This is the start of the stable review cycle for the 4.14.316 release. There are 86 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 30 May 2023 19:08:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.316-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.14.316-rc1 Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> 3c589_cs: Fix an error handling path in tc589_probe() Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> forcedeth: Fix an error handling path in nv_probe() Vernon Lovejoy <vlovejoy@xxxxxxxxxx> x86/show_trace_log_lvl: Ensure stack pointer is aligned, again Dan Carpenter <dan.carpenter@xxxxxxxxxx> xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() Daisuke Nojiri <dnojiri@xxxxxxxxxxxx> power: supply: sbs-charger: Fix INHIBITED bit for Status reg Hans de Goede <hdegoede@xxxxxxxxxx> power: supply: bq27xxx: Fix poll_interval handling and races on remove Hans de Goede <hdegoede@xxxxxxxxxx> power: supply: bq27xxx: Fix I2C IRQ race on remove Hans de Goede <hdegoede@xxxxxxxxxx> power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition Hans de Goede <hdegoede@xxxxxxxxxx> power: supply: leds: Fix blink to LED on transition Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx> ipv6: Fix out-of-bounds access in ipv6_find_tlv() Pratyush Yadav <ptyadav@xxxxxxxxx> net: fix skb leak in __skb_tstamp_tx() Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> media: radio-shark: Add endpoint checks Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> USB: sisusbvga: Add endpoint checks Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> USB: core: Add routines for endpoint checks in old drivers Hardik Garg <hargar@xxxxxxxxxxxxxxxxxxx> selftests/memfd: Fix unknown type name build failure Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> x86/mm: Avoid incomplete Global INVLPG flushes Florian Westphal <fw@xxxxxxxxx> netfilter: nf_tables: fix register ordering Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: do not allow SET_ID to refer to another table Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: do not allow RULE_ID to refer to another chain Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: stricter validation of element data Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: allow up to 64 bytes in the set element data area Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: add nft_setelem_parse_key() Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: validate registers coming from userspace. Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nftables: statify nft_parse_register() Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nftables: add nft_parse_register_store() and use it Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nftables: add nft_parse_register_load() and use it Helge Deller <deller@xxxxxx> parisc: Allow to reboot machine after system halt Finn Thain <fthain@xxxxxxxxxxxxxx> m68k: Move signal frame following exception on 68020/030 Christophe Leroy <christophe.leroy@xxxxxxxxxx> spi: fsl-cpm: Use 16 bit mode for large transfers with even size Christophe Leroy <christophe.leroy@xxxxxxxxxx> spi: fsl-spi: Re-organise transfer bits_per_word adaptation Rasmus Villemoes <rasmus.villemoes@xxxxxxxxx> spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> netfilter: nf_tables: bogus EBUSY in helper removal from transaction Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() Xiubo Li <xiubli@xxxxxxxxxx> ceph: force updating the msg pointer in non-split case Vitaliy Tomin <tomin@xxxxxxxxxxx> serial: Add support for Advantech PCI-1611U card Ilya Leoshkevich <iii@xxxxxxxxxxxxx> statfs: enforce statfs[64] structure initialization Nikhil Mahale <nmahale@xxxxxxxxxx> ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table Takashi Iwai <tiwai@xxxxxxx> ALSA: hda: Fix Oops by 9.1 surround channel names Maxime Bizon <mbizon@xxxxxxxxxx> usb-storage: fix deadlock when a scsi command timeouts more than once Eric Dumazet <edumazet@xxxxxxxxxx> vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() Aleksandr Loktionov <aleksandr.loktionov@xxxxxxxxx> igb: fix bit_shift to be in [1..8] range Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> cassini: Fix a memory leak in the error handling path of cas_init_one() Dong Chenchen <dongchenchen2@xxxxxxxxxx> net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() Duoming Zhou <duoming@xxxxxxxxxx> media: netup_unidvb: fix use-after-free at del_timer() Zhuang Shengen <zhuangshengen@xxxxxxxxxx> vsock: avoid to close connected socket after the timeout Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx> net: fec: Better handle pm_runtime_get() failing in .remove() Tobias Brunner <tobias@xxxxxxxxxxxxxx> af_key: Reject optional tunnel/BEET mode templates in outbound policies Wyes Karny <wyes.karny@xxxxxxx> cpupower: Make TSC read per CPU for Mperf monitor Qiang Ning <qning0106@xxxxxxx> mfd: dln2: Fix memory leak in dln2_probe() Alain Volmat <avolmat@xxxxxx> phy: st: miphy28lp: use _poll_timeout functions for waits Vicki Pfau <vi@xxxxxxxxxxx> Input: xpad - add constants for GIP interface numbers Arnd Bergmann <arnd@xxxxxxxx> clk: tegra20: fix gcc-7 constant overflow warning Hao Zeng <zenghao@xxxxxxxxxx> recordmcount: Fix memory leaks in the uwrite function Josh Poimboeuf <jpoimboe@xxxxxxxxxx> sched: Fix KCSAN noinstr violation Rodríguez Barbarin, José Javier <JoseJavier.Rodriguez@xxxxxxxxxx> mcb-pci: Reallocate memory region to avoid memory overlapping Tony Lindgren <tony@xxxxxxxxxxx> serial: 8250: Reinit port->pm on port specific driver unbind Jason Gerecke <killertofu@xxxxxxxxx> HID: wacom: generic: Set battery quirk only when we see battery data Kevin Groeneveld <kgroeneveld@xxxxxxxxxxxx> spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 Bastien Nocera <hadess@xxxxxxxxxx> HID: logitech-hidpp: Reconcile USB and Unifying serials Bastien Nocera <hadess@xxxxxxxxxx> HID: logitech-hidpp: Don't use the USB serial for USB devices Philipp Hortmann <philipp.g.hortmann@xxxxxxxxx> staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE Min Li <lm0963hack@xxxxxxxxx> Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp Hans de Goede <hdegoede@xxxxxxxxxx> wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace Chaitanya Kulkarni <kch@xxxxxxxxxx> null_blk: Always check queue mode setting from configfs Ojaswin Mujoo <ojaswin@xxxxxxxxxxxxx> ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() Kemeng Shi <shikemeng@xxxxxxxxxxxxxxx> ext4: set goal start correctly in ext4_mb_normalize_request Andreas Gruenbacher <agruenba@xxxxxxxxxx> gfs2: Fix inode height consistency check Zheng Wang <zyytlz.wz@xxxxxxx> scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition Eli Cohen <elic@xxxxxxxxxx> lib: cpu_rmap: Avoid use after free on rmap->obj array entries Nick Child <nnac123@xxxxxxxxxxxxx> net: Catch invalid index in XPS mapping Nathan Chancellor <nathan@xxxxxxxxxx> net: pasemi: Fix return type of pasemi_mac_start_tx() Jan Kara <jack@xxxxxxx> ext2: Check block size validity during mount Hector Martin <marcan@xxxxxxxxx> wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex void0red <30990023+void0red@xxxxxxxxxxxxxxxxxxxxxxxx> ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects Tamir Duberstein <tamird@xxxxxxxxxx> ACPICA: Avoid undefined behavior: applying zero offset to null pointer Nur Hussein <hussein@xxxxxxxxxxx> drm/tegra: Avoid potential 32-bit integer overflow Armin Wolf <W_Armin@xxxxxx> ACPI: EC: Fix oops when removing custom query handlers Zheng Wang <zyytlz.wz@xxxxxxx> memstick: r592: Fix UAF bug in r592_remove due to race condition Alexander Stein <alexander.stein@xxxxxxxxxxxxxxx> regmap: cache: Return error in cache sync operations for REGCACHE_NONE Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> af_unix: Fix a data race of sk->sk_receive_queue->qlen. t.feng <fengtao40@xxxxxxxxxx> ipvlan:Fix out-of-bounds caused by unclear skb->cb Eric Dumazet <edumazet@xxxxxxxxxx> net: annotate sk->sk_err write from do_recvmmsg() Eric Dumazet <edumazet@xxxxxxxxxx> netlink: annotate accesses to nlk->cb_running Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). ------------- Diffstat: Makefile | 4 +- arch/m68k/kernel/signal.c | 14 +- arch/parisc/kernel/process.c | 11 +- arch/x86/include/asm/intel-family.h | 5 + arch/x86/kernel/dumpstack.c | 7 +- arch/x86/mm/init.c | 25 +++ drivers/acpi/acpica/dbnames.c | 3 + drivers/acpi/acpica/dswstate.c | 11 +- drivers/acpi/ec.c | 1 + drivers/base/regmap/regcache.c | 6 + drivers/block/null_blk.c | 5 + drivers/clk/tegra/clk-tegra20.c | 28 +-- drivers/gpu/drm/tegra/sor.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 53 ++++- drivers/hid/wacom_wac.c | 33 ++-- drivers/input/joystick/xpad.c | 5 +- drivers/mcb/mcb-pci.c | 27 ++- drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 2 +- drivers/media/radio/radio-shark.c | 10 + drivers/media/radio/radio-shark2.c | 10 + drivers/memstick/host/r592.c | 2 +- drivers/message/fusion/mptlan.c | 2 + drivers/mfd/dln2.c | 1 + drivers/net/ethernet/3com/3c589_cs.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 13 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 4 +- drivers/net/ethernet/nvidia/forcedeth.c | 1 + drivers/net/ethernet/pasemi/pasemi_mac.c | 2 +- drivers/net/ethernet/sun/cassini.c | 2 + drivers/net/ipvlan/ipvlan_core.c | 6 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 13 +- drivers/net/wireless/intel/iwlwifi/dvm/sta.c | 5 +- drivers/phy/st/phy-miphy28lp.c | 42 +--- drivers/power/supply/bq27xxx_battery.c | 41 ++-- drivers/power/supply/bq27xxx_battery_i2c.c | 3 +- drivers/power/supply/power_supply_leds.c | 5 +- drivers/power/supply/sbs-charger.c | 2 +- drivers/spi/spi-fsl-cpm.c | 23 +++ drivers/spi/spi-fsl-spi.c | 65 +++--- drivers/spi/spi-imx.c | 24 ++- drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 6 +- drivers/staging/rtl8192e/rtl8192e/rtl_core.h | 5 - drivers/tty/serial/8250/8250_core.c | 1 + drivers/tty/serial/8250/8250_pci.c | 5 + drivers/usb/core/usb.c | 76 +++++++ drivers/usb/misc/sisusbvga/sisusb.c | 14 ++ drivers/usb/storage/scsiglue.c | 28 ++- drivers/xen/pvcalls-back.c | 9 +- fs/ceph/snap.c | 13 ++ fs/ext2/ext2.h | 1 + fs/ext2/super.c | 7 + fs/ext4/mballoc.c | 65 +++--- fs/gfs2/glops.c | 3 +- fs/hfsplus/inode.c | 28 ++- fs/nilfs2/inode.c | 18 ++ fs/statfs.c | 4 +- include/linux/power/bq27xxx_battery.h | 1 + include/linux/sched/task_stack.h | 2 +- include/linux/usb.h | 5 + include/net/netfilter/nf_tables.h | 17 +- include/net/netfilter/nf_tables_core.h | 14 +- include/net/netfilter/nft_fib.h | 2 +- include/net/netfilter/nft_masq.h | 4 +- include/net/netfilter/nft_meta.h | 4 +- include/net/netfilter/nft_redir.h | 4 +- include/net/sock.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- lib/cpu_rmap.c | 5 +- net/8021q/vlan_dev.c | 4 +- net/bluetooth/l2cap_core.c | 1 - net/bridge/netfilter/nft_meta_bridge.c | 5 +- net/core/dev.c | 2 + net/core/skbuff.c | 4 +- net/ipv4/netfilter/nft_dup_ipv4.c | 18 +- net/ipv6/exthdrs_core.c | 2 + net/ipv6/netfilter/nft_dup_ipv6.c | 18 +- net/key/af_key.c | 12 +- net/netfilter/nf_tables_api.c | 220 ++++++++++++++------- net/netfilter/nft_bitwise.c | 14 +- net/netfilter/nft_byteorder.c | 14 +- net/netfilter/nft_cmp.c | 8 +- net/netfilter/nft_ct.c | 12 +- net/netfilter/nft_dup_netdev.c | 6 +- net/netfilter/nft_dynset.c | 16 +- net/netfilter/nft_exthdr.c | 14 +- net/netfilter/nft_fib.c | 5 +- net/netfilter/nft_fwd_netdev.c | 6 +- net/netfilter/nft_hash.c | 25 ++- net/netfilter/nft_immediate.c | 8 +- net/netfilter/nft_lookup.c | 14 +- net/netfilter/nft_masq.c | 14 +- net/netfilter/nft_meta.c | 8 +- net/netfilter/nft_nat.c | 35 ++-- net/netfilter/nft_numgen.c | 15 +- net/netfilter/nft_objref.c | 25 ++- net/netfilter/nft_payload.c | 10 +- net/netfilter/nft_queue.c | 12 +- net/netfilter/nft_range.c | 6 +- net/netfilter/nft_redir.c | 14 +- net/netfilter/nft_rt.c | 7 +- net/netlink/af_netlink.c | 8 +- net/nsh/nsh.c | 8 +- net/socket.c | 2 +- net/unix/af_unix.c | 2 +- net/vmw_vsock/af_vsock.c | 2 +- scripts/recordmcount.c | 6 +- sound/pci/hda/hda_generic.c | 7 +- sound/pci/hda/patch_hdmi.c | 5 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 31 ++- tools/testing/selftests/memfd/fuse_test.c | 1 + 110 files changed, 1005 insertions(+), 515 deletions(-)
