4.16-stable patches

added patches:
	x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch

diff --git a/queue-4.16/series b/queue-4.16/series
index 76f11ba4719a9bf626a9626fbec4c73e314e73d0..ad365e849b109d64404732b82eb73035a5ea0720 100644 (file)
--- a/queue-4.16/series
+++ b/queue-4.16/series
@@ -32,3 +32,4 @@ media-atomisp_fops.c-disable-atomisp_compat_ioctl32.patch
 media-vivid-check-if-the-cec_adapter-is-valid.patch
 media-vb2-core-finish-buffers-at-the-end-of-the-stream.patch
 media-vsp1-fix-brx-conditional-path-in-wpf.patch
+x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch

diff --git a/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch b/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch
new file mode 100644 (file)
index 0000000..4939bbb
--- /dev/null
+++ b/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch
@@ -0,0 +1,61 @@
+From 36104cb9012a82e73c32a3b709257766b16bcd1d Mon Sep 17 00:00:00 2001
+From: Jason Andryuk <jandryuk@gmail.com>
+Date: Mon, 19 Mar 2018 12:58:04 -0400
+Subject: x86/xen: Delay get_cpu_cap until stack canary is established
+
+From: Jason Andryuk <jandryuk@gmail.com>
+
+commit 36104cb9012a82e73c32a3b709257766b16bcd1d upstream.
+
+Commit 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") introduced a
+call to get_cpu_cap, which is fstack-protected.  This is works on x86-64
+as commit 4f277295e54c ("x86/xen: init %gs very early to avoid page
+faults with stack protector") ensures the stack protector is configured,
+but it it did not cover x86-32.
+
+Delay calling get_cpu_cap until after xen_setup_gdt has initialized the
+stack canary.  Without this, a 32bit PV machine crashes early
+in boot.
+(XEN) Domain 0 (vcpu#0) crashed on cpu#0:
+(XEN) ----[ Xen-4.6.6-xc  x86_64  debug=n  Tainted:    C ]----
+(XEN) CPU:    0
+(XEN) RIP:    e019:[<00000000c10362f8>]
+
+And the PV kernel IP corresponds to init_scattered_cpuid_features
+   0xc10362f8 <+24>:    mov    %gs:0x14,%eax
+
+Fixes 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings")
+
+Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/enlighten_pv.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/xen/enlighten_pv.c
++++ b/arch/x86/xen/enlighten_pv.c
+@@ -1259,10 +1259,6 @@ asmlinkage __visible void __init xen_sta
+        */
+       __userpte_alloc_gfp &= ~__GFP_HIGHMEM;
+ 
+-      /* Work out if we support NX */
+-      get_cpu_cap(&boot_cpu_data);
+-      x86_configure_nx();
+-
+       /* Get mfn list */
+       xen_build_dynamic_phys_to_machine();
+ 
+@@ -1272,6 +1268,10 @@ asmlinkage __visible void __init xen_sta
+        */
+       xen_setup_gdt(0);
+ 
++      /* Work out if we support NX */
++      get_cpu_cap(&boot_cpu_data);
++      x86_configure_nx();
++
+       xen_init_irq_ops();
+ 
+       /* Let's presume PV guests always boot on vCPU with id 0. */