This is the start of the stable review cycle for the 4.9.326 release. There are 98 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 26 Aug 2022 07:24:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.326-rc2.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.9.326-rc2 Nathan Chancellor <nathan@xxxxxxxxxx> MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Zheyu Ma <zheyuma97@xxxxxxxxx> video: fbdev: i740fb: Check the argument of i740_calc_vclk() Zhouyi Zhou <zhouzhouyi@xxxxxxxxx> powerpc/64: Init jump labels before parse_early_param() Takashi Iwai <tiwai@xxxxxxx> ALSA: timer: Use deferred fasync helper Takashi Iwai <tiwai@xxxxxxx> ALSA: core: Add async signal helpers Liang He <windhl@xxxxxxx> mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Schspa Shi <schspa@xxxxxxxxx> vfio: Clear the caps->buf to NULL after free Liang He <windhl@xxxxxxx> tty: serial: Fix refcount leak bug in ucc_uart.c Kiselev, Oleg <okiselev@xxxxxxxxxx> ext4: avoid resizing to a partial cluster size Ye Bin <yebin10@xxxxxxxxxx> ext4: avoid remove directory when directory is corrupted Wentao_Liang <Wentao_Liang_g@xxxxxxx> drivers:md:fix a potential use-after-free bug Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> cxl: Fix a memory leak in an error handling path Jozef Martiniak <jomajm@xxxxxxxxx> gadgetfs: ep_io - wait until IRQ finishes Liang He <windhl@xxxxxxx> usb: host: ohci-ppc-of: Fix refcount leak bug Sai Prakash Ranjan <quic_saipraka@xxxxxxxxxxx> irqchip/tegra: Fix overflow implicit truncation warnings Csókás Bence <csokas.bence@xxxxxxxxx> fec: Fix timer capture timing in `fec_ptp_enable_pps()` Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: really skip inactive sets when allocating name Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: add force_successful_syscall_return() Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: restarts apply only to the first sigframe we build... Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: fix syscall restart checks Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: traced syscall does need to check the syscall number Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: don't leave NULLs in sys_call_table[] Al Viro <viro@xxxxxxxxxxxxxxxxxx> nios2: page fault et.al. are *not* restartable syscalls... Duoming Zhou <duoming@xxxxxxxxxx> atm: idt77252: fix use-after-free bugs caused by tst_timer Dan Carpenter <dan.carpenter@xxxxxxxxxx> xen/xenbus: fix return type in xenbus_file_read() Peilin Ye <peilin.ye@xxxxxxxxxxxxx> vsock: Fix memory leak in vsock_connect() Nikita Travkin <nikita@xxxxxxx> pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed Miaoqian Lin <linmq006@xxxxxxxxx> pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> SUNRPC: Reinitialise the backchannel request buffers before reuse Zhang Xianwei <zhang.xianwei8@xxxxxxxxxx> NFSv4.1: RECLAIM_COMPLETE must handle EACCES Marc Kleine-Budde <mkl@xxxxxxxxxxxxxx> can: ems_usb: fix clang's -Wunaligned-access warning Filipe Manana <fdmanana@xxxxxxxx> btrfs: fix lost error handling when looking up extended ref on log replay Damien Le Moal <damien.lemoal@xxxxxxxxxxxxxxxxxx> ata: libata-eh: Add missing command name Mikulas Patocka <mpatocka@xxxxxxxxxx> rds: add missing barrier to release_refill Amadeusz Sławiński <amadeuszx.slawinski@xxxxxxxxxxxxxxx> ALSA: info: Fix llseek return value when using callback Jamal Hadi Salim <jhs@xxxxxxxxxxxx> net_sched: cls_route: disallow handle of 0 Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx> net/9p: Initialize the iounit field during fid creation Guenter Roeck <linux@xxxxxxxxxxxx> nios2: time: Read timer in get_cycles only if initialized Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Jose Alonso <joalonsof@xxxxxxxxx> Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Tony Battersby <tonyb@xxxxxxxxxxxxxxx> scsi: sg: Allow waiting for commands to complete on removed device Eric Dumazet <edumazet@xxxxxxxxxx> tcp: fix over estimation in sk_forced_mem_schedule() Qu Wenruo <wqu@xxxxxxxx> btrfs: reject log replay if there is unsupported RO compat flag Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx> net_sched: cls_route: remove from list when handle is 0 Mikulas Patocka <mpatocka@xxxxxxxxxx> dm raid: fix address sanitizer warning in raid_status Baokun Li <libaokun1@xxxxxxxxxx> ext4: correct max_inline_xattr_value_size computing Eric Whitney <enwlinux@xxxxxxxxx> ext4: fix extent status tree race in writeback error recovery path Theodore Ts'o <tytso@xxxxxxx> ext4: update s_overhead_clusters in the superblock during an on-line resize Baokun Li <libaokun1@xxxxxxxxxx> ext4: fix use-after-free in ext4_xattr_set_entry Lukas Czerner <lczerner@xxxxxxxxxx> ext4: make sure ext4_append() always allocates new block Baokun Li <libaokun1@xxxxxxxxxx> ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h David Collins <quic_collinsd@xxxxxxxxxxx> spmi: trace: fix stack-out-of-bound access in SPMI tracing functions Alexander Lobakin <alexandr.lobakin@xxxxxxxxx> x86/olpc: fix 'logical not is only applied to the left hand side' Steffen Maier <maier@xxxxxxxxxxxxx> scsi: zfcp: Fix missing auto port scan and thus missing target ports Florian Westphal <fw@xxxxxxxxx> netfilter: nf_tables: fix null deref due to zeroed list head Weitao Wang <WeitaoWang-oc@xxxxxxxxxxx> USB: HCD: Fix URB giveback issue in tasklet function Huacai Chen <chenhuacai@xxxxxxxxxxx> MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Michael Ellerman <mpe@xxxxxxxxxxxxxx> powerpc/powernv: Avoid crashing if rng is NULL Pali Rohár <pali@xxxxxxxxxx> powerpc/fsl-pci: Fix Class Code of PCIe Root Port Pali Rohár <pali@xxxxxxxxxx> PCI: Add defines for normal and subtractive PCI bridges Alexander Lobakin <alexandr.lobakin@xxxxxxxxx> ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() Mikulas Patocka <mpatocka@xxxxxxxxxx> md-raid10: fix KASAN warning Miklos Szeredi <mszeredi@xxxxxxxxxx> fuse: limit nsec Daniel Borkmann <daniel@xxxxxxxxxxxxx> bpf: fix overflow in prog accounting Timur Tabi <ttabi@xxxxxxxxxx> drm/nouveau: fix another off-by-one in nvbios_addr Helge Deller <deller@xxxxxx> parisc: Fix device names in /proc/iomem Lukas Wunner <lukas@xxxxxxxxx> usbnet: Fix linkwatch use-after-free on disconnect David Howells <dhowells@xxxxxxxxxx> vfs: Check the truncate maximum size in inode_newsize_ok() Allen Ballway <ballway@xxxxxxxxxxxx> ALSA: hda/cirrus - support for iMac 12,1 model Meng Tang <tangmeng@xxxxxxxxxxxxx> ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model Sean Christopherson <seanjc@xxxxxxxxxx> KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks Maciej S. Szmigiero <maciej.szmigiero@xxxxxxxxxx> KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Mikulas Patocka <mpatocka@xxxxxxxxxx> add barriers to buffer_uptodate and set_buffer_uptodate Zheyu Ma <zheyuma97@xxxxxxxxx> ALSA: bcd2000: Fix a UAF bug on the error path of probing Ning Qiang <sohu0106@xxxxxxx> macintosh/adb: fix oob read in do_adb_query() function Hans-Christian Noren Egtvedt <hegtvedt@xxxxxxxxx> random: only call boot_init_stack_canary() once Werner Sembach <wse@xxxxxxxxxxxxxxxxxxx> ACPI: video: Shortening quirk list by identifying Clevo by board_name only Werner Sembach <wse@xxxxxxxxxxxxxxxxxxx> ACPI: video: Force backlight native for some TongFang devices Daniel Micay <danielmicay@xxxxxxxxx> init/main.c: extract early boot entropy from the passed cmdline Laura Abbott <lauraa@xxxxxxxxxxxxxx> init: move stack canary initialization after setup_arch Viresh Kumar <viresh.kumar@xxxxxxxxxx> init/main: properly align the multi-line comment Viresh Kumar <viresh.kumar@xxxxxxxxxx> init/main: Fix double "the" in comment Christian Borntraeger <borntraeger@xxxxxxxxxx> include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap Paul Moore <paul@xxxxxxxxxxxxxx> selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling Tianyue Ren <rentianyue@xxxxxxxxxx> selinux: fix error initialization in inode_doinit_with_dentry() Andreas Gruenbacher <agruenba@xxxxxxxxxx> selinux: Convert isec->lock into a spinlock Andreas Gruenbacher <agruenba@xxxxxxxxxx> selinux: Clean up initialization of isec->sclass Andreas Gruenbacher <agruenba@xxxxxxxxxx> proc: Pass file mode to proc_pid_make_inode Andreas Gruenbacher <agruenba@xxxxxxxxxx> selinux: Minor cleanups Nathan Chancellor <nathan@xxxxxxxxxx> ion: Make user_ion_handle_put_nolock() a void function Wei Mingzhi <whistler@xxxxxxxxxxxxxx> mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> ARM: crypto: comment out gcc warning that breaks clang builds Florian Westphal <fw@xxxxxxxxx> netfilter: nf_queue: do not allow packet truncation below transport header offset Liang He <windhl@xxxxxxx> net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> net: ping6: Fix memleak in ipv6_renew_options(). Liang He <windhl@xxxxxxx> scsi: ufs: host: Hold reference returned by of_parse_phandle() ChenXiaoSong <chenxiaosong2@xxxxxxxxxx> ntfs: fix use-after-free in ntfs_ucsncmp() Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put ------------- Diffstat: Makefile | 4 +- arch/arm/lib/xor-neon.c | 3 +- arch/ia64/include/asm/processor.h | 2 +- arch/mips/cavium-octeon/octeon-platform.c | 3 +- arch/mips/kernel/proc.c | 2 +- arch/mips/mm/tlbex.c | 4 +- arch/nios2/include/asm/entry.h | 3 +- arch/nios2/include/asm/ptrace.h | 2 + arch/nios2/kernel/entry.S | 22 +++-- arch/nios2/kernel/signal.c | 3 +- arch/nios2/kernel/syscall_table.c | 1 + arch/nios2/kernel/time.c | 5 +- arch/parisc/kernel/drivers.c | 9 +- arch/powerpc/kernel/prom.c | 7 ++ arch/powerpc/platforms/powernv/rng.c | 2 + arch/powerpc/sysdev/fsl_pci.c | 8 ++ arch/powerpc/sysdev/fsl_pci.h | 1 + arch/x86/kvm/emulate.c | 19 ++-- arch/x86/kvm/svm.c | 2 - arch/x86/platform/olpc/olpc-xo1-sci.c | 2 +- drivers/acpi/video_detect.c | 55 +++++++---- drivers/ata/libata-eh.c | 1 + drivers/atm/idt77252.c | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- drivers/irqchip/irq-tegra.c | 10 +- drivers/macintosh/adb.c | 2 +- drivers/md/dm-raid.c | 2 +- drivers/md/raid10.c | 5 +- drivers/md/raid5.c | 2 +- drivers/misc/cxl/irq.c | 1 + drivers/net/can/usb/ems_usb.c | 2 +- drivers/net/ethernet/freescale/fec_ptp.c | 6 +- drivers/net/sungem_phy.c | 1 + drivers/net/usb/ax88179_178a.c | 14 +-- drivers/net/usb/usbnet.c | 8 +- drivers/net/wireless/mediatek/mt7601u/usb.c | 1 + drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +- drivers/pinctrl/qcom/pinctrl-msm8916.c | 4 +- drivers/s390/scsi/zfcp_fc.c | 29 ++++-- drivers/s390/scsi/zfcp_fc.h | 6 +- drivers/s390/scsi/zfcp_fsf.c | 4 +- drivers/scsi/sg.c | 57 ++++++----- drivers/scsi/ufs/ufshcd-pltfrm.c | 15 ++- drivers/staging/android/ion/ion-ioctl.c | 8 +- drivers/tty/serial/ucc_uart.c | 2 + drivers/usb/core/hcd.c | 26 ++--- drivers/usb/gadget/legacy/inode.c | 1 + drivers/usb/host/ohci-ppc-of.c | 1 + drivers/vfio/vfio.c | 1 + drivers/video/fbdev/i740fb.c | 9 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +- fs/attr.c | 2 + fs/btrfs/disk-io.c | 14 +++ fs/btrfs/tree-log.c | 4 +- fs/ext4/inline.c | 3 + fs/ext4/inode.c | 7 ++ fs/ext4/namei.c | 23 ++++- fs/ext4/resize.c | 11 +++ fs/ext4/xattr.c | 6 +- fs/ext4/xattr.h | 13 +++ fs/fuse/inode.c | 6 ++ fs/nfs/nfs4proc.c | 3 + fs/ntfs/attrib.c | 8 +- fs/proc/base.c | 23 ++--- fs/proc/fd.c | 6 +- fs/proc/internal.h | 2 +- fs/proc/namespaces.c | 3 +- include/linux/bpf.h | 11 +++ include/linux/buffer_head.h | 25 ++++- include/linux/pci_ids.h | 2 + include/linux/usb/hcd.h | 1 + include/net/bluetooth/l2cap.h | 1 + include/sound/core.h | 8 ++ include/trace/events/spmi.h | 12 +-- include/uapi/linux/swab.h | 4 +- init/main.c | 14 +-- kernel/bpf/core.c | 16 ++- kernel/bpf/syscall.c | 36 +++++-- net/9p/client.c | 4 +- net/bluetooth/l2cap_core.c | 68 +++++++++---- net/ipv4/tcp_output.c | 7 +- net/ipv6/ping.c | 6 ++ net/netfilter/nf_tables_api.c | 3 +- net/netfilter/nfnetlink_queue.c | 7 +- net/rds/ib_recv.c | 1 + net/sched/cls_route.c | 8 +- net/sunrpc/backchannel_rqst.c | 14 +++ net/vmw_vsock/af_vsock.c | 9 +- security/selinux/hooks.c | 123 +++++++++++++++--------- security/selinux/include/objsec.h | 5 +- security/selinux/selinuxfs.c | 4 +- sound/core/info.c | 6 +- sound/core/misc.c | 94 ++++++++++++++++++ sound/core/timer.c | 11 ++- sound/pci/hda/patch_cirrus.c | 1 + sound/pci/hda/patch_conexant.c | 11 ++- sound/usb/bcd2000/bcd2000.c | 3 +- 97 files changed, 743 insertions(+), 294 deletions(-)
