From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 9 Nov 2016 09:38:46 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.31~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4df991f394c84d3ea7fb5f6720a61026bc3f987a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	x86-xen-fix-upper-bound-of-pmd-loop-in-xen_cleanhighmap.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index 18135f2c830..a612b9da2d3 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -52,3 +52,4 @@ drm-radeon-si_dpm-workaround-for-si-kickers.patch
 drm-radeon-drop-register-readback-in-cayman_cp_int_cntl_setup.patch
 drm-dp-mst-check-peer-device-type-before-attempting-edid-read.patch
 perf-build-fix-traceevent-plugins-build-race.patch
+x86-xen-fix-upper-bound-of-pmd-loop-in-xen_cleanhighmap.patch
diff --git a/queue-4.4/x86-xen-fix-upper-bound-of-pmd-loop-in-xen_cleanhighmap.patch b/queue-4.4/x86-xen-fix-upper-bound-of-pmd-loop-in-xen_cleanhighmap.patch
new file mode 100644
index 00000000000..20b0c0e4049
--- /dev/null
+++ b/queue-4.4/x86-xen-fix-upper-bound-of-pmd-loop-in-xen_cleanhighmap.patch
@@ -0,0 +1,33 @@
+From 1cf38741308c64d08553602b3374fb39224eeb5a Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Thu, 23 Jun 2016 07:12:27 +0200
+Subject: x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
+
+From: Juergen Gross <jgross@suse.com>
+
+commit 1cf38741308c64d08553602b3374fb39224eeb5a upstream.
+
+xen_cleanhighmap() is operating on level2_kernel_pgt only. The upper
+bound of the loop setting non-kernel-image entries to zero should not
+exceed the size of level2_kernel_pgt.
+
+Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: David Vrabel <david.vrabel@citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/mmu.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/xen/mmu.c
++++ b/arch/x86/xen/mmu.c
+@@ -1113,7 +1113,7 @@ static void __init xen_cleanhighmap(unsi
+ 
+ 	/* NOTE: The loop is more greedy than the cleanup_highmap variant.
+ 	 * We include the PMD passed in on _both_ boundaries. */
+-	for (; vaddr <= vaddr_end && (pmd < (level2_kernel_pgt + PAGE_SIZE));
++	for (; vaddr <= vaddr_end && (pmd < (level2_kernel_pgt + PTRS_PER_PMD));
+ 			pmd++, vaddr += PMD_SIZE) {
+ 		if (pmd_none(*pmd))
+ 			continue;