From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 May 2017 10:51:54 +0000 (+0200)
Subject: 3.18-stable patches
X-Git-Tag: v3.18.54~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=056962216a575dc59b539d1e6d46c033b7951ca3;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	dm-era-save-spacemap-metadata-root-after-the-pre-commit.patch
	um-fix-ptrace_pokeuser-on-x86_64.patch
	x86-boot-fix-bss-corruption-overwrite-bug-in-early-x86-kernel-startup.patch
---

diff --git a/queue-3.18/dm-era-save-spacemap-metadata-root-after-the-pre-commit.patch b/queue-3.18/dm-era-save-spacemap-metadata-root-after-the-pre-commit.patch
new file mode 100644
index 00000000000..f87071c61e9
--- /dev/null
+++ b/queue-3.18/dm-era-save-spacemap-metadata-root-after-the-pre-commit.patch
@@ -0,0 +1,45 @@
+From 117aceb030307dcd431fdcff87ce988d3016c34a Mon Sep 17 00:00:00 2001
+From: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
+Date: Fri, 7 Apr 2017 12:14:55 -0700
+Subject: dm era: save spacemap metadata root after the pre-commit
+
+From: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
+
+commit 117aceb030307dcd431fdcff87ce988d3016c34a upstream.
+
+When committing era metadata to disk, it doesn't always save the latest
+spacemap metadata root in superblock. Due to this, metadata is getting
+corrupted sometimes when reopening the device. The correct order of update
+should be, pre-commit (shadows spacemap root), save the spacemap root
+(newly shadowed block) to in-core superblock and then the final commit.
+
+Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/dm-era-target.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/md/dm-era-target.c
++++ b/drivers/md/dm-era-target.c
+@@ -957,15 +957,15 @@ static int metadata_commit(struct era_me
+ 		}
+ 	}
+ 
+-	r = save_sm_root(md);
++	r = dm_tm_pre_commit(md->tm);
+ 	if (r) {
+-		DMERR("%s: save_sm_root failed", __func__);
++		DMERR("%s: pre commit failed", __func__);
+ 		return r;
+ 	}
+ 
+-	r = dm_tm_pre_commit(md->tm);
++	r = save_sm_root(md);
+ 	if (r) {
+-		DMERR("%s: pre commit failed", __func__);
++		DMERR("%s: save_sm_root failed", __func__);
+ 		return r;
+ 	}
+ 
diff --git a/queue-3.18/series b/queue-3.18/series
index 72a304988ea..88d6dbc5995 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -10,3 +10,6 @@ staging-comedi-jr3_pci-cope-with-jiffies-wraparound.patch
 usb-misc-add-missing-continue-in-switch.patch
 usb-hub-do-not-attempt-to-autosuspend-disconnected-devices.patch
 usb-misc-legousbtower-fix-buffers-on-stack.patch
+x86-boot-fix-bss-corruption-overwrite-bug-in-early-x86-kernel-startup.patch
+um-fix-ptrace_pokeuser-on-x86_64.patch
+dm-era-save-spacemap-metadata-root-after-the-pre-commit.patch
diff --git a/queue-3.18/um-fix-ptrace_pokeuser-on-x86_64.patch b/queue-3.18/um-fix-ptrace_pokeuser-on-x86_64.patch
new file mode 100644
index 00000000000..a6b9ae4640e
--- /dev/null
+++ b/queue-3.18/um-fix-ptrace_pokeuser-on-x86_64.patch
@@ -0,0 +1,36 @@
+From 9abc74a22d85ab29cef9896a2582a530da7e79bf Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Sat, 1 Apr 2017 00:41:57 +0200
+Subject: um: Fix PTRACE_POKEUSER on x86_64
+
+From: Richard Weinberger <richard@nod.at>
+
+commit 9abc74a22d85ab29cef9896a2582a530da7e79bf upstream.
+
+This is broken since ever but sadly nobody noticed.
+Recent versions of GDB set DR_CONTROL unconditionally and
+UML dies due to a heap corruption. It turns out that
+the PTRACE_POKEUSER was copy&pasted from i386 and assumes
+that addresses are 4 bytes long.
+
+Fix that by using 8 as address size in the calculation.
+
+Reported-by: jie cao <cj3054@gmail.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/um/ptrace_64.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/um/ptrace_64.c
++++ b/arch/x86/um/ptrace_64.c
+@@ -120,7 +120,7 @@ int poke_user(struct task_struct *child,
+ 	else if ((addr >= offsetof(struct user, u_debugreg[0])) &&
+ 		(addr <= offsetof(struct user, u_debugreg[7]))) {
+ 		addr -= offsetof(struct user, u_debugreg[0]);
+-		addr = addr >> 2;
++		addr = addr >> 3;
+ 		if ((addr == 4) || (addr == 5))
+ 			return -EIO;
+ 		child->thread.arch.debugregs[addr] = data;
diff --git a/queue-3.18/x86-boot-fix-bss-corruption-overwrite-bug-in-early-x86-kernel-startup.patch b/queue-3.18/x86-boot-fix-bss-corruption-overwrite-bug-in-early-x86-kernel-startup.patch
new file mode 100644
index 00000000000..c6af0be659f
--- /dev/null
+++ b/queue-3.18/x86-boot-fix-bss-corruption-overwrite-bug-in-early-x86-kernel-startup.patch
@@ -0,0 +1,52 @@
+From d594aa0277e541bb997aef0bc0a55172d8138340 Mon Sep 17 00:00:00 2001
+From: Ashish Kalra <ashish@bluestacks.com>
+Date: Wed, 19 Apr 2017 20:50:15 +0530
+Subject: x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
+
+From: Ashish Kalra <ashish@bluestacks.com>
+
+commit d594aa0277e541bb997aef0bc0a55172d8138340 upstream.
+
+The minimum size for a new stack (512 bytes) setup for arch/x86/boot components
+when the bootloader does not setup/provide a stack for the early boot components
+is not "enough".
+
+The setup code executing as part of early kernel startup code, uses the stack
+beyond 512 bytes and accidentally overwrites and corrupts part of the BSS
+section. This is exposed mostly in the early video setup code, where
+it was corrupting BSS variables like force_x, force_y, which in-turn affected
+kernel parameters such as screen_info (screen_info.orig_video_cols) and
+later caused an exception/panic in console_init().
+
+Most recent boot loaders setup the stack for early boot components, so this
+stack overwriting into BSS section issue has not been exposed.
+
+Signed-off-by: Ashish Kalra <ashish@bluestacks.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/20170419152015.10011-1-ashishkalra@Ashishs-MacBook-Pro.local
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/boot/boot.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/boot/boot.h
++++ b/arch/x86/boot/boot.h
+@@ -16,7 +16,7 @@
+ #ifndef BOOT_BOOT_H
+ #define BOOT_BOOT_H
+ 
+-#define STACK_SIZE	512	/* Minimum number of bytes for stack */
++#define STACK_SIZE	1024	/* Minimum number of bytes for stack */
+ 
+ #ifndef __ASSEMBLY__
+