--- /dev/null
+From 2be147f7459db5bbf292e0a6f135037b55e20b39 Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Thu, 3 May 2018 13:17:12 -0500
+Subject: atm: zatm: Fix potential Spectre v1
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit 2be147f7459db5bbf292e0a6f135037b55e20b39 upstream.
+
+pool can be indirectly controlled by user-space, hence leading to
+a potential exploitation of the Spectre variant 1 vulnerability.
+
+This issue was detected with the help of Smatch:
+
+drivers/atm/zatm.c:1462 zatm_ioctl() warn: potential spectre issue
+'zatm_dev->pool_info' (local cap)
+
+Fix this by sanitizing pool before using it to index
+zatm_dev->pool_info
+
+Notice that given that speculation windows are large, the policy is
+to kill the speculation on the first load and not worry if it can be
+completed with a dependent load/store [1].
+
+[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/atm/zatm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/atm/zatm.c
++++ b/drivers/atm/zatm.c
+@@ -23,6 +23,7 @@
+ #include <linux/bitops.h>
+ #include <linux/wait.h>
+ #include <linux/slab.h>
++#include <linux/nospec.h>
+ #include <asm/byteorder.h>
+ #include <asm/string.h>
+ #include <asm/io.h>
+@@ -1458,6 +1459,8 @@ static int zatm_ioctl(struct atm_dev *de
+ return -EFAULT;
+ if (pool < 0 || pool > ZATM_LAST_POOL)
+ return -EINVAL;
++ pool = array_index_nospec(pool,
++ ZATM_LAST_POOL + 1);
+ spin_lock_irqsave(&zatm_dev->lock, flags);
+ info = zatm_dev->pool_info[pool];
+ if (cmd == ZATM_GETPOOLZ) {
--- /dev/null
+From 6ee00865ffe4e8c8ba4a68d26db53c7ec09bbb89 Mon Sep 17 00:00:00 2001
+From: Jimmy Assarsson <extja@kvaser.com>
+Date: Fri, 20 Apr 2018 14:38:46 +0200
+Subject: can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
+
+From: Jimmy Assarsson <extja@kvaser.com>
+
+commit 6ee00865ffe4e8c8ba4a68d26db53c7ec09bbb89 upstream.
+
+Increase rx_dropped, if alloc_can_skb() fails, not tx_dropped.
+
+Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
+Cc: linux-stable <stable@vger.kernel.org>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/usb/kvaser_usb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/can/usb/kvaser_usb.c
++++ b/drivers/net/can/usb/kvaser_usb.c
+@@ -1179,7 +1179,7 @@ static void kvaser_usb_rx_can_msg(const
+
+ skb = alloc_can_skb(priv->netdev, &cf);
+ if (!skb) {
+- stats->tx_dropped++;
++ stats->rx_dropped++;
+ return;
+ }
+
--- /dev/null
+From e8f48f96db7e482995743f461b3e8a5c1a102533 Mon Sep 17 00:00:00 2001
+From: Florent Flament <contact@florentflament.com>
+Date: Thu, 19 Apr 2018 19:07:00 +0300
+Subject: drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Florent Flament <contact@florentflament.com>
+
+commit e8f48f96db7e482995743f461b3e8a5c1a102533 upstream.
+
+Fix `[drm:intel_enable_lvds] *ERROR* timed out waiting for panel to
+power on` in kernel log at boot time.
+
+Toshiba Satellite Z930 laptops needs between 1 and 2 seconds to power
+on its screen during Intel i915 DRM initialization. This currently
+results in a `[drm:intel_enable_lvds] *ERROR* timed out waiting for
+panel to power on` message appearing in the kernel log during boot
+time and when stopping the machine.
+
+This change increases the timeout of the `intel_enable_lvds` function
+from 1 to 5 seconds, letting enough time for the Satellite 930 LCD
+screen to power on, and suppressing the error message from the kernel
+log.
+
+This patch has been successfully tested on Linux 4.14 running on a
+Toshiba Satellite Z930.
+
+[vsyrjala: bump the timeout from 2 to 5 seconds to match the DP
+ code and properly cover the max hw timeout of ~4 seconds, and
+ drop the comment about the specific machine since this is not
+ a particulary surprising issue, nor specific to that one machine]
+
+Signed-off-by: Florent Flament <contact@florentflament.com>
+Cc: stable@vger.kernel.org
+Cc: Pavel Petrovic <ppetrovic@acm.org>
+Cc: Sérgio M. Basto <sergio@serjux.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103414
+References: https://bugzilla.kernel.org/show_bug.cgi?id=57591
+Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20180419160700.19828-1-ville.syrjala@linux.intel.com
+Reviewed-by: Jani Nikula <jani.nikula@intel.com>
+(cherry picked from commit 280b54ade5914d3b4abe4f0ebe083ddbd4603246)
+Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/intel_lvds.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/intel_lvds.c
++++ b/drivers/gpu/drm/i915/intel_lvds.c
+@@ -321,7 +321,8 @@ static void intel_enable_lvds(struct int
+
+ I915_WRITE(PP_CONTROL(0), I915_READ(PP_CONTROL(0)) | PANEL_POWER_ON);
+ POSTING_READ(lvds_encoder->reg);
+- if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 1000))
++
++ if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 5000))
+ DRM_ERROR("timed out waiting for panel to power on\n");
+
+ intel_panel_enable_backlight(intel_connector);
--- /dev/null
+From 9a0e9802217291e54c4dd1fc5462f189a4be14ec Mon Sep 17 00:00:00 2001
+From: Boris Brezillon <boris.brezillon@bootlin.com>
+Date: Mon, 7 May 2018 14:13:03 +0200
+Subject: drm/vc4: Fix scaling of uni-planar formats
+
+From: Boris Brezillon <boris.brezillon@bootlin.com>
+
+commit 9a0e9802217291e54c4dd1fc5462f189a4be14ec upstream.
+
+When using uni-planar formats (like RGB), the scaling parameters are
+stored in plane 0, not plane 1.
+
+Fixes: fc04023fafec ("drm/vc4: Add support for YUV planes.")
+Cc: stable@vger.kernel.org
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Reviewed-by: Eric Anholt <eric@anholt.net>
+Link: https://patchwork.freedesktop.org/patch/msgid/20180507121303.5610-1-boris.brezillon@bootlin.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/vc4/vc4_plane.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/vc4/vc4_plane.c
++++ b/drivers/gpu/drm/vc4/vc4_plane.c
+@@ -533,7 +533,7 @@ static int vc4_plane_mode_set(struct drm
+ * the scl fields here.
+ */
+ if (num_planes == 1) {
+- scl0 = vc4_get_scl_field(state, 1);
++ scl0 = vc4_get_scl_field(state, 0);
+ scl1 = scl0;
+ } else {
+ scl0 = vc4_get_scl_field(state, 1);
--- /dev/null
+From f241632fd087d3d9fbd5450f4d8c8604badd8348 Mon Sep 17 00:00:00 2001
+From: Govert Overgaauw <govert.overgaauw@prodrive-technologies.com>
+Date: Fri, 6 Apr 2018 14:41:35 +0200
+Subject: gpio: fix aspeed_gpio unmask irq
+
+From: Govert Overgaauw <govert.overgaauw@prodrive-technologies.com>
+
+commit f241632fd087d3d9fbd5450f4d8c8604badd8348 upstream.
+
+The unmask function disables all interrupts in a bank when unmasking an
+interrupt. Only disable the given interrupt.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Govert Overgaauw <govert.overgaauw@prodrive-technologies.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpio-aspeed.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpio/gpio-aspeed.c
++++ b/drivers/gpio/gpio-aspeed.c
+@@ -256,7 +256,7 @@ static void aspeed_gpio_irq_set_mask(str
+ if (set)
+ reg |= bit;
+ else
+- reg &= bit;
++ reg &= ~bit;
+ iowrite32(reg, addr);
+
+ spin_unlock_irqrestore(&gpio->lock, flags);
--- /dev/null
+From f001cc351ad3309ec8736c374e90e5a4bc472d41 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
+Date: Mon, 16 Apr 2018 13:17:53 +0200
+Subject: gpio: fix error path in lineevent_create
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+
+commit f001cc351ad3309ec8736c374e90e5a4bc472d41 upstream.
+
+If gpiod_request() fails the cleanup must not call gpiod_free().
+
+Cc: stable@vger.kernel.org
+Fixes: 61f922db7221 ("gpio: userspace ABI for reading GPIO line events")
+Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpiolib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -795,7 +795,7 @@ static int lineevent_create(struct gpio_
+ desc = &gdev->descs[offset];
+ ret = gpiod_request(desc, le->label);
+ if (ret)
+- goto out_free_desc;
++ goto out_free_label;
+ le->desc = desc;
+ le->eflags = eflags;
+
--- /dev/null
+From ab3dbcf78f60f46d6a0ad63b1f4b690b7a427140 Mon Sep 17 00:00:00 2001
+From: Timur Tabi <timur@codeaurora.org>
+Date: Thu, 29 Mar 2018 13:29:12 -0500
+Subject: gpioib: do not free unrequested descriptors
+
+From: Timur Tabi <timur@codeaurora.org>
+
+commit ab3dbcf78f60f46d6a0ad63b1f4b690b7a427140 upstream.
+
+If the main loop in linehandle_create() encounters an error, it
+unwinds completely by freeing all previously requested GPIO
+descriptors. However, if the error occurs in the beginning of
+the loop before that GPIO is requested, then the exit code
+attempts to free a null descriptor. If extrachecks is enabled,
+gpiod_free() triggers a WARN_ON.
+
+Instead, keep a separate count of legitimate GPIOs so that only
+those are freed.
+
+Cc: stable@vger.kernel.org
+Fixes: d7c51b47ac11 ("gpio: userspace ABI for reading/writing GPIO lines")
+Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Signed-off-by: Timur Tabi <timur@codeaurora.org>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpio/gpiolib.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -425,7 +425,7 @@ static int linehandle_create(struct gpio
+ struct gpiohandle_request handlereq;
+ struct linehandle_state *lh;
+ struct file *file;
+- int fd, i, ret;
++ int fd, i, count = 0, ret;
+
+ if (copy_from_user(&handlereq, ip, sizeof(handlereq)))
+ return -EFAULT;
+@@ -471,6 +471,7 @@ static int linehandle_create(struct gpio
+ if (ret)
+ goto out_free_descs;
+ lh->descs[i] = desc;
++ count = i;
+
+ if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW)
+ set_bit(FLAG_ACTIVE_LOW, &desc->flags);
+@@ -537,7 +538,7 @@ static int linehandle_create(struct gpio
+ out_put_unused_fd:
+ put_unused_fd(fd);
+ out_free_descs:
+- for (; i >= 0; i--)
++ for (i = 0; i < count; i++)
+ gpiod_free(lh->descs[i]);
+ kfree(lh->label);
+ out_free_lh:
--- /dev/null
+From 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Thu, 26 Apr 2018 22:32:21 +0200
+Subject: libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 184add2ca23ce5edcac0ab9c3b9be13f91e7b567 upstream.
+
+Richard Jones has reported that using med_power_with_dipm on a T450s
+with a Sandisk SD7UB3Q256G1001 SSD (firmware version X2180501) is
+causing the machine to hang.
+
+Switching the LPM to max_performance fixes this, so it seems that
+this Sandisk SSD does not handle LPM well.
+
+Note in the past there have been bug-reports about the following
+Sandisk models not working with min_power, so we may need to extend
+the quirk list in the future: name - firmware
+Sandisk SD6SB2M512G1022I - X210400
+Sandisk SD6PP4M-256G-1006 - A200906
+
+Cc: stable@vger.kernel.org
+Cc: Richard W.M. Jones <rjones@redhat.com>
+Reported-and-tested-by: Richard W.M. Jones <rjones@redhat.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4422,6 +4422,9 @@ static const struct ata_blacklist_entry
+ ATA_HORKAGE_ZERO_AFTER_TRIM |
+ ATA_HORKAGE_NOLPM, },
+
++ /* Sandisk devices which are known to not handle LPM well */
++ { "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, },
++
+ /* devices that don't properly handle queued TRIM commands */
+ { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, },
--- /dev/null
+From acf784bd0ce257fe43da7ca266f7a10b837479d2 Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Thu, 3 May 2018 13:45:58 -0500
+Subject: net: atm: Fix potential Spectre v1
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit acf784bd0ce257fe43da7ca266f7a10b837479d2 upstream.
+
+ioc_data.dev_num can be controlled by user-space, hence leading to
+a potential exploitation of the Spectre variant 1 vulnerability.
+
+This issue was detected with the help of Smatch:
+net/atm/lec.c:702 lec_vcc_attach() warn: potential spectre issue
+'dev_lec'
+
+Fix this by sanitizing ioc_data.dev_num before using it to index
+dev_lec. Also, notice that there is another instance in which array
+dev_lec is being indexed using ioc_data.dev_num at line 705:
+lec_vcc_added(netdev_priv(dev_lec[ioc_data.dev_num]),
+
+Notice that given that speculation windows are large, the policy is
+to kill the speculation on the first load and not worry if it can be
+completed with a dependent load/store [1].
+
+[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/atm/lec.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/net/atm/lec.c
++++ b/net/atm/lec.c
+@@ -41,6 +41,9 @@ static unsigned char bridge_ula_lec[] =
+ #include <linux/module.h>
+ #include <linux/init.h>
+
++/* Hardening for Spectre-v1 */
++#include <linux/nospec.h>
++
+ #include "lec.h"
+ #include "lec_arpc.h"
+ #include "resources.h"
+@@ -697,8 +700,10 @@ static int lec_vcc_attach(struct atm_vcc
+ bytes_left = copy_from_user(&ioc_data, arg, sizeof(struct atmlec_ioc));
+ if (bytes_left != 0)
+ pr_info("copy from user failed for %d bytes\n", bytes_left);
+- if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF ||
+- !dev_lec[ioc_data.dev_num])
++ if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF)
++ return -EINVAL;
++ ioc_data.dev_num = array_index_nospec(ioc_data.dev_num, MAX_LEC_ITF);
++ if (!dev_lec[ioc_data.dev_num])
+ return -EINVAL;
+ vpriv = kmalloc(sizeof(struct lec_vcc_priv), GFP_KERNEL);
+ if (!vpriv)
--- /dev/null
+From 4bf01ca21e2e0e4561d1a03c48c3d740418702db Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 26 Apr 2018 09:31:52 +0200
+Subject: rfkill: gpio: fix memory leak in probe error path
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 4bf01ca21e2e0e4561d1a03c48c3d740418702db upstream.
+
+Make sure to free the rfkill device in case registration fails during
+probe.
+
+Fixes: 5e7ca3937fbe ("net: rfkill: gpio: convert to resource managed allocation")
+Cc: stable <stable@vger.kernel.org> # 3.13
+Cc: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/rfkill/rfkill-gpio.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/rfkill/rfkill-gpio.c
++++ b/net/rfkill/rfkill-gpio.c
+@@ -138,13 +138,18 @@ static int rfkill_gpio_probe(struct plat
+
+ ret = rfkill_register(rfkill->rfkill_dev);
+ if (ret < 0)
+- return ret;
++ goto err_destroy;
+
+ platform_set_drvdata(pdev, rfkill);
+
+ dev_info(&pdev->dev, "%s device registered.\n", rfkill->name);
+
+ return 0;
++
++err_destroy:
++ rfkill_destroy(rfkill->rfkill_dev);
++
++ return ret;
+ }
+
+ static int rfkill_gpio_remove(struct platform_device *pdev)
kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch
f2fs-fix-a-dead-loop-in-f2fs_fiemap.patch
arm64-add-work-around-for-arm-cortex-a55-erratum-1024718.patch
+gpioib-do-not-free-unrequested-descriptors.patch
+gpio-fix-aspeed_gpio-unmask-irq.patch
+gpio-fix-error-path-in-lineevent_create.patch
+rfkill-gpio-fix-memory-leak-in-probe-error-path.patch
+libata-apply-nolpm-quirk-for-sandisk-sd7ub3q-g1001-ssds.patch
+tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
+can-kvaser_usb-increase-correct-stats-counter-in-kvaser_usb_rx_can_msg.patch
+drm-vc4-fix-scaling-of-uni-planar-formats.patch
+drm-i915-fix-drm-intel_enable_lvds-error-message-in-kernel-log.patch
+net-atm-fix-potential-spectre-v1.patch
+atm-zatm-fix-potential-spectre-v1.patch
--- /dev/null
+From dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Wed, 9 May 2018 11:59:32 -0400
+Subject: tracing: Fix regex_match_front() to not over compare the test string
+
+From: Steven Rostedt (VMware) <rostedt@goodmis.org>
+
+commit dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d upstream.
+
+The regex match function regex_match_front() in the tracing filter logic,
+was fixed to test just the pattern length from testing the entire test
+string. That is, it went from strncmp(str, r->pattern, len) to
+strcmp(str, r->pattern, r->len).
+
+The issue is that str is not guaranteed to be nul terminated, and if r->len
+is greater than the length of str, it can access more memory than is
+allocated.
+
+The solution is to add a simple test if (len < r->len) return 0.
+
+Cc: stable@vger.kernel.org
+Fixes: 285caad415f45 ("tracing/filters: Fix MATCH_FRONT_ONLY filter matching")
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_events_filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -322,6 +322,9 @@ static int regex_match_full(char *str, s
+
+ static int regex_match_front(char *str, struct regex *r, int len)
+ {
++ if (len < r->len)
++ return 0;
++
+ if (strncmp(str, r->pattern, r->len) == 0)
+ return 1;
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
