From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 27 Mar 2018 07:32:44 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.15.14~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9de0c6d2086859a459f197c69060fb040fb5312a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index bad2dc9e162..5ed19166b09 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -35,3 +35,4 @@ tty-vt-fix-up-tabstops-properly.patch
 kvm-x86-fix-icebp-instruction-handling.patch
 x86-build-64-force-the-linker-to-use-2mb-page-size.patch
 x86-boot-64-verify-alignment-of-the-load-segment.patch
+x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
diff --git a/queue-4.4/x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch b/queue-4.4/x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
new file mode 100644
index 00000000000..6ac5d4b86c5
--- /dev/null
+++ b/queue-4.4/x86-entry-64-don-t-use-ist-entry-for-bp-stack.patch
@@ -0,0 +1,104 @@
+From d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Thu, 23 Jul 2015 15:37:48 -0700
+Subject: x86/entry/64: Don't use IST entry for #BP stack
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 upstream.
+
+There's nothing IST-worthy about #BP/int3.  We don't allow kprobes
+in the small handful of places in the kernel that run at CPL0 with
+an invalid stack, and 32-bit kernels have used normal interrupt
+gates for #BP forever.
+
+Furthermore, we don't allow kprobes in places that have usergs while
+in kernel mode, so "paranoid" is also unnecessary.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/entry/entry_64.S |    2 +-
+ arch/x86/kernel/traps.c   |   24 +++++++++++-------------
+ 2 files changed, 12 insertions(+), 14 deletions(-)
+
+--- a/arch/x86/entry/entry_64.S
++++ b/arch/x86/entry/entry_64.S
+@@ -1018,7 +1018,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTO
+ #endif /* CONFIG_HYPERV */
+ 
+ idtentry debug			do_debug		has_error_code=0	paranoid=1 shift_ist=DEBUG_STACK
+-idtentry int3			do_int3			has_error_code=0	paranoid=1 shift_ist=DEBUG_STACK
++idtentry int3			do_int3			has_error_code=0
+ idtentry stack_segment		do_stack_segment	has_error_code=1
+ 
+ #ifdef CONFIG_XEN
+--- a/arch/x86/kernel/traps.c
++++ b/arch/x86/kernel/traps.c
+@@ -480,7 +480,6 @@ do_general_protection(struct pt_regs *re
+ }
+ NOKPROBE_SYMBOL(do_general_protection);
+ 
+-/* May run on IST stack. */
+ dotraplinkage void notrace do_int3(struct pt_regs *regs, long error_code)
+ {
+ #ifdef CONFIG_DYNAMIC_FTRACE
+@@ -495,7 +494,15 @@ dotraplinkage void notrace do_int3(struc
+ 	if (poke_int3_handler(regs))
+ 		return;
+ 
++	/*
++	 * Use ist_enter despite the fact that we don't use an IST stack.
++	 * We can be called from a kprobe in non-CONTEXT_KERNEL kernel
++	 * mode or even during context tracking state changes.
++	 *
++	 * This means that we can't schedule.  That's okay.
++	 */
+ 	ist_enter(regs);
++
+ 	RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
+ #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP
+ 	if (kgdb_ll_trap(DIE_INT3, "int3", regs, error_code, X86_TRAP_BP,
+@@ -512,15 +519,9 @@ dotraplinkage void notrace do_int3(struc
+ 			SIGTRAP) == NOTIFY_STOP)
+ 		goto exit;
+ 
+-	/*
+-	 * Let others (NMI) know that the debug stack is in use
+-	 * as we may switch to the interrupt stack.
+-	 */
+-	debug_stack_usage_inc();
+ 	preempt_conditional_sti(regs);
+ 	do_trap(X86_TRAP_BP, SIGTRAP, "int3", regs, error_code, NULL);
+ 	preempt_conditional_cli(regs);
+-	debug_stack_usage_dec();
+ exit:
+ 	ist_exit(regs);
+ }
+@@ -886,19 +887,16 @@ void __init trap_init(void)
+ 	cpu_init();
+ 
+ 	/*
+-	 * X86_TRAP_DB and X86_TRAP_BP have been set
+-	 * in early_trap_init(). However, ITS works only after
+-	 * cpu_init() loads TSS. See comments in early_trap_init().
++	 * X86_TRAP_DB was installed in early_trap_init(). However,
++	 * IST works only after cpu_init() loads TSS. See comments
++	 * in early_trap_init().
+ 	 */
+ 	set_intr_gate_ist(X86_TRAP_DB, &debug, DEBUG_STACK);
+-	/* int3 can be called from all */
+-	set_system_intr_gate_ist(X86_TRAP_BP, &int3, DEBUG_STACK);
+ 
+ 	x86_init.irqs.trap_init();
+ 
+ #ifdef CONFIG_X86_64
+ 	memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16);
+ 	set_nmi_gate(X86_TRAP_DB, &debug);
+-	set_nmi_gate(X86_TRAP_BP, &int3);
+ #endif
+ }