This is the start of the stable review cycle for the 4.14.328 release. There are 65 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 26 Oct 2023 08:32:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.328-rc2.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.14.328-rc2 Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_event: Fix using memcmp when comparing keys Kees Cook <keescook@xxxxxxxxxxxx> Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Edward AD <twuufnxlz@xxxxxxxxx> Bluetooth: hci_sock: fix slab oob read in create_monitor_event Haibo Chen <haibo.chen@xxxxxxx> gpio: vf610: set value before the direction to avoid a glitch Niklas Schnelle <schnelle@xxxxxxxxxxxxx> s390/pci: fix iommu bitmap allocation Peter Zijlstra <peterz@xxxxxxxxxxxxx> perf: Disallow mis-matched inherited group reads Puliang Lu <puliang.lu@xxxxxxxxxxx> USB: serial: option: add Fibocom to DELL custom modem FM101R-GL Benoît Monin <benoit.monin@xxxxxx> USB: serial: option: add entry for Sierra EM9191 with new firmware Fabio Porcedda <fabio.porcedda@xxxxxxxxx> USB: serial: option: add Telit LE910C4-WWX 0x1035 composition Sunil V L <sunilvl@xxxxxxxxxxxxxxxx> ACPI: irq: Fix incorrect return value in acpi_register_gsi() Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" Avri Altman <avri.altman@xxxxxxx> mmc: core: Capture correct oemid-bits for eMMC cards Kees Cook <keescook@xxxxxxxxxxxx> sky2: Make sure there is at least one frag_addr available Benjamin Berg <benjamin.berg@xxxxxxxxx> wifi: cfg80211: avoid leaking stack data into trace Wen Gong <quic_wgong@xxxxxxxxxxx> wifi: mac80211: allow transmitting EAPOL frames with tainted key Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_core: Fix build warnings Ying Hsu <yinghsu@xxxxxxxxxxxx> Bluetooth: Avoid redundant authentication Ma Ke <make_ruc2021@xxxxxxx> HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Clément Léger <cleger@xxxxxxxxxxxx> tracing: relax trace_event_eval_update() execution with cond_resched() Damien Le Moal <dlemoal@xxxxxxxxxx> ata: libata-eh: Fix compilation warning in ata_eh_link_report() Chengfeng Ye <dg573847474@xxxxxxxxx> gpio: timberdale: Fix potential deadlock on &tgpio->lock Jeff Layton <jlayton@xxxxxxxxxx> overlayfs: set ctime when setting mtime and atime Heiner Kallweit <hkallweit1@xxxxxxxxx> i2c: mux: Avoid potential false error message in i2c_mux_add_adapter Josef Bacik <josef@xxxxxxxxxxxxxx> btrfs: initialize start_slot in btrfs_log_prealloc_extents Tony Lindgren <tony@xxxxxxxxxxx> ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone Michal Schmidt <mschmidt@xxxxxxxxxx> i40e: prevent crash on probe if hw registers have invalid values Dan Carpenter <dan.carpenter@xxxxxxxxxx> net: usb: smsc95xx: Fix an error code in smsc95xx_reset() Josua Mayer <josua@xxxxxxxxxxxxx> net: rfkill: gpio: prevent value glitch during probe Ma Ke <make_ruc2021@xxxxxxx> net: ipv6: fix return value check in esp_remove_trailer Ma Ke <make_ruc2021@xxxxxxx> net: ipv4: fix return value check in esp_remove_trailer Eric Dumazet <edumazet@xxxxxxxxxx> xfrm: fix a data-race in xfrm_gen_index() Florian Westphal <fw@xxxxxxxxx> netfilter: nft_payload: fix wrong mac header matching Jim Mattson <jmattson@xxxxxxxxxx> KVM: x86: Mask LVTPC when handling a PMI Johan Hovold <johan+linaro@xxxxxxxxxx> regmap: fix NULL deref on lookup Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx> nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Arnd Bergmann <arnd@xxxxxxxx> Bluetooth: avoid memcmp() out of bounds warning Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_event: Fix coding style Arkadiusz Bokowy <arkadiusz.bokowy@xxxxxxxxx> Bluetooth: vhci: Fix race when opening vhci device Ziyang Xuan <william.xuanziyang@xxxxxxxxxx> Bluetooth: Fix a refcnt underflow problem for hci_conn Lee, Chun-Yi <jlee@xxxxxxxx> Bluetooth: Reject connection with the device which has same BD_ADDR Lee, Chun-Yi <jlee@xxxxxxxx> Bluetooth: hci_event: Ignore NULL link key Ricardo Cañuelo <ricardo.canuelo@xxxxxxxxxxxxx> usb: hub: Guard against accesses to uninitialized BOS descriptors Borislav Petkov (AMD) <bp@xxxxxxxxx> x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Krishna Kurapati <quic_kriskura@xxxxxxxxxxx> usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call Piyush Mehta <piyush.mehta@xxxxxxx> usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> pinctrl: avoid unsafe code pattern in find_pinctrl() Michal Koutný <mkoutny@xxxxxxxx> cgroup: Remove duplicates in cgroup v1 tasks file Matthias Berndt <matthias_berndt@xxxxxx> Input: xpad - add PXN V900 support Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx> Input: powermate - fix use-after-free in powermate_config_complete Xiubo Li <xiubli@xxxxxxxxxx> ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Jorge Sanjuan Garcia <jorge.sanjuangarcia@xxxxxxxxxx> mcb: remove is_added flag from mcb_device struct Alexander Zangerl <az@xxxxxxxxxxxxxxxx> iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Phil Elwell <phil@xxxxxxxxxxxxxxx> iio: pressure: bmp280: Fix NULL pointer exception Xingxing Luo <xingxing.luo@xxxxxxxxxx> usb: musb: Modify the "HWVers" register address Xingxing Luo <xingxing.luo@xxxxxxxxxx> usb: musb: Get the musb_qh poniter after musb_giveback Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx> net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Wesley Cheng <quic_wcheng@xxxxxxxxxxx> usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer Waiman Long <longman@xxxxxxxxxx> workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Jeremy Cline <jeremy@xxxxxxxxxx> nfc: nci: assert requested protocol is valid Dan Carpenter <dan.carpenter@xxxxxxxxxx> ixgbe: fix crash with empty VF macvlan list Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx> drm/vmwgfx: fix typo of sizeof argument Dinghao Liu <dinghao.liu@xxxxxxxxxx> ieee802154: ca8210: Fix a potential UAF in ca8210_probe Martin Fuzzey <martin.fuzzey@flowbird.group> drm: etvnaviv: fix bad backport leading to warning Hans de Goede <hdegoede@xxxxxxxxxx> HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect Artem Chernyshev <artem.chernyshev@xxxxxxxxxxx> RDMA/cxgb4: Check skb value for failure to allocate ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 1 + arch/s390/pci/pci_dma.c | 16 +++++- arch/x86/include/asm/msr-index.h | 4 ++ arch/x86/kernel/cpu/amd.c | 9 ++++ arch/x86/kvm/lapic.c | 8 ++- drivers/acpi/irq.c | 7 ++- drivers/ata/libata-eh.c | 2 +- drivers/base/regmap/regmap.c | 2 +- drivers/bluetooth/hci_vhci.c | 3 ++ drivers/gpio/gpio-timberdale.c | 5 +- drivers/gpio/gpio-vf610.c | 4 +- drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +- drivers/hid/hid-holtek-kbd.c | 4 ++ drivers/hid/hid-logitech-hidpp.c | 3 +- drivers/i2c/i2c-mux.c | 2 +- drivers/iio/pressure/bmp280-core.c | 2 +- drivers/iio/pressure/ms5611_core.c | 2 +- drivers/infiniband/hw/cxgb4/cm.c | 3 ++ drivers/input/joystick/xpad.c | 2 + drivers/input/misc/powermate.c | 1 + drivers/mcb/mcb-core.c | 10 ++-- drivers/mcb/mcb-parse.c | 2 - drivers/mmc/core/mmc.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_common.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 5 +- drivers/net/ethernet/marvell/sky2.h | 2 +- drivers/net/ieee802154/ca8210.c | 17 ++---- drivers/net/usb/dm9601.c | 7 ++- drivers/net/usb/smsc95xx.c | 2 +- drivers/usb/core/hub.c | 28 ++++++++-- drivers/usb/core/hub.h | 2 +- drivers/usb/gadget/function/f_ncm.c | 26 +++++++--- drivers/usb/gadget/udc/udc-xilinx.c | 20 ++++--- drivers/usb/host/xhci-ring.c | 4 +- drivers/usb/musb/musb_debugfs.c | 2 +- drivers/usb/musb/musb_host.c | 9 +++- drivers/usb/serial/option.c | 7 +++ fs/btrfs/tree-log.c | 2 +- fs/ceph/inode.c | 4 +- fs/overlayfs/copy_up.c | 2 +- include/linux/mcb.h | 1 - include/linux/perf_event.h | 1 + include/net/bluetooth/hci_core.h | 2 +- include/net/netns/xfrm.h | 1 + kernel/cgroup/cgroup-v1.c | 5 +- kernel/events/core.c | 39 +++++++++++--- kernel/trace/trace_events.c | 1 + kernel/workqueue.c | 8 ++- net/bluetooth/hci_conn.c | 72 ++++++++++++++++---------- net/bluetooth/hci_core.c | 8 +-- net/bluetooth/hci_event.c | 33 +++++++++--- net/bluetooth/hci_sock.c | 3 +- net/ipv4/esp4.c | 4 +- net/ipv6/esp6.c | 4 +- net/mac80211/tx.c | 3 +- net/netfilter/nft_payload.c | 2 +- net/nfc/nci/core.c | 5 ++ net/nfc/nci/spi.c | 2 + net/rfkill/rfkill-gpio.c | 4 +- net/wireless/nl80211.c | 2 +- net/xfrm/xfrm_policy.c | 6 +-- 63 files changed, 310 insertions(+), 141 deletions(-)
