4.12-stable patches

added patches:
	x86-xen-allow-userspace-access-during-hypercalls.patch

diff --git a/queue-4.12/series b/queue-4.12/series
index 331ab05847357badbe6ffdebed29160649e83c0f..3fd1cb68c588e43ed2ce26d0abb48f670c61c0bb 100644 (file)
--- a/queue-4.12/series
+++ b/queue-4.12/series
@@ -74,3 +74,4 @@ usb-renesas_usbhs-gadget-disable-all-eps-when-the-driver-stops.patch
 hid-multitouch-do-not-blindly-set-ev_key-or-ev_abs-bits.patch
 md-don-t-use-flush_signals-in-userspace-processes.patch
 md-fix-deadlock-between-mddev_suspend-and-md_write_start.patch
+x86-xen-allow-userspace-access-during-hypercalls.patch

diff --git a/queue-4.12/x86-xen-allow-userspace-access-during-hypercalls.patch b/queue-4.12/x86-xen-allow-userspace-access-during-hypercalls.patch
new file mode 100644 (file)
index 0000000..a6904db
--- /dev/null
+++ b/queue-4.12/x86-xen-allow-userspace-access-during-hypercalls.patch
@@ -0,0 +1,66 @@
+From c54590cac51db8ab5fd30156bdaba34af915e629 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
+ <marmarek@invisiblethingslab.com>
+Date: Mon, 26 Jun 2017 14:49:46 +0200
+Subject: x86/xen: allow userspace access during hypercalls
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+
+commit c54590cac51db8ab5fd30156bdaba34af915e629 upstream.
+
+Userspace application can do a hypercall through /dev/xen/privcmd, and
+some for some hypercalls argument is a pointers to user-provided
+structure. When SMAP is supported and enabled, hypervisor can't access.
+So, lets allow it.
+
+The same applies to HYPERVISOR_dm_op, where additionally privcmd driver
+carefully verify buffer addresses.
+
+Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/xen/hypercall.h |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/xen/hypercall.h
++++ b/arch/x86/include/asm/xen/hypercall.h
+@@ -43,6 +43,7 @@
+ 
+ #include <asm/page.h>
+ #include <asm/pgtable.h>
++#include <asm/smap.h>
+ 
+ #include <xen/interface/xen.h>
+ #include <xen/interface/sched.h>
+@@ -214,10 +215,12 @@ privcmd_call(unsigned call,
+       __HYPERCALL_DECLS;
+       __HYPERCALL_5ARG(a1, a2, a3, a4, a5);
+ 
++      stac();
+       asm volatile("call *%[call]"
+                    : __HYPERCALL_5PARAM
+                    : [call] "a" (&hypercall_page[call])
+                    : __HYPERCALL_CLOBBER5);
++      clac();
+ 
+       return (long)__res;
+ }
+@@ -476,7 +479,11 @@ static inline int
+ HYPERVISOR_dm_op(
+       domid_t dom, unsigned int nr_bufs, void *bufs)
+ {
+-      return _hypercall3(int, dm_op, dom, nr_bufs, bufs);
++      int ret;
++      stac();
++      ret = _hypercall3(int, dm_op, dom, nr_bufs, bufs);
++      clac();
++      return ret;
+ }
+ 
+ static inline void