This is the start of the stable review cycle for the 5.18.2 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 05 Jun 2022 17:38:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.18.2-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 5.18.2-rc1 Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> bpf: Do write access check for kfunc and global func Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> bpf: Check PTR_TO_MEM | MEM_RDONLY in check_helper_mem_access Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> bpf: Reject writes for PTR_TO_MAP_KEY in check_helper_mem_access Yuntao Wang <ytcoode@xxxxxxxxx> bpf: Fix excessive memory allocation in stack_map_alloc() KP Singh <kpsingh@xxxxxxxxxx> bpf: Fix usage of trace RCU in local storage. Liu Jian <liujian56@xxxxxxxxxx> bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes Alexei Starovoitov <ast@xxxxxxxxxx> bpf: Fix combination of jit blinding and pointers to bpf subprogs. Yuntao Wang <ytcoode@xxxxxxxxx> bpf: Fix potential array overflow in bpf_trampoline_get_progs() Song Liu <song@xxxxxxxxxx> bpf: Fill new bpf_prog_pack with illegal instructions Chuck Lever <chuck.lever@xxxxxxxxxx> NFSD: Fix possible sleep during nfsd4_release_lockowner() Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> NFS: Memory allocation failures are not server fatal errors Akira Yokosawa <akiyks@xxxxxxxxx> docs: submitting-patches: Fix crossref to 'The canonical patch format' Xiu Jianfeng <xiujianfeng@xxxxxxxxxx> tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() Stefan Mahnke-Hartmann <stefan.mahnke-hartmann@xxxxxxxxxxxx> tpm: Fix buffer access in tpm2_get_tpm_pt() Bryan O'Donoghue <bryan.odonoghue@xxxxxxxxxx> media: i2c: imx412: Fix power_off ordering Bryan O'Donoghue <bryan.odonoghue@xxxxxxxxxx> media: i2c: imx412: Fix reset GPIO polarity Reinette Chatre <reinette.chatre@xxxxxxxxx> x86/sgx: Ensure no data in PCMD page after truncate Reinette Chatre <reinette.chatre@xxxxxxxxx> x86/sgx: Fix race between reclaimer and page fault handler Reinette Chatre <reinette.chatre@xxxxxxxxx> x86/sgx: Obtain backing storage page with enclave mutex held Reinette Chatre <reinette.chatre@xxxxxxxxx> x86/sgx: Mark PCMD page as dirty when modifying contents Reinette Chatre <reinette.chatre@xxxxxxxxx> x86/sgx: Disconnect backing page references from dirty status Tao Jin <tao-j@xxxxxxxxxxx> HID: multitouch: add quirks to enable Lenovo X12 trackpoint Marek Maślanka <mm@xxxxxxxxxxxx> HID: multitouch: Add support for Google Whiskers Touchpad Randy Dunlap <rdunlap@xxxxxxxxxxxxx> fs/ntfs3: validate BOOT sectors_per_clusters Mariusz Tkaczyk <mariusz.tkaczyk@xxxxxxxxxxxxxxx> raid5: introduce MD_BROKEN Sarthak Kukreti <sarthakkukreti@xxxxxxxxxx> dm verity: set DM_TARGET_IMMUTABLE feature flag Mikulas Patocka <mpatocka@xxxxxxxxxx> dm stats: add cond_resched when looping over entries Mikulas Patocka <mpatocka@xxxxxxxxxx> dm crypt: make printing of the key constant-time Dan Carpenter <dan.carpenter@xxxxxxxxxx> dm integrity: fix error code in dm_integrity_ctr() Jonathan Bakker <xc-racer2@xxxxxxx> ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries Steven Rostedt <rostedt@xxxxxxxxxxx> Bluetooth: hci_qca: Use del_timer_sync() before freeing Craig McLure <craig@xxxxxxxxxx> ALSA: usb-audio: Configure sync endpoints before data Takashi Iwai <tiwai@xxxxxxx> ALSA: usb-audio: Add missing ep_idx in fixed EP quirks Takashi Iwai <tiwai@xxxxxxx> ALSA: usb-audio: Workaround for clock setup on TEAC devices Akira Yokosawa <akiyks@xxxxxxxxx> tools/memory-model/README: Update klitmus7 compat table Sultan Alsawaf <sultan@xxxxxxxxxxxxxxx> zsmalloc: fix races between asynchronous zspage free and page migration Marco Chiappero <marco.chiappero@xxxxxxxxx> crypto: qat - rework the VF2PF interrupt handling logic Vitaly Chikunov <vt@xxxxxxxxxxxx> crypto: ecrdsa - Fix incorrect use of vli_cmp Fabio Estevam <festevam@xxxxxxx> crypto: caam - fix i.MX6SX entropy delay value Ashish Kalra <ashish.kalra@xxxxxxx> KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx> KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required Sean Christopherson <seanjc@xxxxxxxxxx> KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Yanfei Xu <yanfei.xu@xxxxxxxxx> KVM: x86: Fix the intel_pt PMI handling wrongly considered from guest Maxim Levitsky <mlevitsk@xxxxxxxxxx> KVM: x86: avoid loading a vCPU after .vm_destroy was called Sean Christopherson <seanjc@xxxxxxxxxx> KVM: x86: avoid calling x86 emulator without a decoded instruction Maxim Levitsky <mlevitsk@xxxxxxxxxx> KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness Sean Christopherson <seanjc@xxxxxxxxxx> KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses Sean Christopherson <seanjc@xxxxxxxxxx> KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Peter Zijlstra <peterz@xxxxxxxxxxxxx> x86/uaccess: Implement macros for CMPXCHG on user addresses Paolo Bonzini <pbonzini@xxxxxxxxxx> x86, kvm: use correct GFP flags for preemption disabled Sean Christopherson <seanjc@xxxxxxxxxx> x86/kvm: Alloc dummy async #PF token outside of raw spinlock Sean Christopherson <seanjc@xxxxxxxxxx> x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator Florian Westphal <fw@xxxxxxxxx> netfilter: conntrack: re-fetch conntrack after insertion Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: double hook unregistration in netns path Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: hold mutex on netns pre_exit path Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: sanitize nft_set_desc_concat_parse() Phil Sutter <phil@xxxxxx> netfilter: nft_limit: Clone packet limits' cost value Yuezhang Mo <Yuezhang.Mo@xxxxxxxx> exfat: fix referencing wrong parent directory information after renaming Tadeusz Struk <tadeusz.struk@xxxxxxxxxx> exfat: check if cluster num is valid Gustavo A. R. Silva <gustavoars@xxxxxxxxxx> drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() Alex Elder <elder@xxxxxxxxxx> net: ipa: compute proper aggregation limit David Howells <dhowells@xxxxxxxxxx> pipe: Fix missing lock in pipe_resize_ring() Kuniyuki Iwashima <kuniyu@xxxxxxxxxxxx> pipe: make poll_usage boolean and annotate its access Stephen Brennan <stephen.s.brennan@xxxxxxxxxx> assoc_array: Fix BUG_ON during garbage collect Dan Carpenter <dan.carpenter@xxxxxxxxxx> i2c: ismt: prevent memory corruption in ismt_access() Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: disallow non-stateful expression in sets earlier ------------- Diffstat: Documentation/process/submitting-patches.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/s5pv210-aries.dtsi | 2 +- arch/powerpc/kvm/book3s_hv_uvmem.c | 8 +- arch/x86/include/asm/uaccess.h | 142 +++++++++++++++++++++ arch/x86/kernel/cpu/sgx/encl.c | 113 ++++++++++++++-- arch/x86/kernel/cpu/sgx/encl.h | 2 +- arch/x86/kernel/cpu/sgx/main.c | 13 +- arch/x86/kernel/fpu/core.c | 17 ++- arch/x86/kernel/kvm.c | 41 ++++-- arch/x86/kvm/mmu/mmu.c | 18 +-- arch/x86/kvm/mmu/paging_tmpl.h | 38 +----- arch/x86/kvm/svm/nested.c | 3 - arch/x86/kvm/svm/sev.c | 12 +- arch/x86/kvm/vmx/nested.c | 3 - arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/x86.c | 76 ++++++----- crypto/ecrdsa.c | 8 +- drivers/bluetooth/hci_qca.c | 4 +- drivers/char/tpm/tpm2-cmd.c | 11 +- drivers/char/tpm/tpm_ibmvtpm.c | 1 + drivers/crypto/caam/ctrl.c | 18 +++ drivers/crypto/qat/qat_common/adf_accel_devices.h | 2 +- drivers/crypto/qat/qat_common/adf_gen2_pfvf.c | 58 ++++++--- drivers/crypto/qat/qat_common/adf_gen4_pfvf.c | 44 +++++-- drivers/crypto/qat/qat_common/adf_isr.c | 17 +-- .../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 76 +++++++---- drivers/gpu/drm/i915/intel_pm.c | 2 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-multitouch.c | 9 ++ drivers/i2c/busses/i2c-ismt.c | 3 + drivers/md/dm-crypt.c | 14 +- drivers/md/dm-integrity.c | 2 - drivers/md/dm-stats.c | 8 ++ drivers/md/dm-verity-target.c | 1 + drivers/md/raid5.c | 47 ++++--- drivers/media/i2c/imx412.c | 8 +- drivers/net/ipa/ipa_endpoint.c | 9 +- fs/exfat/balloc.c | 8 +- fs/exfat/exfat_fs.h | 6 + fs/exfat/fatent.c | 6 - fs/exfat/namei.c | 27 +--- fs/nfs/internal.h | 1 + fs/nfsd/nfs4state.c | 12 +- fs/ntfs3/super.c | 10 +- fs/pipe.c | 33 +++-- include/linux/bpf_local_storage.h | 4 +- include/linux/pipe_fs_i.h | 2 +- include/net/netfilter/nf_conntrack_core.h | 7 +- kernel/bpf/bpf_inode_storage.c | 4 +- kernel/bpf/bpf_local_storage.c | 29 +++-- kernel/bpf/bpf_task_storage.c | 4 +- kernel/bpf/core.c | 20 ++- kernel/bpf/stackmap.c | 1 - kernel/bpf/trampoline.c | 18 ++- kernel/bpf/verifier.c | 61 ++++++--- lib/assoc_array.c | 8 ++ mm/zsmalloc.c | 37 +++++- net/core/bpf_sk_storage.c | 6 +- net/core/filter.c | 4 +- net/netfilter/nf_tables_api.c | 94 ++++++++++---- net/netfilter/nft_limit.c | 2 + sound/usb/clock.c | 7 + sound/usb/pcm.c | 17 ++- sound/usb/quirks-table.h | 3 + tools/memory-model/README | 3 +- 66 files changed, 882 insertions(+), 391 deletions(-)
