From: Greg Kroah-Hartman Date: Sat, 25 Nov 2017 13:53:28 +0000 (+0100) Subject: 3.18-stable patches X-Git-Tag: v3.18.85~58 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2444edf3a3133e841291ca2bb72a7d0b0c301651;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: acpi-apei-remove-arch_apei_flush_tlb_one.patch s390-disassembler-increase-show_code-buffer-size.patch --- diff --git a/queue-3.18/acpi-apei-remove-arch_apei_flush_tlb_one.patch b/queue-3.18/acpi-apei-remove-arch_apei_flush_tlb_one.patch new file mode 100644 index 00000000000..98180701aec --- /dev/null +++ b/queue-3.18/acpi-apei-remove-arch_apei_flush_tlb_one.patch @@ -0,0 +1,44 @@ +From 4a75aeacda3c2455954596593d89187df5420d0a Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Mon, 6 Nov 2017 18:44:27 +0000 +Subject: ACPI / APEI: Remove arch_apei_flush_tlb_one() + +From: James Morse + +commit 4a75aeacda3c2455954596593d89187df5420d0a upstream. + +Nothing calls arch_apei_flush_tlb_one() anymore, instead relying on +__set_pte_vaddr() to do the invalidation when called from clear_fixmap() +Remove arch_apei_flush_tlb_one(). + +Signed-off-by: James Morse +Reviewed-by: Borislav Petkov +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/acpi/apei.c | 5 ----- + include/acpi/apei.h | 1 - + 2 files changed, 6 deletions(-) + +--- a/arch/x86/kernel/acpi/apei.c ++++ b/arch/x86/kernel/acpi/apei.c +@@ -55,8 +55,3 @@ void arch_apei_report_mem_error(int sev, + apei_mce_report_mem_error(sev, mem_err); + #endif + } +- +-void arch_apei_flush_tlb_one(unsigned long addr) +-{ +- __flush_tlb_one(addr); +-} +--- a/include/acpi/apei.h ++++ b/include/acpi/apei.h +@@ -44,7 +44,6 @@ int erst_clear(u64 record_id); + + int arch_apei_enable_cmcff(struct acpi_hest_header *hest_hdr, void *data); + void arch_apei_report_mem_error(int sev, struct cper_sec_mem_err *mem_err); +-void arch_apei_flush_tlb_one(unsigned long addr); + + #endif + #endif diff --git a/queue-3.18/s390-disassembler-increase-show_code-buffer-size.patch b/queue-3.18/s390-disassembler-increase-show_code-buffer-size.patch new file mode 100644 index 00000000000..148aa42575b --- /dev/null +++ b/queue-3.18/s390-disassembler-increase-show_code-buffer-size.patch @@ -0,0 +1,92 @@ +From b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Wed, 15 Nov 2017 14:15:36 +0100 +Subject: s390/disassembler: increase show_code buffer size + +From: Vasily Gorbik + +commit b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 upstream. + +Current buffer size of 64 is too small. objdump shows that there are +instructions which would require up to 75 bytes buffer (with current +formating). 128 bytes "ought to be enough for anybody". + +Also replaces 8 spaces with a single tab to reduce the memory footprint. + +Fixes the following KASAN finding: + +BUG: KASAN: stack-out-of-bounds in number+0x3fe/0x538 +Write of size 1 at addr 000000005a4a75a0 by task bash/1282 + +CPU: 1 PID: 1282 Comm: bash Not tainted 4.14.0+ #215 +Hardware name: IBM 2964 N96 702 (z/VM 6.4.0) +Call Trace: +([<000000000011eeb6>] show_stack+0x56/0x88) + [<0000000000e1ce1a>] dump_stack+0x15a/0x1b0 + [<00000000004e2994>] print_address_description+0xf4/0x288 + [<00000000004e2cf2>] kasan_report+0x13a/0x230 + [<0000000000e38ae6>] number+0x3fe/0x538 + [<0000000000e3dfe4>] vsnprintf+0x194/0x948 + [<0000000000e3ea42>] sprintf+0xa2/0xb8 + [<00000000001198dc>] print_insn+0x374/0x500 + [<0000000000119346>] show_code+0x4ee/0x538 + [<000000000011f234>] show_registers+0x34c/0x388 + [<000000000011f2ae>] show_regs+0x3e/0xa8 + [<000000000011f502>] die+0x1ea/0x2e8 + [<0000000000138f0e>] do_no_context+0x106/0x168 + [<0000000000139a1a>] do_protection_exception+0x4da/0x7d0 + [<0000000000e55914>] pgm_check_handler+0x16c/0x1c0 + [<000000000090639e>] sysrq_handle_crash+0x46/0x58 +([<0000000000000007>] 0x7) + [<00000000009073fa>] __handle_sysrq+0x102/0x218 + [<0000000000907c06>] write_sysrq_trigger+0xd6/0x100 + [<000000000061d67a>] proc_reg_write+0xb2/0x128 + [<0000000000520be6>] __vfs_write+0xee/0x368 + [<0000000000521222>] vfs_write+0x21a/0x278 + [<000000000052156a>] SyS_write+0xda/0x178 + [<0000000000e555cc>] system_call+0xc4/0x270 + +The buggy address belongs to the page: +page:000003d1016929c0 count:0 mapcount:0 mapping: (null) index:0x0 +flags: 0x0() +raw: 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000 +raw: 0000000000000100 0000000000000200 0000000000000000 0000000000000000 +page dumped because: kasan: bad access detected + +Memory state around the buggy address: + 000000005a4a7480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 + 000000005a4a7500: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 +>000000005a4a7580: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 + ^ + 000000005a4a7600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 + 000000005a4a7680: f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f3 f3 f3 f3 00 00 +================================================================== + +Signed-off-by: Vasily Gorbik +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/dis.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/s390/kernel/dis.c ++++ b/arch/s390/kernel/dis.c +@@ -1997,7 +1997,7 @@ void show_code(struct pt_regs *regs) + { + char *mode = user_mode(regs) ? "User" : "Krnl"; + unsigned char code[64]; +- char buffer[64], *ptr; ++ char buffer[128], *ptr; + mm_segment_t old_fs; + unsigned long addr; + int start, end, opsize, hops, i; +@@ -2060,7 +2060,7 @@ void show_code(struct pt_regs *regs) + start += opsize; + printk(buffer); + ptr = buffer; +- ptr += sprintf(ptr, "\n "); ++ ptr += sprintf(ptr, "\n\t "); + hops++; + } + printk("\n"); diff --git a/queue-3.18/series b/queue-3.18/series new file mode 100644 index 00000000000..00697f57a50 --- /dev/null +++ b/queue-3.18/series @@ -0,0 +1,2 @@ +s390-disassembler-increase-show_code-buffer-size.patch +acpi-apei-remove-arch_apei_flush_tlb_one.patch diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..1e0dab938cc --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,9 @@ +s390-fix-transactional-execution-control-register-handling.patch +s390-noexec-execute-kexec-datamover-without-dat.patch +s390-runtime-instrumention-fix-possible-memory-corruption.patch +s390-guarded-storage-fix-possible-memory-corruption.patch +s390-disassembler-add-missing-end-marker-for-e7-table.patch +s390-disassembler-increase-show_code-buffer-size.patch +acpi-pm-fix-acpi_pm_notifier_lock-vs-flush_workqueue-deadlock.patch +acpi-apei-remove-arch_apei_flush_tlb_one.patch +acpi-ec-fix-regression-related-to-triggering-source-of-ec-event-handling.patch diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..d16d3f9af77 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,5 @@ +s390-fix-transactional-execution-control-register-handling.patch +s390-runtime-instrumention-fix-possible-memory-corruption.patch +s390-disassembler-add-missing-end-marker-for-e7-table.patch +s390-disassembler-increase-show_code-buffer-size.patch +acpi-apei-remove-arch_apei_flush_tlb_one.patch diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..245b445d8cd --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,6 @@ +s390-fix-transactional-execution-control-register-handling.patch +s390-runtime-instrumention-fix-possible-memory-corruption.patch +s390-disassembler-add-missing-end-marker-for-e7-table.patch +s390-disassembler-increase-show_code-buffer-size.patch +acpi-apei-remove-arch_apei_flush_tlb_one.patch +acpi-ec-fix-regression-related-to-triggering-source-of-ec-event-handling.patch