From 5063f13874fc7b5202edd9eab13f373922fea8aa Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 2 Oct 2017 14:42:11 +0200 Subject: [PATCH] 3.18-stable patches added patches: arm64-make-sure-spsel-is-always-set.patch bsg-lib-don-t-free-job-in-bsg_prepare_job.patch btrfs-prevent-to-set-invalid-default-subvolid.patch kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch nl80211-check-for-the-required-netlink-attributes-presence.patch pci-fix-race-condition-with-driver_override.patch powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch --- .../arm64-make-sure-spsel-is-always-set.patch | 40 +++++++++++ ...ib-don-t-free-job-in-bsg_prepare_job.patch | 31 +++++++++ ...vent-to-set-invalid-default-subvolid.patch | 37 +++++++++++ ...-allow-l2-to-access-the-hardware-cr8.patch | 39 +++++++++++ ...required-netlink-attributes-presence.patch | 41 ++++++++++++ ...-race-condition-with-driver_override.patch | 66 +++++++++++++++++++ ...ent_dn-reference-leak-in-add_dt_node.patch | 39 +++++++++++ queue-3.18/series | 10 +++ ...gainst-downgrade-even-if-signing-off.patch | 56 ++++++++++++++++ ...re-o_sync-o_dsync-and-o_direct-flags.patch | 34 ++++++++++ ...negative-seek_hole-seek_data-offsets.patch | 44 +++++++++++++ 11 files changed, 437 insertions(+) create mode 100644 queue-3.18/arm64-make-sure-spsel-is-always-set.patch create mode 100644 queue-3.18/bsg-lib-don-t-free-job-in-bsg_prepare_job.patch create mode 100644 queue-3.18/btrfs-prevent-to-set-invalid-default-subvolid.patch create mode 100644 queue-3.18/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch create mode 100644 queue-3.18/nl80211-check-for-the-required-netlink-attributes-presence.patch create mode 100644 queue-3.18/pci-fix-race-condition-with-driver_override.patch create mode 100644 queue-3.18/powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch create mode 100644 queue-3.18/smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch create mode 100644 queue-3.18/smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch create mode 100644 queue-3.18/vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch diff --git a/queue-3.18/arm64-make-sure-spsel-is-always-set.patch b/queue-3.18/arm64-make-sure-spsel-is-always-set.patch new file mode 100644 index 00000000000..de5d6c769ee --- /dev/null +++ b/queue-3.18/arm64-make-sure-spsel-is-always-set.patch @@ -0,0 +1,40 @@ +From 5371513fb338fb9989c569dc071326d369d6ade8 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Tue, 26 Sep 2017 15:57:16 +0100 +Subject: arm64: Make sure SPsel is always set + +From: Marc Zyngier + +commit 5371513fb338fb9989c569dc071326d369d6ade8 upstream. + +When the kernel is entered at EL2 on an ARMv8.0 system, we construct +the EL1 pstate and make sure this uses the the EL1 stack pointer +(we perform an exception return to EL1h). + +But if the kernel is either entered at EL1 or stays at EL2 (because +we're on a VHE-capable system), we fail to set SPsel, and use whatever +stack selection the higher exception level has choosen for us. + +Let's not take any chance, and make sure that SPsel is set to one +before we decide the mode we're going to run in. + +Acked-by: Mark Rutland +Signed-off-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/head.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/kernel/head.S ++++ b/arch/arm64/kernel/head.S +@@ -264,6 +264,7 @@ ENDPROC(stext) + * booted in EL1 or EL2 respectively. + */ + ENTRY(el2_setup) ++ msr SPsel, #1 // We want to use SP_EL{1,2} + mrs x0, CurrentEL + cmp x0, #CurrentEL_EL2 + b.ne 1f diff --git a/queue-3.18/bsg-lib-don-t-free-job-in-bsg_prepare_job.patch b/queue-3.18/bsg-lib-don-t-free-job-in-bsg_prepare_job.patch new file mode 100644 index 00000000000..50a9d4a25a6 --- /dev/null +++ b/queue-3.18/bsg-lib-don-t-free-job-in-bsg_prepare_job.patch @@ -0,0 +1,31 @@ +From f507b54dccfd8000c517d740bc45f20c74532d18 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 7 Sep 2017 13:54:35 +0200 +Subject: bsg-lib: don't free job in bsg_prepare_job + +From: Christoph Hellwig + +commit f507b54dccfd8000c517d740bc45f20c74532d18 upstream. + +The job structure is allocated as part of the request, so we should not +free it in the error path of bsg_prepare_job. + +Signed-off-by: Christoph Hellwig +Reviewed-by: Ming Lei +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/bsg-lib.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/block/bsg-lib.c ++++ b/block/bsg-lib.c +@@ -147,7 +147,6 @@ static int bsg_create_job(struct device + failjob_rls_rqst_payload: + kfree(job->request_payload.sg_list); + failjob_rls_job: +- kfree(job); + return -ENOMEM; + } + diff --git a/queue-3.18/btrfs-prevent-to-set-invalid-default-subvolid.patch b/queue-3.18/btrfs-prevent-to-set-invalid-default-subvolid.patch new file mode 100644 index 00000000000..cc17e17706d --- /dev/null +++ b/queue-3.18/btrfs-prevent-to-set-invalid-default-subvolid.patch @@ -0,0 +1,37 @@ +From 6d6d282932d1a609e60dc4467677e0e863682f57 Mon Sep 17 00:00:00 2001 +From: satoru takeuchi +Date: Tue, 12 Sep 2017 22:42:52 +0900 +Subject: btrfs: prevent to set invalid default subvolid + +From: satoru takeuchi + +commit 6d6d282932d1a609e60dc4467677e0e863682f57 upstream. + +`btrfs sub set-default` succeeds to set an ID which isn't corresponding to any +fs/file tree. If such the bad ID is set to a filesystem, we can't mount this +filesystem without specifying `subvol` or `subvolid` mount options. + +Fixes: 6ef5ed0d386b ("Btrfs: add ioctl and incompat flag to set the default mount subvol") +Signed-off-by: Satoru Takeuchi +Reviewed-by: Qu Wenruo +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/ioctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3963,6 +3963,10 @@ static long btrfs_ioctl_default_subvol(s + ret = PTR_ERR(new_root); + goto out; + } ++ if (!is_fstree(new_root->objectid)) { ++ ret = -ENOENT; ++ goto out; ++ } + + path = btrfs_alloc_path(); + if (!path) { diff --git a/queue-3.18/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch b/queue-3.18/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch new file mode 100644 index 00000000000..1289ebaae8d --- /dev/null +++ b/queue-3.18/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch @@ -0,0 +1,39 @@ +From 51aa68e7d57e3217192d88ce90fd5b8ef29ec94f Mon Sep 17 00:00:00 2001 +From: Jim Mattson +Date: Tue, 12 Sep 2017 13:02:54 -0700 +Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8 + +From: Jim Mattson + +commit 51aa68e7d57e3217192d88ce90fd5b8ef29ec94f upstream. + +If L1 does not specify the "use TPR shadow" VM-execution control in +vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store +exiting" VM-execution controls in vmcs02. Failure to do so will give +the L2 VM unrestricted read/write access to the hardware CR8. + +This fixes CVE-2017-12154. + +Signed-off-by: Jim Mattson +Reviewed-by: David Hildenbrand +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -8275,6 +8275,11 @@ static void prepare_vmcs02(struct kvm_vc + vmcs_write64(VIRTUAL_APIC_PAGE_ADDR, + page_to_phys(vmx->nested.virtual_apic_page)); + vmcs_write32(TPR_THRESHOLD, vmcs12->tpr_threshold); ++ } else { ++#ifdef CONFIG_X86_64 ++ exec_control |= CPU_BASED_CR8_LOAD_EXITING | ++ CPU_BASED_CR8_STORE_EXITING; ++#endif + } + + /* diff --git a/queue-3.18/nl80211-check-for-the-required-netlink-attributes-presence.patch b/queue-3.18/nl80211-check-for-the-required-netlink-attributes-presence.patch new file mode 100644 index 00000000000..081e665ff45 --- /dev/null +++ b/queue-3.18/nl80211-check-for-the-required-netlink-attributes-presence.patch @@ -0,0 +1,41 @@ +From e785fa0a164aa11001cba931367c7f94ffaff888 Mon Sep 17 00:00:00 2001 +From: Vladis Dronov +Date: Wed, 13 Sep 2017 00:21:21 +0200 +Subject: nl80211: check for the required netlink attributes presence + +From: Vladis Dronov + +commit e785fa0a164aa11001cba931367c7f94ffaff888 upstream. + +nl80211_set_rekey_data() does not check if the required attributes +NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing +NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by +users with CAP_NET_ADMIN privilege and may result in NULL dereference +and a system crash. Add a check for the required attributes presence. +This patch is based on the patch by bo Zhang. + +This fixes CVE-2017-12153. + +References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 +Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") +Reported-by: bo Zhang +Signed-off-by: Vladis Dronov +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -9006,6 +9006,9 @@ static int nl80211_set_rekey_data(struct + if (err) + return err; + ++ if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || ++ !tb[NL80211_REKEY_DATA_KCK]) ++ return -EINVAL; + if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) + return -ERANGE; + if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) diff --git a/queue-3.18/pci-fix-race-condition-with-driver_override.patch b/queue-3.18/pci-fix-race-condition-with-driver_override.patch new file mode 100644 index 00000000000..cbd1d12486d --- /dev/null +++ b/queue-3.18/pci-fix-race-condition-with-driver_override.patch @@ -0,0 +1,66 @@ +From 9561475db680f7144d2223a409dd3d7e322aca03 Mon Sep 17 00:00:00 2001 +From: Nicolai Stange +Date: Mon, 11 Sep 2017 09:45:40 +0200 +Subject: PCI: Fix race condition with driver_override + +From: Nicolai Stange + +commit 9561475db680f7144d2223a409dd3d7e322aca03 upstream. + +The driver_override implementation is susceptible to a race condition when +different threads are reading vs. storing a different driver override. Add +locking to avoid the race condition. + +This is in close analogy to commit 6265539776a0 ("driver core: platform: +fix race condition with driver_override") from Adrian Salido. + +Fixes: 782a985d7af2 ("PCI: Introduce new device binding path using pci_dev.driver_override") +Signed-off-by: Nicolai Stange +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci-sysfs.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -513,7 +513,7 @@ static ssize_t driver_override_store(str + const char *buf, size_t count) + { + struct pci_dev *pdev = to_pci_dev(dev); +- char *driver_override, *old = pdev->driver_override, *cp; ++ char *driver_override, *old, *cp; + + /* We need to keep extra room for a newline */ + if (count >= (PAGE_SIZE - 1)) +@@ -527,12 +527,15 @@ static ssize_t driver_override_store(str + if (cp) + *cp = '\0'; + ++ device_lock(dev); ++ old = pdev->driver_override; + if (strlen(driver_override)) { + pdev->driver_override = driver_override; + } else { + kfree(driver_override); + pdev->driver_override = NULL; + } ++ device_unlock(dev); + + kfree(old); + +@@ -543,8 +546,12 @@ static ssize_t driver_override_show(stru + struct device_attribute *attr, char *buf) + { + struct pci_dev *pdev = to_pci_dev(dev); ++ ssize_t len; + +- return snprintf(buf, PAGE_SIZE, "%s\n", pdev->driver_override); ++ device_lock(dev); ++ len = snprintf(buf, PAGE_SIZE, "%s\n", pdev->driver_override); ++ device_unlock(dev); ++ return len; + } + static DEVICE_ATTR_RW(driver_override); + diff --git a/queue-3.18/powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch b/queue-3.18/powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch new file mode 100644 index 00000000000..d6d0ed50a63 --- /dev/null +++ b/queue-3.18/powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch @@ -0,0 +1,39 @@ +From b537ca6fede69a281dc524983e5e633d79a10a08 Mon Sep 17 00:00:00 2001 +From: Tyrel Datwyler +Date: Wed, 20 Sep 2017 17:02:52 -0400 +Subject: powerpc/pseries: Fix parent_dn reference leak in add_dt_node() + +From: Tyrel Datwyler + +commit b537ca6fede69a281dc524983e5e633d79a10a08 upstream. + +A reference to the parent device node is held by add_dt_node() for the +node to be added. If the call to dlpar_configure_connector() fails +add_dt_node() returns ENOENT and that reference is not freed. + +Add a call to of_node_put(parent_dn) prior to bailing out after a +failed dlpar_configure_connector() call. + +Fixes: 8d5ff320766f ("powerpc/pseries: Make dlpar_configure_connector parent node aware") +Signed-off-by: Tyrel Datwyler +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/pseries/mobility.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -225,8 +225,10 @@ static int add_dt_node(__be32 parent_pha + return -ENOENT; + + dn = dlpar_configure_connector(drc_index, parent_dn); +- if (!dn) ++ if (!dn) { ++ of_node_put(parent_dn); + return -ENOENT; ++ } + + rc = dlpar_attach_node(dn); + if (rc) diff --git a/queue-3.18/series b/queue-3.18/series index 879606748d4..3eadc2da5f3 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -9,3 +9,13 @@ crypto-talitos-fix-sha224.patch keys-fix-writing-past-end-of-user-supplied-buffer-in-keyring_read.patch keys-prevent-creating-a-different-user-s-keyrings.patch keys-prevent-keyctl_read-on-negative-key.patch +powerpc-pseries-fix-parent_dn-reference-leak-in-add_dt_node.patch +smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch +smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch +vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch +nl80211-check-for-the-required-netlink-attributes-presence.patch +bsg-lib-don-t-free-job-in-bsg_prepare_job.patch +arm64-make-sure-spsel-is-always-set.patch +kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch +pci-fix-race-condition-with-driver_override.patch +btrfs-prevent-to-set-invalid-default-subvolid.patch diff --git a/queue-3.18/smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch b/queue-3.18/smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch new file mode 100644 index 00000000000..4ec1819c3a3 --- /dev/null +++ b/queue-3.18/smb-validate-negotiate-to-protect-against-downgrade-even-if-signing-off.patch @@ -0,0 +1,56 @@ +From 0603c96f3af50e2f9299fa410c224ab1d465e0f9 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Wed, 20 Sep 2017 19:57:18 -0500 +Subject: SMB: Validate negotiate (to protect against downgrade) even if signing off + +From: Steve French + +commit 0603c96f3af50e2f9299fa410c224ab1d465e0f9 upstream. + +As long as signing is supported (ie not a guest user connection) and +connection is SMB3 or SMB3.02, then validate negotiate (protect +against man in the middle downgrade attacks). We had been doing this +only when signing was required, not when signing was just enabled, +but this more closely matches recommended SMB3 behavior and is +better security. Suggested by Metze. + +Signed-off-by: Steve French +Reviewed-by: Jeremy Allison +Acked-by: Stefan Metzmacher +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -453,15 +453,22 @@ int smb3_validate_negotiate(const unsign + + /* + * validation ioctl must be signed, so no point sending this if we +- * can not sign it. We could eventually change this to selectively ++ * can not sign it (ie are not known user). Even if signing is not ++ * required (enabled but not negotiated), in those cases we selectively + * sign just this, the first and only signed request on a connection. +- * This is good enough for now since a user who wants better security +- * would also enable signing on the mount. Having validation of +- * negotiate info for signed connections helps reduce attack vectors ++ * Having validation of negotiate info helps reduce attack vectors. + */ +- if (tcon->ses->server->sign == false) ++ if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) + return 0; /* validation requires signing */ + ++ if (tcon->ses->user_name == NULL) { ++ cifs_dbg(FYI, "Can't validate negotiate: null user mount\n"); ++ return 0; /* validation requires signing */ ++ } ++ ++ if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) ++ cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); ++ + vneg_inbuf.Capabilities = + cpu_to_le32(tcon->ses->server->vals->req_capabilities); + memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid, diff --git a/queue-3.18/smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch b/queue-3.18/smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch new file mode 100644 index 00000000000..d8026ae24e5 --- /dev/null +++ b/queue-3.18/smb3-don-t-ignore-o_sync-o_dsync-and-o_direct-flags.patch @@ -0,0 +1,34 @@ +From 1013e760d10e614dc10b5624ce9fc41563ba2e65 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Fri, 22 Sep 2017 01:40:27 -0500 +Subject: SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags + +From: Steve French + +commit 1013e760d10e614dc10b5624ce9fc41563ba2e65 upstream. + +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Reviewed-by: Pavel Shilovsky +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/file.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -225,6 +225,13 @@ cifs_nt_open(char *full_path, struct ino + if (backup_cred(cifs_sb)) + create_options |= CREATE_OPEN_BACKUP_INTENT; + ++ /* O_SYNC also has bit for O_DSYNC so following check picks up either */ ++ if (f_flags & O_SYNC) ++ create_options |= CREATE_WRITE_THROUGH; ++ ++ if (f_flags & O_DIRECT) ++ create_options |= CREATE_NO_BUFFER; ++ + oparms.tcon = tcon; + oparms.cifs_sb = cifs_sb; + oparms.desired_access = desired_access; diff --git a/queue-3.18/vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch b/queue-3.18/vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch new file mode 100644 index 00000000000..e5f10ff6240 --- /dev/null +++ b/queue-3.18/vfs-return-enxio-for-negative-seek_hole-seek_data-offsets.patch @@ -0,0 +1,44 @@ +From fc46820b27a2d9a46f7e90c9ceb4a64a1bc5fab8 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Mon, 25 Sep 2017 12:23:03 +0200 +Subject: vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets + +From: Andreas Gruenbacher + +commit fc46820b27a2d9a46f7e90c9ceb4a64a1bc5fab8 upstream. + +In generic_file_llseek_size, return -ENXIO for negative offsets as well +as offsets beyond EOF. This affects filesystems which don't implement +SEEK_HOLE / SEEK_DATA internally, possibly because they don't support +holes. + +Fixes xfstest generic/448. + +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/read_write.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/read_write.c ++++ b/fs/read_write.c +@@ -116,7 +116,7 @@ generic_file_llseek_size(struct file *fi + * In the generic case the entire file is data, so as long as + * offset isn't at the end of the file then the offset is data. + */ +- if (offset >= eof) ++ if ((unsigned long long)offset >= eof) + return -ENXIO; + break; + case SEEK_HOLE: +@@ -124,7 +124,7 @@ generic_file_llseek_size(struct file *fi + * There is a virtual hole at the end of the file, so as long as + * offset isn't i_size or larger, return i_size. + */ +- if (offset >= eof) ++ if ((unsigned long long)offset >= eof) + return -ENXIO; + offset = eof; + break; -- 2.47.3