> xen-netfront: do not cast grant table reference to signed short Julien Grall <julien.grall@xxxxxxx> xen/privcmd: Support correctly 64KB page granularity when mapping memory Alexander Sverdlin <alexander.sverdlin@xxxxxxxxx> dmaengine: ep93xx: Always start from BASE0 Hiroyuki Yokoyama <hiroyuki.yokoyama.vx@xxxxxxxxxxx> dmaengine: usb-dmac: Fix DMAOR AE bit definition Wanpeng Li <wanpeng.li@xxxxxxxxxxx> KVM: async_pf: avoid async pf injection when in guest mode Marc Zyngier <marc.zyngier@xxxxxxx> arm: KVM: Allow unaligned accesses at HYP Wanpeng Li <wanpeng.li@xxxxxxxxxxx> KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation Paolo Bonzini <pbonzini@xxxxxxxxxx> kvm: async_pf: fix rcu_irq_enter() with irqs enabled Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> nfsd: Fix up the "supattr_exclcreat" attributes J. Bruce Fields <bfields@xxxxxxxxxx> nfsd4: fix null dereference on replay Alex Deucher <alexander.deucher@xxxxxxx> drm/amdgpu/ci: disable mclk switching for high refresh rates (v2) Gilad Ben-Yossef <gilad@xxxxxxxxxxxxx> crypto: gcm - wait for crypto op not signal safe Eric Biggers <ebiggers@xxxxxxxxxx> KEYS: fix freeing uninitialized memory in key_update() Eric Biggers <ebiggers@xxxxxxxxxx> KEYS: fix dereferencing NULL payload with nonzero length Eric W. Biederman <ebiederm@xxxxxxxxxxxx> ptrace: Properly initialize ptracer_cred on fork Johan Hovold <johan@xxxxxxxxxx> serial: ifx6x60: fix use-after-free on module unload Jane Chu <jane.chu@xxxxxxxxxx> arch/sparc: support NR_CPUS = 4096 Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: delete old wrap code Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: new context wrap Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: add per-cpu mm of secondary contexts Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: redefine first version Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: combine activate_mm and switch_mm Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> sparc64: reset mm cpumask after wrap James Clarke <jrtc27@xxxxxxxxxx> sparc: Machine description indices can vary Mike Kravetz <mike.kravetz@xxxxxxxxxx> sparc64: mm: fix copy_tsb to correctly copy huge page TSBs Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx> net: bridge: start hello timer only if device is up Max Filippov <jcmvbkbc@xxxxxxxxx> net: ethoc: enable NAPI before poll may be scheduled Eric Dumazet <edumazet@xxxxxxxxxx> net: ping: do not abuse udp_poll() David S. Miller <davem@xxxxxxxxxxxxx> ipv6: Fix leak in ipv6_gso_segment(). Mark Bloch <markb@xxxxxxxxxxxx> vxlan: fix use-after-free on deletion Yuchung Cheng <ycheng@xxxxxxxxxx> tcp: disallow cwnd undo when switching congestion control Ganesh Goudar <ganeshgr@xxxxxxxxxxx> cxgb4: avoid enabling napi twice to the same queue Ben Hutchings <ben@xxxxxxxxxxxxxxx> ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() Mintz, Yuval <Yuval.Mintz@xxxxxxxxxx> bnx2x: Fix Multi-Cos ------------- Diffstat: Makefile | 4 +- arch/arm/kvm/init.S | 5 +- arch/arm/kvm/mmu.c | 3 + arch/arm64/include/asm/asm-uaccess.h | 13 ++++ arch/arm64/include/asm/barrier.h | 18 ++++- arch/arm64/include/asm/uaccess.h | 8 ++ arch/arm64/kernel/armv8_deprecated.c | 3 +- arch/arm64/kernel/entry.S | 6 +- arch/arm64/kernel/hw_breakpoint.c | 3 +- arch/powerpc/include/asm/topology.h | 14 ++++ arch/powerpc/kernel/eeh_driver.c | 19 ++++- arch/powerpc/kernel/setup_64.c | 4 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 2 + arch/sparc/Kconfig | 4 +- arch/sparc/include/asm/mmu_64.h | 2 +- arch/sparc/include/asm/mmu_context_64.h | 32 +------- arch/sparc/include/asm/pil.h | 1 - arch/sparc/include/asm/vio.h | 1 + arch/sparc/kernel/irq_64.c | 17 ++++- arch/sparc/kernel/kernel.h | 1 - arch/sparc/kernel/smp_64.c | 31 -------- arch/sparc/kernel/tsb.S | 11 ++- arch/sparc/kernel/ttable_64.S | 2 +- arch/sparc/kernel/vio.c | 68 ++++++++++++++++- arch/sparc/mm/init_64.c | 86 +++++++++++++++------- arch/sparc/mm/tsb.c | 7 +- arch/sparc/mm/ultra.S | 5 -- arch/x86/kernel/kvm.c | 2 +- arch/x86/kvm/cpuid.c | 20 ++--- arch/x86/kvm/mmu.c | 7 +- arch/x86/kvm/mmu.h | 1 + arch/x86/kvm/x86.c | 3 +- crypto/gcm.c | 6 +- drivers/char/mem.c | 2 +- drivers/char/random.c | 26 ++++++- drivers/cpufreq/cpufreq.c | 1 + drivers/dma/ep93xx_dma.c | 2 + drivers/dma/sh/usb-dmac.c | 2 +- drivers/gpu/drm/amd/amdgpu/ci_dpm.c | 6 ++ drivers/gpu/drm/msm/msm_drv.c | 1 + drivers/gpu/drm/msm/msm_drv.h | 1 + drivers/gpu/drm/msm/msm_gem_prime.c | 7 ++ .../gpu/drm/nouveau/include/nvkm/subdev/timer.h | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/timer/base.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 21 ++++-- drivers/iio/light/ltr501.c | 4 +- drivers/iio/proximity/as3935.c | 4 +- drivers/infiniband/hw/qib/qib_rc.c | 4 +- drivers/input/mouse/elantech.c | 16 ++++ drivers/misc/cxl/file.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 4 + drivers/net/ethernet/ethoc.c | 3 +- drivers/net/vxlan.c | 19 +++-- drivers/net/xen-netfront.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 8 +- drivers/staging/lustre/lustre/lov/lov_pack.c | 9 --- drivers/target/target_core_transport.c | 23 ++++-- drivers/tty/serial/ifx6x60.c | 2 +- drivers/tty/serial/sh-sci.c | 10 ++- drivers/tty/tty_io.c | 3 +- drivers/tty/tty_mutex.c | 7 +- drivers/usb/chipidea/debug.c | 3 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/gadget/function/f_mass_storage.c | 13 +++- drivers/xen/privcmd.c | 4 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 4 +- fs/buffer.c | 12 +-- fs/ceph/addr.c | 2 +- fs/direct-io.c | 2 +- fs/ext4/extents.c | 5 ++ fs/ext4/file.c | 50 ++++--------- fs/ext4/inode.c | 9 ++- fs/ext4/move_extent.c | 2 +- fs/jfs/super.c | 4 +- fs/mpage.c | 2 +- fs/nfs/dir.c | 21 +++++- fs/nfsd/blocklayout.c | 4 +- fs/nfsd/nfs4proc.c | 13 ++-- fs/nfsd/nfs4xdr.c | 13 +++- fs/nilfs2/btnode.c | 2 +- fs/nilfs2/inode.c | 4 +- fs/nilfs2/mdt.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ocfs2/aops.c | 2 +- fs/ocfs2/file.c | 2 +- fs/reiserfs/file.c | 2 +- fs/reiserfs/inode.c | 2 +- fs/stat.c | 3 +- fs/udf/inode.c | 2 +- fs/ufs/balloc.c | 26 ++++++- fs/ufs/inode.c | 9 ++- fs/ufs/super.c | 18 +++++ fs/ufs/util.h | 10 ++- fs/xfs/xfs_aops.c | 10 +-- fs/xfs/xfs_file.c | 4 +- fs/xfs/xfs_xattr.c | 1 + include/linux/cgroup.h | 20 +++++ include/linux/fs.h | 5 ++ include/linux/memblock.h | 8 ++ include/linux/mmzone.h | 1 + include/linux/ptrace.h | 7 +- include/linux/random.h | 1 + include/linux/skbuff.h | 3 - include/net/ipv6.h | 1 + kernel/cpuset.c | 4 +- kernel/events/core.c | 21 ++++++ kernel/fork.c | 2 +- kernel/ptrace.c | 20 +++-- kernel/trace/trace.c | 2 +- lib/test_user_copy.c | 20 ++++- mm/memblock.c | 24 ++++++ mm/page_alloc.c | 25 ++++++- mm/truncate.c | 2 +- net/bridge/br_stp_if.c | 3 +- net/core/dev.c | 33 ++++----- net/ipv4/af_inet.c | 2 +- net/ipv4/tcp_cong.c | 1 + net/ipv6/ip6_offload.c | 4 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 2 +- net/ipv6/xfrm6_mode_ro.c | 2 + net/ipv6/xfrm6_mode_transport.c | 2 + security/keys/key.c | 5 +- security/keys/keyctl.c | 4 +- sound/core/timer.c | 7 +- sound/soc/soc-core.c | 5 +- 130 files changed, 770 insertions(+), 362 deletions(-)