lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1509571159-4405-1-git-send-email-w@1wt.eu>
Date:   Wed,  1 Nov 2017 22:17:00 +0100
From:   Willy Tarreau <w@....eu>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        linux@...ck-us.net
Cc:     Willy Tarreau <w@....eu>
Subject: [PATCH 3.10 000/139] 3.10.108-stable review

This is the start of the stable review cycle for the 3.10.108 release,
which will also be the last release in the 3.10 branch.

All patches will be posted as a response to this one. If anyone has any
issue with these being applied, please let me know. If anyone thinks some
important patches are missing and should be added prior to the release,
please report them quickly with their respective mainline commit IDs.

Responses should be made by Sat Nov  4 22:10:41 CET 2017.
Anything received after that time might be too late. If someone
wants a bit more time for a deeper review, please let me know.

The whole patch series can be found in one patch at :
   https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.108-rc1.gz

The shortlog and diffstat are appended below.

Thanks,
Willy

===============


Adam Borowski (1):
  vt: fix unchecked __put_user() in tioclinux ioctls

Al Viro (3):
  Bluetooth: bnep: bnep_add_connection() should verify that it's dealing
    with l2cap socket
  Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing
    with l2cap socket
  leak in O_DIRECT readv past the EOF

Alexander Potapenko (3):
  sctp: don't dereference ptr before leaving _sctp_walk_{params,
    errors}()
  sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
  net/packet: check length in getsockopt() called with PACKET_HDRLEN

Andreas Gruenbacher (1):
  direct-io: Prevent NULL pointer access in submit_page_section

Andrew Gabbasov (1):
  usb: gadget: composite: Fix use-after-free in
    usb_composite_overwrite_options

Anssi Hannula (1):
  net: xilinx_emaclite: fix receive buffer overflow

Anton Blanchard (1):
  powerpc: Fix emulation of mfocrf in emulate_step()

Arend van Spriel (1):
  brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()

Arnd Bergmann (7):
  wext: handle NULL extra data in iwe_stream_add_point better
  x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
  [media] pvrusb2: reduce stack usage pvr2_eeprom_analyze()
  [media] ir-core: fix gcc-7 warning on bool arithmetic
  staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
  qlge: avoid memcpy buffer overflow
  IB/qib: fix false-postive maybe-uninitialized warning

Baohong Liu (1):
  tracing: Apply trace_clock changes to instance max buffer

Benjamin Block (1):
  scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path

Bo Yan (1):
  tracing: Erase irqsoff trace with empty write

Cheah Kok Cheong (1):
  Staging: comedi: comedi_fops: Avoid orphaned proc entry

Chris Brandt (2):
  usb: r8a66597-hcd: select a different endpoint on timeout
  usb: r8a66597-hcd: decrease timeout

Christoph Paasch (1):
  net: Set sk_prot_creator when cloning sockets to the right proto

Christophe JAILLET (1):
  serial: efm32: Fix parity management in
    'efm32_uart_console_get_options()'

Dan Carpenter (10):
  libata: array underflow in ata_find_dev()
  sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
  drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
  drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
    IS_ERR()
  xfrm: NULL dereference on allocation failure
  xfrm: Oops on error in pfkey_msg2xfrm_state()
  cpufreq: s3c2416: double free on driver init error path
  KEYS: Fix an error code in request_master_key()
  scsi: qla2xxx: Fix an integer overflow in sysfs code
  scsi: scsi_dh_emc: return success in clariion_std_inquiry()

Darrick J. Wong (1):
  ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets

David Howells (2):
  rxrpc: Fix several cases where a padded len isn't checked in ticket
    decode
  KEYS: don't let add_key() update an uninstantiated key

Eric Biggers (5):
  KEYS: fix dereferencing NULL payload with nonzero length
  FS-Cache: fix dereference of NULL user_key_payload
  KEYS: prevent creating a different user's keyrings
  KEYS: encrypted: fix dereference of NULL user_key_payload
  lib/digsig: fix dereference of NULL user_key_payload

Eric Dumazet (6):
  net: reduce skb_warn_bad_offload() noise
  net: skb_needs_check() accepts CHECKSUM_NONE for tx
  net: prevent sign extension in dev_get_stats()
  netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
  net: ping: do not abuse udp_poll()
  ipv6: fix typo in fib6_net_exit()

Feras Daoud (1):
  IB/ipoib: rtnl_unlock can not come after free_netdev

Florian Fainelli (1):
  net: korina: Fix NAPI versus resources freeing

Gao Feng (1):
  net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev

Haozhong Zhang (1):
  KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit

Helge Deller (1):
  mm: fix overflow check in expand_upwards()

Horia Geantă (1):
  crypto: caam - fix signals handling

Ian Abbott (1):
  staging: comedi: fix clean-up of comedi_class in comedi_init()

Ilya Matveychikov (1):
  lib/cmdline.c: fix get_options() overflow while parsing ranges

James Hogan (1):
  MIPS: Fix mips_atomic_set() retry condition

James Morse (1):
  ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal

Jan Kara (4):
  ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
  ext4: fix SEEK_HOLE
  ext4: avoid deadlock when expanding inode size
  udf: Fix deadlock between writeback and udf_setsize()

Jason Yan (1):
  md: fix super_offset endianness in super_1_rdev_size_change

Jerry Lee (1):
  ext4: fix overflow caused by missing cast in ext4_resize_fs()

Jin Yao (1):
  perf annotate: Fix broken arrow at row 0 connecting jmp instruction to
    its target

Joerg Roedel (1):
  iommu/amd: Finish TLB flush in amd_iommu_unmap()

Johan Hovold (2):
  serial: ifx6x60: fix use-after-free on module unload
  USB: serial: console: fix use-after-free after failed setup

Johannes Thumshirn (1):
  scsi: qla2xxx: don't disable a not previously enabled PCI device

Josh Poimboeuf (1):
  mm/page_alloc: Remove kernel address exposure in free_reserved_area()

Julian Anastasov (1):
  ipvs: SNAT packet replies only for NATed connections

Kazuya Mizuguchi (1):
  usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet

Kees Cook (1):
  fs/exec.c: account for argv/envp pointers

Konstantin Khlebnikov (1):
  ext4: keep existing extra fields when inode expands

Krzysztof Kozlowski (1):
  PM / Domains: Fix unsafe iteration over modified list of device links

Laura Abbott (1):
  x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()

Leon Romanovsky (1):
  net/mlx4: Remove BUG_ON from ICM allocation routine

Liping Zhang (2):
  netfilter: invoke synchronize_rcu after set the _hook_ to NULL
  netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister

Maciej W. Rozycki (4):
  MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
  MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
  MIPS: Fix unaligned PC interpretation in `compute_return_epc'
  MIPS: math-emu: Prevent wrong ISA mode instruction emulation

Mahesh Bandewar (1):
  ipv4: initialize fib_trie prior to register_netdev_notifier call.

Majd Dibbiny (1):
  net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
    new probed PFs

Marcin Nowakowski (1):
  kernel/extable.c: mark core_kernel_text notrace

Martin Hicks (1):
  crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD

Mateusz Jurczyk (1):
  fuse: initialize the flock flag in fuse_file on allocation

Michael Ellerman (1):
  powerpc/64: Fix atomic64_inc_not_zero() to return an int

Michael Thalmeier (1):
  usb: chipidea: debug: check before accessing ci_role

Naveen N. Rao (1):
  powerpc/kprobes: Pause function_graph tracing during jprobes handling

Neal Cardwell (4):
  tcp: introduce tcp_rto_delta_us() helper for xmit timer fix
  tcp: enable xmit timer fix by having TLP use time when RTO should fire
  tcp: fix xmit timer to only be reset if data ACKed/SACKed
  tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP

NeilBrown (1):
  md/bitmap: disable bitmap_resize for file-backed bitmaps.

Nicholas Bellinger (1):
  target: Avoid mappedlun symlink creation during lun shutdown

Oliver O'Halloran (1):
  powerpc/asm: Mark cr0 as clobbered in mftb()

Pan Bian (1):
  team: fix memory leaks

Paolo Bonzini (1):
  kvm: async_pf: fix rcu_irq_enter() with irqs enabled

Prabhakar Lad (1):
  media: platform: davinci: return -EINVAL for
    VPFE_CMD_S_CCDC_RAW_PARAMS ioctl

Radim Krčmář (1):
  KVM: x86: zero base3 of unusable segments

Russell King (1):
  net: phy: fix marvell phy status reading

Sabrina Dubroca (2):
  ipv6: fix memory leak with multiple tables during netns destruction
  ip6_gre: fix endianness errors in ip6gre_err

Shaohua Li (1):
  md/raid10: submit bio directly to replacement disk

Srinivas Dasari (2):
  cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
  cfg80211: Check if PMKID attribute is of expected size

Stefan Mätje (1):
  can: esd_usb2: Fix can_dlc value for received RTR, frames

Steffen Maier (4):
  scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
  scsi: zfcp: fix missing trace records for early returns in TMF eh
    handlers
  scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
  scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
    late response

Stephan Mueller (1):
  crypto: AF_ALG - remove SGL terminator indicator when chaining

Takashi Iwai (2):
  ALSA: seq: Fix use-after-free at creating a port
  ALSA: core: Fix unexpected error at replacing user TLV

Tejun Heo (2):
  workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
  workqueue: implicit ordered attribute should be overridable

Tomasz Wilczyński (1):
  cpufreq: conservative: Allow down_threshold to take values from 1 to
    10

Tony Lindgren (1):
  mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode

Vladis Dronov (2):
  xfrm: policy: check policy direction value
  nl80211: check for the required netlink attributes presence

WANG Cong (2):
  tcp: reset sk_rx_dst in tcp_disconnect()
  ipv6: avoid unregistering inet6_dev for loopback

Wei Wang (1):
  tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

Willem de Bruijn (2):
  udp: consistently apply ufo or fragmentation
  packet: fix tp_reserve race in packet_set_ring

Xin Long (1):
  sctp: fix the check for _sctp_walk_params and _sctp_walk_errors

Yoshihiro Shimoda (5):
  usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle
  usb: renesas_usbhs: fix the sequence in xfer_work()
  usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
  usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
  usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction

Yuchung Cheng (2):
  tcp: disallow cwnd undo when switching congestion control
  tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction
    states

satoru takeuchi (1):
  btrfs: prevent to set invalid default subvolid

 arch/mips/include/asm/branch.h                     |  5 +-
 arch/mips/kernel/branch.c                          |  8 ++-
 arch/mips/kernel/syscall.c                         |  2 +-
 arch/mips/math-emu/cp1emu.c                        | 38 +++++++++++++
 arch/powerpc/include/asm/atomic.h                  |  4 +-
 arch/powerpc/include/asm/reg.h                     |  2 +-
 arch/powerpc/kernel/kprobes.c                      | 11 ++++
 arch/powerpc/lib/sstep.c                           | 13 +++++
 arch/x86/include/asm/io.h                          |  4 +-
 arch/x86/kernel/kvm.c                              |  2 +-
 arch/x86/kvm/vmx.c                                 |  2 +-
 arch/x86/kvm/x86.c                                 |  2 +
 arch/x86/mm/numa_32.c                              |  1 +
 crypto/algif_skcipher.c                            |  4 +-
 drivers/acpi/apei/ghes.c                           |  1 +
 drivers/ata/libata-scsi.c                          |  6 +-
 drivers/base/power/domain.c                        |  4 +-
 drivers/cpufreq/cpufreq_conservative.c             |  4 +-
 drivers/cpufreq/s3c2416-cpufreq.c                  |  1 -
 drivers/crypto/caam/caamhash.c                     |  2 +-
 drivers/crypto/caam/key_gen.c                      |  2 +-
 drivers/crypto/talitos.c                           |  7 ++-
 drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c               |  2 +
 drivers/infiniband/hw/qib/qib_iba7322.c            |  2 +-
 drivers/infiniband/ulp/ipoib/ipoib_vlan.c          |  4 +-
 drivers/iommu/amd_iommu.c                          |  1 +
 drivers/md/bitmap.c                                |  5 ++
 drivers/md/md.c                                    |  2 +-
 drivers/md/raid10.c                                | 19 ++++++-
 drivers/media/platform/davinci/vpfe_capture.c      | 22 +-------
 drivers/media/rc/imon.c                            |  2 +-
 drivers/media/usb/pvrusb2/pvrusb2-eeprom.c         | 13 ++---
 drivers/mfd/omap-usb-tll.c                         |  2 +-
 drivers/misc/c2port/c2port-duramar2150.c           |  4 +-
 drivers/net/can/usb/esd_usb2.c                     |  2 +-
 drivers/net/ethernet/korina.c                      |  8 +--
 drivers/net/ethernet/mellanox/mlx4/icm.c           |  7 ++-
 drivers/net/ethernet/mellanox/mlx4/main.c          |  2 -
 drivers/net/ethernet/qlogic/qlge/qlge_dbg.c        |  2 +-
 drivers/net/ethernet/xilinx/xilinx_emaclite.c      | 10 +++-
 drivers/net/phy/marvell.c                          |  2 -
 drivers/net/team/team.c                            |  8 ++-
 .../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c  |  5 ++
 drivers/s390/scsi/zfcp_dbf.c                       | 21 +++++--
 drivers/s390/scsi/zfcp_dbf.h                       |  6 +-
 drivers/s390/scsi/zfcp_fc.h                        |  6 +-
 drivers/s390/scsi/zfcp_fsf.c                       |  3 +-
 drivers/s390/scsi/zfcp_scsi.c                      |  8 ++-
 drivers/scsi/device_handler/scsi_dh_emc.c          |  2 +-
 drivers/scsi/qla2xxx/qla_attr.c                    |  8 +--
 drivers/scsi/qla2xxx/qla_os.c                      |  8 +--
 drivers/staging/comedi/comedi_fops.c               |  7 ++-
 drivers/staging/iio/resolver/ad2s1210.c            |  2 +-
 drivers/target/target_core_fabric_configfs.c       |  5 ++
 drivers/target/target_core_tpg.c                   |  3 +
 drivers/tty/serial/efm32-uart.c                    | 11 +++-
 drivers/tty/serial/ifx6x60.c                       |  2 +-
 drivers/tty/vt/vt.c                                |  6 +-
 drivers/usb/chipidea/debug.c                       |  3 +-
 drivers/usb/gadget/composite.c                     |  5 ++
 drivers/usb/host/r8a66597-hcd.c                    |  6 +-
 drivers/usb/renesas_usbhs/common.c                 |  4 +-
 drivers/usb/renesas_usbhs/fifo.c                   | 50 +++++++++++++++--
 drivers/usb/renesas_usbhs/pipe.c                   | 13 +++++
 drivers/usb/renesas_usbhs/pipe.h                   |  4 ++
 drivers/usb/serial/console.c                       |  1 +
 fs/btrfs/ioctl.c                                   |  4 ++
 fs/direct-io.c                                     |  3 +
 fs/exec.c                                          | 28 ++++++++--
 fs/ext4/file.c                                     | 57 +++++++------------
 fs/ext4/inode.c                                    |  7 +--
 fs/ext4/resize.c                                   |  3 +-
 fs/ext4/xattr.c                                    | 19 +++++--
 fs/fscache/object-list.c                           |  7 +++
 fs/fuse/file.c                                     |  2 +-
 fs/udf/inode.c                                     |  4 +-
 include/linux/key.h                                |  2 +
 include/linux/workqueue.h                          |  4 +-
 include/net/ipv6.h                                 |  1 +
 include/net/iw_handler.h                           |  3 +-
 include/net/sctp/sctp.h                            |  4 ++
 include/net/sctp/ulpevent.h                        |  6 +-
 include/net/tcp.h                                  | 10 ++++
 include/target/target_core_base.h                  |  1 +
 kernel/extable.c                                   |  2 +-
 kernel/trace/trace.c                               | 12 +++-
 kernel/workqueue.c                                 | 23 ++++++--
 lib/cmdline.c                                      |  6 +-
 lib/digsig.c                                       |  6 ++
 mm/mmap.c                                          |  2 +-
 mm/page_alloc.c                                    |  4 +-
 net/8021q/vlan.c                                   |  3 +-
 net/bluetooth/bnep/core.c                          |  4 ++
 net/bluetooth/cmtp/core.c                          |  3 +
 net/core/dev.c                                     | 21 ++++---
 net/core/sock.c                                    |  2 +
 net/ipv4/af_inet.c                                 |  2 +-
 net/ipv4/fib_frontend.c                            |  9 +--
 net/ipv4/ip_output.c                               |  7 ++-
 net/ipv4/netfilter/nf_nat_snmp_basic.c             |  1 +
 net/ipv4/tcp.c                                     |  6 ++
 net/ipv4/tcp_cong.c                                |  1 +
 net/ipv4/tcp_input.c                               | 36 ++++++------
 net/ipv4/tcp_output.c                              | 26 ++-------
 net/ipv4/udp.c                                     |  2 +-
 net/ipv6/addrconf.c                                |  3 +-
 net/ipv6/ip6_fib.c                                 | 25 +++++++--
 net/ipv6/ip6_gre.c                                 |  4 +-
 net/ipv6/ip6_output.c                              |  7 ++-
 net/ipv6/raw.c                                     |  2 +-
 net/key/af_key.c                                   | 17 ++++--
 net/netfilter/ipvs/ip_vs_core.c                    | 19 +++++--
 net/netfilter/nf_conntrack_ecache.c                |  2 +
 net/netfilter/nf_conntrack_extend.c                | 13 ++++-
 net/netfilter/nf_conntrack_netlink.c               |  1 +
 net/netfilter/nf_nat_core.c                        |  2 +
 net/netfilter/nfnetlink_cttimeout.c                |  1 +
 net/netfilter/xt_TCPMSS.c                          |  6 +-
 net/packet/af_packet.c                             | 15 +++--
 net/rxrpc/ar-key.c                                 | 64 ++++++++++++----------
 net/sctp/ipv6.c                                    |  2 +
 net/wireless/nl80211.c                             | 10 +++-
 net/xfrm/xfrm_policy.c                             |  6 ++
 security/keys/encrypted-keys/encrypted.c           |  9 ++-
 security/keys/internal.h                           |  2 +-
 security/keys/key.c                                | 12 ++++
 security/keys/keyctl.c                             |  4 +-
 security/keys/keyring.c                            | 23 +++++---
 security/keys/process_keys.c                       |  8 ++-
 sound/core/control.c                               |  2 +-
 sound/core/seq/seq_clientmgr.c                     |  6 +-
 sound/core/seq/seq_ports.c                         |  7 ++-
 tools/perf/ui/browser.c                            |  2 +-
 133 files changed, 720 insertions(+), 330 deletions(-)

-- 
2.8.0.rc2.1.gbe9624a

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ