From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 26 Jan 2018 16:38:10 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.114~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=04cd97a9489674d190b95cb807323c8abf65b4d1;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index 4e23a802603..d04ce54e82d 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -51,3 +51,4 @@ usbip-fix-stub_rx-get_pipe-to-validate-endpoint-number.patch
 usbip-fix-stub_rx-harden-cmd_submit-path-to-handle-malicious-input.patch
 usbip-prevent-leaking-socket-pointer-address-in-messages.patch
 um-link-vmlinux-with-no-pie.patch
+vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
diff --git a/queue-4.4/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch b/queue-4.4/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
new file mode 100644
index 00000000000..9df924d50b4
--- /dev/null
+++ b/queue-4.4/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
@@ -0,0 +1,70 @@
+From ben.hutchings@codethink.co.uk  Fri Jan 26 17:35:59 2018
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Date: Fri, 26 Jan 2018 16:23:02 +0000
+Subject: vsyscall: Fix permissions for emulate mode with KAISER/PTI
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Borislav Petkov <bp@suse.de>, Hugh Dickins <hughd@google.com>, stable@vger.kernel.org
+Message-ID: <20180126162302.ei4tmiltl73npmr6@xylophone.i.decadent.org.uk>
+
+From: Ben Hutchings <ben.hutchings@codethink.co.uk>
+
+The backport of KAISER to 4.4 turned vsyscall emulate mode into native
+mode.  Add a vsyscall_pgprot variable to hold the correct page
+protections, like Borislav and Hugh did for 3.2 and 3.18.
+
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Hugh Dickins <hughd@google.com>
+Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/entry/vsyscall/vsyscall_64.c |    7 ++++---
+ arch/x86/include/asm/vsyscall.h       |    1 +
+ arch/x86/mm/kaiser.c                  |    2 +-
+ 3 files changed, 6 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/entry/vsyscall/vsyscall_64.c
++++ b/arch/x86/entry/vsyscall/vsyscall_64.c
+@@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vs
+ #else
+ 	EMULATE;
+ #endif
++unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;
+ 
+ static int __init vsyscall_setup(char *str)
+ {
+@@ -336,11 +337,11 @@ void __init map_vsyscall(void)
+ 	extern char __vsyscall_page;
+ 	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
+ 
++	if (vsyscall_mode != NATIVE)
++		vsyscall_pgprot = __PAGE_KERNEL_VVAR;
+ 	if (vsyscall_mode != NONE)
+ 		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
+-			     vsyscall_mode == NATIVE
+-			     ? PAGE_KERNEL_VSYSCALL
+-			     : PAGE_KERNEL_VVAR);
++			     __pgprot(vsyscall_pgprot));
+ 
+ 	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
+ 		     (unsigned long)VSYSCALL_ADDR);
+--- a/arch/x86/include/asm/vsyscall.h
++++ b/arch/x86/include/asm/vsyscall.h
+@@ -13,6 +13,7 @@ extern void map_vsyscall(void);
+  */
+ extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
+ extern bool vsyscall_enabled(void);
++extern unsigned long vsyscall_pgprot;
+ #else
+ static inline void map_vsyscall(void) {}
+ static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
+--- a/arch/x86/mm/kaiser.c
++++ b/arch/x86/mm/kaiser.c
+@@ -345,7 +345,7 @@ void __init kaiser_init(void)
+ 	if (vsyscall_enabled())
+ 		kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
+ 					  PAGE_SIZE,
+-					   __PAGE_KERNEL_VSYSCALL);
++					  vsyscall_pgprot);
+ 
+ 	for_each_possible_cpu(cpu) {
+ 		void *percpu_vaddr = __per_cpu_user_mapped_start +