From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 25 Mar 2018 18:51:59 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.15.14~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f60d967819ab0e450ff2f577266951cf32518cb;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	kvm-x86-fix-icebp-instruction-handling.patch
	selftests-x86-ptrace_syscall-fix-for-yet-more-glibc-interference.patch
	tty-vt-fix-up-tabstops-properly.patch
---

diff --git a/queue-4.9/kvm-x86-fix-icebp-instruction-handling.patch b/queue-4.9/kvm-x86-fix-icebp-instruction-handling.patch
new file mode 100644
index 00000000000..134da1fd9cf
--- /dev/null
+++ b/queue-4.9/kvm-x86-fix-icebp-instruction-handling.patch
@@ -0,0 +1,84 @@
+From 32d43cd391bacb5f0814c2624399a5dad3501d09 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 20 Mar 2018 12:16:59 -0700
+Subject: kvm/x86: fix icebp instruction handling
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 32d43cd391bacb5f0814c2624399a5dad3501d09 upstream.
+
+The undocumented 'icebp' instruction (aka 'int1') works pretty much like
+'int3' in the absense of in-circuit probing equipment (except,
+obviously, that it raises #DB instead of raising #BP), and is used by
+some validation test-suites as such.
+
+But Andy Lutomirski noticed that his test suite acted differently in kvm
+than on bare hardware.
+
+The reason is that kvm used an inexact test for the icebp instruction:
+it just assumed that an all-zero VM exit qualification value meant that
+the VM exit was due to icebp.
+
+That is not unlike the guess that do_debug() does for the actual
+exception handling case, but it's purely a heuristic, not an absolute
+rule.  do_debug() does it because it wants to ascribe _some_ reasons to
+the #DB that happened, and an empty %dr6 value means that 'icebp' is the
+most likely casue and we have no better information.
+
+But kvm can just do it right, because unlike the do_debug() case, kvm
+actually sees the real reason for the #DB in the VM-exit interruption
+information field.
+
+So instead of relying on an inexact heuristic, just use the actual VM
+exit information that says "it was 'icebp'".
+
+Right now the 'icebp' instruction isn't technically documented by Intel,
+but that will hopefully change.  The special "privileged software
+exception" information _is_ actually mentioned in the Intel SDM, even
+though the cause of it isn't enumerated.
+
+Reported-by: Andy Lutomirski <luto@kernel.org>
+Tested-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/vmx.h |    1 +
+ arch/x86/kvm/vmx.c         |    9 ++++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/vmx.h
++++ b/arch/x86/include/asm/vmx.h
+@@ -309,6 +309,7 @@ enum vmcs_field {
+ #define INTR_TYPE_NMI_INTR		(2 << 8) /* NMI */
+ #define INTR_TYPE_HARD_EXCEPTION	(3 << 8) /* processor exception */
+ #define INTR_TYPE_SOFT_INTR             (4 << 8) /* software interrupt */
++#define INTR_TYPE_PRIV_SW_EXCEPTION	(5 << 8) /* ICE breakpoint - undocumented */
+ #define INTR_TYPE_SOFT_EXCEPTION	(6 << 8) /* software exception */
+ 
+ /* GUEST_INTERRUPTIBILITY_INFO flags. */
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -1053,6 +1053,13 @@ static inline bool is_machine_check(u32
+ 		(INTR_TYPE_HARD_EXCEPTION | MC_VECTOR | INTR_INFO_VALID_MASK);
+ }
+ 
++/* Undocumented: icebp/int1 */
++static inline bool is_icebp(u32 intr_info)
++{
++	return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
++		== (INTR_TYPE_PRIV_SW_EXCEPTION | INTR_INFO_VALID_MASK);
++}
++
+ static inline bool cpu_has_vmx_msr_bitmap(void)
+ {
+ 	return vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS;
+@@ -5733,7 +5740,7 @@ static int handle_exception(struct kvm_v
+ 		      (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
+ 			vcpu->arch.dr6 &= ~15;
+ 			vcpu->arch.dr6 |= dr6 | DR6_RTM;
+-			if (!(dr6 & ~DR6_RESERVED)) /* icebp */
++			if (is_icebp(intr_info))
+ 				skip_emulated_instruction(vcpu);
+ 
+ 			kvm_queue_exception(vcpu, DB_VECTOR);
diff --git a/queue-4.9/selftests-x86-ptrace_syscall-fix-for-yet-more-glibc-interference.patch b/queue-4.9/selftests-x86-ptrace_syscall-fix-for-yet-more-glibc-interference.patch
new file mode 100644
index 00000000000..2e52f1aa77e
--- /dev/null
+++ b/queue-4.9/selftests-x86-ptrace_syscall-fix-for-yet-more-glibc-interference.patch
@@ -0,0 +1,56 @@
+From 4b0b37d4cc54b21a6ecad7271cbc850555869c62 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Sat, 17 Mar 2018 08:25:07 -0700
+Subject: selftests/x86/ptrace_syscall: Fix for yet more glibc interference
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 4b0b37d4cc54b21a6ecad7271cbc850555869c62 upstream.
+
+glibc keeps getting cleverer, and my version now turns raise() into
+more than one syscall.  Since the test relies on ptrace seeing an
+exact set of syscalls, this breaks the test.  Replace raise(SIGSTOP)
+with syscall(SYS_tgkill, ...) to force glibc to get out of our way.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kselftest@vger.kernel.org
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/bc80338b453afa187bc5f895bd8e2c8d6e264da2.1521300271.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/testing/selftests/x86/ptrace_syscall.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/tools/testing/selftests/x86/ptrace_syscall.c
++++ b/tools/testing/selftests/x86/ptrace_syscall.c
+@@ -182,8 +182,10 @@ static void test_ptrace_syscall_restart(
+ 		if (ptrace(PTRACE_TRACEME, 0, 0, 0) != 0)
+ 			err(1, "PTRACE_TRACEME");
+ 
++		pid_t pid = getpid(), tid = syscall(SYS_gettid);
++
+ 		printf("\tChild will make one syscall\n");
+-		raise(SIGSTOP);
++		syscall(SYS_tgkill, pid, tid, SIGSTOP);
+ 
+ 		syscall(SYS_gettid, 10, 11, 12, 13, 14, 15);
+ 		_exit(0);
+@@ -300,9 +302,11 @@ static void test_restart_under_ptrace(vo
+ 		if (ptrace(PTRACE_TRACEME, 0, 0, 0) != 0)
+ 			err(1, "PTRACE_TRACEME");
+ 
++		pid_t pid = getpid(), tid = syscall(SYS_gettid);
++
+ 		printf("\tChild will take a nap until signaled\n");
+ 		setsigign(SIGUSR1, SA_RESTART);
+-		raise(SIGSTOP);
++		syscall(SYS_tgkill, pid, tid, SIGSTOP);
+ 
+ 		syscall(SYS_pause, 0, 0, 0, 0, 0, 0);
+ 		_exit(0);
diff --git a/queue-4.9/series b/queue-4.9/series
index 9c3d8cbef05..7a7ff435cdf 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -45,3 +45,6 @@ can-ifi-check-core-revision-upon-probe.patch
 can-cc770-fix-stalls-on-rt-linux-remove-redundant-irq-ack.patch
 can-cc770-fix-queue-stall-dropped-rtr-reply.patch
 can-cc770-fix-use-after-free-in-cc770_tx_interrupt.patch
+tty-vt-fix-up-tabstops-properly.patch
+selftests-x86-ptrace_syscall-fix-for-yet-more-glibc-interference.patch
+kvm-x86-fix-icebp-instruction-handling.patch
diff --git a/queue-4.9/tty-vt-fix-up-tabstops-properly.patch b/queue-4.9/tty-vt-fix-up-tabstops-properly.patch
new file mode 100644
index 00000000000..11f5f4ff688
--- /dev/null
+++ b/queue-4.9/tty-vt-fix-up-tabstops-properly.patch
@@ -0,0 +1,60 @@
+From f1869a890cdedb92a3fab969db5d0fd982850273 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Sat, 24 Mar 2018 10:43:26 +0100
+Subject: tty: vt: fix up tabstops properly
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit f1869a890cdedb92a3fab969db5d0fd982850273 upstream.
+
+Tabs on a console with long lines do not wrap properly, so correctly
+account for the line length when computing the tab placement location.
+
+Reported-by: James Holderness <j4_james@hotmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/vt/vt.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -1727,7 +1727,7 @@ static void reset_terminal(struct vc_dat
+ 	default_attr(vc);
+ 	update_attr(vc);
+ 
+-	vc->vc_tab_stop[0]	= 0x01010100;
++	vc->vc_tab_stop[0]	=
+ 	vc->vc_tab_stop[1]	=
+ 	vc->vc_tab_stop[2]	=
+ 	vc->vc_tab_stop[3]	=
+@@ -1771,7 +1771,7 @@ static void do_con_trol(struct tty_struc
+ 		vc->vc_pos -= (vc->vc_x << 1);
+ 		while (vc->vc_x < vc->vc_cols - 1) {
+ 			vc->vc_x++;
+-			if (vc->vc_tab_stop[vc->vc_x >> 5] & (1 << (vc->vc_x & 31)))
++			if (vc->vc_tab_stop[7 & (vc->vc_x >> 5)] & (1 << (vc->vc_x & 31)))
+ 				break;
+ 		}
+ 		vc->vc_pos += (vc->vc_x << 1);
+@@ -1831,7 +1831,7 @@ static void do_con_trol(struct tty_struc
+ 			lf(vc);
+ 			return;
+ 		case 'H':
+-			vc->vc_tab_stop[vc->vc_x >> 5] |= (1 << (vc->vc_x & 31));
++			vc->vc_tab_stop[7 & (vc->vc_x >> 5)] |= (1 << (vc->vc_x & 31));
+ 			return;
+ 		case 'Z':
+ 			respond_ID(tty);
+@@ -2024,7 +2024,7 @@ static void do_con_trol(struct tty_struc
+ 			return;
+ 		case 'g':
+ 			if (!vc->vc_par[0])
+-				vc->vc_tab_stop[vc->vc_x >> 5] &= ~(1 << (vc->vc_x & 31));
++				vc->vc_tab_stop[7 & (vc->vc_x >> 5)] &= ~(1 << (vc->vc_x & 31));
+ 			else if (vc->vc_par[0] == 3) {
+ 				vc->vc_tab_stop[0] =
+ 					vc->vc_tab_stop[1] =