This is the start of the stable review cycle for the 4.14.277 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Apr 2022 08:17:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.277-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.14.277-rc1 Marek Vasut <marex@xxxxxxx> Revert "net: micrel: fix KS8851_MLL Kconfig" Duoming Zhou <duoming@xxxxxxxxxx> ax25: Fix UAF bugs in ax25 timers Duoming Zhou <duoming@xxxxxxxxxx> ax25: Fix NULL pointer dereferences in ax25 timers Duoming Zhou <duoming@xxxxxxxxxx> ax25: fix NPD bug in ax25_disconnect Duoming Zhou <duoming@xxxxxxxxxx> ax25: fix UAF bug in ax25_send_control() Duoming Zhou <duoming@xxxxxxxxxx> ax25: Fix refcount leaks caused by ax25_cb_del() Duoming Zhou <duoming@xxxxxxxxxx> ax25: fix UAF bugs of net_device caused by rebinding operation Duoming Zhou <duoming@xxxxxxxxxx> ax25: fix reference count leaks of ax25_dev Duoming Zhou <duoming@xxxxxxxxxx> ax25: add refcount in ax25_dev to avoid UAF bugs Khazhismel Kumykov <khazhy@xxxxxxxxxx> block/compat_ioctl: fix range check in BLKGETSIZE Lee Jones <lee.jones@xxxxxxxxxx> staging: ion: Prevent incorrect reference counting behavour Theodore Ts'o <tytso@xxxxxxx> ext4: force overhead calculation if the s_overhead_cluster makes no sense Theodore Ts'o <tytso@xxxxxxx> ext4: fix overhead calculation to account for the reserved gdt blocks Tadeusz Struk <tadeusz.struk@xxxxxxxxxx> ext4: limit length to bitmap_maxbytes - blocksize in punch_hole Ye Bin <yebin10@xxxxxxxxxx> ext4: fix symlink file size not match to file content Sergey Matyukevich <sergey.matyukevich@xxxxxxxxxxxx> ARC: entry: fix syscall_trace_exit argument Sasha Neftin <sasha.neftin@xxxxxxxxx> e1000e: Fix possible overflow in LTR decoding Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> ASoC: soc-dapm: fix two incorrect uses of list iterator Paolo Valerio <pvalerio@xxxxxxxxxx> openvswitch: fix OOB access in reserve_sfa_size() Athira Rajeev <atrajeev@xxxxxxxxxxxxxxxxxx> powerpc/perf: Fix power9 event alternatives Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> dma: at_xdmac: fix a missing check on list iterator Zheyu Ma <zheyuma97@xxxxxxxxx> ata: pata_marvell: Check the 'bmdma_addr' beforing reading Mikulas Patocka <mpatocka@xxxxxxxxxx> stat: fix inconsistency between struct stat and struct compat_stat Tomas Melin <tomas.melin@xxxxxxxxxxx> net: macb: Restart tx only if queue pointer is lagging Xiaoke Wang <xkernel.wang@xxxxxxxxxxx> drm/msm/mdp5: check the return of kzalloc() Borislav Petkov <bp@xxxxxxxxx> brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant David Howells <dhowells@xxxxxxxxxx> cifs: Check the IOCB_DIRECT flag, not O_DIRECT Hongbin Wang <wh_bin@xxxxxxx> vxlan: fix error return code in vxlan_fdb_append Borislav Petkov <bp@xxxxxxx> ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant Jiapeng Chong <jiapeng.chong@xxxxxxxxxxxxxxxxx> platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative Kees Cook <keescook@xxxxxxxxxxxx> ARM: vexpress/spc: Avoid negative array index when !SMP Eric Dumazet <edumazet@xxxxxxxxxx> netlink: reset network and mac headers in netlink_dump() Hangbin Liu <liuhangbin@xxxxxxxxx> net/packet: fix packet_sock xmit return value checking Miaoqian Lin <linmq006@xxxxxxxxx> dmaengine: imx-sdma: Fix error checking in sdma_event_remap Kuniyuki Iwashima <kuniyu@xxxxxxxxxxxx> tcp: Fix potential use-after-free due to double kfree() Ricardo Dias <rdias@xxxxxxxxxxxxxxx> tcp: fix race condition when creating child sockets from syncookies Takashi Iwai <tiwai@xxxxxxx> ALSA: usb-audio: Clear MIDI port active flag after draining Bob Peterson <rpeterso@xxxxxxxxxx> gfs2: assign rgrp glock before compute_bitstructs Hangyu Hua <hbh25y@xxxxxxxxx> can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path Daniel Bristot de Oliveira <bristot@xxxxxxxxxx> tracing: Dump stacktrace trigger to the corresponding instance Steven Rostedt (Google) <rostedt@xxxxxxxxxxx> tracing: Have traceon and traceoff trigger honor the instance Xiongwei Song <sxwjean@xxxxxxxxx> mm: page_alloc: fix building error on -Werror=array-compare Kees Cook <keescook@xxxxxxxxxxxx> etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/entry.S | 1 + arch/arm/mach-vexpress/spc.c | 2 +- arch/powerpc/perf/power9-pmu.c | 8 +-- arch/x86/include/asm/compat.h | 6 +- block/compat_ioctl.c | 2 +- drivers/ata/pata_marvell.c | 2 + drivers/dma/at_xdmac.c | 12 ++-- drivers/dma/imx-sdma.c | 4 +- drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c | 3 + drivers/net/can/usb/usb_8dev.c | 30 +++++----- drivers/net/ethernet/cadence/macb_main.c | 8 +++ drivers/net/ethernet/intel/e1000e/ich8lan.c | 4 +- drivers/net/ethernet/micrel/Kconfig | 1 - drivers/net/vxlan.c | 4 +- .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 2 +- drivers/platform/x86/samsung-laptop.c | 2 - drivers/staging/android/ion/ion.c | 3 + fs/cifs/cifsfs.c | 2 +- fs/ext4/inode.c | 11 +++- fs/ext4/page-io.c | 4 +- fs/ext4/super.c | 19 ++++-- fs/gfs2/rgrp.c | 9 +-- fs/stat.c | 19 +++--- include/linux/etherdevice.h | 5 +- include/net/ax25.h | 12 ++++ include/net/inet_hashtables.h | 5 +- kernel/trace/trace_events_trigger.c | 61 ++++++++++++++++--- mm/page_alloc.c | 2 +- net/ax25/af_ax25.c | 38 +++++++++--- net/ax25/ax25_dev.c | 28 +++++++-- net/ax25/ax25_route.c | 13 ++++- net/ax25/ax25_subr.c | 20 +++++-- net/dccp/ipv4.c | 2 +- net/dccp/ipv6.c | 2 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/inet_hashtables.c | 68 +++++++++++++++++++--- net/ipv4/tcp_ipv4.c | 13 ++++- net/ipv6/tcp_ipv6.c | 13 ++++- net/netlink/af_netlink.c | 7 +++ net/openvswitch/flow_netlink.c | 2 +- net/packet/af_packet.c | 13 +++-- sound/soc/soc-dapm.c | 6 +- sound/usb/midi.c | 1 + sound/usb/usbaudio.h | 2 +- 45 files changed, 357 insertions(+), 120 deletions(-)