ALSA: seq: Fix racy pool initializations

netfilter: add back stackpointer size checks

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

x86/MCE: Serialize sysfs changes

hugetlbfs: check for pgoff value overflow

drm: udl: Properly check framebuffer mmap offsets

x86/entry/64: Don't use IST entry for #BP stack

x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)

kvm/x86: fix icebp instruction handling

dccp: check sk for closed state in dccp_sendmsg()

perf/hwbp: Simplify the perf-hwbp code, fix documentation

scsi: libsas: fix memory leak in sas_smp_get_phy_events()

ext4: limit xattr size to INT_MAX

ext4: fail ext4_iget for root directory if unallocated

ext4: always initialize the crc32c checksum driver

ext4: don't allow r/w mounts if metadata blocks overlap the superblock

random: fix crng_ready() test

mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

cdrom: information leak in cdrom_ioctl_media_changed()

ext4: add validity checks for bitmap block numbers

compat: fix 4-byte infoleak via uninitialized struct field

mm: sections are not offlined during memory hotremove

scsi: libsas: defer ata device eh commands to libata

fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().

socket: close race condition between sock_close() and sockfs_setattr()

ext4: do not allow external inodes for inline data

vhost: fix info leak due to uninitialized memory

ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

tcp: free batches of packets in tcp_prune_ofo_queue()

tcp: avoid collapses in tcp_prune_queue() if possible

tcp: detect malicious patterns in tcp_collapse_ofo_queue()

tcp: call tcp_drop() from tcp_data_queue_ofo()

tcp: add tcp_ooo_try_coalesce() helper

jfs: Fix inconsistency between memory allocation and ea_buf->max_size

ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()

ext4: correctly handle a zero-length xattr with a non-zero e_value_offs

video: uvesafb: Fix integer overflow in allocation

ext4: add corruption check in ext4_xattr_set_entry()

ext4: always check block group bounds in ext4_init_block_bitmap()

ext4: clear i_data in ext4_inode_info when removing inline data

ext4: never move the system.data xattr out of the inode body

ext4: only look at the bg_flags field if it is valid

ext4: verify the depth of extent tree in ext4_find_extent()

Fix up non-directory creation in SGID directories

ALSA: rawmidi: Change resized buffers atomically

infiniband: fix a possible use-after-free bug

x86/entry/64: Remove %ebx handling from error_entry/exit

xfs: don't call xfs_da_shrink_inode with NULL bp

xfs: validate cached inodes are free when allocated

Add disable SMT knob

Setup L1TF bug bit

vmx l1d flush

proc: do not access cmdline nor environ from file-backed areas

scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

sr: pass down correctly sized SCSI sense buffer

Bluetooth: hidp: buffer overflow in hidp_process_report

kvm: nVMX: Enforce cpl=0 for VMX instructions

staging: ncpfs: memory corruption in ncp_read_kernel()

HID: debug: check length before copy_to_user()

NFC: llcp: Limit size of SDP URI

NFC: llcp: Limit size of SDP URI

ARM: amba: Fix race condition with driver_override

ARM: amba: Don't read past the end of sysfs "driver_override" buffer

jbd2: don't mark block as modified if the handle is out of credits

ext4: avoid running out of journal credits when appending to an inline file

ext4: add more inode number paranoia checks

USB: yurex: fix out-of-bounds uaccess in read handler

information leak in cdrom_ioctl_drive_status()

USB: gadget: f_midi: fixing a possible double-free in f_midi

binder: replace "%p" with "%pK"

sctp: verify size of a new chunk in _sctp_make_chunk()

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

KVM: x86: introduce linear_{read,write}_system

KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system

kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access

kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access ( adaptation )

media: usbtv: prevent double free in error case

ACPI cache leak in early ACPI terminnation.

scsi: sg: mitigate read/write abuse

net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()

xfs: set format back to extents if xfs_bmap_extents_to_btree

net: create skb_gso_validate_mac_len()

bnx2x: disable GSO where gso_size is too big for hardware

Revert "net: increase fragment memory usage limits"

Revert "net: increase fragment memory usage limits"

mm: rollback 6b4ebc3a9078

btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized

hfsplus: fix NULL dereference in hfsplus_lookup()

irda: Only insert new objects into the global database via setsockopt

f2fs: fix to do sanity check with reserved blkaddr of inline inode

scsi: target: iscsi: Use hex2bin instead of a re-implementation

scsi: target: iscsi: Use bin2hex instead of a re-implementation

alarmtimer: Prevent overflow for relative nanosleep

bpf: 32-bit RSH verification must truncate input before the ALU op

Change mincore() to count "mapped" pages rather than "cached" pages

can: gw: ensure DLC boundaries after CAN frame modification

KVM: Fix UAF in nested posted interrupt processing

userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails

userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas

userfaultfd: shmem: add i_size checks

userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

kernel: cleancache: Infoleak of deleted files after reuse of old inodes

KVM: X86: Fix scan ioapic use-before-initialization

mremap: properly flush TLB before releasing the page

drom: fix improper type cast, which can leat to information leak.

xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE

net: crypto set sk to NULL when af_alg_release.

wil6210: missing length check in wmi_set_ie

libceph: implement CEPHX_V2 calculation mode

f2fs: fix to do sanity check with node footer and iblocks

f2fs: fix to do sanity check with extra_attr feature

f2fs: fix to do sanity check with node footer and iblocks

f2fs: fix to do sanity check with user_block_count

f2fs: fix to do sanity check with user_block_count

f2fs: fix to do sanity check with secs_per_zone

f2fs: fix to do sanity check with secs_per_zone

btrfs: Check that each block group has corresponding chunk at mount time

btrfs: validate type when reading a chunk

btrfs: tree-checker: Verify block_group_item

btrfs: tree-checker: Verify block_group_item

btrfs: tree-checker: Verify block_group_item

btrfs: tree-checker: Verify block_group_item

btrfs: tree-checker: Verify block_group_item

f2fs: fix to do sanity check with cp_pack_start_sum

f2fs: fix to do sanity check with i_extra_isize

media: em28xx: Fix use-after-free when disconnecting

f2fs: fix to do sanity check with block address in main area v2

USB: check usb_get_extra_descriptor for proper size

USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data

sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c

fork: record start_time late

kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

KVM: nVMX: unconditionally cancel preemption timer in free_nested

mm: enforce min addr even if capable() in expand_downwards()

exec: Fix mem leak in kernel_read_file

sunrpc: use-after-free in svc_process_common()

CVE-2018-16884 kpatch adaptation

tls: Use correct sk->sk_prot for IPV6

tls: Use correct sk->sk_prot for IPV6

tls: Use correct sk->sk_prot for IPV6

libceph: factor out encrypt_authorizer()

libceph: factor out __prepare_write_connect()

libceph: add authorizer challenge

libceph: add authorizer challenge

kvm: x86: Report STIBP on GET_SUPPORTED_CPUID

locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file

tools include: Adopt linux/bits.h

x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests

x86/speculation/mds: Clear CPU buffers on exit to user

x86/kvm/vmx: Add MDS protection when L1D Flush is not active

x86/speculation/mds: Conditionally clear CPU buffers on idle entry

mds clear cpu buffers

tcp: limit payload size of sacked skbs

tcp: tcp_fragment() should apply sane memory limits

tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

floppy: Do not copy a kernel pointer to user

posix-timers: Sanitize overrun handling

posix-timers: Sanitize overrun handling

xen-netback: fix input validation in xenvif_set_hash_mapping()

nfsd: COPY and CLONE operations require the saved filehandle to be set

scsi: libsas: fix a race condition when smp task timeout

fixed possible use-after-free in block/blk-core.c

fixed information leakage to userspace in drivers/net/appletalk/ipddp.c

crypto: user - fix leaking uninitialized memory to userspace

The irda_bind() function allocates memory for self->ias_obj without checking to see if the socket is already bound

drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl

inet: switch IP ID generator to siphash

inet: switch IP ID generator to siphash (adaptation)

mac80211: drop robust management frames from unknown TA

mac80211: handle deauthentication/disassociation from TDLS peer

scsi: megaraid_sas: return error when create DMA pool failed

net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().

fs: prevent page refcount overflow in pipe_buf_get

mm: add 'try_get_page()' helper function

mm: prevent get_user_pages() from overflowing page refcount

mm: make page ref count overflow check tighter and more explicit

drm/i915/gvt: Fix mmap range check

tty: mark Siemens R3964 line discipline as BROKEN

coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

ext4: zero out the unused memory region in the extent tree block

fix NULL pointer dereference in net/nfc

fix use-after-free in drivers/net/phy/mdio_bus.c

USB: gadget: f_hid: fix deadlock in f_hidg_write()

scsi: qedi: remove memset/memcpy to nfunc and use func instead

USB: rio500: refuse more than one device at a time

ALSA: core: Fix card races between register and disconnect

media: usb: siano: Fix general protection fault in smsusb

appletalk: Fix use-after-free in atalk_proc_exit

xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink

scsi: libsas: delete sas port if expander discover failed

net-sysfs: Fix mem leak in netdev_register_kobject

Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()

genetlink: Fix a memory leak on error path

fixed OOB access in sound/usb/mixer.c

binder: fix race between munmap() and direct reclaim

fixed possible OOB-read with improper input validation in drivers/media/usb/uvc/uvc_driver.c

Bluetooth: Verify that l2cap_get_conf_opt provides large

Bluetooth: Check L2CAP option sizes returned from

vfio/type1: Limit DMA mappings per container

bpf: Prevent memory disambiguation attack

bpf: Prevent memory disambiguation attack

brcmfmac: assure SSID length from firmware is limited

brcmfmac: add subtype check for event handling in data path

drm/i915: Rename gen7 cmdparser tables

drm/i915: Remove Master tables from cmdparser

drm/i915/cmdparser: Ignore Length operands during command matching

drm/i915: Lower RM timeout to avoid DSI hard hangs

drm/i915/cmdparser: Fix jump whitelist clearing

Spectre v1 swapgs mitigations

selinux: properly handle multiple messages in selinux_netlink_send()

ext4: avoid declaring fs inconsistent due to invalid file handles (dependency for CVE-2019-19319)

ext4: protect journal inode's blocks using block_validity

ext4: don't perform block validity checks on the journal inode

add function ptr_to_id() in order not to leak kernel layout info

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

media: b2c2-flexcop-usb: add sanity checking

netlabel: fixed possible NULL pointer dereference issue while importing some category bitmap into SELinux

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

kpatch adaptation for CVE-2020-1749

scsi: sg: add sg_remove_request in sg_write

make 'user_access_begin()' do 'access_ok()'

include/linux/relay.h: fix percpu annotation in struct rchan

mm: Fix mremap not considering huge pmd devmap

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

fix possible deadlock with mutex within SCSI libsas (adaptation)

crypto: ccp - Release all allocated memory if sha type is invalid

media: rc: prevent memory leak in cx23888_ir_probe

iio: imu: adis16400: fix memory leak

ath9k_htc: release allocated buffer if timed out

th9k: release allocated buffer if timed out

f2fs: check if file namelen exceeds max value

xfs: add agf freeblocks verify in xfs_agf_verify

btrfs: merge btrfs_find_device and find_device

net/packet: fix overflow in tpacket_rcv

vmx_vcpu_run wrapper

Restrict access to pagemap/kpageflags/kpagecount

x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

x86/speculation: Protect against userspace-userspace spectreRSB

usb: usbmon: Read text within supplied buffer size

Speculative Store Bypass mitigation

tcp: purge write queue in tcp_connect_init()