Change mincore() to count "mapped" pages rather than "cached" pages

f2fs: fix to do sanity check with secs_per_zone

x86: kvm: Do not release the page inside mmu_set_spte() (CVE-2018-12207 prerequirement)

CVE-2018-12207 prerequirement - code cleanup and simplification

x86: kvm: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (CVE-2018-12207 prerequirement)

x86: kvm: vmx,svm: always run with EFER.NXE=1 when shadow paging is active (CVE-2018-12207 prerequirement)

kvm: Convert kvm_lock to a mutex (CVE-2018-12207 prerequirement)

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

drm/i915: Add support for mandatory cmdparsing

drm/i915/gen8+: Add RC6 CTX corruption WA

[drm] drm/i915: Rename gen7 cmdparser tables

[drm] drm/i915: Remove Master tables from cmdparser

drm/i915: Add support for mandatory cmdparsing

drm/i915/gen8+: Add RC6 CTX corruption WA

[drm] drm/i915/cmdparser: Fix jump whitelist clearing

Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

xfs: clear sb->s_fs_info on mount failure

rsi: add fix for crash during assertions

ext4: add more paranoia checking in ext4_expand_extra_isize handling

USB: core: Fix races in character device registration and deregistraion

can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices

can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices

can: peak_usb: fix slab info leak

media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

HID: Fix assumption that devices have inputs

usb: yurex: Fix use-after-free in yurex_delete

usb: cdc-acm: make sure a refcount is taken early enough

HID: hiddev: avoid opening a disconnected device

ieee802154: atusb: fix use-after-free at disconnect

Input: ff-memless - kill timer in destroy()

USB: adutux: fix use-after-free on disconnect

ext4: work around deleting a file with i_nlink == 0 safely

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)"

appletalk: Fix potential NULL pointer dereference in unregister_snap_client

rtl8xxxu: prevent leaking urb

scsi: bfa: release allocated memory in case of error

rtlwifi: prevent memory leak in rtl_usb_probe

crypto: user - fix memory leak in crypto_report

mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring

mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf

can: gs_usb: gs_can_open(): prevent memory leak

wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle

of: unittest: fix memory leak in attach_node_and_children

ext4: fix ext4_empty_dir() for directories with holes

net: qlogic: Fix memory leak in ql_alloc_large_buffers

media: vivid: Fix wrong locking that causes race conditions on streaming stop

rtlwifi: enforce CAP_NET_RAW for raw sockets

fixed buffer overflow in cfg80211_mgd_wext_giwessid() in net/wireless/wext-sme.c which does not reject a long SSID IE

RDMA/cxgb4: Do not dma memory off of the stack

nfc: enforce CAP_NET_RAW for raw sockets

enforce CAP_NET_RAW for AF_ISDN sockets

appletalk: enforce CAP_NET_RAW for raw sockets

ieee802154: enforce CAP_NET_RAW for raw sockets

nl80211: fixed buffer overflow when handling beacon settings

media: technisat-usb2: break out of loop at end of buffer

media: b2c2-flexcop-usb: add sanity checking

media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap

ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

fix a heap overflow in mmwifiex_process_tdls_action_frame()

Heap Overflow in add_ie_rates() function of Marvell Wifi Driver in Linux kernel

mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

Make filldir[64]() verify the directory entry filename is valid

OOPS may occur for a corrupted xfs image

xfs: validate cached inodes are free when allocated

dccp: Fix memleak in __feat_register_sp

scsi: libsas: stop discovering if oob mode is disconnected

Uninitialized Kernel memory can leak to USB devices.

drm/i915/gen9: Clear residual context state on context switch

media: usb: fix memory leak in af9005_identify_state

ax25: enforce CAP_NET_RAW for raw sockets

net/flow_dissector: switch to siphash

net/flow_dissector: switch to siphash

ANDROID: binder: remove waitqueue when thread exits.

stack-based out-of-bounds write

do_last(): fetch directory ->i_mode and ->i_uid before it's too late

do_last(): fetch directory ->i_mode and ->i_uid before it's too late

kernel stack corruption via crafted system calls

KVM: nVMX: Don't emulate instructions in guest mode

KVM: nVMX: Refactor IO bitmap checks into helper function

KVM: nVMX: Check IO instruction VM-exit conditions

blktrace: Fix potential deadlock between delete & sysfs ops (CVE-2019-19768 dependency)

blktrace: Fix potential deadlock between delete & sysfs ops (CVE-2019-19768 dependency, adaptation)

blktrace: fix unlocked access to init/start-stop/teardown (CVE-2019-19768 dependency)

blktrace: fix trace mutex deadlock (CVE-2019-19768 dependency)

blktrace: Protect q->blk_trace with RCU

blktrace: fix dereference after null check

slcan: Don't transmit uninitialized stack data in padding

ext4: don't perform block validity checks on the journal inode

ext4: avoid declaring fs inconsistent due to invalid file handles

ext4: protect journal inode's blocks using block_validity

ext4: fix block validity checks for journal inodes using indirect blocks

ext4: avoid declaring fs inconsistent due to invalid file handles

ext4: don't perform block validity checks on the journal inode

ext4: don't perform block validity checks on the journal inode

selinux: properly handle multiple messages in selinux_netlink_send()

media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame

net-sysfs: call dev_hold if kobject_init_and_add success

cfg80211/mac80211: make ieee80211_send_layer2_update a public function

mm: Fix mremap not considering huge pmd devmap

fs/namespace.c: fix mountpoint reference counter race

scsi: sg: add sg_remove_request in sg_write

USB: gadget: fix illegal array access in binding with UDC

USB: core: Fix free-while-in-use bug in the USB S-Glibrary

vt: selection, close sel_buffer race

floppy: check FDC index for errors before assigning it

mac80211: Do not send Layer 2 Update frame before authorization

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

scsi: mptfusion: Fix double fetch bug in ioctl

netlabel: fixed possible NULL pointer dereference issue while importing some category bitmap into SELinux

include/linux/relay.h: fix percpu annotation in struct rchan

media: ov519: add missing endpoint sanity checks

media: stv06xx: add missing descriptor sanity checks

media: xirlink_cit: add missing descriptor sanity checks

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

vgacon: Fix a UAF in vgacon_invert_region

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Change misspelled STIPB to STIBP

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

kernel: memory corruption in Voice over IP nf_conntrack_h323 module

l2tp: pass tunnel pointer to ->session_create()

staging: android: ashmem: Disallow ashmem memory from being remapped

signal: Extend exec_id to 64bits

signal: Extend exec_id to 64bits (kpatch adaptation)

signal: Extend exec_id to 64bits (kpatch adaptation)

spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls

media: go7007: fix a miss of snd_card_free

vt: keyboard: avoid signed integer overflow in k_ascii

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

btrfs only search for left_info if there is no right_info

f2fs: check if file namelen exceeds max value

[net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

[net] Bluetooth: A2MP: Fix not initializing all members

xfs: add agf freeblocks verify in xfs_agf_verify

bcache: fix potential deadlock problem in btree_gc_coalesce

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

ext4: fix potential negative array index in do_split()

cgroup: fix cgroup_sk_alloc() for sk_clone_lock()

net/packet: fix overflow in tpacket_rcv

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

btrfs: merge btrfs_find_device and find_device

random32: update the net random state on interrupt and activity

Bluetooth: fix kernel oops in store_pending_adv_report

netfilter: ctnetlink: add a range check for l3/l4 protonum

nfs: Fix getxattr kernel panic and memory overflow

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

mm/hugetlb: fix a race between hugetlb sysctl handlers

hdlc_ppp: add range checks in ppp_cp_parse_cr()

net/nfc/rawsock.c: add CAP_NET_RAW check

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: Verify lengths on passthrough PDUs

xen-blkback: fix error handling in xen_blkbk_map()

Xen/gnttab: handle p2m update errors on a per-slot basis

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

nfsd4: readdirplus shouldn't return parent of export

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

target: simplify XCOPY wwn->se_dev lookup helper

target: use XCOPY segment descriptor CSCD IDs

xcopy: loop over devices using idr helper

scsi: target: Fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

[PATCH] tracing: Fix race in trace_open and buffer resize call

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

jfs: Fix array index bounds check in dbAdjTree

Btrfs: fix selftests failure due to uninitialized i_mode in test inodes

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

futex: Handle faults correctly for PI futexes

bpf, x86: Validate computation of branch displacements for x86-64

net: icmp: fix data-race in cmp_global_allow()

nfc: fix memory leak in llcp_sock_bind() (dependency)

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

gup: document and work around "COW can break either way" issue

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

fuse: verify attributes

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

perf/x86/intel: Fix a crash caused by zero PEBS status

btrfs: fix race when cloning extent buffer during rewind of an old root

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

media: v4l: ioctl: Fix memory leak in video_usercopy

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

sctp: delay auto_asconf init until binding the first addr

dm ioctl: fix out of bounds array access when no devices

bluetooth: eliminate the potential race condition when removing the

nfc: fix NULL ptr dereference in llcp_sock_getname() after failed

mac80211: assure all fragments are encrypted

mac80211: prevent mixed key and fragment cache attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: add fragment cache to sta_info

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment cache

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: fix the erroneous flush_work() order

HID: make arrays usage and value to be the same

Bluetooth: use correct lock to prevent UAF of hdev object

Bluetooth: SMP: Fail if remote and local public keys are identical

fuse: fix fuse_make_bad to add bad_inode_ops (adaptation)

fuse: hook file_operations to prevent generation of new requests before pach/unpatch (adaptation)

fuse: hook inode_operations to prevent generation of new requests before pach/unpatch (adaptation)

fuse: end up request (adaptation)

ext4: fix EXT4_MAX_LOGICAL_BLOCK macro

ext4: catch integer overflow in ext4_cache_extents

netfilter: x_tables: fix compat match/target pad out-of-bound write

seq_file: Disallow extremely large seq buffer allocations

can: bcm: fix infoleak in struct bcm_msg_head

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

Input: joydev - prevent potential read overflow in ioctl

sctp: add size validation when walking chunks

virtio_console: Assure used length from device is limited

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (adaptation)

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

sctp: move 198 addresses from unusable to private scope

net: xilinx_emaclite: Do not print real IOMEM pointer

ovl: prevent private clone if bind mount is not allowed

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

net: 6pack: fix slab-out-of-bounds in decode_data

ovl: prevent private clone if bind mount is not allowed

fs: warn about impending deprecation of mandatory locks

vt_kdsetmode: extend console locking

ext4: fix race writing to an inline_data file while its xattrs are

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

sctp: validate from_addr_param return

sctp: fix return value check in __sctp_rcv_asconf_lookup

net: hso: fix muxed tty registration

ovl: fix missing negative dentry check in ovl_rename()

bpf: Fix integer overflow in prealloc_elems_and_freelist()

nfc: nci: fix the UAF of rf_conn_info object

isdn: cpai: check ctr->cnr to avoid array index out of bound

net: hso: register netdev later to avoid a race condition

usb: hso: fix error handling code of hso_create_net_device

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

ath: Use safer key clearing with key cache entries

ath9k: Clear key cache explicitly on disabling hardware

ath: Export ath_hw_keysetmac()

ath: Modify ath_key_delete() to not need full key entry

ath9k: Postpone key cache entry deletion for TXQ frames reference it

ath9k: Postpone key cache entry deletion for TXQ frames reference it (adaptation)

ath: Export ath_hw_keysetmac (adaptation)

NFSv4: Initialise connection to the server in nfs4_alloc_client()

NFSv4: Initialise connection to the server in nfs4_alloc_client()

mm: add follow_pte_pmd()

KVM: do not assume PTE is writable after follow_pfn

[PATCH] KVM: Use kvm_pfn_t for local PFN variable in

KVM: do not allow mapping valid but non-reference-counted pages

dccp: avoid double free of ccid on child socket

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

ipv4: make exception cache less predictible

KVM: X86: MMU: Use the correct inherited permissions to get shadow

KVM: X86: MMU: Use the correct inherited permissions to get shadow (adaptation)

rbtree: cache leftmost node internally

lib/timerqueue: Rely on rbtree semantics for next timer

lib/timerqueue: Rely on rbtree semantics for next timer (adaptation)

gianfar: fix jumbo packets+napi+rx overrun crash

net: mac802154: Fix general protection fault

net: mac802154: Fix general protection fault

Bluetooth: fix use-after-free error in lock_sock_nested()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

phonet: refcount leak in pep_sock_accep

fs: add fget_many() and fput_many()

fget: check that the fd still exists after getting a ref to it

USB: gadget: detect too-big endpoint 0 requests

NFC: reorganize the functions in nci_request

NFC: reorder the logic in nfc_{un,}register_device

NFC: add NCI_UNREG flag to eliminate the race

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate

NFSv4: Handle case where the lookup of a directory fails

USB: gadget: validate interface OS descriptor requests

usb: gadget: rndis: check size of RNDIS_MSG_SET command

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

cgroup-v1: Require capabilities to set release_agent

moxart: fix potential use-after-free on remove path

tipc: improve size validations for received domain records

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (adaptation)

wait: add wake_up_pollfree()

signalfd: use wake_up_pollfree()

x86/entry: Use the correct fence macro after swapgs in kernel CR3

vmx_vcpu_run wrapper

Restrict access to pagemap/kpageflags/kpagecount

pinctrl: devicetree: Avoid taking direct reference to device name string

xen/events: avoid removing an event channel while handling it

perf/core: Fix race in the perf_mmap_close() function

geneve: add transport ports in route lookup for geneve

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

tty: make FONTX ioctl use the tty pointer they were actually passed

Input: sunkbd - avoid use-after-free in teardown paths

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

powercap: make attributes only readable by root

icmp: randomize the global rate limiter