Update to 4.17.6

Drop patches applied upstream.

Add patches to avoid ABI changes.

15 files changed, 194 insertions, 714 deletions

diff --git a/debian/changelog b/debian/changelog
index 2888281670c5..39345a189f78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.17.5-1) UNRELEASED; urgency=medium
+linux (4.17.6-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
@@ -274,6 +274,52 @@ linux (4.17.5-1) UNRELEASED; urgency=medium
     - [arm64] dts: meson-gxl-s905x-p212: Add phy-supply for usb0
     - [x86] mm: Don't free P4D table when it is folded at runtime
     - [armhf] dts: imx6q: Use correct SDMA script for SPI5 core
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.6
+    - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
+    - mm: hugetlb: yield when prepping struct pages
+    - mm: teach dump_page() to correctly output poisoned struct pages
+    - PCI / ACPI / PM: Resume bridges w/o drivers on suspend-to-RAM
+    - ACPICA: Drop leading newlines from error messages
+    - ACPI / battery: Safe unregistering of hooks
+    - tracing: Avoid string overflow
+    - tracing: Fix missing return symbol in function_graph output
+    - scsi: sg: mitigate read/write abuse
+    - scsi: aacraid: Fix PD performance regression over incorrect qd being set
+    - scsi: target: Fix truncated PR-in ReadKeys response
+    - [s390x] Correct register corruption in critical section cleanup
+    - drbd: fix access after free
+    - vfio: Use get_user_pages_longterm correctly
+    - [armhf] dts: imx51-zii-rdu1: fix touchscreen pinctrl
+    - [armhf] dts: omap3: Fix am3517 mdio and emac clock references
+    - [armhf] dts: dra7: Disable metastability workaround for USB2
+    - cifs: Fix use after free of a mid_q_entry
+    - cifs: Fix memory leak in smb2_set_ea()
+    - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting
+    - cifs: Fix infinite loop when using hard mount option
+    - drm: Use kvzalloc for allocating blob property memory
+    - drm/udl: fix display corruption of the last line
+    - drm/amdgpu: Add amdgpu_atpx_get_dhandle()
+    - drm/amdgpu: Dynamically probe for ATIF handle (v2)
+    - ext4: include the illegal physical block in the bad map ext4_error msg
+    - ext4: add more mount time checks of the superblock
+    - ext4: check superblock mapped prior to committing
+    - HID: i2c-hid: Fix "incomplete report" noise
+    - HID: hiddev: fix potential Spectre v1 (CVE-2017-5715)
+    - HID: debug: check length before copy_to_user()
+    - HID: core: allow concurrent registration of drivers
+    - i2c: core: smbus: fix a potential missing-check bug
+    - i2c: smbus: kill memory leak on emulated and failed DMA SMBus xfers
+    - fs: allow per-device dax status checking for filesystems
+    - dax: change bdev_dax_supported() to support boolean returns
+    - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()
+    - dm: prevent DAX mounts if not supported
+    - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
+    - mtd: cfi_cmdset_0002: Change erase functions to retry for error
+    - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
+    - netfilter: nf_log: don't hold nf_log_mutex during user access
+    - [x86] staging: comedi: quatech_daqp_cs: fix no-op loop
+      daqp_ao_insn_write()
+    - Revert mm/vmstat.c: fix vmstat_update() preemption BUG
 
   [ Sjoerd Simons ]
   * [armhf] DRM: Enable CONFIG_DRM_IMX_PARALLEL_DISPLAY
@@ -291,6 +337,8 @@ linux (4.17.5-1) UNRELEASED; urgency=medium
       native tools built by kbuild
   * fs: Fix up non-directory creation in SGID directories (CVE-2018-13405)
   * sound/pci/hda: Ignore ABI changes
+  * HID: Avoid ABI change in 4.17.6
+  * dax: Avoid ABI change in 4.17.6
 
   [ Cyril Brulebois ]
   * udeb: Add virtio_console to virtio-modules (Closes: #903122).
diff --git a/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch b/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
deleted file mode 100644
index 8c4c722af76d..000000000000
--- a/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Wed, 13 Jun 2018 00:23:11 -0400
-Subject: ext4: add corruption check in ext4_xattr_set_entry()
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=4fda60bbdbb61de76e3d3c48ed77c9e9b96b00d1
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879
-
-In theory this should have been caught earlier when the xattr list was
-verified, but in case it got missed, it's simple enough to add check
-to make sure we don't overrun the xattr buffer.
-
-This addresses CVE-2018-10879.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200001
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Reviewed-by: Andreas Dilger <adilger@dilger.ca>
----
- fs/ext4/xattr.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
-index fc4ced59c565..230ba79715f6 100644
---- a/fs/ext4/xattr.c
-+++ b/fs/ext4/xattr.c
-@@ -1560,7 +1560,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
- 				handle_t *handle, struct inode *inode,
- 				bool is_block)
- {
--	struct ext4_xattr_entry *last;
-+	struct ext4_xattr_entry *last, *next;
- 	struct ext4_xattr_entry *here = s->here;
- 	size_t min_offs = s->end - s->base, name_len = strlen(i->name);
- 	int in_inode = i->in_inode;
-@@ -1595,7 +1595,13 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
- 
- 	/* Compute min_offs and last. */
- 	last = s->first;
--	for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) {
-+	for (; !IS_LAST_ENTRY(last); last = next) {
-+		next = EXT4_XATTR_NEXT(last);
-+		if ((void *)next >= s->end) {
-+			EXT4_ERROR_INODE(inode, "corrupted xattr entries");
-+			ret = -EFSCORRUPTED;
-+			goto out;
-+		}
- 		if (!last->e_value_inum && last->e_value_size) {
- 			size_t offs = le16_to_cpu(last->e_value_offs);
- 			if (offs < min_offs)
diff --git a/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch b/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch
deleted file mode 100644
index 5a509ea4986f..000000000000
--- a/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Sun, 17 Jun 2018 00:41:14 -0400
-Subject: ext4: add more inode number paranoia checks
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=a0b4bd6c4418a8d2ba51f27968f5af005e5dbbdd
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10882
-
-If there is a directory entry pointing to a system inode (such as a
-journal inode), complain and declare the file system to be corrupted.
-
-Also, if the superblock's first inode number field is too small,
-refuse to mount the file system.
-
-This addresses CVE-2018-10882.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200069
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/ext4.h  | 5 -----
- fs/ext4/inode.c | 3 ++-
- fs/ext4/super.c | 5 +++++
- 3 files changed, 7 insertions(+), 6 deletions(-)
-
---- a/fs/ext4/ext4.h
-+++ b/fs/ext4/ext4.h
-@@ -1501,11 +1501,6 @@ static inline struct ext4_inode_info *EX
- static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)
- {
- 	return ino == EXT4_ROOT_INO ||
--		ino == EXT4_USR_QUOTA_INO ||
--		ino == EXT4_GRP_QUOTA_INO ||
--		ino == EXT4_BOOT_LOADER_INO ||
--		ino == EXT4_JOURNAL_INO ||
--		ino == EXT4_RESIZE_INO ||
- 		(ino >= EXT4_FIRST_INO(sb) &&
- 		 ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));
- }
---- a/fs/ext4/inode.c
-+++ b/fs/ext4/inode.c
-@@ -4506,7 +4506,8 @@ static int __ext4_get_inode_loc(struct i
- 	int			inodes_per_block, inode_offset;
- 
- 	iloc->bh = NULL;
--	if (!ext4_valid_inum(sb, inode->i_ino))
-+	if (inode->i_ino < EXT4_ROOT_INO ||
-+	    inode->i_ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count))
- 		return -EFSCORRUPTED;
- 
- 	iloc->block_group = (inode->i_ino - 1) / EXT4_INODES_PER_GROUP(sb);
---- a/fs/ext4/super.c
-+++ b/fs/ext4/super.c
-@@ -3817,6 +3817,11 @@ static int ext4_fill_super(struct super_
- 	} else {
- 		sbi->s_inode_size = le16_to_cpu(es->s_inode_size);
- 		sbi->s_first_ino = le32_to_cpu(es->s_first_ino);
-+		if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) {
-+			ext4_msg(sb, KERN_ERR, "invalid first ino: %u",
-+				 sbi->s_first_ino);
-+			goto failed_mount;
-+		}
- 		if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) ||
- 		    (!is_power_of_2(sbi->s_inode_size)) ||
- 		    (sbi->s_inode_size > blocksize)) {
diff --git a/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch b/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
deleted file mode 100644
index 8516b36aef77..000000000000
--- a/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Wed, 13 Jun 2018 23:00:48 -0400
-Subject: ext4: always check block group bounds in ext4_init_block_bitmap()
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=dcf37fefac3f699aa1341f86bcd7808ccc651c33
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878
-
-Regardless of whether the flex_bg feature is set, we should always
-check to make sure the bits we are setting in the block bitmap are
-within the block group bounds.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=199865
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-[bwh: Backported to 4.17: adjust context]
----
- fs/ext4/balloc.c | 10 +++-------
- 1 file changed, 3 insertions(+), 7 deletions(-)
-
---- a/fs/ext4/balloc.c
-+++ b/fs/ext4/balloc.c
-@@ -184,7 +184,6 @@ static int ext4_init_block_bitmap(struct
- 	unsigned int bit, bit_max;
- 	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	ext4_fsblk_t start, tmp;
--	int flex_bg = 0;
- 	struct ext4_group_info *grp;
- 
- 	J_ASSERT_BH(bh, buffer_locked(bh));
-@@ -217,22 +216,19 @@ static int ext4_init_block_bitmap(struct
- 
- 	start = ext4_group_first_block_no(sb, block_group);
- 
--	if (ext4_has_feature_flex_bg(sb))
--		flex_bg = 1;
--
- 	/* Set bits for block and inode bitmaps, and inode table */
- 	tmp = ext4_block_bitmap(sb, gdp);
--	if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
-+	if (ext4_block_in_group(sb, tmp, block_group))
- 		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
- 
- 	tmp = ext4_inode_bitmap(sb, gdp);
--	if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
-+	if (ext4_block_in_group(sb, tmp, block_group))
- 		ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
- 
- 	tmp = ext4_inode_table(sb, gdp);
- 	for (; tmp < ext4_inode_table(sb, gdp) +
- 		     sbi->s_itb_per_group; tmp++) {
--		if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
-+		if (ext4_block_in_group(sb, tmp, block_group))
- 			ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
- 	}
- 
diff --git a/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch b/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
deleted file mode 100644
index 2522bcb4c422..000000000000
--- a/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Wed, 13 Jun 2018 00:51:28 -0400
-Subject: ext4: always verify the magic number in xattr blocks
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3345c50533c6a17ebc0284362ca7b69aaef37ac4
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879
-
-If there an inode points to a block which is also some other type of
-metadata block (such as a block allocation bitmap), the
-buffer_verified flag can be set when it was validated as that other
-metadata block type; however, it would make a really terrible external
-attribute block.  The reason why we use the verified flag is to avoid
-constantly reverifying the block.  However, it doesn't take much
-overhead to make sure the magic number of the xattr block is correct,
-and this will avoid potential crashes.
-
-This addresses CVE-2018-10879.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200001
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Reviewed-by: Andreas Dilger <adilger@dilger.ca>
----
- fs/ext4/xattr.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
-index 230ba79715f6..0263692979ec 100644
---- a/fs/ext4/xattr.c
-+++ b/fs/ext4/xattr.c
-@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh,
- {
- 	int error = -EFSCORRUPTED;
- 
--	if (buffer_verified(bh))
--		return 0;
--
- 	if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
- 	    BHDR(bh)->h_blocks != cpu_to_le32(1))
- 		goto errout;
-+	if (buffer_verified(bh))
-+		return 0;
-+
- 	error = -EFSBADCRC;
- 	if (!ext4_xattr_block_csum_verify(inode, bh))
- 		goto errout;
diff --git a/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch b/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
deleted file mode 100644
index 911fcac747a9..000000000000
--- a/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Sat, 16 Jun 2018 23:41:59 -0400
-Subject: ext4: avoid running out of journal credits when appending to an
- inline file
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3886651521995071fab29401094e675b6ebfdc8c
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883
-
-Use a separate journal transaction if it turns out that we need to
-convert an inline file to use an data block.  Otherwise we could end
-up failing due to not having journal credits.
-
-This addresses CVE-2018-10883.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200071
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/ext4.h   |  3 ---
- fs/ext4/inline.c | 38 +-------------------------------------
- fs/ext4/xattr.c  | 19 ++-----------------
- 3 files changed, 3 insertions(+), 57 deletions(-)
-
---- a/fs/ext4/ext4.h
-+++ b/fs/ext4/ext4.h
-@@ -3005,9 +3005,6 @@ extern int ext4_inline_data_fiemap(struc
- struct iomap;
- extern int ext4_inline_data_iomap(struct inode *inode, struct iomap *iomap);
- 
--extern int ext4_try_to_evict_inline_data(handle_t *handle,
--					 struct inode *inode,
--					 int needed);
- extern int ext4_inline_data_truncate(struct inode *inode, int *has_inline);
- 
- extern int ext4_convert_inline_data(struct inode *inode);
---- a/fs/ext4/inline.c
-+++ b/fs/ext4/inline.c
-@@ -887,11 +887,11 @@ retry_journal:
- 	flags |= AOP_FLAG_NOFS;
- 
- 	if (ret == -ENOSPC) {
-+		ext4_journal_stop(handle);
- 		ret = ext4_da_convert_inline_data_to_extent(mapping,
- 							    inode,
- 							    flags,
- 							    fsdata);
--		ext4_journal_stop(handle);
- 		if (ret == -ENOSPC &&
- 		    ext4_should_retry_alloc(inode->i_sb, &retries))
- 			goto retry_journal;
-@@ -1891,42 +1891,6 @@ out:
- 	return (error < 0 ? error : 0);
- }
- 
--/*
-- * Called during xattr set, and if we can sparse space 'needed',
-- * just create the extent tree evict the data to the outer block.
-- *
-- * We use jbd2 instead of page cache to move data to the 1st block
-- * so that the whole transaction can be committed as a whole and
-- * the data isn't lost because of the delayed page cache write.
-- */
--int ext4_try_to_evict_inline_data(handle_t *handle,
--				  struct inode *inode,
--				  int needed)
--{
--	int error;
--	struct ext4_xattr_entry *entry;
--	struct ext4_inode *raw_inode;
--	struct ext4_iloc iloc;
--
--	error = ext4_get_inode_loc(inode, &iloc);
--	if (error)
--		return error;
--
--	raw_inode = ext4_raw_inode(&iloc);
--	entry = (struct ext4_xattr_entry *)((void *)raw_inode +
--					    EXT4_I(inode)->i_inline_off);
--	if (EXT4_XATTR_LEN(entry->e_name_len) +
--	    EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)) < needed) {
--		error = -ENOSPC;
--		goto out;
--	}
--
--	error = ext4_convert_inline_data_nolock(handle, inode, &iloc);
--out:
--	brelse(iloc.bh);
--	return error;
--}
--
- int ext4_inline_data_truncate(struct inode *inode, int *has_inline)
- {
- 	handle_t *handle;
---- a/fs/ext4/xattr.c
-+++ b/fs/ext4/xattr.c
-@@ -2212,23 +2212,8 @@ int ext4_xattr_ibody_inline_set(handle_t
- 	if (EXT4_I(inode)->i_extra_isize == 0)
- 		return -ENOSPC;
- 	error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */);
--	if (error) {
--		if (error == -ENOSPC &&
--		    ext4_has_inline_data(inode)) {
--			error = ext4_try_to_evict_inline_data(handle, inode,
--					EXT4_XATTR_LEN(strlen(i->name) +
--					EXT4_XATTR_SIZE(i->value_len)));
--			if (error)
--				return error;
--			error = ext4_xattr_ibody_find(inode, i, is);
--			if (error)
--				return error;
--			error = ext4_xattr_set_entry(i, s, handle, inode,
--						     false /* is_block */);
--		}
--		if (error)
--			return error;
--	}
-+	if (error)
-+		return error;
- 	header = IHDR(inode, ext4_raw_inode(&is->iloc));
- 	if (!IS_LAST_ENTRY(s->first)) {
- 		header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC);
diff --git a/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch b/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
deleted file mode 100644
index f4344dd1f190..000000000000
--- a/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Fri, 15 Jun 2018 12:28:16 -0400
-Subject: ext4: clear i_data in ext4_inode_info when removing inline data
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=cd75e020ee28aa21985c6d8ebafc7457b4c51531
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10881
-
-When converting from an inode from storing the data in-line to a data
-block, ext4_destroy_inline_data_nolock() was only clearing the on-disk
-copy of the i_blocks[] array.  It was not clearing copy of the
-i_blocks[] in ext4_inode_info, in i_data[], which is the copy actually
-used by ext4_map_blocks().
-
-This didn't matter much if we are using extents, since the extents
-header would be invalid and thus the extents could would re-initialize
-the extents tree.  But if we are using indirect blocks, the previous
-contents of the i_blocks array will be treated as block numbers, with
-potentially catastrophic results to the file system integrity and/or
-user data.
-
-This gets worse if the file system is using a 1k block size and
-s_first_data is zero, but even without this, the file system can get
-quite badly corrupted.
-
-This addresses CVE-2018-10881.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200015
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/inline.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/fs/ext4/inline.c
-+++ b/fs/ext4/inline.c
-@@ -437,6 +437,7 @@ static int ext4_destroy_inline_data_nolo
- 
- 	memset((void *)ext4_raw_inode(&is.iloc)->i_block,
- 		0, EXT4_MIN_INLINE_DATA_SIZE);
-+	memset(ei->i_data, 0, EXT4_MIN_INLINE_DATA_SIZE);
- 
- 	if (ext4_has_feature_extents(inode->i_sb)) {
- 		if (S_ISDIR(inode->i_mode) ||
diff --git a/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
deleted file mode 100644
index a1b2cfefdb78..000000000000
--- a/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Wed, 13 Jun 2018 23:08:26 -0400
-Subject: ext4: make sure bitmaps and the inode table don't overlap with bg
- descriptors
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=6b506a7d09854128b1da9571d879ee9dea3ffb02
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878
-
-It's really bad when the allocation bitmaps and the inode table
-overlap with the block group descriptors, since it causes random
-corruption of the bg descriptors.  So we really want to head those off
-at the pass.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=199865
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/super.c | 25 +++++++++++++++++++++++++
- 1 file changed, 25 insertions(+)
-
---- a/fs/ext4/super.c
-+++ b/fs/ext4/super.c
-@@ -2307,6 +2307,7 @@ static int ext4_check_descriptors(struct
- 	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
- 	ext4_fsblk_t last_block;
-+	ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
- 	ext4_fsblk_t block_bitmap;
- 	ext4_fsblk_t inode_bitmap;
- 	ext4_fsblk_t inode_table;
-@@ -2339,6 +2340,14 @@ static int ext4_check_descriptors(struct
- 			if (!sb_rdonly(sb))
- 				return 0;
- 		}
-+		if (block_bitmap >= sb_block + 1 &&
-+		    block_bitmap <= last_bg_block) {
-+			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
-+				 "Block bitmap for group %u overlaps "
-+				 "block group descriptors", i);
-+			if (!sb_rdonly(sb))
-+				return 0;
-+		}
- 		if (block_bitmap < first_block || block_bitmap > last_block) {
- 			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
- 			       "Block bitmap for group %u not in group "
-@@ -2353,6 +2362,14 @@ static int ext4_check_descriptors(struct
- 			if (!sb_rdonly(sb))
- 				return 0;
- 		}
-+		if (inode_bitmap >= sb_block + 1 &&
-+		    inode_bitmap <= last_bg_block) {
-+			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
-+				 "Inode bitmap for group %u overlaps "
-+				 "block group descriptors", i);
-+			if (!sb_rdonly(sb))
-+				return 0;
-+		}
- 		if (inode_bitmap < first_block || inode_bitmap > last_block) {
- 			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
- 			       "Inode bitmap for group %u not in group "
-@@ -2367,6 +2384,14 @@ static int ext4_check_descriptors(struct
- 			if (!sb_rdonly(sb))
- 				return 0;
- 		}
-+		if (inode_table >= sb_block + 1 &&
-+		    inode_table <= last_bg_block) {
-+			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
-+				 "Inode table for group %u overlaps "
-+				 "block group descriptors", i);
-+			if (!sb_rdonly(sb))
-+				return 0;
-+		}
- 		if (inode_table < first_block ||
- 		    inode_table + sbi->s_itb_per_group - 1 > last_block) {
- 			ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
diff --git a/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch b/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
deleted file mode 100644
index ea530a7a2665..000000000000
--- a/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Sat, 16 Jun 2018 15:40:48 -0400
-Subject: ext4: never move the system.data xattr out of the inode body
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=896003d9fd652666080a06411d4238ee6eb4fb76
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10880
-
-When expanding the extra isize space, we must never move the
-system.data xattr out of the inode body.  For performance reasons, it
-doesn't make any sense, and the inline data implementation assumes
-that system.data xattr is never in the external xattr block.
-
-This addresses CVE-2018-10880
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200005
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/xattr.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/fs/ext4/xattr.c
-+++ b/fs/ext4/xattr.c
-@@ -2657,6 +2657,11 @@ static int ext4_xattr_make_inode_space(h
- 		last = IFIRST(header);
- 		/* Find the entry best suited to be pushed into EA block */
- 		for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) {
-+			/* never move system.data out of the inode */
-+			if ((last->e_name_len == 4) &&
-+			    (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) &&
-+			    !memcmp(last->e_name, "data", 4))
-+				continue;
- 			total_size = EXT4_XATTR_LEN(last->e_name_len);
- 			if (!last->e_value_inum)
- 				total_size += EXT4_XATTR_SIZE(
diff --git a/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch b/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
deleted file mode 100644
index 1eba51ee725f..000000000000
--- a/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Thu, 14 Jun 2018 00:58:00 -0400
-Subject: ext4: only look at the bg_flags field if it is valid
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=32a82d31527ae9cb568f5d7fa5ad27b2860324ed
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10876
-
-The bg_flags field in the block group descripts is only valid if the
-uninit_bg or metadata_csum feature is enabled.  We were not
-consistently looking at this field; fix this.
-
-Also block group #0 must never have uninitialized allocation bitmaps,
-or need to be zeroed, since that's where the root inode, and other
-special inodes are set up.  Check for these conditions and mark the
-file system as corrupted if they are detected.
-
-This addresses CVE-2018-10876.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=199403
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/balloc.c  | 11 ++++++++++-
- fs/ext4/ialloc.c  | 14 ++++++++++++--
- fs/ext4/mballoc.c |  6 ++++--
- fs/ext4/super.c   | 11 ++++++++++-
- 4 files changed, 36 insertions(+), 6 deletions(-)
-
---- a/fs/ext4/balloc.c
-+++ b/fs/ext4/balloc.c
-@@ -451,7 +451,16 @@ ext4_read_block_bitmap_nowait(struct sup
- 		goto verify;
- 	}
- 	ext4_lock_group(sb, block_group);
--	if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
-+	if (ext4_has_group_desc_csum(sb) &&
-+	    (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
-+		if (block_group == 0) {
-+			ext4_unlock_group(sb, block_group);
-+			unlock_buffer(bh);
-+			ext4_error(sb, "Block bitmap for bg 0 marked "
-+				   "uninitialized");
-+			err = -EFSCORRUPTED;
-+			goto out;
-+		}
- 		err = ext4_init_block_bitmap(sb, bh, block_group, desc);
- 		set_bitmap_uptodate(bh);
- 		set_buffer_uptodate(bh);
---- a/fs/ext4/ialloc.c
-+++ b/fs/ext4/ialloc.c
-@@ -155,7 +155,16 @@ ext4_read_inode_bitmap(struct super_bloc
- 	}
- 
- 	ext4_lock_group(sb, block_group);
--	if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) {
-+	if (ext4_has_group_desc_csum(sb) &&
-+	    (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) {
-+		if (block_group == 0) {
-+			ext4_unlock_group(sb, block_group);
-+			unlock_buffer(bh);
-+			ext4_error(sb, "Inode bitmap for bg 0 marked "
-+				   "uninitialized");
-+			err = -EFSCORRUPTED;
-+			goto out;
-+		}
- 		memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8);
- 		ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb),
- 				     sb->s_blocksize * 8, bh->b_data);
-@@ -1000,7 +1009,8 @@ got:
- 
- 		/* recheck and clear flag under lock if we still need to */
- 		ext4_lock_group(sb, group);
--		if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
-+		if (ext4_has_group_desc_csum(sb) &&
-+		    (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
- 			gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);
- 			ext4_free_group_clusters_set(sb, gdp,
- 				ext4_free_clusters_after_init(sb, group, gdp));
---- a/fs/ext4/mballoc.c
-+++ b/fs/ext4/mballoc.c
-@@ -2444,7 +2444,8 @@ int ext4_mb_add_groupinfo(struct super_b
- 	 * initialize bb_free to be able to skip
- 	 * empty groups without initialization
- 	 */
--	if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
-+	if (ext4_has_group_desc_csum(sb) &&
-+	    (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
- 		meta_group_info[i]->bb_free =
- 			ext4_free_clusters_after_init(sb, group, desc);
- 	} else {
-@@ -3011,7 +3012,8 @@ ext4_mb_mark_diskspace_used(struct ext4_
- #endif
- 	ext4_set_bits(bitmap_bh->b_data, ac->ac_b_ex.fe_start,
- 		      ac->ac_b_ex.fe_len);
--	if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
-+	if (ext4_has_group_desc_csum(sb) &&
-+	    (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
- 		gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);
- 		ext4_free_group_clusters_set(sb, gdp,
- 					     ext4_free_clusters_after_init(sb,
---- a/fs/ext4/super.c
-+++ b/fs/ext4/super.c
-@@ -3098,13 +3098,22 @@ static ext4_group_t ext4_has_uninit_itab
- 	ext4_group_t group, ngroups = EXT4_SB(sb)->s_groups_count;
- 	struct ext4_group_desc *gdp = NULL;
- 
-+	if (!ext4_has_group_desc_csum(sb))
-+		return ngroups;
-+
- 	for (group = 0; group < ngroups; group++) {
- 		gdp = ext4_get_group_desc(sb, group, NULL);
- 		if (!gdp)
- 			continue;
- 
--		if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)))
-+		if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))
-+			continue;
-+		if (group != 0)
- 			break;
-+		ext4_error(sb, "Inode table for bg 0 marked as "
-+			   "needing zeroing");
-+		if (sb_rdonly(sb))
-+			return ngroups;
- 	}
- 
- 	return group;
diff --git a/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch b/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
deleted file mode 100644
index 06220d2f2f8e..000000000000
--- a/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Thu, 14 Jun 2018 12:55:10 -0400
-Subject: ext4: verify the depth of extent tree in ext4_find_extent()
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=0a8173832987f52ab6926dbdf1cd3991ca615000
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10877
-
-If there is a corupted file system where the claimed depth of the
-extent tree is -1, this can cause a massive buffer overrun leading to
-sadness.
-
-This addresses CVE-2018-10877.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=199417
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/ext4/ext4_extents.h | 1 +
- fs/ext4/extents.c      | 6 ++++++
- 2 files changed, 7 insertions(+)
-
---- a/fs/ext4/ext4_extents.h
-+++ b/fs/ext4/ext4_extents.h
-@@ -91,6 +91,7 @@ struct ext4_extent_header {
- };
- 
- #define EXT4_EXT_MAGIC		cpu_to_le16(0xf30a)
-+#define EXT4_MAX_EXTENT_DEPTH 5
- 
- #define EXT4_EXTENT_TAIL_OFFSET(hdr) \
- 	(sizeof(struct ext4_extent_header) + \
---- a/fs/ext4/extents.c
-+++ b/fs/ext4/extents.c
-@@ -869,6 +869,12 @@ ext4_find_extent(struct inode *inode, ex
- 
- 	eh = ext_inode_hdr(inode);
- 	depth = ext_depth(inode);
-+	if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) {
-+		EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d",
-+				 depth);
-+		ret = -EFSCORRUPTED;
-+		goto err;
-+	}
- 
- 	if (path) {
- 		ext4_ext_drop_refs(path);
diff --git a/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch b/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
deleted file mode 100644
index 2db45203909b..000000000000
--- a/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Sat, 16 Jun 2018 20:21:45 -0400
-Subject: jbd2: don't mark block as modified if the handle is out of credits
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=aa18d2cefac6c34885659d12c3fdcffcd6c54e9a
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883
-
-Do not set the b_modified flag in block's journal head should not
-until after we're sure that jbd2_journal_dirty_metadat() will not
-abort with an error due to there not being enough space reserved in
-the jbd2 handle.
-
-Otherwise, future attempts to modify the buffer may lead a large
-number of spurious errors and warnings.
-
-This addresses CVE-2018-10883.
-
-https://bugzilla.kernel.org/show_bug.cgi?id=200071
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
----
- fs/jbd2/transaction.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
---- a/fs/jbd2/transaction.c
-+++ b/fs/jbd2/transaction.c
-@@ -1363,6 +1363,13 @@ int jbd2_journal_dirty_metadata(handle_t
- 		if (jh->b_transaction == transaction &&
- 		    jh->b_jlist != BJ_Metadata) {
- 			jbd_lock_bh_state(bh);
-+			if (jh->b_transaction == transaction &&
-+			    jh->b_jlist != BJ_Metadata)
-+				pr_err("JBD2: assertion failure: h_type=%u "
-+				       "h_line_no=%u block_no=%llu jlist=%u\n",
-+				       handle->h_type, handle->h_line_no,
-+				       (unsigned long long) bh->b_blocknr,
-+				       jh->b_jlist);
- 			J_ASSERT_JH(jh, jh->b_transaction != transaction ||
- 					jh->b_jlist == BJ_Metadata);
- 			jbd_unlock_bh_state(bh);
-@@ -1382,11 +1389,11 @@ int jbd2_journal_dirty_metadata(handle_t
- 		 * of the transaction. This needs to be done
- 		 * once a transaction -bzzz
- 		 */
--		jh->b_modified = 1;
- 		if (handle->h_buffer_credits <= 0) {
- 			ret = -ENOSPC;
- 			goto out_unlock_bh;
- 		}
-+		jh->b_modified = 1;
- 		handle->h_buffer_credits--;
- 	}
- 
diff --git a/debian/patches/debian/dax-avoid-abi-change-in-4.17.6.patch b/debian/patches/debian/dax-avoid-abi-change-in-4.17.6.patch
new file mode 100644
index 000000000000..eda8d3ed9bd0
--- /dev/null
+++ b/debian/patches/debian/dax-avoid-abi-change-in-4.17.6.patch
@@ -0,0 +1,63 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 12 Jul 2018 01:02:13 +0100
+Subject: dax: Avoid ABI change in 4.17.6
+Forwarded: not-needed
+
+The return type and first parameter type for bdev_dax_supported() and
+__bdev_dax_supported() were changed by commits ba23cba9b3bd "fs: allow
+per-device dax status checking for filesystems" and 80660f20252d "dax:
+change bdev_dax_supported() to support boolean returns".
+
+Avoid an ABI break by renaming the new version of
+__bdev_dax_supported() and reintroducing the old version as a wrapper
+for it.  Add a #define so that the old version is hidden from the API,
+i.e. newly built modules must use the new API.
+
+---
+--- a/drivers/dax/super.c
++++ b/drivers/dax/super.c
+@@ -72,6 +72,8 @@ struct dax_device *fs_dax_get_by_bdev(st
+ EXPORT_SYMBOL_GPL(fs_dax_get_by_bdev);
+ #endif
+ 
++#undef __bdev_dax_supported
++
+ /**
+  * __bdev_dax_supported() - Check if the device supports dax for filesystem
+  * @bdev: block device to check
+@@ -82,7 +84,7 @@ EXPORT_SYMBOL_GPL(fs_dax_get_by_bdev);
+  *
+  * Return: true if supported, false if unsupported
+  */
+-bool __bdev_dax_supported(struct block_device *bdev, int blocksize)
++bool __bdev_dax_supported_new(struct block_device *bdev, int blocksize)
+ {
+ 	struct dax_device *dax_dev;
+ 	struct request_queue *q;
+@@ -152,6 +154,13 @@ bool __bdev_dax_supported(struct block_d
+ 
+ 	return true;
+ }
++EXPORT_SYMBOL_GPL(__bdev_dax_supported_new);
++
++int __bdev_dax_supported(struct super_block *sb, int blocksize)
++{
++	return __bdev_dax_supported_bdev(sb->s_bdev, blocksize)
++		? 0 : -EOPNOTSUPP;
++}
+ EXPORT_SYMBOL_GPL(__bdev_dax_supported);
+ #endif
+ 
+--- a/include/linux/dax.h
++++ b/include/linux/dax.h
+@@ -64,7 +64,9 @@ static inline bool dax_write_cache_enabl
+ struct writeback_control;
+ int bdev_dax_pgoff(struct block_device *, sector_t, size_t, pgoff_t *pgoff);
+ #if IS_ENABLED(CONFIG_FS_DAX)
+-bool __bdev_dax_supported(struct block_device *bdev, int blocksize);
++int __bdev_dax_supported(struct super_block *sb, int blocksize);
++bool __bdev_dax_supported_new(struct block_device *bdev, int blocksize);
++#define __bdev_dax_supported __bdev_dax_supported_new
+ static inline bool bdev_dax_supported(struct block_device *bdev, int blocksize)
+ {
+ 	return __bdev_dax_supported(bdev, blocksize);
diff --git a/debian/patches/debian/hid-avoid-abi-change-in-4.17.6.patch b/debian/patches/debian/hid-avoid-abi-change-in-4.17.6.patch
new file mode 100644
index 000000000000..050bdf2b4451
--- /dev/null
+++ b/debian/patches/debian/hid-avoid-abi-change-in-4.17.6.patch
@@ -0,0 +1,80 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 12 Jul 2018 00:39:38 +0100
+Subject: HID: Avoid ABI change in 4.17.6
+Forwarded: not-needed
+
+Commit 8f732850df1b "HID: core: allow concurrent registration of
+drivers" introduced atomic bit-operations on hid_device::status, and
+changed its type from unsigned int to unsigned long as required for
+those operations.
+
+Revert the type change and use cmpxchg() for the bit-operations,
+since it supports unsigned int.
+
+---
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -1929,6 +1929,34 @@ static int hid_bus_match(struct device *
+ 	return hid_match_device(hdev, hdrv) != NULL;
+ }
+ 
++static void clear_status_flag(unsigned int flag, unsigned int *status)
++{
++	unsigned int expect, old;
++
++	expect = READ_ONCE(*status);
++	for (;;) {
++		old = cmpxchg(status, expect, expect & ~flag);
++		if (old == expect)
++			break;
++		expect = old;
++	}
++}
++
++static bool test_and_set_status_flag(unsigned int flag, unsigned int *status)
++{
++	unsigned int expect, old;
++
++	expect = READ_ONCE(*status);
++	for (;;) {
++		old = cmpxchg(status, expect, expect | flag);
++		if (old == expect)
++			break;
++		expect = old;
++	}
++
++	return old & flag;
++}
++
+ static int hid_device_probe(struct device *dev)
+ {
+ 	struct hid_driver *hdrv = to_hid_driver(dev->driver);
+@@ -1942,7 +1970,7 @@ static int hid_device_probe(struct devic
+ 	}
+ 	hdev->io_started = false;
+ 
+-	clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
++	clear_status_flag(HID_STAT_REPROBED, &hdev->status);
+ 
+ 	if (!hdev->driver) {
+ 		id = hid_match_device(hdev, hdrv);
+@@ -2208,7 +2236,7 @@ static int __hid_bus_reprobe_drivers(str
+ 
+ 	if (hdev->driver == hdrv &&
+ 	    !hdrv->match(hdev, hid_ignore_special_drivers) &&
+-	    !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
++	    !test_and_set_status_flag(HID_STAT_REPROBED, &hdev->status))
+ 		return device_reprobe(dev);
+ 
+ 	return 0;
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -569,7 +569,7 @@ struct hid_device {							/* device repo
+ 	bool battery_avoid_query;
+ #endif
+ 
+-	unsigned long status;						/* see STAT flags above */
++	unsigned int status;						/* see STAT flags above */
+ 	unsigned claimed;						/* Claimed by hidinput, hiddev? */
+ 	unsigned quirks;						/* Various quirks the device can pull on us */
+ 	bool io_started;						/* If IO has started */
diff --git a/debian/patches/series b/debian/patches/series
index d6716d163660..db045dd78a71 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -133,17 +133,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
-bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
-bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
-bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
-bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
-bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
-bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
-bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
-bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
-bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
-bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch
 bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch
 bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch
 
@@ -166,3 +155,5 @@ bugfix/all/lockdep-stub-nmi-watchdog-reset.patch
 debian/wireless-disable-regulatory.db-direct-loading.patch
 
 # ABI maintenance
+debian/hid-avoid-abi-change-in-4.17.6.patch
+debian/dax-avoid-abi-change-in-4.17.6.patch