From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 24 Jan 2018 10:07:04 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.114~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d2e16e2506076bbc34c646e356b5de50d4b6485;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch
	can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch
	kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch
---

diff --git a/queue-4.9/can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch b/queue-4.9/can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch
new file mode 100644
index 00000000000..6a6d625ab15
--- /dev/null
+++ b/queue-4.9/can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch
@@ -0,0 +1,49 @@
+From 8cb68751c115d176ec851ca56ecfbb411568c9e8 Mon Sep 17 00:00:00 2001
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
+
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+
+commit 8cb68751c115d176ec851ca56ecfbb411568c9e8 upstream.
+
+If an invalid CAN frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+4386709c0c1284dca827@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ net/can/af_can.c |   11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -722,13 +722,12 @@ static int can_rcv(struct sk_buff *skb,
+ 	if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ 		goto drop;
+ 
+-	if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+-		      skb->len != CAN_MTU ||
+-		      cfd->len > CAN_MAX_DLEN,
+-		      "PF_CAN: dropped non conform CAN skbuf: "
+-		      "dev type %d, len %d, datalen %d\n",
+-		      dev->type, skb->len, cfd->len))
++	if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU ||
++		     cfd->len > CAN_MAX_DLEN)) {
++		pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n",
++			     dev->type, skb->len, cfd->len);
+ 		goto drop;
++	}
+ 
+ 	can_receive(skb, dev);
+ 	return NET_RX_SUCCESS;
diff --git a/queue-4.9/can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch b/queue-4.9/can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch
new file mode 100644
index 00000000000..6081b469ebf
--- /dev/null
+++ b/queue-4.9/can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch
@@ -0,0 +1,49 @@
+From d4689846881d160a4d12a514e991a740bcb5d65a Mon Sep 17 00:00:00 2001
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Tue, 16 Jan 2018 19:30:14 +0100
+Subject: can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
+
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+
+commit d4689846881d160a4d12a514e991a740bcb5d65a upstream.
+
+If an invalid CANFD frame is received, from a driver or from a tun
+interface, a Kernel warning is generated.
+
+This patch replaces the WARN_ONCE by a simple pr_warn_once, so that a
+kernel, bootet with panic_on_warn, does not panic. A printk seems to be
+more appropriate here.
+
+Reported-by: syzbot+e3b775f40babeff6e68b@syzkaller.appspotmail.com
+Suggested-by: Dmitry Vyukov <dvyukov@google.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Cc: linux-stable <stable@vger.kernel.org>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/can/af_can.c |   11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/net/can/af_can.c
++++ b/net/can/af_can.c
+@@ -745,13 +745,12 @@ static int canfd_rcv(struct sk_buff *skb
+ 	if (unlikely(!net_eq(dev_net(dev), &init_net)))
+ 		goto drop;
+ 
+-	if (WARN_ONCE(dev->type != ARPHRD_CAN ||
+-		      skb->len != CANFD_MTU ||
+-		      cfd->len > CANFD_MAX_DLEN,
+-		      "PF_CAN: dropped non conform CAN FD skbuf: "
+-		      "dev type %d, len %d, datalen %d\n",
+-		      dev->type, skb->len, cfd->len))
++	if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU ||
++		     cfd->len > CANFD_MAX_DLEN)) {
++		pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n",
++			     dev->type, skb->len, cfd->len);
+ 		goto drop;
++	}
+ 
+ 	can_receive(skb, dev);
+ 	return NET_RX_SUCCESS;
diff --git a/queue-4.9/kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch b/queue-4.9/kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch
new file mode 100644
index 00000000000..13606bde103
--- /dev/null
+++ b/queue-4.9/kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch
@@ -0,0 +1,42 @@
+From c507babf10ead4d5c8cca704539b170752a8ac84 Mon Sep 17 00:00:00 2001
+From: Punit Agrawal <punit.agrawal@arm.com>
+Date: Thu, 4 Jan 2018 18:24:33 +0000
+Subject: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
+
+From: Punit Agrawal <punit.agrawal@arm.com>
+
+commit c507babf10ead4d5c8cca704539b170752a8ac84 upstream.
+
+KVM only supports PMD hugepages at stage 2 but doesn't actually check
+that the provided hugepage memory pagesize is PMD_SIZE before populating
+stage 2 entries.
+
+In cases where the backing hugepage size is smaller than PMD_SIZE (such
+as when using contiguous hugepages), KVM can end up creating stage 2
+mappings that extend beyond the supplied memory.
+
+Fix this by checking for the pagesize of userspace vma before creating
+PMD hugepage at stage 2.
+
+Fixes: 66b3923a1a0f77a ("arm64: hugetlb: add support for PTE contiguous bit")
+Signed-off-by: Punit Agrawal <punit.agrawal@arm.com>
+Cc: Marc Zyngier <marc.zyngier@arm.com>
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/mmu.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/kvm/mmu.c
++++ b/arch/arm/kvm/mmu.c
+@@ -1284,7 +1284,7 @@ static int user_mem_abort(struct kvm_vcp
+ 		return -EFAULT;
+ 	}
+ 
+-	if (is_vm_hugetlb_page(vma) && !logging_active) {
++	if (vma_kernel_pagesize(vma) && !logging_active) {
+ 		hugetlb = true;
+ 		gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
+ 	} else {
diff --git a/queue-4.9/series b/queue-4.9/series
index 3c3e7c19515..aeb63f202ad 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -4,3 +4,6 @@ orangefs-initialize-op-on-loop-restart-in-orangefs_devreq_read.patch
 usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-pointer-address.patch
 usbip-fix-implicit-fallthrough-warning.patch
 usbip-fix-potential-format-overflow-in-userspace-tools.patch
+can-af_can-can_rcv-replace-warn_once-by-pr_warn_once.patch
+can-af_can-canfd_rcv-replace-warn_once-by-pr_warn_once.patch
+kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch