--- /dev/null
+From a524c218bc94c705886a0e0fedeee45d1931da32 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <Vineet.Gupta1@synopsys.com>
+Date: Tue, 7 Feb 2017 09:44:58 -0800
+Subject: ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
+
+From: Vineet Gupta <Vineet.Gupta1@synopsys.com>
+
+commit a524c218bc94c705886a0e0fedeee45d1931da32 upstream.
+
+Reported-by: Jo-Philipp Wich <jo@mein.io>
+Fixes: 9aed02feae57bf7 ("ARC: [arcompact] handle unaligned access delay slot")
+Cc: linux-kernel@vger.kernel.org
+Cc: linux-snps-arc@lists.infradead.org
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/unaligned.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arc/kernel/unaligned.c
++++ b/arch/arc/kernel/unaligned.c
+@@ -243,7 +243,7 @@ int misaligned_fixup(unsigned long addre
+
+ /* clear any remanants of delay slot */
+ if (delay_mode(regs)) {
+- regs->ret = regs->bta ~1U;
++ regs->ret = regs->bta & ~1U;
+ regs->status32 &= ~STATUS_DE_MASK;
+ } else {
+ regs->ret += state.instr_len;
--- /dev/null
+From 0c461cb727d146c9ef2d3e86214f498b78b7d125 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Tue, 31 Jan 2017 11:54:04 -0500
+Subject: selinux: fix off-by-one in setprocattr
+
+From: Stephen Smalley <sds@tycho.nsa.gov>
+
+commit 0c461cb727d146c9ef2d3e86214f498b78b7d125 upstream.
+
+SELinux tries to support setting/clearing of /proc/pid/attr attributes
+from the shell by ignoring terminating newlines and treating an
+attribute value that begins with a NUL or newline as an attempt to
+clear the attribute. However, the test for clearing attributes has
+always been wrong; it has an off-by-one error, and this could further
+lead to reading past the end of the allocated buffer since commit
+bb646cdb12e75d82258c2f2e7746d5952d3e321a ("proc_pid_attr_write():
+switch to memdup_user()"). Fix the off-by-one error.
+
+Even with this fix, setting and clearing /proc/pid/attr attributes
+from the shell is not straightforward since the interface does not
+support multiple write() calls (so shells that write the value and
+newline separately will set and then immediately clear the attribute,
+requiring use of echo -n to set the attribute), whereas trying to use
+echo -n "" to clear the attribute causes the shell to skip the
+write() call altogether since POSIX says that a zero-length write
+causes no side effects. Thus, one must use echo -n to set and echo
+without -n to clear, as in the following example:
+$ echo -n unconfined_u:object_r:user_home_t:s0 > /proc/$$/attr/fscreate
+$ cat /proc/$$/attr/fscreate
+unconfined_u:object_r:user_home_t:s0
+$ echo "" > /proc/$$/attr/fscreate
+$ cat /proc/$$/attr/fscreate
+
+Note the use of /proc/$$ rather than /proc/self, as otherwise
+the cat command will read its own attribute value, not that of the shell.
+
+There are no users of this facility to my knowledge; possibly we
+should just get rid of it.
+
+UPDATE: Upon further investigation it appears that a local process
+with the process:setfscreate permission can cause a kernel panic as a
+result of this bug. This patch fixes CVE-2017-2618.
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+[PM: added the update about CVE-2017-2618 to the commit description]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+
+---
+ security/selinux/hooks.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -5640,7 +5640,7 @@ static int selinux_setprocattr(struct ta
+ return error;
+
+ /* Obtain a SID for the context, if one was specified. */
+- if (size && str[1] && str[1] != '\n') {
++ if (size && str[0] && str[0] != '\n') {
+ if (str[size-1] == '\n') {
+ str[size-1] = 0;
+ size--;
--- /dev/null
+cpufreq-intel_pstate-disable-energy-efficiency-optimization.patch
+acpi-nfit-fix-acpi_nfit_flush_probe-crash.patch
+libnvdimm-namespace-do-not-delete-namespace-id-0.patch
+libnvdimm-pfn-fix-memmap-reservation-size-versus-4k-alignment.patch
+dm-rq-cope-with-dm-device-destruction-while-in-dm_old_request_fn.patch
+crypto-algif_aead-fix-kernel-panic-on-list_del.patch
+crypto-chcr-check-device-is-allocated-before-use.patch
+crypto-qat-fix-bar-discovery-for-c62x.patch
+crypto-qat-zero-esram-only-for-dh85x-devices.patch
+crypto-ccp-fix-dma-operations-when-iommu-is-enabled.patch
+crypto-ccp-fix-double-add-when-creating-new-dma-command.patch
+arc-brown-paper-bag-bug-in-unaligned-access-delay-slot-fixup.patch
+input-uinput-fix-crash-when-mixing-old-and-new-init-style.patch
+selinux-fix-off-by-one-in-setprocattr.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
