From 6e761392c5a59a5ede6846c33c27098c2d162844 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 7 Aug 2018 19:21:10 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch
---
 ...emory-allocation-and-ea_buf-max_size.patch | 45 +++++++++++++++++++
 queue-4.14/series                             |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 queue-4.14/jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch

diff --git a/queue-4.14/jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch b/queue-4.14/jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch
new file mode 100644
index 00000000000..0bb2a8574ed
--- /dev/null
+++ b/queue-4.14/jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch
@@ -0,0 +1,45 @@
+From 92d34134193e5b129dc24f8d79cb9196626e8d7a Mon Sep 17 00:00:00 2001
+From: Shankara Pailoor <shankarapailoor@gmail.com>
+Date: Tue, 5 Jun 2018 08:33:27 -0500
+Subject: jfs: Fix inconsistency between memory allocation and ea_buf->max_size
+
+From: Shankara Pailoor <shankarapailoor@gmail.com>
+
+commit 92d34134193e5b129dc24f8d79cb9196626e8d7a upstream.
+
+The code is assuming the buffer is max_size length, but we weren't
+allocating enough space for it.
+
+Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com>
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/jfs/xattr.c |   10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/fs/jfs/xattr.c
++++ b/fs/jfs/xattr.c
+@@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, s
+ 	if (size > PSIZE) {
+ 		/*
+ 		 * To keep the rest of the code simple.  Allocate a
+-		 * contiguous buffer to work with
++		 * contiguous buffer to work with. Make the buffer large
++		 * enough to make use of the whole extent.
+ 		 */
+-		ea_buf->xattr = kmalloc(size, GFP_KERNEL);
++		ea_buf->max_size = (size + sb->s_blocksize - 1) &
++		    ~(sb->s_blocksize - 1);
++
++		ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL);
+ 		if (ea_buf->xattr == NULL)
+ 			return -ENOMEM;
+ 
+ 		ea_buf->flag = EA_MALLOC;
+-		ea_buf->max_size = (size + sb->s_blocksize - 1) &
+-		    ~(sb->s_blocksize - 1);
+ 
+ 		if (ea_size == 0)
+ 			return 0;
diff --git a/queue-4.14/series b/queue-4.14/series
index 8380ea2b121..87db8cedeb6 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -18,3 +18,4 @@ intel_idle-graceful-probe-failure-when-mwait-is-disabled.patch
 xfs-catch-inode-allocation-state-mismatch-corruption.patch
 xfs-validate-cached-inodes-are-free-when-allocated.patch
 xfs-don-t-call-xfs_da_shrink_inode-with-null-bp.patch
+jfs-fix-inconsistency-between-memory-allocation-and-ea_buf-max_size.patch
-- 
2.47.3