--- /dev/null
+From 2861751f67b91e1d24e68010ced96614fb3140f4 Mon Sep 17 00:00:00 2001
+From: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+Date: Tue, 12 Jun 2018 07:10:59 +0200
+Subject: ALSA: hda: add dock and led support for HP EliteBook 830 G5
+
+From: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+
+commit 2861751f67b91e1d24e68010ced96614fb3140f4 upstream.
+
+This patch adds missing initialisation for HP 2013 UltraSlim Dock
+Line-In/Out PINs and activates keyboard mute/micmute leds
+for HP EliteBook 830 G5
+
+Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -851,6 +851,7 @@ static const struct snd_pci_quirk cxt506
+ SND_PCI_QUIRK(0x103c, 0x8079, "HP EliteBook 840 G3", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK),
++ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
+ SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC),
+ SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
--- /dev/null
+From 7eef32c1ef895a3a96463f9cbd04203007cd5555 Mon Sep 17 00:00:00 2001
+From: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+Date: Tue, 12 Jun 2018 07:11:11 +0200
+Subject: ALSA: hda: add dock and led support for HP ProBook 640 G4
+
+From: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+
+commit 7eef32c1ef895a3a96463f9cbd04203007cd5555 upstream.
+
+This patch adds missing initialisation for HP 2013 UltraSlim Dock
+Line-In/Out PINs and activates keyboard mute/micmute leds
+for HP ProBook 640 G4
+
+Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -852,6 +852,7 @@ static const struct snd_pci_quirk cxt506
+ SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK),
++ SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
+ SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC),
+ SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
--- /dev/null
+From a3aa60d511746bd6c0d0366d4eb90a7998bcde8b Mon Sep 17 00:00:00 2001
+From: Bo Chen <chenbo@pdx.edu>
+Date: Thu, 31 May 2018 15:35:18 -0700
+Subject: ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
+
+From: Bo Chen <chenbo@pdx.edu>
+
+commit a3aa60d511746bd6c0d0366d4eb90a7998bcde8b upstream.
+
+When 'kzalloc()' fails in 'snd_hda_attach_pcm_stream()', a new pcm instance is
+created without setting its operators via 'snd_pcm_set_ops()'. Following
+operations on the new pcm instance can trigger kernel null pointer dereferences
+and cause kernel oops.
+
+This bug was found with my work on building a gray-box fault-injection tool for
+linux-kernel-module binaries. A kernel null pointer dereference was confirmed
+from line 'substream->ops->open()' in function 'snd_pcm_open_substream()' in
+file 'sound/core/pcm_native.c'.
+
+This patch fixes the bug by calling 'snd_device_free()' in the error handling
+path of 'kzalloc()', which removes the new pcm instance from the snd card before
+returns with an error code.
+
+Signed-off-by: Bo Chen <chenbo@pdx.edu>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/hda_controller.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/hda_controller.c
++++ b/sound/pci/hda/hda_controller.c
+@@ -547,8 +547,10 @@ int snd_hda_attach_pcm_stream(struct hda
+ return err;
+ strlcpy(pcm->name, cpcm->name, sizeof(pcm->name));
+ apcm = kzalloc(sizeof(*apcm), GFP_KERNEL);
+- if (apcm == NULL)
++ if (apcm == NULL) {
++ snd_device_free(chip->card, pcm);
+ return -ENOMEM;
++ }
+ apcm->chip = chip;
+ apcm->pcm = pcm;
+ apcm->codec = codec;
--- /dev/null
+From ac0b4145d662a3b9e34085dea460fb06ede9b69b Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Tue, 5 Jun 2018 12:36:56 +0800
+Subject: btrfs: scrub: Don't use inode pages for device replace
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit ac0b4145d662a3b9e34085dea460fb06ede9b69b upstream.
+
+[BUG]
+Btrfs can create compressed extent without checksum (even though it
+shouldn't), and if we then try to replace device containing such extent,
+the result device will contain all the uncompressed data instead of the
+compressed one.
+
+Test case already submitted to fstests:
+https://patchwork.kernel.org/patch/10442353/
+
+[CAUSE]
+When handling compressed extent without checksum, device replace will
+goe into copy_nocow_pages() function.
+
+In that function, btrfs will get all inodes referring to this data
+extents and then use find_or_create_page() to get pages direct from that
+inode.
+
+The problem here is, pages directly from inode are always uncompressed.
+And for compressed data extent, they mismatch with on-disk data.
+Thus this leads to corrupted compressed data extent written to replace
+device.
+
+[FIX]
+In this attempt, we could just remove the "optimization" branch, and let
+unified scrub_pages() to handle it.
+
+Although scrub_pages() won't bother reusing page cache, it will be a
+little slower, but it does the correct csum checking and won't cause
+such data corruption caused by "optimization".
+
+Note about the fix: this is the minimal fix that can be backported to
+older stable trees without conflicts. The whole callchain from
+copy_nocow_pages() can be deleted, and will be in followup patches.
+
+Fixes: ff023aac3119 ("Btrfs: add code to scrub to copy read data to another disk")
+CC: stable@vger.kernel.org # 4.4+
+Reported-by: James Harvey <jamespharvey20@gmail.com>
+Reviewed-by: James Harvey <jamespharvey20@gmail.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+[ remove code removal, add note why ]
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/scrub.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/scrub.c
++++ b/fs/btrfs/scrub.c
+@@ -2513,7 +2513,7 @@ static int scrub_extent(struct scrub_ctx
+ have_csum = scrub_find_csum(sctx, logical, csum);
+ if (have_csum == 0)
+ ++sctx->stat.no_csum;
+- if (sctx->is_dev_replace && !have_csum) {
++ if (0 && sctx->is_dev_replace && !have_csum) {
+ ret = copy_nocow_pages(sctx, logical, l,
+ mirror_num,
+ physical_for_dev_replace);
--- /dev/null
+From 84d0c27d6233a9ba0578b20f5a09701eb66cee42 Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Mon, 7 May 2018 19:10:31 +0900
+Subject: driver core: Don't ignore class_dir_create_and_add() failure.
+
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+
+commit 84d0c27d6233a9ba0578b20f5a09701eb66cee42 upstream.
+
+syzbot is hitting WARN() at kernfs_add_one() [1].
+This is because kernfs_create_link() is confused by previous device_add()
+call which continued without setting dev->kobj.parent field when
+get_device_parent() failed by memory allocation fault injection.
+Fix this by propagating the error from class_dir_create_and_add() to
+the calllers of get_device_parent().
+
+[1] https://syzkaller.appspot.com/bug?id=fae0fb607989ea744526d1c082a5b8de6529116f
+
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Reported-by: syzbot <syzbot+df47f81c226b31d89fb1@syzkaller.appspotmail.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/core.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/drivers/base/core.c
++++ b/drivers/base/core.c
+@@ -759,7 +759,7 @@ class_dir_create_and_add(struct class *c
+
+ dir = kzalloc(sizeof(*dir), GFP_KERNEL);
+ if (!dir)
+- return NULL;
++ return ERR_PTR(-ENOMEM);
+
+ dir->class = class;
+ kobject_init(&dir->kobj, &class_dir_ktype);
+@@ -769,7 +769,7 @@ class_dir_create_and_add(struct class *c
+ retval = kobject_add(&dir->kobj, parent_kobj, "%s", class->name);
+ if (retval < 0) {
+ kobject_put(&dir->kobj);
+- return NULL;
++ return ERR_PTR(retval);
+ }
+ return &dir->kobj;
+ }
+@@ -1076,6 +1076,10 @@ int device_add(struct device *dev)
+
+ parent = get_device(dev->parent);
+ kobj = get_device_parent(dev, parent);
++ if (IS_ERR(kobj)) {
++ error = PTR_ERR(kobj);
++ goto parent_error;
++ }
+ if (kobj)
+ dev->kobj.parent = kobj;
+
+@@ -1174,6 +1178,7 @@ done:
+ kobject_del(&dev->kobj);
+ Error:
+ cleanup_glue_dir(dev, glue_dir);
++parent_error:
+ put_device(parent);
+ name_error:
+ kfree(dev->p);
+@@ -1990,6 +1995,11 @@ int device_move(struct device *dev, stru
+ device_pm_lock();
+ new_parent = get_device(new_parent);
+ new_parent_kobj = get_device_parent(dev, new_parent);
++ if (IS_ERR(new_parent_kobj)) {
++ error = PTR_ERR(new_parent_kobj);
++ put_device(new_parent);
++ goto out;
++ }
+
+ pr_debug("device: '%s': %s: moving to '%s'\n", dev_name(dev),
+ __func__, new_parent ? dev_name(new_parent) : "<NULL>");
--- /dev/null
+From 4f2f76f751433908364ccff82f437a57d0e6e9b7 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Fri, 25 May 2018 12:51:25 -0400
+Subject: ext4: fix fencepost error in check for inode count overflow during resize
+
+From: Jan Kara <jack@suse.cz>
+
+commit 4f2f76f751433908364ccff82f437a57d0e6e9b7 upstream.
+
+ext4_resize_fs() has an off-by-one bug when checking whether growing of
+a filesystem will not overflow inode count. As a result it allows a
+filesystem with 8192 inodes per group to grow to 64TB which overflows
+inode count to 0 and makes filesystem unusable. Fix it.
+
+Cc: stable@vger.kernel.org
+Fixes: 3f8a6411fbada1fa482276591e037f3b1adcf55b
+Reported-by: Jaco Kroon <jaco@uls.co.za>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/resize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -1903,7 +1903,7 @@ retry:
+ return 0;
+
+ n_group = ext4_get_group_number(sb, n_blocks_count - 1);
+- if (n_group > (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) {
++ if (n_group >= (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) {
+ ext4_warning(sb, "resize would cause inodes_count overflow");
+ return -EINVAL;
+ }
--- /dev/null
+From eee597ac931305eff3d3fd1d61d6aae553bc0984 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Sun, 13 May 2018 19:28:35 -0400
+Subject: ext4: update mtime in ext4_punch_hole even if no blocks are released
+
+From: Lukas Czerner <lczerner@redhat.com>
+
+commit eee597ac931305eff3d3fd1d61d6aae553bc0984 upstream.
+
+Currently in ext4_punch_hole we're going to skip the mtime update if
+there are no actual blocks to release. However we've actually modified
+the file by zeroing the partial block so the mtime should be updated.
+
+Moreover the sync and datasync handling is skipped as well, which is
+also wrong. Fix it.
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reported-by: Joe Habermann <joe.habermann@quantum.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 40 ++++++++++++++++++++--------------------
+ 1 file changed, 20 insertions(+), 20 deletions(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -3787,28 +3787,28 @@ int ext4_punch_hole(struct inode *inode,
+ EXT4_BLOCK_SIZE_BITS(sb);
+ stop_block = (offset + length) >> EXT4_BLOCK_SIZE_BITS(sb);
+
+- /* If there are no blocks to remove, return now */
+- if (first_block >= stop_block)
+- goto out_stop;
+-
+- down_write(&EXT4_I(inode)->i_data_sem);
+- ext4_discard_preallocations(inode);
+-
+- ret = ext4_es_remove_extent(inode, first_block,
+- stop_block - first_block);
+- if (ret) {
+- up_write(&EXT4_I(inode)->i_data_sem);
+- goto out_stop;
+- }
++ /* If there are blocks to remove, do it */
++ if (stop_block > first_block) {
++
++ down_write(&EXT4_I(inode)->i_data_sem);
++ ext4_discard_preallocations(inode);
+
+- if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))
+- ret = ext4_ext_remove_space(inode, first_block,
+- stop_block - 1);
+- else
+- ret = ext4_ind_remove_space(handle, inode, first_block,
+- stop_block);
++ ret = ext4_es_remove_extent(inode, first_block,
++ stop_block - first_block);
++ if (ret) {
++ up_write(&EXT4_I(inode)->i_data_sem);
++ goto out_stop;
++ }
++
++ if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))
++ ret = ext4_ext_remove_space(inode, first_block,
++ stop_block - 1);
++ else
++ ret = ext4_ind_remove_space(handle, inode, first_block,
++ stop_block);
+
+- up_write(&EXT4_I(inode)->i_data_sem);
++ up_write(&EXT4_I(inode)->i_data_sem);
++ }
+ if (IS_SYNC(inode))
+ ext4_handle_sync(handle);
+
usb-musb-fix-remote-wakeup-racing-with-suspend.patch
bonding-re-evaluate-force_primary-when-the-primary-slave-name-changes.patch
tcp-verify-the-checksum-of-the-first-data-segment-in-a-new-connection.patch
+ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch
+ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch
+driver-core-don-t-ignore-class_dir_create_and_add-failure.patch
+btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch
+alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch
+alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch
+alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
