From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 24 Mar 2019 20:15:36 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.166~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=813cc0334b1724f785a91e51c7afc2e81c8e50ba;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch
	objtool-move-objtool_file-struct-off-the-stack.patch
---

diff --git a/queue-4.9/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch b/queue-4.9/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch
new file mode 100644
index 00000000000..3c8c4c852d7
--- /dev/null
+++ b/queue-4.9/futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch
@@ -0,0 +1,47 @@
+From 5a07168d8d89b00fe1760120714378175b3ef992 Mon Sep 17 00:00:00 2001
+From: Chen Jie <chenjie6@huawei.com>
+Date: Fri, 15 Mar 2019 03:44:38 +0000
+Subject: futex: Ensure that futex address is aligned in handle_futex_death()
+
+From: Chen Jie <chenjie6@huawei.com>
+
+commit 5a07168d8d89b00fe1760120714378175b3ef992 upstream.
+
+The futex code requires that the user space addresses of futexes are 32bit
+aligned. sys_futex() checks this in futex_get_keys() but the robust list
+code has no alignment check in place.
+
+As a consequence the kernel crashes on architectures with strict alignment
+requirements in handle_futex_death() when trying to cmpxchg() on an
+unaligned futex address which was retrieved from the robust list.
+
+[ tglx: Rewrote changelog, proper sizeof() based alignement check and add
+  	comment ]
+
+Fixes: 0771dfefc9e5 ("[PATCH] lightweight robust futexes: core")
+Signed-off-by: Chen Jie <chenjie6@huawei.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: <dvhart@infradead.org>
+Cc: <peterz@infradead.org>
+Cc: <zengweilin@huawei.com>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/1552621478-119787-1-git-send-email-chenjie6@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -3110,6 +3110,10 @@ int handle_futex_death(u32 __user *uaddr
+ {
+ 	u32 uval, uninitialized_var(nval), mval;
+ 
++	/* Futex address must be 32bit aligned */
++	if ((((unsigned long)uaddr) % sizeof(*uaddr)) != 0)
++		return -1;
++
+ retry:
+ 	if (get_user(uval, uaddr))
+ 		return -1;
diff --git a/queue-4.9/objtool-move-objtool_file-struct-off-the-stack.patch b/queue-4.9/objtool-move-objtool_file-struct-off-the-stack.patch
new file mode 100644
index 00000000000..d1194362f7b
--- /dev/null
+++ b/queue-4.9/objtool-move-objtool_file-struct-off-the-stack.patch
@@ -0,0 +1,42 @@
+From 0c671812f152b628bd87c0af49da032cc2a2c319 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Mon, 18 Mar 2019 19:09:38 -0500
+Subject: objtool: Move objtool_file struct off the stack
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit 0c671812f152b628bd87c0af49da032cc2a2c319 upstream.
+
+Objtool uses over 512k of stack, thanks to the hash table embedded in
+the objtool_file struct.  This causes an unnecessarily large stack
+allocation and breaks users with low stack limits.
+
+Move the struct off the stack.
+
+Fixes: 042ba73fe7eb ("objtool: Add several performance improvements")
+Reported-by: Vassili Karpov <moosotc@gmail.com>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/df92dcbc4b84b02ffa252f46876df125fb56e2d7.1552954176.git.jpoimboe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/objtool/check.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -2132,9 +2132,10 @@ static void cleanup(struct objtool_file
+ 	elf_close(file->elf);
+ }
+ 
++static struct objtool_file file;
++
+ int check(const char *_objname, bool orc)
+ {
+-	struct objtool_file file;
+ 	int ret, warnings = 0;
+ 
+ 	objname = _objname;
diff --git a/queue-4.9/series b/queue-4.9/series
index d560893e01b..ce91e6f18e9 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -6,3 +6,5 @@ udf-fix-crash-on-io-error-during-truncate.patch
 mips-loongson64-lemote-2f-add-irqf_no_suspend-to-cascade-irqaction.patch
 mips-ensure-elf-appended-dtb-is-relocated.patch
 mips-fix-kernel-crash-for-r6-in-jump-label-branch-function.patch
+futex-ensure-that-futex-address-is-aligned-in-handle_futex_death.patch
+objtool-move-objtool_file-struct-off-the-stack.patch