This is the start of the stable review cycle for the 4.19.321 release. There are 98 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.321-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Linux 4.19.321-rc1 Daniel Vetter <daniel.vetter@xxxxxxxx> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Vasily Averin <vvs@xxxxxxxxxxxxx> ipc: remove memcg accounting for sops objects in do_semtimedop() Ben Hutchings <benh@xxxxxxxxxx> scsi: aacraid: Fix double-free on probe failure Zijun Hu <quic_zijuhu@xxxxxxxxxxx> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g@xxxxxxxxxxx> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt@xxxxxxxxx> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray@xxxxxxxxxxxxxxxx> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Eric Dumazet <edumazet@xxxxxxxxxx> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang@xxxxxxxxxxxxx> gtp: fix a potential NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx> soundwire: stream: fix programming slave ports for non-continous port maps Eric Dumazet <edumazet@xxxxxxxxxx> net: prevent mss overflow in skb_segment() Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx> ida: Fix crash in ida_free when the bitmap is empty Allison Henderson <allison.henderson@xxxxxxxxxx> net:rds: Fix possible deadlock in rds_message_put Helge Deller <deller@xxxxxx> fbmem: Check virtual screen sizes in fb_set_var() Helge Deller <deller@xxxxxx> fbcon: Prevent that screen size is smaller than font size Vasily Averin <vvs@xxxxxxxxxxxxx> memcg: enable accounting of ipc resources Chen Ridong <chenridong@xxxxxxxxxx> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel@xxxxxxxxxx> ata: libata-core: Fix null pointer dereference on error Ricardo Ribalda <ribalda@xxxxxxxxxxxx> media: uvcvideo: Fix integer overflow calculating timestamp Long Li <leo.lilong@xxxxxxxxxx> filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Damien Le Moal <dlemoal@xxxxxxxxxx> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Mikulas Patocka <mpatocka@xxxxxxxxxx> dm suspend: return -ERESTARTSYS instead of -EINTR Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24@xxxxxxxxxxx> pinctrl: single: fix potential NULL dereference in pcs_get_function() Jesse Zhang <jesse.zhang@xxxxxxx> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin@xxxxxxxxx> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel@xxxxxxxxx> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Takashi Iwai <tiwai@xxxxxxx> ALSA: timer: Relax start tick time check for slave timer elements Ben Whitten <ben.whitten@xxxxxxxxx> mmc: dw_mmc: allow biu and ciu clocks to defer Nikolay Kuratov <kniv@xxxxxxxxxxxxxx> cxgb4: add forgotten u64 ivlan cast before shift Jason Gerecke <jason.gerecke@xxxxxxxxx> HID: wacom: Defer calculation of resolution until resolution_code is known Griffin Kroah-Hartman <griffin@xxxxxxxxx> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter@xxxxxxxxxx> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx> drm/msm/dpu: don't play tricks with debug macros Jani Nikula <jani.nikula@xxxxxxxxx> drm/msm: use drm_debug_enabled() to check for debug categories Sean Anderson <sean.anderson@xxxxxxxxx> net: xilinx: axienet: Always disable promiscuous mode Eric Dumazet <edumazet@xxxxxxxxxx> ipv6: prevent UAF in ip6_send_skb() Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> kcm: Serialise kcm_sendmsg() for the same socket. Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_core: Fix LE quote calculation Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: hci_core: Fix not handling link timeouts propertly Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: Make use of __check_timeout on hci_sched_le Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet@xxxxxxxxxx> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang@xxxxxxxxxxxx> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi@xxxxxxxxxxx> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1@xxxxxxxxxx> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang@xxxxxxxxxxxxxxxxx> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani@xxxxxxxxx> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura@xxxxxxxxxxx> usb: dwc3: core: Skip setting event buffers for host only controllers Alexander Gordeev <agordeev@xxxxxxxxxxxxx> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun@xxxxxxxxxxx> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb@xxxxxxx> NFS: avoid infinite loop in pnfs_update_layout. Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> Bluetooth: bnep: Fix out-of-bound access Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu@xxxxxxxxxx> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba@xxxxxxxx> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba@xxxxxxxx> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba@xxxxxxxx> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba@xxxxxxxx> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe@xxxxxxxxxxxxxx> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming@xxxxxxxxxxxx> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller@xxxxxx> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Li Nan <linan122@xxxxxxxxxx> md: clean up invalid BUG_ON in md_ioctl Kees Cook <keescook@xxxxxxxxxxxx> net/sun3_82586: Avoid reading past buffer in debug output Justin Tee <justin.tee@xxxxxxxxxxxx> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc@xxxxxxxxx> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco@xxxxxxxxx> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack@xxxxxxx> quota: Remove BUG_ON from dqget() Baokun Li <libaokun1@xxxxxxxxxx> ext4: do not trim the group with corrupted block bitmap Kunwu Chan <chentao@xxxxxxxxxx> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Miri Korenblit <miriam.rachel.korenblit@xxxxxxxxx> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba@xxxxxxxxxx> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie@xxxxxxxxxx> scsi: spi: Fix sshdr use Christian Brauner <christian.brauner@xxxxxxxxxx> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474@xxxxxxxxx> staging: ks7010: disable bh on tx_dev_lock Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson@xxxxxxxxxxx> wifi: cw1200: Avoid processing an invalid TIM IE Rand Deeb <rand.sec96@xxxxxxxxx> ssb: Fix division by zero issue in ssb_calc_clock_rate Pawel Dembicki <paweldembicki@xxxxxxxxx> net: dsa: vsc73xx: pass value in phy_write operation Dan Carpenter <dan.carpenter@xxxxxxxxxx> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu@xxxxxxxxxx> net/mlx5e: Correctly report errors for ethtool rx flows Alexander Lobakin <aleksander.lobakin@xxxxxxxxx> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin@xxxxxxxxx> s390/cio: rename bitmap_size() -> idset_bitmap_size() Al Viro <viro@xxxxxxxxxxxxxxxxxx> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas@xxxxxxxxxxxxxxxxxxx> drm/amdgpu: Actually check flags for all context ops. Zhen Lei <thunder.leizhen@xxxxxxxxxx> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro@xxxxxxxxxxxxxxxxxx> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin@xxxxxxxxx> bitmap: introduce generic optimized bitmap_size() Mikulas Patocka <mpatocka@xxxxxxxxxx> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy@xxxxxxxxxx> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu@xxxxxxxxx> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol@xxxxxxxxx> ALSA: usb-audio: Support Yamaha P-125 quirk entry Jann Horn <jannh@xxxxxxxxxx> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/drm_fb_helper.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/hid/wacom_wac.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/input/input-mt.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-ioctl.c | 22 ++- drivers/md/dm.c | 2 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/dsa/vitesse-vsc73xx.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 + drivers/net/gtp.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nvme/target/rdma.c | 16 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 20 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 11 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/core/fbcon.c | 28 +++ drivers/video/fbdev/core/fbmem.c | 20 +- drivers/video/fbdev/offb.c | 3 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 ++++++++++++++++----- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/send.c | 7 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 ++- fs/fuse/dev.c | 6 +- fs/gfs2/inode.c | 2 +- fs/locks.c | 4 +- fs/nfs/pnfs.c | 8 + fs/quota/dquot.c | 5 +- include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/fbcon.h | 4 + include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + ipc/msg.c | 2 +- ipc/sem.c | 7 +- ipc/shm.c | 2 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/hrtimer.c | 2 + lib/idr.c | 2 +- lib/test_ida.c | 40 ++++ mm/memcontrol.c | 7 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 58 +++--- net/bluetooth/mgmt.c | 4 + net/core/skbuff.c | 3 +- net/ipv6/ip6_output.c | 2 + net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/netfilter/nft_counter.c | 5 + net/rds/recv.c | 13 +- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/usb/quirks-table.h | 1 + tools/include/linux/align.h | 12 ++ tools/include/linux/bitmap.h | 8 +- 99 files changed, 662 insertions(+), 253 deletions(-)
