From: Greg Kroah-Hartman Date: Fri, 6 Apr 2018 07:53:34 +0000 (+0200) Subject: 4.16-stable patches X-Git-Tag: v3.18.103~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=50d23084b2c70932839251981be7e5ddec91b333;p=thirdparty%2Fkernel%2Fstable-queue.git 4.16-stable patches added patches: btrfs-fix-unexpected-cow-in-run_delalloc_nocow.patch fix-slab-name-biovec-1-21-12.patch input-alps-fix-trackstick-detection-on-thinkpad-l570-and-latitude-7370.patch input-i8042-add-lenovo-thinkpad-l460-to-i8042-reset-list.patch input-i8042-enable-mux-on-sony-vaio-vgn-cs-series-to-fix-touchpad.patch revert-base-arch_topology-fix-section-mismatch-build-warnings.patch signal-correct-the-offset-of-si_pkey-and-si_lower-in-struct-siginfo-on-m68k.patch siox-fix-possible-buffer-overflow-in-device_add_store.patch staging-comedi-ni_mio_common-ack-ai-fifo-error-interrupts.patch vt-change-sgr-21-to-follow-the-standards.patch --- diff --git a/queue-4.16/btrfs-fix-unexpected-cow-in-run_delalloc_nocow.patch b/queue-4.16/btrfs-fix-unexpected-cow-in-run_delalloc_nocow.patch new file mode 100644 index 00000000000..ba3f28a3215 --- /dev/null +++ b/queue-4.16/btrfs-fix-unexpected-cow-in-run_delalloc_nocow.patch @@ -0,0 +1,96 @@ +From 5811375325420052fcadd944792a416a43072b7f Mon Sep 17 00:00:00 2001 +From: Liu Bo +Date: Wed, 31 Jan 2018 17:09:13 -0700 +Subject: Btrfs: fix unexpected cow in run_delalloc_nocow + +From: Liu Bo + +commit 5811375325420052fcadd944792a416a43072b7f upstream. + +Fstests generic/475 provides a way to fail metadata reads while +checking if checksum exists for the inode inside run_delalloc_nocow(), +and csum_exist_in_range() interprets error (-EIO) as inode having +checksum and makes its caller enter the cow path. + +In case of free space inode, this ends up with a warning in +cow_file_range(). + +The same problem applies to btrfs_cross_ref_exist() since it may also +read metadata in between. + +With this, run_delalloc_nocow() bails out when errors occur at the two +places. + +cc: v2.6.28+ +Fixes: 17d217fe970d ("Btrfs: fix nodatasum handling in balancing code") +Signed-off-by: Liu Bo +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/inode.c | 37 ++++++++++++++++++++++++++++++++----- + 1 file changed, 32 insertions(+), 5 deletions(-) + +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -1262,6 +1262,8 @@ static noinline int csum_exist_in_range( + list_del(&sums->list); + kfree(sums); + } ++ if (ret < 0) ++ return ret; + return 1; + } + +@@ -1394,10 +1396,23 @@ next_slot: + goto out_check; + if (btrfs_extent_readonly(fs_info, disk_bytenr)) + goto out_check; +- if (btrfs_cross_ref_exist(root, ino, +- found_key.offset - +- extent_offset, disk_bytenr)) ++ ret = btrfs_cross_ref_exist(root, ino, ++ found_key.offset - ++ extent_offset, disk_bytenr); ++ if (ret) { ++ /* ++ * ret could be -EIO if the above fails to read ++ * metadata. ++ */ ++ if (ret < 0) { ++ if (cow_start != (u64)-1) ++ cur_offset = cow_start; ++ goto error; ++ } ++ ++ WARN_ON_ONCE(nolock); + goto out_check; ++ } + disk_bytenr += extent_offset; + disk_bytenr += cur_offset - found_key.offset; + num_bytes = min(end + 1, extent_end) - cur_offset; +@@ -1415,10 +1430,22 @@ next_slot: + * this ensure that csum for a given extent are + * either valid or do not exist. + */ +- if (csum_exist_in_range(fs_info, disk_bytenr, +- num_bytes)) { ++ ret = csum_exist_in_range(fs_info, disk_bytenr, ++ num_bytes); ++ if (ret) { + if (!nolock) + btrfs_end_write_no_snapshotting(root); ++ ++ /* ++ * ret could be -EIO if the above fails to read ++ * metadata. ++ */ ++ if (ret < 0) { ++ if (cow_start != (u64)-1) ++ cur_offset = cow_start; ++ goto error; ++ } ++ WARN_ON_ONCE(nolock); + goto out_check; + } + if (!btrfs_inc_nocow_writers(fs_info, disk_bytenr)) { diff --git a/queue-4.16/fix-slab-name-biovec-1-21-12.patch b/queue-4.16/fix-slab-name-biovec-1-21-12.patch new file mode 100644 index 00000000000..b3f2904f255 --- /dev/null +++ b/queue-4.16/fix-slab-name-biovec-1-21-12.patch @@ -0,0 +1,35 @@ +From bd5c4facf59648581d2f1692dad7b107bf429954 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 21 Mar 2018 12:49:29 -0400 +Subject: Fix slab name "biovec-(1<<(21-12))" + +From: Mikulas Patocka + +commit bd5c4facf59648581d2f1692dad7b107bf429954 upstream. + +I'm getting a slab named "biovec-(1<<(21-12))". It is caused by unintended +expansion of the macro BIO_MAX_PAGES. This patch renames it to biovec-max. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/bio.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/block/bio.c ++++ b/block/bio.c +@@ -43,9 +43,9 @@ + * break badly! cannot be bigger than what you can fit into an + * unsigned short + */ +-#define BV(x) { .nr_vecs = x, .name = "biovec-"__stringify(x) } ++#define BV(x, n) { .nr_vecs = x, .name = "biovec-"#n } + static struct biovec_slab bvec_slabs[BVEC_POOL_NR] __read_mostly = { +- BV(1), BV(4), BV(16), BV(64), BV(128), BV(BIO_MAX_PAGES), ++ BV(1, 1), BV(4, 4), BV(16, 16), BV(64, 64), BV(128, 128), BV(BIO_MAX_PAGES, max), + }; + #undef BV + diff --git a/queue-4.16/input-alps-fix-trackstick-detection-on-thinkpad-l570-and-latitude-7370.patch b/queue-4.16/input-alps-fix-trackstick-detection-on-thinkpad-l570-and-latitude-7370.patch new file mode 100644 index 00000000000..c71676a06ce --- /dev/null +++ b/queue-4.16/input-alps-fix-trackstick-detection-on-thinkpad-l570-and-latitude-7370.patch @@ -0,0 +1,80 @@ +From 567b9b549cfa1cbc202762ae97b5385c29ade1e3 Mon Sep 17 00:00:00 2001 +From: Masaki Ota +Date: Mon, 29 Jan 2018 14:36:54 -0800 +Subject: Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 + +From: Masaki Ota + +commit 567b9b549cfa1cbc202762ae97b5385c29ade1e3 upstream. + +The primary interface for the touchpad device in Thinkpad L570 is SMBus, +so ALPS overlooked PS2 interface Firmware setting of TrackStick, and +shipped with TrackStick otp bit is disabled. + +The address 0xD7 contains device number information, so we can identify +the device by checking this value, but to access it we need to enable +Command mode, and then re-enable the device. Devices shipped in Thinkpad +L570 report either 0x0C or 0x1D as device numbers, if we see them we assume +that the devices are DualPoints. + +The same issue exists on Dell Latitude 7370. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196929 +Fixes: 646580f793 ("Input: ALPS - fix multi-touch decoding on SS4 plus touchpads") +Signed-off-by: Masaki Ota +Tested-by: Aaron Ma +Tested-by: Jonathan Liu +Tested-by: Jaak Ristioja +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/alps.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +--- a/drivers/input/mouse/alps.c ++++ b/drivers/input/mouse/alps.c +@@ -2544,13 +2544,31 @@ static int alps_update_btn_info_ss4_v2(u + } + + static int alps_update_dual_info_ss4_v2(unsigned char otp[][4], +- struct alps_data *priv) ++ struct alps_data *priv, ++ struct psmouse *psmouse) + { + bool is_dual = false; ++ int reg_val = 0; ++ struct ps2dev *ps2dev = &psmouse->ps2dev; + +- if (IS_SS4PLUS_DEV(priv->dev_id)) ++ if (IS_SS4PLUS_DEV(priv->dev_id)) { + is_dual = (otp[0][0] >> 4) & 0x01; + ++ if (!is_dual) { ++ /* For support TrackStick of Thinkpad L/E series */ ++ if (alps_exit_command_mode(psmouse) == 0 && ++ alps_enter_command_mode(psmouse) == 0) { ++ reg_val = alps_command_mode_read_reg(psmouse, ++ 0xD7); ++ } ++ alps_exit_command_mode(psmouse); ++ ps2_command(ps2dev, NULL, PSMOUSE_CMD_ENABLE); ++ ++ if (reg_val == 0x0C || reg_val == 0x1D) ++ is_dual = true; ++ } ++ } ++ + if (is_dual) + priv->flags |= ALPS_DUALPOINT | + ALPS_DUALPOINT_WITH_PRESSURE; +@@ -2573,7 +2591,7 @@ static int alps_set_defaults_ss4_v2(stru + + alps_update_btn_info_ss4_v2(otp, priv); + +- alps_update_dual_info_ss4_v2(otp, priv); ++ alps_update_dual_info_ss4_v2(otp, priv, psmouse); + + return 0; + } diff --git a/queue-4.16/input-i8042-add-lenovo-thinkpad-l460-to-i8042-reset-list.patch b/queue-4.16/input-i8042-add-lenovo-thinkpad-l460-to-i8042-reset-list.patch new file mode 100644 index 00000000000..4f4f721cf02 --- /dev/null +++ b/queue-4.16/input-i8042-add-lenovo-thinkpad-l460-to-i8042-reset-list.patch @@ -0,0 +1,39 @@ +From b56af54ac78c54a519d82813836f305d7f76ef27 Mon Sep 17 00:00:00 2001 +From: Dennis Wassenberg +Date: Thu, 8 Mar 2018 15:32:09 -0800 +Subject: Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list + +From: Dennis Wassenberg + +commit b56af54ac78c54a519d82813836f305d7f76ef27 upstream. + +Reset i8042 before probing because of insufficient BIOS initialisation of +the i8042 serial controller. This makes Synaptics touchpad detection +possible. Without resetting the Synaptics touchpad is not detected because +there are always NACK messages from AUX port. + +Signed-off-by: Dennis Wassenberg +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -621,6 +621,13 @@ static const struct dmi_system_id __init + }, + }, + { ++ /* Lenovo ThinkPad L460 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L460"), ++ }, ++ }, ++ { + /* Clevo P650RS, 650RP6, Sager NP8152-S, and others */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), diff --git a/queue-4.16/input-i8042-enable-mux-on-sony-vaio-vgn-cs-series-to-fix-touchpad.patch b/queue-4.16/input-i8042-enable-mux-on-sony-vaio-vgn-cs-series-to-fix-touchpad.patch new file mode 100644 index 00000000000..2407dc7e09b --- /dev/null +++ b/queue-4.16/input-i8042-enable-mux-on-sony-vaio-vgn-cs-series-to-fix-touchpad.patch @@ -0,0 +1,71 @@ +From 04bb1719c4de94700056241d4c0fe3c1413f5aff Mon Sep 17 00:00:00 2001 +From: Ondrej Zary +Date: Tue, 3 Apr 2018 10:24:34 -0700 +Subject: Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad + +From: Ondrej Zary + +commit 04bb1719c4de94700056241d4c0fe3c1413f5aff upstream. + +The touch sensor buttons on Sony VAIO VGN-CS series laptops (e.g. +VGN-CS31S) are a separate PS/2 device. As the MUX is disabled for all +VAIO machines by the nomux blacklist, the data from touch sensor +buttons and touchpad are combined. The protocol used by the buttons is +probably similar to the touchpad protocol (both are Synaptics) so both +devices get enabled. The controller combines the data, creating a mess +which results in random button clicks, touchpad stopping working and +lost sync error messages: +psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 4 +psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1 +psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1 +psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1 +psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1 +psmouse serio1: issuing reconnect request + +Add a new i8042_dmi_forcemux_table whitelist with VGN-CS. +With MUX enabled, touch sensor buttons are detected as separate device +(and left disabled as there's currently no driver), fixing all touchpad +problems. + +Signed-off-by: Ondrej Zary +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/serio/i8042-x86ia64io.h | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -530,6 +530,20 @@ static const struct dmi_system_id __init + { } + }; + ++static const struct dmi_system_id i8042_dmi_forcemux_table[] __initconst = { ++ { ++ /* ++ * Sony Vaio VGN-CS series require MUX or the touch sensor ++ * buttons will disturb touchpad operation ++ */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"), ++ }, ++ }, ++ { } ++}; ++ + /* + * On some Asus laptops, just running self tests cause problems. + */ +@@ -1170,6 +1184,9 @@ static int __init i8042_platform_init(vo + if (dmi_check_system(i8042_dmi_nomux_table)) + i8042_nomux = true; + ++ if (dmi_check_system(i8042_dmi_forcemux_table)) ++ i8042_nomux = false; ++ + if (dmi_check_system(i8042_dmi_notimeout_table)) + i8042_notimeout = true; + diff --git a/queue-4.16/revert-base-arch_topology-fix-section-mismatch-build-warnings.patch b/queue-4.16/revert-base-arch_topology-fix-section-mismatch-build-warnings.patch new file mode 100644 index 00000000000..9687fd90374 --- /dev/null +++ b/queue-4.16/revert-base-arch_topology-fix-section-mismatch-build-warnings.patch @@ -0,0 +1,90 @@ +From 9de9a449482677a75f1edd2049268a7efc40fc96 Mon Sep 17 00:00:00 2001 +From: Gaku Inami +Date: Tue, 13 Feb 2018 11:06:40 +0900 +Subject: Revert "base: arch_topology: fix section mismatch build warnings" + +From: Gaku Inami + +commit 9de9a449482677a75f1edd2049268a7efc40fc96 upstream. + +This reverts commit 452562abb5b7 ("base: arch_topology: fix section +mismatch build warnings"). It causes the notifier call hangs in some +use-cases. + +In some cases with using maxcpus, some of cpus are booted first and +then the remaining cpus are booted. As an example, some users who want +to realize fast boot up often use the following procedure. + + 1) Define all CPUs on device tree (CA57x4 + CA53x4) + 2) Add "maxcpus=4" in bootargs + 3) Kernel boot up with CA57x4 + 4) After kernel boot up, CA53x4 is booted from user + +When kernel init was finished, CPUFREQ_POLICY_NOTIFIER was not still +unregisterd. This means that "__init init_cpu_capacity_callback()" +will be called after kernel init sequence. To avoid this problem, +it needs to remove __init{,data} annotations by reverting this commit. + +Also, this commit was needed to fix kernel compile issue below. +However, this issue was also fixed by another patch: commit 82d8ba717ccb +("arch_topology: Fix section miss match warning due to +free_raw_capacity()") in v4.15 as well. +Whereas commit 452562abb5b7 added all the missing __init annotations, +commit 82d8ba717ccb removed it from free_raw_capacity(). + +WARNING: vmlinux.o(.text+0x548f24): Section mismatch in reference +from the function init_cpu_capacity_callback() to the variable +.init.text:$x +The function init_cpu_capacity_callback() references +the variable __init $x. +This is often because init_cpu_capacity_callback lacks a __init +annotation or the annotation of $x is wrong. + +Fixes: 82d8ba717ccb ("arch_topology: Fix section miss match warning due to free_raw_capacity()") +Cc: stable +Signed-off-by: Gaku Inami +Reviewed-by: Dietmar Eggemann +Tested-by: Dietmar Eggemann +Acked-by: Sudeep Holla +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/arch_topology.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/base/arch_topology.c ++++ b/drivers/base/arch_topology.c +@@ -169,11 +169,11 @@ bool __init topology_parse_cpu_capacity( + } + + #ifdef CONFIG_CPU_FREQ +-static cpumask_var_t cpus_to_visit __initdata; +-static void __init parsing_done_workfn(struct work_struct *work); +-static __initdata DECLARE_WORK(parsing_done_work, parsing_done_workfn); ++static cpumask_var_t cpus_to_visit; ++static void parsing_done_workfn(struct work_struct *work); ++static DECLARE_WORK(parsing_done_work, parsing_done_workfn); + +-static int __init ++static int + init_cpu_capacity_callback(struct notifier_block *nb, + unsigned long val, + void *data) +@@ -209,7 +209,7 @@ init_cpu_capacity_callback(struct notifi + return 0; + } + +-static struct notifier_block init_cpu_capacity_notifier __initdata = { ++static struct notifier_block init_cpu_capacity_notifier = { + .notifier_call = init_cpu_capacity_callback, + }; + +@@ -242,7 +242,7 @@ static int __init register_cpufreq_notif + } + core_initcall(register_cpufreq_notifier); + +-static void __init parsing_done_workfn(struct work_struct *work) ++static void parsing_done_workfn(struct work_struct *work) + { + cpufreq_unregister_notifier(&init_cpu_capacity_notifier, + CPUFREQ_POLICY_NOTIFIER); diff --git a/queue-4.16/series b/queue-4.16/series index 15aed003142..24ab59690af 100644 --- a/queue-4.16/series +++ b/queue-4.16/series @@ -19,3 +19,13 @@ crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch bluetooth-hci_bcm-add-6-new-acpi-hids.patch +btrfs-fix-unexpected-cow-in-run_delalloc_nocow.patch +siox-fix-possible-buffer-overflow-in-device_add_store.patch +staging-comedi-ni_mio_common-ack-ai-fifo-error-interrupts.patch +revert-base-arch_topology-fix-section-mismatch-build-warnings.patch +input-alps-fix-trackstick-detection-on-thinkpad-l570-and-latitude-7370.patch +input-i8042-add-lenovo-thinkpad-l460-to-i8042-reset-list.patch +input-i8042-enable-mux-on-sony-vaio-vgn-cs-series-to-fix-touchpad.patch +vt-change-sgr-21-to-follow-the-standards.patch +fix-slab-name-biovec-1-21-12.patch +signal-correct-the-offset-of-si_pkey-and-si_lower-in-struct-siginfo-on-m68k.patch diff --git a/queue-4.16/signal-correct-the-offset-of-si_pkey-and-si_lower-in-struct-siginfo-on-m68k.patch b/queue-4.16/signal-correct-the-offset-of-si_pkey-and-si_lower-in-struct-siginfo-on-m68k.patch new file mode 100644 index 00000000000..37cee6ce624 --- /dev/null +++ b/queue-4.16/signal-correct-the-offset-of-si_pkey-and-si_lower-in-struct-siginfo-on-m68k.patch @@ -0,0 +1,99 @@ +From 8420f71943ae96dcd78da5bd4a5c2827419d340c Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Mon, 2 Apr 2018 14:45:42 -0500 +Subject: signal: Correct the offset of si_pkey and si_lower in struct siginfo on m68k + +From: Eric W. Biederman + +commit 8420f71943ae96dcd78da5bd4a5c2827419d340c upstream. + +The change moving addr_lsb into the _sigfault union failed to take +into account that _sigfault._addr_bnd._lower being a pointer forced +the entire union to have pointer alignment. The fix for +_sigfault._addr_bnd._lower having pointer alignment failed to take +into account that m68k has a pointer alignment less than the size +of a pointer. So simply making the padding members pointers changed +the location of later members in the structure. + +Fix this by directly computing the needed size of the padding members, +and making the padding members char arrays of the needed size. AKA +if __alignof__(void *) is 1 sizeof(short) otherwise __alignof__(void *). +Which should be exactly the same rules the compiler whould have +used when computing the padding. + +I have tested this change by adding BUILD_BUG_ONs to m68k to verify +the offset of every member of struct siginfo, and with those testing +that the offsets of the fields in struct siginfo is the same before +I changed the generic _sigfault member and after the correction +to the _sigfault member. + +I have also verified that the x86 with it's own BUILD_BUG_ONs to verify +the offsets of the siginfo members also compiles cleanly. + +Cc: stable@vger.kernel.org +Reported-by: Eugene Syromiatnikov +Fixes: 859d880cf544 ("signal: Correct the offset of si_pkey in struct siginfo") +Fixes: b68a68d3dcc1 ("signal: Move addr_lsb into the _sigfault union for clarity") +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/compat.h | 6 ++++-- + include/uapi/asm-generic/siginfo.h | 7 +++++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +--- a/include/linux/compat.h ++++ b/include/linux/compat.h +@@ -222,6 +222,8 @@ typedef struct compat_siginfo { + #ifdef __ARCH_SI_TRAPNO + int _trapno; /* TRAP # which caused the signal */ + #endif ++#define __COMPAT_ADDR_BND_PKEY_PAD (__alignof__(compat_uptr_t) < sizeof(short) ? \ ++ sizeof(short) : __alignof__(compat_uptr_t)) + union { + /* + * used when si_code=BUS_MCEERR_AR or +@@ -230,13 +232,13 @@ typedef struct compat_siginfo { + short int _addr_lsb; /* Valid LSB of the reported address. */ + /* used when si_code=SEGV_BNDERR */ + struct { +- compat_uptr_t _dummy_bnd; ++ char _dummy_bnd[__COMPAT_ADDR_BND_PKEY_PAD]; + compat_uptr_t _lower; + compat_uptr_t _upper; + } _addr_bnd; + /* used when si_code=SEGV_PKUERR */ + struct { +- compat_uptr_t _dummy_pkey; ++ char _dummy_pkey[__COMPAT_ADDR_BND_PKEY_PAD]; + u32 _pkey; + } _addr_pkey; + }; +--- a/include/uapi/asm-generic/siginfo.h ++++ b/include/uapi/asm-generic/siginfo.h +@@ -94,6 +94,9 @@ typedef struct siginfo { + unsigned int _flags; /* see ia64 si_flags */ + unsigned long _isr; /* isr */ + #endif ++ ++#define __ADDR_BND_PKEY_PAD (__alignof__(void *) < sizeof(short) ? \ ++ sizeof(short) : __alignof__(void *)) + union { + /* + * used when si_code=BUS_MCEERR_AR or +@@ -102,13 +105,13 @@ typedef struct siginfo { + short _addr_lsb; /* LSB of the reported address */ + /* used when si_code=SEGV_BNDERR */ + struct { +- void *_dummy_bnd; ++ char _dummy_bnd[__ADDR_BND_PKEY_PAD]; + void __user *_lower; + void __user *_upper; + } _addr_bnd; + /* used when si_code=SEGV_PKUERR */ + struct { +- void *_dummy_pkey; ++ char _dummy_pkey[__ADDR_BND_PKEY_PAD]; + __u32 _pkey; + } _addr_pkey; + }; diff --git a/queue-4.16/siox-fix-possible-buffer-overflow-in-device_add_store.patch b/queue-4.16/siox-fix-possible-buffer-overflow-in-device_add_store.patch new file mode 100644 index 00000000000..6fade3c0cef --- /dev/null +++ b/queue-4.16/siox-fix-possible-buffer-overflow-in-device_add_store.patch @@ -0,0 +1,37 @@ +From f87deada80fe483e2286e29cd866dc66ddc2b6bc Mon Sep 17 00:00:00 2001 +From: Gavin Schenk +Date: Wed, 14 Feb 2018 15:25:02 +0100 +Subject: siox: fix possible buffer overflow in device_add_store +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Gavin Schenk + +commit f87deada80fe483e2286e29cd866dc66ddc2b6bc upstream. + +Width 20 given in format string is larger than destination +buffer 'type[20]', use %19s to prevent overflowing it. + +Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX") +Cc: stable +Reported-by: David Binderman +Signed-off-by: Gavin Schenk +Reviewed-by: Uwe Kleine-König +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/siox/siox-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/siox/siox-core.c ++++ b/drivers/siox/siox-core.c +@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct d + size_t inbytes = 0, outbytes = 0; + u8 statustype = 0; + +- ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes, ++ ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes, + &outbytes, &statustype); + if (ret != 3 && ret != 4) + return -EINVAL; diff --git a/queue-4.16/staging-comedi-ni_mio_common-ack-ai-fifo-error-interrupts.patch b/queue-4.16/staging-comedi-ni_mio_common-ack-ai-fifo-error-interrupts.patch new file mode 100644 index 00000000000..61d00eaeb53 --- /dev/null +++ b/queue-4.16/staging-comedi-ni_mio_common-ack-ai-fifo-error-interrupts.patch @@ -0,0 +1,33 @@ +From e1d9fc04c41840a4688ef6ce90b6dcca157ea4d7 Mon Sep 17 00:00:00 2001 +From: Frank Mori Hess +Date: Thu, 15 Mar 2018 10:25:44 +0000 +Subject: staging: comedi: ni_mio_common: ack ai fifo error interrupts. + +From: Frank Mori Hess + +commit e1d9fc04c41840a4688ef6ce90b6dcca157ea4d7 upstream. + +Ack ai fifo error interrupts in interrupt handler to clear interrupt +after fifo overflow. It should prevent lock-ups after the ai fifo +overflows. + +Cc: # v4.2+ +Signed-off-by: Frank Mori Hess +Signed-off-by: Ian Abbott +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/comedi/drivers/ni_mio_common.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/staging/comedi/drivers/ni_mio_common.c ++++ b/drivers/staging/comedi/drivers/ni_mio_common.c +@@ -1275,6 +1275,8 @@ static void ack_a_interrupt(struct comed + ack |= NISTC_INTA_ACK_AI_START; + if (a_status & NISTC_AI_STATUS1_STOP) + ack |= NISTC_INTA_ACK_AI_STOP; ++ if (a_status & NISTC_AI_STATUS1_OVER) ++ ack |= NISTC_INTA_ACK_AI_ERR; + if (ack) + ni_stc_writew(dev, ack, NISTC_INTA_ACK_REG); + } diff --git a/queue-4.16/vt-change-sgr-21-to-follow-the-standards.patch b/queue-4.16/vt-change-sgr-21-to-follow-the-standards.patch new file mode 100644 index 00000000000..21b5be91506 --- /dev/null +++ b/queue-4.16/vt-change-sgr-21-to-follow-the-standards.patch @@ -0,0 +1,65 @@ +From 65d9982d7e523a1a8e7c9af012da0d166f72fc56 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Mon, 29 Jan 2018 17:08:21 -0500 +Subject: vt: change SGR 21 to follow the standards + +From: Mike Frysinger + +commit 65d9982d7e523a1a8e7c9af012da0d166f72fc56 upstream. + +ECMA-48 [1] (aka ISO 6429) has defined SGR 21 as "doubly underlined" +since at least March 1984. The Linux kernel has treated it as SGR 22 +"normal intensity" since it was added in Linux-0.96b in June 1992. +Before that, it was simply ignored. Other terminal emulators have +either ignored it, or treat it as double underline now. xterm for +example added support in its 304 release (May 2014) [2] where it was +previously ignoring it. + +Changing this behavior shouldn't be an issue: +- It isn't a named capability in ncurses's terminfo database, so no + script is using libtinfo/libcurses to look this up, or using tput + to query & output the right sequence. +- Any script assuming SGR 21 will reset intensity in all terminals + already do not work correctly on non-Linux VTs (including running + under screen/tmux/etc...). +- If someone has written a script that only runs in the Linux VT, and + they're using SGR 21 (instead of SGR 22), the output should still + be readable. + +imo it's important to change this as the Linux VT's non-conformance +is sometimes used as an argument for other terminal emulators to not +implement SGR 21 at all, or do so incorrectly. + +[1]: https://www.ecma-international.org/publications/standards/Ecma-048.htm +[2]: https://github.com/ThomasDickey/xterm-snapshots/commit/2fd29cb98d214cb536bcafbee00bc73b3f1eeb9d + +Signed-off-by: Mike Frysinger +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/vt/vt.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -1354,6 +1354,11 @@ static void csi_m(struct vc_data *vc) + case 3: + vc->vc_italic = 1; + break; ++ case 21: ++ /* ++ * No console drivers support double underline, so ++ * convert it to a single underline. ++ */ + case 4: + vc->vc_underline = 1; + break; +@@ -1389,7 +1394,6 @@ static void csi_m(struct vc_data *vc) + vc->vc_disp_ctrl = 1; + vc->vc_toggle_meta = 1; + break; +- case 21: + case 22: + vc->vc_intensity = 1; + break;