[PATCH 4.14 26/53] ext4: add more inode number paranoia checks

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit c37e9e013469521d9adb932d17a1795c139b36db upstream. If there is a directory entry pointing to a system inode (such as a journal inode), complain and declare the file system

[PATCH 4.14 22/53] ext4: include the illegal physical block in the bad map ext4_error msg

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit bdbd6ce01a70f02e9373a584d0ae9538dcf0a121 upstream. Signed-off-by: Theodore Ts'o Cc: sta...@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/inode.c |4 ++--

[PATCH 4.14 27/53] ext4: add more mount time checks of the superblock

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit bfe0a5f47ada40d7984de67e59a7d3390b9b9ecc upstream. The kernel's ext4 mount-time checks were more permissive than e2fsprogs's libext2fs checks when opening a file system.

[PATCH 4.14 28/53] ext4: check superblock mapped prior to committing

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jon Derrick commit a17712c8e4be4fa5404d20e9cd3b2b21eae7bc56 upstream. This patch attempts to close a hole leading to a BUG seen with hot removals during writes [1]. A block device (NVME names

[PATCH 4.14 29/53] block: factor out __blkdev_issue_zero_pages()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit 425a4dba7953e35ffd096771973add6d2f40d2ed upstream. blkdev_issue_zeroout() will use this in !BLKDEV_ZERO_NOFALLBACK case. Reviewed-by: Christoph Hellwig Reviewed-by: Marti

[PATCH 4.14 30/53] block: cope with WRITE ZEROES failing in blkdev_issue_zeroout()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ilya Dryomov commit d5ce4c31d6df518dd8f63bbae20d7423c5018a6c upstream. sd_config_write_same() ignores ->max_ws_blocks == 0 and resets it to permit trying WRITE SAME on older SCSI devices, unle

[PATCH 4.14 34/53] irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1)

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Rakib Mullick commit 10d94ff4d558b96bfc4f55bb0051ae4d938246fe upstream. When the irqaffinity= kernel parameter is passed in a CPUMASK_OFFSTACK=y kernel, it fails to boot, because zalloc_cpumas

[PATCH 4.14 38/53] [PATCH] Revert "dpaa_eth: fix error in dpaa_remove()"

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Greg Kroah-Hartman This reverts commit 5bbb99d2fde047df596379be6c58e265e2ddbe1f which is commit 88075256ee817041d68c2387f29065b5cb2b342a upstream. Jiri writes that this was an incorrect fix, a

[PATCH 4.14 06/53] s390: Correct register corruption in critical section cleanup

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Christian Borntraeger commit 891f6a726cacbb87e5b06076693ffab53bd378d7 upstream. In the critical section cleanup we must not mess with r1. For march=z9 or older, larl + ex (instead of exrl) ar

[PATCH 4.14 05/53] scsi: target: Fix truncated PR-in ReadKeys response

4.14-stable review patch. If anyone has any objections, please let me know. -- From: David Disseldorp commit 63ce3c384db26494615e3c8972bcd419ed71f4c4 upstream. SPC5r17 states that the contents of the ADDITIONAL LENGTH field are not altered based on the allocation length, so al

[PATCH 4.14 36/53] media: vb2: core: Finish buffers at the end of the stream

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sakari Ailus commit 03703ed1debf777ea845aa9b50ba2e80a5e7dd3c upstream. If buffers were prepared or queued and the buffers were released without starting the queue, the finish mem op (correspon

[PATCH 4.14 33/53] HID: debug: check length before copy_to_user()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Rosenberg commit 717adfdaf14704fd3ec7fa2c04520c0723247eac upstream. If our length is greater than the size of the buffer, we overflow the buffer Cc: sta...@vger.kernel.org Signed-off-b

[PATCH 4.14 32/53] HID: hiddev: fix potential Spectre v1

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 4f65245f2d178b9cba48350620d76faa4a098841 upstream. uref->field_index, uref->usage_index, finfo.field_index and cinfo.index can be indirectly controlled by user-space

[PATCH 4.14 31/53] HID: i2c-hid: Fix "incomplete report" noise

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jason Andryuk commit ef6eaf27274c0351f7059163918f3795da13199c upstream. Commit ac75a041048b ("HID: i2c-hid: fix size check and type usage") started writing messages when the ret_size is <= 2 f

[PATCH 4.14 37/53] f2fs: truncate preallocated blocks in error case

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jaegeuk Kim commit dc7a10ddee0c56c6d891dd18de5c4ee9869545e0 upstream. If write is failed, we must deallocate the blocks that we couldn't write. Cc: sta...@vger.kernel.org Reviewed-by: Chao Yu

[PATCH 4.14 07/53] drbd: fix access after free

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Lars Ellenberg commit 64dafbc9530c10300acffc57fae3269d95fa8f93 upstream. We have struct drbd_requests { ... struct bio *private_bio; ... } to hold a bio clone for local submission. On loca

[PATCH 4.14 35/53] mm: hwpoison: disable memory error handling on 1GB hugepage

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Naoya Horiguchi commit 31286a8484a85e8b4e91ddb0f5415aee8a416827 upstream. Recently the following BUG was reported: Injecting memory failure for pfn 0x3c at process virtual address 0x

[PATCH 4.14 51/53] staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 1376b0a2160319125c3a2822e8c09bd283cd8141 upstream. There is a '>' vs '<' typo so this loop is a no-op. Fixes: d35dcc89fc93 ("staging: comedi: quatech_daqp_cs: fix daqp_a

[PATCH 4.14 52/53] sched, tracing: Fix trace_sched_pi_setprio() for deboosting

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior commit 4ff648decf4712d39f184fc2df3163f43975575a upstream. Since the following commit: b91473ff6e97 ("sched,tracing: Update trace_sched_pi_setprio()") the sched_pi

[PATCH 4.14 53/53] Revert mm/vmstat.c: fix vmstat_update() preemption BUG

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior commit 28557cc106e6d2aa8b8c5c7687ea9f8055ff3911 upstream. Revert commit c7f26ccfb2c3 ("mm/vmstat.c: fix vmstat_update() preemption BUG"). Steven saw a "using smp_pro

[PATCH 4.14 10/53] cifs: Fix memory leak in smb2_set_ea()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Paulo Alcantara commit 6aa0c114eceec8cc61715f74a4ce91b048d7561c upstream. This patch fixes a memory leak when doing a setxattr(2) in SMB2+. Signed-off-by: Paulo Alcantara Cc: sta...@vger.ker

[PATCH 4.14 01/53] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Janosch Frank commit 1e2c043628c7736dd56536d16c0ce009bc834ae7 upstream. Use huge_ptep_get() to translate huge ptes to normal ptes so we can check them with the huge_pte_* functions. Otherwise

[PATCH 4.14 44/53] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ross Zwisler commit 15256f6cc4b44f2e70503758150267fd2a53c0d6 upstream. Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first

[PATCH 4.14 43/53] dax: change bdev_dax_supported() to support boolean returns

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Dave Jiang commit 80660f20252d6f76c9f203874ad7c7a4a8508cf8 upstream. The function return values are confusing with the way the function is named. We expect a true or false return value but it

[PATCH 4.14 41/53] mtd: rawnand: mxc: set spare area size register explicitly

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Martin Kaiser commit 3f77f244d8ec28e3a0a81240ffac7d626390060c upstream. The v21 version of the NAND flash controller contains a Spare Area Size Register (SPAS) at offset 0x10. Its setting defa

[PATCH 4.14 50/53] netfilter: nf_log: dont hold nf_log_mutex during user access

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit ce00bf07cc95a57cd20b208e02b3c2604e532ae8 upstream. The old code would indefinitely block other users of nf_log_mutex if a userspace access in proc_dostring() blocked e.g. due

[PATCH 4.14 40/53] media: cx25840: Use subdev host data for PLL override

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Brad Love commit 3ee9bc12342cf546313d300808ff47d7dbb8e7db upstream. The cx25840 driver currently configures 885, 887, and 888 using default divisors for each chip. This check to see if the cx2

[PATCH 4.14 49/53] mtd: cfi_cmdset_0002: Change erase functions to check chip good only

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 79ca484b613041ca223f74b34608bb6f5221724b upstream. Currently the functions use to check both chip ready and good. But the chip ready is not enough to check the operatio

Re: Differences in cpu utilization reported by sar, emon

Further analysis shows that even with CONFIG_IRQ_TIME_ACCOUNTING or DYNTICKS (CONFIG_VIRT_CPU_ACCOUNTING_GEN) there are some CPU cycles lost. This difference correlates with the number of interrupts/sec handled in the core, as the number increases, difference also does. Network example (linux bare

[PATCH 4.14 42/53] fs: allow per-device dax status checking for filesystems

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Darrick J. Wong commit ba23cba9b3bdc967aabdc6ff1e3e9b11ce05bb4f upstream. Change bdev_dax_supported so it takes a bdev parameter. This enables multi-device filesystems like xfs to check that

[PATCH 4.14 45/53] dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions()

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Mike Snitzer commit ad3793fc3945173f64d82d05d3ecde41f6c0435c upstream. Rather than having DAX support be unique by setting it based on table type in dm_setup_md_queue(). Signed-off-by: Mike S

[PATCH 4.17 00/56] 4.17.6-stable review

This is the start of the stable review cycle for the 4.17.6 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jul 12 18:24:40 UTC 2018. Anything receive

[PATCH 4.17 11/56] scsi: aacraid: Fix PD performance regression over incorrect qd being set

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Raghava Aditya Renukunta commit 59b433c825569ce251371485f0e29fca888b549d upstream. The driver fails to set the correct queue depth for native devices, due to failing to set the device type pri

[PATCH 4.17 12/56] scsi: target: Fix truncated PR-in ReadKeys response

4.17-stable review patch. If anyone has any objections, please let me know. -- From: David Disseldorp commit 63ce3c384db26494615e3c8972bcd419ed71f4c4 upstream. SPC5r17 states that the contents of the ADDITIONAL LENGTH field are not altered based on the allocation length, so al

[PATCH 4.14 46/53] dm: prevent DAX mounts if not supported

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Ross Zwisler commit dbc626597c39b24cefce09fbd8e9dea85869a801 upstream. Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX flag is set on the device's request queue to dec

[PATCH 4.14 39/53] Kbuild: fix # escaping in .cmd files for future Make

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Rasmus Villemoes commit 9564a8cf422d7b58f6e857e3546d346fa970191e upstream. I tried building using a freshly built Make (4.2.1-69-g8a731d1), but already the objtool build broke with orc_dump.c

[PATCH 4.14 47/53] mtd: cfi_cmdset_0002: Change definition naming to retry write operation

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 85a82e28b023de9b259a86824afbd6ba07bd6475 upstream. The definition can be used for other program and erase operations also. So change the naming to MAX_RETRIES from MAX_

[PATCH 4.14 48/53] mtd: cfi_cmdset_0002: Change erase functions to retry for error

4.14-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 45f75b8a919a4255f52df454f1ffdee0e42443b2 upstream. For the word write functions it is retried for error. But it is not implemented to retry for the erase functions. To

[PATCH 4.17 02/56] mm: hugetlb: yield when prepping struct pages

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Cannon Matthews commit 520495fe96d74e05db585fc748351e0504d8f40d upstream. When booting with very large numbers of gigantic (i.e. 1G) pages, the operations in the loop of gather_bootmem_preall

[PATCH 4.17 16/56] ARM: dts: imx51-zii-rdu1: fix touchscreen pinctrl

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Nick Dyer commit 06d793b114e9d922c03aa077ac6c5c51fdda2722 upstream. The pinctrl settings were incorrect for the touchscreen interrupt line, causing an interrupt storm. This change has been tes

[PATCH 4.17 13/56] s390: Correct register corruption in critical section cleanup

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Christian Borntraeger commit 891f6a726cacbb87e5b06076693ffab53bd378d7 upstream. In the critical section cleanup we must not mess with r1. For march=z9 or older, larl + ex (instead of exrl) ar

[PATCH 4.17 14/56] drbd: fix access after free

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Lars Ellenberg commit 64dafbc9530c10300acffc57fae3269d95fa8f93 upstream. We have struct drbd_requests { ... struct bio *private_bio; ... } to hold a bio clone for local submission. On loca

[PATCH 4.17 15/56] vfio: Use get_user_pages_longterm correctly

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jason Gunthorpe commit bb94b55af3461e26b32f0e23d455abeae0cfca5d upstream. The patch noted in the fixes below converted get_user_pages_fast() to get_user_pages_longterm(), however the two calls

[PATCH 4.17 17/56] ARM: dts: omap3: Fix am3517 mdio and emac clock references

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Adam Ford commit 0144eb204cdcdf09a76794b4a294291388e739bc upstream. A previous patch removed OMAP clock aliases that were perceived to be unnecessary. Unfortunately, it broke the ethernet on

[PATCH 4.17 18/56] ARM: dts: dra7: Disable metastability workaround for USB2

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Roger Quadros commit 07eaa43e66f505980d00e0f5fe697f3da7c6a730 upstream. Disable the metastability workaround for USB2. The original patch disabled the workaround on the wrong USB port. Fixes:

[PATCH 4.17 21/56] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Stefano Brivio commit f46ecbd97f508e68a7806291a139499794874f3d upstream. A "small" CIFS buffer is not big enough in general to hold a setacl request for SMB2, and we end up overflowing the buf

[PATCH 4.17 03/56] mm: teach dump_page() to correctly output poisoned struct pages

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Pavel Tatashin commit fc36def997cfd6cbff3eda4f82853a5c311c5466 upstream. If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to o

[PATCH 4.17 20/56] cifs: Fix memory leak in smb2_set_ea()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paulo Alcantara commit 6aa0c114eceec8cc61715f74a4ce91b048d7561c upstream. This patch fixes a memory leak when doing a setxattr(2) in SMB2+. Signed-off-by: Paulo Alcantara Cc: sta...@vger.ker

[PATCH 4.17 22/56] cifs: Fix infinite loop when using hard mount option

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Paulo Alcantara commit 7ffbe65578b44fafdef577a360eb0583929f7c6e upstream. For every request we send, whether it is SMB1 or SMB2+, we attempt to reconnect tcon (cifs_reconnect_tcon or smb2_reco

[PATCH 4.17 25/56] drm/amdgpu: Add amdgpu_atpx_get_dhandle()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit 4aa5d5eb82bb237d0bb3a38b2a7555054d018081 upstream. Since it seems that some vendors are storing the ATIF ACPI methods under the same handle that ATPX lives under instead of t

[PATCH 4.17 24/56] drm/udl: fix display corruption of the last line

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Mikulas Patocka commit 99ec9e77511dea55d81729fc80b6c63a61bfa8e0 upstream. The displaylink hardware has such a peculiarity that it doesn't render a command until next command is received. This

[PATCH 4.17 23/56] drm: Use kvzalloc for allocating blob property memory

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Michel Dänzer commit 718b5406cd76f1aa6434311241b7febf0e8571ff upstream. The property size may be controlled by userspace, can be large (I've seen failure with order 4, i.e. 16 pages / 64 KB) a

[PATCH 4.17 26/56] drm/amdgpu: Dynamically probe for ATIF handle (v2)

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit f9ff68521a5541e1fdaeb0ef11871c035b30e409 upstream. The other day I was testing one of the HP laptops at my office with an i915/amdgpu hybrid setup and noticed that hotpluggin

[PATCH 4.17 27/56] jbd2: dont mark block as modified if the handle is out of credits

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit e09463f220ca9a1a1ecfda84fcda658f99a1f12a upstream. Do not set the b_modified flag in block's journal head should not until after we're sure that jbd2_journal_dirty_metadat

[PATCH 4.17 28/56] ext4: add corruption check in ext4_xattr_set_entry()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d upstream. In theory this should have been caught earlier when the xattr list was verified, but in case it got missed, it's simple

[PATCH 4.17 30/56] ext4: make sure bitmaps and the inode table dont overlap with bg descriptors

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 77260807d1170a8cf35dbb06e07461a655f67eee upstream. It's really bad when the allocation bitmaps and the inode table overlap with the block group descriptors, since it cause

[PATCH 4.17 29/56] ext4: always verify the magic number in xattr blocks

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 513f86d73855ce556ea9522b6bfd79f87356dc3a upstream. If there an inode points to a block which is also some other type of metadata block (such as a block allocation bitmap),

[PATCH 4.17 04/56] PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Rafael J. Wysocki commit 26112ddc254c98681b224aa9ededefc01b6e02d2 upstream. It is reported that commit c62ec4610c40 (PM / core: Fix direct_complete handling for devices with no callbacks) intr

[PATCH 4.17 34/56] ext4: include the illegal physical block in the bad map ext4_error msg

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit bdbd6ce01a70f02e9373a584d0ae9538dcf0a121 upstream. Signed-off-by: Theodore Ts'o Cc: sta...@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/inode.c |4 ++--

[PATCH 4.17 33/56] ext4: verify the depth of extent tree in ext4_find_extent()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit bc890a60247171294acc0bd67d211fa4b88d40ba upstream. If there is a corupted file system where the claimed depth of the extent tree is -1, this can cause a massive buffer ove

Re: Mounting corrupted HFS+ causes kernel NULL pointer dereference

Thank you, When applied this single patch on v4.18-rc4 and performed "echo > /mnt/xyz" on hfsplus_16mb_hang image, I get about 14 pairs of lines hfsplus: unable to mark blocks free: error -5 hfsplus: can't free extent Then `echo` exits with "No space left on device" error. Then it permits to per

[PATCH 4.17 31/56] ext4: always check block group bounds in ext4_init_block_bitmap()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 819b23f1c501b17b9694325471789e6b5cc2d0d2 upstream. Regardless of whether the flex_bg feature is set, we should always check to make sure the bits we are setting in the blo

[PATCH 4.17 32/56] ext4: only look at the bg_flags field if it is valid

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 8844618d8aa7a9973e7b527d038a2a589665002c upstream. The bg_flags field in the block group descripts is only valid if the uninit_bg or metadata_csum feature is enabled. We

[PATCH 4.17 08/56] tracing: Avoid string overflow

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Arnd Bergmann commit cf4d418e653afc84c9c873236033e06be5d58f1c upstream. 'err' is used as a NUL-terminated string, but using strncpy() with the length equal to the buffer size may result in lac

[PATCH 4.17 06/56] ACPI / battery: Safe unregistering of hooks

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jouke Witteveen commit 673b4271665a12fa839a12abb50e6f6e9953c081 upstream. A hooking API was implemented for 4.17 in fa93854f7a7ed63d followed by hooks for Thinkpad laptops in 2801b9683f740012.

[PATCH 4.17 07/56] drm/amdgpu: Make struct amdgpu_atif private to amdgpu_acpi.c

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Lyude Paul commit 2cd5fe22d9a45cdf11c62bbe8db3ce9101207510 upstream. Currently, there is nothing in amdgpu that actually uses these structs other than amdgpu_acpi.c. Additionally, since we're

[PATCH 4.17 51/56] mtd: cfi_cmdset_0002: Change definition naming to retry write operation

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 85a82e28b023de9b259a86824afbd6ba07bd6475 upstream. The definition can be used for other program and erase operations also. So change the naming to MAX_RETRIES from MAX_

[PATCH 4.17 10/56] scsi: sg: mitigate read/write abuse

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit 26b5b874aff5659a7e26e5b1997e3df2c41fa7fd upstream. As Al Viro noted in commit 128394eff343 ("sg_write()/bsg_write() is not fit to be called under KERNEL_DS"), sg improperly ac

[PATCH 4.17 53/56] mtd: cfi_cmdset_0002: Change erase functions to check chip good only

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 79ca484b613041ca223f74b34608bb6f5221724b upstream. Currently the functions use to check both chip ready and good. But the chip ready is not enough to check the operatio

[PATCH 4.17 50/56] dm: prevent DAX mounts if not supported

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Ross Zwisler commit dbc626597c39b24cefce09fbd8e9dea85869a801 upstream. Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX flag is set on the device's request queue to dec

[PATCH 4.17 09/56] tracing: Fix missing return symbol in function_graph output

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Changbin Du commit 1fe4293f4b8de75824935f8d8e9a99c7fc6873da upstream. The function_graph tracer does not show the interrupt return marker for the leaf entry. On leaf entries, we see an unbalan

[PATCH 4.17 36/56] ext4: never move the system.data xattr out of the inode body

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 8cdb5240ec5928b20490a2bb34cb87e9a5f40226 upstream. When expanding the extra isize space, we must never move the system.data xattr out of the inode body. For performance r

[PATCH 4.17 39/56] ext4: add more mount time checks of the superblock

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit bfe0a5f47ada40d7984de67e59a7d3390b9b9ecc upstream. The kernel's ext4 mount-time checks were more permissive than e2fsprogs's libext2fs checks when opening a file system.

[PATCH 4.17 01/56] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Janosch Frank commit 1e2c043628c7736dd56536d16c0ce009bc834ae7 upstream. Use huge_ptep_get() to translate huge ptes to normal ptes so we can check them with the huge_pte_* functions. Otherwise

[PATCH 4.17 54/56] netfilter: nf_log: dont hold nf_log_mutex during user access

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jann Horn commit ce00bf07cc95a57cd20b208e02b3c2604e532ae8 upstream. The old code would indefinitely block other users of nf_log_mutex if a userspace access in proc_dostring() blocked e.g. due

[PATCH 4.17 05/56] ACPICA: Drop leading newlines from error messages

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Rafael J. Wysocki commit a0d5f3b69af7733f3173a8e19d51f68a08017c76 upstream. Commit 5088814a6e93 (ACPICA: AML parser: attempt to continue loading table after error) unintentionally added leadin

Re: [PATCH v11 5/8] i2c: fsi: Add transfer implementation

On 07/09/2018 05:41 PM, Wolfram Sang wrote: + cmd |= FIELD_PREP(I2C_CMD_ADDR, msg->addr >> 1); I just noticed this and wonder: Don't you need the LSB of the address? It is not the RW flag, this is encoded in msg->flags. So, the hardware interprets the LSB as the RW flag. It wouldn't b

[PATCH 4.17 52/56] mtd: cfi_cmdset_0002: Change erase functions to retry for error

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Tokunori Ikegami commit 45f75b8a919a4255f52df454f1ffdee0e42443b2 upstream. For the word write functions it is retried for error. But it is not implemented to retry for the erase functions. To

[PATCH 4.17 55/56] staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Dan Carpenter commit 1376b0a2160319125c3a2822e8c09bd283cd8141 upstream. There is a '>' vs '<' typo so this loop is a no-op. Fixes: d35dcc89fc93 ("staging: comedi: quatech_daqp_cs: fix daqp_a

[PATCH 4.17 37/56] ext4: avoid running out of journal credits when appending to an inline file

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream. Use a separate journal transaction if it turns out that we need to convert an inline file to use an data block. Otherwi

[PATCH 4.17 38/56] ext4: add more inode number paranoia checks

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit c37e9e013469521d9adb932d17a1795c139b36db upstream. If there is a directory entry pointing to a system inode (such as a journal inode), complain and declare the file system

[PATCH 4.17 56/56] Revert mm/vmstat.c: fix vmstat_update() preemption BUG

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Andrzej Siewior commit 28557cc106e6d2aa8b8c5c7687ea9f8055ff3911 upstream. Revert commit c7f26ccfb2c3 ("mm/vmstat.c: fix vmstat_update() preemption BUG"). Steven saw a "using smp_pro

[PATCH 4.17 48/56] dax: change bdev_dax_supported() to support boolean returns

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Dave Jiang commit 80660f20252d6f76c9f203874ad7c7a4a8508cf8 upstream. The function return values are confusing with the way the function is named. We expect a true or false return value but it

[PATCH 4.17 42/56] HID: hiddev: fix potential Spectre v1

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Gustavo A. R. Silva commit 4f65245f2d178b9cba48350620d76faa4a098841 upstream. uref->field_index, uref->usage_index, finfo.field_index and cinfo.index can be indirectly controlled by user-space

[PATCH 4.17 44/56] HID: core: allow concurrent registration of drivers

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Benjamin Tissoires commit 8f732850df1b2b4d8d719f7e606dfb3050e7ea11 upstream. Detected on the Dell XPS 9365. The laptop has 2 devices that benefit from the hid-generic auto-unbinding. When tho

[PATCH 4.17 47/56] fs: allow per-device dax status checking for filesystems

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Darrick J. Wong commit ba23cba9b3bdc967aabdc6ff1e3e9b11ce05bb4f upstream. Change bdev_dax_supported so it takes a bdev parameter. This enables multi-device filesystems like xfs to check that

Re: [PATCH bpf 1/1] bpf: btf: Fix bitfield extraction for big endian

On Tue, Jul 10, 2018 at 04:35:04PM +, David Laight wrote: > From: Martin KaFai Lau > > Sent: 09 July 2018 19:33 > > On Sun, Jul 08, 2018 at 05:22:03PM -0700, Okash Khawaja wrote: > > > When extracting bitfield from a number, btf_int_bits_seq_show() builds > > > a mask and accesses least signifi

[PATCH 4.17 40/56] ext4: check superblock mapped prior to committing

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jon Derrick commit a17712c8e4be4fa5404d20e9cd3b2b21eae7bc56 upstream. This patch attempts to close a hole leading to a BUG seen with hot removals during writes [1]. A block device (NVME names

[PATCH 4.17 49/56] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Ross Zwisler commit 15256f6cc4b44f2e70503758150267fd2a53c0d6 upstream. Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first

[PATCH 4.17 45/56] i2c: core: smbus: fix a potential missing-check bug

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Wenwen Wang commit 8e03477cb709b73a2c1e1f4349ee3b7b33c50416 upstream. In i2c_smbus_xfer_emulated(), the function i2c_transfer() is invoked to transfer i2c messages. The number of actual transf

[PATCH 4.17 43/56] HID: debug: check length before copy_to_user()

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Rosenberg commit 717adfdaf14704fd3ec7fa2c04520c0723247eac upstream. If our length is greater than the size of the buffer, we overflow the buffer Cc: sta...@vger.kernel.org Signed-off-b

[PATCH 4.17 46/56] i2c: smbus: kill memory leak on emulated and failed DMA SMBus xfers

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Peter Rosin commit 9aa613674f89d01248ae2e4afe691b515ff8fbb6 upstream. If DMA safe memory was allocated, but the subsequent I2C transfer fails the memory is leaked. Plug this leak. Fixes: 8a77

[PATCH 4.17 41/56] HID: i2c-hid: Fix "incomplete report" noise

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Jason Andryuk commit ef6eaf27274c0351f7059163918f3795da13199c upstream. Commit ac75a041048b ("HID: i2c-hid: fix size check and type usage") started writing messages when the ret_size is <= 2 f

Re: [PATCH] arm64: make flatmem depend on !NUMA

On Tue, Jul 10, 2018 at 05:16:27PM +0200, Arnd Bergmann wrote: > Building without NUMA but with FLATMEM results in a link error > because mem_map[] is not available: > > aarch64-linux-ld -EB -maarch64elfb --no-undefined -X -pie -shared -Bsymbolic > --no-apply-dynamic-relocs --build-id -o .tmp_vml

Re: Mounting corrupted HFS+ causes kernel NULL pointer dereference

On Tue, Jul 10, 2018 at 08:28:37PM +0300, Anatoly Trosinenko wrote: > Thank you, > > When applied this single patch on v4.18-rc4 and performed "echo > > /mnt/xyz" on hfsplus_16mb_hang image, I get about 14 pairs of lines > > hfsplus: unable to mark blocks free: error -5 > hfsplus: can't free exte

[PATCH 4.17 35/56] ext4: clear i_data in ext4_inode_info when removing inline data

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Theodore Ts'o commit 6e8ab72a812396996035a37e5ca4b3b99b5d214b upstream. When converting from an inode from storing the data in-line to a data block, ext4_destroy_inline_data_nolock() was only

Re: [PATCH v2 2/2] regulator: uniphier: add regulator driver for UniPhier SoC

On Tue, Jul 10, 2018 at 10:27:17AM +0900, Kunihiko Hayashi wrote: > +static int uniphier_regulator_enable(struct regulator_dev *rdev) > +{ > + struct uniphier_regulator_priv *priv = rdev_get_drvdata(rdev); > + > + return regmap_update_bits(priv->regmap, rdev->desc->enable_reg, > +

Re: [PATCH 2/2] spi: Introduce new driver for Qualcomm QuadSPI controller

On Thu, Jul 05, 2018 at 03:46:42PM -0600, Girish Mahadevan wrote: Overall this looks pretty good, but there were a few small issues (mostly cosmetic): > + /* > + * Ensure that the configuration goes through by reading back > + * a register from the IO space. > + */ > + mb()

Re: [PATCH v10 5/6] spi: at91-usart: add driver for at91-usart as spi

On Mon, Jun 25, 2018 at 08:22:29PM +0300, Radu Pirea wrote: This is mostly good, just a couple of small things: > +config SPI_AT91_USART > + tristate "Atmel USART Controller SPI driver" > + depends on HAS_DMA > + depends on (ARCH_AT91 || COMPILE_TEST) > + select MFD_AT91_USART Wh

[PATCH 4.17 19/56] cifs: Fix use after free of a mid_q_entry

4.17-stable review patch. If anyone has any objections, please let me know. -- From: Lars Persson commit 696e420bb2a6624478105651d5368d45b502b324 upstream. With protocol version 2.0 mounts we have seen crashes with corrupt mid entries. Either the server->pending_mid_q list bec

<    1   2   3   4   5   6   7   8   9   10   >