--- /dev/null
+From 372b1e91343e657a7cc5e2e2bcecd5140ac28119 Mon Sep 17 00:00:00 2001
+From: "K. Y. Srinivasan" <kys@microsoft.com>
+Date: Wed, 8 Feb 2017 18:30:56 -0700
+Subject: drivers: hv: Turn off write permission on the hypercall page
+
+From: K. Y. Srinivasan <kys@microsoft.com>
+
+commit 372b1e91343e657a7cc5e2e2bcecd5140ac28119 upstream.
+
+The hypercall page only needs to be executable but currently it is setup to
+be writable as well. Fix the issue.
+
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Acked-by: Kees Cook <keescook@chromium.org>
+Reported-by: Stephen Hemminger <stephen@networkplumber.org>
+Tested-by: Stephen Hemminger <stephen@networkplumber.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hv/hv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hv/hv.c
++++ b/drivers/hv/hv.c
+@@ -219,7 +219,7 @@ int hv_init(void)
+ /* See if the hypercall page is already set */
+ rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+
+- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
++ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
+
+ if (!virtaddr)
+ goto cleanup;
--- /dev/null
+From c0d0e351285161a515396b7b1ee53ec9ffd97e3c Mon Sep 17 00:00:00 2001
+From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
+Date: Thu, 9 Mar 2017 16:17:37 -0800
+Subject: fat: fix using uninitialized fields of fat_inode/fsinfo_inode
+
+From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
+
+commit c0d0e351285161a515396b7b1ee53ec9ffd97e3c upstream.
+
+Recently fallocate patch was merged and it uses
+MSDOS_I(inode)->mmu_private at fat_evict_inode(). However,
+fat_inode/fsinfo_inode that was introduced in past didn't initialize
+MSDOS_I(inode) properly.
+
+With those combinations, it became the cause of accessing random entry
+in FAT area.
+
+Link: http://lkml.kernel.org/r/87pohrj4i8.fsf@mail.parknet.co.jp
+Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
+Reported-by: Moreno Bartalucci <moreno.bartalucci@tecnorama.it>
+Tested-by: Moreno Bartalucci <moreno.bartalucci@tecnorama.it>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fat/inode.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+--- a/fs/fat/inode.c
++++ b/fs/fat/inode.c
+@@ -1269,6 +1269,16 @@ out:
+ return 0;
+ }
+
++static void fat_dummy_inode_init(struct inode *inode)
++{
++ /* Initialize this dummy inode to work as no-op. */
++ MSDOS_I(inode)->mmu_private = 0;
++ MSDOS_I(inode)->i_start = 0;
++ MSDOS_I(inode)->i_logstart = 0;
++ MSDOS_I(inode)->i_attrs = 0;
++ MSDOS_I(inode)->i_pos = 0;
++}
++
+ static int fat_read_root(struct inode *inode)
+ {
+ struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb);
+@@ -1713,12 +1723,13 @@ int fat_fill_super(struct super_block *s
+ fat_inode = new_inode(sb);
+ if (!fat_inode)
+ goto out_fail;
+- MSDOS_I(fat_inode)->i_pos = 0;
++ fat_dummy_inode_init(fat_inode);
+ sbi->fat_inode = fat_inode;
+
+ fsinfo_inode = new_inode(sb);
+ if (!fsinfo_inode)
+ goto out_fail;
++ fat_dummy_inode_init(fsinfo_inode);
+ fsinfo_inode->i_ino = MSDOS_FSINFO_INO;
+ sbi->fsinfo_inode = fsinfo_inode;
+ insert_inode_hash(fsinfo_inode);
projects / thirdparty / kernel / stable-queue.git / commitdiff
