sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: Verify lengths on passthrough PDUs

xen-blkback: fix error handling in xen_blkbk_map()

Xen/gnttab: handle p2m update errors on a per-slot basis

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

nfsd4: readdirplus shouldn't return parent of export

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

target: simplify XCOPY wwn->se_dev lookup helper

target: use XCOPY segment descriptor CSCD IDs

xcopy: loop over devices using idr helper

scsi: target: Fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

[PATCH] tracing: Fix race in trace_open and buffer resize call

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

jfs: Fix array index bounds check in dbAdjTree

Btrfs: fix selftests failure due to uninitialized i_mode in test inodes

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

futex: Handle faults correctly for PI futexes

bpf, x86: Validate computation of branch displacements for x86-64

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

gup: document and work around "COW can break either way" issue

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

perf/x86/intel: Fix a crash caused by zero PEBS status

btrfs: fix race when cloning extent buffer during rewind of an old root

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

xen-blkback: don't leak persistent grants from xen_blkbk_map()

media: v4l: ioctl: Fix memory leak in video_usercopy

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

sctp: delay auto_asconf init until binding the first addr

dm ioctl: fix out of bounds array access when no devices

bluetooth: eliminate the potential race condition when removing the

nfc: fix NULL ptr dereference in llcp_sock_getname() after failed

mac80211: assure all fragments are encrypted

mac80211: prevent mixed key and fragment cache attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: add fragment cache to sta_info

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment cache

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: fix the erroneous flush_work() order

HID: make arrays usage and value to be the same

Bluetooth: use correct lock to prevent UAF of hdev object

Bluetooth: SMP: Fail if remote and local public keys are identical

fuse: fix fuse_make_bad to add bad_inode_ops (adaptation)

fuse: hook file_operations to prevent generation of new requests before pach/unpatch (adaptation)

fuse: hook inode_operations to prevent generation of new requests before pach/unpatch (adaptation)

fuse: end up request (adaptation)

ext4: fix EXT4_MAX_LOGICAL_BLOCK macro

ext4: catch integer overflow in ext4_cache_extents

netfilter: x_tables: fix compat match/target pad out-of-bound write

seq_file: Disallow extremely large seq buffer allocations

can: bcm: fix infoleak in struct bcm_msg_head

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

Input: joydev - prevent potential read overflow in ioctl

sctp: add size validation when walking chunks

virtio_console: Assure used length from device is limited

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (adaptation)

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

sctp: move 198 addresses from unusable to private scope

net: xilinx_emaclite: Do not print real IOMEM pointer

ovl: prevent private clone if bind mount is not allowed

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

net: 6pack: fix slab-out-of-bounds in decode_data

ovl: prevent private clone if bind mount is not allowed

fs: warn about impending deprecation of mandatory locks

vt_kdsetmode: extend console locking

ext4: fix race writing to an inline_data file while its xattrs are

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

sctp: validate from_addr_param return

sctp: fix return value check in __sctp_rcv_asconf_lookup

net: hso: fix muxed tty registration

ovl: fix missing negative dentry check in ovl_rename()

bpf: Fix integer overflow in prealloc_elems_and_freelist()

nfc: nci: fix the UAF of rf_conn_info object

isdn: cpai: check ctr->cnr to avoid array index out of bound

net: hso: register netdev later to avoid a race condition

usb: hso: fix error handling code of hso_create_net_device

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

ath: Use safer key clearing with key cache entries

ath9k: Clear key cache explicitly on disabling hardware

ath: Export ath_hw_keysetmac()

ath: Modify ath_key_delete() to not need full key entry

ath9k: Postpone key cache entry deletion for TXQ frames reference it

ath9k: Postpone key cache entry deletion for TXQ frames reference it (adaptation)

ath: Export ath_hw_keysetmac (adaptation)

NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4_alloc_client()

mm: add follow_pte_pmd()

KVM: do not assume PTE is writable after follow_pfn

[PATCH] KVM: Use kvm_pfn_t for local PFN variable in

KVM: do not allow mapping valid but non-reference-counted pages

dccp: avoid double free of ccid on child socket

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

ipv4: make exception cache less predictible

KVM: X86: MMU: Use the correct inherited permissions to get shadow

KVM: X86: MMU: Use the correct inherited permissions to get shadow (adaptation)

rbtree: cache leftmost node internally

lib/timerqueue: Rely on rbtree semantics for next timer

lib/timerqueue: Rely on rbtree semantics for next timer (adaptation)

gianfar: fix jumbo packets+napi+rx overrun crash

net: mac802154: Fix general protection fault

net: mac802154: Fix general protection fault

Bluetooth: fix use-after-free error in lock_sock_nested()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

phonet: refcount leak in pep_sock_accep

fs: add fget_many() and fput_many()

fget: check that the fd still exists after getting a ref to it

USB: gadget: detect too-big endpoint 0 requests

NFC: reorganize the functions in nci_request

NFC: reorder the logic in nfc_{un,}register_device

NFC: add NCI_UNREG flag to eliminate the race

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate

NFSv4: Handle case where the lookup of a directory fails

USB: gadget: validate interface OS descriptor requests

usb: gadget: rndis: check size of RNDIS_MSG_SET command

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

cgroup-v1: Require capabilities to set release_agent

moxart: fix potential use-after-free on remove path

tipc: improve size validations for received domain records

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (adaptation)

wait: add wake_up_pollfree()

signalfd: use wake_up_pollfree()

binder: use wake_up_pollfree()

x86/entry: Use the correct fence macro after swapgs in kernel CR3

vmx_vcpu_run wrapper

Restrict access to pagemap/kpageflags/kpagecount