From: Greg Kroah-Hartman Date: Thu, 21 Jun 2018 21:24:15 +0000 (+0900) Subject: 4.4-stable patches X-Git-Tag: v4.17.3~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ea13d0ff87b546c628425dfb97b59869b0f6d537;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch driver-core-don-t-ignore-class_dir_create_and_add-failure.patch ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch --- diff --git a/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch b/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch new file mode 100644 index 00000000000..aeb1ad4e789 --- /dev/null +++ b/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch @@ -0,0 +1,32 @@ +From 2861751f67b91e1d24e68010ced96614fb3140f4 Mon Sep 17 00:00:00 2001 +From: Dennis Wassenberg +Date: Tue, 12 Jun 2018 07:10:59 +0200 +Subject: ALSA: hda: add dock and led support for HP EliteBook 830 G5 + +From: Dennis Wassenberg + +commit 2861751f67b91e1d24e68010ced96614fb3140f4 upstream. + +This patch adds missing initialisation for HP 2013 UltraSlim Dock +Line-In/Out PINs and activates keyboard mute/micmute leds +for HP EliteBook 830 G5 + +Signed-off-by: Dennis Wassenberg +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -851,6 +851,7 @@ static const struct snd_pci_quirk cxt506 + SND_PCI_QUIRK(0x103c, 0x8079, "HP EliteBook 840 G3", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK), ++ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE), + SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC), + SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN), diff --git a/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch b/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch new file mode 100644 index 00000000000..87844fd9870 --- /dev/null +++ b/queue-4.4/alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch @@ -0,0 +1,32 @@ +From 7eef32c1ef895a3a96463f9cbd04203007cd5555 Mon Sep 17 00:00:00 2001 +From: Dennis Wassenberg +Date: Tue, 12 Jun 2018 07:11:11 +0200 +Subject: ALSA: hda: add dock and led support for HP ProBook 640 G4 + +From: Dennis Wassenberg + +commit 7eef32c1ef895a3a96463f9cbd04203007cd5555 upstream. + +This patch adds missing initialisation for HP 2013 UltraSlim Dock +Line-In/Out PINs and activates keyboard mute/micmute leds +for HP ProBook 640 G4 + +Signed-off-by: Dennis Wassenberg +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -852,6 +852,7 @@ static const struct snd_pci_quirk cxt506 + SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK), ++ SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE), + SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC), + SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN), diff --git a/queue-4.4/alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch b/queue-4.4/alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch new file mode 100644 index 00000000000..bb614017a12 --- /dev/null +++ b/queue-4.4/alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch @@ -0,0 +1,46 @@ +From a3aa60d511746bd6c0d0366d4eb90a7998bcde8b Mon Sep 17 00:00:00 2001 +From: Bo Chen +Date: Thu, 31 May 2018 15:35:18 -0700 +Subject: ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() + +From: Bo Chen + +commit a3aa60d511746bd6c0d0366d4eb90a7998bcde8b upstream. + +When 'kzalloc()' fails in 'snd_hda_attach_pcm_stream()', a new pcm instance is +created without setting its operators via 'snd_pcm_set_ops()'. Following +operations on the new pcm instance can trigger kernel null pointer dereferences +and cause kernel oops. + +This bug was found with my work on building a gray-box fault-injection tool for +linux-kernel-module binaries. A kernel null pointer dereference was confirmed +from line 'substream->ops->open()' in function 'snd_pcm_open_substream()' in +file 'sound/core/pcm_native.c'. + +This patch fixes the bug by calling 'snd_device_free()' in the error handling +path of 'kzalloc()', which removes the new pcm instance from the snd card before +returns with an error code. + +Signed-off-by: Bo Chen +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_controller.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -547,8 +547,10 @@ int snd_hda_attach_pcm_stream(struct hda + return err; + strlcpy(pcm->name, cpcm->name, sizeof(pcm->name)); + apcm = kzalloc(sizeof(*apcm), GFP_KERNEL); +- if (apcm == NULL) ++ if (apcm == NULL) { ++ snd_device_free(chip->card, pcm); + return -ENOMEM; ++ } + apcm->chip = chip; + apcm->pcm = pcm; + apcm->codec = codec; diff --git a/queue-4.4/btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch b/queue-4.4/btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch new file mode 100644 index 00000000000..e7065c9459a --- /dev/null +++ b/queue-4.4/btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch @@ -0,0 +1,67 @@ +From ac0b4145d662a3b9e34085dea460fb06ede9b69b Mon Sep 17 00:00:00 2001 +From: Qu Wenruo +Date: Tue, 5 Jun 2018 12:36:56 +0800 +Subject: btrfs: scrub: Don't use inode pages for device replace + +From: Qu Wenruo + +commit ac0b4145d662a3b9e34085dea460fb06ede9b69b upstream. + +[BUG] +Btrfs can create compressed extent without checksum (even though it +shouldn't), and if we then try to replace device containing such extent, +the result device will contain all the uncompressed data instead of the +compressed one. + +Test case already submitted to fstests: +https://patchwork.kernel.org/patch/10442353/ + +[CAUSE] +When handling compressed extent without checksum, device replace will +goe into copy_nocow_pages() function. + +In that function, btrfs will get all inodes referring to this data +extents and then use find_or_create_page() to get pages direct from that +inode. + +The problem here is, pages directly from inode are always uncompressed. +And for compressed data extent, they mismatch with on-disk data. +Thus this leads to corrupted compressed data extent written to replace +device. + +[FIX] +In this attempt, we could just remove the "optimization" branch, and let +unified scrub_pages() to handle it. + +Although scrub_pages() won't bother reusing page cache, it will be a +little slower, but it does the correct csum checking and won't cause +such data corruption caused by "optimization". + +Note about the fix: this is the minimal fix that can be backported to +older stable trees without conflicts. The whole callchain from +copy_nocow_pages() can be deleted, and will be in followup patches. + +Fixes: ff023aac3119 ("Btrfs: add code to scrub to copy read data to another disk") +CC: stable@vger.kernel.org # 4.4+ +Reported-by: James Harvey +Reviewed-by: James Harvey +Signed-off-by: Qu Wenruo +[ remove code removal, add note why ] +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/scrub.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/scrub.c ++++ b/fs/btrfs/scrub.c +@@ -2513,7 +2513,7 @@ static int scrub_extent(struct scrub_ctx + have_csum = scrub_find_csum(sctx, logical, csum); + if (have_csum == 0) + ++sctx->stat.no_csum; +- if (sctx->is_dev_replace && !have_csum) { ++ if (0 && sctx->is_dev_replace && !have_csum) { + ret = copy_nocow_pages(sctx, logical, l, + mirror_num, + physical_for_dev_replace); diff --git a/queue-4.4/driver-core-don-t-ignore-class_dir_create_and_add-failure.patch b/queue-4.4/driver-core-don-t-ignore-class_dir_create_and_add-failure.patch new file mode 100644 index 00000000000..28b90b6c543 --- /dev/null +++ b/queue-4.4/driver-core-don-t-ignore-class_dir_create_and_add-failure.patch @@ -0,0 +1,79 @@ +From 84d0c27d6233a9ba0578b20f5a09701eb66cee42 Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa +Date: Mon, 7 May 2018 19:10:31 +0900 +Subject: driver core: Don't ignore class_dir_create_and_add() failure. + +From: Tetsuo Handa + +commit 84d0c27d6233a9ba0578b20f5a09701eb66cee42 upstream. + +syzbot is hitting WARN() at kernfs_add_one() [1]. +This is because kernfs_create_link() is confused by previous device_add() +call which continued without setting dev->kobj.parent field when +get_device_parent() failed by memory allocation fault injection. +Fix this by propagating the error from class_dir_create_and_add() to +the calllers of get_device_parent(). + +[1] https://syzkaller.appspot.com/bug?id=fae0fb607989ea744526d1c082a5b8de6529116f + +Signed-off-by: Tetsuo Handa +Reported-by: syzbot +Cc: Greg Kroah-Hartman +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/core.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -759,7 +759,7 @@ class_dir_create_and_add(struct class *c + + dir = kzalloc(sizeof(*dir), GFP_KERNEL); + if (!dir) +- return NULL; ++ return ERR_PTR(-ENOMEM); + + dir->class = class; + kobject_init(&dir->kobj, &class_dir_ktype); +@@ -769,7 +769,7 @@ class_dir_create_and_add(struct class *c + retval = kobject_add(&dir->kobj, parent_kobj, "%s", class->name); + if (retval < 0) { + kobject_put(&dir->kobj); +- return NULL; ++ return ERR_PTR(retval); + } + return &dir->kobj; + } +@@ -1076,6 +1076,10 @@ int device_add(struct device *dev) + + parent = get_device(dev->parent); + kobj = get_device_parent(dev, parent); ++ if (IS_ERR(kobj)) { ++ error = PTR_ERR(kobj); ++ goto parent_error; ++ } + if (kobj) + dev->kobj.parent = kobj; + +@@ -1174,6 +1178,7 @@ done: + kobject_del(&dev->kobj); + Error: + cleanup_glue_dir(dev, glue_dir); ++parent_error: + put_device(parent); + name_error: + kfree(dev->p); +@@ -1990,6 +1995,11 @@ int device_move(struct device *dev, stru + device_pm_lock(); + new_parent = get_device(new_parent); + new_parent_kobj = get_device_parent(dev, new_parent); ++ if (IS_ERR(new_parent_kobj)) { ++ error = PTR_ERR(new_parent_kobj); ++ put_device(new_parent); ++ goto out; ++ } + + pr_debug("device: '%s': %s: moving to '%s'\n", dev_name(dev), + __func__, new_parent ? dev_name(new_parent) : ""); diff --git a/queue-4.4/ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch b/queue-4.4/ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch new file mode 100644 index 00000000000..4b63f9f7544 --- /dev/null +++ b/queue-4.4/ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch @@ -0,0 +1,37 @@ +From 4f2f76f751433908364ccff82f437a57d0e6e9b7 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Fri, 25 May 2018 12:51:25 -0400 +Subject: ext4: fix fencepost error in check for inode count overflow during resize + +From: Jan Kara + +commit 4f2f76f751433908364ccff82f437a57d0e6e9b7 upstream. + +ext4_resize_fs() has an off-by-one bug when checking whether growing of +a filesystem will not overflow inode count. As a result it allows a +filesystem with 8192 inodes per group to grow to 64TB which overflows +inode count to 0 and makes filesystem unusable. Fix it. + +Cc: stable@vger.kernel.org +Fixes: 3f8a6411fbada1fa482276591e037f3b1adcf55b +Reported-by: Jaco Kroon +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Reviewed-by: Andreas Dilger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/resize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -1903,7 +1903,7 @@ retry: + return 0; + + n_group = ext4_get_group_number(sb, n_blocks_count - 1); +- if (n_group > (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) { ++ if (n_group >= (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) { + ext4_warning(sb, "resize would cause inodes_count overflow"); + return -EINVAL; + } diff --git a/queue-4.4/ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch b/queue-4.4/ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch new file mode 100644 index 00000000000..809050e650a --- /dev/null +++ b/queue-4.4/ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch @@ -0,0 +1,77 @@ +From eee597ac931305eff3d3fd1d61d6aae553bc0984 Mon Sep 17 00:00:00 2001 +From: Lukas Czerner +Date: Sun, 13 May 2018 19:28:35 -0400 +Subject: ext4: update mtime in ext4_punch_hole even if no blocks are released + +From: Lukas Czerner + +commit eee597ac931305eff3d3fd1d61d6aae553bc0984 upstream. + +Currently in ext4_punch_hole we're going to skip the mtime update if +there are no actual blocks to release. However we've actually modified +the file by zeroing the partial block so the mtime should be updated. + +Moreover the sync and datasync handling is skipped as well, which is +also wrong. Fix it. + +Signed-off-by: Lukas Czerner +Signed-off-by: Theodore Ts'o +Reported-by: Joe Habermann +Cc: +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 40 ++++++++++++++++++++-------------------- + 1 file changed, 20 insertions(+), 20 deletions(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3787,28 +3787,28 @@ int ext4_punch_hole(struct inode *inode, + EXT4_BLOCK_SIZE_BITS(sb); + stop_block = (offset + length) >> EXT4_BLOCK_SIZE_BITS(sb); + +- /* If there are no blocks to remove, return now */ +- if (first_block >= stop_block) +- goto out_stop; +- +- down_write(&EXT4_I(inode)->i_data_sem); +- ext4_discard_preallocations(inode); +- +- ret = ext4_es_remove_extent(inode, first_block, +- stop_block - first_block); +- if (ret) { +- up_write(&EXT4_I(inode)->i_data_sem); +- goto out_stop; +- } ++ /* If there are blocks to remove, do it */ ++ if (stop_block > first_block) { ++ ++ down_write(&EXT4_I(inode)->i_data_sem); ++ ext4_discard_preallocations(inode); + +- if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) +- ret = ext4_ext_remove_space(inode, first_block, +- stop_block - 1); +- else +- ret = ext4_ind_remove_space(handle, inode, first_block, +- stop_block); ++ ret = ext4_es_remove_extent(inode, first_block, ++ stop_block - first_block); ++ if (ret) { ++ up_write(&EXT4_I(inode)->i_data_sem); ++ goto out_stop; ++ } ++ ++ if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) ++ ret = ext4_ext_remove_space(inode, first_block, ++ stop_block - 1); ++ else ++ ret = ext4_ind_remove_space(handle, inode, first_block, ++ stop_block); + +- up_write(&EXT4_I(inode)->i_data_sem); ++ up_write(&EXT4_I(inode)->i_data_sem); ++ } + if (IS_SYNC(inode)) + ext4_handle_sync(handle); + diff --git a/queue-4.4/series b/queue-4.4/series index 08817b89ab6..ac7c020c934 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -10,3 +10,10 @@ btrfs-make-raid6-rebuild-retry-more.patch usb-musb-fix-remote-wakeup-racing-with-suspend.patch bonding-re-evaluate-force_primary-when-the-primary-slave-name-changes.patch tcp-verify-the-checksum-of-the-first-data-segment-in-a-new-connection.patch +ext4-update-mtime-in-ext4_punch_hole-even-if-no-blocks-are-released.patch +ext4-fix-fencepost-error-in-check-for-inode-count-overflow-during-resize.patch +driver-core-don-t-ignore-class_dir_create_and_add-failure.patch +btrfs-scrub-don-t-use-inode-pages-for-device-replace.patch +alsa-hda-handle-kzalloc-failure-in-snd_hda_attach_pcm_stream.patch +alsa-hda-add-dock-and-led-support-for-hp-elitebook-830-g5.patch +alsa-hda-add-dock-and-led-support-for-hp-probook-640-g4.patch