This is the start of the stable review cycle for the 4.4.217 release. There are 93 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 21 Mar 2020 12:37:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.217-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.4.217-rc1 Matteo Croce <mcroce@xxxxxxxxxx> ipv4: ensure rcu_read_lock() in cipso_v4_error() Jann Horn <jannh@xxxxxxxxxx> mm: slub: add missing TID bump in kmem_cache_alloc_bulk() Kees Cook <keescook@xxxxxxxxxxxx> ARM: 8958/1: rename missed uaccess .fixup section Florian Fainelli <f.fainelli@xxxxxxxxx> ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() Qian Cai <cai@xxxxxx> jbd2: fix data races at struct journal_head Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> signal: avoid double atomic counter increments for user accounting Marek Vasut <marex@xxxxxxx> net: ks8851-ml: Fix IRQ handling and locking Kim Phillips <kim.phillips@xxxxxxx> perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Don't schedule OGM for disabled interface Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Avoid free/alloc race when handling OGM buffer Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Only read OGM tvlv_len after buffer len check Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Reduce tt_global hash refcnt only for removed entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Reduce tt_local hash refcnt only for removed entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Reduce claim hash refcnt only for removed entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Prevent duplicated tvlv handler Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Prevent duplicated global TT entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Prevent duplicated nc_node entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Prevent duplicated gateway_node entry Linus Lüssing <linus.luessing@xxxxxxxxx> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix debugfs path for renamed softif Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix debugfs path for renamed hardif Marek Lindner <mareklindner@xxxxxxxxxxxxx> batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs Linus Lüssing <linus.luessing@xxxxxxxxx> batman-adv: Fix TT sync flags for intermediate TT responses Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Avoid race in TT TVLV allocator helper Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix skbuff rcsum on packet reroute Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx> batman-adv: update data pointers after skb_cow() Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix internal interface indices types Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq Linus Lüssing <linus.luessing@xxxxxxxxx> batman-adv: fix TT sync flag inconsistencies Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix rx packet/bytes stats on local ARP reply Linus Lüssing <linus.luessing@xxxxxxxxx> batman-adv: Fix transmission of final, 16th fragment Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix double free during fragment merge error Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Add missing refcnt for last_candidate Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix speedy join in gateway client mode Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Free last_bonding_candidate on release of orig_node Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix reference leak in batadv_find_router Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix non-atomic bla_claim::backbone_gw access Simon Wunderlich <sw@xxxxxxxxxxxxxxxxxx> batman-adv: lock crc access in bridge loop avoidance Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix orig_node_vlan leak on orig_node_release Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Clean up untagged vlan when destroying via rtnl-link Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix ICMP RR ethernet access after skb_linearize Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix use-after-free/double-free of tt_req_node Florian Westphal <fw@xxxxxxxxx> batman-adv: fix skb deref after free Linus Lüssing <linus.luessing@xxxxxxxxx> batman-adv: Avoid duplicate neigh_node additions Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix reference counting of vlan object for tt_local_entry Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Drop reference to netdevice on last reference Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown Marek Lindner <mareklindner@xxxxxxxxxxxxx> batman-adv: init neigh node last seen field Sven Eckelmann <sven.eckelmann@xxxxxxxxxxxxx> batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix unexpected free of bcast_own on add_if error Andrew Lunn <andrew@xxxxxxx> batman-adv: Avoid endless loop in bat-on-bat netdevice check Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Only put orig_node_vlan list reference when removed Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Only put gw_node list reference when removed Sven Eckelmann <sven@xxxxxxxxxxxxx> batman-adv: Fix invalid read while copying bat_iv.bcast_own Vladis Dronov <vdronov@xxxxxxxxxx> efi: Add a sanity check to efivar_store_raw() Eric Dumazet <edumazet@xxxxxxxxxx> ipv6: restrict IPV6_ADDRFORM operation qize wang <wangqize888888888@xxxxxxxxx> mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() Daniel Drake <drake@xxxxxxxxxxxx> iommu/vt-d: Ignore devices with out-of-spec domain number Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx> iommu/vt-d: Fix the wrong printing in RHSA parsing Jakub Kicinski <kuba@xxxxxxxxxx> netfilter: cthelper: add missing attribute validation for cthelper Jakub Kicinski <kuba@xxxxxxxxxx> nl80211: add missing attribute validation for channel switch Jakub Kicinski <kuba@xxxxxxxxxx> nl80211: add missing attribute validation for critical protocol indication Yonghyun Hwang <yonghyun@xxxxxxxxxx> iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page Hans de Goede <hdegoede@xxxxxxxxxx> iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint Vladis Dronov <vdronov@xxxxxxxxxx> efi: Fix a race and a buffer overflow while reading efivars via sysfs Eugeniy Paltsev <Eugeniy.Paltsev@xxxxxxxxxxxx> ARC: define __ALIGN_STR and __ALIGN symbols for ARC Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> KVM: x86: clear stale x86_emulate_ctxt->intercept value Al Viro <viro@xxxxxxxxxxxxxxxxxx> gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache Colin Ian King <colin.king@xxxxxxxxxxxxx> drm/amd/display: remove duplicated assignment to grph_obj_type Hans de Goede <hdegoede@xxxxxxxxxx> iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint Jakub Kicinski <kuba@xxxxxxxxxx> net: fq: add missing attribute validation for orphan mask Eric Dumazet <edumazet@xxxxxxxxxx> bonding/alb: make sure arp header is pulled before accessing it Eric Dumazet <edumazet@xxxxxxxxxx> slip: make slhc_compress() more robust against malicious packets Jakub Kicinski <kuba@xxxxxxxxxx> net: fec: validate the new settings in fec_enet_set_coalesce() Mahesh Bandewar <maheshb@xxxxxxxxxx> macvlan: add cond_resched() during multicast processing Mahesh Bandewar <maheshb@xxxxxxxxxx> ipvlan: don't deref eth hdr before checking it's set Eric Dumazet <edumazet@xxxxxxxxxx> ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() Paolo Abeni <pabeni@xxxxxxxxxx> ipvlan: egress mcast packets are not exceptional Jiri Wiesner <jwiesner@xxxxxxxx> ipvlan: do not add hardware address of master to its unicast filter list Mahesh Bandewar <maheshb@xxxxxxxxxx> ipvlan: add cond_resched_rcu() while processing muticast backlog Jakub Kicinski <kuba@xxxxxxxxxx> nfc: add missing attribute validation for vendor subcommand Jakub Kicinski <kuba@xxxxxxxxxx> nfc: add missing attribute validation for SE API Jakub Kicinski <kuba@xxxxxxxxxx> team: add missing attribute validation for array index Jakub Kicinski <kuba@xxxxxxxxxx> team: add missing attribute validation for port ifindex Jakub Kicinski <kuba@xxxxxxxxxx> nl802154: add missing attribute validation for dev_type Jakub Kicinski <kuba@xxxxxxxxxx> nl802154: add missing attribute validation Jakub Kicinski <kuba@xxxxxxxxxx> fib: add missing attribute validation for tun_id Vasundhara Volam <vasundhara-v.volam@xxxxxxxxxxxx> bnxt_en: reinitialize IRQs when MTU is modified Dan Carpenter <dan.carpenter@xxxxxxxxxx> net: nfc: fix bounds checking bugs on "pipe" You-Sheng Yang <vicamo.yang@xxxxxxxxxxxxx> r8152: check disconnect status after long sleep Petr Malat <oss@xxxxxxxxx> NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/linkage.h | 2 + arch/arm/kernel/vdso.c | 2 + arch/arm/lib/copy_from_user.S | 2 +- arch/x86/kernel/cpu/perf_event_amd_uncore.c | 16 +- arch/x86/kvm/emulate.c | 1 + drivers/firmware/efi/efivars.c | 32 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 3 +- drivers/iommu/dmar.c | 21 ++- drivers/iommu/intel-iommu.c | 13 +- drivers/net/bonding/bond_alb.c | 20 +-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 6 +- drivers/net/ethernet/micrel/ks8851_mll.c | 14 +- drivers/net/ipvlan/ipvlan_core.c | 19 +- drivers/net/ipvlan/ipvlan_main.c | 5 +- drivers/net/macvlan.c | 2 + drivers/net/slip/slhc.c | 14 +- drivers/net/team/team.c | 2 + drivers/net/usb/r8152.c | 6 + drivers/net/wireless/mwifiex/tdls.c | 70 +++++++- fs/gfs2/inode.c | 2 +- fs/jbd2/transaction.c | 8 +- fs/nfs/dir.c | 2 - include/net/fib_rules.h | 1 + kernel/signal.c | 23 ++- mm/slub.c | 9 + net/batman-adv/bat_iv_ogm.c | 115 +++++++++---- net/batman-adv/bridge_loop_avoidance.c | 152 +++++++++++++--- net/batman-adv/debugfs.c | 40 +++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/distributed-arp-table.c | 15 +- net/batman-adv/fragmentation.c | 14 +- net/batman-adv/gateway_client.c | 18 +- net/batman-adv/hard-interface.c | 89 ++++++++-- net/batman-adv/hard-interface.h | 6 +- net/batman-adv/main.c | 8 +- net/batman-adv/network-coding.c | 33 ++-- net/batman-adv/originator.c | 26 ++- net/batman-adv/originator.h | 4 +- net/batman-adv/routing.c | 111 +++++++++--- net/batman-adv/send.c | 4 +- net/batman-adv/soft-interface.c | 9 + net/batman-adv/translation-table.c | 249 ++++++++++++++++++--------- net/batman-adv/types.h | 23 ++- net/ieee802154/nl_policy.c | 6 + net/ipv4/cipso_ipv4.c | 7 +- net/ipv6/ipv6_sockglue.c | 10 +- net/netfilter/nfnetlink_cthelper.c | 2 + net/nfc/hci/core.c | 19 +- net/nfc/netlink.c | 3 + net/sched/sch_fq.c | 1 + net/wireless/nl80211.c | 3 + 53 files changed, 963 insertions(+), 318 deletions(-)
