From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 25 Mar 2018 18:50:19 +0000 (+0200)
Subject: 3.18-stable patches
X-Git-Tag: v4.15.14~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=21c23a7028e1b781b2eaade6b976cf7af4f3ab0e;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	kvm-x86-fix-icebp-instruction-handling.patch
	tty-vt-fix-up-tabstops-properly.patch
---

diff --git a/queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch b/queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch
new file mode 100644
index 00000000000..5203f950ca5
--- /dev/null
+++ b/queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch
@@ -0,0 +1,84 @@
+From 32d43cd391bacb5f0814c2624399a5dad3501d09 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 20 Mar 2018 12:16:59 -0700
+Subject: kvm/x86: fix icebp instruction handling
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 32d43cd391bacb5f0814c2624399a5dad3501d09 upstream.
+
+The undocumented 'icebp' instruction (aka 'int1') works pretty much like
+'int3' in the absense of in-circuit probing equipment (except,
+obviously, that it raises #DB instead of raising #BP), and is used by
+some validation test-suites as such.
+
+But Andy Lutomirski noticed that his test suite acted differently in kvm
+than on bare hardware.
+
+The reason is that kvm used an inexact test for the icebp instruction:
+it just assumed that an all-zero VM exit qualification value meant that
+the VM exit was due to icebp.
+
+That is not unlike the guess that do_debug() does for the actual
+exception handling case, but it's purely a heuristic, not an absolute
+rule.  do_debug() does it because it wants to ascribe _some_ reasons to
+the #DB that happened, and an empty %dr6 value means that 'icebp' is the
+most likely casue and we have no better information.
+
+But kvm can just do it right, because unlike the do_debug() case, kvm
+actually sees the real reason for the #DB in the VM-exit interruption
+information field.
+
+So instead of relying on an inexact heuristic, just use the actual VM
+exit information that says "it was 'icebp'".
+
+Right now the 'icebp' instruction isn't technically documented by Intel,
+but that will hopefully change.  The special "privileged software
+exception" information _is_ actually mentioned in the Intel SDM, even
+though the cause of it isn't enumerated.
+
+Reported-by: Andy Lutomirski <luto@kernel.org>
+Tested-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/vmx.h |    1 +
+ arch/x86/kvm/vmx.c         |    9 ++++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/vmx.h
++++ b/arch/x86/include/asm/vmx.h
+@@ -299,6 +299,7 @@ enum vmcs_field {
+ #define INTR_TYPE_NMI_INTR		(2 << 8) /* NMI */
+ #define INTR_TYPE_HARD_EXCEPTION	(3 << 8) /* processor exception */
+ #define INTR_TYPE_SOFT_INTR             (4 << 8) /* software interrupt */
++#define INTR_TYPE_PRIV_SW_EXCEPTION	(5 << 8) /* ICE breakpoint - undocumented */
+ #define INTR_TYPE_SOFT_EXCEPTION	(6 << 8) /* software exception */
+ 
+ /* GUEST_INTERRUPTIBILITY_INFO flags. */
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -883,6 +883,13 @@ static inline bool is_machine_check(u32
+ 		(INTR_TYPE_HARD_EXCEPTION | MC_VECTOR | INTR_INFO_VALID_MASK);
+ }
+ 
++/* Undocumented: icebp/int1 */
++static inline bool is_icebp(u32 intr_info)
++{
++	return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
++		== (INTR_TYPE_PRIV_SW_EXCEPTION | INTR_INFO_VALID_MASK);
++}
++
+ static inline bool cpu_has_vmx_msr_bitmap(void)
+ {
+ 	return vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS;
+@@ -4951,7 +4958,7 @@ static int handle_exception(struct kvm_v
+ 		      (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
+ 			vcpu->arch.dr6 &= ~15;
+ 			vcpu->arch.dr6 |= dr6 | DR6_RTM;
+-			if (!(dr6 & ~DR6_RESERVED)) /* icebp */
++			if (is_icebp(intr_info))
+ 				skip_emulated_instruction(vcpu);
+ 
+ 			kvm_queue_exception(vcpu, DB_VECTOR);
diff --git a/queue-3.18/series b/queue-3.18/series
index 3ed1a55d93b..ae967b4a5d5 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -16,3 +16,5 @@ staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch
 can-cc770-fix-stalls-on-rt-linux-remove-redundant-irq-ack.patch
 can-cc770-fix-queue-stall-dropped-rtr-reply.patch
 can-cc770-fix-use-after-free-in-cc770_tx_interrupt.patch
+tty-vt-fix-up-tabstops-properly.patch
+kvm-x86-fix-icebp-instruction-handling.patch
diff --git a/queue-3.18/tty-vt-fix-up-tabstops-properly.patch b/queue-3.18/tty-vt-fix-up-tabstops-properly.patch
new file mode 100644
index 00000000000..3baf2b9748c
--- /dev/null
+++ b/queue-3.18/tty-vt-fix-up-tabstops-properly.patch
@@ -0,0 +1,60 @@
+From f1869a890cdedb92a3fab969db5d0fd982850273 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Sat, 24 Mar 2018 10:43:26 +0100
+Subject: tty: vt: fix up tabstops properly
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit f1869a890cdedb92a3fab969db5d0fd982850273 upstream.
+
+Tabs on a console with long lines do not wrap properly, so correctly
+account for the line length when computing the tab placement location.
+
+Reported-by: James Holderness <j4_james@hotmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/vt/vt.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -1705,7 +1705,7 @@ static void reset_terminal(struct vc_dat
+ 	default_attr(vc);
+ 	update_attr(vc);
+ 
+-	vc->vc_tab_stop[0]	= 0x01010100;
++	vc->vc_tab_stop[0]	=
+ 	vc->vc_tab_stop[1]	=
+ 	vc->vc_tab_stop[2]	=
+ 	vc->vc_tab_stop[3]	=
+@@ -1748,7 +1748,7 @@ static void do_con_trol(struct tty_struc
+ 		vc->vc_pos -= (vc->vc_x << 1);
+ 		while (vc->vc_x < vc->vc_cols - 1) {
+ 			vc->vc_x++;
+-			if (vc->vc_tab_stop[vc->vc_x >> 5] & (1 << (vc->vc_x & 31)))
++			if (vc->vc_tab_stop[7 & (vc->vc_x >> 5)] & (1 << (vc->vc_x & 31)))
+ 				break;
+ 		}
+ 		vc->vc_pos += (vc->vc_x << 1);
+@@ -1808,7 +1808,7 @@ static void do_con_trol(struct tty_struc
+ 			lf(vc);
+ 			return;
+ 		case 'H':
+-			vc->vc_tab_stop[vc->vc_x >> 5] |= (1 << (vc->vc_x & 31));
++			vc->vc_tab_stop[7 & (vc->vc_x >> 5)] |= (1 << (vc->vc_x & 31));
+ 			return;
+ 		case 'Z':
+ 			respond_ID(tty);
+@@ -2001,7 +2001,7 @@ static void do_con_trol(struct tty_struc
+ 			return;
+ 		case 'g':
+ 			if (!vc->vc_par[0])
+-				vc->vc_tab_stop[vc->vc_x >> 5] &= ~(1 << (vc->vc_x & 31));
++				vc->vc_tab_stop[7 & (vc->vc_x >> 5)] &= ~(1 << (vc->vc_x & 31));
+ 			else if (vc->vc_par[0] == 3) {
+ 				vc->vc_tab_stop[0] =
+ 					vc->vc_tab_stop[1] =