--- /dev/null
+From 4e0973a918b9a42e217093f078e04a61e5dd95a5 Mon Sep 17 00:00:00 2001
+From: Devin Heitmueller <dheitmueller@kernellabs.com>
+Date: Sat, 20 Sep 2014 09:23:44 -0300
+Subject: [media] cx88: Fix regression in initial video standard setting
+
+From: Devin Heitmueller <dheitmueller@kernellabs.com>
+
+commit 4e0973a918b9a42e217093f078e04a61e5dd95a5 upstream.
+
+Setting initial standard at the top of cx8800_initdev would cause the
+first call to cx88_set_tvnorm() to return without programming any
+registers (leaving the driver saying it's set to NTSC but the hardware
+isn't programmed). Even worse, any subsequent attempt to explicitly
+set it to NTSC-M will return success but actually fail to program the
+underlying registers unless first changing the standard to something
+other than NTSC-M.
+
+Set the initial standard later in the process, and make sure the field
+is zero at the beginning to ensure that the call always goes through.
+
+This regression was introduced in the following commit:
+
+commit ccd6f1d488e7 ("[media] cx88: move width, height and field to core
+struct")
+
+Author: Hans Verkuil <hans.verkuil@cisco.com>
+
+[media] cx88: move width, height and field to core struct
+
+Signed-off-by: Devin Heitmueller <dheitmueller@kernellabs.com>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/cx88/cx88-cards.c | 9 ++++++++-
+ drivers/media/pci/cx88/cx88-video.c | 2 +-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/media/pci/cx88/cx88-cards.c
++++ b/drivers/media/pci/cx88/cx88-cards.c
+@@ -3691,7 +3691,14 @@ struct cx88_core *cx88_core_create(struc
+ core->nr = nr;
+ sprintf(core->name, "cx88[%d]", core->nr);
+
+- core->tvnorm = V4L2_STD_NTSC_M;
++ /*
++ * Note: Setting initial standard here would cause first call to
++ * cx88_set_tvnorm() to return without programming any registers. Leave
++ * it blank for at this point and it will get set later in
++ * cx8800_initdev()
++ */
++ core->tvnorm = 0;
++
+ core->width = 320;
+ core->height = 240;
+ core->field = V4L2_FIELD_INTERLACED;
+--- a/drivers/media/pci/cx88/cx88-video.c
++++ b/drivers/media/pci/cx88/cx88-video.c
+@@ -1429,7 +1429,7 @@ static int cx8800_initdev(struct pci_dev
+
+ /* initial device configuration */
+ mutex_lock(&core->lock);
+- cx88_set_tvnorm(core, core->tvnorm);
++ cx88_set_tvnorm(core, V4L2_STD_NTSC_M);
+ v4l2_ctrl_handler_setup(&core->video_hdl);
+ v4l2_ctrl_handler_setup(&core->audio_hdl);
+ cx88_video_mux(core, 0);
--- /dev/null
+From 9156e723301c0a7a7def4cde820e018ce791b842 Mon Sep 17 00:00:00 2001
+From: Tom St Denis <tom.stdenis@amd.com>
+Date: Tue, 23 May 2017 11:35:22 -0400
+Subject: drm/amd/amdgpu: Return error if initiating read out of range on vram
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Tom St Denis <tom.stdenis@amd.com>
+
+commit 9156e723301c0a7a7def4cde820e018ce791b842 upstream.
+
+If you initiate a read that is out of the VRAM address space return
+ENXIO instead of 0.
+
+Reads that begin below that point will read upto the VRAM limit as
+before.
+
+Signed-off-by: Tom St Denis <tom.stdenis@amd.com>
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+@@ -1126,6 +1126,9 @@ static ssize_t amdgpu_ttm_vram_read(stru
+ if (size & 0x3 || *pos & 0x3)
+ return -EINVAL;
+
++ if (*pos >= adev->mc.mc_vram_size)
++ return -ENXIO;
++
+ while (size) {
+ unsigned long flags;
+ uint32_t value;
--- /dev/null
+From ab03d9fe508f4e2914a8f4a9eef1b21051cacd0f Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Thu, 11 May 2017 13:14:14 -0400
+Subject: drm/radeon/ci: disable mclk switching for high refresh rates (v2)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit ab03d9fe508f4e2914a8f4a9eef1b21051cacd0f upstream.
+
+Even if the vblank period would allow it, it still seems to
+be problematic on some cards.
+
+v2: fix logic inversion (Nils)
+
+bug: https://bugs.freedesktop.org/show_bug.cgi?id=96868
+
+Acked-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/radeon/ci_dpm.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/gpu/drm/radeon/ci_dpm.c
++++ b/drivers/gpu/drm/radeon/ci_dpm.c
+@@ -782,6 +782,12 @@ bool ci_dpm_vblank_too_short(struct rade
+ if (r600_dpm_get_vrefresh(rdev) > 120)
+ return true;
+
++ /* disable mclk switching if the refresh is >120Hz, even if the
++ * blanking period would allow it
++ */
++ if (r600_dpm_get_vrefresh(rdev) > 120)
++ return true;
++
+ if (vblank_time < switch_limit)
+ return true;
+ else
--- /dev/null
+From 564d8a2cf3abf16575af48bdc3e86e92ee8a617d Mon Sep 17 00:00:00 2001
+From: Mario Kleiner <mario.kleiner.de@gmail.com>
+Date: Fri, 7 Jul 2017 04:57:04 +0200
+Subject: drm/radeon: Fix eDP for single-display iMac10,1 (v2)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mario Kleiner <mario.kleiner.de@gmail.com>
+
+commit 564d8a2cf3abf16575af48bdc3e86e92ee8a617d upstream.
+
+The late 2009, 27 inch Apple iMac10,1 has an
+internal eDP display and an external Mini-
+Displayport output, driven by a DCE-3.2, RV730
+Radeon Mobility HD-4670.
+
+The machine worked fine in a dual-display setup
+with eDP panel + externally connected HDMI
+or DVI-D digital display sink, connected via
+MiniDP to DVI or HDMI adapter.
+
+However, booting the machine single-display with
+only eDP panel results in a completely black
+display - even backlight powering off, as soon as
+the radeon modesetting driver loads.
+
+This patch fixes the single dispay eDP case by
+assigning encoders based on dig->linkb, similar
+to DCE-4+. While this should not be generally
+necessary (Alex: "...atom on normal boards
+should be able to handle any mapping."), Apple
+seems to use some special routing here.
+
+One remaining problem not solved by this patch
+is that an external Minidisplayport->DP sink
+does still not work on iMac10,1, whereas external
+DVI and HDMI sinks continue to work.
+
+The problem affects at least all tested kernels
+since Linux 3.13 - didn't test earlier kernels, so
+backporting to stable probably makes sense.
+
+v2: With the original patch from 2016, Alex was worried it
+ will break other DCE3.2 systems. Use dmi_match() to
+ apply this special encoder assignment only for the
+ Apple iMac 10,1 from late 2009.
+
+Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com>
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Cc: Michel Dänzer <michel.daenzer@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/radeon/atombios_encoders.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/radeon/atombios_encoders.c
++++ b/drivers/gpu/drm/radeon/atombios_encoders.c
+@@ -30,6 +30,7 @@
+ #include "radeon_audio.h"
+ #include "atom.h"
+ #include <linux/backlight.h>
++#include <linux/dmi.h>
+
+ extern int atom_debug;
+
+@@ -2183,9 +2184,17 @@ int radeon_atom_pick_dig_encoder(struct
+ goto assigned;
+ }
+
+- /* on DCE32 and encoder can driver any block so just crtc id */
++ /*
++ * On DCE32 any encoder can drive any block so usually just use crtc id,
++ * but Apple thinks different at least on iMac10,1, so there use linkb,
++ * otherwise the internal eDP panel will stay dark.
++ */
+ if (ASIC_IS_DCE32(rdev)) {
+- enc_idx = radeon_crtc->crtc_id;
++ if (dmi_match(DMI_PRODUCT_NAME, "iMac10,1"))
++ enc_idx = (dig->linkb) ? 1 : 0;
++ else
++ enc_idx = radeon_crtc->crtc_id;
++
+ goto assigned;
+ }
+
--- /dev/null
+From c925dc162f770578ff4a65ec9b08270382dba9e6 Mon Sep 17 00:00:00 2001
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+Date: Tue, 11 Jul 2017 14:56:49 -0700
+Subject: f2fs: Don't clear SGID when inheriting ACLs
+
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+
+commit c925dc162f770578ff4a65ec9b08270382dba9e6 upstream.
+
+This patch copies commit b7f8a09f80:
+"btrfs: Don't clear SGID when inheriting ACLs" written by Jan.
+
+Fixes: 073931017b49d9458aa351605b43a7e34598caef
+Signed-off-by: Jan Kara <jack@suse.cz>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/f2fs/acl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/f2fs/acl.c
++++ b/fs/f2fs/acl.c
+@@ -213,7 +213,7 @@ static int __f2fs_set_acl(struct inode *
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;
+- if (acl) {
++ if (acl && !ipage) {
+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+ if (error)
+ return error;
--- /dev/null
+From 4495ec6d770e1bca7a04e93ac453ab6720c56c5d Mon Sep 17 00:00:00 2001
+From: Corey Minyard <cminyard@mvista.com>
+Date: Fri, 30 Jun 2017 07:18:08 -0500
+Subject: ipmi:ssif: Add missing unlock in error branch
+
+From: Corey Minyard <cminyard@mvista.com>
+
+commit 4495ec6d770e1bca7a04e93ac453ab6720c56c5d upstream.
+
+When getting flags, a response to a different message would
+result in a deadlock because of a missing unlock. Add that
+unlock and a comment. Found by static analysis.
+
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Corey Minyard <cminyard@mvista.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/ipmi/ipmi_ssif.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/char/ipmi/ipmi_ssif.c
++++ b/drivers/char/ipmi/ipmi_ssif.c
+@@ -758,6 +758,11 @@ static void msg_done_handler(struct ssif
+ result, len, data[2]);
+ } else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
+ || data[1] != IPMI_GET_MSG_FLAGS_CMD) {
++ /*
++ * Don't abort here, maybe it was a queued
++ * response to a previous command.
++ */
++ ipmi_ssif_unlock_cond(ssif_info, flags);
+ pr_warn(PFX "Invalid response getting flags: %x %x\n",
+ data[0], data[1]);
+ } else {
--- /dev/null
+From cdea46566bb21ce309725a024208322a409055cc Mon Sep 17 00:00:00 2001
+From: Tony Camuso <tcamuso@redhat.com>
+Date: Mon, 19 Jun 2017 13:17:33 -0400
+Subject: ipmi: use rcu lock around call to intf->handlers->sender()
+
+From: Tony Camuso <tcamuso@redhat.com>
+
+commit cdea46566bb21ce309725a024208322a409055cc upstream.
+
+A vendor with a system having more than 128 CPUs occasionally encounters
+the following crash during shutdown. This is not an easily reproduceable
+event, but the vendor was able to provide the following analysis of the
+crash, which exhibits the same footprint each time.
+
+crash> bt
+PID: 0 TASK: ffff88017c70ce70 CPU: 5 COMMAND: "swapper/5"
+ #0 [ffff88085c143ac8] machine_kexec at ffffffff81059c8b
+ #1 [ffff88085c143b28] __crash_kexec at ffffffff811052e2
+ #2 [ffff88085c143bf8] crash_kexec at ffffffff811053d0
+ #3 [ffff88085c143c10] oops_end at ffffffff8168ef88
+ #4 [ffff88085c143c38] no_context at ffffffff8167ebb3
+ #5 [ffff88085c143c88] __bad_area_nosemaphore at ffffffff8167ec49
+ #6 [ffff88085c143cd0] bad_area_nosemaphore at ffffffff8167edb3
+ #7 [ffff88085c143ce0] __do_page_fault at ffffffff81691d1e
+ #8 [ffff88085c143d40] do_page_fault at ffffffff81691ec5
+ #9 [ffff88085c143d70] page_fault at ffffffff8168e188
+ [exception RIP: unknown or invalid address]
+ RIP: ffffffffa053c800 RSP: ffff88085c143e28 RFLAGS: 00010206
+ RAX: ffff88017c72bfd8 RBX: ffff88017a8dc000 RCX: ffff8810588b5ac8
+ RDX: ffff8810588b5a00 RSI: ffffffffa053c800 RDI: ffff8810588b5a00
+ RBP: ffff88085c143e58 R8: ffff88017c70d408 R9: ffff88017a8dc000
+ R10: 0000000000000002 R11: ffff88085c143da0 R12: ffff8810588b5ac8
+ R13: 0000000000000100 R14: ffffffffa053c800 R15: ffff8810588b5a00
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+ <IRQ stack>
+ [exception RIP: cpuidle_enter_state+82]
+ RIP: ffffffff81514192 RSP: ffff88017c72be50 RFLAGS: 00000202
+ RAX: 0000001e4c3c6f16 RBX: 000000000000f8a0 RCX: 0000000000000018
+ RDX: 0000000225c17d03 RSI: ffff88017c72bfd8 RDI: 0000001e4c3c6f16
+ RBP: ffff88017c72be78 R8: 000000000000237e R9: 0000000000000018
+ R10: 0000000000002494 R11: 0000000000000001 R12: ffff88017c72be20
+ R13: ffff88085c14f8e0 R14: 0000000000000082 R15: 0000001e4c3bb400
+ ORIG_RAX: ffffffffffffff10 CS: 0010 SS: 0018
+
+This is the corresponding stack trace
+
+It has crashed because the area pointed with RIP extracted from timer
+element is already removed during a shutdown process.
+
+The function is smi_timeout().
+
+And we think ffff8810588b5a00 in RDX is a parameter struct smi_info
+
+crash> rd ffff8810588b5a00 20
+ffff8810588b5a00: ffff8810588b6000 0000000000000000 .`.X............
+ffff8810588b5a10: ffff880853264400 ffffffffa05417e0 .D&S......T.....
+ffff8810588b5a20: 24a024a000000000 0000000000000000 .....$.$........
+ffff8810588b5a30: 0000000000000000 0000000000000000 ................
+ffff8810588b5a30: 0000000000000000 0000000000000000 ................
+ffff8810588b5a40: ffffffffa053a040 ffffffffa053a060 @.S.....`.S.....
+ffff8810588b5a50: 0000000000000000 0000000100000001 ................
+ffff8810588b5a60: 0000000000000000 0000000000000e00 ................
+ffff8810588b5a70: ffffffffa053a580 ffffffffa053a6e0 ..S.......S.....
+ffff8810588b5a80: ffffffffa053a4a0 ffffffffa053a250 ..S.....P.S.....
+ffff8810588b5a90: 0000000500000002 0000000000000000 ................
+
+Unfortunately the top of this area is already detroyed by someone.
+But because of two reasonns we think this is struct smi_info
+ 1) The address included in between ffff8810588b5a70 and ffff8810588b5a80:
+ are inside of ipmi_si_intf.c see crash> module ffff88085779d2c0
+
+ 2) We've found the area which point this.
+ It is offset 0x68 of ffff880859df4000
+
+crash> rd ffff880859df4000 100
+ffff880859df4000: 0000000000000000 0000000000000001 ................
+ffff880859df4010: ffffffffa0535290 dead000000000200 .RS.............
+ffff880859df4020: ffff880859df4020 ffff880859df4020 @.Y.... @.Y....
+ffff880859df4030: 0000000000000002 0000000000100010 ................
+ffff880859df4040: ffff880859df4040 ffff880859df4040 @@.Y....@@.Y....
+ffff880859df4050: 0000000000000000 0000000000000000 ................
+ffff880859df4060: 0000000000000000 ffff8810588b5a00 .........Z.X....
+ffff880859df4070: 0000000000000001 ffff880859df4078 ........x@.Y....
+
+ If we regards it as struct ipmi_smi in shutdown process
+ it looks consistent.
+
+The remedy for this apparent race is affixed below.
+
+Signed-off-by: Tony Camuso <tcamuso@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This was first introduced in 7ea0ed2b5be817 ipmi: Make the
+message handler easier to use for SMI interfaces
+where some code was moved outside of the rcu_read_lock()
+and the lock was not added.
+
+Signed-off-by: Corey Minyard <cminyard@mvista.com>
+
+---
+ drivers/char/ipmi/ipmi_msghandler.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/char/ipmi/ipmi_msghandler.c
++++ b/drivers/char/ipmi/ipmi_msghandler.c
+@@ -3877,6 +3877,9 @@ static void smi_recv_tasklet(unsigned lo
+ * because the lower layer is allowed to hold locks while calling
+ * message delivery.
+ */
++
++ rcu_read_lock();
++
+ if (!run_to_completion)
+ spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
+ if (intf->curr_msg == NULL && !intf->in_shutdown) {
+@@ -3899,6 +3902,8 @@ static void smi_recv_tasklet(unsigned lo
+ if (newmsg)
+ intf->handlers->sender(intf->send_info, newmsg);
+
++ rcu_read_unlock();
++
+ handle_new_recv_msgs(intf);
+ }
+
--- /dev/null
+From b5d27718f38843a74552e9a93d32e2391fd3999f Mon Sep 17 00:00:00 2001
+From: Xiao Ni <xni@redhat.com>
+Date: Wed, 5 Jul 2017 17:34:04 +0800
+Subject: Raid5 should update rdev->sectors after reshape
+
+From: Xiao Ni <xni@redhat.com>
+
+commit b5d27718f38843a74552e9a93d32e2391fd3999f upstream.
+
+The raid5 md device is created by the disks which we don't use the total size. For example,
+the size of the device is 5G and it just uses 3G of the devices to create one raid5 device.
+Then change the chunksize and wait reshape to finish. After reshape finishing stop the raid
+and assemble it again. It fails.
+mdadm -CR /dev/md0 -l5 -n3 /dev/loop[0-2] --size=3G --chunk=32 --assume-clean
+mdadm /dev/md0 --grow --chunk=64
+wait reshape to finish
+mdadm -S /dev/md0
+mdadm -As
+The error messages:
+[197519.814302] md: loop1 does not have a valid v1.2 superblock, not importing!
+[197519.821686] md: md_import_device returned -22
+
+After reshape the data offset is changed. It selects backwards direction in this condition.
+In function super_1_load it compares the available space of the underlying device with
+sb->data_size. The new data offset gets bigger after reshape. So super_1_load returns -EINVAL.
+rdev->sectors is updated in md_finish_reshape. Then sb->data_size is set in super_1_sync based
+on rdev->sectors. So add md_finish_reshape in end_reshape.
+
+Signed-off-by: Xiao Ni <xni@redhat.com>
+Acked-by: Guoqing Jiang <gqjiang@suse.com>
+Signed-off-by: Shaohua Li <shli@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/raid5.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/md/raid5.c
++++ b/drivers/md/raid5.c
+@@ -7531,12 +7531,10 @@ static void end_reshape(struct r5conf *c
+ {
+
+ if (!test_bit(MD_RECOVERY_INTR, &conf->mddev->recovery)) {
+- struct md_rdev *rdev;
+
+ spin_lock_irq(&conf->device_lock);
+ conf->previous_raid_disks = conf->raid_disks;
+- rdev_for_each(rdev, conf->mddev)
+- rdev->data_offset = rdev->new_data_offset;
++ md_finish_reshape(conf->mddev);
+ smp_wmb();
+ conf->reshape_progress = MaxSector;
+ conf->mddev->reshape_position = MaxSector;
--- /dev/null
+From c46fc0424ced3fb71208e72bd597d91b9169a781 Mon Sep 17 00:00:00 2001
+From: Jiri Olsa <jolsa@kernel.org>
+Date: Thu, 29 Jun 2017 11:38:11 +0200
+Subject: s390/syscalls: Fix out of bounds arguments access
+
+From: Jiri Olsa <jolsa@kernel.org>
+
+commit c46fc0424ced3fb71208e72bd597d91b9169a781 upstream.
+
+Zorro reported following crash while having enabled
+syscall tracing (CONFIG_FTRACE_SYSCALLS):
+
+ Unable to handle kernel pointer dereference at virtual ...
+ Oops: 0011 [#1] SMP DEBUG_PAGEALLOC
+
+ SNIP
+
+ Call Trace:
+ ([<000000000024d79c>] ftrace_syscall_enter+0xec/0x1d8)
+ [<00000000001099c6>] do_syscall_trace_enter+0x236/0x2f8
+ [<0000000000730f1c>] sysc_tracesys+0x1a/0x32
+ [<000003fffcf946a2>] 0x3fffcf946a2
+ INFO: lockdep is turned off.
+ Last Breaking-Event-Address:
+ [<000000000022dd44>] rb_event_data+0x34/0x40
+ ---[ end trace 8c795f86b1b3f7b9 ]---
+
+The crash happens in syscall_get_arguments function for
+syscalls with zero arguments, that will try to access
+first argument (args[0]) in event entry, but it's not
+allocated.
+
+Bail out of there are no arguments.
+
+Reported-by: Zorro Lang <zlang@redhat.com>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/include/asm/syscall.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/s390/include/asm/syscall.h
++++ b/arch/s390/include/asm/syscall.h
+@@ -64,6 +64,12 @@ static inline void syscall_get_arguments
+ {
+ unsigned long mask = -1UL;
+
++ /*
++ * No arguments for this syscall, there's nothing to do.
++ */
++ if (!n)
++ return;
++
+ BUG_ON(i + n > 6);
+ #ifdef CONFIG_COMPAT
+ if (test_tsk_thread_flag(task, TIF_31BIT))
usb-renesas_usbhs-gadget-disable-all-eps-when-the-driver-stops.patch
md-don-t-use-flush_signals-in-userspace-processes.patch
x86-xen-allow-userspace-access-during-hypercalls.patch
+cx88-fix-regression-in-initial-video-standard-setting.patch
+raid5-should-update-rdev-sectors-after-reshape.patch
+s390-syscalls-fix-out-of-bounds-arguments-access.patch
+drm-amd-amdgpu-return-error-if-initiating-read-out-of-range-on-vram.patch
+drm-radeon-ci-disable-mclk-switching-for-high-refresh-rates-v2.patch
+drm-radeon-fix-edp-for-single-display-imac10-1-v2.patch
+ipmi-use-rcu-lock-around-call-to-intf-handlers-sender.patch
+ipmi-ssif-add-missing-unlock-in-error-branch.patch
+f2fs-don-t-clear-sgid-when-inheriting-acls.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
